From ea3d5f0b4362c9be69a3f9dd0f98ad4f507c3cd5 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Wed, 17 Jun 2015 21:16:23 +0200
Subject: [PATCH] Do not unconditionnaly dump the NameIDPolicy node as it is
 optional (fixes #7612)

---
 src/authentic2/idp/saml/saml2_endpoints.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/authentic2/idp/saml/saml2_endpoints.py b/src/authentic2/idp/saml/saml2_endpoints.py
index a93a650..e74d71a 100644
--- a/src/authentic2/idp/saml/saml2_endpoints.py
+++ b/src/authentic2/idp/saml/saml2_endpoints.py
@@ -500,10 +500,10 @@ def sso(request):
                 AUTHENTIC_STATUS_CODE_MISSING_DESTINATION)
     # Check NameIDPolicy or force the NameIDPolicy
     name_id_policy = login.request.nameIdPolicy
-    logger.debug('nameID policy is %s' % name_id_policy.dump())
-    if name_id_policy.format and \
+    if name_id_policy and name_id_policy.format and \
             name_id_policy.format != \
                 lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED:
+        logger.debug('nameID policy is %s' % name_id_policy.dump())
         nid_format = saml2_urn_to_nidformat(name_id_policy.format,
             accepted=policy.accepted_name_id_format)
         logger.debug('nameID format %s' % nid_format)
-- 
2.1.4