saml2: remove ECP support (#39086)

2020-01-18 22:28:54 +01:00 · 2020-01-18 22:28:54 +01:00 · 9aa6749598
parent be5b007d47
commit 9aa6749598
2 changed files with 2 additions and 30 deletions
--- a/wcs/qommon/saml2.py
+++ b/wcs/qommon/saml2.py
@ -105,8 +105,8 @@ def get_remote_provider_cfg(profile):

 class Saml2Directory(Directory):
    _q_exports = ['login',
-            'singleSignOnArtifact', 'singleSignOnPost', 'singleSignOnSOAP', 'singleSignOnRedirect',
-            'assertionConsumerArtifact', 'assertionConsumerPost', 'assertionConsumerSOAP', 'assertionConsumerRedirect',
+            'singleSignOnArtifact', 'singleSignOnPost', 'singleSignOnRedirect',
+            'assertionConsumerArtifact', 'assertionConsumerPost', 'assertionConsumerRedirect',
            'singleLogout', 'singleLogoutReturn', 'singleLogoutSOAP',
            'metadata', ('metadata.xml', 'metadata'), 'public_key']

@ -150,30 +150,6 @@ class Saml2Directory(Directory):
 </html>
 """ % { 'url': url, 'body': body}

-    @soap_endpoint
-    def assertionConsumerSOAP(self):
-        request = get_request()
-        server = misc.get_lasso_server()
-        if not server:
-            return error_page(_('SAML 2.0 support not yet configured.'))
-        login = lasso.Login(server)
-        paos_message = self.get_soap_message()
-        try:
-            login.processPaosResponseMsg(paos_message)
-        except lasso.Error as error:
-            if error[0] == lasso.LOGIN_ERROR_STATUS_NOT_SUCCESS:
-                response = get_response()
-                response.set_status(401)
-                return 'Authentication failure: %s' % saml2_status_summary(login.response)
-            raise
-        login.acceptSso()
-
-        return self.success_ecp()
-
-    def success_ecp(self):
-        template.html_top()
-        return 'ECP Authentication succeeded.'
-
    def login(self):
        return self.perform_login()

@ -787,5 +763,4 @@ class Saml2Directory(Directory):
    # retain compatibility with old metadatas
    singleSignOnArtifact = assertionConsumerArtifact
    singleSignOnPost = assertionConsumerPost
-    singleSignOnSOAP = assertionConsumerSOAP
    singleSignOnRedirect = assertionConsumerRedirect
--- a/wcs/qommon/saml2utils.py
+++ b/wcs/qommon/saml2utils.py
@ -121,9 +121,6 @@ class Metadata(object):
    <AssertionConsumerService index="1"
      Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
      Location="%(saml2_base_url)s/%(ac)sPost" />
-    <AssertionConsumerService index="2"
-      Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
-      Location="%(saml2_base_url)s/%(ac)sSOAP" />
    <AssertionConsumerService index="3"
      Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
      Location="%(saml2_base_url)s/%(ac)sRedirect" />