trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

providers/saml: move default saml properties to DB

This commit is contained in:
Jens Langhammer 2020-02-16 12:29:53 +01:00
parent d7481c9de7
commit e5b85e8e6a
2 changed files with 84 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
passbook/providers/saml/migrations/0003_auto_20200216_1109.py Normal file
View File

@ -0,0 +1,79 @@
# Generated by Django 2.2.9 on 2020-02-16 11:09
import django.contrib.postgres.fields
from django.db import migrations, models
def create_default_property_mappings(apps, schema_editor):
"""Create default SAML Property Mappings"""
SAMLPropertyMapping = apps.get_model(
"passbook_providers_saml", "SAMLPropertyMapping"
)
db_alias = schema_editor.connection.alias
defaults = [
{
"FriendlyName": "eduPersonPrincipalName",
"Name": "urn:oid:1.3.6.1.4.1.5923.1.1.1.6",
"Value": "{user.email}",
},
{"FriendlyName": "cn", "Name": "urn:oid:2.5.4.3", "Value": "{user.name}",},
{
"FriendlyName": "mail",
"Name": "urn:oid:0.9.2342.19200300.100.1.3",
"Value": "{user.email}",
},
{
"FriendlyName": "displayName",
"Name": "urn:oid:2.16.840.1.113730.3.1.241",
"Value": "{user.username}",
},
{
"FriendlyName": "uid",
"Name": "urn:oid:0.9.2342.19200300.100.1.1",
"Value": "{user.pk}",
},
]
for default in defaults:
SAMLPropertyMapping.objects.using(db_alias).get_or_create(
saml_name=default["Name"],
friendly_name=default["FriendlyName"],
values=[default["Value"]],
defaults={
"name": f"Autogenerated SAML Mapping: {default['FriendlyName']} -> {default['Value']}"
},
)
class Migration(migrations.Migration):
dependencies = [
("passbook_providers_saml", "0002_auto_20200214_1354"),
]
operations = [
migrations.AlterField(
model_name="samlpropertymapping",
name="saml_name",
field=models.TextField(verbose_name="SAML Name"),
),
migrations.AlterField(
model_name="samlpropertymapping",
name="values",
field=django.contrib.postgres.fields.ArrayField(
base_field=models.TextField(),
help_text="This string can contain string substitutions delimited by {}. The following Variables are available: user, request",
size=None,
),
),
migrations.AlterField(
model_name="samlprovider",
name="acs_url",
field=models.URLField(verbose_name="ACS URL"),
),
migrations.AlterField(
model_name="samlprovider",
name="signing_cert",
field=models.TextField(verbose_name="Singing Certificate"),
),
migrations.RunPython(create_default_property_mappings),
]

39
passbook/providers/saml/processors/base.py
View File

@ -33,7 +33,6 @@ class Processor:
_assertion_params: Dict[str, Union[str, List[Dict[str, str]]]] _assertion_params: Dict[str, Union[str, List[Dict[str, str]]]]
_request_params: Dict[str, str] _request_params: Dict[str, str]
_system_params: Dict[str, str]
_response_params: Dict[str, str] _response_params: Dict[str, str]
@property @property
@ -45,9 +44,6 @@ class Processor:
self.name = remote.name self.name = remote.name
self._remote = remote self._remote = remote
self._logger = get_logger() self._logger = get_logger()
self._system_params = {
"ISSUER": self._remote.issuer,
}
def _build_assertion(self): def _build_assertion(self):
"""Builds _assertion_params.""" """Builds _assertion_params."""
@ -70,8 +66,8 @@ class Processor:
"SP_NAME_QUALIFIER": self._remote.audience, "SP_NAME_QUALIFIER": self._remote.audience,
"SUBJECT": self._http_request.user.email, "SUBJECT": self._http_request.user.email,
"SUBJECT_FORMAT": self.subject_format, "SUBJECT_FORMAT": self.subject_format,
"ISSUER": self._remote.issuer,
} }
self._assertion_params.update(self._system_params)
self._assertion_params.update(self._request_params) self._assertion_params.update(self._request_params)
def _build_response(self): def _build_response(self):
@ -81,8 +77,8 @@ class Processor:
"ISSUE_INSTANT": get_time_string(), "ISSUE_INSTANT": get_time_string(),
"RESPONSE_ID": get_random_id(), "RESPONSE_ID": get_random_id(),
"RESPONSE_SIGNATURE": "", # initially unsigned "RESPONSE_SIGNATURE": "", # initially unsigned
"ISSUER": self._remote.issuer,
} }
self._response_params.update(self._system_params)
self._response_params.update(self._request_params) self._response_params.update(self._request_params)
def _encode_response(self): def _encode_response(self):
@ -97,33 +93,7 @@ class Processor:
def _format_assertion(self): def _format_assertion(self):
"""Formats _assertion_params as _assertion_xml.""" """Formats _assertion_params as _assertion_xml."""
# https://commons.lbl.gov/display/IDMgmt/Attribute+Definitions # https://commons.lbl.gov/display/IDMgmt/Attribute+Definitions
self._assertion_params["ATTRIBUTES"] = [ attributes = []
{
"FriendlyName": "eduPersonPrincipalName",
"Name": "urn:oid:1.3.6.1.4.1.5923.1.1.1.6",
"Value": self._http_request.user.email,
},
{
"FriendlyName": "cn",
"Name": "urn:oid:2.5.4.3",
"Value": self._http_request.user.name,
},
{
"FriendlyName": "mail",
"Name": "urn:oid:0.9.2342.19200300.100.1.3",
"Value": self._http_request.user.email,
},
{
"FriendlyName": "displayName",
"Name": "urn:oid:2.16.840.1.113730.3.1.241",
"Value": self._http_request.user.username,
},
{
"FriendlyName": "uid",
"Name": "urn:oid:0.9.2342.19200300.100.1.1",
"Value": self._http_request.user.pk,
},
]
from passbook.providers.saml.models import SAMLPropertyMapping from passbook.providers.saml.models import SAMLPropertyMapping
for mapping in self._remote.property_mappings.all().select_subclasses(): for mapping in self._remote.property_mappings.all().select_subclasses():
@ -139,7 +109,8 @@ class Processor:
user=self._http_request.user, request=self._http_request user=self._http_request.user, request=self._http_request
) )
) )
self._assertion_params["ATTRIBUTES"].append(mapping_payload) attributes.append(mapping_payload)
self._assertion_params["ATTRIBUTES"] = attributes
self._assertion_xml = get_assertion_xml( self._assertion_xml = get_assertion_xml(
"saml/xml/assertions/generic.xml", self._assertion_params, signed=True "saml/xml/assertions/generic.xml", self._assertion_params, signed=True
) )