projects / cascardo / ipsilon.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Implement urn:oasis:names:tc:SAML:2.0:nameid-format:transient
[cascardo/ipsilon.git] / ipsilon / providers / saml2 / auth.py
diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py
index f5e8f0f..71bfc9a 100644 (file)
--- a/ipsilon/providers/saml2/auth.py
+++ b/ipsilon/providers/saml2/auth.py
@@ -27,6 +27,7 @@ from ipsilon.util.trans import Transaction
 import cherrypy
 import datetime
 import lasso
 import cherrypy
 import datetime
 import lasso
+import uuid
 
 
 class UnknownProvider(ProviderException):
 
 
 class UnknownProvider(ProviderException):
@@ -185,8 +186,7 @@ class AuthenticateRequest(ProviderPageBase):
             # TODO map to something else ?
             nameid = provider.normalize_username(user.name)
         elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT:
             # TODO map to something else ?
             nameid = provider.normalize_username(user.name)
         elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT:
-            # TODO map to something else ?
-            nameid = provider.normalize_username(user.name)
+            nameid = '_' + uuid.uuid4().hex
         elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS:
             nameid = us.get_data('user', 'krb_principal_name')
         elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_EMAIL:
         elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS:
             nameid = us.get_data('user', 'krb_principal_name')
         elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_EMAIL:
Unnamed repository; edit this file 'description' to name the repository.