sources/saml: fix incorrect ProtocolBinding being sent

closes #2213

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-02-03 18:20:06 +01:00
parent 39ff202f8c
commit eaba8006e6
3 changed files with 16 additions and 1 deletions

View file

@ -15,6 +15,7 @@ from authentik.providers.saml.processors.request_parser import AuthNRequestParse
from authentik.sources.saml.exceptions import MismatchedRequestID from authentik.sources.saml.exceptions import MismatchedRequestID
from authentik.sources.saml.models import SAMLSource from authentik.sources.saml.models import SAMLSource
from authentik.sources.saml.processors.constants import ( from authentik.sources.saml.processors.constants import (
SAML_BINDING_REDIRECT,
SAML_NAME_ID_FORMAT_EMAIL, SAML_NAME_ID_FORMAT_EMAIL,
SAML_NAME_ID_FORMAT_UNSPECIFIED, SAML_NAME_ID_FORMAT_UNSPECIFIED,
) )
@ -98,6 +99,9 @@ class TestAuthNRequest(TestCase):
# First create an AuthNRequest # First create an AuthNRequest
request_proc = RequestProcessor(self.source, http_request, "test_state") request_proc = RequestProcessor(self.source, http_request, "test_state")
auth_n = request_proc.get_auth_n()
self.assertEqual(auth_n.attrib["ProtocolBinding"], SAML_BINDING_REDIRECT)
request = request_proc.build_auth_n() request = request_proc.build_auth_n()
# Now we check the ID and signature # Now we check the ID and signature
parsed_request = AuthNRequestParser(self.provider).parse( parsed_request = AuthNRequestParser(self.provider).parse(

View file

@ -18,6 +18,8 @@ from authentik.sources.saml.processors.constants import (
RSA_SHA256, RSA_SHA256,
RSA_SHA384, RSA_SHA384,
RSA_SHA512, RSA_SHA512,
SAML_BINDING_POST,
SAML_BINDING_REDIRECT,
SAML_NAME_ID_FORMAT_EMAIL, SAML_NAME_ID_FORMAT_EMAIL,
SAML_NAME_ID_FORMAT_PERSISTENT, SAML_NAME_ID_FORMAT_PERSISTENT,
SAML_NAME_ID_FORMAT_TRANSIENT, SAML_NAME_ID_FORMAT_TRANSIENT,
@ -37,6 +39,15 @@ class SAMLBindingTypes(models.TextChoices):
POST = "POST", _("POST Binding") POST = "POST", _("POST Binding")
POST_AUTO = "POST_AUTO", _("POST Binding with auto-confirmation") POST_AUTO = "POST_AUTO", _("POST Binding with auto-confirmation")
@property
def uri(self) -> str:
"""Convert database field to URI"""
return {
SAMLBindingTypes.POST: SAML_BINDING_POST,
SAMLBindingTypes.POST_AUTO: SAML_BINDING_POST,
SAMLBindingTypes.REDIRECT: SAML_BINDING_REDIRECT,
}[self]
class SAMLNameIDPolicy(models.TextChoices): class SAMLNameIDPolicy(models.TextChoices):
"""SAML NameID Policies""" """SAML NameID Policies"""

View file

@ -62,7 +62,7 @@ class RequestProcessor:
auth_n_request.attrib["Destination"] = self.source.sso_url auth_n_request.attrib["Destination"] = self.source.sso_url
auth_n_request.attrib["ID"] = self.request_id auth_n_request.attrib["ID"] = self.request_id
auth_n_request.attrib["IssueInstant"] = self.issue_instant auth_n_request.attrib["IssueInstant"] = self.issue_instant
auth_n_request.attrib["ProtocolBinding"] = self.source.binding_type auth_n_request.attrib["ProtocolBinding"] = self.source.binding_type.uri
auth_n_request.attrib["Version"] = "2.0" auth_n_request.attrib["Version"] = "2.0"
# Create issuer object # Create issuer object
auth_n_request.append(self.get_issuer()) auth_n_request.append(self.get_issuer())