providers/saml: allow audience to be empty

This commit is contained in:
Jens Langhammer 2020-12-30 22:15:28 +01:00
parent 412f5b9210
commit 4fde1b7365
5 changed files with 43 additions and 12 deletions

View file

@ -36,17 +36,17 @@ class SAMLProviderForm(forms.ModelForm):
"name",
"authorization_flow",
"acs_url",
"audience",
"issuer",
"sp_binding",
"audience",
"signing_kp",
"verification_kp",
"property_mappings",
"assertion_valid_not_before",
"assertion_valid_not_on_or_after",
"session_valid_not_on_or_after",
"digest_algorithm",
"signature_algorithm",
"signing_kp",
"verification_kp",
"property_mappings",
]
widgets = {
"name": forms.TextInput(),

View file

@ -0,0 +1,22 @@
# Generated by Django 3.1.4 on 2020-12-30 21:12
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("authentik_providers_saml", "0009_auto_20201112_2016"),
]
operations = [
migrations.AlterField(
model_name="samlprovider",
name="audience",
field=models.TextField(
blank=True,
default="",
help_text="Value of the audience restriction field of the asseration. When left empty, no audience restriction will be added.",
),
),
]

View file

@ -42,7 +42,13 @@ class SAMLProvider(Provider):
acs_url = models.URLField(verbose_name=_("ACS URL"))
audience = models.TextField(
default="",
help_text=_("Value of the audience restriction field of the asseration."),
blank=True,
help_text=_(
(
"Value of the audience restriction field of the asseration. When left empty, "
"no audience restriction will be added."
)
),
)
issuer = models.TextField(
help_text=_("Also known as EntityID"), default="authentik"

View file

@ -127,11 +127,14 @@ class AssertionProcessor:
conditions = Element(f"{{{NS_SAML_ASSERTION}}}Conditions")
conditions.attrib["NotBefore"] = self._valid_not_before
conditions.attrib["NotOnOrAfter"] = self._valid_not_on_or_after
audience_restriction = SubElement(
conditions, f"{{{NS_SAML_ASSERTION}}}AudienceRestriction"
)
audience = SubElement(audience_restriction, f"{{{NS_SAML_ASSERTION}}}Audience")
audience.text = self.provider.audience
if self.provider.audience != "":
audience_restriction = SubElement(
conditions, f"{{{NS_SAML_ASSERTION}}}AudienceRestriction"
)
audience = SubElement(
audience_restriction, f"{{{NS_SAML_ASSERTION}}}Audience"
)
audience.text = self.provider.audience
return conditions
def get_name_id(self) -> Element:

View file

@ -8004,9 +8004,9 @@ definitions:
minLength: 1
audience:
title: Audience
description: Value of the audience restriction field of the asseration.
description: Value of the audience restriction field of the asseration. When
left empty, no audience restriction will be added.
type: string
minLength: 1
issuer:
title: Issuer
description: Also known as EntityID