Rename configuration options for memorized idp and force_authn

from: mirror_saml_force_authn
to: mirror_force_authn

from: memorize_disco_idp
to: memorize_idp

from: use_memorized_disco_idp_when_force_authn
to: use_memorized_idp_when_force_authn

Signed-off-by: Ivan Kanakarakis <[email protected]>

Author: c00kiemon5ter

doc/README.md

@@ -329,40 +329,40 @@ By default when the SAML frontend receives a SAML authentication request
 with `ForceAuthn` set to `True`, this information is not mirrored in the SAML
 authentication request that is generated by the SAML backend towards the
 upstream identity provider. If the configuration option
-`mirror_saml_force_authn` is set to `True`, then the default behaviour changes
+`mirror_force_authn` is set to `True`, then the default behaviour changes
 and the SAML backend will set `ForceAuthn` to true when it proxies a SAML
 authentication request with `ForceAuthn` set to `True`.
 
 The default behaviour is `False`.
 
 ```yaml
 config:
-  mirror_saml_force_authn: True
+  mirror_force_authn: True
   [...]
 ```
 
 ##### Memorize the IdP selected through the discovery service
 
 In the classic flow, the user is asked to select their home organization to
-authenticate to. The `memorize_disco_idp` configuration option controls whether
+authenticate to. The `memorize_idp` configuration option controls whether
 the user will have to always select a target provider when a discovery service
 is configured. If the parameter is set to `True` (and `ForceAuthn` is not set),
 the proxy will remember and reuse the selected target provider for the duration
 that the state cookie is valid. If `ForceAuthn` is set, then the
-`use_memorized_disco_idp_when_force_authn` configuration option can overide
+`use_memorized_idp_when_force_authn` configuration option can overide
 this property and still reuse the selected target provider.
 
 The default behaviour is `False`.
 
 ```yaml
 config:
-  memorize_disco_idp: True
+  memorize_idp: True
   [...]
 ```
 
 ##### Use the configured discovery service if ForceAuthn is set to true
 
-The `use_memorized_disco_idp_when_force_authn` configuration option controls
+The `use_memorized_idp_when_force_authn` configuration option controls
 whether the user will skip the configured discovery service when the SP sends a
 SAML authentication request with `ForceAuthn` set to `True` but the proxy has
 memorized the user's previous selection.
@@ -371,8 +371,8 @@ The default behaviour is `False`.
 
 ```yaml
 config:
-  memorize_disco_idp: True
-  use_memorized_disco_idp_when_force_authn: True
+  memorize_idp: True
+  use_memorized_idp_when_force_authn: True
   [...]
 ```
 

example/plugins/backends/saml2_backend.yaml.example

@@ -3,9 +3,9 @@ name: Saml2
 config:
   idp_blacklist_file: /path/to/blacklist.json
 
-  mirror_saml_force_authn: no
-  memorize_disco_idp: no
-  use_memorized_disco_idp_when_force_authn: no
+  mirror_force_authn: no
+  memorize_idp: no
+  use_memorized_idp_when_force_authn: no
 
   sp_config:
     key_file: backend.key

src/satosa/backends/saml2.py

@@ -37,11 +37,11 @@
 
 def get_memorized_idp(context, config, force_authn):
     memorized_idp = (
-        config.get(SAMLBackend.KEY_MEMORIZE_DISCO_IDP)
-        and context.state.get(Context.KEY_MEMORIZED_DISCO_IDP)
+        config.get(SAMLBackend.KEY_MEMORIZE_IDP)
+        and context.state.get(Context.KEY_MEMORIZED_IDP)
     )
     use_when_force_authn = config.get(
-        SAMLBackend.KEY_USE_MEMORIZED_DISCO_IDP_WHEN_FORCE_AUTHN
+        SAMLBackend.KEY_USE_MEMORIZED_IDP_WHEN_FORCE_AUTHN
     )
     value = (not force_authn or use_when_force_authn) and memorized_idp
     return value
@@ -50,7 +50,7 @@ def get_memorized_idp(context, config, force_authn):
 # XXX check KEY_FORCE_AUTHN value type (boolean vs str)
 def get_force_authn(context, config, sp_config):
     value = (
-        config.get(SAMLBackend.KEY_MIRROR_SAML_FORCE_AUTHN)
+        config.get(SAMLBackend.KEY_MIRROR_FORCE_AUTHN)
         and (
             context.state.get(Context.KEY_FORCE_AUTHN)
             or context.get_decoration(Context.KEY_FORCE_AUTHN)
@@ -68,9 +68,9 @@ class SAMLBackend(BackendModule, SAMLBaseModule):
     KEY_SAML_DISCOVERY_SERVICE_URL = 'saml_discovery_service_url'
     KEY_SAML_DISCOVERY_SERVICE_POLICY = 'saml_discovery_service_policy'
     KEY_SP_CONFIG = 'sp_config'
-    KEY_MIRROR_SAML_FORCE_AUTHN = 'mirror_saml_force_authn'
-    KEY_MEMORIZE_DISCO_IDP = 'memorize_disco_idp'
-    KEY_USE_MEMORIZED_DISCO_IDP_WHEN_FORCE_AUTHN = 'use_memorized_disco_idp_when_force_authn'
+    KEY_MIRROR_FORCE_AUTHN = 'mirror_force_authn'
+    KEY_MEMORIZE_IDP = 'memorize_idp'
+    KEY_USE_MEMORIZED_IDP_WHEN_FORCE_AUTHN = 'use_memorized_idp_when_force_authn'
 
