summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xipsilon/providers/saml2/auth.py6
-rwxr-xr-xipsilon/providers/saml2/provider.py5
2 files changed, 9 insertions, 2 deletions
diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py
index 64d9835..7f92d77 100755
--- a/ipsilon/providers/saml2/auth.py
+++ b/ipsilon/providers/saml2/auth.py
@@ -170,9 +170,11 @@ class AuthenticateRequest(ProviderPageBase):
nameid = None
if nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT:
- nameid = user.name ## TODO map to something else ?
+ ## TODO map to something else ?
+ nameid = provider.normalize_username(user.name)
elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT:
- nameid = user.name ## TODO map to something else ?
+ ## TODO map to something else ?
+ nameid = provider.normalize_username(user.name)
elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS:
nameid = us.get_data('user', 'krb_principal_name')
elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_EMAIL:
diff --git a/ipsilon/providers/saml2/provider.py b/ipsilon/providers/saml2/provider.py
index c738ac2..acf2ee7 100755
--- a/ipsilon/providers/saml2/provider.py
+++ b/ipsilon/providers/saml2/provider.py
@@ -106,3 +106,8 @@ class ServiceProvider(object):
def _debug(self, fact):
if cherrypy.config.get('debug', False):
cherrypy.log(fact)
+
+ def normalize_username(self, username):
+ if 'strip domain' in self._properties:
+ return username.split('@', 1)[0]
+ return username
generated by cgit (git 2.34.1) at 2024-06-17 06:58:26 +0000