From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 24 Aug 2015 17:42:19 +0000 (+0000)
Subject: Log a message when authentication is successful but doesn't
X-Git-Tag: v1.1.0~39
X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=commitdiff_plain;h=ea3a3c63719961c66b7b45cd7cfee51cf4bd5f6d

Log a message when authentication is successful but doesn't

match the NameID required by the SAML request.

https://fedorahosted.org/ipsilon/ticket/157

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---

diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py
index d856220..5412240 100644
--- a/ipsilon/providers/saml2/auth.py
+++ b/ipsilon/providers/saml2/auth.py
@@ -211,6 +211,8 @@ class AuthenticateRequest(ProviderPageBase):
             login.assertion.subject.nameId.content = nameid
         else:
             self.trans.wipe()
+            self.error('Authentication succeeded but it was not ' +
+                       'provided by NameID %s' % nameidfmt)
             raise AuthenticationError("Unavailable Name ID type",
                                       lasso.SAML2_STATUS_CODE_AUTHN_FAILED)