From 672a29f7301dc3b2b17080930b185990e6ed7ef2 Mon Sep 17 00:00:00 2001
From: Scott Koranda <skoranda@gmail.com>
Date: Fri, 2 Jun 2017 06:18:00 -0500
Subject: [PATCH] Fix for no Format in NameIDPolicy for SAML2 frontend

It is acceptable SAML2 to have an <AuthnRequest> with
a <NameIDPolicy> that includes the AllowCreate attribute but
that does not include the Format attribute. When the SAML2
frontend receives such a request it should default to the
metadata for the SP to determine which Format the SP requires.
Before this commit SATOSA would ignore the SP metadata in such
a case and use a transient format.
---
 src/satosa/frontends/saml2.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/satosa/frontends/saml2.py b/src/satosa/frontends/saml2.py
index f5b7f65e5..a87850afe 100644
--- a/src/satosa/frontends/saml2.py
+++ b/src/satosa/frontends/saml2.py
@@ -188,7 +188,7 @@ def _handle_authn_request(self, context, binding_in, idp):
         context.state[self.name] = self._create_state_data(context, idp.response_args(authn_req),
                                                            context.request.get("RelayState"))
 
-        if authn_req.name_id_policy:
+        if authn_req.name_id_policy and authn_req.name_id_policy.format:
             name_format = saml_name_id_format_to_hash_type(authn_req.name_id_policy.format)
         else:
             # default to name id format from metadata, or just transient name id