entrouvert
/
django-mellon
16
0
Fork 0
Code Issues Pull Requests Releases Activity
211 Commits 7 Branches 101 Tags 867 KiB
Commit Graph

66 Commits

Author SHA1 Message Date
Paul Marillonnet 63993e360c support federation file loading (#19396) 2018-01-09 17:50:25 +01:00
Frédéric Péters 343be40b6f misc: update exception handling for Python 3 (#20925) 2017-12-30 11:53:31 +01:00
Benjamin Dauvergne cb3e18c8ba tests: fix discovery service tests (#19018 #19016) 2017-09-27 21:59:15 +02:00
Benjamin Dauvergne 1703cc5da2 views: send entityID to discovery service (fixes #19016) 2017-09-27 14:28:44 +02:00
Benjamin Dauvergne afe3d4a83f views: add nodisco=1 to discovery service return url (fixes #19018) 2017-09-27 14:28:43 +02:00
Benjamin Dauvergne 850a192bcb add a timeout to artifact resolve HTTP calls (fixes #18098) 2017-09-27 14:28:43 +02:00
Frédéric Péters 646132c661 misc: include target URL in AuthnRequest Extensions node (#18452) 2017-09-06 11:02:12 +02:00
Frédéric Péters d89ecdfbce allow an adapter to adapt auth.login() (#14476) 2017-01-02 13:41:41 +01:00
Frédéric Péters dada4e8242 add logging of IdP SAML responses and looked up users (#14056) 2016-11-23 13:09:01 +01:00
Benjamin Dauvergne 09ff054f57 retry login when artifact resolution return an empty message (fixes #12795) 
This commit also add a test of artifact login.
 2016-07-29 11:53:36 +02:00
Benjamin Dauvergne aaedfde786 views: gracefully handle logout errors (fixes #11449) 2016-06-22 11:06:46 +02:00
Frédéric Péters 80c748820a misc: force another auth.logout() after coming back from the IdP (#11394) 2016-06-16 16:13:04 +02:00
Frédéric Péters 6a6405d75f misc: allow unicode strings as authn classref (#10666) 2016-04-15 10:28:31 +02:00
Frédéric Péters 5eacaa2d22 misc: handle lasso.LoginStatusNotSuccessError (#10633) 2016-04-12 18:54:44 +02:00
Benjamin Dauvergne d732f6ccb7 when status is not 200, report a fragment of the response (fixes #10270) 2016-04-11 17:07:38 +02:00
Benjamin Dauvergne 8a2558c2da views: wrap login view in non_atomic_requests to allow fine control of transactions' commit (fixes #10604) 2016-04-10 15:40:29 +02:00
Frédéric Péters ba6c092911 add support for artifact POST (#10596) 2016-04-08 15:10:31 +02:00
Benjamin Dauvergne 9c28f53c52 log partial logout error as a warning (fixes #10408) 2016-04-06 01:33:39 +02:00
Benjamin Dauvergne 7db1d7d7ed pep8ness 2016-04-06 01:33:39 +02:00
Benjamin Dauvergne 66d1811e2f refactor next_url and RelayState use (fixes #10372) 
The next_url parameter is  no more stored directly in the RelayState, as it
RelayState should only contain strings of no more thant 80 bytes, instead
generate an uuid as the relaystate and store the next_url value in session using
a key based on this uuid.

The implementation is generic enough to accomodate storing any other kind of
data during an SSO or SLO workflow.
 2016-03-22 15:20:29 +01:00
Benjamin Dauvergne 2aec7a3294 views: handle ProfileInvalidMsgError when resolving an artifact (#10270) 2016-03-11 17:10:52 +01:00
Benjamin Dauvergne dba3f32c3a views: handle ProfileInvalidArtifactError exception when resolving an artifact (#10270) 2016-03-11 17:10:52 +01:00
Frédéric Péters a3bc087890 misc: fix passing of RequestedAuthnContext (#10243) 2016-03-09 09:14:38 +01:00
Benjamin Dauvergne fe53dab9ca trivial: move utils import 2016-02-26 21:36:08 +01:00
Benjamin Dauvergne 3d91d40cb2 django 1.9 adaptations 
- django.utils.same_origin was removed
- HttpRequest.REQUEST was removed
- settings.USE_TZ is True by default
- get_default_timezone() is now wrapped by an lrucache(), when modifying
  settings.TIME_ZONE we must also clear the cache.
 2016-02-26 21:35:21 +01:00
Benjamin Dauvergne 40cc598904 views: change HTTP 400 message when no idp is found 2016-02-26 18:09:27 +01:00
Benjamin Dauvergne c1d2fb1a32 trivial: move lasso import 2016-02-26 18:09:27 +01:00
Benjamin Dauvergne 6af1ebfc55 views: do not traceback in get_idp() when no idp is declared 2016-02-26 18:09:27 +01:00
Benjamin Dauvergne bb9451e6ba add discovery service support (fixes #10111) 2016-02-26 18:09:27 +01:00
Benjamin Dauvergne 4f77ee0e24 do not pass strings contening null characters to Lasso, return 400 or ignore (fixes #8939) 2016-02-26 18:09:17 +01:00
Benjamin Dauvergne 2289b8350e implement session_not_on_or_after using new session engines (fixes #9640) 2016-01-15 12:29:31 +01:00
Benjamin Dauvergne dc1e4e56ea do not flatten attributes inplace, and convert expiry to seconds (fixes #9359) 
Original datetime must be kept for setting the expiry, but expiry using datetime
is not supported when using JSON sessions, so we convert it to seconds expiry
before setting it.

