From 6e5b3a74eca40f1cfe40d9631fa6ed79169f983e Mon Sep 17 00:00:00 2001 From: Avinash Kadaji Date: Fri, 24 May 2024 13:07:29 -0400 Subject: [PATCH 1/3] setting authnRequestsSigned to True --- sp/models.py | 1 + sp/views.py | 2 ++ 2 files changed, 3 insertions(+) diff --git a/sp/models.py b/sp/models.py index 98f67c9..3d08458 100644 --- a/sp/models.py +++ b/sp/models.py @@ -217,6 +217,7 @@ def sp_settings(self): "security": { "wantAttributeStatement": self.require_attributes, "metadataValidUntil": self.certificate_expires, + "authnRequestsSigned": True, "requestedAuthnContextComparison": self.authn_comparison, "requestedAuthnContext": self.authn_context, "logoutRequestSigned": self.logout_request_signed, diff --git a/sp/views.py b/sp/views.py index f4b38a4..28c6768 100644 --- a/sp/views.py +++ b/sp/views.py @@ -13,6 +13,8 @@ def metadata(request, **kwargs): idp = get_request_idp(request, **kwargs) + print(idp.sp_settings) + saml_settings = OneLogin_Saml2_Settings( settings=idp.sp_settings, sp_validation_only=True ) From cf5c9f3be621a596efd05170619636344ee66d52 Mon Sep 17 00:00:00 2001 From: Avinash Kadaji Date: Fri, 24 May 2024 13:47:03 -0400 Subject: [PATCH 2/3] added field to toggle authentication request signing --- sp/admin.py | 1 + .../0016_idp_authn_requests_signed.py | 18 ++++++++++++++++++ sp/models.py | 7 ++++++- 3 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 sp/migrations/0016_idp_authn_requests_signed.py diff --git a/sp/admin.py b/sp/admin.py index 1d66654..f119738 100644 --- a/sp/admin.py +++ b/sp/admin.py @@ -51,6 +51,7 @@ class IdPAdmin(admin.ModelAdmin): "fields": ( "contact_name", "contact_email", + "authn_requests_signed", "x509_certificate", "private_key", "certificate_expires", diff --git a/sp/migrations/0016_idp_authn_requests_signed.py b/sp/migrations/0016_idp_authn_requests_signed.py new file mode 100644 index 0000000..a849c66 --- /dev/null +++ b/sp/migrations/0016_idp_authn_requests_signed.py @@ -0,0 +1,18 @@ +# Generated by Django 4.2 on 2024-05-24 17:42 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('sp', '0015_idp_logout_request_signed_idp_logout_response_signed'), + ] + + operations = [ + migrations.AddField( + model_name='idp', + name='authn_requests_signed', + field=models.BooleanField(default=False, verbose_name='Sign Authentication Request'), + ), + ] diff --git a/sp/models.py b/sp/models.py index 3d08458..e5d2ace 100644 --- a/sp/models.py +++ b/sp/models.py @@ -44,6 +44,11 @@ class IdP(models.Model): ) contact_name = models.CharField(max_length=100) contact_email = models.EmailField(max_length=100) + + authn_requests_signed = models.BooleanField( + _("Sign Authentication Request"), default=False + ) + x509_certificate = models.TextField(blank=True) private_key = models.TextField(blank=True) certificate_expires = models.DateTimeField(null=True, blank=True) @@ -217,7 +222,7 @@ def sp_settings(self): "security": { "wantAttributeStatement": self.require_attributes, "metadataValidUntil": self.certificate_expires, - "authnRequestsSigned": True, + "authnRequestsSigned": self., "requestedAuthnContextComparison": self.authn_comparison, "requestedAuthnContext": self.authn_context, "logoutRequestSigned": self.logout_request_signed, From 41e44c8ccc2c9958e3d928f8e8801b008ea1806e Mon Sep 17 00:00:00 2001 From: Avinash Kadaji Date: Wed, 29 May 2024 19:12:36 -0400 Subject: [PATCH 3/3] fixed missing auth request value --- sp/models.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sp/models.py b/sp/models.py index e5d2ace..4f063b6 100644 --- a/sp/models.py +++ b/sp/models.py @@ -222,7 +222,7 @@ def sp_settings(self): "security": { "wantAttributeStatement": self.require_attributes, "metadataValidUntil": self.certificate_expires, - "authnRequestsSigned": self., + "authnRequestsSigned": self.authn_requests_signed, "requestedAuthnContextComparison": self.authn_comparison, "requestedAuthnContext": self.authn_context, "logoutRequestSigned": self.logout_request_signed,