sources/saml: entity_id -> issuer
This commit is contained in:
parent
0b5caa85f5
commit
84fc54ddaa
26
passbook/sources/saml/migrations/0005_auto_20200220_1621.py
Normal file
26
passbook/sources/saml/migrations/0005_auto_20200220_1621.py
Normal file
|
@ -0,0 +1,26 @@
|
|||
# Generated by Django 3.0.3 on 2020-02-20 16:21
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("passbook_sources_saml", "0004_auto_20200217_1526"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.RenameField(
|
||||
model_name="samlsource", old_name="entity_id", new_name="issuer",
|
||||
),
|
||||
migrations.AlterField(
|
||||
model_name="samlsource",
|
||||
name="issuer",
|
||||
field=models.TextField(
|
||||
blank=True,
|
||||
default=None,
|
||||
help_text="Also known as Entity ID. Defaults the Metadata URL.",
|
||||
verbose_name="Issuer",
|
||||
),
|
||||
),
|
||||
]
|
|
@ -3,14 +3,19 @@ from django.db import models
|
|||
from django.urls import reverse_lazy
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
|
||||
from passbook.core.types import UILoginButton
|
||||
from passbook.core.models import Source
|
||||
from passbook.core.types import UILoginButton
|
||||
|
||||
|
||||
class SAMLSource(Source):
|
||||
"""SAML Source"""
|
||||
|
||||
entity_id = models.TextField(blank=True, default=None, verbose_name=_("Entity ID"))
|
||||
issuer = models.TextField(
|
||||
blank=True,
|
||||
default=None,
|
||||
verbose_name=_("Issuer"),
|
||||
help_text=_("Also known as Entity ID. Defaults the Metadata URL."),
|
||||
)
|
||||
|
||||
idp_url = models.URLField(verbose_name=_("IDP URL"))
|
||||
idp_logout_url = models.URLField(
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
|
||||
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
|
||||
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="{{ entity_id }}">
|
||||
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="{{ issuer }}">
|
||||
<md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
||||
<md:KeyDescriptor use="signing">
|
||||
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
|
@ -6,12 +6,12 @@ from passbook.core.models import User
|
|||
from passbook.sources.saml.models import SAMLSource
|
||||
|
||||
|
||||
def get_entity_id(request: HttpRequest, source: SAMLSource):
|
||||
"""Get Source's entity ID, falling back to our Metadata URL if none is set"""
|
||||
entity_id = source.entity_id
|
||||
if entity_id is None:
|
||||
def get_issuer(request: HttpRequest, source: SAMLSource) -> str:
|
||||
"""Get Source's Issuer, falling back to our Metadata URL if none is set"""
|
||||
issuer = source.issuer
|
||||
if issuer is None:
|
||||
return build_full_url("metadata", request, source)
|
||||
return entity_id
|
||||
return issuer
|
||||
|
||||
|
||||
def build_full_url(view: str, request: HttpRequest, source: SAMLSource) -> str:
|
||||
|
|
|
@ -17,7 +17,7 @@ from passbook.sources.saml.models import SAMLSource
|
|||
from passbook.sources.saml.utils import (
|
||||
_get_user_from_response,
|
||||
build_full_url,
|
||||
get_entity_id,
|
||||
get_issuer,
|
||||
)
|
||||
from passbook.sources.saml.xml_render import get_authnrequest_xml
|
||||
|
||||
|
@ -37,7 +37,7 @@ class InitiateView(View):
|
|||
"DESTINATION": source.idp_url,
|
||||
"AUTHN_REQUEST_ID": get_random_id(),
|
||||
"ISSUE_INSTANT": get_time_string(),
|
||||
"ISSUER": get_entity_id(request, source),
|
||||
"ISSUER": get_issuer(request, source),
|
||||
}
|
||||
authn_req = get_authnrequest_xml(parameters, signed=False)
|
||||
_request = nice64(str.encode(authn_req))
|
||||
|
@ -97,16 +97,16 @@ class MetadataView(View):
|
|||
def dispatch(self, request: HttpRequest, source_slug: str) -> HttpResponse:
|
||||
"""Replies with the XML Metadata SPSSODescriptor."""
|
||||
source: SAMLSource = get_object_or_404(SAMLSource, slug=source_slug)
|
||||
entity_id = get_entity_id(request, source)
|
||||
issuer = get_issuer(request, source)
|
||||
cert_stripped = strip_pem_header(source.signing_cert.replace("\r", "")).replace(
|
||||
"\n", ""
|
||||
)
|
||||
return render_xml(
|
||||
request,
|
||||
"saml/sp/xml/spssodescriptor.xml",
|
||||
"saml/sp/xml/sp_sso_descriptor.xml",
|
||||
{
|
||||
"acs_url": build_full_url("acs", request, source),
|
||||
"entity_id": entity_id,
|
||||
"issuer": issuer,
|
||||
"cert_public_key": cert_stripped,
|
||||
},
|
||||
)
|
||||
|
|
Reference in a new issue