providers/saml: fix metadata rendering when no singing keypair is selected
closes PASSBOOK-44
This commit is contained in:
parent
9a1270c693
commit
5f4452470b
|
@ -1,6 +1,7 @@
|
|||
<?xml version="1.0"?>
|
||||
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="{{ entity_id }}">
|
||||
<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
||||
{% if cert_public_key %}
|
||||
<md:KeyDescriptor use="signing">
|
||||
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<ds:X509Data>
|
||||
|
@ -8,13 +9,7 @@
|
|||
</ds:X509Data>
|
||||
</ds:KeyInfo>
|
||||
</md:KeyDescriptor>
|
||||
<md:KeyDescriptor use="encryption">
|
||||
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<ds:X509Data>
|
||||
<ds:X509Certificate>{{ cert_public_key }}</ds:X509Certificate>
|
||||
</ds:X509Data>
|
||||
</ds:KeyInfo>
|
||||
</md:KeyDescriptor>
|
||||
{% endif %}
|
||||
<md:NameIDFormat>{{ subject_format }}</md:NameIDFormat>
|
||||
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="{{ slo_url }}"/>
|
||||
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="{{ sso_post_url }}"/>
|
||||
|
|
|
@ -274,19 +274,19 @@ class DescriptorDownloadView(AccessRequiredView):
|
|||
kwargs={"application": provider.application.slug},
|
||||
)
|
||||
)
|
||||
pubkey = strip_pem_header(
|
||||
provider.signing_kp.certificate_data.replace("\r", "")
|
||||
).replace("\n", "")
|
||||
subject_format = provider.processor.subject_format
|
||||
ctx = {
|
||||
"entity_id": entity_id,
|
||||
"cert_public_key": pubkey,
|
||||
"slo_url": slo_url,
|
||||
# Currently, the same endpoint accepts POST and REDIRECT
|
||||
"sso_post_url": sso_post_url,
|
||||
"sso_redirect_url": sso_post_url,
|
||||
"subject_format": subject_format,
|
||||
}
|
||||
if provider.signing_kp:
|
||||
ctx["cert_public_key"] = strip_pem_header(
|
||||
provider.signing_kp.certificate_data.replace("\r", "")
|
||||
).replace("\n", "")
|
||||
return render_to_string("saml/xml/metadata.xml", ctx)
|
||||
|
||||
# pylint: disable=unused-argument
|
||||
|
|
Reference in New Issue