0001-add-MELLON_ASSERTION_CONSUMER_BINDINGS-52063.patch
README | ||
---|---|---|
311 | 311 |
Timeout in seconds for HTTP call made to retrieve metadata files. Default is 10 |
312 | 312 |
seconds. |
313 | 313 | |
314 |
MELLON_ASSERTION_CONSUMER_BINDINGS |
|
315 |
---------------------------------- |
|
316 | ||
317 |
The list of supported assertion consumer bindings. Default is:: |
|
318 | ||
319 |
['post', 'artifact'] |
|
320 | ||
314 | 321 |
Tests |
315 | 322 |
===== |
316 | 323 |
mellon/app_settings.py | ||
---|---|---|
26 | 26 |
'CREATE_GROUP': True, |
27 | 27 |
'ERROR_URL': None, |
28 | 28 |
'ERROR_REDIRECT_AFTER_TIMEOUT': 120, |
29 |
'ASSERTION_CONSUMER_BINDINGS': ['post', 'artifact'], |
|
29 | 30 |
'DEFAULT_ASSERTION_CONSUMER_BINDING': 'post', # or artifact |
30 | 31 |
'VERIFY_SSL_CERTIFICATE': True, |
31 | 32 |
'OPENED_SESSION_COOKIE_NAME': None, |
mellon/templates/mellon/metadata.xml | ||
---|---|---|
32 | 32 |
{% for name_id_format in name_id_formats %} |
33 | 33 |
<NameIDFormat>{{ name_id_format }}</NameIDFormat> |
34 | 34 |
{% endfor %} |
35 |
<AssertionConsumerService |
|
35 |
{% if 'artifact' in assertion_consumer_bindings %} <AssertionConsumerService
|
|
36 | 36 |
index="0" |
37 | 37 |
{% if default_assertion_consumer_binding == "artifact" %} |
38 | 38 |
isDefault="true" |
39 | 39 |
{% endif %} |
40 | 40 |
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" |
41 |
Location="{{ login_url }}" /> |
|
42 |
<AssertionConsumerService |
|
41 |
Location="{{ login_url }}" />
|
|
42 |
{% endif %}{% if 'post' in assertion_consumer_bindings%} <AssertionConsumerService
|
|
43 | 43 |
index="1" |
44 | 44 |
{% if default_assertion_consumer_binding == "post" %} |
45 | 45 |
isDefault="true" |
46 | 46 |
{% endif %} |
47 | 47 |
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" |
48 | 48 |
Location="{{ login_url }}" /> |
49 |
</SPSSODescriptor> |
|
49 |
{% endif %} </SPSSODescriptor>
|
|
50 | 50 |
{% if organization and organization.NAMES and organization.DISPLAY_NAMES and organization.URLS %} |
51 | 51 |
<Organization> |
52 | 52 |
{% for name in organization.NAMES %} |
mellon/utils.py | ||
---|---|---|
54 | 54 |
'logout_url': request.build_absolute_uri(logout_url), |
55 | 55 |
'public_keys': public_keys, |
56 | 56 |
'name_id_formats': name_id_formats, |
57 |
'assertion_consumer_bindings': app_settings.ASSERTION_CONSUMER_BINDINGS, |
|
57 | 58 |
'default_assertion_consumer_binding': app_settings.DEFAULT_ASSERTION_CONSUMER_BINDING, |
58 | 59 |
'organization': app_settings.ORGANIZATION, |
59 | 60 |
'contact_persons': app_settings.CONTACT_PERSONS, |
mellon/views.py | ||
---|---|---|
29 | 29 |
from django.contrib import auth |
30 | 30 |
from django.contrib.auth import REDIRECT_FIELD_NAME, get_user_model |
31 | 31 |
from django.db import transaction |
32 |
from django.http import HttpResponse, HttpResponseForbidden, HttpResponseRedirect |
|
32 |
from django.http import Http404, HttpResponse, HttpResponseForbidden, HttpResponseRedirect
|
|
33 | 33 |
from django.shortcuts import render, resolve_url |
34 | 34 |
from django.urls import reverse |
