Frédéric Péters
edb09ed8fd
use force_text for python2/3 compatibility ( #24139 )
2018-05-29 12:21:13 +02:00
Frédéric Péters
1e02302fd9
python3: get metadata from URL as a string
2018-04-05 14:38:36 +02:00
Frédéric Péters
163639501c
python3: always use %s to get user representation in logs
2018-04-05 14:31:45 +02:00
Frédéric Péters
24e85adc5a
python3: handle differences in lasso/py2/py3 encodings
2018-04-05 14:31:45 +02:00
Frédéric Péters
401b65f8b3
python3: adjust unicode usage
2018-04-05 14:29:55 +02:00
Frédéric Péters
239f39c097
python3: add detection of xml encoding
2018-04-05 14:25:54 +02:00
Frédéric Péters
7df3a6f5e0
python3: don't use iteritems
2018-04-05 14:25:54 +02:00
Frédéric Péters
d342971a45
python3: use open() to open files
2018-04-05 14:25:54 +02:00
Benjamin Dauvergne
be791d54a8
set a default value for IDENTITY_PROVIDERS (( fixes #20221 )
2018-03-07 18:09:44 +01:00
Benjamin Dauvergne
b66a974922
do not raise ImproperlyConfigured on acces to app_settings.IDENTITY_PROVIDERS ( fixes #20221 )
2018-03-07 16:54:19 +01:00
Thomas NOËL
ac75dce84f
misc: disable AuthnRequest eo:next_url Extensions by default ( fixes #20229 )
2018-03-07 15:59:10 +01:00
Benjamin Dauvergne
a0d3e209c1
move tag Extensions in metadata template ( fixes #21923 )
...
Current template does not validate the SAML 2.0 metadata schema.
2018-02-16 09:54:22 +01:00
Benjamin Dauvergne
6c528dd2c3
Revert "support federation file loading ( #19396 )"
...
This reverts commit 63993e360c
.
2018-01-09 21:43:25 +01:00
Paul Marillonnet
63993e360c
support federation file loading ( #19396 )
2018-01-09 17:50:25 +01:00
Frédéric Péters
343be40b6f
misc: update exception handling for Python 3 ( #20925 )
2017-12-30 11:53:31 +01:00
Frédéric Péters
078fcbd058
misc: update missing-django message for Python 3 ( #20925 )
2017-12-30 11:53:31 +01:00
Benjamin Dauvergne
688067f270
middleware: improve condition to automatically determine a common domain ( fixes #15548 )
...
It works if:
- HTTP Host is a domain name and not an IP address (IPv6 address will not pass
this test, they lack dots),
- domain contains at least three components.
2017-09-27 21:59:48 +02:00
Benjamin Dauvergne
cb3e18c8ba
tests: fix discovery service tests ( #19018 #19016 )
2017-09-27 21:59:15 +02:00
Benjamin Dauvergne
1703cc5da2
views: send entityID to discovery service ( fixes #19016 )
2017-09-27 14:28:44 +02:00
Benjamin Dauvergne
afe3d4a83f
views: add nodisco=1 to discovery service return url ( fixes #19018 )
2017-09-27 14:28:43 +02:00
Benjamin Dauvergne
850a192bcb
add a timeout to artifact resolve HTTP calls ( fixes #18098 )
2017-09-27 14:28:43 +02:00
Frédéric Péters
646132c661
misc: include target URL in AuthnRequest Extensions node ( #18452 )
2017-09-06 11:02:12 +02:00
Frédéric Péters
7767bc6740
use django facilities to get hostname from request ( #16525 )
...
This is required as SERVER_NAME may not be used in some uwsgi
configuration, and HTTP_HOST should be used instead.
| Nginx maps the $server_name variable to the first server_name you define.
| In your case you have two solutions: read HTTP_HOST instead of SERVER_NAME
| in your app or set SERVER_NAME to $http_host in uwsgi_params
-- http://lists.unbit.it/pipermail/uwsgi/2010-August/000571.html
The HttpRequest.get_host method handles those cases and more.
