providers/saml: add POST binding support to Metadata

This commit is contained in:
Jens Langhammer 2020-02-20 17:38:42 +01:00
parent 027a64fad2
commit d06f1abb89
2 changed files with 7 additions and 6 deletions

View file

@ -17,6 +17,7 @@
</md:KeyDescriptor>
<md:NameIDFormat>{{ subject_format }}</md:NameIDFormat>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="{{ slo_url }}"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="{{ sso_url }}"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="{{ sso_post_url }}"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="{{ sso_redirect_url }}"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>

View file

@ -134,9 +134,7 @@ class LoginProcessView(AccessRequiredView):
try:
# application.skip_authorization is set so we directly redirect the user
if self.provider.application.skip_authorization:
self.provider.processor.can_handle(request)
saml_params = self.provider.processor.generate_response()
return self.handle_redirect(saml_params, True)
return self.post(request, application)
self.provider.processor.init_deep_link(request)
params = self.provider.processor.generate_response()
@ -233,7 +231,7 @@ class DescriptorDownloadView(AccessRequiredView):
kwargs={"application": provider.application.slug},
)
)
sso_url = request.build_absolute_uri(
sso_post_url = request.build_absolute_uri(
reverse(
"passbook_providers_saml:saml-login",
kwargs={"application": provider.application.slug},
@ -247,7 +245,9 @@ class DescriptorDownloadView(AccessRequiredView):
"entity_id": entity_id,
"cert_public_key": pubkey,
"slo_url": slo_url,
"sso_url": sso_url,
# Currently, the same endpoint accepts POST and REDIRECT
"sso_post_url": sso_post_url,
"sso_redirect_url": sso_post_url,
"subject_format": subject_format,
}
return render_to_string("saml/xml/metadata.xml", ctx)