From 1e5792660355d43e6e4ee5bc3bbcddf8005fd3b0 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 8 Jul 2020 14:18:08 +0200 Subject: [PATCH] sources/saml: add POST_AUTO binding which auto redirects to IdP --- passbook/sources/saml/forms.py | 8 ++++++++ .../saml/migrations/0004_auto_20200708_1207.py | 18 ++++++++++++++++++ passbook/sources/saml/models.py | 5 +++-- passbook/sources/saml/views.py | 18 +++++++++++++++++- 4 files changed, 46 insertions(+), 3 deletions(-) create mode 100644 passbook/sources/saml/migrations/0004_auto_20200708_1207.py diff --git a/passbook/sources/saml/forms.py b/passbook/sources/saml/forms.py index 7807338a7..8e7116b76 100644 --- a/passbook/sources/saml/forms.py +++ b/passbook/sources/saml/forms.py @@ -2,6 +2,7 @@ from django import forms +from passbook.flows.models import Flow, FlowDesignation from passbook.admin.forms.source import SOURCE_FORM_FIELDS from passbook.sources.saml.models import SAMLSource @@ -9,6 +10,13 @@ from passbook.sources.saml.models import SAMLSource class SAMLSourceForm(forms.ModelForm): """SAML Provider form""" + authentication_flow = forms.ModelChoiceField( + queryset=Flow.objects.filter(designation=FlowDesignation.AUTHENTICATION) + ) + enrollment_flow = forms.ModelChoiceField( + queryset=Flow.objects.filter(designation=FlowDesignation.ENROLLMENT) + ) + class Meta: model = SAMLSource diff --git a/passbook/sources/saml/migrations/0004_auto_20200708_1207.py b/passbook/sources/saml/migrations/0004_auto_20200708_1207.py new file mode 100644 index 000000000..4034293eb --- /dev/null +++ b/passbook/sources/saml/migrations/0004_auto_20200708_1207.py @@ -0,0 +1,18 @@ +# Generated by Django 3.0.8 on 2020-07-08 12:07 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('passbook_sources_saml', '0003_auto_20200624_1957'), + ] + + operations = [ + migrations.AlterField( + model_name='samlsource', + name='binding_type', + field=models.CharField(choices=[('REDIRECT', 'Redirect Binding'), ('POST', 'POST Binding'), ('POST_AUTO', 'POST Binding with auto-confirmation')], default='REDIRECT', max_length=100), + ), + ] diff --git a/passbook/sources/saml/models.py b/passbook/sources/saml/models.py index d48716258..b81da562e 100644 --- a/passbook/sources/saml/models.py +++ b/passbook/sources/saml/models.py @@ -12,8 +12,9 @@ from passbook.providers.saml.utils.time import timedelta_string_validator class SAMLBindingTypes(models.TextChoices): """SAML Binding types""" - Redirect = "REDIRECT" - POST = "POST" + Redirect = "REDIRECT", _("Redirect Binding") + POST = "POST", _("POST Binding") + POST_AUTO = "POST_AUTO", _("POST Binding with auto-confirmation") class SAMLSource(Source): diff --git a/passbook/sources/saml/views.py b/passbook/sources/saml/views.py index 7a4ca66b2..beb9728e0 100644 --- a/passbook/sources/saml/views.py +++ b/passbook/sources/saml/views.py @@ -42,12 +42,14 @@ class InitiateView(View): "ISSUER": get_issuer(request, source), } authn_req = get_authnrequest_xml(parameters, signed=False) + # If the source is configured for Redirect bindings, we can just redirect there if source.binding_type == SAMLBindingTypes.Redirect: _request = deflate_and_base64_encode(authn_req.encode()) url_args = urlencode({"SAMLRequest": _request, "RelayState": relay_state}) return redirect(f"{source.sso_url}?{url_args}") + # As POST Binding we show a form + _request = nice64(authn_req.encode()) if source.binding_type == SAMLBindingTypes.POST: - _request = nice64(authn_req.encode()) return render( request, "saml/sp/login.html", @@ -58,6 +60,20 @@ class InitiateView(View): "source": source, }, ) + # Or an auto-submit form + if source.binding_type == SAMLBindingTypes.POST_AUTO: + return render( + request, + "providers/saml/autosubmit_form.html", + { + "application": source, + "attrs": { + "SAMLRequest": _request, + "RelayState": relay_state, + }, + "url": source.sso_url, + }, + ) raise Http404