Merge pull request #415 from skoranda/name_id_format_none

rohe · web-flow · commit 63d316554075 · 2017-05-30T09:01:23.000+02:00
Enable deployer to signal no name format in authn request
diff --git a/src/saml2/client_base.py b/src/saml2/client_base.py
@@ -304,12 +304,21 @@ def create_authn_request(self, destination, vorg="", scoping=None,
                 if nameid_format is None:
                     nameid_format = self.config.getattr("name_id_format", "sp")
 
+                    # If no nameid_format has been set in the configuration
+                    # or passed in then transient is the default.
                     if nameid_format is None:
                         nameid_format = NAMEID_FORMAT_TRANSIENT
+
+                    # If a list has been configured or passed in choose the
+                    # first since NameIDPolicy can only have one format specified.
                     elif isinstance(nameid_format, list):
-                        # NameIDPolicy can only have one format specified
                         nameid_format = nameid_format[0]
 
+                    # Allow a deployer to signal that no format should be specified
+                    # in the NameIDPolicy by passing in or configuring the string 'None'.
+                    elif nameid_format == 'None':
+                        nameid_format = None
+
                 name_id_policy = samlp.NameIDPolicy(allow_create=allow_create,
                                                     format=nameid_format)
 
