0001-wip-idp_saml-ensure-users-are-active-when-performing.patch
src/authentic2/idp/saml/saml2_endpoints.py | ||
---|---|---|
732 | 732 |
liberty_provider__entity_id=login.remoteProviderId).liberty_provider |
733 | 733 | |
734 | 734 |
if not passive and \ |
735 |
(user.is_anonymous or (force_authn and not did_auth)): |
|
735 |
(user.is_anonymous or not user.is_active or (force_authn and not did_auth)):
|
|
736 | 736 |
logger.debug('login required') |
737 | 737 |
return need_login(request, login, nid_format, service) |
738 | 738 | |
739 | 739 |
# No user is authenticated and passive is True, deny request |
740 |
if passive and user.is_anonymous:
|
|
740 |
if passive and (user.is_anonymous or not user.is_active):
|
|
741 | 741 |
logger.debug('no user connected and passive request, returning NoPassive') |
742 | 742 |
set_saml2_response_responder_status_code(login.response, lasso.SAML2_STATUS_CODE_NO_PASSIVE) |
743 | 743 |
return finish_sso(request, login) |
744 |
- |