force authn context to be lasso.SAML2_AUTHN_CONTEXT_SMARTCARD_PKI
This commit is contained in:
parent
b1ed899f50
commit
d300907626
|
@ -14,20 +14,16 @@
|
|||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
import lasso
|
||||
from mellon.backends import SAMLBackend
|
||||
|
||||
from authentic2.middleware import StoreRequestMiddleware
|
||||
|
||||
|
||||
class FedictBackend(SAMLBackend):
|
||||
def get_saml2_authn_context(self):
|
||||
# Pass AuthnContextClassRef from the previous IdP
|
||||
request = StoreRequestMiddleware.get_request()
|
||||
if request:
|
||||
authn_context_class_ref = request.session.get(
|
||||
'mellon_session', {}).get('authn_context_class_ref')
|
||||
if authn_context_class_ref:
|
||||
return authn_context_class_ref
|
||||
|
||||
import lasso
|
||||
return lasso.SAML2_AUTHN_CONTEXT_PREVIOUS_SESSION
|
||||
# The Fedict will return one of:
|
||||
# * urn:be:fedict:iam:fas:citizen:eid,
|
||||
# * urn:be:fedict:iam:fas:citizen:token,
|
||||
# * urn:be:fedict:iam:fas:enterprise:eid,
|
||||
# * urn:be:fedict:iam:fas:citizen:token
|
||||
# but we do not expose this detail to the service provider as all it
|
||||
# needs to know is "strong authentication".
|
||||
return lasso.SAML2_AUTHN_CONTEXT_SMARTCARD_PKI
|
||||
|
|
Loading…
Reference in New Issue