fix IDP-Initiated SAML Login

2019-04-29 21:39:41 +02:00 · 2019-04-29 21:39:41 +02:00 · e0a3ec033f
parent 7033ec0ab9
commit e0a3ec033f
3 changed files with 12 additions and 2 deletions
--- a/passbook/saml_idp/base.py
+++ b/passbook/saml_idp/base.py
@ -33,6 +33,8 @@ class Processor:
    """Base SAML 2.0 AuthnRequest to Response Processor.
    Sub-classes should provide Service Provider-specific functionality."""

+    is_idp_initiated = False
+
    _audience = ''
    _assertion_params = None
    _assertion_xml = None
@ -291,7 +293,10 @@ class Processor:
    def generate_response(self):
        """Processes request and returns template variables suitable for a response."""
        # Build the assertion and response.
-        self.can_handle(self._django_request)
+        # Only call can_handle if SP initiated Request, otherwise we have no Request
+        if not self.is_idp_initiated:
+            self.can_handle(self._django_request)
+
        self._validate_user()
        self._build_assertion()
        self._format_assertion()
--- a/passbook/saml_idp/models.py
+++ b/passbook/saml_idp/models.py
@ -1,4 +1,5 @@
 """passbook saml_idp Models"""
+from logging import getLogger

 from django.contrib.postgres.fields import ArrayField
 from django.db import models
@ -9,6 +10,8 @@ from passbook.core.models import PropertyMapping, Provider
 from passbook.lib.utils.reflection import class_to_path, path_to_class
 from passbook.saml_idp.base import Processor

+LOGGER = getLogger(__name__)
+

 class SAMLProvider(Provider):
    """Model to save information about a Remote SAML Endpoint"""
@ -36,7 +39,8 @@ class SAMLProvider(Provider):
        if not self._processor:
            try:
                self._processor = path_to_class(self.processor_path)(self)
-            except ModuleNotFoundError:
+            except ModuleNotFoundError as exc:
+                LOGGER.warning(exc)
                self._processor = None
        return self._processor

--- a/passbook/saml_idp/views.py
+++ b/passbook/saml_idp/views.py
@ -231,4 +231,5 @@ class InitiateLoginView(AccessRequiredView):
    def get(self, request, application):
        """Initiates an IdP-initiated link to a simple SP resource/target URL."""
        self.provider.processor.init_deep_link(request, '')
+        self.provider.processor.is_idp_initiated = True
        return _generate_response(request, self.provider)