From 96e4c18d20f75180f4c4c573c1e4cdb3e16e6bdc Mon Sep 17 00:00:00 2001
From: bdauvergne <bdauvergne@2a3a78c3-912c-0410-af21-e1fb2d1df599>
Date: Tue, 14 Dec 2010 10:03:51 +0000
Subject: [PATCH] [root] reset nameIDPolicy.spNameQualifier attribute when
 initializing the AuthnRequest

git-svn-id: svn://localhost/lasso-conform/trunk@44 2a3a78c3-912c-0410-af21-e1fb2d1df599
---
 lcs/root.ptl | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lcs/root.ptl b/lcs/root.ptl
index ef296b6..7257b0f 100644
--- a/lcs/root.ptl
+++ b/lcs/root.ptl
@@ -136,6 +136,8 @@ class RootDirectory(Directory):
         login.initAuthnRequest(None, lasso.HTTP_METHOD_SOAP)
         login.request.nameIDPolicy.format = lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT
         login.request.nameIDPolicy.allowCreate = True
+        # work around forced initialization in lasso
+        login.request.nameIDPolicy.spNameQualifier = None
         login.request.forceAuthn = False
         login.request.isPassive = False
         login.request.consent = 'urn:oasis:names:tc:SAML:2.0:consent:current-implicit'
@@ -374,6 +376,8 @@ class RootDirectory(Directory):
             login.request.protocolBinding = lasso.SAML2_METADATA_BINDING_POST
 
         login.request.nameIDPolicy.allowCreate = form.get_widget('allow_create').parse()
+        # work around forced initialization in lasso
+        login.request.nameIDPolicy.spNameQualifier = None
         login.request.forceAuthn = form.get_widget('force_authn').parse()
         login.request.isPassive = form.get_widget('is_passive').parse()