Set AllowCreate flag on emitted AuthnRequest

2014-11-17 17:35:36 +01:00 · 2014-11-17 17:35:36 +01:00 · 9a2caa3a6a
parent 99341f910e
commit 9a2caa3a6a
2 changed files with 6 additions and 1 deletions
--- a/mellon/app_settings.py
+++ b/mellon/app_settings.py
@ -9,6 +9,7 @@ class AppSettings(object):
            'PRIVATE_KEY_PASSWORD': None,
            'NAME_ID_FORMATS': (),
            'NAME_ID_POLICY_FORMAT': None,
+            'NAME_ID_POLICY_ALLOW_CREATE': True,
            'FORCE_AUTHN': False,
            'ADAPTER': (
                'mellon.adapters.DefaultAdapter',
--- a/mellon/views.py
+++ b/mellon/views.py
@ -145,7 +145,11 @@ class LoginView(View):
            authn_request = login.request
            # configure NameID policy
            policy = authn_request.nameIdPolicy
-            policy_format = idp.get('NAME_ID_POLICY_FORMAT') or app_settings.NAME_ID_POLICY_FORMAT
+            policy.allowCreate = \
+                    (idp.get('NAME_ID_POLICY_ALLOW_CREATE') or \
+                    app_settings.NAME_ID_POLICY_ALLOW_CREATE) and True
+            policy_format = idp.get('NAME_ID_POLICY_FORMAT') \
+                    or app_settings.NAME_ID_POLICY_FORMAT
            policy.format = policy_format or None
            force_authn = idp.get('FORCE_AUTHN') or app_settings.FORCE_AUTHN
            if force_authn: