0003-idp_saml2-handle-RelayState-on-posted-AuthnRequest-4.patch

Benjamin Dauvergne, 23 mars 2020 17:45

Voir les différences: en ligne côte à côte

Subject: [PATCH 3/3] idp_saml2: handle RelayState on posted AuthnRequest
 (#40722)

 src/authentic2/idp/saml/saml2_endpoints.py |  2 +-
 src/authentic2/saml/common.py              |  3 ++-
 tests/test_idp_saml2.py                    | 27 ++++++++++++++++++----
 3 files changed, 25 insertions(+), 7 deletions(-)

             consent_answer = request.GET.get('consent_answer', '')
             if consent_answer:
                 logger.debug(u'back from the consent page for federation with answer %s', consent_answer)
         message = get_saml2_request_message(request)
         server = create_server(request)
         login = lasso.Login(server)
         message = get_saml2_request_message(request, login)
         # 1. Process the request, separate POST and GET treatment
         if not message:
             return HttpResponseForbidden('A SAMLv2 Single Sign On request need a query string',

             raise Http404('This endpoint is only for asynchornous bindings')
     def get_saml2_request_message(request):
     def get_saml2_request_message(request, profile):
         '''Return SAMLv2 message whatever the HTTP binding used'''
         binding = get_http_binding(request)
         if binding == 'GET':
             msg = get_saml2_query_request(request)
         elif binding == 'POST':
             msg = get_saml2_post_request(request)
             profile.msgRelayState = request.POST.get('RelayState')
         elif binding == 'SOAP':
             msg = get_saml2_soap_request(request)
         else:

             assert url_parsed.path == reverse('a2-idp-saml-sso'), 'msgUrl should target the sso endpoint'
             if self.keys:
                 assert 'rsa-sha256' in login.msgUrl
             return login.msgUrl, login.msgBody, request.id
             return login.msgUrl, login.msgBody, login.msgRelayState, request.id
         def parse_authn_response(self, saml_response):
             login = self.login = lasso.Login(self.get_server())
-...
         def launch_authn_request(self):
             # Launch an AuthnRequest
             url, body, request_id = self.sp.make_authn_request(**self.make_authn_request_kwargs)
             response = self.app.get(url)
             url, body, relay_state, request_id = self.sp.make_authn_request(**self.make_authn_request_kwargs)
             if body is None:
                 response = self.app.get(url)
             else: # post case
                 params = {'SAMLRequest': body}
                 if relay_state is not None:
                     params['RelayState'] = relay_state
                 response = self.app.post(url, params=params)
             utils.assert_redirects_complex(
                 response,
-...
             utils.assert_xpath_constraints(assertion_xml, constraints, namespaces)
     def test_sso_post(app, user):
     def test_sso_redirect_post(app, user):
         scenario = Scenario(app, sp_kwargs=dict(binding='post'))
         scenario.launch_authn_request()
         scenario.login(user)
-...
         scenario.check_assertion(user=user)
     def test_sso_artifact(app, user, keys):
     def test_sso_post_post(app, user):
         scenario = Scenario(
             app,
             make_authn_request_kwargs={'method': lasso.HTTP_METHOD_POST},
             sp_kwargs=dict(binding='post'))
         scenario.launch_authn_request()
         scenario.login(user)
         scenario.handle_post_response()
         scenario.check_assertion(user=user)
     def test_sso_redirect_artifact(app, user, keys):
         scenario = Scenario(app, sp_kwargs=dict(binding='artifact', keys=keys))
         scenario.launch_authn_request()
         scenario.login(user)
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2

0003-idp_saml2-handle-RelayState-on-posted-AuthnRequest-4.patch