Add a custom saml_config_loader
* Makes the assumption that we only have one set of keys, and only one IDP * If any of the SAML2 variables use relatives paths, these will be replaced with absolute paths under the current requests's hostname, port, and scheme
This commit is contained in:
parent
e0e8bdc9a8
commit
d690bfb88b
2 changed files with 65 additions and 0 deletions
62
pinaxcon/saml2/saml_config_loader.py
Normal file
62
pinaxcon/saml2/saml_config_loader.py
Normal file
|
@ -0,0 +1,62 @@
|
||||||
|
import copy
|
||||||
|
from urllib.parse import urlparse
|
||||||
|
|
||||||
|
from django.conf import settings
|
||||||
|
from saml2.config import SPConfig
|
||||||
|
from saml2 import BINDING_HTTP_POST, BINDING_HTTP_REDIRECT
|
||||||
|
|
||||||
|
def is_relative(url):
|
||||||
|
absolute = bool(urlparse(url).netloc)
|
||||||
|
return not absolute
|
||||||
|
|
||||||
|
def absolutize(path, default_base):
|
||||||
|
if is_absolute(path):
|
||||||
|
return path
|
||||||
|
else:
|
||||||
|
return default_base + path
|
||||||
|
|
||||||
|
SAML_CONFIG = settings.SAML_CONFIG
|
||||||
|
|
||||||
|
_idp_configs = {}
|
||||||
|
_relative_paths = []
|
||||||
|
|
||||||
|
def relative_config_loader(request=None):
|
||||||
|
host = request.get_host()
|
||||||
|
if host in _idp_configs:
|
||||||
|
return _idp_configs[host]
|
||||||
|
|
||||||
|
base = request.scheme + "://" + request.get_host()
|
||||||
|
|
||||||
|
config = copy.deepcopy(settings.SAML_CONFIG)
|
||||||
|
endpoints = config['service']['sp']['endpoints']
|
||||||
|
|
||||||
|
if not _relative_paths:
|
||||||
|
if is_relative(config['entityid']):
|
||||||
|
_relative_paths.append('entityid')
|
||||||
|
if is_relative(endpoints['assertion_consumer_service'][0]):
|
||||||
|
_relative_paths.append('assertion_consumer_service')
|
||||||
|
if is_relative(endpoints['single_logout_service'][0][0]):
|
||||||
|
_relative_paths.append('single_logout_service')
|
||||||
|
|
||||||
|
if 'single_logout_service' in _relative_paths:
|
||||||
|
absolute_rdir = base + endpoints['single_logout_service'][0][0]
|
||||||
|
absolute_post = base + endpoints['single_logout_service'][1][0]
|
||||||
|
sls_endpoint = [
|
||||||
|
(absolute_rdir, BINDING_HTTP_REDIRECT),
|
||||||
|
(absolute_post, BINDING_HTTP_POST)
|
||||||
|
]
|
||||||
|
config['service']['sp']['endpoints']['single_logout_service'] = sls_endpoint
|
||||||
|
if 'assertion_consumer_service' in _relative_paths:
|
||||||
|
acs = base + endpoints['assertion_consumer_service'][0]
|
||||||
|
config['service']['sp']['endpoints']['assertion_consumer_service'][0] = acs
|
||||||
|
|
||||||
|
if 'entityid' in _relative_paths:
|
||||||
|
config['entityid'] = base + config['entityid']
|
||||||
|
|
||||||
|
conf = SPConfig()
|
||||||
|
conf.load(config)
|
||||||
|
|
||||||
|
_idp_configs[host] = conf
|
||||||
|
|
||||||
|
return conf
|
||||||
|
|
|
@ -419,6 +419,9 @@ SAML_CONFIG = {
|
||||||
'valid_for': 10,
|
'valid_for': 10,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if 'SAML_CONFIG_LOADER' in os.environ:
|
||||||
|
SAML_CONFIG_LOADER = os.environ.get('SAML_CONFIG_LOADER')
|
||||||
|
|
||||||
DEFAULT_FILE_STORAGE = 'gapc_storage.storage.GoogleCloudStorage'
|
DEFAULT_FILE_STORAGE = 'gapc_storage.storage.GoogleCloudStorage'
|
||||||
GAPC_STORAGE = {
|
GAPC_STORAGE = {
|
||||||
'num_retries': 2,
|
'num_retries': 2,
|
||||||
|
|
Loading…
Reference in a new issue