KumiSystems/kumidc
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Django 4 compatibility

Browse source
This commit is contained in:
Kumi 2022-11-27 16:45:02 +00:00
parent 860c497c86
commit 02400d5ce0
Signed by: kumi
GPG key ID: ECBCC9082395383F
4 changed files with 44 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
authentication/mixins/session.py
View file

@ -1,5 +1,5 @@
from django.contrib.auth import REDIRECT_FIELD_NAME, logout from django.contrib.auth import REDIRECT_FIELD_NAME, logout
from django.contrib.auth.views import SuccessURLAllowedHostsMixin from django.contrib.auth.views import RedirectURLMixin
from django.contrib.auth.mixins import LoginRequiredMixin from django.contrib.auth.mixins import LoginRequiredMixin
from django.contrib import messages from django.contrib import messages
from django.conf import settings from django.conf import settings
@ -11,7 +11,7 @@ from django.shortcuts import resolve_url
from ..models.session import AuthSession from ..models.session import AuthSession
class AuthSessionRequiredMixin(SuccessURLAllowedHostsMixin): class AuthSessionRequiredMixin(RedirectURLMixin):
redirect_field_name = REDIRECT_FIELD_NAME redirect_field_name = REDIRECT_FIELD_NAME
redirect_authenticated_user = True redirect_authenticated_user = True

42
kumidc/settings.py
View file

@ -22,6 +22,7 @@ SECRET_KEY = CONFIG_FILE.secret_key
DEBUG = CONFIG_FILE.config.getboolean("App", "Debug", fallback=False) DEBUG = CONFIG_FILE.config.getboolean("App", "Debug", fallback=False)
ALLOWED_HOSTS = json.loads(CONFIG_FILE.config["App"]["Hosts"]) ALLOWED_HOSTS = json.loads(CONFIG_FILE.config["App"]["Hosts"])
CSRF_TRUSTED_ORIGINS = [f"https://{host}" for host in ALLOWED_HOSTS]
BASE_URL = CONFIG_FILE.config["App"]["BaseURL"] BASE_URL = CONFIG_FILE.config["App"]["BaseURL"]
CERTIFICATE_DIR = Path(CONFIG_FILE.config.get("App", "CertificateDir", fallback=BASE_DIR / "certificates")) CERTIFICATE_DIR = Path(CONFIG_FILE.config.get("App", "CertificateDir", fallback=BASE_DIR / "certificates"))
@ -171,18 +172,18 @@ SAML_IDP_CONFIG = {
'name': 'KumiDC', 'name': 'KumiDC',
'endpoints': { 'endpoints': {
'single_sign_on_service': [ 'single_sign_on_service': [
#(urljoin(BASE_URL, '/saml/sso/post/'), saml2.BINDING_HTTP_POST), (urljoin(BASE_URL, '/saml/sso/post/'), saml2.BINDING_HTTP_POST),
(urljoin(BASE_URL, '/saml/sso/redirect/'), saml2.BINDING_HTTP_REDIRECT), (urljoin(BASE_URL, '/saml/sso/redirect/'), saml2.BINDING_HTTP_REDIRECT),
], ],
"single_logout_service": [ "single_logout_service": [
#(urljoin(BASE_URL, "/saml/slo/post/"), saml2.BINDING_HTTP_POST), (urljoin(BASE_URL, "/saml/slo/post/"), saml2.BINDING_HTTP_POST),
(urljoin(BASE_URL, "/saml/slo/redirect/"), saml2.BINDING_HTTP_REDIRECT) (urljoin(BASE_URL, "/saml/slo/redirect/"), saml2.BINDING_HTTP_REDIRECT)
], ],
}, },
'name_id_format': [NAMEID_FORMAT_EMAILADDRESS, NAMEID_FORMAT_UNSPECIFIED], 'name_id_format': [NAMEID_FORMAT_EMAILADDRESS, NAMEID_FORMAT_UNSPECIFIED],
'sign_response': True, 'sign_response': False,
'sign_assertion': True, 'sign_assertion': False,
'want_authn_requests_signed': True, 'want_authn_requests_signed': False,
}, },
}, },
@ -205,6 +206,37 @@ SAML_IDP_MULTIFACTOR_VIEW = "frontend.views.saml.SAMLMultiFactorView"
SAML_AUTHN_SIGN_ALG = saml2.xmldsig.SIG_RSA_SHA256 SAML_AUTHN_SIGN_ALG = saml2.xmldsig.SIG_RSA_SHA256
SAML_AUTHN_DIGEST_ALG = saml2.xmldsig.DIGEST_SHA256 SAML_AUTHN_DIGEST_ALG = saml2.xmldsig.DIGEST_SHA256
SAML_IDP_SHOW_CONSENT_FORM = True
SAML_IDP_SHOW_USER_AGREEMENT_SCREEN = True
DEFAULT_SPCONFIG = {
'processor': 'uniauth_saml2_idp.processors.ldap.LdapUnicalMultiAcademiaProcessor',
'attribute_mapping': {
"cn": "cn",
"eduPersonEntitlement": "eduPersonEntitlement",
"eduPersonPrincipalName": "eduPersonPrincipalName",
"schacHomeOrganization": "schacHomeOrganization",
"eduPersonHomeOrganization": "eduPersonHomeOrganization",
"eduPersonAffiliation": "eduPersonAffiliation",
"eduPersonScopedAffiliation": "eduPersonScopedAffiliation",
"eduPersonTargetedID": "eduPersonTargetedID",
"mail": ["mail", "email"],
"email": ["mail", "email"],
"schacPersonalUniqueCode": "schacPersonalUniqueCode",
"schacPersonalUniqueID": "schacPersonalUniqueID",
"sn": "sn",
"givenName": ["givenName", "another_possible_occourrence"],
"displayName": "displayName",
},
'display_name': 'Unical SP',
'display_description': 'This is for test purpose',
'display_agreement_message': 'Some information about you has been requested',
'signing_algorithm': saml2.xmldsig.SIG_RSA_SHA256,
'digest_algorithm': saml2.xmldsig.DIGEST_SHA256,
'disable_encrypted_assertions': True,
'show_user_agreement_screen': SAML_IDP_SHOW_USER_AGREEMENT_SCREEN
}
# Session Timeouts # Session Timeouts
REVERIFY_AFTER_INACTIVITY_MINUTES = 5 REVERIFY_AFTER_INACTIVITY_MINUTES = 5

3
kumidc/urls.py
View file

@ -5,7 +5,8 @@ from django.views.generic import RedirectView
urlpatterns = [ urlpatterns = [
re_path(r'^openid/', include('oidc_provider.urls', namespace='oidc_provider')), re_path(r'^openid/', include('oidc_provider.urls', namespace='oidc_provider')),
re_path(r'^saml/', include('djangosaml2idp.urls', namespace="djangosaml2idp")),
re_path(r'^saml/', include('djangosaml2idp.urls')),
path('admin/login/', RedirectView.as_view(url=reverse_lazy("auth:login"), query_string=True)), path('admin/login/', RedirectView.as_view(url=reverse_lazy("auth:login"), query_string=True)),
path('admin/', admin.site.urls), path('admin/', admin.site.urls),

8
requirements.txt
View file

@ -1,13 +1,11 @@
Django<4 Django
django-oidc-provider git+https://kumig.it/kumitterer/django-oidc-provider/
djangosaml2idp git+https://github.com/OTA-Insight/djangosaml2idp/
dbsettings dbsettings
django-autosecretkey django-autosecretkey
git+https://github.com/IdentityPython/pysaml2
cryptography cryptography
pyotp pyotp
django-timezone-field django-timezone-field