misc: disable AuthnRequest eo:next_url Extensions by default (fixes #20229)

2018-03-07 15:57:47 +01:00 · 2018-03-07 15:57:47 +01:00 · ac75dce84f
parent a0d3e209c1
commit ac75dce84f
2 changed files with 10 additions and 8 deletions
--- a/mellon/app_settings.py
+++ b/mellon/app_settings.py
@ -13,6 +13,7 @@ class AppSettings(object):
        'NAME_ID_POLICY_FORMAT': None,
        'NAME_ID_POLICY_ALLOW_CREATE': True,
        'FORCE_AUTHN': False,
+        'ADD_AUTHNREQUEST_NEXT_URL_EXTENSION': False,
        'ADAPTER': (
            'mellon.adapters.DefaultAdapter',
        ),
--- a/mellon/views.py
+++ b/mellon/views.py
@ -363,6 +363,7 @@ class LoginView(ProfileMixin, LogMixin, View):
                authn_request.requestedAuthnContext = req_authncontext
                req_authncontext.authnContextClassRef = authn_classref

+            if utils.get_setting(idp, 'ADD_AUTHNREQUEST_NEXT_URL_EXTENSION'):
                authn_request.extensions = lasso.Samlp2Extensions()
                authn_request.extensions.setOriginalXmlnode(
                        '''<samlp:Extensions