2017-08-10 11:35:21 +02:00
Frédéric Péters
4201b41cdb
misc: remove usage of urls.patterns for django 1.8 and later ( #15959 )
2017-04-23 21:08:15 +02:00
Frédéric Péters
d89ecdfbce
allow an adapter to adapt auth.login() ( #14476 )
2017-01-02 13:41:41 +01:00
Frédéric Péters
a838336442
misc: remove south migrations ( #14064 )
2016-11-23 18:01:30 +01:00
Frédéric Péters
dada4e8242
add logging of IdP SAML responses and looked up users ( #14056 )
2016-11-23 13:09:01 +01:00
Frédéric Péters
db578bddcf
translation update
2016-10-23 17:47:53 +02:00
Benjamin Dauvergne
4a52cfee3e
allow views to refuse passive login ( fixes #13627 )
2016-10-18 10:03:41 +02:00
Benjamin Dauvergne
09ff054f57
retry login when artifact resolution return an empty message ( fixes #12795 )
...
This commit also add a test of artifact login.
2016-07-29 11:53:36 +02:00
Benjamin Dauvergne
aaedfde786
views: gracefully handle logout errors ( fixes #11449 )
2016-06-22 11:06:46 +02:00
Benjamin Dauvergne
69a18d7272
utils: fix handling of multiple private keys ( fixes #11475 )
2016-06-22 11:06:33 +02:00
Frédéric Péters
80c748820a
misc: force another auth.logout() after coming back from the IdP ( #11394 )
2016-06-16 16:13:04 +02:00
Frédéric Péters
33dded157a
middleware: don't fail on unnamed URLs ( #11319 )
2016-06-13 13:43:06 +02:00
Frédéric Péters
0b141113d7
make login/logout URL names into settings ( #10867 )
2016-05-10 09:07:02 +02:00
Benjamin Dauvergne
49a5254363
allow federating transient NameID using an attribute ( fixes #10619 )
2016-04-27 09:22:05 +02:00
Frédéric Péters
6a6405d75f
misc: allow unicode strings as authn classref ( #10666 )
2016-04-15 10:28:31 +02:00
Frédéric Péters
5eacaa2d22
misc: handle lasso.LoginStatusNotSuccessError ( #10633 )
2016-04-12 18:54:44 +02:00
Benjamin Dauvergne
74b61de641
replace dateutil by isodate ( #10196 )
...
isodate has better support for the full ISO8601 specification.
2016-04-11 19:14:07 +02:00
Benjamin Dauvergne
d732f6ccb7
when status is not 200, report a fragment of the response ( fixes #10270 )
2016-04-11 17:07:38 +02:00
Benjamin Dauvergne
8a2558c2da
views: wrap login view in non_atomic_requests to allow fine control of transactions' commit ( fixes #10604 )
2016-04-10 15:40:29 +02:00
Frédéric Péters
ba6c092911
add support for artifact POST ( #10596 )
2016-04-08 15:10:31 +02:00
Benjamin Dauvergne
9c28f53c52
log partial logout error as a warning ( fixes #10408 )
2016-04-06 01:33:39 +02:00
Benjamin Dauvergne
7db1d7d7ed
pep8ness
2016-04-06 01:33:39 +02:00
Benjamin Dauvergne
66d1811e2f
refactor next_url and RelayState use ( fixes #10372 )
...
The next_url parameter is no more stored directly in the RelayState, as it
RelayState should only contain strings of no more thant 80 bytes, instead
generate an uuid as the relaystate and store the next_url value in session using
a key based on this uuid.
The implementation is generic enough to accomodate storing any other kind of
data during an SSO or SLO workflow.
2016-03-22 15:20:29 +01:00
Benjamin Dauvergne
bfa84bb6ba
always consider relative URLs as being of the same origin ( fixes #10371 )
2016-03-22 15:13:48 +01:00
Benjamin Dauvergne
2aec7a3294
views: handle ProfileInvalidMsgError when resolving an artifact ( #10270 )
2016-03-11 17:10:52 +01:00
Benjamin Dauvergne
dba3f32c3a
views: handle ProfileInvalidArtifactError exception when resolving an artifact ( #10270 )
2016-03-11 17:10:52 +01:00
Frédéric Péters
a3bc087890
misc: fix passing of RequestedAuthnContext ( #10243 )
2016-03-09 09:14:38 +01:00
Benjamin Dauvergne
eb89a86ef3
add DiscoveryResponse endpoint to metadata ( fixes #10197 )
2016-03-04 11:05:01 +01:00