habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

providers/saml: disallow idp-initiated SSO by default and validate Request ID

Browse Source
This commit is contained in:
Jens Langhammer
2020-09-12 00:53:38 +02:00
parent c2ebaa7f64
commit ca0ba85023
10 changed files with 138 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
passbook/sources/saml/processors/request.py
View File

@ -20,6 +20,8 @@ from passbook.sources.saml.processors.constants import (
NS_SAML_PROTOCOL,
)
SESSION_REQUEST_ID = "passbook_source_saml_request_id"
class RequestProcessor:
"""SAML AuthnRequest Processor"""
@ -37,6 +39,7 @@ class RequestProcessor:
self.http_request = request
self.relay_state = relay_state
self.request_id = get_random_id()
self.http_request.session[SESSION_REQUEST_ID] = self.request_id
self.issue_instant = get_time_string()
def get_issuer(self) -> Element: