misc: disable AuthnRequest eo:next_url Extensions by default (fixes #20229)

This commit is contained in:
Thomas NOËL 2018-03-07 15:57:47 +01:00 committed by Benjamin Dauvergne
parent a0d3e209c1
commit ac75dce84f
2 changed files with 10 additions and 8 deletions

View File

@ -13,6 +13,7 @@ class AppSettings(object):
'NAME_ID_POLICY_FORMAT': None,
'NAME_ID_POLICY_ALLOW_CREATE': True,
'FORCE_AUTHN': False,
'ADD_AUTHNREQUEST_NEXT_URL_EXTENSION': False,
'ADAPTER': (
'mellon.adapters.DefaultAdapter',
),

View File

@ -363,14 +363,15 @@ class LoginView(ProfileMixin, LogMixin, View):
authn_request.requestedAuthnContext = req_authncontext
req_authncontext.authnContextClassRef = authn_classref
authn_request.extensions = lasso.Samlp2Extensions()
authn_request.extensions.setOriginalXmlnode(
'''<samlp:Extensions
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:eo="https://www.entrouvert.com/">
<eo:next_url>%s</eo:next_url>
</samlp:Extensions>''' %
escape(request.build_absolute_uri(next_url or '/')))
if utils.get_setting(idp, 'ADD_AUTHNREQUEST_NEXT_URL_EXTENSION'):
authn_request.extensions = lasso.Samlp2Extensions()
authn_request.extensions.setOriginalXmlnode(
'''<samlp:Extensions
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:eo="https://www.entrouvert.com/">
<eo:next_url>%s</eo:next_url>
</samlp:Extensions>''' %
escape(request.build_absolute_uri(next_url or '/')))
self.set_next_url(next_url)
login.buildAuthnRequestMsg()
except lasso.Error as e: