habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

providers/saml: disallow idp-initiated SSO by default and validate Request ID

Browse Source
This commit is contained in:
Jens Langhammer
2020-09-12 00:53:38 +02:00
parent c2ebaa7f64
commit ca0ba85023
10 changed files with 138 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
passbook/sources/saml/exceptions.py
View File

@ -8,3 +8,7 @@ class MissingSAMLResponse(SentryIgnoredException):
class UnsupportedNameIDFormat(SentryIgnoredException):
"""Exception raised when SAML Response contains NameID Format not supported."""
class MismatchedRequestID(SentryIgnoredException):
"""Exception raised when the returned request ID doesn't match the saved ID."""