providers/saml: allow audience to be empty
This commit is contained in:
parent
412f5b9210
commit
4fde1b7365
|
@ -36,17 +36,17 @@ class SAMLProviderForm(forms.ModelForm):
|
||||||
"name",
|
"name",
|
||||||
"authorization_flow",
|
"authorization_flow",
|
||||||
"acs_url",
|
"acs_url",
|
||||||
"audience",
|
|
||||||
"issuer",
|
"issuer",
|
||||||
"sp_binding",
|
"sp_binding",
|
||||||
|
"audience",
|
||||||
|
"signing_kp",
|
||||||
|
"verification_kp",
|
||||||
|
"property_mappings",
|
||||||
"assertion_valid_not_before",
|
"assertion_valid_not_before",
|
||||||
"assertion_valid_not_on_or_after",
|
"assertion_valid_not_on_or_after",
|
||||||
"session_valid_not_on_or_after",
|
"session_valid_not_on_or_after",
|
||||||
"digest_algorithm",
|
"digest_algorithm",
|
||||||
"signature_algorithm",
|
"signature_algorithm",
|
||||||
"signing_kp",
|
|
||||||
"verification_kp",
|
|
||||||
"property_mappings",
|
|
||||||
]
|
]
|
||||||
widgets = {
|
widgets = {
|
||||||
"name": forms.TextInput(),
|
"name": forms.TextInput(),
|
||||||
|
|
|
@ -0,0 +1,22 @@
|
||||||
|
# Generated by Django 3.1.4 on 2020-12-30 21:12
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
("authentik_providers_saml", "0009_auto_20201112_2016"),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name="samlprovider",
|
||||||
|
name="audience",
|
||||||
|
field=models.TextField(
|
||||||
|
blank=True,
|
||||||
|
default="",
|
||||||
|
help_text="Value of the audience restriction field of the asseration. When left empty, no audience restriction will be added.",
|
||||||
|
),
|
||||||
|
),
|
||||||
|
]
|
|
@ -42,7 +42,13 @@ class SAMLProvider(Provider):
|
||||||
acs_url = models.URLField(verbose_name=_("ACS URL"))
|
acs_url = models.URLField(verbose_name=_("ACS URL"))
|
||||||
audience = models.TextField(
|
audience = models.TextField(
|
||||||
default="",
|
default="",
|
||||||
help_text=_("Value of the audience restriction field of the asseration."),
|
blank=True,
|
||||||
|
help_text=_(
|
||||||
|
(
|
||||||
|
"Value of the audience restriction field of the asseration. When left empty, "
|
||||||
|
"no audience restriction will be added."
|
||||||
|
)
|
||||||
|
),
|
||||||
)
|
)
|
||||||
issuer = models.TextField(
|
issuer = models.TextField(
|
||||||
help_text=_("Also known as EntityID"), default="authentik"
|
help_text=_("Also known as EntityID"), default="authentik"
|
||||||
|
|
|
@ -127,11 +127,14 @@ class AssertionProcessor:
|
||||||
conditions = Element(f"{{{NS_SAML_ASSERTION}}}Conditions")
|
conditions = Element(f"{{{NS_SAML_ASSERTION}}}Conditions")
|
||||||
conditions.attrib["NotBefore"] = self._valid_not_before
|
conditions.attrib["NotBefore"] = self._valid_not_before
|
||||||
conditions.attrib["NotOnOrAfter"] = self._valid_not_on_or_after
|
conditions.attrib["NotOnOrAfter"] = self._valid_not_on_or_after
|
||||||
audience_restriction = SubElement(
|
if self.provider.audience != "":
|
||||||
conditions, f"{{{NS_SAML_ASSERTION}}}AudienceRestriction"
|
audience_restriction = SubElement(
|
||||||
)
|
conditions, f"{{{NS_SAML_ASSERTION}}}AudienceRestriction"
|
||||||
audience = SubElement(audience_restriction, f"{{{NS_SAML_ASSERTION}}}Audience")
|
)
|
||||||
audience.text = self.provider.audience
|
audience = SubElement(
|
||||||
|
audience_restriction, f"{{{NS_SAML_ASSERTION}}}Audience"
|
||||||
|
)
|
||||||
|
audience.text = self.provider.audience
|
||||||
return conditions
|
return conditions
|
||||||
|
|
||||||
def get_name_id(self) -> Element:
|
def get_name_id(self) -> Element:
|
||||||
|
|
|
@ -8004,9 +8004,9 @@ definitions:
|
||||||
minLength: 1
|
minLength: 1
|
||||||
audience:
|
audience:
|
||||||
title: Audience
|
title: Audience
|
||||||
description: Value of the audience restriction field of the asseration.
|
description: Value of the audience restriction field of the asseration. When
|
||||||
|
left empty, no audience restriction will be added.
|
||||||
type: string
|
type: string
|
||||||
minLength: 1
|
|
||||||
issuer:
|
issuer:
|
||||||
title: Issuer
|
title: Issuer
|
||||||
description: Also known as EntityID
|
description: Also known as EntityID
|
||||||
|
|
Reference in a new issue