Projet

Général

Profil

0004-idp_saml-send-authentication-level-in-SAML-assertion.patch

Valentin Deniaud, 16 avril 2019 13:47

Télécharger (2,82 ko)

Voir les différences: 

Subject: [PATCH 4/5] idp_saml: send authentication level in SAML assertion

C'est moyen moyen, mais est-ce que c'est le moins pire ?

 src/authentic2/idp/saml/app_settings.py    |  1 +
 src/authentic2/idp/saml/saml2_endpoints.py | 20 ++++++++++++--------
 2 files changed, 13 insertions(+), 8 deletions(-)
src/authentic2/idp/saml/app_settings.py
51 51 
TKX6tp6oI+7MIJE6ySZ0cBqOiydAkBePZhu57j6ToBkTa0dbHjn1WA==
52 52 
-----END RSA PRIVATE KEY-----''',
53 53 
            ADD_CERTIFICATE_TO_KEY_INFO=True,
54 
            AUTHN_CLASSREF_LEVELS='https://entrouvert.org/auth-level/',
54 55 
    )
55 56 

  		




  56
  57
  
    
    def __init__(self, prefix):

  		












  

    
      src/authentic2/idp/saml/saml2_endpoints.py
    
  





  325
  325
  
    
    notOnOrAfter = now + datetime.timedelta(0, app_settings.SECONDS_TOLERANCE)

  		




  326
  326
  
    
    ssl = 'HTTPS' in request.environ

  		




  327
  327
  
    
    if app_settings.AUTHN_CONTEXT_FROM_SESSION:

  		




  328
  
  
    
        backend = request.session[BACKEND_SESSION_KEY]

  		




  329
  
  
    
        logger.debug('authentication from session with backend %s', backend)

  		




  330
  
  
    
        backend = load_backend(backend)

  		




  331
  
  
    
        if hasattr(backend, 'get_saml2_authn_context'):

  		




  332
  
  
    
            authn_context = backend.get_saml2_authn_context()

  		




  
  328
  
    
        auth_level = request.session.get('auth_level', 1)

  		




  
  329
  
    
        if auth_level > 1:

  		




  
  330
  
    
            authn_context = app_settings.AUTHN_CLASSREF_LEVELS + str(auth_level)

  		




  333
  331
  
    
        else:

  		




  334
  
  
    
            raise Exception('backend unsupported: ' + backend)

  		




  335
  
  
    
        if authn_context == lasso.SAML2_AUTHN_CONTEXT_PASSWORD and ssl:

  		




  336
  
  
    
            authn_context = lasso.SAML2_AUTHN_CONTEXT_PASSWORD_PROTECTED_TRANSPORT

  		




  
  332
  
    
            backend = request.session[BACKEND_SESSION_KEY]

  		




  
  333
  
    
            logger.debug('authentication from session with backend %s', backend)

  		




  
  334
  
    
            backend = load_backend(backend)

  		




  
  335
  
    
            if hasattr(backend, 'get_saml2_authn_context'):

  		




  
  336
  
    
                authn_context = backend.get_saml2_authn_context()

  		




  
  337
  
    
            else:

  		




  
  338
  
    
                raise Exception('backend unsupported: ' + backend)

  		




  
  339
  
    
            if authn_context == lasso.SAML2_AUTHN_CONTEXT_PASSWORD and ssl:

  		




  
  340
  
    
                authn_context = lasso.SAML2_AUTHN_CONTEXT_PASSWORD_PROTECTED_TRANSPORT

  		




  337
  341
  
    
    else:

  		




  338
  342
  
    
        try:

  		




  339
  343
  
    
            event = find_authentication_event(request, login.request.id)

  		




  340
  
  
    
-