mirror of
https://github.com/goauthentik/authentik
synced 2026-04-25 17:15:26 +02:00
d1fb7dde14
* init Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix metadata Signed-off-by: Jens Langhammer <jens@goauthentik.io> * aight Signed-off-by: Jens Langhammer <jens@goauthentik.io> * progress Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix timedelta Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start testing metadata Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add some more tests and schemas Signed-off-by: Jens Langhammer <jens@goauthentik.io> * test signature Signed-off-by: Jens Langhammer <jens@goauthentik.io> * attempt to fix signed xml linebreak https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/1258 https://github.com/robrichards/xmlseclibs/issues/28 https://github.com/xmlsec/python-xmlsec/issues/196 Signed-off-by: Jens Langhammer <jens@goauthentik.io> * format + gen Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update web Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more validation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * hmm Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add e2e test Signed-off-by: Jens Langhammer <jens@goauthentik.io> * qol fix in wait_for_url Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add UI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * acs -> reply url Signed-off-by: Jens Langhammer <jens@goauthentik.io> * sign_out Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix some XML typing Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove verification_kp as its not used Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix reply url Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add ws-fed to tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add logout test Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add SAMLSession Signed-off-by: Jens Langhammer <jens@goauthentik.io> * refactor Signed-off-by: Jens Langhammer <jens@goauthentik.io> * unrelated type fixes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add backchannel logout Signed-off-by: Jens Langhammer <jens@goauthentik.io> * delete import_metadata in wsfed Signed-off-by: Jens Langhammer <jens@goauthentik.io> * include generated realm Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Update web/src/admin/providers/wsfed/WSFederationProviderViewPage.ts Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com> Signed-off-by: Jens L. <jens@beryju.org> * include wtrealm in ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Jens L. <jens@beryju.org> Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
41 lines
1.7 KiB
Python
41 lines
1.7 KiB
Python
from django.urls import reverse
|
|
from lxml.etree import SubElement, _Element # nosec
|
|
|
|
from authentik.enterprise.providers.ws_federation.processors.constants import (
|
|
NS_ADDRESSING,
|
|
NS_MAP,
|
|
NS_WS_FED_PROTOCOL,
|
|
NS_WSI,
|
|
)
|
|
from authentik.providers.saml.processors.metadata import MetadataProcessor as BaseMetadataProcessor
|
|
from authentik.sources.saml.processors.constants import NS_SAML_METADATA
|
|
|
|
|
|
class MetadataProcessor(BaseMetadataProcessor):
|
|
def add_children(self, entity_descriptor: _Element):
|
|
self.add_role_descriptor_sts(entity_descriptor)
|
|
super().add_children(entity_descriptor)
|
|
|
|
def add_endpoint(self, parent: _Element, name: str):
|
|
endpoint = SubElement(parent, f"{{{NS_WS_FED_PROTOCOL}}}{name}", nsmap=NS_MAP)
|
|
endpoint_ref = SubElement(endpoint, f"{{{NS_ADDRESSING}}}EndpointReference", nsmap=NS_MAP)
|
|
|
|
address = SubElement(endpoint_ref, f"{{{NS_ADDRESSING}}}Address", nsmap=NS_MAP)
|
|
address.text = self.http_request.build_absolute_uri(
|
|
reverse("authentik_providers_ws_federation:wsfed")
|
|
)
|
|
|
|
def add_role_descriptor_sts(self, entity_descriptor: _Element):
|
|
role_descriptor = SubElement(
|
|
entity_descriptor, f"{{{NS_SAML_METADATA}}}RoleDescriptor", nsmap=NS_MAP
|
|
)
|
|
role_descriptor.attrib[f"{{{NS_WSI}}}type"] = "fed:SecurityTokenServiceType"
|
|
role_descriptor.attrib["protocolSupportEnumeration"] = NS_WS_FED_PROTOCOL
|
|
|
|
signing_descriptor = self.get_signing_key_descriptor()
|
|
if signing_descriptor is not None:
|
|
role_descriptor.append(signing_descriptor)
|
|
|
|
self.add_endpoint(role_descriptor, "SecurityTokenServiceEndpoint")
|
|
self.add_endpoint(role_descriptor, "PassiveRequestorEndpoint")
|