sources/saml: add POST_AUTO binding which auto redirects to IdP
This commit is contained in:
parent
1524880eec
commit
1e57926603
|
@ -2,6 +2,7 @@
|
|||
|
||||
from django import forms
|
||||
|
||||
from passbook.flows.models import Flow, FlowDesignation
|
||||
from passbook.admin.forms.source import SOURCE_FORM_FIELDS
|
||||
from passbook.sources.saml.models import SAMLSource
|
||||
|
||||
|
@ -9,6 +10,13 @@ from passbook.sources.saml.models import SAMLSource
|
|||
class SAMLSourceForm(forms.ModelForm):
|
||||
"""SAML Provider form"""
|
||||
|
||||
authentication_flow = forms.ModelChoiceField(
|
||||
queryset=Flow.objects.filter(designation=FlowDesignation.AUTHENTICATION)
|
||||
)
|
||||
enrollment_flow = forms.ModelChoiceField(
|
||||
queryset=Flow.objects.filter(designation=FlowDesignation.ENROLLMENT)
|
||||
)
|
||||
|
||||
class Meta:
|
||||
|
||||
model = SAMLSource
|
||||
|
|
|
@ -0,0 +1,18 @@
|
|||
# Generated by Django 3.0.8 on 2020-07-08 12:07
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('passbook_sources_saml', '0003_auto_20200624_1957'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name='samlsource',
|
||||
name='binding_type',
|
||||
field=models.CharField(choices=[('REDIRECT', 'Redirect Binding'), ('POST', 'POST Binding'), ('POST_AUTO', 'POST Binding with auto-confirmation')], default='REDIRECT', max_length=100),
|
||||
),
|
||||
]
|
|
@ -12,8 +12,9 @@ from passbook.providers.saml.utils.time import timedelta_string_validator
|
|||
class SAMLBindingTypes(models.TextChoices):
|
||||
"""SAML Binding types"""
|
||||
|
||||
Redirect = "REDIRECT"
|
||||
POST = "POST"
|
||||
Redirect = "REDIRECT", _("Redirect Binding")
|
||||
POST = "POST", _("POST Binding")
|
||||
POST_AUTO = "POST_AUTO", _("POST Binding with auto-confirmation")
|
||||
|
||||
|
||||
class SAMLSource(Source):
|
||||
|
|
|
@ -42,12 +42,14 @@ class InitiateView(View):
|
|||
"ISSUER": get_issuer(request, source),
|
||||
}
|
||||
authn_req = get_authnrequest_xml(parameters, signed=False)
|
||||
# If the source is configured for Redirect bindings, we can just redirect there
|
||||
if source.binding_type == SAMLBindingTypes.Redirect:
|
||||
_request = deflate_and_base64_encode(authn_req.encode())
|
||||
url_args = urlencode({"SAMLRequest": _request, "RelayState": relay_state})
|
||||
return redirect(f"{source.sso_url}?{url_args}")
|
||||
# As POST Binding we show a form
|
||||
_request = nice64(authn_req.encode())
|
||||
if source.binding_type == SAMLBindingTypes.POST:
|
||||
_request = nice64(authn_req.encode())
|
||||
return render(
|
||||
request,
|
||||
"saml/sp/login.html",
|
||||
|
@ -58,6 +60,20 @@ class InitiateView(View):
|
|||
"source": source,
|
||||
},
|
||||
)
|
||||
# Or an auto-submit form
|
||||
if source.binding_type == SAMLBindingTypes.POST_AUTO:
|
||||
return render(
|
||||
request,
|
||||
"providers/saml/autosubmit_form.html",
|
||||
{
|
||||
"application": source,
|
||||
"attrs": {
|
||||
"SAMLRequest": _request,
|
||||
"RelayState": relay_state,
|
||||
},
|
||||
"url": source.sso_url,
|
||||
},
|
||||
)
|
||||
raise Http404
|
||||
|
||||
|
||||
|
|
Reference in New Issue