From 4c87d36f61c46e5aebf57400886ec6c2c415bac4 Mon Sep 17 00:00:00 2001
From: Art Lukyanchyk <artiom.lukyanchyk@hs-hannover.de>
Date: Fri, 25 Jan 2019 16:58:14 +0100
Subject: [PATCH] Change NameID format to transient (persistent was never used
 anyway)

---
 ssoauth/app_settings/__init__.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ssoauth/app_settings/__init__.py b/ssoauth/app_settings/__init__.py
index a37efc2..6de60b5 100644
--- a/ssoauth/app_settings/__init__.py
+++ b/ssoauth/app_settings/__init__.py
@@ -1,6 +1,7 @@
 from django import conf
 from datetime import datetime, timedelta
 from onelogin.saml2 import settings as onelogin_settings
+from onelogin.saml2.constants import OneLogin_Saml2_Constants as onelogin_constants
 import sys
 from .defaults import *
 
@@ -37,7 +38,7 @@ ONELOGIN_SETTINGS_TEMPLATE = {
         },
         "x509cert": _SET_ON_RUNTIME,
         "privateKey": _SET_ON_RUNTIME,
-        "NameIDFormat": onelogin_settings.OneLogin_Saml2_Constants.NAMEID_PERSISTENT,  # otherwise Shibboleth shows warnings
+        "NameIDFormat": onelogin_constants.NAMEID_TRANSIENT,
     },
     "idp": {
         "entityId": IDP_META_URL,
@@ -63,7 +64,7 @@ ONELOGIN_SETTINGS_TEMPLATE = {
         "signMetadata": True,
         "wantMessagesSigned": True,
         "wantAssertionsSigned": True,
-        "wantNameId": True,
+        "wantNameId": False,  # set to True for SLO support (Single Log Out)
         "wantNameIdEncrypted": False,
         "wantAssertionsEncrypted": True,
         "signatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512",
-- 
GitLab