providers/saml: fix SessionNotOnOrAfter not being included

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-16 12:25:42 +01:00 · 2021-11-16 12:25:42 +01:00 · b0fac9c9f1
parent f4db09cd59
commit b0fac9c9f1
2 changed files with 299 additions and 2 deletions
--- a/authentik/providers/saml/processors/assertion.py
+++ b/authentik/providers/saml/processors/assertion.py
@ -45,6 +45,7 @@ class AssertionProcessor:
    _assertion_id: str

    _valid_not_before: str
+    _session_not_on_or_after: str
    _valid_not_on_or_after: str

    def __init__(self, provider: SAMLProvider, request: HttpRequest, auth_n_request: AuthNRequest):
@ -58,6 +59,9 @@ class AssertionProcessor:
        self._valid_not_before = get_time_string(
            timedelta_from_string(self.provider.assertion_valid_not_before)
        )
+        self._session_not_on_or_after = get_time_string(
+            timedelta_from_string(self.provider.session_valid_not_on_or_after)
+        )
        self._valid_not_on_or_after = get_time_string(
            timedelta_from_string(self.provider.assertion_valid_not_on_or_after)
        )
@ -117,6 +121,7 @@ class AssertionProcessor:
        auth_n_statement = Element(f"{{{NS_SAML_ASSERTION}}}AuthnStatement")
        auth_n_statement.attrib["AuthnInstant"] = self._valid_not_before
        auth_n_statement.attrib["SessionIndex"] = self._assertion_id
+        auth_n_statement.attrib["SessionNotOnOrAfter"] = self._session_not_on_or_after

        auth_n_context = SubElement(auth_n_statement, f"{{{NS_SAML_ASSERTION}}}AuthnContext")
        auth_n_context_class_ref = SubElement(
--- a/schema.yml
+++ b/schema.yml