0001-make-DiscoveryResponse-optional-in-metadata-15260.patch
mellon/app_settings.py | ||
---|---|---|
43 | 43 |
'LOOKUP_BY_ATTRIBUTES': [], |
44 | 44 |
'METADATA_CACHE_TIME': 3600, |
45 | 45 |
'METADATA_HTTP_TIMEOUT': 10, |
46 |
'METADATA_PUBLISH_DISCOVERY_RESPONSE': False, |
|
46 | 47 |
} |
47 | 48 | |
48 | 49 |
@property |
mellon/templates/mellon/metadata.xml | ||
---|---|---|
6 | 6 |
AuthnRequestsSigned="true" |
7 | 7 |
WantAssertionsSigned="true" |
8 | 8 |
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> |
9 |
{% if discovery_endpoint_url %} |
|
9 | 10 |
<Extensions> |
10 | 11 |
<idpdisc:DiscoveryResponse index="1" |
11 | 12 |
xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" |
12 | 13 |
Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" |
13 | 14 |
Location="{{ discovery_endpoint_url }}"/> |
14 |
</Extensions> |
|
15 |
</Extensions> |
|
16 |
{% endif %} |
|
15 | 17 |
{% for public_key in public_keys %} |
16 | 18 |
<KeyDescriptor> |
17 | 19 |
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> |
mellon/utils.py | ||
---|---|---|
49 | 49 |
public_key = ''.join(content.splitlines()[1:-1]) |
50 | 50 |
public_keys.append(public_key) |
51 | 51 |
name_id_formats = app_settings.NAME_ID_FORMATS |
52 |
return render_to_string('mellon/metadata.xml', { |
|
52 |
ctx = { |
|
53 |
'request': request, |
|
53 | 54 |
'entity_id': request.build_absolute_uri(entity_id), |
54 | 55 |
'login_url': request.build_absolute_uri(login_url), |
55 | 56 |
'logout_url': request.build_absolute_uri(logout_url), |
... | ... | |
58 | 59 |
'default_assertion_consumer_binding': app_settings.DEFAULT_ASSERTION_CONSUMER_BINDING, |
59 | 60 |
'organization': app_settings.ORGANIZATION, |
60 | 61 |
'contact_persons': app_settings.CONTACT_PERSONS, |
61 |
'discovery_endpoint_url': request.build_absolute_uri(reverse('mellon_login')), |
|
62 |
}) |
|
62 |
} |
|
63 |
if app_settings.METADATA_PUBLISH_DISCOVERY_RESPONSE: |
|
64 |
ctx['discovery_endpoint_url'] = request.build_absolute_uri( |
|
65 |
reverse('mellon_login')) |
|
66 |
return render_to_string('mellon/metadata.xml', ctx) |
|
63 | 67 | |
64 | 68 | |
65 | 69 |
def create_server(request): |
tests/test_utils.py | ||
---|---|---|
35 | 35 |
private_settings.MELLON_NAME_ID_FORMATS = [lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED] |
36 | 36 |
private_settings.MELLON_DEFAULT_ASSERTION_CONSUMER_BINDING = 'artifact' |
37 | 37 |
request = rf.get('/') |
38 |
with mock.patch('mellon.utils.open', mock.mock_open(read_data='BEGIN\nyyy\nEND'), create=True): |
|
39 |
metadata = create_metadata(request) |
|
40 |
assert_xml_constraints( |
|
41 |
metadata.encode('utf-8'), |
|
42 |
('/sm:EntityDescriptor[@entityID="http://testserver/metadata/"]', 1, |
|
43 |
('/*', 1), |
|
44 |
('/sm:SPSSODescriptor', 1, |
|
45 |
('/*', 6), |
|
46 |
('/sm:NameIDFormat', 1), |
|
47 |
('/sm:SingleLogoutService', 1), |
|
48 |
('/sm:AssertionConsumerService[@isDefault=\'true\'][@Binding=\'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\']', 1), |
|
49 |
('/sm:AssertionConsumerService[@isDefault=\'true\'][@Binding=\'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\']', |
|
50 |
0), |
|
51 |
('/sm:AssertionConsumerService[@Binding=\'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\']', |
|
52 |
1), |
|
53 |
('/sm:KeyDescriptor/ds:KeyInfo/ds:X509Data', 2, |
|
54 |
('/ds:X509Certificate', 2), |
|
55 |
('/ds:X509Certificate[text()=\'xxx\']', 1), |
|
56 |
('/ds:X509Certificate[text()=\'yyy\']', 1)))), |
|
57 |
namespaces=ns) |
|
58 | ||
59 |
private_settings.MELLON_METADATA_PUBLISH_DISCOVERY_RESPONSE = True |
|
38 | 60 |
with mock.patch('mellon.utils.open', mock.mock_open(read_data='BEGIN\nyyy\nEND'), create=True): |
39 | 61 |
metadata = create_metadata(request) |
40 | 62 |
assert_xml_constraints( |
41 |
- |