providers/saml: change default NameID Format to emailAddress

This commit is contained in:
Jens Langhammer 2020-02-20 17:37:09 +01:00
parent 84fc54ddaa
commit 027a64fad2
3 changed files with 4 additions and 20 deletions

View file

@ -40,7 +40,7 @@ class Processor:
@property @property
def subject_format(self) -> str: def subject_format(self) -> str:
"""Get subject Format""" """Get subject Format"""
return "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" return "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
def __init__(self, remote: "SAMLProvider"): def __init__(self, remote: "SAMLProvider"):
self.name = remote.name self.name = remote.name

View file

@ -15,26 +15,8 @@
</ds:X509Data> </ds:X509Data>
</ds:KeyInfo> </ds:KeyInfo>
</md:KeyDescriptor> </md:KeyDescriptor>
<md:NameIDFormat>{{ subject_format }}</md:NameIDFormat>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="{{ slo_url }}"/> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="{{ slo_url }}"/>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="{{ sso_url }}"/> <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="{{ sso_url }}"/>
</md:IDPSSODescriptor> </md:IDPSSODescriptor>
{% comment %}
<!-- #TODO: Add support for optional Organization section -->
{# if org #}
<md:Organization>
<md:OrganizationName xml:lang="en">{{ org.name }}</md:OrganizationName>
<md:OrganizationDisplayName xml:lang="en">{{ org.display_name }}</md:OrganizationDisplayName>
<md:OrganizationURL xml:lang="en">{{ org.url }}</md:OrganizationURL>
</md:Organization>
{# endif #}
<!-- #TODO: Add support for optional ContactPerson section(s) -->
{# for contact in contacts #}
<md:ContactPerson contactType="{{ contact.type }}">
<md:GivenName>{{ contact.given_name }}</md:GivenName>
<md:SurName>{{ contact.sur_name }}</md:SurName>
<md:EmailAddress>{{ contact.email }}</md:EmailAddress>
</md:ContactPerson>
{# endfor #}
{% endcomment %}
</md:EntityDescriptor> </md:EntityDescriptor>

View file

@ -242,11 +242,13 @@ class DescriptorDownloadView(AccessRequiredView):
pubkey = strip_pem_header(provider.signing_cert.replace("\r", "")).replace( pubkey = strip_pem_header(provider.signing_cert.replace("\r", "")).replace(
"\n", "" "\n", ""
) )
subject_format = provider.processor.subject_format
ctx = { ctx = {
"entity_id": entity_id, "entity_id": entity_id,
"cert_public_key": pubkey, "cert_public_key": pubkey,
"slo_url": slo_url, "slo_url": slo_url,
"sso_url": sso_url, "sso_url": sso_url,
"subject_format": subject_format,
} }
return render_to_string("saml/xml/metadata.xml", ctx) return render_to_string("saml/xml/metadata.xml", ctx)