Valentin Deniaud
b95ea4d6ce
wip add auth_levels
2019-03-29 16:30:39 +01:00
Valentin Deniaud
90c7daaa8a
add auth levels
2019-03-28 17:52:46 +01:00
Frédéric Péters
99a60c1d88
update sso_failure call to new method signature ( #31690 )
2019-03-25 14:03:04 +01:00
Benjamin Dauvergne
ca6ce92781
views: fix discovery URL building ( #31581 )
2019-03-20 14:28:05 +01:00
Benjamin Dauvergne
d0e6f46f9b
views: keep next URL on disco requests ( fixes #31043 )
2019-03-19 23:43:37 +01:00
Benjamin Dauvergne
b3e1b9c533
views: add new setting LOGIN_HINTS ( fixes #30966 )
...
You can set MELLON_LOGIN_HINTS = ['backoffice'] to get a node
eo:login-hint set to "backoffice" in AuthnRequest when next_url for the
login view is among /manage/, /admin/ or /manager/.
Another value is 'always_backoffice' which always set the 'backoffice'
login_hint.
2019-03-07 23:12:56 +01:00
Benjamin Dauvergne
b7712516ee
views: PEP8ness ( #30966 )
2019-03-07 23:12:07 +01:00
Benjamin Dauvergne
f2e05b84ae
prevent redirection loop on artifact resolution errors ( fixes #14810 )
...
Signature of method sso_failure() is changed to match the name name of
the context variable in template mellon/authentication_failed.html
(idp_message => reason).
2019-03-02 16:42:46 +01:00
Benjamin Dauvergne
3d449b7928
backends: add request argument to authenticate ( fixes #30541 )
...
For Django 1.11 compatibility.
2019-02-12 09:45:53 +01:00
Benjamin Dauvergne
b0ddc85486
backends: PEP8ness, copyright ( #30451 )
2019-02-12 09:45:53 +01:00
Frédéric Péters
a1fa7d36df
don't cache local metadata anymore ( #13881 )
2018-09-05 17:09:31 +02:00
Frédéric Péters
d026ce40e1
don't use RelayState as continuation URL in case of errors ( #25522 )
2018-07-29 23:12:10 +02:00
Benjamin Dauvergne
d4d0b85944
use good API from lasso to set Extensions node content ( #23003 )
...
- use extensions.any tuple to set the content of the Extensions node
- add tests for the presence of the eo:next_url node when
ADD_AUTHNREQUEST_NEXT_URL_EXTENSION is used
- add tests for next_url propagation through the RelayState value
2018-06-06 11:05:59 +02:00
Frédéric Péters
edb09ed8fd
use force_text for python2/3 compatibility ( #24139 )
2018-05-29 12:21:13 +02:00
Frédéric Péters
1e02302fd9
python3: get metadata from URL as a string
2018-04-05 14:38:36 +02:00
Frédéric Péters
163639501c
python3: always use %s to get user representation in logs
2018-04-05 14:31:45 +02:00
Frédéric Péters
24e85adc5a
python3: handle differences in lasso/py2/py3 encodings
2018-04-05 14:31:45 +02:00
Frédéric Péters
401b65f8b3
python3: adjust unicode usage
2018-04-05 14:29:55 +02:00
Frédéric Péters
239f39c097
python3: add detection of xml encoding
2018-04-05 14:25:54 +02:00
Frédéric Péters
7df3a6f5e0
python3: don't use iteritems
2018-04-05 14:25:54 +02:00
Frédéric Péters
d342971a45
python3: use open() to open files
2018-04-05 14:25:54 +02:00
Benjamin Dauvergne
be791d54a8
set a default value for IDENTITY_PROVIDERS (( fixes #20221 )
2018-03-07 18:09:44 +01:00
Benjamin Dauvergne
b66a974922
do not raise ImproperlyConfigured on acces to app_settings.IDENTITY_PROVIDERS ( fixes #20221 )
2018-03-07 16:54:19 +01:00
Thomas NOËL
ac75dce84f
misc: disable AuthnRequest eo:next_url Extensions by default ( fixes #20229 )
2018-03-07 15:59:10 +01:00
Benjamin Dauvergne
a0d3e209c1
move tag Extensions in metadata template ( fixes #21923 )
...
Current template does not validate the SAML 2.0 metadata schema.
