misc: disable AuthnRequest eo:next_url Extensions by default (fixes #20229)
This commit is contained in:
parent
a0d3e209c1
commit
ac75dce84f
|
@ -13,6 +13,7 @@ class AppSettings(object):
|
|||
'NAME_ID_POLICY_FORMAT': None,
|
||||
'NAME_ID_POLICY_ALLOW_CREATE': True,
|
||||
'FORCE_AUTHN': False,
|
||||
'ADD_AUTHNREQUEST_NEXT_URL_EXTENSION': False,
|
||||
'ADAPTER': (
|
||||
'mellon.adapters.DefaultAdapter',
|
||||
),
|
||||
|
|
|
@ -363,14 +363,15 @@ class LoginView(ProfileMixin, LogMixin, View):
|
|||
authn_request.requestedAuthnContext = req_authncontext
|
||||
req_authncontext.authnContextClassRef = authn_classref
|
||||
|
||||
authn_request.extensions = lasso.Samlp2Extensions()
|
||||
authn_request.extensions.setOriginalXmlnode(
|
||||
'''<samlp:Extensions
|
||||
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
|
||||
xmlns:eo="https://www.entrouvert.com/">
|
||||
<eo:next_url>%s</eo:next_url>
|
||||
</samlp:Extensions>''' %
|
||||
escape(request.build_absolute_uri(next_url or '/')))
|
||||
if utils.get_setting(idp, 'ADD_AUTHNREQUEST_NEXT_URL_EXTENSION'):
|
||||
authn_request.extensions = lasso.Samlp2Extensions()
|
||||
authn_request.extensions.setOriginalXmlnode(
|
||||
'''<samlp:Extensions
|
||||
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
|
||||
xmlns:eo="https://www.entrouvert.com/">
|
||||
<eo:next_url>%s</eo:next_url>
|
||||
</samlp:Extensions>''' %
|
||||
escape(request.build_absolute_uri(next_url or '/')))
|
||||
self.set_next_url(next_url)
|
||||
login.buildAuthnRequestMsg()
|
||||
except lasso.Error as e:
|
||||
|
|
Loading…
Reference in New Issue