providers/saml: fix metadata rendering when no singing keypair is selected
closes PASSBOOK-44
This commit is contained in:
parent
9a1270c693
commit
5f4452470b
|
@ -1,6 +1,7 @@
|
||||||
<?xml version="1.0"?>
|
<?xml version="1.0"?>
|
||||||
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="{{ entity_id }}">
|
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="{{ entity_id }}">
|
||||||
<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
||||||
|
{% if cert_public_key %}
|
||||||
<md:KeyDescriptor use="signing">
|
<md:KeyDescriptor use="signing">
|
||||||
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||||
<ds:X509Data>
|
<ds:X509Data>
|
||||||
|
@ -8,13 +9,7 @@
|
||||||
</ds:X509Data>
|
</ds:X509Data>
|
||||||
</ds:KeyInfo>
|
</ds:KeyInfo>
|
||||||
</md:KeyDescriptor>
|
</md:KeyDescriptor>
|
||||||
<md:KeyDescriptor use="encryption">
|
{% endif %}
|
||||||
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
|
||||||
<ds:X509Data>
|
|
||||||
<ds:X509Certificate>{{ cert_public_key }}</ds:X509Certificate>
|
|
||||||
</ds:X509Data>
|
|
||||||
</ds:KeyInfo>
|
|
||||||
</md:KeyDescriptor>
|
|
||||||
<md:NameIDFormat>{{ subject_format }}</md:NameIDFormat>
|
<md:NameIDFormat>{{ subject_format }}</md:NameIDFormat>
|
||||||
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="{{ slo_url }}"/>
|
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="{{ slo_url }}"/>
|
||||||
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="{{ sso_post_url }}"/>
|
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="{{ sso_post_url }}"/>
|
||||||
|
|
|
@ -274,19 +274,19 @@ class DescriptorDownloadView(AccessRequiredView):
|
||||||
kwargs={"application": provider.application.slug},
|
kwargs={"application": provider.application.slug},
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
pubkey = strip_pem_header(
|
|
||||||
provider.signing_kp.certificate_data.replace("\r", "")
|
|
||||||
).replace("\n", "")
|
|
||||||
subject_format = provider.processor.subject_format
|
subject_format = provider.processor.subject_format
|
||||||
ctx = {
|
ctx = {
|
||||||
"entity_id": entity_id,
|
"entity_id": entity_id,
|
||||||
"cert_public_key": pubkey,
|
|
||||||
"slo_url": slo_url,
|
"slo_url": slo_url,
|
||||||
# Currently, the same endpoint accepts POST and REDIRECT
|
# Currently, the same endpoint accepts POST and REDIRECT
|
||||||
"sso_post_url": sso_post_url,
|
"sso_post_url": sso_post_url,
|
||||||
"sso_redirect_url": sso_post_url,
|
"sso_redirect_url": sso_post_url,
|
||||||
"subject_format": subject_format,
|
"subject_format": subject_format,
|
||||||
}
|
}
|
||||||
|
if provider.signing_kp:
|
||||||
|
ctx["cert_public_key"] = strip_pem_header(
|
||||||
|
provider.signing_kp.certificate_data.replace("\r", "")
|
||||||
|
).replace("\n", "")
|
||||||
return render_to_string("saml/xml/metadata.xml", ctx)
|
return render_to_string("saml/xml/metadata.xml", ctx)
|
||||||
|
|
||||||
# pylint: disable=unused-argument
|
# pylint: disable=unused-argument
|
||||||
|
|
Reference in a new issue