X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=blobdiff_plain;f=ipsilon%2Fproviders%2Fsaml2%2Fauth.py;h=955f01f9e246e641a98c6ad435401741c32db97a;hp=9d796c5fb27d3e5d5b1179889ca7cd7c9e3595fa;hb=51f2e1822ce32983c52435185afb5f803d3d150a;hpb=768e7740d5a37b34794b5bdc823a13c55a4cc9b7

diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py
index 9d796c5..955f01f 100755
--- a/ipsilon/providers/saml2/auth.py
+++ b/ipsilon/providers/saml2/auth.py
@@ -159,7 +159,8 @@ class AuthenticateRequest(ProviderPageBase):
         authtime_notbefore = authtime - skew
         authtime_notafter = authtime + skew
 
-        user = UserSession().get_user()
+        us = UserSession()
+        user = us.get_user()
 
         # TODO: get authentication type fnd name format from session
         # need to save which login manager authenticated and map it to a
@@ -178,6 +179,8 @@ class AuthenticateRequest(ProviderPageBase):
             nameid = user.name  ## TODO map to something else ?
         elif self.nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT:
             nameid = user.name  ## TODO map to something else ?
+        elif self.nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS:
+            nameid = us.get_data('user', 'krb_principal_name')
 
         if nameid:
             login.assertion.subject.nameId.format = self.nameidfmt