summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas NOEL <tnoel@entrouvert.com>2018-03-07 14:57:47 (GMT)
committerBenjamin Dauvergne <bdauvergne@entrouvert.com>2018-03-07 14:59:10 (GMT)
commitac75dce84f5bd029d00f5a7d96d9d9d7d773acd0 (patch)
tree64ea14d5a68c035b34347c96fe564ad226672b62
parenta0d3e209c110bdc33ab3f20c5e06e8a8d09928f5 (diff)
downloaddjango-mellon-ac75dce84f5bd029d00f5a7d96d9d9d7d773acd0.zip
django-mellon-ac75dce84f5bd029d00f5a7d96d9d9d7d773acd0.tar.gz
django-mellon-ac75dce84f5bd029d00f5a7d96d9d9d7d773acd0.tar.bz2
misc: disable AuthnRequest eo:next_url Extensions by default (fixes #20229)
-rw-r--r--mellon/app_settings.py1
-rw-r--r--mellon/views.py17
2 files changed, 10 insertions, 8 deletions
diff --git a/mellon/app_settings.py b/mellon/app_settings.py
index aeeab73..b948a2f 100644
--- a/mellon/app_settings.py
+++ b/mellon/app_settings.py
@@ -13,6 +13,7 @@ class AppSettings(object):
'NAME_ID_POLICY_FORMAT': None,
'NAME_ID_POLICY_ALLOW_CREATE': True,
'FORCE_AUTHN': False,
+ 'ADD_AUTHNREQUEST_NEXT_URL_EXTENSION': False,
'ADAPTER': (
'mellon.adapters.DefaultAdapter',
),
diff --git a/mellon/views.py b/mellon/views.py
index 2ecb0b3..a7778d7 100644
--- a/mellon/views.py
+++ b/mellon/views.py
@@ -363,14 +363,15 @@ class LoginView(ProfileMixin, LogMixin, View):
authn_request.requestedAuthnContext = req_authncontext
req_authncontext.authnContextClassRef = authn_classref
- authn_request.extensions = lasso.Samlp2Extensions()
- authn_request.extensions.setOriginalXmlnode(
- '''<samlp:Extensions
- xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
- xmlns:eo="https://www.entrouvert.com/">
- <eo:next_url>%s</eo:next_url>
- </samlp:Extensions>''' %
- escape(request.build_absolute_uri(next_url or '/')))
+ if utils.get_setting(idp, 'ADD_AUTHNREQUEST_NEXT_URL_EXTENSION'):
+ authn_request.extensions = lasso.Samlp2Extensions()
+ authn_request.extensions.setOriginalXmlnode(
+ '''<samlp:Extensions
+ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+ xmlns:eo="https://www.entrouvert.com/">
+ <eo:next_url>%s</eo:next_url>
+ </samlp:Extensions>''' %
+ escape(request.build_absolute_uri(next_url or '/')))
self.set_next_url(next_url)
login.buildAuthnRequestMsg()
except lasso.Error as e: