trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

providers/saml: fix signing and verification kp not being set correctly

This commit is contained in:
Jens Langhammer 2020-12-30 22:07:30 +01:00
parent a9e53cd52a
commit 412f5b9210
3 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
authentik/providers/saml/processors/metadata_parser.py
View File

@ -10,7 +10,6 @@ from lxml import etree # nosec
from structlog import get_logger from structlog import get_logger
from authentik.crypto.models import CertificateKeyPair from authentik.crypto.models import CertificateKeyPair
from authentik.flows.models import Flow, FlowDesignation
from authentik.providers.saml.models import SAMLBindings, SAMLProvider from authentik.providers.saml.models import SAMLBindings, SAMLProvider
from authentik.providers.saml.utils.encoding import PEM_FOOTER, PEM_HEADER from authentik.providers.saml.utils.encoding import PEM_FOOTER, PEM_HEADER
from authentik.sources.saml.processors.constants import ( from authentik.sources.saml.processors.constants import (
@ -56,10 +55,14 @@ class ServiceProviderMetadata:
provider.issuer = self.entity_id provider.issuer = self.entity_id
provider.sp_binding = self.acs_binding provider.sp_binding = self.acs_binding
provider.acs_url = self.acs_location provider.acs_url = self.acs_location
if self.signing_keypair: if self.signing_keypair and self.auth_n_request_signed:
self.signing_keypair.name = f"Provider {name} - SAML Signing Certificate" self.signing_keypair.name = f"Provider {name} - SAML Signing Certificate"
self.signing_keypair.save() self.signing_keypair.save()
provider.signing_kp = self.signing_keypair provider.verification_kp = self.signing_keypair
if self.assertion_signed:
provider.signing_kp = CertificateKeyPair.objects.exclude(
key_data__iexact=""
).first()
return provider return provider

4
authentik/providers/saml/tests/test_metadata.py
View File

@ -84,7 +84,9 @@ class TestServiceProviderMetadataParser(TestCase):
provider.issuer, "http://localhost:8080/apps/user_saml/saml/metadata" provider.issuer, "http://localhost:8080/apps/user_saml/saml/metadata"
) )
self.assertEqual(provider.sp_binding, SAMLBindings.POST) self.assertEqual(provider.sp_binding, SAMLBindings.POST)
self.assertEqual(provider.signing_kp.certificate_data, CERT) self.assertEqual(provider.verification_kp.certificate_data, CERT)
self.assertIsNotNone(provider.signing_kp)
self.assertEqual(provider.audience, "")
def test_with_signing_cert_invalid_signature(self): def test_with_signing_cert_invalid_signature(self):
"""Test Metadata with signing cert (invalid signature)""" """Test Metadata with signing cert (invalid signature)"""

2
authentik/providers/saml/views.py
View File

@ -277,7 +277,7 @@ class MetadataImportView(LoginRequiredMixin, FormView):
LOGGER.warning(exc) LOGGER.warning(exc)
messages.error( messages.error(
self.request, self.request,
_("Failed to import Metadata: %(message)s", {"message": str(exc)}), _("Failed to import Metadata: %(message)s" % {"message": str(exc)}),
) )
return super().form_invalid(form) return super().form_invalid(form)
return super().form_valid(form) return super().form_valid(form)