providers/saml: allow audience to be empty
This commit is contained in:
parent
412f5b9210
commit
4fde1b7365
|
@ -36,17 +36,17 @@ class SAMLProviderForm(forms.ModelForm):
|
|||
"name",
|
||||
"authorization_flow",
|
||||
"acs_url",
|
||||
"audience",
|
||||
"issuer",
|
||||
"sp_binding",
|
||||
"audience",
|
||||
"signing_kp",
|
||||
"verification_kp",
|
||||
"property_mappings",
|
||||
"assertion_valid_not_before",
|
||||
"assertion_valid_not_on_or_after",
|
||||
"session_valid_not_on_or_after",
|
||||
"digest_algorithm",
|
||||
"signature_algorithm",
|
||||
"signing_kp",
|
||||
"verification_kp",
|
||||
"property_mappings",
|
||||
]
|
||||
widgets = {
|
||||
"name": forms.TextInput(),
|
||||
|
|
|
@ -0,0 +1,22 @@
|
|||
# Generated by Django 3.1.4 on 2020-12-30 21:12
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("authentik_providers_saml", "0009_auto_20201112_2016"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name="samlprovider",
|
||||
name="audience",
|
||||
field=models.TextField(
|
||||
blank=True,
|
||||
default="",
|
||||
help_text="Value of the audience restriction field of the asseration. When left empty, no audience restriction will be added.",
|
||||
),
|
||||
),
|
||||
]
|
|
@ -42,7 +42,13 @@ class SAMLProvider(Provider):
|
|||
acs_url = models.URLField(verbose_name=_("ACS URL"))
|
||||
audience = models.TextField(
|
||||
default="",
|
||||
help_text=_("Value of the audience restriction field of the asseration."),
|
||||
blank=True,
|
||||
help_text=_(
|
||||
(
|
||||
"Value of the audience restriction field of the asseration. When left empty, "
|
||||
"no audience restriction will be added."
|
||||
)
|
||||
),
|
||||
)
|
||||
issuer = models.TextField(
|
||||
help_text=_("Also known as EntityID"), default="authentik"
|
||||
|
|
|
@ -127,10 +127,13 @@ class AssertionProcessor:
|
|||
conditions = Element(f"{{{NS_SAML_ASSERTION}}}Conditions")
|
||||
conditions.attrib["NotBefore"] = self._valid_not_before
|
||||
conditions.attrib["NotOnOrAfter"] = self._valid_not_on_or_after
|
||||
if self.provider.audience != "":
|
||||
audience_restriction = SubElement(
|
||||
conditions, f"{{{NS_SAML_ASSERTION}}}AudienceRestriction"
|
||||
)
|
||||
audience = SubElement(audience_restriction, f"{{{NS_SAML_ASSERTION}}}Audience")
|
||||
audience = SubElement(
|
||||
audience_restriction, f"{{{NS_SAML_ASSERTION}}}Audience"
|
||||
)
|
||||
audience.text = self.provider.audience
|
||||
return conditions
|
||||
|
||||
|
|
|
@ -8004,9 +8004,9 @@ definitions:
|
|||
minLength: 1
|
||||
audience:
|
||||
title: Audience
|
||||
description: Value of the audience restriction field of the asseration.
|
||||
description: Value of the audience restriction field of the asseration. When
|
||||
left empty, no audience restriction will be added.
|
||||
type: string
|
||||
minLength: 1
|
||||
issuer:
|
||||
title: Issuer
|
||||
description: Also known as EntityID
|
||||
|
|
Reference in a new issue