@@ -349,57 +349,43 @@ def create_authn_request(self, destination, vorg="", scoping=None,
349349 else :
350350 raise ValueError ("Wrong type for param {name}" .format (name = param ))
351351
352- try :
353- args [ "name_id_policy" ] = kwargs [ "name_id_policy" ]
354- del kwargs [ "name_id_policy" ]
355- except KeyError :
356- if allow_create is None :
357- allow_create = self . config . getattr ( "name_id_format_allow_create" , "sp" )
358- if allow_create is None :
359- allow_create = "false"
360- else :
361- if allow_create is True :
362- allow_create = "true"
363- else :
364- allow_create = "false"
352+ # NameIDPolicy
353+ nameid_format_config = self . config . getattr ( "name_id_format" , "sp" )
354+ nameid_format = (
355+ nameid_format
356+ if nameid_format is not None
357+ else NAMEID_FORMAT_TRANSIENT
358+ if nameid_format_config is None
359+ else nameid_format_config [ 0 ]
360+ if isinstance ( nameid_format_config , list )
361+ else None
362+ if nameid_format == 'None'
363+ else nameid_format_config
364+ )
365365
366- if nameid_format == "" :
367- name_id_policy = None
368- else :
369- if nameid_format is None :
370- nameid_format = self .config .getattr ("name_id_format" , "sp" )
371-
372- # If no nameid_format has been set in the configuration
373- # or passed in then transient is the default.
374- if nameid_format is None :
375- # SAML 2.0 errata says AllowCreate MUST NOT be used for
376- # transient ids - to make a conservative change this is
377- # only applied for the default cause
378- allow_create = None
379- nameid_format = NAMEID_FORMAT_TRANSIENT
380-
381- # If a list has been configured or passed in choose the
382- # first since NameIDPolicy can only have one format specified.
383- elif isinstance (nameid_format , list ):
384- nameid_format = nameid_format [0 ]
385-
386- # Allow a deployer to signal that no format should be specified
387- # in the NameIDPolicy by passing in or configuring the string 'None'.
388- elif nameid_format == 'None' :
389- nameid_format = None
390-
391- name_id_policy = samlp .NameIDPolicy (allow_create = allow_create ,
392- format = nameid_format )
393-
394- if name_id_policy and vorg :
395- try :
396- name_id_policy .sp_name_qualifier = vorg
397- name_id_policy .format = saml .NAMEID_FORMAT_PERSISTENT
398- except KeyError :
399- pass
400- args ["name_id_policy" ] = name_id_policy
366+ allow_create_config = self .config .getattr ("name_id_format_allow_create" , "sp" )
367+ allow_create = (
368+ None
369+ # SAML 2.0 errata says AllowCreate MUST NOT be used for transient ids
370+ if nameid_format == NAMEID_FORMAT_TRANSIENT
371+ else allow_create
372+ if allow_create is not None
373+ else str (bool (allow_create_config )).lower ()
374+ )
401375
402- nsprefix = kwargs .get ("nsprefix" )
376+ name_id_policy = (
377+ kwargs .pop ("name_id_policy" , None )
378+ if "name_id_policy" in kwargs
379+ else None
380+ if nameid_format == ""
381+ else samlp .NameIDPolicy (allow_create = allow_create , format = nameid_format )
382+ )
383+
384+ if name_id_policy and vorg :
385+ name_id_policy .sp_name_qualifier = vorg
386+ name_id_policy .format = saml .NAMEID_FORMAT_PERSISTENT
387+
388+ args ["name_id_policy" ] = name_id_policy
403389
404390 conf_sp_type = self .config .getattr ('sp_type' , 'sp' )
405391 conf_sp_type_in_md = self .config .getattr ('sp_type_in_metadata' , 'sp' )
0 commit comments