0004-idp_saml-send-authentication-level-in-SAML-assertion.patch
src/authentic2/idp/saml/app_settings.py | ||
---|---|---|
51 | 51 |
TKX6tp6oI+7MIJE6ySZ0cBqOiydAkBePZhu57j6ToBkTa0dbHjn1WA== |
52 | 52 |
-----END RSA PRIVATE KEY-----''', |
53 | 53 |
ADD_CERTIFICATE_TO_KEY_INFO=True, |
54 |
AUTHN_CLASSREF_LEVELS='https://entrouvert.org/auth-level/', |
|
54 | 55 |
) |
55 | 56 | |
56 | 57 |
def __init__(self, prefix): |
src/authentic2/idp/saml/saml2_endpoints.py | ||
---|---|---|
325 | 325 |
notOnOrAfter = now + datetime.timedelta(0, app_settings.SECONDS_TOLERANCE) |
326 | 326 |
ssl = 'HTTPS' in request.environ |
327 | 327 |
if app_settings.AUTHN_CONTEXT_FROM_SESSION: |
328 |
backend = request.session[BACKEND_SESSION_KEY] |
|
329 |
logger.debug('authentication from session with backend %s', backend) |
|
330 |
backend = load_backend(backend) |
|
331 |
if hasattr(backend, 'get_saml2_authn_context'): |
|
332 |
authn_context = backend.get_saml2_authn_context() |
|
328 |
auth_level = request.session.get('auth_level', 1) |
|
329 |
if auth_level > 1: |
|
330 |
authn_context = app_settings.AUTHN_CLASSREF_LEVELS + str(auth_level) |
|
333 | 331 |
else: |
334 |
raise Exception('backend unsupported: ' + backend) |
|
335 |
if authn_context == lasso.SAML2_AUTHN_CONTEXT_PASSWORD and ssl: |
|
336 |
authn_context = lasso.SAML2_AUTHN_CONTEXT_PASSWORD_PROTECTED_TRANSPORT |
|
332 |
backend = request.session[BACKEND_SESSION_KEY] |
|
333 |
logger.debug('authentication from session with backend %s', backend) |
|
334 |
backend = load_backend(backend) |
|
335 |
if hasattr(backend, 'get_saml2_authn_context'): |
|
336 |
authn_context = backend.get_saml2_authn_context() |
|
337 |
else: |
|
338 |
raise Exception('backend unsupported: ' + backend) |
|
339 |
if authn_context == lasso.SAML2_AUTHN_CONTEXT_PASSWORD and ssl: |
|
340 |
authn_context = lasso.SAML2_AUTHN_CONTEXT_PASSWORD_PROTECTED_TRANSPORT |
|
337 | 341 |
else: |
338 | 342 |
try: |
339 | 343 |
event = find_authentication_event(request, login.request.id) |
340 |
- |