No shared state IdP with external user directory¶

• We start with the SAML 2.0 IdP
• We first added a deterministic NameID generation mode, by adding a new NameID format setting, called eduPersonTargetedId. In this mode the NameID is computed as hex(sha1(username+entity_id+django_secret_key)).
• Next step is to define a a deterministic way of generating Session Indexes as hex(sha1(NameID+django_session_key)). Lasso is automatically generating a session index when the service provider has a logout endpoint, a session should be generated using the deterministic algorimth (after the call to lasso_login_build_assertion) only if Lasso has also set one.
• Final step will be to store the list of SP for which a session is open in the django session and not in models, method to modify are saml.common.load_session and saml.common.save_session. Session index should only be saved if there is one.