Commit graph

32 commits

Author SHA1 Message Date
Jens Langhammer 1edcda58ba providers/saml: add verification_kp when verifying assertions against certificates without private key 2020-11-08 22:24:54 +01:00
Jens Langhammer a5420fe019 providers/saml: lowercase acs URLs before checking
closes #249
2020-10-01 10:04:20 +02:00
Jens Langhammer 1a6dd00681 providers/saml: fix X509Data container linebreaks 2020-08-01 19:38:59 +02:00
Jens Langhammer 330bd0932b providers/saml: fix NotOnOrAfter using incorrect timestamp 2020-08-01 19:38:41 +02:00
Jens Langhammer 37b2400cdb lib: move SAML timestring utils into lib 2020-07-20 11:35:16 +02:00
Jens Langhammer f7b9de1261 */saml: fix MetadataProcessor having generic namespace prefixes 2020-07-12 18:40:43 +02:00
Jens Langhammer 464b558a02 */saml: fix typo 2020-07-12 17:20:41 +02:00
Jens Langhammer d1151091cd providers/saml: Generate NameID Value based on NameID Policy received 2020-07-12 17:06:35 +02:00
Jens Langhammer f8e5383ba2 providers/saml: parse NameID Policy from AuthnRequest 2020-07-12 17:05:48 +02:00
Jens Langhammer 0ff4545bab providers/saml: fix AuthnRequest Signature validation, add unittests 2020-07-12 16:17:53 +02:00
Jens Langhammer a393097504 */saml: start implementing unittests, fix signing 2020-07-12 01:44:34 +02:00
Jens Langhammer 2056b86ce7 providers/saml: rewrite SAML AuthNRequest Parser and Response Processor 2020-07-11 14:06:42 +02:00
Jens Langhammer 3753275453 providers/saml: make metadata accessible without authentication 2020-06-20 21:51:52 +02:00
Jens Langhammer a0f05caf8e providers/saml: move templates into correct folder 2020-06-20 21:49:16 +02:00
Jens L 73116b9d1a
policies/expression: migrate to raw python instead of jinja2 (#49)
* policies/expression: migrate to raw python instead of jinja2

* lib/expression: create base evaluator, custom subclass for policies

* core: rewrite propertymappings to use python

* providers/saml: update to new PropertyMappings

* sources/ldap: update to new PropertyMappings

* docs: update docs for new propertymappings

* root: remove jinja2

* root: re-add jinja to lock file as its implicitly required
2020-06-05 12:00:27 +02:00
Jens Langhammer e2804b9755 root: fix linting errors 2020-05-27 11:26:48 +02:00
Jens Langhammer c903c81bd5 root: update pylint ignore list 2020-05-18 18:15:39 +02:00
Jens Langhammer fff05e35ac providers/saml: optionally verify SAML Signature 2020-05-06 18:03:12 +02:00
Jens Langhammer a5bfef9b6b providers/saml: fix leftover data in session, fix IdP initiated login
move can_handle calls to binding endpoints (/login/ and /login/initiate/), so that /login/authorize/ works either way, can clean up the session and audit
2020-02-24 17:34:52 +01:00
Jens Langhammer 38a22ddf13 providers/saml: cleanup encoding 2020-02-20 21:33:10 +01:00
Jens Langhammer 027a64fad2 providers/saml: change default NameID Format to emailAddress 2020-02-20 17:37:09 +01:00
Jens Langhammer 8d875cb01d providers/saml: fix /login/ pointing to wrong view 2020-02-20 16:13:55 +01:00
Jens Langhammer 5b22f9b6c3 providers/saml: transition to dataclass from dict, cleanup unused templates, add missing autosubmit_form 2020-02-18 10:57:30 +01:00
Jens Langhammer 813b2676de providers/saml: better handle PropertyMapping evaluation errors 2020-02-18 10:12:42 +01:00
Jens Langhammer 3aa2f1e892 *: propertymapping template -> expression 2020-02-17 20:38:14 +01:00
Jens Langhammer 7268afaaf9 providers/saml: update to new PropertyMappings 2020-02-17 17:50:11 +01:00
Jens Langhammer 447e81d0b8 providers/saml: handle uncompressed SAML AuthNRequest 2020-02-16 14:08:35 +01:00
Jens Langhammer e5b85e8e6a providers/saml: move default saml properties to DB 2020-02-16 12:29:53 +01:00
Jens Langhammer 571373866e providers/saml: some more cleanup, fix get_time_string when called without argument 2020-02-14 15:34:24 +01:00
Jens Langhammer e36d7928e4 providers/saml: big cleanup, simplify base processor
add New fields for
 - assertion_valid_not_before
 - assertion_valid_not_on_or_after
 - session_valid_not_on_or_after
allow flexible time durations for these fields
fall back to Provider's ACS if none is specified in AuthNRequest
2020-02-14 15:19:48 +01:00
Jens Langhammer 3bd1eadd51 all: implement black as code formatter 2019-12-31 12:51:16 +01:00
Langhammer, Jens f2acc154cd *(minor): small refactor 2019-10-07 16:33:48 +02:00