From 161a5cbd4bc15a8d6481a95d4271ddfb214233f5 Mon Sep 17 00:00:00 2001
From: Fredrik Thulin <fredrik@thulin.net>
Date: Wed, 8 May 2019 16:37:43 +0200
Subject: Look for existing persistent id's before creating new ones.

---
 src/saml2/ident.py | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/saml2/ident.py b/src/saml2/ident.py
index db8365bc..f24c0390 100644
--- a/src/saml2/ident.py
+++ b/src/saml2/ident.py
@@ -155,6 +155,14 @@ class IdentDB(object):
             pass
 
     def get_nameid(self, userid, nformat, sp_name_qualifier, name_qualifier):
+        if nformat == NAMEID_FORMAT_PERSISTENT:
+            nameid = self.match_local_id(userid, sp_name_qualifier,
+                                         name_qualifier)
+            if nameid:
+                logger.debug("Found existing persistent NameId %s "
+                             "for user %s" % (nameid, userid))
+                return nameid
+
         _id = self.create_id(nformat, name_qualifier, sp_name_qualifier)
 
         if nformat == NAMEID_FORMAT_EMAILADDRESS:
@@ -163,9 +171,6 @@ class IdentDB(object):
 
             _id = "%s@%s" % (_id, self.domain)
 
-        # if nformat == NAMEID_FORMAT_PERSISTENT:
-        #     _id = userid
-
         nameid = NameID(format=nformat, sp_name_qualifier=sp_name_qualifier,
                         name_qualifier=name_qualifier, text=_id)
 
-- 
cgit v1.2.1