add DiscoveryResponse endpoint to metadata (fixes #10197)

2016-03-04 11:05:01 +01:00 · 2016-03-04 11:05:01 +01:00 · eb89a86ef3
parent 7a5223d050
commit eb89a86ef3
3 changed files with 11 additions and 1 deletions
--- a/mellon/templates/mellon/metadata.xml
+++ b/mellon/templates/mellon/metadata.xml
@ -15,6 +15,12 @@
           </ds:KeyInfo>
       </KeyDescriptor>
    {% endfor %}
+    <Extensions>
+      <idpdisc:DiscoveryResponse index="1"
+        xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"
+        Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"
+        Location="{{ discovery_endpoint_url }}"/>
+   </Extensions>
   <SingleLogoutService
     Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
     Location="{{ logout_url }}" />
--- a/mellon/utils.py
+++ b/mellon/utils.py
@ -36,6 +36,7 @@ def create_metadata(request):
            'default_assertion_consumer_binding': app_settings.DEFAULT_ASSERTION_CONSUMER_BINDING,
            'organization': app_settings.ORGANIZATION,
            'contact_persons': app_settings.CONTACT_PERSONS,
+            'discovery_endpoint_url': request.build_absolute_uri(reverse('mellon_login')),
        })
        settings._MELLON_METADATA_CACHE = cache
    return settings._MELLON_METADATA_CACHE[entity_id]
--- a/tests/test_utils.py
+++ b/tests/test_utils.py
@ -131,6 +131,7 @@ def test_create_metadata(rf, private_settings, caplog):
    ns = {
        'sm': 'urn:oasis:names:tc:SAML:2.0:metadata',
        'ds': 'http://www.w3.org/2000/09/xmldsig#',
+        'idpdisc': 'urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol',
    }
    private_settings.MELLON_PUBLIC_KEYS = ['xxx', '/yyy']
    private_settings.MELLON_NAME_ID_FORMATS = [lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED]
@ -143,7 +144,9 @@ def test_create_metadata(rf, private_settings, caplog):
        ('/sm:EntityDescriptor[@entityID="http://testserver/metadata/"]', 1,
         ('/*', 1),
         ('/sm:SPSSODescriptor', 1,
-          ('/*', 6),
+          ('/*', 7),
+          ('/sm:Extensions', 1,
+           ('/idpdisc:DiscoveryResponse', 1)),
          ('/sm:NameIDFormat', 1),
          ('/sm:SingleLogoutService', 1),
          ('/sm:AssertionConsumerService[@isDefault=\'true\'][@Binding=\'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\']', 1),