diff options
-rw-r--r-- | ipsilon/providers/saml2/auth.py | 2 | ||||
-rw-r--r-- | ipsilon/providers/saml2/provider.py | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py index 4bfbc1a..d895f43 100644 --- a/ipsilon/providers/saml2/auth.py +++ b/ipsilon/providers/saml2/auth.py @@ -202,6 +202,8 @@ class AuthenticateRequest(ProviderPageBase): nameid = us.get_user().email if not nameid: nameid = '%s@%s' % (user.name, self.cfg.default_email_domain) + elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED: + nameid = provider.normalize_username(user.name) if nameid: login.assertion.subject.nameId.format = nameidfmt diff --git a/ipsilon/providers/saml2/provider.py b/ipsilon/providers/saml2/provider.py index c02d6fb..4439a0d 100644 --- a/ipsilon/providers/saml2/provider.py +++ b/ipsilon/providers/saml2/provider.py @@ -116,8 +116,6 @@ class ServiceProvider(Log): self._debug('Requested NameId [%s]' % (nip.format,)) if nip.format is None: return SAML2_NAMEID_MAP[self.default_nameid] - elif nip.format == lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED: - return SAML2_NAMEID_MAP[self.default_nameid] else: allowed = self.allowed_nameids self._debug('Allowed NameIds %s' % (repr(allowed))) |