entrouvert/wcs
entrouvert
/
wcs
14
1
Fork 0
Code Issues Pull Requests 34 Releases Activity

saml: add support for asking saml for forced authentication (#14537)

This commit is contained in:
Frédéric Péters 2017-01-10 10:11:05 +01:00
parent df37bf9b95
commit c46bc299e5
2 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
tests/test_saml_auth.py
View File

@ -232,6 +232,18 @@ def test_saml_login_page():
resp = get_app(pub).get('/login/')
assert resp.status_int == 302
assert resp.location.startswith('http://sso.example.net/saml2/sso?SAMLRequest=')
request = lasso.Samlp2AuthnRequest()
request.initFromQuery(urlparse.urlparse(resp.location).query)
assert request.forceAuthn is False
def test_saml_login_page_force_authn():
setup_environment(pub)
resp = get_app(pub).get('/login/?forceAuthn=true')
assert resp.status_int == 302
assert resp.location.startswith('http://sso.example.net/saml2/sso?SAMLRequest=')
request = lasso.Samlp2AuthnRequest()
request.initFromQuery(urlparse.urlparse(resp.location).query)
assert request.forceAuthn is True
def test_saml_login_page_several_idp():
setup_environment(pub, idp_number=4)

2
wcs/qommon/saml2.py
View File

@ -223,7 +223,7 @@ class Saml2Directory(Directory):
else:
login.request.nameIDPolicy.format = lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT
login.request.nameIDPolicy.allowCreate = True
login.request.forceAuthn = False
login.request.forceAuthn = get_request().form.get('forceAuthn') == 'true'
login.request.isPassive = get_request().form.get('IsPassive') == 'true'
login.request.consent = 'urn:oasis:names:tc:SAML:2.0:consent:current-implicit'
login.msgRelayState = get_request().form.get('next')