auth_saml: add name id policy format choices (#70750)
This commit is contained in:
parent
9670f4d857
commit
65e5a32250
|
@ -5,6 +5,7 @@ import django.db.models.deletion
|
|||
from django.db import migrations, models
|
||||
|
||||
import authentic2_auth_saml.models
|
||||
from authentic2_auth_saml.models import NAME_ID_FORMAT_CHOICES
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
@ -117,6 +118,7 @@ class Migration(migrations.Migration):
|
|||
help_text='The NameID format to request.',
|
||||
max_length=64,
|
||||
verbose_name='NameID policy format',
|
||||
choices=NAME_ID_FORMAT_CHOICES,
|
||||
),
|
||||
),
|
||||
(
|
||||
|
|
|
@ -32,6 +32,23 @@ from authentic2.apps.authenticators.models import (
|
|||
)
|
||||
from authentic2.utils.misc import redirect_to_login
|
||||
|
||||
NAME_ID_FORMAT_CHOICES = (
|
||||
('', _('None')),
|
||||
(
|
||||
lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT,
|
||||
_('Persistent (%s)') % lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT,
|
||||
),
|
||||
(
|
||||
lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT,
|
||||
_('Transient (%s)') % lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT,
|
||||
),
|
||||
(lasso.SAML2_NAME_IDENTIFIER_FORMAT_EMAIL, _('Email (%s)') % lasso.SAML2_NAME_IDENTIFIER_FORMAT_EMAIL),
|
||||
(
|
||||
lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED,
|
||||
_('Unspecified (%s)') % lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED,
|
||||
),
|
||||
)
|
||||
|
||||
|
||||
def validate_metadata(metadata):
|
||||
try:
|
||||
|
@ -88,7 +105,11 @@ class SAMLAuthenticator(BaseAuthenticator):
|
|||
default='{attributes[name_id_content]}@{realm}',
|
||||
)
|
||||
name_id_policy_format = models.CharField(
|
||||
_('NameID policy format'), max_length=64, help_text=_('The NameID format to request.'), blank=True
|
||||
_('NameID policy format'),
|
||||
max_length=64,
|
||||
choices=NAME_ID_FORMAT_CHOICES,
|
||||
help_text=_('The NameID format to request.'),
|
||||
blank=True,
|
||||
)
|
||||
name_id_policy_allow_create = models.BooleanField(_('NameID policy allow create'), default=True)
|
||||
force_authn = models.BooleanField(
|
||||
|
|
|
@ -565,6 +565,19 @@ def test_authenticators_saml_no_name_display(app, superuser, ou1, ou2):
|
|||
assert 'SAML - idp1' in resp.text
|
||||
|
||||
|
||||
def test_authenticators_saml_name_id_format_select(app, superuser):
|
||||
authenticator = SAMLAuthenticator.objects.create(metadata_url='https://example.com/meta.xml', slug='idp1')
|
||||
|
||||
resp = login(app, superuser, path='/manage/authenticators/%s/edit/' % authenticator.pk)
|
||||
resp.form['name_id_policy_format'].select(
|
||||
text='Persistent (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent)'
|
||||
)
|
||||
resp.form.submit().follow()
|
||||
|
||||
authenticator.refresh_from_db()
|
||||
assert authenticator.name_id_policy_format == 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'
|
||||
|
||||
|
||||
def test_authenticators_saml_attribute_lookup(app, superuser):
|
||||
authenticator = SAMLAuthenticator.objects.create(metadata='meta1.xml', slug='idp1')
|
||||
resp = login(app, superuser, path=authenticator.get_absolute_url())
|
||||
|
|
Loading…
Reference in New Issue