misc: disable AuthnRequest eo:next_url Extensions by default (fixes #20229)
This commit is contained in:
parent
a0d3e209c1
commit
ac75dce84f
|
@ -13,6 +13,7 @@ class AppSettings(object):
|
||||||
'NAME_ID_POLICY_FORMAT': None,
|
'NAME_ID_POLICY_FORMAT': None,
|
||||||
'NAME_ID_POLICY_ALLOW_CREATE': True,
|
'NAME_ID_POLICY_ALLOW_CREATE': True,
|
||||||
'FORCE_AUTHN': False,
|
'FORCE_AUTHN': False,
|
||||||
|
'ADD_AUTHNREQUEST_NEXT_URL_EXTENSION': False,
|
||||||
'ADAPTER': (
|
'ADAPTER': (
|
||||||
'mellon.adapters.DefaultAdapter',
|
'mellon.adapters.DefaultAdapter',
|
||||||
),
|
),
|
||||||
|
|
|
@ -363,14 +363,15 @@ class LoginView(ProfileMixin, LogMixin, View):
|
||||||
authn_request.requestedAuthnContext = req_authncontext
|
authn_request.requestedAuthnContext = req_authncontext
|
||||||
req_authncontext.authnContextClassRef = authn_classref
|
req_authncontext.authnContextClassRef = authn_classref
|
||||||
|
|
||||||
authn_request.extensions = lasso.Samlp2Extensions()
|
if utils.get_setting(idp, 'ADD_AUTHNREQUEST_NEXT_URL_EXTENSION'):
|
||||||
authn_request.extensions.setOriginalXmlnode(
|
authn_request.extensions = lasso.Samlp2Extensions()
|
||||||
'''<samlp:Extensions
|
authn_request.extensions.setOriginalXmlnode(
|
||||||
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
|
'''<samlp:Extensions
|
||||||
xmlns:eo="https://www.entrouvert.com/">
|
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
|
||||||
<eo:next_url>%s</eo:next_url>
|
xmlns:eo="https://www.entrouvert.com/">
|
||||||
</samlp:Extensions>''' %
|
<eo:next_url>%s</eo:next_url>
|
||||||
escape(request.build_absolute_uri(next_url or '/')))
|
</samlp:Extensions>''' %
|
||||||
|
escape(request.build_absolute_uri(next_url or '/')))
|
||||||
self.set_next_url(next_url)
|
self.set_next_url(next_url)
|
||||||
login.buildAuthnRequestMsg()
|
login.buildAuthnRequestMsg()
|
||||||
except lasso.Error as e:
|
except lasso.Error as e:
|
||||||
|
|
Loading…
Reference in New Issue