sources/saml: add POST_AUTO binding which auto redirects to IdP

2020-07-08 14:18:08 +02:00 · 2020-07-08 14:18:08 +02:00 · 1e57926603
parent 1524880eec
commit 1e57926603
4 changed files with 46 additions and 3 deletions
--- a/passbook/sources/saml/forms.py
+++ b/passbook/sources/saml/forms.py
@ -2,6 +2,7 @@

 from django import forms

+from passbook.flows.models import Flow, FlowDesignation
 from passbook.admin.forms.source import SOURCE_FORM_FIELDS
 from passbook.sources.saml.models import SAMLSource

@ -9,6 +10,13 @@ from passbook.sources.saml.models import SAMLSource
 class SAMLSourceForm(forms.ModelForm):
    """SAML Provider form"""

+    authentication_flow = forms.ModelChoiceField(
+        queryset=Flow.objects.filter(designation=FlowDesignation.AUTHENTICATION)
+    )
+    enrollment_flow = forms.ModelChoiceField(
+        queryset=Flow.objects.filter(designation=FlowDesignation.ENROLLMENT)
+    )
+
    class Meta:

        model = SAMLSource
--- a/passbook/sources/saml/migrations/0004_auto_20200708_1207.py
+++ b/passbook/sources/saml/migrations/0004_auto_20200708_1207.py
@ -0,0 +1,18 @@
+# Generated by Django 3.0.8 on 2020-07-08 12:07
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('passbook_sources_saml', '0003_auto_20200624_1957'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='samlsource',
+            name='binding_type',
+            field=models.CharField(choices=[('REDIRECT', 'Redirect Binding'), ('POST', 'POST Binding'), ('POST_AUTO', 'POST Binding with auto-confirmation')], default='REDIRECT', max_length=100),
+        ),
+    ]
--- a/passbook/sources/saml/models.py
+++ b/passbook/sources/saml/models.py
@ -12,8 +12,9 @@ from passbook.providers.saml.utils.time import timedelta_string_validator
 class SAMLBindingTypes(models.TextChoices):
    """SAML Binding types"""

-    Redirect = "REDIRECT"
-    POST = "POST"
+    Redirect = "REDIRECT", _("Redirect Binding")
+    POST = "POST", _("POST Binding")
+    POST_AUTO = "POST_AUTO", _("POST Binding with auto-confirmation")


 class SAMLSource(Source):
--- a/passbook/sources/saml/views.py
+++ b/passbook/sources/saml/views.py
@ -42,12 +42,14 @@ class InitiateView(View):
            "ISSUER": get_issuer(request, source),
        }
        authn_req = get_authnrequest_xml(parameters, signed=False)
+        # If the source is configured for Redirect bindings, we can just redirect there
        if source.binding_type == SAMLBindingTypes.Redirect:
            _request = deflate_and_base64_encode(authn_req.encode())
            url_args = urlencode({"SAMLRequest": _request, "RelayState": relay_state})
            return redirect(f"{source.sso_url}?{url_args}")
+        # As POST Binding we show a form
+        _request = nice64(authn_req.encode())
        if source.binding_type == SAMLBindingTypes.POST:
-            _request = nice64(authn_req.encode())
            return render(
                request,
                "saml/sp/login.html",
@ -58,6 +60,20 @@ class InitiateView(View):
                    "source": source,
                },
            )
+        # Or an auto-submit form
+        if source.binding_type == SAMLBindingTypes.POST_AUTO:
+            return render(
+                request,
+                "providers/saml/autosubmit_form.html",
+                {
+                    "application": source,
+                    "attrs": {
+                        "SAMLRequest": _request,
+                        "RelayState": relay_state,
+                    },
+                    "url": source.sso_url,
+                },
+            )
        raise Http404