sources/saml: fix SAMLRequest not being encoded properly for Redirect bindings
This commit is contained in:
parent
db6cb5ad51
commit
c0d8aa2303
|
@ -20,5 +20,5 @@ def deflate_and_base64_encode(inflated: bytes, encoding="utf-8"):
|
|||
|
||||
|
||||
def nice64(src):
|
||||
""" Returns src base64-encoded and formatted nicely for our XML. """
|
||||
"""Returns src base64-encoded and formatted nicely for our XML. """
|
||||
return base64.b64encode(src).decode("utf-8").replace("\n", "")
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
<form method="POST" action="{{ request_url }}">
|
||||
{% csrf_token %}
|
||||
<input type="hidden" name="SAMLRequest" value="{{ request }}" />
|
||||
<input type="hidden" name="RelayState" value="{{ token }}" />
|
||||
<input type="hidden" name="RelayState" value="{{ relay_state }}" />
|
||||
<div class="login-group">
|
||||
<h3>
|
||||
{% blocktrans with remote=source.name %}
|
||||
|
|
|
@ -11,7 +11,7 @@ from signxml.util import strip_pem_header
|
|||
|
||||
from passbook.lib.views import bad_request_message
|
||||
from passbook.providers.saml.utils import get_random_id, render_xml
|
||||
from passbook.providers.saml.utils.encoding import nice64
|
||||
from passbook.providers.saml.utils.encoding import deflate_and_base64_encode, nice64
|
||||
from passbook.providers.saml.utils.time import get_time_string
|
||||
from passbook.sources.saml.exceptions import (
|
||||
MissingSAMLResponse,
|
||||
|
@ -31,8 +31,8 @@ class InitiateView(View):
|
|||
source: SAMLSource = get_object_or_404(SAMLSource, slug=source_slug)
|
||||
if not source.enabled:
|
||||
raise Http404
|
||||
sso_destination = request.GET.get("next", None)
|
||||
request.session["sso_destination"] = sso_destination
|
||||
relay_state = request.GET.get("next", None)
|
||||
request.session["sso_destination"] = relay_state
|
||||
parameters = {
|
||||
"ACS_URL": build_full_url("acs", request, source),
|
||||
"DESTINATION": source.idp_url,
|
||||
|
@ -41,17 +41,19 @@ class InitiateView(View):
|
|||
"ISSUER": get_issuer(request, source),
|
||||
}
|
||||
authn_req = get_authnrequest_xml(parameters, signed=False)
|
||||
_request = nice64(str.encode(authn_req))
|
||||
if source.binding_type == SAMLBindingTypes.Redirect:
|
||||
return redirect(source.idp_url + "?" + urlencode({"SAMLRequest": _request}))
|
||||
_request = deflate_and_base64_encode(authn_req.encode())
|
||||
url_args = urlencode({"SAMLRequest": _request, "RelayState": relay_state})
|
||||
return redirect(f"{source.idp_url}?{url_args}")
|
||||
if source.binding_type == SAMLBindingTypes.POST:
|
||||
_request = nice64(authn_req.encode())
|
||||
return render(
|
||||
request,
|
||||
"saml/sp/login.html",
|
||||
{
|
||||
"request_url": source.idp_url,
|
||||
"request": _request,
|
||||
"token": sso_destination,
|
||||
"relay_state": relay_state,
|
||||
"source": source,
|
||||
},
|
||||
)
|
||||
|
|
Reference in a new issue