Always use adapters to get to IdP settings
This commit is contained in:
parent
144da5f72e
commit
9525e29b03
|
@ -15,6 +15,9 @@ class DefaultAdapter(object):
|
|||
if entity_id in idp['ENTITY_ID']:
|
||||
return idp
|
||||
|
||||
def get_idps(self):
|
||||
return [idp for idp in app_settings.IDENTITY_PROVIDERS]
|
||||
|
||||
def authorize(self, idp, saml_attributes):
|
||||
if not idp:
|
||||
return False
|
||||
|
|
|
@ -39,7 +39,7 @@ SERVERS = {}
|
|||
def create_server(request):
|
||||
root = request.build_absolute_uri('/')
|
||||
if root not in SERVERS:
|
||||
idps = app_settings.IDENTITY_PROVIDERS
|
||||
idps = get_idps()
|
||||
metadata = create_metadata(request)
|
||||
server = lasso.Server.newFromBuffers(metadata,
|
||||
private_key_content=app_settings.PRIVATE_KEY,
|
||||
|
@ -67,6 +67,12 @@ def get_idp(entity_id):
|
|||
if idp:
|
||||
return idp
|
||||
|
||||
def get_idps():
|
||||
for adapter in get_adapters():
|
||||
if hasattr(adapter, 'get_idps'):
|
||||
for idp in adapter.get_idps():
|
||||
yield idp
|
||||
|
||||
def flatten_datetime(d):
|
||||
for key, value in d.iteritems():
|
||||
if isinstance(value, datetime.datetime):
|
||||
|
|
|
@ -10,7 +10,7 @@ from django.utils.http import same_origin
|
|||
|
||||
import lasso
|
||||
|
||||
from . import app_settings, utils
|
||||
from . import utils
|
||||
|
||||
|
||||
class LogMixin(object):
|
||||
|
@ -23,11 +23,9 @@ class LoginView(LogMixin, View):
|
|||
def get_idp(self, request):
|
||||
entity_id = request.REQUEST.get('entity_id')
|
||||
if not entity_id:
|
||||
return app_settings.IDENTITY_PROVIDERS[0]
|
||||
return next(utils.get_idps())
|
||||
else:
|
||||
for idp in app_settings.IDENTITY_PROVIDERS:
|
||||
if idp.entity_id == entity_id:
|
||||
return idp
|
||||
return utils.get_idp(entity_id)
|
||||
|
||||
def post(self, request, *args, **kwargs):
|
||||
'''Assertion consumer'''
|
||||
|
@ -149,19 +147,15 @@ class LoginView(LogMixin, View):
|
|||
authn_request = login.request
|
||||
# configure NameID policy
|
||||
policy = authn_request.nameIdPolicy
|
||||
policy.allowCreate = \
|
||||
(idp.get('NAME_ID_POLICY_ALLOW_CREATE') or \
|
||||
app_settings.NAME_ID_POLICY_ALLOW_CREATE) and True
|
||||
policy_format = idp.get('NAME_ID_POLICY_FORMAT') \
|
||||
or app_settings.NAME_ID_POLICY_FORMAT
|
||||
policy.format = policy_format or None
|
||||
force_authn = idp.get('FORCE_AUTHN') or app_settings.FORCE_AUTHN
|
||||
policy.allowCreate = utils.get_setting(idp, 'NAME_ID_POLICY_ALLOW_CREATE')
|
||||
policy.format = utils.get_setting(idp, 'NAME_ID_POLICY_FORMAT')
|
||||
force_authn = utils.get_setting(idp, 'FORCE_AUTHN')
|
||||
if force_authn:
|
||||
policy.forceAuthn = True
|
||||
if request.GET.get('passive') == '1':
|
||||
policy.isPassive = True
|
||||
# configure requested AuthnClassRef
|
||||
authn_classref = idp.get('AUTHN_CLASSREF') or app_settings.AUTHN_CLASSREF
|
||||
authn_classref = utils.get_setting(idp, 'AUTHN_CLASSREF')
|
||||
if authn_classref:
|
||||
req_authncontext = lasso.RequestedAuthnContext()
|
||||
authn_request.requestedAuthnContext = req_authncontext
|
||||
|
|
Loading…
Reference in New Issue