2018-02-16 09:54:22 +01:00
Benjamin Dauvergne
6c528dd2c3
Revert "support federation file loading ( #19396 )"
...
This reverts commit 63993e360c
.
2018-01-09 21:43:25 +01:00
Paul Marillonnet
63993e360c
support federation file loading ( #19396 )
2018-01-09 17:50:25 +01:00
Frédéric Péters
343be40b6f
misc: update exception handling for Python 3 ( #20925 )
2017-12-30 11:53:31 +01:00
Frédéric Péters
078fcbd058
misc: update missing-django message for Python 3 ( #20925 )
2017-12-30 11:53:31 +01:00
Benjamin Dauvergne
688067f270
middleware: improve condition to automatically determine a common domain ( fixes #15548 )
...
It works if:
- HTTP Host is a domain name and not an IP address (IPv6 address will not pass
this test, they lack dots),
- domain contains at least three components.
2017-09-27 21:59:48 +02:00
Benjamin Dauvergne
cb3e18c8ba
tests: fix discovery service tests ( #19018 #19016 )
2017-09-27 21:59:15 +02:00
Benjamin Dauvergne
1703cc5da2
views: send entityID to discovery service ( fixes #19016 )
2017-09-27 14:28:44 +02:00
Benjamin Dauvergne
afe3d4a83f
views: add nodisco=1 to discovery service return url ( fixes #19018 )
2017-09-27 14:28:43 +02:00
Benjamin Dauvergne
850a192bcb
add a timeout to artifact resolve HTTP calls ( fixes #18098 )
2017-09-27 14:28:43 +02:00
Frédéric Péters
646132c661
misc: include target URL in AuthnRequest Extensions node ( #18452 )
2017-09-06 11:02:12 +02:00
Frédéric Péters
7767bc6740
use django facilities to get hostname from request ( #16525 )
...
This is required as SERVER_NAME may not be used in some uwsgi
configuration, and HTTP_HOST should be used instead.
| Nginx maps the $server_name variable to the first server_name you define.
| In your case you have two solutions: read HTTP_HOST instead of SERVER_NAME
| in your app or set SERVER_NAME to $http_host in uwsgi_params
-- http://lists.unbit.it/pipermail/uwsgi/2010-August/000571.html
The HttpRequest.get_host method handles those cases and more.
2017-08-10 11:35:21 +02:00
Frédéric Péters
4201b41cdb
misc: remove usage of urls.patterns for django 1.8 and later ( #15959 )
2017-04-23 21:08:15 +02:00
Frédéric Péters
d89ecdfbce
allow an adapter to adapt auth.login() ( #14476 )
2017-01-02 13:41:41 +01:00
Frédéric Péters
a838336442
misc: remove south migrations ( #14064 )
2016-11-23 18:01:30 +01:00
Frédéric Péters
dada4e8242
add logging of IdP SAML responses and looked up users ( #14056 )
2016-11-23 13:09:01 +01:00
Frédéric Péters
db578bddcf
translation update
2016-10-23 17:47:53 +02:00
Benjamin Dauvergne
4a52cfee3e
allow views to refuse passive login ( fixes #13627 )
2016-10-18 10:03:41 +02:00
Benjamin Dauvergne
09ff054f57
retry login when artifact resolution return an empty message ( fixes #12795 )
...
This commit also add a test of artifact login.
2016-07-29 11:53:36 +02:00
Benjamin Dauvergne
aaedfde786
views: gracefully handle logout errors ( fixes #11449 )
2016-06-22 11:06:46 +02:00
Benjamin Dauvergne
69a18d7272
utils: fix handling of multiple private keys ( fixes #11475 )
2016-06-22 11:06:33 +02:00
Frédéric Péters
80c748820a
misc: force another auth.logout() after coming back from the IdP ( #11394 )
2016-06-16 16:13:04 +02:00
Frédéric Péters
33dded157a
middleware: don't fail on unnamed URLs ( #11319 )
2016-06-13 13:43:06 +02:00
Frédéric Péters
0b141113d7
make login/logout URL names into settings ( #10867 )
2016-05-10 09:07:02 +02:00
Benjamin Dauvergne
49a5254363
allow federating transient NameID using an attribute ( fixes #10619 )
2016-04-27 09:22:05 +02:00
Frédéric Péters
6a6405d75f
misc: allow unicode strings as authn classref ( #10666 )
2016-04-15 10:28:31 +02:00