From fa61696b468ebe1db3d70d12c2d56a6db9378e5c Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 3 Feb 2022 18:20:06 +0100 Subject: [PATCH] sources/saml: fix incorrect ProtocolBinding being sent closes #2213 Signed-off-by: Jens Langhammer --- authentik/providers/saml/tests/test_auth_n_request.py | 4 ++++ authentik/sources/saml/models.py | 11 +++++++++++ authentik/sources/saml/processors/request.py | 2 +- 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/authentik/providers/saml/tests/test_auth_n_request.py b/authentik/providers/saml/tests/test_auth_n_request.py index 6820191fa..92d457b61 100644 --- a/authentik/providers/saml/tests/test_auth_n_request.py +++ b/authentik/providers/saml/tests/test_auth_n_request.py @@ -15,6 +15,7 @@ from authentik.providers.saml.processors.request_parser import AuthNRequestParse from authentik.sources.saml.exceptions import MismatchedRequestID from authentik.sources.saml.models import SAMLSource from authentik.sources.saml.processors.constants import ( + SAML_BINDING_REDIRECT, SAML_NAME_ID_FORMAT_EMAIL, SAML_NAME_ID_FORMAT_UNSPECIFIED, ) @@ -98,6 +99,9 @@ class TestAuthNRequest(TestCase): # First create an AuthNRequest request_proc = RequestProcessor(self.source, http_request, "test_state") + auth_n = request_proc.get_auth_n() + self.assertEqual(auth_n.attrib["ProtocolBinding"], SAML_BINDING_REDIRECT) + request = request_proc.build_auth_n() # Now we check the ID and signature parsed_request = AuthNRequestParser(self.provider).parse( diff --git a/authentik/sources/saml/models.py b/authentik/sources/saml/models.py index b25f05e6b..dee01a058 100644 --- a/authentik/sources/saml/models.py +++ b/authentik/sources/saml/models.py @@ -18,6 +18,8 @@ from authentik.sources.saml.processors.constants import ( RSA_SHA256, RSA_SHA384, RSA_SHA512, + SAML_BINDING_POST, + SAML_BINDING_REDIRECT, SAML_NAME_ID_FORMAT_EMAIL, SAML_NAME_ID_FORMAT_PERSISTENT, SAML_NAME_ID_FORMAT_TRANSIENT, @@ -37,6 +39,15 @@ class SAMLBindingTypes(models.TextChoices): POST = "POST", _("POST Binding") POST_AUTO = "POST_AUTO", _("POST Binding with auto-confirmation") + @property + def uri(self) -> str: + """Convert database field to URI""" + return { + SAMLBindingTypes.POST: SAML_BINDING_POST, + SAMLBindingTypes.POST_AUTO: SAML_BINDING_POST, + SAMLBindingTypes.REDIRECT: SAML_BINDING_REDIRECT, + }[self] + class SAMLNameIDPolicy(models.TextChoices): """SAML NameID Policies""" diff --git a/authentik/sources/saml/processors/request.py b/authentik/sources/saml/processors/request.py index 90072f8df..8a6d056df 100644 --- a/authentik/sources/saml/processors/request.py +++ b/authentik/sources/saml/processors/request.py @@ -62,7 +62,7 @@ class RequestProcessor: auth_n_request.attrib["Destination"] = self.source.sso_url auth_n_request.attrib["ID"] = self.request_id auth_n_request.attrib["IssueInstant"] = self.issue_instant - auth_n_request.attrib["ProtocolBinding"] = self.source.binding_type + auth_n_request.attrib["ProtocolBinding"] = self.source.binding_type.uri auth_n_request.attrib["Version"] = "2.0" # Create issuer object auth_n_request.append(self.get_issuer())