sources/saml: add POST_AUTO binding which auto redirects to IdP
This commit is contained in:
parent
1524880eec
commit
1e57926603
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
from django import forms
|
from django import forms
|
||||||
|
|
||||||
|
from passbook.flows.models import Flow, FlowDesignation
|
||||||
from passbook.admin.forms.source import SOURCE_FORM_FIELDS
|
from passbook.admin.forms.source import SOURCE_FORM_FIELDS
|
||||||
from passbook.sources.saml.models import SAMLSource
|
from passbook.sources.saml.models import SAMLSource
|
||||||
|
|
||||||
|
@ -9,6 +10,13 @@ from passbook.sources.saml.models import SAMLSource
|
||||||
class SAMLSourceForm(forms.ModelForm):
|
class SAMLSourceForm(forms.ModelForm):
|
||||||
"""SAML Provider form"""
|
"""SAML Provider form"""
|
||||||
|
|
||||||
|
authentication_flow = forms.ModelChoiceField(
|
||||||
|
queryset=Flow.objects.filter(designation=FlowDesignation.AUTHENTICATION)
|
||||||
|
)
|
||||||
|
enrollment_flow = forms.ModelChoiceField(
|
||||||
|
queryset=Flow.objects.filter(designation=FlowDesignation.ENROLLMENT)
|
||||||
|
)
|
||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
|
|
||||||
model = SAMLSource
|
model = SAMLSource
|
||||||
|
|
|
@ -0,0 +1,18 @@
|
||||||
|
# Generated by Django 3.0.8 on 2020-07-08 12:07
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('passbook_sources_saml', '0003_auto_20200624_1957'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='samlsource',
|
||||||
|
name='binding_type',
|
||||||
|
field=models.CharField(choices=[('REDIRECT', 'Redirect Binding'), ('POST', 'POST Binding'), ('POST_AUTO', 'POST Binding with auto-confirmation')], default='REDIRECT', max_length=100),
|
||||||
|
),
|
||||||
|
]
|
|
@ -12,8 +12,9 @@ from passbook.providers.saml.utils.time import timedelta_string_validator
|
||||||
class SAMLBindingTypes(models.TextChoices):
|
class SAMLBindingTypes(models.TextChoices):
|
||||||
"""SAML Binding types"""
|
"""SAML Binding types"""
|
||||||
|
|
||||||
Redirect = "REDIRECT"
|
Redirect = "REDIRECT", _("Redirect Binding")
|
||||||
POST = "POST"
|
POST = "POST", _("POST Binding")
|
||||||
|
POST_AUTO = "POST_AUTO", _("POST Binding with auto-confirmation")
|
||||||
|
|
||||||
|
|
||||||
class SAMLSource(Source):
|
class SAMLSource(Source):
|
||||||
|
|
|
@ -42,12 +42,14 @@ class InitiateView(View):
|
||||||
"ISSUER": get_issuer(request, source),
|
"ISSUER": get_issuer(request, source),
|
||||||
}
|
}
|
||||||
authn_req = get_authnrequest_xml(parameters, signed=False)
|
authn_req = get_authnrequest_xml(parameters, signed=False)
|
||||||
|
# If the source is configured for Redirect bindings, we can just redirect there
|
||||||
if source.binding_type == SAMLBindingTypes.Redirect:
|
if source.binding_type == SAMLBindingTypes.Redirect:
|
||||||
_request = deflate_and_base64_encode(authn_req.encode())
|
_request = deflate_and_base64_encode(authn_req.encode())
|
||||||
url_args = urlencode({"SAMLRequest": _request, "RelayState": relay_state})
|
url_args = urlencode({"SAMLRequest": _request, "RelayState": relay_state})
|
||||||
return redirect(f"{source.sso_url}?{url_args}")
|
return redirect(f"{source.sso_url}?{url_args}")
|
||||||
if source.binding_type == SAMLBindingTypes.POST:
|
# As POST Binding we show a form
|
||||||
_request = nice64(authn_req.encode())
|
_request = nice64(authn_req.encode())
|
||||||
|
if source.binding_type == SAMLBindingTypes.POST:
|
||||||
return render(
|
return render(
|
||||||
request,
|
request,
|
||||||
"saml/sp/login.html",
|
"saml/sp/login.html",
|
||||||
|
@ -58,6 +60,20 @@ class InitiateView(View):
|
||||||
"source": source,
|
"source": source,
|
||||||
},
|
},
|
||||||
)
|
)
|
||||||
|
# Or an auto-submit form
|
||||||
|
if source.binding_type == SAMLBindingTypes.POST_AUTO:
|
||||||
|
return render(
|
||||||
|
request,
|
||||||
|
"providers/saml/autosubmit_form.html",
|
||||||
|
{
|
||||||
|
"application": source,
|
||||||
|
"attrs": {
|
||||||
|
"SAMLRequest": _request,
|
||||||
|
"RelayState": relay_state,
|
||||||
|
},
|
||||||
|
"url": source.sso_url,
|
||||||
|
},
|
||||||
|
)
|
||||||
raise Http404
|
raise Http404
|
||||||
|
|
||||||
|
|
||||||
|
|
Reference in New Issue