0003-idp_saml2-handle-RelayState-on-posted-AuthnRequest-4.patch
src/authentic2/idp/saml/saml2_endpoints.py | ||
---|---|---|
430 | 430 |
consent_answer = request.GET.get('consent_answer', '') |
431 | 431 |
if consent_answer: |
432 | 432 |
logger.debug(u'back from the consent page for federation with answer %s', consent_answer) |
433 |
message = get_saml2_request_message(request) |
|
434 | 433 |
server = create_server(request) |
435 | 434 |
login = lasso.Login(server) |
435 |
message = get_saml2_request_message(request, login) |
|
436 | 436 |
# 1. Process the request, separate POST and GET treatment |
437 | 437 |
if not message: |
438 | 438 |
return HttpResponseForbidden('A SAMLv2 Single Sign On request need a query string', |
src/authentic2/saml/common.py | ||
---|---|---|
166 | 166 |
raise Http404('This endpoint is only for asynchornous bindings') |
167 | 167 | |
168 | 168 | |
169 |
def get_saml2_request_message(request): |
|
169 |
def get_saml2_request_message(request, profile):
|
|
170 | 170 |
'''Return SAMLv2 message whatever the HTTP binding used''' |
171 | 171 |
binding = get_http_binding(request) |
172 | 172 |
if binding == 'GET': |
173 | 173 |
msg = get_saml2_query_request(request) |
174 | 174 |
elif binding == 'POST': |
175 | 175 |
msg = get_saml2_post_request(request) |
176 |
profile.msgRelayState = request.POST.get('RelayState') |
|
176 | 177 |
elif binding == 'SOAP': |
177 | 178 |
msg = get_saml2_soap_request(request) |
178 | 179 |
else: |
tests/test_idp_saml2.py | ||
---|---|---|
274 | 274 |
assert url_parsed.path == reverse('a2-idp-saml-sso'), 'msgUrl should target the sso endpoint' |
275 | 275 |
if self.keys: |
276 | 276 |
assert 'rsa-sha256' in login.msgUrl |
277 |
return login.msgUrl, login.msgBody, request.id |
|
277 |
return login.msgUrl, login.msgBody, login.msgRelayState, request.id
|
|
278 | 278 | |
279 | 279 |
def parse_authn_response(self, saml_response): |
280 | 280 |
login = self.login = lasso.Login(self.get_server()) |
... | ... | |
315 | 315 | |
316 | 316 |
def launch_authn_request(self): |
317 | 317 |
# Launch an AuthnRequest |
318 |
url, body, request_id = self.sp.make_authn_request(**self.make_authn_request_kwargs) |
|
319 |
response = self.app.get(url) |
|
318 |
url, body, relay_state, request_id = self.sp.make_authn_request(**self.make_authn_request_kwargs) |
|
319 |
if body is None: |
|
320 |
response = self.app.get(url) |
|
321 |
else: # post case |
|
322 |
params = {'SAMLRequest': body} |
|
323 |
if relay_state is not None: |
|
324 |
params['RelayState'] = relay_state |
|
325 |
response = self.app.post(url, params=params) |
|
320 | 326 | |
321 | 327 |
utils.assert_redirects_complex( |
322 | 328 |
response, |
... | ... | |
474 | 480 |
utils.assert_xpath_constraints(assertion_xml, constraints, namespaces) |
475 | 481 | |
476 | 482 | |
477 |
def test_sso_post(app, user): |
|
483 |
def test_sso_redirect_post(app, user):
|
|
478 | 484 |
scenario = Scenario(app, sp_kwargs=dict(binding='post')) |
479 | 485 |
scenario.launch_authn_request() |
480 | 486 |
scenario.login(user) |
... | ... | |
482 | 488 |
scenario.check_assertion(user=user) |
483 | 489 | |
484 | 490 | |
485 |
def test_sso_artifact(app, user, keys): |
|
491 |
def test_sso_post_post(app, user): |
|
492 |
scenario = Scenario( |
|
493 |
app, |
|
494 |
make_authn_request_kwargs={'method': lasso.HTTP_METHOD_POST}, |
|
495 |
sp_kwargs=dict(binding='post')) |
|
496 |
scenario.launch_authn_request() |
|
497 |
scenario.login(user) |
|
498 |
scenario.handle_post_response() |
|
499 |
scenario.check_assertion(user=user) |
|
500 | ||
501 | ||
502 |
def test_sso_redirect_artifact(app, user, keys): |
|
486 | 503 |
scenario = Scenario(app, sp_kwargs=dict(binding='artifact', keys=keys)) |
487 | 504 |
scenario.launch_authn_request() |
488 | 505 |
scenario.login(user) |
489 |
- |