From: Rob Crittenden <rcritten@redhat.com>
Date: Wed, 18 Mar 2015 14:16:38 +0000 (-0400)
Subject: Implement urn:oasis:names:tc:SAML:2.0:nameid-format:transient
X-Git-Tag: v0.5.0~10
X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=commitdiff_plain;h=2ab0852570e3e18dfd7d959ae7c3bd62ea33dcca

Implement urn:oasis:names:tc:SAML:2.0:nameid-format:transient

NameQualifier and SPNameQualifier are optional and are not included.

https://fedorahosted.org/ipsilon/ticket/27

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
---

diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py
index f5e8f0f..71bfc9a 100644
--- a/ipsilon/providers/saml2/auth.py
+++ b/ipsilon/providers/saml2/auth.py
@@ -27,6 +27,7 @@ from ipsilon.util.trans import Transaction
 import cherrypy
 import datetime
 import lasso
+import uuid
 
 
 class UnknownProvider(ProviderException):
@@ -185,8 +186,7 @@ class AuthenticateRequest(ProviderPageBase):
             # TODO map to something else ?
             nameid = provider.normalize_username(user.name)
         elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT:
-            # TODO map to something else ?
-            nameid = provider.normalize_username(user.name)
+            nameid = '_' + uuid.uuid4().hex
         elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS:
             nameid = us.get_data('user', 'krb_principal_name')
         elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_EMAIL: