Ipsilon requires a NameIDPolicy in the SAML Login request but it is optional per the SAML 2.0 spec in section 220.127.116.11.
This is causing a login from salesforce.com to fail because it doesn't provide a Subject at all (which is also optional).
Ok, so this is two bugs in: ipsilon/providers/saml2/provider.py
The first bug is that the debug statement comes before the None check.
The second is that 'if nip.format is None:' should be 'if nip is None or nip.format is None':
And the debugging moved into the conditional.
owner: => rcritten
status: new => accepted
patch_available: 0 => 1
resolution: => fixed
status: accepted => closed
Metadata Update from @rcritten:
- Issue assigned to rcritten
- Issue set to the milestone: 1.2
to comment on this ticket.