Django 4 compatibility
This commit is contained in:
parent
860c497c86
commit
02400d5ce0
4 changed files with 44 additions and 13 deletions
|
@ -1,5 +1,5 @@
|
||||||
from django.contrib.auth import REDIRECT_FIELD_NAME, logout
|
from django.contrib.auth import REDIRECT_FIELD_NAME, logout
|
||||||
from django.contrib.auth.views import SuccessURLAllowedHostsMixin
|
from django.contrib.auth.views import RedirectURLMixin
|
||||||
from django.contrib.auth.mixins import LoginRequiredMixin
|
from django.contrib.auth.mixins import LoginRequiredMixin
|
||||||
from django.contrib import messages
|
from django.contrib import messages
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
|
@ -11,7 +11,7 @@ from django.shortcuts import resolve_url
|
||||||
from ..models.session import AuthSession
|
from ..models.session import AuthSession
|
||||||
|
|
||||||
|
|
||||||
class AuthSessionRequiredMixin(SuccessURLAllowedHostsMixin):
|
class AuthSessionRequiredMixin(RedirectURLMixin):
|
||||||
redirect_field_name = REDIRECT_FIELD_NAME
|
redirect_field_name = REDIRECT_FIELD_NAME
|
||||||
redirect_authenticated_user = True
|
redirect_authenticated_user = True
|
||||||
|
|
||||||
|
|
|
@ -22,6 +22,7 @@ SECRET_KEY = CONFIG_FILE.secret_key
|
||||||
DEBUG = CONFIG_FILE.config.getboolean("App", "Debug", fallback=False)
|
DEBUG = CONFIG_FILE.config.getboolean("App", "Debug", fallback=False)
|
||||||
|
|
||||||
ALLOWED_HOSTS = json.loads(CONFIG_FILE.config["App"]["Hosts"])
|
ALLOWED_HOSTS = json.loads(CONFIG_FILE.config["App"]["Hosts"])
|
||||||
|
CSRF_TRUSTED_ORIGINS = [f"https://{host}" for host in ALLOWED_HOSTS]
|
||||||
BASE_URL = CONFIG_FILE.config["App"]["BaseURL"]
|
BASE_URL = CONFIG_FILE.config["App"]["BaseURL"]
|
||||||
|
|
||||||
CERTIFICATE_DIR = Path(CONFIG_FILE.config.get("App", "CertificateDir", fallback=BASE_DIR / "certificates"))
|
CERTIFICATE_DIR = Path(CONFIG_FILE.config.get("App", "CertificateDir", fallback=BASE_DIR / "certificates"))
|
||||||
|
@ -171,18 +172,18 @@ SAML_IDP_CONFIG = {
|
||||||
'name': 'KumiDC',
|
'name': 'KumiDC',
|
||||||
'endpoints': {
|
'endpoints': {
|
||||||
'single_sign_on_service': [
|
'single_sign_on_service': [
|
||||||
#(urljoin(BASE_URL, '/saml/sso/post/'), saml2.BINDING_HTTP_POST),
|
(urljoin(BASE_URL, '/saml/sso/post/'), saml2.BINDING_HTTP_POST),
|
||||||
(urljoin(BASE_URL, '/saml/sso/redirect/'), saml2.BINDING_HTTP_REDIRECT),
|
(urljoin(BASE_URL, '/saml/sso/redirect/'), saml2.BINDING_HTTP_REDIRECT),
|
||||||
],
|
],
|
||||||
"single_logout_service": [
|
"single_logout_service": [
|
||||||
#(urljoin(BASE_URL, "/saml/slo/post/"), saml2.BINDING_HTTP_POST),
|
(urljoin(BASE_URL, "/saml/slo/post/"), saml2.BINDING_HTTP_POST),
|
||||||
(urljoin(BASE_URL, "/saml/slo/redirect/"), saml2.BINDING_HTTP_REDIRECT)
|
(urljoin(BASE_URL, "/saml/slo/redirect/"), saml2.BINDING_HTTP_REDIRECT)
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
'name_id_format': [NAMEID_FORMAT_EMAILADDRESS, NAMEID_FORMAT_UNSPECIFIED],
|
'name_id_format': [NAMEID_FORMAT_EMAILADDRESS, NAMEID_FORMAT_UNSPECIFIED],
|
||||||
'sign_response': True,
|
'sign_response': False,
|
||||||
'sign_assertion': True,
|
'sign_assertion': False,
|
||||||
'want_authn_requests_signed': True,
|
'want_authn_requests_signed': False,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
|
