0001-idp-saml2-do-not-accept-logout-request-missing-a-Nam.patch
src/authentic2/idp/saml/saml2_endpoints.py | ||
---|---|---|
1411 | 1411 |
title=_('You are being redirected to "%s"') % provider.name) |
1412 | 1412 |
logger.info('asynchronous slo from %s' % logout.remoteProviderId) |
1413 | 1413 |
# Filter sessions |
1414 |
if not logout.request.nameId: |
|
1415 |
logger.warning('slo refused, no NameID in the SLO request') |
|
1416 |
return return_logout_error(request, logout, |
|
1417 |
AUTHENTIC_STATUS_CODE_MISSING_NAMEID) |
|
1414 | 1418 |
all_sessions = LibertySession.get_for_nameid_and_session_indexes( |
1415 | 1419 |
logout.server.providerId, logout.remoteProviderId, |
1416 | 1420 |
logout.request.nameId, logout.request.sessionIndexes) |
src/authentic2/saml/models.py | ||
---|---|---|
555 | 555 | |
556 | 556 |
@classmethod |
557 | 557 |
def get_for_nameid_and_session_indexes(cls, issuer_id, provider_id, name_id, session_indexes): |
558 |
if not name_id: |
|
559 |
# logout request did not contain any NameID, bad ! |
|
560 |
return LibertySession.objects.none() |
|
558 | 561 |
kwargs = nameid2kwargs(name_id) |
559 | 562 |
name_id_qualifier = kwargs['name_id_qualifier'] |
560 | 563 |
qs = LibertySession.objects.filter(provider_id=provider_id, |
561 |
- |