providers/saml: add POST binding support to Metadata
This commit is contained in:
parent
027a64fad2
commit
d06f1abb89
|
@ -17,6 +17,7 @@
|
||||||
</md:KeyDescriptor>
|
</md:KeyDescriptor>
|
||||||
<md:NameIDFormat>{{ subject_format }}</md:NameIDFormat>
|
<md:NameIDFormat>{{ subject_format }}</md:NameIDFormat>
|
||||||
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="{{ slo_url }}"/>
|
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="{{ slo_url }}"/>
|
||||||
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="{{ sso_url }}"/>
|
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="{{ sso_post_url }}"/>
|
||||||
|
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="{{ sso_redirect_url }}"/>
|
||||||
</md:IDPSSODescriptor>
|
</md:IDPSSODescriptor>
|
||||||
</md:EntityDescriptor>
|
</md:EntityDescriptor>
|
||||||
|
|
|
@ -134,9 +134,7 @@ class LoginProcessView(AccessRequiredView):
|
||||||
try:
|
try:
|
||||||
# application.skip_authorization is set so we directly redirect the user
|
# application.skip_authorization is set so we directly redirect the user
|
||||||
if self.provider.application.skip_authorization:
|
if self.provider.application.skip_authorization:
|
||||||
self.provider.processor.can_handle(request)
|
return self.post(request, application)
|
||||||
saml_params = self.provider.processor.generate_response()
|
|
||||||
return self.handle_redirect(saml_params, True)
|
|
||||||
|
|
||||||
self.provider.processor.init_deep_link(request)
|
self.provider.processor.init_deep_link(request)
|
||||||
params = self.provider.processor.generate_response()
|
params = self.provider.processor.generate_response()
|
||||||
|
@ -233,7 +231,7 @@ class DescriptorDownloadView(AccessRequiredView):
|
||||||
kwargs={"application": provider.application.slug},
|
kwargs={"application": provider.application.slug},
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
sso_url = request.build_absolute_uri(
|
sso_post_url = request.build_absolute_uri(
|
||||||
reverse(
|
reverse(
|
||||||
"passbook_providers_saml:saml-login",
|
"passbook_providers_saml:saml-login",
|
||||||
kwargs={"application": provider.application.slug},
|
kwargs={"application": provider.application.slug},
|
||||||
|
@ -247,7 +245,9 @@ class DescriptorDownloadView(AccessRequiredView):
|
||||||
"entity_id": entity_id,
|
"entity_id": entity_id,
|
||||||
"cert_public_key": pubkey,
|
"cert_public_key": pubkey,
|
||||||
"slo_url": slo_url,
|
"slo_url": slo_url,
|
||||||
"sso_url": sso_url,
|
# Currently, the same endpoint accepts POST and REDIRECT
|
||||||
|
"sso_post_url": sso_post_url,
|
||||||
|
"sso_redirect_url": sso_post_url,
|
||||||
"subject_format": subject_format,
|
"subject_format": subject_format,
|
||||||
}
|
}
|
||||||
return render_to_string("saml/xml/metadata.xml", ctx)
|
return render_to_string("saml/xml/metadata.xml", ctx)
|
||||||
|
|
Reference in New Issue