allow a SP to use the configured name_id_format

author: Erick Tryzelaar <erickt@cloudera.com> 2014-11-05 17:14:11 -0800
committer: Erick Tryzelaar <erickt@cloudera.com> 2014-11-05 17:14:11 -0800
commit: e8a8183a5c7a975eaa6f52c6caff6ba61073c1dc (patch)
tree: 727592d0471e034cef5fd018b14414d0fab80f74
parent: 55b376efb23339a67508e4f779fd410ada8e6e0c (diff)
download: pysaml2-e8a8183a5c7a975eaa6f52c6caff6ba61073c1dc.tar.gz
2 files changed, 13 insertions, 8 deletions
diff --git a/src/saml2/client.py b/src/saml2/client.py
index 7f60b76f..ca83bf9a 100644
--- a/src/saml2/client.py
+++ b/src/saml2/client.py
@@ -22,7 +22,6 @@ from saml2.samlp import STATUS_REQUEST_DENIED
 from saml2.samlp import STATUS_UNKNOWN_PRINCIPAL
 from saml2.time_util import not_on_or_after
 from saml2.saml import AssertionIDRef
-from saml2.saml import NAMEID_FORMAT_PERSISTENT
 from saml2.client_base import Base
 from saml2.client_base import LogoutError
 from saml2.client_base import NoServiceDefined
@@ -44,7 +43,7 @@ class Saml2Client(Base):
 
     def prepare_for_authenticate(self, entityid=None, relay_state="",
                                  binding=saml2.BINDING_HTTP_REDIRECT, vorg="",
-                                 nameid_format=NAMEID_FORMAT_PERSISTENT,
+                                 nameid_format=None,
                                  scoping=None, consent=None, extensions=None,
                                  sign=None,
                                  response_binding=saml2.BINDING_HTTP_POST,
diff --git a/src/saml2/client_base.py b/src/saml2/client_base.py
index 793e3f71..5e026d0c 100644
--- a/src/saml2/client_base.py
+++ b/src/saml2/client_base.py
@@ -193,7 +193,7 @@ class Base(Entity):
 
     def create_authn_request(self, destination, vorg="", scoping=None,
                              binding=saml2.BINDING_HTTP_POST,
-                             nameid_format=NAMEID_FORMAT_TRANSIENT,
+                             nameid_format=None,
                              service_url_binding=None, message_id=0,
                              consent=None, extensions=None, sign=None,
                              allow_create=False, sign_prepare=False, **kwargs):
@@ -261,13 +261,19 @@ class Base(Entity):
             else:
                 allow_create = "false"
 
-            # Profile stuff, should be configurable
-            if nameid_format is None:
-                name_id_policy = samlp.NameIDPolicy(
-                    allow_create=allow_create, format=NAMEID_FORMAT_TRANSIENT)
-            elif nameid_format == "":
+            if nameid_format == "":
                 name_id_policy = None
             else:
+                if nameid_format is None:
+                    nameid_format = self.config.getattr("name_id_format", "sp")
+
+                    if nameid_format is None:
+                        nameid_format = NAMEID_FORMAT_TRANSIENT
+                    elif isinstance(nameid_format, list):
+                        # NameIDPolicy can only have one format specified
+                        nameid_format = nameid_format[0]
+
+
                 name_id_policy = samlp.NameIDPolicy(allow_create=allow_create,
                                                     format=nameid_format)
author	Erick Tryzelaar <erickt@cloudera.com>	2014-11-05 17:14:11 -0800
committer	Erick Tryzelaar <erickt@cloudera.com>	2014-11-05 17:14:11 -0800
commit	e8a8183a5c7a975eaa6f52c6caff6ba61073c1dc (patch)
tree	727592d0471e034cef5fd018b14414d0fab80f74
parent	55b376efb23339a67508e4f779fd410ada8e6e0c (diff)
download	pysaml2-e8a8183a5c7a975eaa6f52c6caff6ba61073c1dc.tar.gz