Frédéric Péters
163639501c
python3: always use %s to get user representation in logs
2018-04-05 14:31:45 +02:00
Frédéric Péters
24e85adc5a
python3: handle differences in lasso/py2/py3 encodings
2018-04-05 14:31:45 +02:00
Frédéric Péters
239f39c097
python3: add detection of xml encoding
2018-04-05 14:25:54 +02:00
Thomas NOËL
ac75dce84f
misc: disable AuthnRequest eo:next_url Extensions by default ( fixes #20229 )
2018-03-07 15:59:10 +01:00
Benjamin Dauvergne
6c528dd2c3
Revert "support federation file loading ( #19396 )"
...
This reverts commit 63993e360c
.
2018-01-09 21:43:25 +01:00
Paul Marillonnet
63993e360c
support federation file loading ( #19396 )
2018-01-09 17:50:25 +01:00
Frédéric Péters
343be40b6f
misc: update exception handling for Python 3 ( #20925 )
2017-12-30 11:53:31 +01:00
Benjamin Dauvergne
cb3e18c8ba
tests: fix discovery service tests ( #19018 #19016 )
2017-09-27 21:59:15 +02:00
Benjamin Dauvergne
1703cc5da2
views: send entityID to discovery service ( fixes #19016 )
2017-09-27 14:28:44 +02:00
Benjamin Dauvergne
afe3d4a83f
views: add nodisco=1 to discovery service return url ( fixes #19018 )
2017-09-27 14:28:43 +02:00
Benjamin Dauvergne
850a192bcb
add a timeout to artifact resolve HTTP calls ( fixes #18098 )
2017-09-27 14:28:43 +02:00
Frédéric Péters
646132c661
misc: include target URL in AuthnRequest Extensions node ( #18452 )
2017-09-06 11:02:12 +02:00
Frédéric Péters
d89ecdfbce
allow an adapter to adapt auth.login() ( #14476 )
2017-01-02 13:41:41 +01:00
Frédéric Péters
dada4e8242
add logging of IdP SAML responses and looked up users ( #14056 )
2016-11-23 13:09:01 +01:00
Benjamin Dauvergne
09ff054f57
retry login when artifact resolution return an empty message ( fixes #12795 )
...
This commit also add a test of artifact login.
2016-07-29 11:53:36 +02:00
Benjamin Dauvergne
aaedfde786
views: gracefully handle logout errors ( fixes #11449 )
2016-06-22 11:06:46 +02:00
Frédéric Péters
80c748820a
misc: force another auth.logout() after coming back from the IdP ( #11394 )
2016-06-16 16:13:04 +02:00
Frédéric Péters
6a6405d75f
misc: allow unicode strings as authn classref ( #10666 )
2016-04-15 10:28:31 +02:00
Frédéric Péters
5eacaa2d22
misc: handle lasso.LoginStatusNotSuccessError ( #10633 )
2016-04-12 18:54:44 +02:00
Benjamin Dauvergne
d732f6ccb7
when status is not 200, report a fragment of the response ( fixes #10270 )
2016-04-11 17:07:38 +02:00
Benjamin Dauvergne
8a2558c2da
views: wrap login view in non_atomic_requests to allow fine control of transactions' commit ( fixes #10604 )
2016-04-10 15:40:29 +02:00
Frédéric Péters
ba6c092911
add support for artifact POST ( #10596 )
2016-04-08 15:10:31 +02:00
Benjamin Dauvergne
9c28f53c52
log partial logout error as a warning ( fixes #10408 )
2016-04-06 01:33:39 +02:00
Benjamin Dauvergne
7db1d7d7ed
pep8ness
2016-04-06 01:33:39 +02:00
Benjamin Dauvergne
66d1811e2f
refactor next_url and RelayState use ( fixes #10372 )
...
The next_url parameter is no more stored directly in the RelayState, as it
RelayState should only contain strings of no more thant 80 bytes, instead
generate an uuid as the relaystate and store the next_url value in session using
a key based on this uuid.
The implementation is generic enough to accomodate storing any other kind of
data during an SSO or SLO workflow.
2016-03-22 15:20:29 +01:00
Benjamin Dauvergne
2aec7a3294
views: handle ProfileInvalidMsgError when resolving an artifact ( #10270 )
2016-03-11 17:10:52 +01:00
Benjamin Dauvergne
dba3f32c3a
views: handle ProfileInvalidArtifactError exception when resolving an artifact ( #10270 )
2016-03-11 17:10:52 +01:00
Frédéric Péters
a3bc087890
misc: fix passing of RequestedAuthnContext ( #10243 )
2016-03-09 09:14:38 +01:00
Benjamin Dauvergne
fe53dab9ca
trivial: move utils import
2016-02-26 21:36:08 +01:00
Benjamin Dauvergne
3d91d40cb2
django 1.9 adaptations
...
