Merge branch '39-saml-audience-as-database-field' into 'master'
Resolve "SAML: Audience as Database field" Closes #39 See merge request BeryJu.org/passbook!25
This commit is contained in:
commit
5ec2102487
|
@ -73,9 +73,4 @@ saml_idp:
|
||||||
# List of python packages with provider types to load.
|
# List of python packages with provider types to load.
|
||||||
types:
|
types:
|
||||||
- passbook.saml_idp.processors.generic
|
- passbook.saml_idp.processors.generic
|
||||||
- passbook.saml_idp.processors.aws
|
|
||||||
- passbook.saml_idp.processors.gitlab
|
|
||||||
- passbook.saml_idp.processors.nextcloud
|
|
||||||
- passbook.saml_idp.processors.salesforce
|
- passbook.saml_idp.processors.salesforce
|
||||||
- passbook.saml_idp.processors.shibboleth
|
|
||||||
- passbook.saml_idp.processors.wordpress_orange
|
|
||||||
|
|
|
@ -134,9 +134,4 @@ data:
|
||||||
# List of python packages with provider types to load.
|
# List of python packages with provider types to load.
|
||||||
types:
|
types:
|
||||||
- passbook.saml_idp.processors.generic
|
- passbook.saml_idp.processors.generic
|
||||||
- passbook.saml_idp.processors.aws
|
|
||||||
- passbook.saml_idp.processors.gitlab
|
|
||||||
- passbook.saml_idp.processors.nextcloud
|
|
||||||
- passbook.saml_idp.processors.salesforce
|
- passbook.saml_idp.processors.salesforce
|
||||||
- passbook.saml_idp.processors.shibboleth
|
|
||||||
- passbook.saml_idp.processors.wordpress_orange
|
|
||||||
|
|
|
@ -95,10 +95,4 @@ saml_idp:
|
||||||
# List of python packages with provider types to load.
|
# List of python packages with provider types to load.
|
||||||
types:
|
types:
|
||||||
- passbook.saml_idp.processors.generic
|
- passbook.saml_idp.processors.generic
|
||||||
- passbook.saml_idp.processors.aws
|
|
||||||
- passbook.saml_idp.processors.gitlab
|
|
||||||
- passbook.saml_idp.processors.nextcloud
|
|
||||||
- passbook.saml_idp.processors.salesforce
|
- passbook.saml_idp.processors.salesforce
|
||||||
- passbook.saml_idp.processors.shibboleth
|
|
||||||
- passbook.saml_idp.processors.wordpress_orange
|
|
||||||
- passbook.saml_idp.processors.rancher
|
|
||||||
|
|
|
@ -116,11 +116,7 @@ class Processor:
|
||||||
|
|
||||||
def _determine_audience(self):
|
def _determine_audience(self):
|
||||||
"""Determines the _audience."""
|
"""Determines the _audience."""
|
||||||
self._audience = self._request_params.get('DESTINATION', None)
|
self._audience = self._remote.audience
|
||||||
|
|
||||||
if not self._audience:
|
|
||||||
self._audience = self._request_params.get('PROVIDER_NAME', None)
|
|
||||||
|
|
||||||
self._logger.info('determined audience')
|
self._logger.info('determined audience')
|
||||||
|
|
||||||
def _determine_response_id(self):
|
def _determine_response_id(self):
|
||||||
|
|
|
@ -25,7 +25,7 @@ class SAMLProviderForm(forms.ModelForm):
|
||||||
class Meta:
|
class Meta:
|
||||||
|
|
||||||
model = SAMLProvider
|
model = SAMLProvider
|
||||||
fields = ['name', 'property_mappings', 'acs_url', 'processor_path', 'issuer',
|
fields = ['name', 'property_mappings', 'acs_url', 'audience', 'processor_path', 'issuer',
|
||||||
'assertion_valid_for', 'signing', 'signing_cert', 'signing_key', ]
|
'assertion_valid_for', 'signing', 'signing_cert', 'signing_key', ]
|
||||||
labels = {
|
labels = {
|
||||||
'acs_url': 'ACS URL',
|
'acs_url': 'ACS URL',
|
||||||
|
@ -33,6 +33,7 @@ class SAMLProviderForm(forms.ModelForm):
|
||||||
}
|
}
|
||||||
widgets = {
|
widgets = {
|
||||||
'name': forms.TextInput(),
|
'name': forms.TextInput(),
|
||||||
|
'audience': forms.TextInput(),
|
||||||
'issuer': forms.TextInput(),
|
'issuer': forms.TextInput(),
|
||||||
'property_mappings': FilteredSelectMultiple(_('Property Mappings'), False)
|
'property_mappings': FilteredSelectMultiple(_('Property Mappings'), False)
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,18 @@
|
||||||
|
# Generated by Django 2.2 on 2019-04-18 09:09
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('passbook_saml_idp', '0002_samlpropertymapping'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AddField(
|
||||||
|
model_name='samlprovider',
|
||||||
|
name='audience',
|
||||||
|
field=models.TextField(blank=True, default=''),
|
||||||
|
),
|
||||||
|
]
|
|
@ -0,0 +1,18 @@
|
||||||
|
# Generated by Django 2.2 on 2019-04-18 09:18
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('passbook_saml_idp', '0003_samlprovider_audience'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='samlprovider',
|
||||||
|
name='audience',
|
||||||
|
field=models.TextField(default=''),
|
||||||
|
),
|
||||||
|
]
|
|
@ -15,6 +15,7 @@ class SAMLProvider(Provider):
|
||||||
|
|
||||||
name = models.TextField()
|
name = models.TextField()
|
||||||
acs_url = models.URLField()
|
acs_url = models.URLField()
|
||||||
|
audience = models.TextField(default='')
|
||||||
processor_path = models.CharField(max_length=255, choices=[])
|
processor_path = models.CharField(max_length=255, choices=[])
|
||||||
issuer = models.TextField()
|
issuer = models.TextField()
|
||||||
assertion_valid_for = models.IntegerField(default=86400)
|
assertion_valid_for = models.IntegerField(default=86400)
|
||||||
|
@ -33,7 +34,10 @@ class SAMLProvider(Provider):
|
||||||
def processor(self):
|
def processor(self):
|
||||||
"""Return selected processor as instance"""
|
"""Return selected processor as instance"""
|
||||||
if not self._processor:
|
if not self._processor:
|
||||||
|
try:
|
||||||
self._processor = path_to_class(self.processor_path)(self)
|
self._processor = path_to_class(self.processor_path)(self)
|
||||||
|
except ModuleNotFoundError:
|
||||||
|
self._processor = None
|
||||||
return self._processor
|
return self._processor
|
||||||
|
|
||||||
def __str__(self):
|
def __str__(self):
|
||||||
|
|
|
@ -1,22 +0,0 @@
|
||||||
"""AWS Processor"""
|
|
||||||
|
|
||||||
from passbook.saml_idp.base import Processor, xml_render
|
|
||||||
|
|
||||||
|
|
||||||
class AWSProcessor(Processor):
|
|
||||||
"""AWS Response Handler Processor for testing against django-saml2-sp."""
