self._debug("Replacing %s: %s -> %s" % (key,
self.sp.default_nameid,
value))
+ if not self.sp.is_valid_nameid(value):
+ raise InvalidValueFormat('Invalid default nameid value')
return {'default_nameid': value}
else:
raise UnauthorizedUser("Unauthorized to set default nameid value")
self._debug("Replacing %s: %s -> %s" % (key,
self.sp.allowed_nameids,
list(v)))
+ for x in v:
+ if not self.sp.is_valid_nameid(x):
+ l = ', '.join(self.sp.valid_nameids())
+ err = 'Invalid nameid [%s]. Available [%s].' % (x, l)
+ raise InvalidValueFormat(err)
return {'allowed_nameids': list(v)}
else:
raise UnauthorizedUser("Unauthorized to set alowed nameids values")
return username.split('@', 1)[0]
return username
+ def is_valid_nameid(self, value):
+ if value in SAML2_NAMEID_MAP:
+ return True
+ return False
+
+ def valid_nameids(self):
+ return SAML2_NAMEID_MAP.keys()
+
class ServiceProviderCreator(object):