diff --git a/debian/etc/passbook/config.yml b/debian/etc/passbook/config.yml index 4a7851c07..405619061 100644 --- a/debian/etc/passbook/config.yml +++ b/debian/etc/passbook/config.yml @@ -73,9 +73,4 @@ saml_idp: # List of python packages with provider types to load. types: - passbook.saml_idp.processors.generic - - passbook.saml_idp.processors.aws - - passbook.saml_idp.processors.gitlab - - passbook.saml_idp.processors.nextcloud - passbook.saml_idp.processors.salesforce - - passbook.saml_idp.processors.shibboleth - - passbook.saml_idp.processors.wordpress_orange diff --git a/helm/passbook/templates/passbook-configmap.yaml b/helm/passbook/templates/passbook-configmap.yaml index 26618935a..5f36a9efd 100644 --- a/helm/passbook/templates/passbook-configmap.yaml +++ b/helm/passbook/templates/passbook-configmap.yaml @@ -134,9 +134,4 @@ data: # List of python packages with provider types to load. types: - passbook.saml_idp.processors.generic - - passbook.saml_idp.processors.aws - - passbook.saml_idp.processors.gitlab - - passbook.saml_idp.processors.nextcloud - passbook.saml_idp.processors.salesforce - - passbook.saml_idp.processors.shibboleth - - passbook.saml_idp.processors.wordpress_orange diff --git a/passbook/lib/default.yml b/passbook/lib/default.yml index 33f240d02..10562100c 100644 --- a/passbook/lib/default.yml +++ b/passbook/lib/default.yml @@ -95,10 +95,4 @@ saml_idp: # List of python packages with provider types to load. types: - passbook.saml_idp.processors.generic - - passbook.saml_idp.processors.aws - - passbook.saml_idp.processors.gitlab - - passbook.saml_idp.processors.nextcloud - passbook.saml_idp.processors.salesforce - - passbook.saml_idp.processors.shibboleth - - passbook.saml_idp.processors.wordpress_orange - - passbook.saml_idp.processors.rancher diff --git a/passbook/saml_idp/base.py b/passbook/saml_idp/base.py index c394a7bfd..5aa21846b 100644 --- a/passbook/saml_idp/base.py +++ b/passbook/saml_idp/base.py @@ -116,11 +116,7 @@ class Processor: def _determine_audience(self): """Determines the _audience.""" - self._audience = self._request_params.get('DESTINATION', None) - - if not self._audience: - self._audience = self._request_params.get('PROVIDER_NAME', None) - + self._audience = self._remote.audience self._logger.info('determined audience') def _determine_response_id(self): diff --git a/passbook/saml_idp/forms.py b/passbook/saml_idp/forms.py index d305b2990..98a17cc32 100644 --- a/passbook/saml_idp/forms.py +++ b/passbook/saml_idp/forms.py @@ -25,7 +25,7 @@ class SAMLProviderForm(forms.ModelForm): class Meta: model = SAMLProvider - fields = ['name', 'property_mappings', 'acs_url', 'processor_path', 'issuer', + fields = ['name', 'property_mappings', 'acs_url', 'audience', 'processor_path', 'issuer', 'assertion_valid_for', 'signing', 'signing_cert', 'signing_key', ] labels = { 'acs_url': 'ACS URL', @@ -33,6 +33,7 @@ class SAMLProviderForm(forms.ModelForm): } widgets = { 'name': forms.TextInput(), + 'audience': forms.TextInput(), 'issuer': forms.TextInput(), 'property_mappings': FilteredSelectMultiple(_('Property Mappings'), False) } diff --git a/passbook/saml_idp/migrations/0003_samlprovider_audience.py b/passbook/saml_idp/migrations/0003_samlprovider_audience.py new file mode 100644 index 000000000..f183d53a8 --- /dev/null +++ b/passbook/saml_idp/migrations/0003_samlprovider_audience.py @@ -0,0 +1,18 @@ +# Generated by Django 2.2 on 2019-04-18 09:09 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('passbook_saml_idp', '0002_samlpropertymapping'), + ] + + operations = [ + migrations.AddField( + model_name='samlprovider', + name='audience', + field=models.TextField(blank=True, default=''), + ), + ] diff --git a/passbook/saml_idp/migrations/0004_auto_20190418_0918.py b/passbook/saml_idp/migrations/0004_auto_20190418_0918.py new file mode 100644 index 000000000..a12725415 --- /dev/null +++ b/passbook/saml_idp/migrations/0004_auto_20190418_0918.py @@ -0,0 +1,18 @@ +# Generated by Django 2.2 on 2019-04-18 09:18 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('passbook_saml_idp', '0003_samlprovider_audience'), + ] + + operations = [ + migrations.AlterField( + model_name='samlprovider', + name='audience', + field=models.TextField(default=''), + ), + ] diff --git a/passbook/saml_idp/models.py b/passbook/saml_idp/models.py index 4d9d2f400..14a85db2c 100644 --- a/passbook/saml_idp/models.py +++ b/passbook/saml_idp/models.py @@ -15,6 +15,7 @@ class SAMLProvider(Provider): name = models.TextField() acs_url = models.URLField() + audience = models.TextField(default='') processor_path = models.CharField(max_length=255, choices=[]) issuer = models.TextField() assertion_valid_for = models.IntegerField(default=86400) @@ -33,7 +34,10 @@ class SAMLProvider(Provider): def processor(self): """Return selected processor as instance""" if not self._processor: - self._processor = path_to_class(self.processor_path)(self) + try: + self._processor = path_to_class(self.processor_path)(self) + except ModuleNotFoundError: + self._processor = None return self._processor def __str__(self): diff --git a/passbook/saml_idp/processors/aws.py b/passbook/saml_idp/processors/aws.py deleted file mode 100644 index 44953b1fb..000000000 --- a/passbook/saml_idp/processors/aws.py +++ /dev/null @@ -1,22 +0,0 @@ -"""AWS Processor""" - -from passbook.saml_idp.base import Processor, xml_render - - -class AWSProcessor(Processor): - """AWS Response Handler Processor for testing against django-saml2-sp.""" - - def _determine_audience(self): - self._audience = 'urn:amazon:webservices' - - def _format_assertion(self): - """Formats _assertion_params as _assertion_xml.""" - super()._format_assertion() - self._assertion_params['ATTRIBUTES'].append( - { - 'Name': 'https://aws.amazon.com/SAML/Attributes/RoleSessionName', - 'Value': self._django_request.user.username, - } - ) - self._assertion_xml = xml_render.get_assertion_xml( - 'saml/xml/assertions/generic.xml', self._assertion_params, signed=True) diff --git a/passbook/saml_idp/processors/gitlab.py b/passbook/saml_idp/processors/gitlab.py deleted file mode 100644 index e8558e6f8..000000000 --- a/passbook/saml_idp/processors/gitlab.py +++ /dev/null @@ -1,10 +0,0 @@ -"""GitLab Processor""" - -from passbook.saml_idp.base import Processor - - -class GitLabProcessor(Processor): - """GitLab Response Handler Processor for testing against django-saml2-sp.""" - - def _determine_audience(self): - self._audience = self._remote.acs_url.replace('/users/auth/saml/callback', '') diff --git a/passbook/saml_idp/processors/nextcloud.py b/passbook/saml_idp/processors/nextcloud.py deleted file mode 100644 index 0d9b5cd68..000000000 --- a/passbook/saml_idp/processors/nextcloud.py +++ /dev/null @@ -1,11 +0,0 @@ -"""NextCloud Processor""" -from passbook.saml_idp.base import Processor - - -class NextCloudProcessor(Processor): - """Nextcloud SAML 2.0 AuthnRequest to Response Handler Processor.""" - - def _determine_audience(self): - # Nextcloud expects an audience in this format - # https:///index.php/apps/user_saml/saml/metadata - self._audience = self._remote.acs_url.replace('acs', 'metadata') diff --git a/passbook/saml_idp/processors/rancher.py b/passbook/saml_idp/processors/rancher.py deleted file mode 100644 index cc889a512..000000000 --- a/passbook/saml_idp/processors/rancher.py +++ /dev/null @@ -1,11 +0,0 @@ -"""Rancher Processor""" -from passbook.saml_idp.base import Processor - - -class RancherProcessor(Processor): - """Rancher SAML 2.0 AuthnRequest to Response Handler Processor.""" - - def _determine_audience(self): - # Rancher expects an audience in this format - # https:///v1-saml/adfs/saml/acs - self._audience = self._remote.acs_url.replace('acs', 'metadata') diff --git a/passbook/saml_idp/processors/shibboleth.py b/passbook/saml_idp/processors/shibboleth.py deleted file mode 100644 index 602e0a331..000000000 --- a/passbook/saml_idp/processors/shibboleth.py +++ /dev/null @@ -1,11 +0,0 @@ -"""Shibboleth Processor""" - -from passbook.saml_idp.base import Processor - - -class ShibbolethProcessor(Processor): - """Shibboleth-specific Processor""" - - def _determine_audience(self): - """Determines the _audience.""" - self._audience = "https://sp.testshib.org/shibboleth-sp" diff --git a/passbook/saml_idp/processors/wordpress_orange.py b/passbook/saml_idp/processors/wordpress_orange.py deleted file mode 100644 index d1ae920d8..000000000 --- a/passbook/saml_idp/processors/wordpress_orange.py +++ /dev/null @@ -1,13 +0,0 @@ -"""WordpressOrange Processor""" - -from passbook.saml_idp.base import Processor - - -class WordpressOrangeProcessor(Processor): - """WordpressOrange Response Handler Processor for testing against django-saml2-sp.""" - - def _determine_audience(self): - # Orange expects an audience in this format - # https:///wp-content/plugins/miniorange-saml-20-single-sign-on/ - self._audience = self._remote.acs_url + \ - 'wp-content/plugins/miniorange-saml-20-single-sign-on/'