[root] reset nameIDPolicy.spNameQualifier attribute when initializing the AuthnRequest

git-svn-id: svn://localhost/lasso-conform/trunk@44 2a3a78c3-912c-0410-af21-e1fb2d1df599

lcs/root.ptl

@@ -136,6 +136,8 @@ class RootDirectory(Directory):
         login.initAuthnRequest(None, lasso.HTTP_METHOD_SOAP)
         login.request.nameIDPolicy.format = lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT
         login.request.nameIDPolicy.allowCreate = True
+        # work around forced initialization in lasso
+        login.request.nameIDPolicy.spNameQualifier = None
         login.request.forceAuthn = False
         login.request.isPassive = False
         login.request.consent = 'urn:oasis:names:tc:SAML:2.0:consent:current-implicit'
@@ -374,6 +376,8 @@ class RootDirectory(Directory):
             login.request.protocolBinding = lasso.SAML2_METADATA_BINDING_POST
 
         login.request.nameIDPolicy.allowCreate = form.get_widget('allow_create').parse()
+        # work around forced initialization in lasso
+        login.request.nameIDPolicy.spNameQualifier = None
         login.request.forceAuthn = form.get_widget('force_authn').parse()
         login.request.isPassive = form.get_widget('is_passive').parse()