From c40ba8d17781bd279b6396c7a7fd3213b36aa4d9 Mon Sep 17 00:00:00 2001
From: Andreas Richter <Andy.Richter@brige-way.com>
Date: Wed, 16 Apr 2014 10:34:38 -0400
Subject: [PATCH] SAML Authenticate not recognizing sessioninfo during initial
 authentication.

---
 src/s2repoze/plugins/sp.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/s2repoze/plugins/sp.py b/src/s2repoze/plugins/sp.py
index 56a1089..5bd7897 100644
--- a/src/s2repoze/plugins/sp.py
+++ b/src/s2repoze/plugins/sp.py
@@ -490,7 +490,7 @@ class SAML2Plugin(object):
         if ("CONTENT_LENGTH" not in environ or not environ["CONTENT_LENGTH"]) and \
                         "SAMLResponse" not in query and "SAMLRequest" not in query:
             logger.debug('[identify] get or empty post')
-            return {}
+            return None
         
         # if logger:
         #     logger.info("ENVIRON: %s" % environ)
@@ -652,6 +652,8 @@ class SAML2Plugin(object):
     #noinspection PyUnusedLocal
     def authenticate(self, environ, identity=None):
         if identity:
+            if identity.get('user') and environ.get('s2repoze.sessioninfo') and identity.get('user') == environ.get('s2repoze.sessioninfo').get('ava'):
+                return identity.get('login')
             tktuser = identity.get('repoze.who.plugins.auth_tkt.userid', None)
             if tktuser and self.saml_client.is_logged_in(decode(tktuser)):
                 return tktuser