+ nameid = None
+ if self.nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT:
+ nameid = user.name ## TODO map to something else ?
+ elif self.nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT:
+ nameid = user.name ## TODO map to something else ?
+
+ if nameid:
+ login.assertion.subject.nameId.format = self.nameidfmt
+ login.assertion.subject.nameId.content = nameid
+ else:
+ raise AuthenticationError("Unavailable Name ID type",
+ lasso.SAML2_STATUS_CODE_AUTHN_FAILED)
+
+ # TODO: add user attributes as policy requires taking from 'usersession'
+
+ def saml2error(self, login, code, message):
+ status = lasso.Samlp2Status()
+ status.statusCode = lasso.Samlp2StatusCode()
+ status.statusCode.value = lasso.SAML2_STATUS_CODE_RESPONDER
+ status.statusCode.statusCode = lasso.Samlp2StatusCode()
+ status.statusCode.statusCode.value = code
+ login.response.status = status