     VALUE_ACR_COMPARISON_DEFAULT = 'exact'
 
@@ -250,7 +250,7 @@ def authn_request(self, context, entity_id):
         authn_context = self.construct_requested_authn_context(entity_id)
         if authn_context:
             kwargs["requested_authn_context"] = authn_context
-        if self.config.get(SAMLBackend.KEY_MIRROR_SAML_FORCE_AUTHN):
+        if self.config.get(SAMLBackend.KEY_MIRROR_FORCE_AUTHN):
             kwargs["force_authn"] = get_force_authn(
                 context, self.config, self.sp.config
             )
@@ -320,9 +320,9 @@ def authn_response(self, context, binding):
             raise SATOSAAuthenticationError(context.state, "State did not match relay state")
 
         context.decorate(Context.KEY_BACKEND_METADATA_STORE, self.sp.metadata)
-        if self.config.get(SAMLBackend.KEY_MEMORIZE_DISCO_IDP):
+        if self.config.get(SAMLBackend.KEY_MEMORIZE_IDP):
             issuer = authn_response.response.issuer.text.strip()
-            context.state[Context.KEY_MEMORIZED_DISCO_IDP] = issuer
+            context.state[Context.KEY_MEMORIZED_IDP] = issuer
         context.state.pop(self.name, None)
         context.state.pop(Context.KEY_FORCE_AUTHN, None)
         return self.auth_callback_func(context, self._translate_response(authn_response, context.state))

src/satosa/context.py

@@ -18,7 +18,7 @@ class Context(object):
     KEY_BACKEND_METADATA_STORE = 'metadata_store'
     KEY_TARGET_ENTITYID = 'target_entity_id'
     KEY_FORCE_AUTHN = 'force_authn'
-    KEY_MEMORIZED_DISCO_IDP = 'memorized_disco_idp'
+    KEY_MEMORIZED_IDP = 'memorized_idp'
 
     def __init__(self):
         self._path = None

tests/satosa/backends/test_saml2.py

@@ -187,22 +187,22 @@ def test_use_of_disco_or_redirect_to_idp_when_using_mdq_and_forceauthn_is_not_se
         backend_conf = {
             SAMLBackend.KEY_SP_CONFIG: sp_conf,
             SAMLBackend.KEY_DISCO_SRV: DISCOSRV_URL,
-            SAMLBackend.KEY_MEMORIZE_DISCO_IDP: True,
+            SAMLBackend.KEY_MEMORIZE_IDP: True,
         }
         samlbackend = SAMLBackend(
             None, INTERNAL_ATTRIBUTES, backend_conf, "base_url", "saml_backend"
         )
         resp = samlbackend.start_auth(context, InternalData())
         self.assert_redirect_to_discovery_server(resp, sp_conf, DISCOSRV_URL)
 
-        context.state[Context.KEY_MEMORIZED_DISCO_IDP] = idp_conf["entityid"]
+        context.state[Context.KEY_MEMORIZED_IDP] = idp_conf["entityid"]
         samlbackend = SAMLBackend(
             None, INTERNAL_ATTRIBUTES, backend_conf, "base_url", "saml_backend"
         )
         resp = samlbackend.start_auth(context, InternalData())
         self.assert_redirect_to_idp(resp, idp_conf)
 
-        backend_conf[SAMLBackend.KEY_MEMORIZE_DISCO_IDP] = False
+        backend_conf[SAMLBackend.KEY_MEMORIZE_IDP] = False
         samlbackend = SAMLBackend(
             None, INTERNAL_ATTRIBUTES, backend_conf, "base_url", "saml_backend"
         )
@@ -216,12 +216,12 @@ def test_use_of_disco_or_redirect_to_idp_when_using_mdq_and_forceauthn_is_set(
         sp_conf["metadata"]["mdq"] = ["https://mdq.example.com"]
 
         context.decorate(Context.KEY_FORCE_AUTHN, "true")
-        context.state[Context.KEY_MEMORIZED_DISCO_IDP] = idp_conf["entityid"]
+        context.state[Context.KEY_MEMORIZED_IDP] = idp_conf["entityid"]
 
         backend_conf = {
             SAMLBackend.KEY_SP_CONFIG: sp_conf,
             SAMLBackend.KEY_DISCO_SRV: DISCOSRV_URL,
-            SAMLBackend.KEY_MEMORIZE_DISCO_IDP: True,
+            SAMLBackend.KEY_MEMORIZE_IDP: True,
             SAMLBackend.KEY_MIRROR_FORCE_AUTHN: True,
         }
         samlbackend = SAMLBackend(
@@ -230,7 +230,7 @@ def test_use_of_disco_or_redirect_to_idp_when_using_mdq_and_forceauthn_is_set(
         resp = samlbackend.start_auth(context, InternalData())
         self.assert_redirect_to_discovery_server(resp, sp_conf, DISCOSRV_URL)
 
-        backend_conf[SAMLBackend.KEY_USE_MEMORIZED_DISCO_IDP_WHEN_FORCE_AUTHN] = True
+        backend_conf[SAMLBackend.KEY_USE_MEMORIZED_IDP_WHEN_FORCE_AUTHN] = True
         samlbackend = SAMLBackend(
             None, INTERNAL_ATTRIBUTES, backend_conf, "base_url", "saml_backend"
         )