diff options
-rwxr-xr-x | ipsilon/providers/saml2/auth.py | 6 | ||||
-rwxr-xr-x | ipsilon/providers/saml2/provider.py | 5 |
2 files changed, 9 insertions, 2 deletions
diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py index 64d9835..7f92d77 100755 --- a/ipsilon/providers/saml2/auth.py +++ b/ipsilon/providers/saml2/auth.py @@ -170,9 +170,11 @@ class AuthenticateRequest(ProviderPageBase): nameid = None if nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT: - nameid = user.name ## TODO map to something else ? + ## TODO map to something else ? + nameid = provider.normalize_username(user.name) elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT: - nameid = user.name ## TODO map to something else ? + ## TODO map to something else ? + nameid = provider.normalize_username(user.name) elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS: nameid = us.get_data('user', 'krb_principal_name') elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_EMAIL: diff --git a/ipsilon/providers/saml2/provider.py b/ipsilon/providers/saml2/provider.py index c738ac2..acf2ee7 100755 --- a/ipsilon/providers/saml2/provider.py +++ b/ipsilon/providers/saml2/provider.py @@ -106,3 +106,8 @@ class ServiceProvider(object): def _debug(self, fact): if cherrypy.config.get('debug', False): cherrypy.log(fact) + + def normalize_username(self, username): + if 'strip domain' in self._properties: + return username.split('@', 1)[0] + return username |