saml: add support for asking saml for forced authentication (#14537)
This commit is contained in:
parent
df37bf9b95
commit
c46bc299e5
|
@ -232,6 +232,18 @@ def test_saml_login_page():
|
|||
resp = get_app(pub).get('/login/')
|
||||
assert resp.status_int == 302
|
||||
assert resp.location.startswith('http://sso.example.net/saml2/sso?SAMLRequest=')
|
||||
request = lasso.Samlp2AuthnRequest()
|
||||
request.initFromQuery(urlparse.urlparse(resp.location).query)
|
||||
assert request.forceAuthn is False
|
||||
|
||||
def test_saml_login_page_force_authn():
|
||||
setup_environment(pub)
|
||||
resp = get_app(pub).get('/login/?forceAuthn=true')
|
||||
assert resp.status_int == 302
|
||||
assert resp.location.startswith('http://sso.example.net/saml2/sso?SAMLRequest=')
|
||||
request = lasso.Samlp2AuthnRequest()
|
||||
request.initFromQuery(urlparse.urlparse(resp.location).query)
|
||||
assert request.forceAuthn is True
|
||||
|
||||
def test_saml_login_page_several_idp():
|
||||
setup_environment(pub, idp_number=4)
|
||||
|
|
|
@ -223,7 +223,7 @@ class Saml2Directory(Directory):
|
|||
else:
|
||||
login.request.nameIDPolicy.format = lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT
|
||||
login.request.nameIDPolicy.allowCreate = True
|
||||
login.request.forceAuthn = False
|
||||
login.request.forceAuthn = get_request().form.get('forceAuthn') == 'true'
|
||||
login.request.isPassive = get_request().form.get('IsPassive') == 'true'
|
||||
login.request.consent = 'urn:oasis:names:tc:SAML:2.0:consent:current-implicit'
|
||||
login.msgRelayState = get_request().form.get('next')
|
||||
|
|
Loading…
Reference in New Issue