Add a custom saml_config_loader

* Makes the assumption that we only have one set of keys, and only one
  IDP
* If any of the SAML2 variables use relatives paths, these will be
  replaced with absolute paths under the current requests's hostname,
  port, and scheme
This commit is contained in:
James Polley 2018-07-13 14:15:49 +10:00
parent e0e8bdc9a8
commit d690bfb88b
2 changed files with 65 additions and 0 deletions

View file

@ -0,0 +1,62 @@
import copy
from urllib.parse import urlparse
from django.conf import settings
from saml2.config import SPConfig
from saml2 import BINDING_HTTP_POST, BINDING_HTTP_REDIRECT
def is_relative(url):
absolute = bool(urlparse(url).netloc)
return not absolute
def absolutize(path, default_base):
if is_absolute(path):
return path
else:
return default_base + path
SAML_CONFIG = settings.SAML_CONFIG
_idp_configs = {}
_relative_paths = []
def relative_config_loader(request=None):
host = request.get_host()
if host in _idp_configs:
return _idp_configs[host]
base = request.scheme + "://" + request.get_host()
config = copy.deepcopy(settings.SAML_CONFIG)
endpoints = config['service']['sp']['endpoints']
if not _relative_paths:
if is_relative(config['entityid']):
_relative_paths.append('entityid')
if is_relative(endpoints['assertion_consumer_service'][0]):
_relative_paths.append('assertion_consumer_service')
if is_relative(endpoints['single_logout_service'][0][0]):
_relative_paths.append('single_logout_service')
if 'single_logout_service' in _relative_paths:
absolute_rdir = base + endpoints['single_logout_service'][0][0]
absolute_post = base + endpoints['single_logout_service'][1][0]
sls_endpoint = [
(absolute_rdir, BINDING_HTTP_REDIRECT),
(absolute_post, BINDING_HTTP_POST)
]
config['service']['sp']['endpoints']['single_logout_service'] = sls_endpoint
if 'assertion_consumer_service' in _relative_paths:
acs = base + endpoints['assertion_consumer_service'][0]
config['service']['sp']['endpoints']['assertion_consumer_service'][0] = acs
if 'entityid' in _relative_paths:
config['entityid'] = base + config['entityid']
conf = SPConfig()
conf.load(config)
_idp_configs[host] = conf
return conf

View file

@ -419,6 +419,9 @@ SAML_CONFIG = {
'valid_for': 10, 'valid_for': 10,
} }
if 'SAML_CONFIG_LOADER' in os.environ:
SAML_CONFIG_LOADER = os.environ.get('SAML_CONFIG_LOADER')
DEFAULT_FILE_STORAGE = 'gapc_storage.storage.GoogleCloudStorage' DEFAULT_FILE_STORAGE = 'gapc_storage.storage.GoogleCloudStorage'
GAPC_STORAGE = { GAPC_STORAGE = {
'num_retries': 2, 'num_retries': 2,