Improve SAML support

Accept IdP EntityID to use when metadata contains more than one IdP.
Allow specifying attribute names to get given name, surname, and email address.
Allow specifying NameIDFormat to request.
Allow specifying whether to get username from a named attribute, or NameID.
Allow getting administrator state from attribute.

app/lib/utils.py

@@ -19,7 +19,7 @@ if app.config['SAML_ENABLED']:
     from onelogin.saml2.idp_metadata_parser import OneLogin_Saml2_IdPMetadataParser
     idp_timestamp = datetime(1970, 1, 1)
     idp_data = None
-    idp_data = OneLogin_Saml2_IdPMetadataParser.parse_remote(app.config['SAML_METADATA_URL'])
+    idp_data = OneLogin_Saml2_IdPMetadataParser.parse_remote(app.config['SAML_METADATA_URL'], entity_id=app.config.get('SAML_IDP_ENTITY_ID', None))
     if idp_data is None:
         print('SAML: IDP Metadata initial load failed')
         exit(-1)
@@ -37,7 +37,7 @@ def get_idp_data():
 
 def retreive_idp_data():
     global idp_data, idp_timestamp
-    new_idp_data = OneLogin_Saml2_IdPMetadataParser.parse_remote(app.config['SAML_METADATA_URL'])
+    new_idp_data = OneLogin_Saml2_IdPMetadataParser.parse_remote(app.config['SAML_METADATA_URL'], entity_id=app.config.get('SAML_IDP_ENTITY_ID', None))
     if new_idp_data is not None:
         idp_data = new_idp_data
         idp_timestamp = datetime.now()
@@ -205,7 +205,7 @@ def email_to_gravatar_url(email="", size=100):
 
 def prepare_flask_request(request):
     # If server is behind proxys or balancers use the HTTP_X_FORWARDED fields
-    url_data = urlparse.urlparse(request.url)
+    url_data = urlparse(request.url)
     return {
         'https': 'on' if request.scheme == 'https' else 'off',
         'http_host': request.host,
@@ -229,7 +229,10 @@ def init_saml_auth(req):
     metadata = get_idp_data()
     settings = {}
     settings['sp'] = {}
-    settings['sp']['NameIDFormat'] = idp_data['sp']['NameIDFormat']
+    if 'SAML_NAMEID_FORMAT' in app.config:
+      settings['sp']['NameIDFormat'] = app.config['SAML_NAMEID_FORMAT']
+    else:
+        settings['sp']['NameIDFormat'] = idp_data.get('sp', {}).get('NameIDFormat', 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified')
     settings['sp']['entityId'] = app.config['SAML_SP_ENTITY_ID']
     cert = open(CERT_FILE, "r").readlines()
     key = open(KEY_FILE, "r").readlines()
@@ -275,4 +278,4 @@ def init_saml_auth(req):
     settings['organization']['en-US']['name'] = 'PowerDNS-Admin'
     settings['organization']['en-US']['url'] = own_url
     auth = OneLogin_Saml2_Auth(req, settings)
-    return auth
+    return auth