Skip to content

Commit 8ee08e2

Browse files
skorandac00kiemon5ter
skoranda
authored and
c00kiemon5ter
committed
Add unsolicited query parameter to set authenticating IdP
Add a query parameter to the unsolicted endpoint to allow setting the entityID for the IdP to be used by the backend for authentication.
1 parent f7eb106 commit 8ee08e2

File tree

1 file changed

+17
-0
lines changed

1 file changed

+17
-0
lines changed

src/satosa/frontends/saml2.py

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1030,6 +1030,7 @@ class SAMLUnsolicitedFrontend(SAMLFrontend):
10301030
KEY_ENDPOINT = "endpoint"
10311031
KEY_DISCO_URL_WHITE = "discovery_service_url_whitelist"
10321032
KEY_DISCO_POLICY_WHITE = "discovery_service_policy_whitelist"
1033+
KEY_QUERY_IDP = "authId"
10331034
KEY_QUERY_SP = "providerId"
10341035
KEY_QUERY_ACS = "shire"
10351036
KEY_QUERY_RELAY = "target"
@@ -1084,12 +1085,15 @@ def unsolicited_endpoint(self, context):
10841085
"""
10851086
request = context.request
10861087

1088+
target_idp_entity_id = request.get(self.KEY_QUERY_IDP, None)
10871089
target_sp_entity_id = request.get(self.KEY_QUERY_SP, None)
10881090
target_sp_acs_url = request.get(self.KEY_QUERY_ACS, None)
10891091
target_sp_relay_state_url = request.get(self.KEY_QUERY_RELAY, None)
10901092
requested_disco_url = request.get(self.KEY_QUERY_DISCO_URL, None)
10911093
requested_disco_policy = request.get(self.KEY_QUERY_DISCO_POLICY, None)
10921094

1095+
logger.debug("Unsolicited target authenticating IdP is {}".format(
1096+
target_idp_entity_id))
10931097
logger.debug("Unsolicited target SP is {}".format(target_sp_entity_id))
10941098
logger.debug("Unsolicited ACS URL is {}".format(target_sp_acs_url))
10951099
logger.debug("Unsolicited relay state is {}".format(
@@ -1225,5 +1229,18 @@ def unsolicited_endpoint(self, context):
12251229
context.decorate(self.KEY_SAML_DISCOVERY_SERVICE_POLICY,
12261230
requested_disco_policy)
12271231

1232+
# If provided and known in the SAML metadata set the entityID for
1233+
# the IdP to use for authentication.
1234+
if target_idp_entity_id:
1235+
try:
1236+
target_idp_metadata = self.idp.metadata[target_idp_entity_id]
1237+
except KeyError:
1238+
msg = "Target IdP with entityID {} is unknown in metadata"
1239+
msg = msg.format(target_idp_entity_id)
1240+
satosa_logging(logger, logging.ERROR, msg, context.state)
1241+
raise SATOSAError(msg)
1242+
1243+
context.decorate(Context.KEY_TARGET_ENTITYID, target_idp_entity_id)
1244+
12281245
# Handle the authn request use the base class.
12291246
return self._handle_authn_request(context, BINDING_HTTP_POST, self.idp)

0 commit comments

Comments
 (0)