Merge branch '39-saml-audience-as-database-field' into 'master'

Resolve "SAML: Audience as Database field"

Closes #39

See merge request BeryJu.org/passbook!25
This commit is contained in:
Jens Langhammer 2019-04-18 09:31:56 +00:00
commit 5ec2102487
14 changed files with 44 additions and 101 deletions

View File

@ -73,9 +73,4 @@ saml_idp:
# List of python packages with provider types to load. # List of python packages with provider types to load.
types: types:
- passbook.saml_idp.processors.generic - passbook.saml_idp.processors.generic
- passbook.saml_idp.processors.aws
- passbook.saml_idp.processors.gitlab
- passbook.saml_idp.processors.nextcloud
- passbook.saml_idp.processors.salesforce - passbook.saml_idp.processors.salesforce
- passbook.saml_idp.processors.shibboleth
- passbook.saml_idp.processors.wordpress_orange

View File

@ -134,9 +134,4 @@ data:
# List of python packages with provider types to load. # List of python packages with provider types to load.
types: types:
- passbook.saml_idp.processors.generic - passbook.saml_idp.processors.generic
- passbook.saml_idp.processors.aws
- passbook.saml_idp.processors.gitlab
- passbook.saml_idp.processors.nextcloud
- passbook.saml_idp.processors.salesforce - passbook.saml_idp.processors.salesforce
- passbook.saml_idp.processors.shibboleth
- passbook.saml_idp.processors.wordpress_orange

View File

@ -95,10 +95,4 @@ saml_idp:
# List of python packages with provider types to load. # List of python packages with provider types to load.
types: types:
- passbook.saml_idp.processors.generic - passbook.saml_idp.processors.generic
- passbook.saml_idp.processors.aws
- passbook.saml_idp.processors.gitlab
- passbook.saml_idp.processors.nextcloud
- passbook.saml_idp.processors.salesforce - passbook.saml_idp.processors.salesforce
- passbook.saml_idp.processors.shibboleth
- passbook.saml_idp.processors.wordpress_orange
- passbook.saml_idp.processors.rancher

View File

@ -116,11 +116,7 @@ class Processor:
def _determine_audience(self): def _determine_audience(self):
"""Determines the _audience.""" """Determines the _audience."""
self._audience = self._request_params.get('DESTINATION', None) self._audience = self._remote.audience
if not self._audience:
self._audience = self._request_params.get('PROVIDER_NAME', None)
self._logger.info('determined audience') self._logger.info('determined audience')
def _determine_response_id(self): def _determine_response_id(self):

View File

@ -25,7 +25,7 @@ class SAMLProviderForm(forms.ModelForm):
class Meta: class Meta:
model = SAMLProvider model = SAMLProvider
fields = ['name', 'property_mappings', 'acs_url', 'processor_path', 'issuer', fields = ['name', 'property_mappings', 'acs_url', 'audience', 'processor_path', 'issuer',
'assertion_valid_for', 'signing', 'signing_cert', 'signing_key', ] 'assertion_valid_for', 'signing', 'signing_cert', 'signing_key', ]
labels = { labels = {
'acs_url': 'ACS URL', 'acs_url': 'ACS URL',
@ -33,6 +33,7 @@ class SAMLProviderForm(forms.ModelForm):
} }
widgets = { widgets = {
'name': forms.TextInput(), 'name': forms.TextInput(),
'audience': forms.TextInput(),
'issuer': forms.TextInput(), 'issuer': forms.TextInput(),
'property_mappings': FilteredSelectMultiple(_('Property Mappings'), False) 'property_mappings': FilteredSelectMultiple(_('Property Mappings'), False)
} }

View File

@ -0,0 +1,18 @@
# Generated by Django 2.2 on 2019-04-18 09:09
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('passbook_saml_idp', '0002_samlpropertymapping'),
]
operations = [
migrations.AddField(
model_name='samlprovider',
name='audience',
field=models.TextField(blank=True, default=''),
),
]

