Add a way to return the email address of the user

author Simo Sorce <simo@redhat.com>

Sun, 2 Mar 2014 23:09:27 +0000 (18:09 -0500)

committer Simo Sorce <simo@redhat.com>

Sun, 2 Mar 2014 23:13:01 +0000 (18:13 -0500)
author Simo Sorce <simo@redhat.com>
Sun, 2 Mar 2014 23:09:27 +0000 (18:09 -0500)
committer Simo Sorce <simo@redhat.com>
Sun, 2 Mar 2014 23:13:01 +0000 (18:13 -0500)
diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py

index 955f01f..3d63deb 100755 (executable)
--- a/ipsilon/providers/saml2/auth.py
+++ b/ipsilon/providers/saml2/auth.py
@@ -181,6 +181,10 @@ class AuthenticateRequest(ProviderPageBase):
              nameid = user.name  ## TODO map to something else ?
          elif self.nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS:
              nameid = us.get_data('user', 'krb_principal_name')
+        elif self.nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_EMAIL:
+            nameid = us.get_user().email
+            if not nameid:
+                nameid = '%s@%s' % (user.name, self.cfg.default_email_domain)
  
          if nameid:
              login.assertion.subject.nameId.format = self.nameidfmt
diff --git a/ipsilon/providers/saml2idp.py b/ipsilon/providers/saml2idp.py

index 0fcbe67..9cf3ed6 100755 (executable)
--- a/ipsilon/providers/saml2idp.py
+++ b/ipsilon/providers/saml2idp.py
@@ -172,6 +172,11 @@ Provides SAML 2.0 authentication infrastructure. """
                  """Default NameID used by Service Providers. """,
                  'string',
                  'persistent'
+            ],
+            'default email domain': [
+                """Default email domain, for users missing email property.""",
+                'string',
+                'example.com'
              ]
          }
  
@@ -206,6 +211,10 @@ Provides SAML 2.0 authentication infrastructure. """
      def default_nameid(self):
          return self.get_config_value('default nameid')
  
+    @property
+    def default_email_domain(self):
+        return self.get_config_value('default email domain')
+
      def get_tree(self, site):
          self.page = SAML2(site, self)
          return self.page
diff --git a/ipsilon/util/user.py b/ipsilon/util/user.py

index 72c5041..ea0b974 100755 (executable)
--- a/ipsilon/util/user.py
+++ b/ipsilon/util/user.py
@@ -76,6 +76,13 @@ class User(object):
      def fullname(self, value):
          self._userdata['fullname'] = value
  
+    @property
+    def email(self):
+        if 'email' in self._userdata:
+            return self._userdata['email']
+        else:
+            return None
+
      @property
      def sites(self):
          if 'sites' in self._userdata:
author	Simo Sorce <simo@redhat.com>
	Sun, 2 Mar 2014 23:09:27 +0000 (18:09 -0500)
committer	Simo Sorce <simo@redhat.com>
	Sun, 2 Mar 2014 23:13:01 +0000 (18:13 -0500)
ipsilon/providers/saml2/auth.py		patch \| blob \| history
ipsilon/providers/saml2idp.py		patch \| blob \| history
ipsilon/util/user.py		patch \| blob \| history