From ba41c2a18f15d1a2c2e1c8c8a055f74d1a5d7d8e Mon Sep 17 00:00:00 2001 From: habi3000 Date: Mon, 23 Dec 2019 09:33:21 +0300 Subject: [PATCH 1/2] added force_auth to the doc --- README.rst | 8 +++++++- djangosaml2/views.py | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/README.rst b/README.rst index be59ec7e..35536c2f 100644 --- a/README.rst +++ b/README.rst @@ -192,7 +192,13 @@ We will see a typical configuration for protecting a Django project:: saml2.BINDING_HTTP_POST), ], }, - + # Mandates that the identity provider MUST authenticate the + # presenter directly rather than rely on a previous security context. + 'force_authn': False, + + # Enable AllowCreate in NameIDPolicy. + 'name_id_format_allow_create': False, + # attributes that this project need to identify a user 'required_attributes': ['uid'], diff --git a/djangosaml2/views.py b/djangosaml2/views.py index 13ba3435..aae4fc8f 100644 --- a/djangosaml2/views.py +++ b/djangosaml2/views.py @@ -147,7 +147,7 @@ def login(request, kwargs = {} # pysaml needs a string otherwise: "cannot serialize True (type bool)" - if getattr(conf, '_sp_force_authn'): + if getattr(conf, '_sp_force_authn',False): kwargs['force_authn'] = "true" if getattr(conf, '_sp_allow_create', "false"): kwargs['allow_create'] = "true" From 15c7e82f8b1b65766cc7b3565f4c250fa991a93f Mon Sep 17 00:00:00 2001 From: habi3000 Date: Mon, 23 Dec 2019 12:28:55 +0300 Subject: [PATCH 2/2] remove getattr _sp_force_authn default value --- djangosaml2/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/djangosaml2/views.py b/djangosaml2/views.py index aae4fc8f..13ba3435 100644 --- a/djangosaml2/views.py +++ b/djangosaml2/views.py @@ -147,7 +147,7 @@ def login(request, kwargs = {} # pysaml needs a string otherwise: "cannot serialize True (type bool)" - if getattr(conf, '_sp_force_authn',False): + if getattr(conf, '_sp_force_authn'): kwargs['force_authn'] = "true" if getattr(conf, '_sp_allow_create', "false"): kwargs['allow_create'] = "true"