View File

@ -0,0 +1,18 @@
# Generated by Django 2.2 on 2019-04-18 09:18
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('passbook_saml_idp', '0003_samlprovider_audience'),
]
operations = [
migrations.AlterField(
model_name='samlprovider',
name='audience',
field=models.TextField(default=''),
),
]

View File

@ -15,6 +15,7 @@ class SAMLProvider(Provider):
name = models.TextField() name = models.TextField()
acs_url = models.URLField() acs_url = models.URLField()
audience = models.TextField(default='')
processor_path = models.CharField(max_length=255, choices=[]) processor_path = models.CharField(max_length=255, choices=[])
issuer = models.TextField() issuer = models.TextField()
assertion_valid_for = models.IntegerField(default=86400) assertion_valid_for = models.IntegerField(default=86400)
@ -33,7 +34,10 @@ class SAMLProvider(Provider):
def processor(self): def processor(self):
"""Return selected processor as instance""" """Return selected processor as instance"""
if not self._processor: if not self._processor:
try:
self._processor = path_to_class(self.processor_path)(self) self._processor = path_to_class(self.processor_path)(self)
except ModuleNotFoundError:
self._processor = None
return self._processor return self._processor
def __str__(self): def __str__(self):

View File

@ -1,22 +0,0 @@
"""AWS Processor"""
from passbook.saml_idp.base import Processor, xml_render
class AWSProcessor(Processor):
"""AWS Response Handler Processor for testing against django-saml2-sp."""
def _determine_audience(self):
self._audience = 'urn:amazon:webservices'
def _format_assertion(self):
"""Formats _assertion_params as _assertion_xml."""
super()._format_assertion()
self._assertion_params['ATTRIBUTES'].append(
{
'Name': 'https://aws.amazon.com/SAML/Attributes/RoleSessionName',
'Value': self._django_request.user.username,
}
)
self._assertion_xml = xml_render.get_assertion_xml(
'saml/xml/assertions/generic.xml', self._assertion_params, signed=True)

View File

@ -1,10 +0,0 @@
"""GitLab Processor"""
from passbook.saml_idp.base import Processor
class GitLabProcessor(Processor):
"""GitLab Response Handler Processor for testing against django-saml2-sp."""
def _determine_audience(self):
self._audience = self._remote.acs_url.replace('/users/auth/saml/callback', '')

View File

@ -1,11 +0,0 @@
"""NextCloud Processor"""
from passbook.saml_idp.base import Processor
class NextCloudProcessor(Processor):
"""Nextcloud SAML 2.0 AuthnRequest to Response Handler Processor."""
def _determine_audience(self):
# Nextcloud expects an audience in this format
# https://<host>/index.php/apps/user_saml/saml/metadata
self._audience = self._remote.acs_url.replace('acs', 'metadata')

View File

@ -1,11 +0,0 @@
"""Rancher Processor"""
from passbook.saml_idp.base import Processor
class RancherProcessor(Processor):
"""Rancher SAML 2.0 AuthnRequest to Response Handler Processor."""
def _determine_audience(self):
# Rancher expects an audience in this format
# https://<host>/v1-saml/adfs/saml/acs
self._audience = self._remote.acs_url.replace('acs', 'metadata')

View File

@ -1,11 +0,0 @@
"""Shibboleth Processor"""
from passbook.saml_idp.base import Processor
class ShibbolethProcessor(Processor):
"""Shibboleth-specific Processor"""
def _determine_audience(self):
"""Determines the _audience."""
self._audience = "https://sp.testshib.org/shibboleth-sp"

View File

@ -1,13 +0,0 @@
"""WordpressOrange Processor"""
from passbook.saml_idp.base import Processor
class WordpressOrangeProcessor(Processor):
"""WordpressOrange Response Handler Processor for testing against django-saml2-sp."""
def _determine_audience(self):
# Orange expects an audience in this format
# https://<host>/wp-content/plugins/miniorange-saml-20-single-sign-on/
self._audience = self._remote.acs_url + \
'wp-content/plugins/miniorange-saml-20-single-sign-on/'