allow a SP to use the configured name_id_format

Erick Tryzelaar · Erick Tryzelaar · commit e8a8183a5c7a · 2014-11-05T17:14:11.000-08:00
diff --git a/src/saml2/client.py b/src/saml2/client.py
@@ -22,7 +22,6 @@
 from saml2.samlp import STATUS_UNKNOWN_PRINCIPAL
 from saml2.time_util import not_on_or_after
 from saml2.saml import AssertionIDRef
-from saml2.saml import NAMEID_FORMAT_PERSISTENT
 from saml2.client_base import Base
 from saml2.client_base import LogoutError
 from saml2.client_base import NoServiceDefined
@@ -44,7 +43,7 @@ class Saml2Client(Base):
 
     def prepare_for_authenticate(self, entityid=None, relay_state="",
                                  binding=saml2.BINDING_HTTP_REDIRECT, vorg="",
-                                 nameid_format=NAMEID_FORMAT_PERSISTENT,
+                                 nameid_format=None,
                                  scoping=None, consent=None, extensions=None,
                                  sign=None,
                                  response_binding=saml2.BINDING_HTTP_POST,
diff --git a/src/saml2/client_base.py b/src/saml2/client_base.py
@@ -193,7 +193,7 @@ def service_urls(self, binding=BINDING_HTTP_POST):
 
     def create_authn_request(self, destination, vorg="", scoping=None,
                              binding=saml2.BINDING_HTTP_POST,
-                             nameid_format=NAMEID_FORMAT_TRANSIENT,
+                             nameid_format=None,
                              service_url_binding=None, message_id=0,
                              consent=None, extensions=None, sign=None,
                              allow_create=False, sign_prepare=False, **kwargs):
@@ -261,13 +261,19 @@ def create_authn_request(self, destination, vorg="", scoping=None,
             else:
                 allow_create = "false"
 
-            # Profile stuff, should be configurable
-            if nameid_format is None:
-                name_id_policy = samlp.NameIDPolicy(
-                    allow_create=allow_create, format=NAMEID_FORMAT_TRANSIENT)
-            elif nameid_format == "":
+            if nameid_format == "":
                 name_id_policy = None
             else:
+                if nameid_format is None:
+                    nameid_format = self.config.getattr("name_id_format", "sp")
+
+                    if nameid_format is None:
+                        nameid_format = NAMEID_FORMAT_TRANSIENT
+                    elif isinstance(nameid_format, list):
+                        # NameIDPolicy can only have one format specified
+                        nameid_format = nameid_format[0]
+
+
                 name_id_policy = samlp.NameIDPolicy(allow_create=allow_create,
                                                     format=nameid_format)
 
