providers/saml: change default NameID Format to emailAddress
This commit is contained in:
Jens Langhammer
parent
84fc54ddaa
commit
027a64fad2
|
|
@ -40,7 +40,7 @@ class Processor:
|
||||||
@property
|
@property
|
||||||
def subject_format(self) -> str:
|
def subject_format(self) -> str:
|
||||||
"""Get subject Format"""
|
"""Get subject Format"""
|
||||||
return "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
|
return "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
|
||||||
|
|
||||||
def __init__(self, remote: "SAMLProvider"):
|
def __init__(self, remote: "SAMLProvider"):
|
||||||
self.name = remote.name
|
self.name = remote.name
|
||||||
|
|
|
||||||
|
|
@ -15,26 +15,8 @@
|
||||||
</ds:X509Data>
|
</ds:X509Data>
|
||||||
</ds:KeyInfo>
|
</ds:KeyInfo>
|
||||||
</md:KeyDescriptor>
|
</md:KeyDescriptor>
|
||||||
|
<md:NameIDFormat>{{ subject_format }}</md:NameIDFormat>
|
||||||
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="{{ slo_url }}"/>
|
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="{{ slo_url }}"/>
|
||||||
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
|
|
||||||
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="{{ sso_url }}"/>
|
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="{{ sso_url }}"/>
|
||||||
</md:IDPSSODescriptor>
|
</md:IDPSSODescriptor>
|
||||||
{% comment %}
|
|
||||||
<!-- #TODO: Add support for optional Organization section -->
|
|
||||||
{# if org #}
|
|
||||||
<md:Organization>
|
|
||||||
<md:OrganizationName xml:lang="en">{{ org.name }}</md:OrganizationName>
|
|
||||||
<md:OrganizationDisplayName xml:lang="en">{{ org.display_name }}</md:OrganizationDisplayName>
|
|
||||||
<md:OrganizationURL xml:lang="en">{{ org.url }}</md:OrganizationURL>
|
|
||||||
</md:Organization>
|
|
||||||
{# endif #}
|
|
||||||
<!-- #TODO: Add support for optional ContactPerson section(s) -->
|
|
||||||
{# for contact in contacts #}
|
|
||||||
<md:ContactPerson contactType="{{ contact.type }}">
|
|
||||||
<md:GivenName>{{ contact.given_name }}</md:GivenName>
|
|
||||||
<md:SurName>{{ contact.sur_name }}</md:SurName>
|
|
||||||
<md:EmailAddress>{{ contact.email }}</md:EmailAddress>
|
|
||||||
</md:ContactPerson>
|
|
||||||
{# endfor #}
|
|
||||||
{% endcomment %}
|
|
||||||
</md:EntityDescriptor>
|
</md:EntityDescriptor>
|
||||||
|
|
|
||||||
|
|
@ -242,11 +242,13 @@ class DescriptorDownloadView(AccessRequiredView):
|
||||||
pubkey = strip_pem_header(provider.signing_cert.replace("\r", "")).replace(
|
pubkey = strip_pem_header(provider.signing_cert.replace("\r", "")).replace(
|
||||||
"\n", ""
|
"\n", ""
|
||||||
)
|
)
|
||||||
|
subject_format = provider.processor.subject_format
|
||||||
ctx = {
|
ctx = {
|
||||||
"entity_id": entity_id,
|
"entity_id": entity_id,
|
||||||
"cert_public_key": pubkey,
|
"cert_public_key": pubkey,
|
||||||
"slo_url": slo_url,
|
"slo_url": slo_url,
|
||||||
"sso_url": sso_url,
|
"sso_url": sso_url,
|
||||||
|
"subject_format": subject_format,
|
||||||
}
|
}
|
||||||
return render_to_string("saml/xml/metadata.xml", ctx)
|
return render_to_string("saml/xml/metadata.xml", ctx)
|
||||||
|
|
||||||
|
|
|
||||||
Reference in New Issue