- django.utils.same_origin was removed
- HttpRequest.REQUEST was removed
- settings.USE_TZ is True by default
- get_default_timezone() is now wrapped by an lrucache(), when modifying
settings.TIME_ZONE we must also clear the cache.
2016-02-26 21:35:21 +01:00
Benjamin Dauvergne
40cc598904
views: change HTTP 400 message when no idp is found
2016-02-26 18:09:27 +01:00
Benjamin Dauvergne
c1d2fb1a32
trivial: move lasso import
2016-02-26 18:09:27 +01:00
Benjamin Dauvergne
6af1ebfc55
views: do not traceback in get_idp() when no idp is declared
2016-02-26 18:09:27 +01:00
Benjamin Dauvergne
bb9451e6ba
add discovery service support ( fixes #10111 )
2016-02-26 18:09:27 +01:00
Benjamin Dauvergne
4f77ee0e24
do not pass strings contening null characters to Lasso, return 400 or ignore ( fixes #8939 )
2016-02-26 18:09:17 +01:00
Benjamin Dauvergne
2289b8350e
implement session_not_on_or_after using new session engines ( fixes #9640 )
2016-01-15 12:29:31 +01:00
Benjamin Dauvergne
dc1e4e56ea
do not flatten attributes inplace, and convert expiry to seconds ( fixes #9359 )
...
Original datetime must be kept for setting the expiry, but expiry using datetime
is not supported when using JSON sessions, so we convert it to seconds expiry
before setting it.
We also make iso8601 parsed datetime timezone aware, to match with other
datetimes in Django.
2015-12-16 18:06:07 +01:00
Benjamin Dauvergne
7f70dbcb9f
Revert "views: add an iframe mode to the login view"
...
This reverts commit 0e57f99312
.
2015-09-25 15:38:13 +02:00
Benjamin Dauvergne
0e57f99312
views: add an iframe mode to the login view
...
Use it by putting a tag:
<iframe height="0" width="0" src="{% url "mellon_login" %}?{{ request.GET.urlencode }}&passive&iframe"></iframe>
in your page. It will do a passive authentication inside the iframe and
will use JS to reload the top frame if authentication is successfull.
2015-08-27 14:37:44 +02:00
Benjamin Dauvergne
7ff1969bf5
views: add missing exception for case of status is not success ( fixes #7878 )
2015-07-21 14:06:54 +02:00
Benjamin Dauvergne
06f3380eb4
Use the lasso thin-sessions feature
2015-06-25 11:26:50 +02:00
Benjamin Dauvergne
00b7fe396c
Send log message about logout before effective logout so that request.user is not Anonymous
2015-06-25 11:26:37 +02:00
Benjamin Dauvergne
1719127cae
Do not store a name_id_name_qualifier or name_id_sp_name_qualifier if there is not ( fixes #7680 )
2015-06-25 11:25:57 +02:00
Frédéric Péters
9e5bb02b3f
handle artifact response as a byte string ( #7544 )
2015-06-11 16:37:59 +02:00
Benjamin Dauvergne
9d8528968c
views: add a VERIFY_SSL_CERTIFICATE setting
...
It controls the validation of certificates by requests on artifact
resolve requests. It's a global and by idp setting.
Also improve logs in errors paths around when calling the artifact
resolver.
fixes #7521
2015-06-10 15:07:59 +02:00
Frédéric Péters
8dc0fd969a
add support for artifact GET protocol binding ( #7267 )
2015-05-18 18:09:15 +02:00
Benjamin Dauvergne
4b71bbca3a
views: in sso_failure() the call to self.get_id() could never work, replace by utils.get_idp()
...
In SSO response treatment we do not know anymore the requested IdP from the query string
we must look in the LassoLogin object.
fixes #7271
2015-05-18 16:16:27 +02:00
Benjamin Dauvergne
6dab31ace8
views: fix setting of isPassive and forceAuthn ( fixes #7100 )
2015-05-18 11:01:40 +02:00
Serghei Mihai
5dcde8614e
login view refactored ( #6801 )
...
Authentication logic split into another, overridable, method
2015-03-24 09:40:25 +01:00
Frédéric Péters
adb72da954
set login.msgRelayState to the value from POST ( #6384 )
2015-03-09 12:59:01 +01:00