We also make iso8601 parsed datetime timezone aware, to match with other
datetimes in Django.
 2015-12-16 18:06:07 +01:00
Benjamin Dauvergne 7f70dbcb9f Revert "views: add an iframe mode to the login view" 
This reverts commit 0e57f99312.
 2015-09-25 15:38:13 +02:00
Benjamin Dauvergne 0e57f99312 views: add an iframe mode to the login view 
Use it by putting a tag:

  <iframe height="0" width="0" src="{% url "mellon_login" %}?{{ request.GET.urlencode }}&passive&iframe"></iframe>

in your page. It will do a passive authentication inside the iframe and
will use JS to reload the top frame if authentication is successfull.
 2015-08-27 14:37:44 +02:00
Benjamin Dauvergne 7ff1969bf5 views: add missing exception for case of status is not success (fixes #7878) 2015-07-21 14:06:54 +02:00
Benjamin Dauvergne 06f3380eb4 Use the lasso thin-sessions feature 2015-06-25 11:26:50 +02:00
Benjamin Dauvergne 00b7fe396c Send log message about logout before effective logout so that request.user is not Anonymous 2015-06-25 11:26:37 +02:00
Benjamin Dauvergne 1719127cae Do not store a name_id_name_qualifier or name_id_sp_name_qualifier if there is not (fixes #7680) 2015-06-25 11:25:57 +02:00
Frédéric Péters 9e5bb02b3f handle artifact response as a byte string (#7544) 2015-06-11 16:37:59 +02:00
Benjamin Dauvergne 9d8528968c views: add a VERIFY_SSL_CERTIFICATE setting 
It controls the validation of certificates by requests on artifact
resolve requests. It's a global and by idp setting.

Also improve logs in errors paths around when calling the artifact
resolver.

fixes #7521
 2015-06-10 15:07:59 +02:00
Frédéric Péters 8dc0fd969a add support for artifact GET protocol binding (#7267) 2015-05-18 18:09:15 +02:00
Benjamin Dauvergne 4b71bbca3a views: in sso_failure() the call to self.get_id() could never work, replace by utils.get_idp() 
In SSO response treatment we do not know anymore the requested IdP from the query string
we must look in the LassoLogin object.

fixes #7271
 2015-05-18 16:16:27 +02:00
Benjamin Dauvergne 6dab31ace8 views: fix setting of isPassive and forceAuthn (fixes #7100) 2015-05-18 11:01:40 +02:00
Serghei Mihai 5dcde8614e login view refactored (#6801) 
Authentication logic split into another, overridable, method
 2015-03-24 09:40:25 +01:00
Frédéric Péters adb72da954 set login.msgRelayState to the value from POST (#6384) 2015-03-09 12:59:01 +01:00
Benjamin Dauvergne 9525e29b03 Always use adapters to get to IdP settings 2015-02-13 18:10:51 +01:00
Jérôme Schneider 4f0f50f816 mellon/views.py: store and load the liberty session dump for slo 2015-02-05 18:26:29 +01:00
Benjamin Dauvergne b0f5c49893 Always set the issuer attribtute to the AuthnResponse issuer 2014-12-09 10:30:32 +01:00
Benjamin Dauvergne 96a51c4952 Use IdP entity id for default name qualifier and SP entity id for default sp name qualifier 2014-12-09 00:33:40 +01:00
Benjamin Dauvergne 94cfed8a8e If name qualifier are missing use the implicit IdP or SP name qualifiers 2014-12-07 20:55:52 +01:00