sources/saml: add POST_AUTO binding which auto redirects to IdP

This commit is contained in:
Jens Langhammer 2020-07-08 14:18:08 +02:00
parent 1524880eec
commit 1e57926603
4 changed files with 46 additions and 3 deletions

View File

@ -2,6 +2,7 @@
from django import forms from django import forms
from passbook.flows.models import Flow, FlowDesignation
from passbook.admin.forms.source import SOURCE_FORM_FIELDS from passbook.admin.forms.source import SOURCE_FORM_FIELDS
from passbook.sources.saml.models import SAMLSource from passbook.sources.saml.models import SAMLSource
@ -9,6 +10,13 @@ from passbook.sources.saml.models import SAMLSource
class SAMLSourceForm(forms.ModelForm): class SAMLSourceForm(forms.ModelForm):
"""SAML Provider form""" """SAML Provider form"""
authentication_flow = forms.ModelChoiceField(
queryset=Flow.objects.filter(designation=FlowDesignation.AUTHENTICATION)
)
enrollment_flow = forms.ModelChoiceField(
queryset=Flow.objects.filter(designation=FlowDesignation.ENROLLMENT)
)
class Meta: class Meta:
model = SAMLSource model = SAMLSource

View File

@ -0,0 +1,18 @@
# Generated by Django 3.0.8 on 2020-07-08 12:07
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('passbook_sources_saml', '0003_auto_20200624_1957'),
]
operations = [
migrations.AlterField(
model_name='samlsource',
name='binding_type',
field=models.CharField(choices=[('REDIRECT', 'Redirect Binding'), ('POST', 'POST Binding'), ('POST_AUTO', 'POST Binding with auto-confirmation')], default='REDIRECT', max_length=100),
),
]

View File

@ -12,8 +12,9 @@ from passbook.providers.saml.utils.time import timedelta_string_validator
class SAMLBindingTypes(models.TextChoices): class SAMLBindingTypes(models.TextChoices):
"""SAML Binding types""" """SAML Binding types"""
Redirect = "REDIRECT" Redirect = "REDIRECT", _("Redirect Binding")
POST = "POST" POST = "POST", _("POST Binding")
POST_AUTO = "POST_AUTO", _("POST Binding with auto-confirmation")
class SAMLSource(Source): class SAMLSource(Source):

View File

@ -42,12 +42,14 @@ class InitiateView(View):
"ISSUER": get_issuer(request, source), "ISSUER": get_issuer(request, source),
} }
authn_req = get_authnrequest_xml(parameters, signed=False) authn_req = get_authnrequest_xml(parameters, signed=False)
# If the source is configured for Redirect bindings, we can just redirect there
if source.binding_type == SAMLBindingTypes.Redirect: if source.binding_type == SAMLBindingTypes.Redirect:
_request = deflate_and_base64_encode(authn_req.encode()) _request = deflate_and_base64_encode(authn_req.encode())
url_args = urlencode({"SAMLRequest": _request, "RelayState": relay_state}) url_args = urlencode({"SAMLRequest": _request, "RelayState": relay_state})
return redirect(f"{source.sso_url}?{url_args}") return redirect(f"{source.sso_url}?{url_args}")
if source.binding_type == SAMLBindingTypes.POST: # As POST Binding we show a form
_request = nice64(authn_req.encode()) _request = nice64(authn_req.encode())
if source.binding_type == SAMLBindingTypes.POST:
return render( return render(
request, request,
"saml/sp/login.html", "saml/sp/login.html",
@ -58,6 +60,20 @@ class InitiateView(View):
"source": source, "source": source,
}, },
) )
# Or an auto-submit form
if source.binding_type == SAMLBindingTypes.POST_AUTO:
return render(
request,
"providers/saml/autosubmit_form.html",
{
"application": source,
"attrs": {
"SAMLRequest": _request,
"RelayState": relay_state,
},
"url": source.sso_url,
},
)
raise Http404 raise Http404