providers/saml: add POST binding support to Metadata

This commit is contained in:
Jens Langhammer 2020-02-20 17:38:42 +01:00
parent 027a64fad2
commit d06f1abb89
2 changed files with 7 additions and 6 deletions

View File

@ -17,6 +17,7 @@
</md:KeyDescriptor> </md:KeyDescriptor>
<md:NameIDFormat>{{ subject_format }}</md:NameIDFormat> <md:NameIDFormat>{{ subject_format }}</md:NameIDFormat>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="{{ slo_url }}"/> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="{{ slo_url }}"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="{{ sso_url }}"/> <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="{{ sso_post_url }}"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="{{ sso_redirect_url }}"/>
</md:IDPSSODescriptor> </md:IDPSSODescriptor>
</md:EntityDescriptor> </md:EntityDescriptor>

View File

@ -134,9 +134,7 @@ class LoginProcessView(AccessRequiredView):
try: try:
# application.skip_authorization is set so we directly redirect the user # application.skip_authorization is set so we directly redirect the user
if self.provider.application.skip_authorization: if self.provider.application.skip_authorization:
self.provider.processor.can_handle(request) return self.post(request, application)
saml_params = self.provider.processor.generate_response()
return self.handle_redirect(saml_params, True)
self.provider.processor.init_deep_link(request) self.provider.processor.init_deep_link(request)
params = self.provider.processor.generate_response() params = self.provider.processor.generate_response()
@ -233,7 +231,7 @@ class DescriptorDownloadView(AccessRequiredView):
kwargs={"application": provider.application.slug}, kwargs={"application": provider.application.slug},
) )
) )
sso_url = request.build_absolute_uri( sso_post_url = request.build_absolute_uri(
reverse( reverse(
"passbook_providers_saml:saml-login", "passbook_providers_saml:saml-login",
kwargs={"application": provider.application.slug}, kwargs={"application": provider.application.slug},
@ -247,7 +245,9 @@ class DescriptorDownloadView(AccessRequiredView):
"entity_id": entity_id, "entity_id": entity_id,
"cert_public_key": pubkey, "cert_public_key": pubkey,
"slo_url": slo_url, "slo_url": slo_url,
"sso_url": sso_url, # Currently, the same endpoint accepts POST and REDIRECT
"sso_post_url": sso_post_url,
"sso_redirect_url": sso_post_url,
"subject_format": subject_format, "subject_format": subject_format,
} }
return render_to_string("saml/xml/metadata.xml", ctx) return render_to_string("saml/xml/metadata.xml", ctx)