misc: include target URL in AuthnRequest Extensions node (#18560)

2017-09-09 14:24:51 +02:00 · 2017-09-09 14:24:51 +02:00 · 9e504d4a20
parent 5292e605d4
commit 9e504d4a20
2 changed files with 15 additions and 0 deletions
--- a/tests/test_saml_auth.py
+++ b/tests/test_saml_auth.py
@ -293,6 +293,10 @@ def test_saml_backoffice_redirect(pub):
    assert urlparse.parse_qs(urlparse.urlparse(resp.location).query)['SAMLRequest']
    assert urlparse.parse_qs(urlparse.urlparse(resp.location).query)['RelayState'] == ['http://example.net/backoffice/']

+    request = lasso.Samlp2AuthnRequest()
+    request.initFromQuery(urlparse.urlparse(resp.location).query)
+    assert ':next_url>http://example.net/backoffice/<' in request.getOriginalXmlnode()
+
 def test_saml_register(pub):
    get_app(pub).get('/register/', status=404)
    pub.cfg['saml_identities'] = {'identity-creation': 'self'}
--- a/wcs/qommon/saml2.py
+++ b/wcs/qommon/saml2.py
@ -20,6 +20,7 @@ import urllib
 import urlparse
 import time
 import sys
+from xml.sax.saxutils import escape

 try:
    import lasso
@ -228,6 +229,16 @@ class Saml2Directory(Directory):
        login.request.isPassive = get_request().form.get('IsPassive') == 'true'
        login.request.consent = 'urn:oasis:names:tc:SAML:2.0:consent:current-implicit'
        login.msgRelayState = get_request().form.get('next')
+
+        next_url = login.msgRelayState or get_publisher().get_frontoffice_url()
+        login.request.extensions = lasso.Samlp2Extensions()
+        login.request.extensions.setOriginalXmlnode(
+                '''<samlp:Extensions
+                        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+                        xmlns:eo="https://www.entrouvert.com/">
+                      <eo:next_url>%s</eo:next_url>
+                   </samlp:Extensions>''' % escape(next_url))
+
        login.buildAuthnRequestMsg()
        return redirect(login.msgUrl)