From 1e01e9813d20b823a0c438b911d68daea82fb51a Mon Sep 17 00:00:00 2001 From: Jens L Date: Wed, 4 Jan 2023 16:44:52 +0100 Subject: [PATCH] providers/saml: add prefix to entity descriptor (#4355) add prefix to entity descriptor Signed-off-by: Jens Langhammer Signed-off-by: Jens Langhammer --- authentik/providers/saml/processors/metadata.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/authentik/providers/saml/processors/metadata.py b/authentik/providers/saml/processors/metadata.py index ef5afc0f9..67c4b07bc 100644 --- a/authentik/providers/saml/processors/metadata.py +++ b/authentik/providers/saml/processors/metadata.py @@ -13,6 +13,7 @@ from authentik.sources.saml.processors.constants import ( DIGEST_ALGORITHM_TRANSLATION_MAP, NS_MAP, NS_SAML_METADATA, + NS_SAML_PROTOCOL, NS_SIGNATURE, SAML_BINDING_POST, SAML_BINDING_REDIRECT, @@ -35,7 +36,7 @@ class MetadataProcessor: self.provider = provider self.http_request = request self.force_binding = None - self.xml_id = sha256(f"{provider.name}-{provider.pk}".encode("ascii")).hexdigest() + self.xml_id = "_" + sha256(f"{provider.name}-{provider.pk}".encode("ascii")).hexdigest() def get_signing_key_descriptor(self) -> Optional[Element]: """Get Signing KeyDescriptor, if enabled for the provider""" @@ -143,9 +144,7 @@ class MetadataProcessor: idp_sso_descriptor = SubElement( entity_descriptor, f"{{{NS_SAML_METADATA}}}IDPSSODescriptor" ) - idp_sso_descriptor.attrib[ - "protocolSupportEnumeration" - ] = "urn:oasis:names:tc:SAML:2.0:protocol" + idp_sso_descriptor.attrib["protocolSupportEnumeration"] = NS_SAML_PROTOCOL signing_descriptor = self.get_signing_key_descriptor() if signing_descriptor is not None: