views: handle role requests
Allows an application to request specific roles from the idp, using "roles" query parameters.
This commit is contained in:
parent
e1fa70d28d
commit
0f26806791
|
@ -19,6 +19,7 @@ from django.utils import six
|
||||||
from django.utils.encoding import force_text
|
from django.utils.encoding import force_text
|
||||||
from django.contrib.auth import REDIRECT_FIELD_NAME
|
from django.contrib.auth import REDIRECT_FIELD_NAME
|
||||||
from django.db import transaction
|
from django.db import transaction
|
||||||
|
from django.utils.six.moves.urllib.parse import urljoin
|
||||||
from django.utils.translation import ugettext as _
|
from django.utils.translation import ugettext as _
|
||||||
|
|
||||||
from . import app_settings, utils
|
from . import app_settings, utils
|
||||||
|
@ -375,6 +376,7 @@ class LoginView(ProfileMixin, LogMixin, View):
|
||||||
request, is_passive=request.GET.get('passive') == '1')
|
request, is_passive=request.GET.get('passive') == '1')
|
||||||
|
|
||||||
next_url = check_next_url(self.request, request.GET.get(REDIRECT_FIELD_NAME))
|
next_url = check_next_url(self.request, request.GET.get(REDIRECT_FIELD_NAME))
|
||||||
|
requested_roles = request.GET.getlist('roles')
|
||||||
idp = self.get_idp(request)
|
idp = self.get_idp(request)
|
||||||
if idp is None:
|
if idp is None:
|
||||||
return HttpResponseBadRequest('no idp found')
|
return HttpResponseBadRequest('no idp found')
|
||||||
|
@ -394,7 +396,13 @@ class LoginView(ProfileMixin, LogMixin, View):
|
||||||
authn_request.isPassive = True
|
authn_request.isPassive = True
|
||||||
# configure requested AuthnClassRef
|
# configure requested AuthnClassRef
|
||||||
authn_classref = utils.get_setting(idp, 'AUTHN_CLASSREF')
|
authn_classref = utils.get_setting(idp, 'AUTHN_CLASSREF')
|
||||||
if authn_classref:
|
if requested_roles:
|
||||||
|
prefix = 'https://entrouvert.com/authn-class-ref/role-uuid/' # TODO add setting
|
||||||
|
authn_classref = tuple(str(urljoin(prefix, role)) for role in requested_roles)
|
||||||
|
req_authncontext = lasso.Samlp2RequestedAuthnContext()
|
||||||
|
authn_request.requestedAuthnContext = req_authncontext
|
||||||
|
req_authncontext.authnContextClassRef = authn_classref
|
||||||
|
elif authn_classref:
|
||||||
authn_classref = tuple([str(x) for x in authn_classref])
|
authn_classref = tuple([str(x) for x in authn_classref])
|
||||||
req_authncontext = lasso.Samlp2RequestedAuthnContext()
|
req_authncontext = lasso.Samlp2RequestedAuthnContext()
|
||||||
authn_request.requestedAuthnContext = req_authncontext
|
authn_request.requestedAuthnContext = req_authncontext
|
||||||
|
|
Loading…
Reference in New Issue