This allows to return (hopefully) the same name whether the user
authenticated via ESSO or form based authentication.
Crude for now, may be augmented with some regex configuration in the future.
Signed-off-by: Simo Sorce <simo@redhat.com>
nameid = None
if nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT:
nameid = None
if nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT:
- nameid = user.name ## TODO map to something else ?
+ ## TODO map to something else ?
+ nameid = provider.normalize_username(user.name)
elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT:
elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT:
- nameid = user.name ## TODO map to something else ?
+ ## TODO map to something else ?
+ nameid = provider.normalize_username(user.name)
elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS:
nameid = us.get_data('user', 'krb_principal_name')
elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_EMAIL:
elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS:
nameid = us.get_data('user', 'krb_principal_name')
elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_EMAIL:
def _debug(self, fact):
if cherrypy.config.get('debug', False):
cherrypy.log(fact)
def _debug(self, fact):
if cherrypy.config.get('debug', False):
cherrypy.log(fact)
+
+ def normalize_username(self, username):
+ if 'strip domain' in self._properties:
+ return username.split('@', 1)[0]
+ return username