From 4c5bc1bcee891890ce92828668b8e21040da0300 Mon Sep 17 00:00:00 2001 From: Thomas NOEL Date: Thu, 23 Nov 2017 10:25:06 +0100 Subject: [PATCH] misc: disable AuthnRequest eo:next_url Extensions by default (#20229) --- mellon/app_settings.py | 1 + mellon/views.py | 17 +++++++++-------- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/mellon/app_settings.py b/mellon/app_settings.py index aeeab73..b948a2f 100644 --- a/mellon/app_settings.py +++ b/mellon/app_settings.py @@ -13,6 +13,7 @@ class AppSettings(object): 'NAME_ID_POLICY_FORMAT': None, 'NAME_ID_POLICY_ALLOW_CREATE': True, 'FORCE_AUTHN': False, + 'ADD_AUTHNREQUEST_NEXT_URL_EXTENSION': False, 'ADAPTER': ( 'mellon.adapters.DefaultAdapter', ), diff --git a/mellon/views.py b/mellon/views.py index e01dc13..634263c 100644 --- a/mellon/views.py +++ b/mellon/views.py @@ -363,14 +363,15 @@ class LoginView(ProfileMixin, LogMixin, View): authn_request.requestedAuthnContext = req_authncontext req_authncontext.authnContextClassRef = authn_classref - authn_request.extensions = lasso.Samlp2Extensions() - authn_request.extensions.setOriginalXmlnode( - ''' - %s - ''' % - escape(request.build_absolute_uri(next_url or '/'))) + if utils.get_setting(idp, 'ADD_AUTHNREQUEST_NEXT_URL_EXTENSION'): + authn_request.extensions = lasso.Samlp2Extensions() + authn_request.extensions.setOriginalXmlnode( + ''' + %s + ''' % + escape(request.build_absolute_uri(next_url or '/'))) self.set_next_url(next_url) login.buildAuthnRequestMsg() except lasso.Error, e: -- 2.15.0