saml: allow specification of the IdP entityid
I'm working with a remote metadata endpoint that contains multiple IDPSSODescriptor that support Saml2, so entityid needs to be passed into Saml2Client.prepare_for_authenticate or an error will be thrown saying "Too many IdPs to choose from". My reading of https://pysaml2.readthedocs.io/en/latest/howto/config.html suggests that service.sp.idp is the setting for this but it doesn't seem to do anything other than populate the `idp` attribute in saml2_sp_config. Also https://pysaml2.readthedocs.io/en/latest/howto/config.html#idp suggests this setting should be a list, but Saml2Client._sso_location wants a single entity id. In summary this seems to work, but I'm not convinced I'm doing it right.pull/8630/head
Ben Banfield-Zanin
parent
70259d8c8c
commit
b9120af869
|
|
@ -61,6 +61,7 @@ class SamlHandler:
|
||||||
def __init__(self, hs: "synapse.server.HomeServer"):
|
def __init__(self, hs: "synapse.server.HomeServer"):
|
||||||
self.hs = hs
|
self.hs = hs
|
||||||
self._saml_client = Saml2Client(hs.config.saml2_sp_config)
|
self._saml_client = Saml2Client(hs.config.saml2_sp_config)
|
||||||
|
self._saml_idp_entityid = hs.config.saml2_sp_config.getattr('idp')
|
||||||
self._auth = hs.get_auth()
|
self._auth = hs.get_auth()
|
||||||
self._auth_handler = hs.get_auth_handler()
|
self._auth_handler = hs.get_auth_handler()
|
||||||
self._registration_handler = hs.get_registration_handler()
|
self._registration_handler = hs.get_registration_handler()
|
||||||
|
|
@ -124,6 +125,7 @@ class SamlHandler:
|
||||||
URL to redirect to
|
URL to redirect to
|
||||||
"""
|
"""
|
||||||
reqid, info = self._saml_client.prepare_for_authenticate(
|
reqid, info = self._saml_client.prepare_for_authenticate(
|
||||||
|
entityid=self._saml_idp_entityid,
|
||||||
relay_state=client_redirect_url
|
relay_state=client_redirect_url
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue