providers/saml: add prefix to entity descriptor (#4355)

add prefix to entity descriptor Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-04 16:44:52 +01:00 · 2023-01-04 16:44:52 +01:00 · 1e01e9813d
parent 119a268eb7
commit 1e01e9813d
1 changed files with 3 additions and 4 deletions
--- a/authentik/providers/saml/processors/metadata.py
+++ b/authentik/providers/saml/processors/metadata.py
@ -13,6 +13,7 @@ from authentik.sources.saml.processors.constants import (
    DIGEST_ALGORITHM_TRANSLATION_MAP,
    NS_MAP,
    NS_SAML_METADATA,
    NS_SAML_PROTOCOL,
    NS_SIGNATURE,
    SAML_BINDING_POST,
    SAML_BINDING_REDIRECT,
@ -35,7 +36,7 @@ class MetadataProcessor:
        self.provider = provider
        self.http_request = request
        self.force_binding = None
-        self.xml_id = sha256(f"{provider.name}-{provider.pk}".encode("ascii")).hexdigest()
+        self.xml_id = "_" + sha256(f"{provider.name}-{provider.pk}".encode("ascii")).hexdigest()
    def get_signing_key_descriptor(self) -> Optional[Element]:
        """Get Signing KeyDescriptor, if enabled for the provider"""
@ -143,9 +144,7 @@ class MetadataProcessor:
        idp_sso_descriptor = SubElement(
            entity_descriptor, f"{{{NS_SAML_METADATA}}}IDPSSODescriptor"
        )
-        idp_sso_descriptor.attrib[
+        idp_sso_descriptor.attrib["protocolSupportEnumeration"] = NS_SAML_PROTOCOL
            "protocolSupportEnumeration"
        ] = "urn:oasis:names:tc:SAML:2.0:protocol"
        signing_descriptor = self.get_signing_key_descriptor()
        if signing_descriptor is not None: