0001-misc-fix-passing-of-RequestedAuthnContext-10243.patch
mellon/views.py | ||
---|---|---|
262 | 262 |
# configure requested AuthnClassRef |
263 | 263 |
authn_classref = utils.get_setting(idp, 'AUTHN_CLASSREF') |
264 | 264 |
if authn_classref: |
265 |
req_authncontext = lasso.RequestedAuthnContext() |
|
265 |
req_authncontext = lasso.Samlp2RequestedAuthnContext()
|
|
266 | 266 |
authn_request.requestedAuthnContext = req_authncontext |
267 |
req_authncontext.authnContextClassRef = authn_classref
|
|
267 |
req_authncontext.authnContextClassRef = tuple(authn_classref)
|
|
268 | 268 |
if next_url and utils.is_nonnull(next_url): |
269 | 269 |
login.msgRelayState = next_url |
270 | 270 |
login.buildAuthnRequestMsg() |
tests/test_views.py | ||
---|---|---|
186 | 186 |
assert len(params['SAMLRequest']) == 1 |
187 | 187 |
assert base64.b64decode(params['SAMLRequest'][0]) |
188 | 188 |
assert params['RelayState'] == ['/whatever'] |
189 | ||
190 | ||
191 |
def test_sp_initiated_login_requested_authn_context(private_settings, client): |
|
192 |
private_settings.MELLON_IDENTITY_PROVIDERS = [{ |
|
193 |
'METADATA': open('tests/metadata.xml').read(), |
|
194 |
'AUTHN_CLASSREF': ['urn:be:fedict:iam:fas:citizen:eid', |
|
195 |
'urn:be:fedict:iam:fas:citizen:token'], |
|
196 |
}] |
|
197 |
response = client.get('/login/') |
|
198 |
assert response.status_code == 302 |
|
199 |
params = parse_qs(urlparse(response['Location']).query) |
|
200 |
assert response['Location'].startswith('https://cresson.entrouvert.org/idp/saml2/sso?') |
|
201 |
assert params.keys() == ['SAMLRequest'] |
|
202 |
assert len(params['SAMLRequest']) == 1 |
|
203 |
assert base64.b64decode(params['SAMLRequest'][0]) |
|
204 |
request = lasso.Samlp2AuthnRequest() |
|
205 |
assert request.initFromQuery(urlparse(response['Location']).query) |
|
206 |
assert request.requestedAuthnContext.authnContextClassRef == ( |
|
207 |
'urn:be:fedict:iam:fas:citizen:eid', 'urn:be:fedict:iam:fas:citizen:token') |
|
189 |
- |