|
|
||||||
|
|
||||||
def _determine_audience(self):
|
|
||||||
self._audience = 'urn:amazon:webservices'
|
|
||||||
|
|
||||||
def _format_assertion(self):
|
|
||||||
"""Formats _assertion_params as _assertion_xml."""
|
|
||||||
super()._format_assertion()
|
|
||||||
self._assertion_params['ATTRIBUTES'].append(
|
|
||||||
{
|
|
||||||
'Name': 'https://aws.amazon.com/SAML/Attributes/RoleSessionName',
|
|
||||||
'Value': self._django_request.user.username,
|
|
||||||
}
|
|
||||||
)
|
|
||||||
self._assertion_xml = xml_render.get_assertion_xml(
|
|
||||||
'saml/xml/assertions/generic.xml', self._assertion_params, signed=True)
|
|
|
@ -1,10 +0,0 @@
|
||||||
"""GitLab Processor"""
|
|
||||||
|
|
||||||
from passbook.saml_idp.base import Processor
|
|
||||||
|
|
||||||
|
|
||||||
class GitLabProcessor(Processor):
|
|
||||||
"""GitLab Response Handler Processor for testing against django-saml2-sp."""
|
|
||||||
|
|
||||||
def _determine_audience(self):
|
|
||||||
self._audience = self._remote.acs_url.replace('/users/auth/saml/callback', '')
|
|
|
@ -1,11 +0,0 @@
|
||||||
"""NextCloud Processor"""
|
|
||||||
from passbook.saml_idp.base import Processor
|
|
||||||
|
|
||||||
|
|
||||||
class NextCloudProcessor(Processor):
|
|
||||||
"""Nextcloud SAML 2.0 AuthnRequest to Response Handler Processor."""
|
|
||||||
|
|
||||||
def _determine_audience(self):
|
|
||||||
# Nextcloud expects an audience in this format
|
|
||||||
# https://<host>/index.php/apps/user_saml/saml/metadata
|
|
||||||
self._audience = self._remote.acs_url.replace('acs', 'metadata')
|
|
|
@ -1,11 +0,0 @@
|
||||||
"""Rancher Processor"""
|
|
||||||
from passbook.saml_idp.base import Processor
|
|
||||||
|
|
||||||
|
|
||||||
class RancherProcessor(Processor):
|
|
||||||
"""Rancher SAML 2.0 AuthnRequest to Response Handler Processor."""
|
|
||||||
|
|
||||||
def _determine_audience(self):
|
|
||||||
# Rancher expects an audience in this format
|
|
||||||
# https://<host>/v1-saml/adfs/saml/acs
|
|
||||||
self._audience = self._remote.acs_url.replace('acs', 'metadata')
|
|
|
@ -1,11 +0,0 @@
|
||||||
"""Shibboleth Processor"""
|
|
||||||
|
|
||||||
from passbook.saml_idp.base import Processor
|
|
||||||
|
|
||||||
|
|
||||||
class ShibbolethProcessor(Processor):
|
|
||||||
"""Shibboleth-specific Processor"""
|
|
||||||
|
|
||||||
def _determine_audience(self):
|
|
||||||
"""Determines the _audience."""
|
|
||||||
self._audience = "https://sp.testshib.org/shibboleth-sp"
|
|
|
@ -1,13 +0,0 @@
|
||||||
"""WordpressOrange Processor"""
|
|
||||||
|
|
||||||
from passbook.saml_idp.base import Processor
|
|
||||||
|
|
||||||
|
|
||||||
class WordpressOrangeProcessor(Processor):
|
|
||||||
"""WordpressOrange Response Handler Processor for testing against django-saml2-sp."""
|
|
||||||
|
|
||||||
def _determine_audience(self):
|
|
||||||
# Orange expects an audience in this format
|
|
||||||
# https://<host>/wp-content/plugins/miniorange-saml-20-single-sign-on/
|
|
||||||
self._audience = self._remote.acs_url + \
|
|
||||||
'wp-content/plugins/miniorange-saml-20-single-sign-on/'
|
|
Reference in New Issue