Always use adapters to get to IdP settings

This commit is contained in:
Benjamin Dauvergne 2015-02-13 18:03:47 +01:00
parent 144da5f72e
commit 9525e29b03
3 changed files with 17 additions and 14 deletions

View File

@ -15,6 +15,9 @@ class DefaultAdapter(object):
if entity_id in idp['ENTITY_ID']:
return idp
def get_idps(self):
return [idp for idp in app_settings.IDENTITY_PROVIDERS]
def authorize(self, idp, saml_attributes):
if not idp:
return False

View File

@ -39,7 +39,7 @@ SERVERS = {}
def create_server(request):
root = request.build_absolute_uri('/')
if root not in SERVERS:
idps = app_settings.IDENTITY_PROVIDERS
idps = get_idps()
metadata = create_metadata(request)
server = lasso.Server.newFromBuffers(metadata,
private_key_content=app_settings.PRIVATE_KEY,
@ -67,6 +67,12 @@ def get_idp(entity_id):
if idp:
return idp
def get_idps():
for adapter in get_adapters():
if hasattr(adapter, 'get_idps'):
for idp in adapter.get_idps():
yield idp
def flatten_datetime(d):
for key, value in d.iteritems():
if isinstance(value, datetime.datetime):

View File

@ -10,7 +10,7 @@ from django.utils.http import same_origin
import lasso
from . import app_settings, utils
from . import utils
class LogMixin(object):
@ -23,11 +23,9 @@ class LoginView(LogMixin, View):
def get_idp(self, request):
entity_id = request.REQUEST.get('entity_id')
if not entity_id:
return app_settings.IDENTITY_PROVIDERS[0]
return next(utils.get_idps())
else:
for idp in app_settings.IDENTITY_PROVIDERS:
if idp.entity_id == entity_id:
return idp
return utils.get_idp(entity_id)
def post(self, request, *args, **kwargs):
'''Assertion consumer'''
@ -149,19 +147,15 @@ class LoginView(LogMixin, View):
authn_request = login.request
# configure NameID policy
policy = authn_request.nameIdPolicy
policy.allowCreate = \
(idp.get('NAME_ID_POLICY_ALLOW_CREATE') or \
app_settings.NAME_ID_POLICY_ALLOW_CREATE) and True
policy_format = idp.get('NAME_ID_POLICY_FORMAT') \
or app_settings.NAME_ID_POLICY_FORMAT
policy.format = policy_format or None
force_authn = idp.get('FORCE_AUTHN') or app_settings.FORCE_AUTHN
policy.allowCreate = utils.get_setting(idp, 'NAME_ID_POLICY_ALLOW_CREATE')
policy.format = utils.get_setting(idp, 'NAME_ID_POLICY_FORMAT')
force_authn = utils.get_setting(idp, 'FORCE_AUTHN')
if force_authn:
policy.forceAuthn = True
if request.GET.get('passive') == '1':
policy.isPassive = True
# configure requested AuthnClassRef
authn_classref = idp.get('AUTHN_CLASSREF') or app_settings.AUTHN_CLASSREF
authn_classref = utils.get_setting(idp, 'AUTHN_CLASSREF')
if authn_classref:
req_authncontext = lasso.RequestedAuthnContext()
authn_request.requestedAuthnContext = req_authncontext