entrouvert
/
django-mellon
17
0
Fork 0
Code Issues Pull Requests Releases Activity

make DiscoveryResponse optional in metadata (#15260)

This commit is contained in:
Benjamin Dauvergne 2019-10-01 00:20:13 +02:00
parent 3557720aa6
commit a4a659d04e
5 changed files with 34 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
mellon/app_settings.py
View File

@ -43,6 +43,7 @@ class AppSettings(object):
'LOOKUP_BY_ATTRIBUTES': [],
'METADATA_CACHE_TIME': 3600,
'METADATA_HTTP_TIMEOUT': 10,
'METADATA_PUBLISH_DISCOVERY_RESPONSE': False,
}
@property

4
mellon/templates/mellon/metadata.xml
View File

@ -6,12 +6,14 @@
AuthnRequestsSigned="true"
WantAssertionsSigned="true"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
{% if discovery_endpoint_url %}
<Extensions>
<idpdisc:DiscoveryResponse index="1"
xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"
Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"
Location="{{ discovery_endpoint_url }}"/>
</Extensions>
</Extensions>
{% endif %}
{% for public_key in public_keys %}
<KeyDescriptor>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

10
mellon/utils.py
View File

@ -49,7 +49,8 @@ def create_metadata(request):
public_key = ''.join(content.splitlines()[1:-1])
public_keys.append(public_key)
name_id_formats = app_settings.NAME_ID_FORMATS
return render_to_string('mellon/metadata.xml', {
ctx = {
'request': request,
'entity_id': request.build_absolute_uri(entity_id),
'login_url': request.build_absolute_uri(login_url),
'logout_url': request.build_absolute_uri(logout_url),
@ -58,8 +59,11 @@ def create_metadata(request):
'default_assertion_consumer_binding': app_settings.DEFAULT_ASSERTION_CONSUMER_BINDING,
'organization': app_settings.ORGANIZATION,
'contact_persons': app_settings.CONTACT_PERSONS,
'discovery_endpoint_url': request.build_absolute_uri(reverse('mellon_login')),
})
}
if app_settings.METADATA_PUBLISH_DISCOVERY_RESPONSE:
ctx['discovery_endpoint_url'] = request.build_absolute_uri(
reverse('mellon_login'))
return render_to_string('mellon/metadata.xml', ctx)
def create_server(request):

22
tests/test_utils.py
View File

@ -35,6 +35,28 @@ def test_create_metadata(rf, private_settings, caplog):
private_settings.MELLON_NAME_ID_FORMATS = [lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED]
private_settings.MELLON_DEFAULT_ASSERTION_CONSUMER_BINDING = 'artifact'
request = rf.get('/')
with mock.patch('mellon.utils.open', mock.mock_open(read_data='BEGIN\nyyy\nEND'), create=True):
metadata = create_metadata(request)
assert_xml_constraints(
metadata.encode('utf-8'),
('/sm:EntityDescriptor[@entityID="http://testserver/metadata/"]', 1,
('/*', 1),
('/sm:SPSSODescriptor', 1,
('/*', 6),
('/sm:NameIDFormat', 1),
('/sm:SingleLogoutService', 1),
('/sm:AssertionConsumerService[@isDefault=\'true\'][@Binding=\'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\']', 1),
('/sm:AssertionConsumerService[@isDefault=\'true\'][@Binding=\'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\']',
0),
('/sm:AssertionConsumerService[@Binding=\'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\']',
1),
('/sm:KeyDescriptor/ds:KeyInfo/ds:X509Data', 2,
('/ds:X509Certificate', 2),
('/ds:X509Certificate[text()=\'xxx\']', 1),
('/ds:X509Certificate[text()=\'yyy\']', 1)))),
namespaces=ns)
private_settings.MELLON_METADATA_PUBLISH_DISCOVERY_RESPONSE = True
with mock.patch('mellon.utils.open', mock.mock_open(read_data='BEGIN\nyyy\nEND'), create=True):
metadata = create_metadata(request)
assert_xml_constraints(

2
tests/test_views.py
View File

@ -112,7 +112,7 @@ def test_metadata(private_settings, client):
('/sm:EntityDescriptor[@entityID="http://testserver/metadata/"]', 1,
('/*', 4),
('/sm:SPSSODescriptor', 1,
('/*', 7),
('/*', 6),
('/sm:NameIDFormat', 1),
('/sm:SingleLogoutService', 1),
('/sm:AssertionConsumerService', None,