Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Supporting ForceAuthn SAML request attribute #357

Merged
merged 1 commit into from
Dec 31, 2024
Merged

Supporting ForceAuthn SAML request attribute #357

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion AUTHORS.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,4 +61,5 @@ an issue.
- [Michael V. Battista](https://github.com/mvbattista)
- [William Abbott](https://github.com/wrabit)
- [Henry Harutyunyan](https://github.com/henryh9n) (Revolut)
- [Noppanut Ploywong](https://github.com/noppanut15)
- [Noppanut Ploywong](https://github.com/noppanut15)
- [Mohammed Almeshal](https://github.com/MohammedAlmeshal)
2 changes: 2 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -208,6 +208,7 @@ python setup.py install
'LOGOUT_REQUESTS_SIGNED': True, # Require each logout request to be signed
'WANT_ASSERTIONS_SIGNED': True, # Require each assertion to be signed
'WANT_RESPONSE_SIGNED': True, # Require response to be signed
'FORCE_AUTHN': False, # Forces the user to re-authenticate with each authentication request
'ACCEPTED_TIME_DIFF': None, # Accepted time difference between your server and the Identity Provider
'ALLOWED_REDIRECT_HOSTS': ["https://myfrontendclient.com"], # Allowed hosts to redirect to using the ?next parameter
'TOKEN_REQUIRED': True, # Whether or not to require the token parameter in the SAML assertion
Expand Down Expand Up @@ -278,6 +279,7 @@ Some of the following settings are related to how this module operates. The rest
| **LOGOUT\_REQUESTS\_SIGNED** | Set this to `False` if your provider doesn't sign each logout request. | `bool` | `True` | |
| **WANT\_ASSERTIONS\_SIGNED** | Set this to `False` if your provider doesn't sign each assertion. | `bool` | `True` | |
| **WANT\_RESPONSE\_SIGNED** | Set this to `False` if you don't want your provider to sign the response. | `bool` | `True` | |
| **FORCE\_AUTHN** | SAML2 request attribute that forces the user to re-authenticate with the Identity Provider (IdP), even if they already have an active session. | `bool` | `False` | |
| **ACCEPTED\_TIME\_DIFF** | Sets the [accepted time diff](https://pysaml2.readthedocs.io/en/latest/howto/config.html#accepted-time-diff) in seconds | `int` or `None` | `None` | |
| **ALLOWED\_REDIRECT\_HOSTS** | Allowed hosts to redirect to using the `?next=` parameter | `list` | `[]` | `['https://app.example.com', 'https://api.exmaple.com']` |
| **DISABLE\_EXCEPTION\_HANDLER** | Set this to `True` if you want to disable the exception handler. Make sure to handle the `SAMLAuthError`s and other exceptions. | `bool` | `False` | |
Expand Down
1 change: 1 addition & 0 deletions django_saml2_auth/saml.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -238,6 +238,7 @@ def get_saml_client(
"want_response_signed": dictor(
saml2_auth_settings, "WANT_RESPONSE_SIGNED", default=True
),
"force_authn": dictor(saml2_auth_settings, "FORCE_AUTHN", default=False),
},
},
}
Expand Down
Loading