providers/saml: disallow idp-initiated SSO by default and validate Request ID

passbook/sources/saml/migrations/0006_samlsource_allow_idp_initiated.py

@@ -0,0 +1,21 @@
+# Generated by Django 3.1.1 on 2020-09-11 22:14
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("passbook_sources_saml", "0005_samlsource_name_id_policy"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="samlsource",
+            name="allow_idp_initiated",
+            field=models.BooleanField(
+                default=False,
+                help_text="Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done.",
+            ),
+        ),
+    ]