sources/saml: entity_id -> issuer

This commit is contained in:
Jens Langhammer 2020-02-20 17:23:27 +01:00
parent 0b5caa85f5
commit 84fc54ddaa
5 changed files with 44 additions and 13 deletions

View file

@ -0,0 +1,26 @@
# Generated by Django 3.0.3 on 2020-02-20 16:21
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("passbook_sources_saml", "0004_auto_20200217_1526"),
]
operations = [
migrations.RenameField(
model_name="samlsource", old_name="entity_id", new_name="issuer",
),
migrations.AlterField(
model_name="samlsource",
name="issuer",
field=models.TextField(
blank=True,
default=None,
help_text="Also known as Entity ID. Defaults the Metadata URL.",
verbose_name="Issuer",
),
),
]

View file

@ -3,14 +3,19 @@ from django.db import models
from django.urls import reverse_lazy
from django.utils.translation import gettext_lazy as _
from passbook.core.types import UILoginButton
from passbook.core.models import Source
from passbook.core.types import UILoginButton
class SAMLSource(Source):
"""SAML Source"""
entity_id = models.TextField(blank=True, default=None, verbose_name=_("Entity ID"))
issuer = models.TextField(
blank=True,
default=None,
verbose_name=_("Issuer"),
help_text=_("Also known as Entity ID. Defaults the Metadata URL."),
)
idp_url = models.URLField(verbose_name=_("IDP URL"))
idp_logout_url = models.URLField(

View file

@ -1,6 +1,6 @@
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="{{ entity_id }}">
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="{{ issuer }}">
<md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

View file

@ -6,12 +6,12 @@ from passbook.core.models import User
from passbook.sources.saml.models import SAMLSource
def get_entity_id(request: HttpRequest, source: SAMLSource):
"""Get Source's entity ID, falling back to our Metadata URL if none is set"""
entity_id = source.entity_id
if entity_id is None:
def get_issuer(request: HttpRequest, source: SAMLSource) -> str:
"""Get Source's Issuer, falling back to our Metadata URL if none is set"""
issuer = source.issuer
if issuer is None:
return build_full_url("metadata", request, source)
return entity_id
return issuer
def build_full_url(view: str, request: HttpRequest, source: SAMLSource) -> str:

View file

@ -17,7 +17,7 @@ from passbook.sources.saml.models import SAMLSource
from passbook.sources.saml.utils import (
_get_user_from_response,
build_full_url,
get_entity_id,
get_issuer,
)
from passbook.sources.saml.xml_render import get_authnrequest_xml
@ -37,7 +37,7 @@ class InitiateView(View):
"DESTINATION": source.idp_url,
"AUTHN_REQUEST_ID": get_random_id(),
"ISSUE_INSTANT": get_time_string(),
"ISSUER": get_entity_id(request, source),
"ISSUER": get_issuer(request, source),
}
authn_req = get_authnrequest_xml(parameters, signed=False)
_request = nice64(str.encode(authn_req))
@ -97,16 +97,16 @@ class MetadataView(View):
def dispatch(self, request: HttpRequest, source_slug: str) -> HttpResponse:
"""Replies with the XML Metadata SPSSODescriptor."""
source: SAMLSource = get_object_or_404(SAMLSource, slug=source_slug)
entity_id = get_entity_id(request, source)
issuer = get_issuer(request, source)
cert_stripped = strip_pem_header(source.signing_cert.replace("\r", "")).replace(
"\n", ""
)
return render_xml(
request,
"saml/sp/xml/spssodescriptor.xml",
"saml/sp/xml/sp_sso_descriptor.xml",
{
"acs_url": build_full_url("acs", request, source),
"entity_id": entity_id,
"issuer": issuer,
"cert_public_key": cert_stripped,
},
)