Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Various amends #20

Merged
merged 16 commits into from
Jan 11, 2019
Merged

Various amends #20

merged 16 commits into from
Jan 11, 2019

Conversation

lgarvey
Copy link
Contributor

@lgarvey lgarvey commented Jan 10, 2019

As discussed, here's a PR with the changes that I've made to satisfy requirements for this project: https://www.github.com/uktrade/staff-sso. We have integrated our sso solution with Google and AWS via saml2, using this module.

Here's a summary of the changes:

  1. use the correct saml binding
  2. Pass the entity id into when instantiating the processor
  3. add an is_enabled method to the processor - use case: to enable the integration to be enabled/disabled.
  4. Allow configuration of the primary user field using either User.USERNAME_FIELD or SAML_IDP_USERNAME_FIELD [mirrors the logic in the djangosaml2 (sp) module]
  5. Move user name id retrieval logic to processor
  6. add some tests and a couple of bug fixes

lgarvey and others added 15 commits October 17, 2018 13:30
@lgarvey
Fix login view parses the authn request using correct binding
c5ae46c
@lgarvey
Improve processor logic
470e888 
Pass in the SP entity_id
BaseProcessor was not being instantiated
Pass extra config into the processor.create_identity method - this allows for providing additional params required by AWS IAM Saml2

This enables the staff-sso app to use as model based processor which can reference saml2 data config based on entity_id
@lgarvey
Merge pull request #1 from lgarvey/improve_processor_logic
71510b1 
Improve processor logic
@lgarvey
Remove pdb
d4395fe
@lgarvey
Honour the CustomUser.USERNAME_FIELD for lookups
06da0c3
@lgarvey
Failure to load processor should not pass silently
9c87dfc
@lgarvey
Rename IDP extra_data key to extra_config
cc36000
@lgarvey
Add logic to allow settings.SAML_IDP_DJANGO_USER_MAIN_ATTRIBUTE
ee89864
@lgarvey
Add processor.is_enabled() to allow for additional checks
a50fd63
@lgarvey
.gitignore virtualenv and .idea dirs
fdbe004
@lgarvey
Fix up test and add some basic tests (more to follow)
db88da3
@lgarvey
Move user id retrieval logic to processor
c321a87
@lgarvey
Merge pull request #2 from lgarvey/fix_idp_initiated_redirect_binding
569c31c 
Fix login view parses the authn request using correct binding
@lgarvey
Built in exeptions don't have __module__
135c8a9
@mhindery
Merge branch 'master' into master
e310de6
mhindery
mhindery approved these changes Jan 10, 2019
View reviewed changes
Copy link
Contributor

@mhindery mhindery left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks all good to me.

I've added a comment about a little bugfix which I just pushed which isn't in your fork, and another about a small possible optimization.

Do you find the separate is_enabled() and has_access methods on the Processor classes are okay, or could they be combined into a single method taking the request as param?

djangosaml2idp/views.py
identity=identity, userid=request.user.username,
name_id=NameID(format=resp_args['name_id_policy'].format, sp_name_qualifier=resp_args['sp_entity_id'], text=request.user.username),
identity=identity, userid=user_id,
name_id=NameID(format=resp_args['name_id_policy'].format, sp_name_qualifier=resp_args['sp_entity_id'], text=user_id),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As an fyi: this was changed from sp_name_qualifier=resp_args['destination'] to sp_name_qualifier=resp_args['sp_entity_id'] according to the issue filed here #18

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, makes sense - I'll test this in our UAT env tomorrow.

djangosaml2idp/processors.py Show resolved Hide resolved
lgarvey
lgarvey commented Jan 10, 2019
View reviewed changes
djangosaml2idp/processors.py Outdated Show resolved Hide resolved
@lgarvey
Copy link
Contributor Author

lgarvey commented Jan 11, 2019

@mhindery I haven't had time to do what I wanted today - so maybe let's get this in a mergeable state and I'll raise another PR with some tests.

@mhindery
Copy link
Contributor

I'm fine with merging this as it is. I'll then add some documentation about the changes as there are some backwards-incompatible changes, and publish a new version. Does that sound ok to you?

@lgarvey
Copy link
Contributor Author

lgarvey commented Jan 11, 2019 via email

@mhindery mhindery merged commit ba324d7 into OTA-Insight:master Jan 11, 2019
@mhindery
Copy link
Contributor

The docs have been updated, I've released a new version: https://pypi.org/project/djangosaml2idp/0.5.0/

Thank you for your contribution!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mhindery mhindery mhindery approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lgarvey @mhindery