views: handle role requests
Allows an application to request specific roles from the idp, using "roles" query parameters.
This commit is contained in:
parent
e1fa70d28d
commit
0f26806791
|
@ -19,6 +19,7 @@ from django.utils import six
|
|||
from django.utils.encoding import force_text
|
||||
from django.contrib.auth import REDIRECT_FIELD_NAME
|
||||
from django.db import transaction
|
||||
from django.utils.six.moves.urllib.parse import urljoin
|
||||
from django.utils.translation import ugettext as _
|
||||
|
||||
from . import app_settings, utils
|
||||
|
@ -375,6 +376,7 @@ class LoginView(ProfileMixin, LogMixin, View):
|
|||
request, is_passive=request.GET.get('passive') == '1')
|
||||
|
||||
next_url = check_next_url(self.request, request.GET.get(REDIRECT_FIELD_NAME))
|
||||
requested_roles = request.GET.getlist('roles')
|
||||
idp = self.get_idp(request)
|
||||
if idp is None:
|
||||
return HttpResponseBadRequest('no idp found')
|
||||
|
@ -394,7 +396,13 @@ class LoginView(ProfileMixin, LogMixin, View):
|
|||
authn_request.isPassive = True
|
||||
# configure requested AuthnClassRef
|
||||
authn_classref = utils.get_setting(idp, 'AUTHN_CLASSREF')
|
||||
if authn_classref:
|
||||
if requested_roles:
|
||||
prefix = 'https://entrouvert.com/authn-class-ref/role-uuid/' # TODO add setting
|
||||
authn_classref = tuple(str(urljoin(prefix, role)) for role in requested_roles)
|
||||
req_authncontext = lasso.Samlp2RequestedAuthnContext()
|
||||
authn_request.requestedAuthnContext = req_authncontext
|
||||
req_authncontext.authnContextClassRef = authn_classref
|
||||
elif authn_classref:
|
||||
authn_classref = tuple([str(x) for x in authn_classref])
|
||||
req_authncontext = lasso.Samlp2RequestedAuthnContext()
|
||||
authn_request.requestedAuthnContext = req_authncontext
|
||||
|
|
Loading…
Reference in New Issue