35 | 35 |
from django.utils import six |
... | ... | |
163 | 163 |
def post(self, request, *args, **kwargs): |
164 | 164 |
'''Assertion consumer''' |
165 | 165 |
if 'SAMLart' in request.POST: |
166 |
if 'artifact' not in app_settings.ASSERTION_CONSUMER_BINDINGS: |
|
167 |
raise Http404('artifact binding is not supported') |
|
166 | 168 |
return self.continue_sso_artifact(request, lasso.HTTP_METHOD_ARTIFACT_POST) |
167 | 169 |
if 'SAMLResponse' not in request.POST: |
170 |
if 'post' not in app_settings.ASSERTION_CONSUMER_BINDINGS: |
|
171 |
raise Http404('post binding is not supported') |
|
168 | 172 |
return self.get(request, *args, **kwargs) |
169 | 173 |
if not utils.is_nonnull(request.POST['SAMLResponse']): |
170 | 174 |
return HttpResponseBadRequest('SAMLResponse contains a null character') |
... | ... | |
462 | 466 |
def get(self, request, *args, **kwargs): |
463 | 467 |
'''Initialize login request''' |
464 | 468 |
if 'SAMLart' in request.GET: |
469 |
if 'artifact' not in app_settings.ASSERTION_CONSUMER_BINDINGS: |
|
470 |
raise Http404('artifact binding is not supported') |
|
465 | 471 |
return self.continue_sso_artifact(request, lasso.HTTP_METHOD_ARTIFACT_GET) |
466 | 472 | |
467 | 473 |
# redirect to discovery service if needed |
tests/test_utils.py | ||
---|---|---|
112 | 112 |
namespaces=ns, |
113 | 113 |
) |
114 | 114 | |
115 |
private_settings.MELLON_ASSERTION_CONSUMER_BINDINGS = ['post'] |
|
116 |
with mock.patch('mellon.utils.open', mock.mock_open(read_data='BEGIN\nyyy\nEND'), create=True): |
|
117 |
metadata = create_metadata(request) |
|
118 |
assert 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' |
|
119 |
assert_xml_constraints( |
|
120 |
metadata.encode('utf-8'), |
|
121 |
( |
|
122 |
'/sm:EntityDescriptor/sm:SPSSODescriptor', |
|
123 |
1, |
|
124 |
( |
|
125 |
'/sm:AssertionConsumerService[@Binding=\'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\']', |
|
126 |
0, |
|
127 |
), |
|
128 |
( |
|
129 |
'/sm:AssertionConsumerService[@Binding=\'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\']', |
|
130 |
1, |
|
131 |
), |
|
132 |
), |
|
133 |
namespaces=ns, |
|
134 |
) |
|
135 | ||
136 |
private_settings.MELLON_ASSERTION_CONSUMER_BINDINGS = ['artifact'] |
|
137 |
with mock.patch('mellon.utils.open', mock.mock_open(read_data='BEGIN\nyyy\nEND'), create=True): |
|
138 |
metadata = create_metadata(request) |
|
139 |
assert 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' |
|
140 |
assert_xml_constraints( |
|
141 |
metadata.encode('utf-8'), |
|
142 |
( |
|
143 |
'/sm:EntityDescriptor/sm:SPSSODescriptor', |
|
144 |
1, |
|
145 |
( |
|
146 |
'/sm:AssertionConsumerService[@Binding=\'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\']', |
|
147 |
1, |
|
148 |
), |
|
149 |
( |
|
150 |
'/sm:AssertionConsumerService[@Binding=\'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\']', |
|
151 |
0, |
|
152 |
), |
|
153 |
), |
|
154 |
namespaces=ns, |
|
155 |
) |
|
156 | ||
115 | 157 | |
116 | 158 |
def test_iso8601_to_datetime(private_settings): |
117 | 159 |
import django.utils.timezone |
118 |
- |