providers/saml: add POST binding support to Metadata

2020-02-20 17:38:42 +01:00 · 2020-02-20 17:38:42 +01:00 · d06f1abb89
parent 027a64fad2
commit d06f1abb89
2 changed files with 7 additions and 6 deletions
--- a/passbook/providers/saml/templates/saml/xml/metadata.xml
+++ b/passbook/providers/saml/templates/saml/xml/metadata.xml
@ -17,6 +17,7 @@
    </md:KeyDescriptor>
    <md:NameIDFormat>{{ subject_format }}</md:NameIDFormat>
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="{{ slo_url }}"/>
-    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="{{ sso_url }}"/>
+    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="{{ sso_post_url }}"/>
+    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="{{ sso_redirect_url }}"/>
  </md:IDPSSODescriptor>
 </md:EntityDescriptor>
--- a/passbook/providers/saml/views.py
+++ b/passbook/providers/saml/views.py
@ -134,9 +134,7 @@ class LoginProcessView(AccessRequiredView):
        try:
            # application.skip_authorization is set so we directly redirect the user
            if self.provider.application.skip_authorization:
-                self.provider.processor.can_handle(request)
-                saml_params = self.provider.processor.generate_response()
-                return self.handle_redirect(saml_params, True)
+                return self.post(request, application)

            self.provider.processor.init_deep_link(request)
            params = self.provider.processor.generate_response()
@ -233,7 +231,7 @@ class DescriptorDownloadView(AccessRequiredView):
                kwargs={"application": provider.application.slug},
            )
        )
-        sso_url = request.build_absolute_uri(
+        sso_post_url = request.build_absolute_uri(
            reverse(
                "passbook_providers_saml:saml-login",
                kwargs={"application": provider.application.slug},
@ -247,7 +245,9 @@ class DescriptorDownloadView(AccessRequiredView):
            "entity_id": entity_id,
            "cert_public_key": pubkey,
            "slo_url": slo_url,
-            "sso_url": sso_url,
+            # Currently, the same endpoint accepts POST and REDIRECT
+            "sso_post_url": sso_post_url,
+            "sso_redirect_url": sso_post_url,
            "subject_format": subject_format,
        }
        return render_to_string("saml/xml/metadata.xml", ctx)