allow a SP to use the configured name_id_format

2014-11-05 17:14:11 -08:00
parent 55b376efb2
commit e8a8183a5c
2 changed files with 13 additions and 8 deletions
--- a/src/saml2/client.py
+++ b/src/saml2/client.py
@@ -22,7 +22,6 @@ from saml2.samlp import STATUS_REQUEST_DENIED
 from saml2.samlp import STATUS_UNKNOWN_PRINCIPAL
 from saml2.time_util import not_on_or_after
 from saml2.saml import AssertionIDRef
-from saml2.saml import NAMEID_FORMAT_PERSISTENT
 from saml2.client_base import Base
 from saml2.client_base import LogoutError
 from saml2.client_base import NoServiceDefined
@@ -44,7 +43,7 @@ class Saml2Client(Base):

    def prepare_for_authenticate(self, entityid=None, relay_state="",
                                 binding=saml2.BINDING_HTTP_REDIRECT, vorg="",
-                                 nameid_format=NAMEID_FORMAT_PERSISTENT,
+                                 nameid_format=None,
                                 scoping=None, consent=None, extensions=None,
                                 sign=None,
                                 response_binding=saml2.BINDING_HTTP_POST,
--- a/src/saml2/client_base.py
+++ b/src/saml2/client_base.py
@@ -193,7 +193,7 @@ class Base(Entity):

    def create_authn_request(self, destination, vorg="", scoping=None,
                             binding=saml2.BINDING_HTTP_POST,
-                             nameid_format=NAMEID_FORMAT_TRANSIENT,
+                             nameid_format=None,
                             service_url_binding=None, message_id=0,
                             consent=None, extensions=None, sign=None,
                             allow_create=False, sign_prepare=False, **kwargs):
@@ -261,13 +261,19 @@ class Base(Entity):
            else:
                allow_create = "false"

-            # Profile stuff, should be configurable
-            if nameid_format is None:
-                name_id_policy = samlp.NameIDPolicy(
-                    allow_create=allow_create, format=NAMEID_FORMAT_TRANSIENT)
-            elif nameid_format == "":
+            if nameid_format == "":
                name_id_policy = None
            else:
+                if nameid_format is None:
+                    nameid_format = self.config.getattr("name_id_format", "sp")
+
+                    if nameid_format is None:
+                        nameid_format = NAMEID_FORMAT_TRANSIENT
+                    elif isinstance(nameid_format, list):
+                        # NameIDPolicy can only have one format specified
+                        nameid_format = nameid_format[0]
+
+
                name_id_policy = samlp.NameIDPolicy(allow_create=allow_create,
                                                    format=nameid_format)