providers/saml: fix error on missing AssertionConsumerServiceURL, fall back to default ACS

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-31 17:21:15 +01:00 · 2021-10-31 17:21:15 +01:00 · 335d6edd11
parent 5d9bed130a
commit 335d6edd11
1 changed files with 6 additions and 4 deletions
--- a/authentik/providers/saml/processors/request_parser.py
+++ b/authentik/providers/saml/processors/request_parser.py
@ -59,11 +59,13 @@ class AuthNRequestParser:
    ) -> AuthNRequest:
        root = ElementTree.fromstring(decoded_xml)

+        # http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
+        # `AssertionConsumerServiceURL` can be omitted, and we should fallback to the
+        # default ACS URL
        if "AssertionConsumerServiceURL" not in root.attrib:
-            msg = "Missing 'AssertionConsumerServiceURL' attribute"
-            LOGGER.warning(msg)
-            raise CannotHandleAssertion(msg)
-        request_acs_url = root.attrib["AssertionConsumerServiceURL"]
+            request_acs_url = self.provider.acs_url.lower()
+        else:
+            request_acs_url = root.attrib["AssertionConsumerServiceURL"]

        if self.provider.acs_url.lower() != request_acs_url.lower():
            msg = (