sources/saml: fix incorrect ProtocolBinding being sent
closes #2213 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
39ff202f8c
commit
eaba8006e6
|
@ -15,6 +15,7 @@ from authentik.providers.saml.processors.request_parser import AuthNRequestParse
|
||||||
from authentik.sources.saml.exceptions import MismatchedRequestID
|
from authentik.sources.saml.exceptions import MismatchedRequestID
|
||||||
from authentik.sources.saml.models import SAMLSource
|
from authentik.sources.saml.models import SAMLSource
|
||||||
from authentik.sources.saml.processors.constants import (
|
from authentik.sources.saml.processors.constants import (
|
||||||
|
SAML_BINDING_REDIRECT,
|
||||||
SAML_NAME_ID_FORMAT_EMAIL,
|
SAML_NAME_ID_FORMAT_EMAIL,
|
||||||
SAML_NAME_ID_FORMAT_UNSPECIFIED,
|
SAML_NAME_ID_FORMAT_UNSPECIFIED,
|
||||||
)
|
)
|
||||||
|
@ -98,6 +99,9 @@ class TestAuthNRequest(TestCase):
|
||||||
|
|
||||||
# First create an AuthNRequest
|
# First create an AuthNRequest
|
||||||
request_proc = RequestProcessor(self.source, http_request, "test_state")
|
request_proc = RequestProcessor(self.source, http_request, "test_state")
|
||||||
|
auth_n = request_proc.get_auth_n()
|
||||||
|
self.assertEqual(auth_n.attrib["ProtocolBinding"], SAML_BINDING_REDIRECT)
|
||||||
|
|
||||||
request = request_proc.build_auth_n()
|
request = request_proc.build_auth_n()
|
||||||
# Now we check the ID and signature
|
# Now we check the ID and signature
|
||||||
parsed_request = AuthNRequestParser(self.provider).parse(
|
parsed_request = AuthNRequestParser(self.provider).parse(
|
||||||
|
|
|
@ -18,6 +18,8 @@ from authentik.sources.saml.processors.constants import (
|
||||||
RSA_SHA256,
|
RSA_SHA256,
|
||||||
RSA_SHA384,
|
RSA_SHA384,
|
||||||
RSA_SHA512,
|
RSA_SHA512,
|
||||||
|
SAML_BINDING_POST,
|
||||||
|
SAML_BINDING_REDIRECT,
|
||||||
SAML_NAME_ID_FORMAT_EMAIL,
|
SAML_NAME_ID_FORMAT_EMAIL,
|
||||||
SAML_NAME_ID_FORMAT_PERSISTENT,
|
SAML_NAME_ID_FORMAT_PERSISTENT,
|
||||||
SAML_NAME_ID_FORMAT_TRANSIENT,
|
SAML_NAME_ID_FORMAT_TRANSIENT,
|
||||||
|
@ -37,6 +39,15 @@ class SAMLBindingTypes(models.TextChoices):
|
||||||
POST = "POST", _("POST Binding")
|
POST = "POST", _("POST Binding")
|
||||||
POST_AUTO = "POST_AUTO", _("POST Binding with auto-confirmation")
|
POST_AUTO = "POST_AUTO", _("POST Binding with auto-confirmation")
|
||||||
|
|
||||||
|
@property
|
||||||
|
def uri(self) -> str:
|
||||||
|
"""Convert database field to URI"""
|
||||||
|
return {
|
||||||
|
SAMLBindingTypes.POST: SAML_BINDING_POST,
|
||||||
|
SAMLBindingTypes.POST_AUTO: SAML_BINDING_POST,
|
||||||
|
SAMLBindingTypes.REDIRECT: SAML_BINDING_REDIRECT,
|
||||||
|
}[self]
|
||||||
|
|
||||||
|
|
||||||
class SAMLNameIDPolicy(models.TextChoices):
|
class SAMLNameIDPolicy(models.TextChoices):
|
||||||
"""SAML NameID Policies"""
|
"""SAML NameID Policies"""
|
||||||
|
|
|
@ -62,7 +62,7 @@ class RequestProcessor:
|
||||||
auth_n_request.attrib["Destination"] = self.source.sso_url
|
auth_n_request.attrib["Destination"] = self.source.sso_url
|
||||||
auth_n_request.attrib["ID"] = self.request_id
|
auth_n_request.attrib["ID"] = self.request_id
|
||||||
auth_n_request.attrib["IssueInstant"] = self.issue_instant
|
auth_n_request.attrib["IssueInstant"] = self.issue_instant
|
||||||
auth_n_request.attrib["ProtocolBinding"] = self.source.binding_type
|
auth_n_request.attrib["ProtocolBinding"] = self.source.binding_type.uri
|
||||||
auth_n_request.attrib["Version"] = "2.0"
|
auth_n_request.attrib["Version"] = "2.0"
|
||||||
# Create issuer object
|
# Create issuer object
|
||||||
auth_n_request.append(self.get_issuer())
|
auth_n_request.append(self.get_issuer())
|
||||||
|
|
Reference in New Issue