@ -205,6 +206,37 @@ SAML_IDP_MULTIFACTOR_VIEW = "frontend.views.saml.SAMLMultiFactorView"
|
||||||
SAML_AUTHN_SIGN_ALG = saml2.xmldsig.SIG_RSA_SHA256
|
SAML_AUTHN_SIGN_ALG = saml2.xmldsig.SIG_RSA_SHA256
|
||||||
SAML_AUTHN_DIGEST_ALG = saml2.xmldsig.DIGEST_SHA256
|
SAML_AUTHN_DIGEST_ALG = saml2.xmldsig.DIGEST_SHA256
|
||||||
|
|
||||||
|
SAML_IDP_SHOW_CONSENT_FORM = True
|
||||||
|
SAML_IDP_SHOW_USER_AGREEMENT_SCREEN = True
|
||||||
|
|
||||||
|
DEFAULT_SPCONFIG = {
|
||||||
|
'processor': 'uniauth_saml2_idp.processors.ldap.LdapUnicalMultiAcademiaProcessor',
|
||||||
|
'attribute_mapping': {
|
||||||
|
"cn": "cn",
|
||||||
|
"eduPersonEntitlement": "eduPersonEntitlement",
|
||||||
|
"eduPersonPrincipalName": "eduPersonPrincipalName",
|
||||||
|
"schacHomeOrganization": "schacHomeOrganization",
|
||||||
|
"eduPersonHomeOrganization": "eduPersonHomeOrganization",
|
||||||
|
"eduPersonAffiliation": "eduPersonAffiliation",
|
||||||
|
"eduPersonScopedAffiliation": "eduPersonScopedAffiliation",
|
||||||
|
"eduPersonTargetedID": "eduPersonTargetedID",
|
||||||
|
"mail": ["mail", "email"],
|
||||||
|
"email": ["mail", "email"],
|
||||||
|
"schacPersonalUniqueCode": "schacPersonalUniqueCode",
|
||||||
|
"schacPersonalUniqueID": "schacPersonalUniqueID",
|
||||||
|
"sn": "sn",
|
||||||
|
"givenName": ["givenName", "another_possible_occourrence"],
|
||||||
|
"displayName": "displayName",
|
||||||
|
},
|
||||||
|
'display_name': 'Unical SP',
|
||||||
|
'display_description': 'This is for test purpose',
|
||||||
|
'display_agreement_message': 'Some information about you has been requested',
|
||||||
|
'signing_algorithm': saml2.xmldsig.SIG_RSA_SHA256,
|
||||||
|
'digest_algorithm': saml2.xmldsig.DIGEST_SHA256,
|
||||||
|
'disable_encrypted_assertions': True,
|
||||||
|
'show_user_agreement_screen': SAML_IDP_SHOW_USER_AGREEMENT_SCREEN
|
||||||
|
}
|
||||||
|
|
||||||
# Session Timeouts
|
# Session Timeouts
|
||||||
|
|
||||||
REVERIFY_AFTER_INACTIVITY_MINUTES = 5
|
REVERIFY_AFTER_INACTIVITY_MINUTES = 5
|
|
@ -5,7 +5,8 @@ from django.views.generic import RedirectView
|
||||||
|
|
||||||
urlpatterns = [
|
urlpatterns = [
|
||||||
re_path(r'^openid/', include('oidc_provider.urls', namespace='oidc_provider')),
|
re_path(r'^openid/', include('oidc_provider.urls', namespace='oidc_provider')),
|
||||||
re_path(r'^saml/', include('djangosaml2idp.urls', namespace="djangosaml2idp")),
|
|
||||||
|
re_path(r'^saml/', include('djangosaml2idp.urls')),
|
||||||
|
|
||||||
path('admin/login/', RedirectView.as_view(url=reverse_lazy("auth:login"), query_string=True)),
|
path('admin/login/', RedirectView.as_view(url=reverse_lazy("auth:login"), query_string=True)),
|
||||||
path('admin/', admin.site.urls),
|
path('admin/', admin.site.urls),
|
||||||
|
|
|
@ -1,13 +1,11 @@
|
||||||
Django<4
|
Django
|
||||||
|
|
||||||
django-oidc-provider
|
git+https://kumig.it/kumitterer/django-oidc-provider/
|
||||||
djangosaml2idp
|
git+https://github.com/OTA-Insight/djangosaml2idp/
|
||||||
|
|
||||||
dbsettings
|
dbsettings
|
||||||
django-autosecretkey
|
django-autosecretkey
|
||||||
|
|
||||||
git+https://github.com/IdentityPython/pysaml2
|
|
||||||
|
|
||||||
cryptography
|
cryptography
|
||||||
pyotp
|
pyotp
|
||||||
django-timezone-field
|
django-timezone-field
|
||||||
|
|
Loading…
Reference in a new issue