Skip to content

Adds support for RequestedAuthnContext SSO kwarg #288

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Adds support for RequestedAuthnContext SSO kwarg #288

wants to merge 1 commit into from

Conversation

pandafy
Copy link
Contributor

@pandafy pandafy commented May 31, 2021
edited
Loading

@pandafy pandafy force-pushed the requested-authn-context branch from 5ee0407 to c1c5da0 Compare May 31, 2021 13:54
peppelinux
peppelinux requested changes May 31, 2021
View reviewed changes
Copy link
Member

@peppelinux peppelinux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pysaml2 PR could take a very long time,

feel free to make in djangosaml2 something not dependant from pysaml2, as a momentary solution, we'll update it as pysaml2 will do the merge

djangosaml2/views.py Outdated
)
csc = settings.SAML_CONFIG.get(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please don't use, even/if possibile, django static settings but getattr(conf, ... instead.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have a commit for that, please update your branch

@pandafy pandafy force-pushed the requested-authn-context branch from c1c5da0 to 42e5d52 Compare May 31, 2021 19:52
@pandafy pandafy requested a review from peppelinux May 31, 2021 19:53
peppelinux
peppelinux requested changes Jun 1, 2021
View reviewed changes
djangosaml2/views.py
'_sp_digest_algorithm',
saml2.xmldsig.DIGEST_SHA256
)
csc = getattr(settings, 'SAML_CONFIG', {}).get(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This code is definitevely changed, please update your branch

djangosaml2/djangosaml2/views.py

Line 251 in 8c7a5e9

# SSO options

djangosaml2/views.py
saml2.xmldsig.SIG_RSA_SHA256)
sso_kwargs["digest_alg"] = csc.get('digest_algorithm',
saml2.xmldsig.DIGEST_SHA256)
sso_kwargs['requested_authn_context'] = csc.get('requested_authn_context', None)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here you MUST build the AuthnContext object, until pysaml2 won't merge your PR

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was expecting user to add the RequestedAuthnContext as following in SAML_CONFIG

...
'requested_authn_context': saml2.samlp.RequestedAuthnContext(
    authn_context_class_ref=[
        saml2.saml.AuthnContextClassRef(
            saml2.saml.AUTHN_PASSWORD_PROTECTED
        ),
    ],
    comparison="exact",
),
...

How do you expect user to set this configuration?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

'requested_authn_context': {
'authn_context_class_ref': saml2.saml.AUTHN_PASSWORD_PROTECTED,
'comparison': "exact"
}

@c00kiemon5ter what do you think about this solution also for PySAML2 configuration?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@peppelinux should I make these changes or wait for Ivan's review?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Go ahead, Life Is youth!
We'll handle this in the way we decided, @c00kiemon5ter can Always make a good clue and we'll see if change again or not but, for now, let's get the things done!

@pandafy pandafy force-pushed the requested-authn-context branch from 42e5d52 to 85b03b5 Compare June 1, 2021 14:51
@pandafy pandafy force-pushed the requested-authn-context branch from 85b03b5 to 9f34154 Compare June 1, 2021 14:52
@pandafy pandafy requested a review from peppelinux June 1, 2021 15:40
@peppelinux
Copy link
Member

Hi @pandafy
thank you for your work, besides being the inspiration for this feature you are making a great contribution to pysaml2, which is the library behind djangosaml2.

I couldn't get rid of you with a little chat, so I decided to join you halfway with this proposal, which ideally surpasses this PR, which I therefore close.

The solution I propose is immediately usable and allows us to work waiting for pysaml2 to also join your contribution, when this happens, well, the solution I propose will continue to work as it is :)

I love this job!

@peppelinux peppelinux closed this Jun 2, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@peppelinux peppelinux Awaiting requested review from peppelinux

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pandafy @peppelinux