providers/saml: allow audience to be empty

This commit is contained in:
Jens Langhammer 2020-12-30 22:15:28 +01:00
parent 412f5b9210
commit 4fde1b7365
5 changed files with 43 additions and 12 deletions

View file

@ -36,17 +36,17 @@ class SAMLProviderForm(forms.ModelForm):
"name", "name",
"authorization_flow", "authorization_flow",
"acs_url", "acs_url",
"audience",
"issuer", "issuer",
"sp_binding", "sp_binding",
"audience",
"signing_kp",
"verification_kp",
"property_mappings",
"assertion_valid_not_before", "assertion_valid_not_before",
"assertion_valid_not_on_or_after", "assertion_valid_not_on_or_after",
"session_valid_not_on_or_after", "session_valid_not_on_or_after",
"digest_algorithm", "digest_algorithm",
"signature_algorithm", "signature_algorithm",
"signing_kp",
"verification_kp",
"property_mappings",
] ]
widgets = { widgets = {
"name": forms.TextInput(), "name": forms.TextInput(),

View file

@ -0,0 +1,22 @@
# Generated by Django 3.1.4 on 2020-12-30 21:12
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("authentik_providers_saml", "0009_auto_20201112_2016"),
]
operations = [
migrations.AlterField(
model_name="samlprovider",
name="audience",
field=models.TextField(
blank=True,
default="",
help_text="Value of the audience restriction field of the asseration. When left empty, no audience restriction will be added.",
),
),
]

View file

@ -42,7 +42,13 @@ class SAMLProvider(Provider):
acs_url = models.URLField(verbose_name=_("ACS URL")) acs_url = models.URLField(verbose_name=_("ACS URL"))
audience = models.TextField( audience = models.TextField(
default="", default="",
help_text=_("Value of the audience restriction field of the asseration."), blank=True,
help_text=_(
(
"Value of the audience restriction field of the asseration. When left empty, "
"no audience restriction will be added."
)
),
) )
issuer = models.TextField( issuer = models.TextField(
help_text=_("Also known as EntityID"), default="authentik" help_text=_("Also known as EntityID"), default="authentik"

View file

@ -127,11 +127,14 @@ class AssertionProcessor:
conditions = Element(f"{{{NS_SAML_ASSERTION}}}Conditions") conditions = Element(f"{{{NS_SAML_ASSERTION}}}Conditions")
conditions.attrib["NotBefore"] = self._valid_not_before conditions.attrib["NotBefore"] = self._valid_not_before
conditions.attrib["NotOnOrAfter"] = self._valid_not_on_or_after conditions.attrib["NotOnOrAfter"] = self._valid_not_on_or_after
audience_restriction = SubElement( if self.provider.audience != "":
conditions, f"{{{NS_SAML_ASSERTION}}}AudienceRestriction" audience_restriction = SubElement(
) conditions, f"{{{NS_SAML_ASSERTION}}}AudienceRestriction"
audience = SubElement(audience_restriction, f"{{{NS_SAML_ASSERTION}}}Audience") )
audience.text = self.provider.audience audience = SubElement(
audience_restriction, f"{{{NS_SAML_ASSERTION}}}Audience"
)
audience.text = self.provider.audience
return conditions return conditions
def get_name_id(self) -> Element: def get_name_id(self) -> Element:

View file

@ -8004,9 +8004,9 @@ definitions:
minLength: 1 minLength: 1
audience: audience:
title: Audience title: Audience
description: Value of the audience restriction field of the asseration. description: Value of the audience restriction field of the asseration. When
left empty, no audience restriction will be added.
type: string type: string
minLength: 1
issuer: issuer:
title: Issuer title: Issuer
description: Also known as EntityID description: Also known as EntityID