0005-idp_saml-send-authentication-level-in-SAML-assertion.patch

Valentin Deniaud, 23 avril 2019 11:29

Voir les différences: en ligne côte à côte

Subject: [PATCH 5/7] idp_saml: send authentication level in SAML assertion

 src/authentic2/idp/saml/app_settings.py    |  5 ++++
 src/authentic2/idp/saml/saml2_endpoints.py | 28 +++++++++++++++-------
 2 files changed, 25 insertions(+), 8 deletions(-)

     -----END RSA PRIVATE KEY-----''',
                 ADD_CERTIFICATE_TO_KEY_INFO=True,
                 SIGNATURE_METHOD='RSA-SHA256',
                 AUTH_LEVELS_MAPPING = {
                     'https://entrouvert.org/auth-level/1': 1,
                     'https://entrouvert.org/auth-level/2': 2,
                     'https://entrouvert.org/auth-level/3': 3,
                 },
+        )
         def __init__(self, prefix):

         notOnOrAfter = now + datetime.timedelta(0, app_settings.SECONDS_TOLERANCE)
         ssl = 'HTTPS' in request.environ
         if app_settings.AUTHN_CONTEXT_FROM_SESSION:
             backend = request.session[BACKEND_SESSION_KEY]
             logger.debug('authentication from session with backend %s', backend)
             backend = load_backend(backend)
             if hasattr(backend, 'get_saml2_authn_context'):
                 authn_context = backend.get_saml2_authn_context()
             auth_level = request.session.get('auth_level', 1)
             if auth_level > 1:
                 authn_context = next(
                     uri for uri, lvl in app_settings.AUTH_LEVELS_MAPPING.items()
                     if lvl == auth_level
+                )
             else:
                 raise Exception('backend unsupported: ' + backend)
             if authn_context == lasso.SAML2_AUTHN_CONTEXT_PASSWORD and ssl:
                 authn_context = lasso.SAML2_AUTHN_CONTEXT_PASSWORD_PROTECTED_TRANSPORT
                 backend = request.session[BACKEND_SESSION_KEY]
                 logger.debug('authentication from session with backend %s', backend)
                 backend = load_backend(backend)
                 if hasattr(backend, 'get_saml2_authn_context'):
                     authn_context = backend.get_saml2_authn_context()
                 else:
                     raise Exception('backend unsupported: ' + backend)
                 if authn_context == lasso.SAML2_AUTHN_CONTEXT_PASSWORD and ssl:
                     authn_context = lasso.SAML2_AUTHN_CONTEXT_PASSWORD_PROTECTED_TRANSPORT
         else:
             try:
                 event = find_authentication_event(request, login.request.id)
-...
                         lasso.SAML2_AUTHN_CONTEXT_PASSWORD_PROTECTED_TRANSPORT
                 elif how == 'ssl':
                     authn_context = lasso.SAML2_AUTHN_CONTEXT_X509
                 elif event.get('auth_level'):
                     authn_context = next(
                         uri for uri, lvl in app_settings.AUTH_LEVELS_MAPPING.items()
                         if lvl == event['auth_level']
+                    )
                 else:
                     raise NotImplementedError('Unknown authentication method %s',
                             how)
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2

0005-idp_saml-send-authentication-level-in-SAML-assertion.patch