Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate SAMLRequst URL query parameter for unsigned SP-initiated login #67

Draft
wants to merge 6 commits into
base: master
Choose a base branch
from
Draft

Generate SAMLRequst URL query parameter for unsigned SP-initiated login #67

wants to merge 6 commits into from

Conversation

tomcatling
Copy link

This adds a minimal SAMLRequest to the login redirect so that SP-initiated login works as expected.

To do:

  • add some tests
  • check for presence of WantAuthnRequestsSigned="false" in IDP metadata before generating the request (revert to plain redirect if true?)
  • make sure the generated request is consistent with output of _make_sp_metadata() and also respects IDP metadata
Developer Certificate of Origin Version 1.1

Copyright (C) 2004, 2006 The Linux Foundation and its contributors. 660 York Street, Suite 102, San Francisco, CA 94110 USA

Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.

Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or

(b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or

(c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it.

(d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved.

Signed-off-by: Tom Catling [email protected]

miettal
miettal reviewed Jun 23, 2022
View reviewed changes
samlauthenticator/samlauthenticator.py
authenticator_self._make_authn_request(element_name, handler_self).encode('utf8')
)[2:-4]))
handler_self.redirect(
f"{redirect_url}?SAMLRequest={authn_requst}",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if redurect url already has queryparametar, question mark will be appeared twice.

actually google workspace saml include idpid parameter in redirect URL. if that case redirection will fail.

@erik-kkr erik-kkr mentioned this pull request Mar 8, 2023
Open
jeanmonet added a commit to jeanmonet/jupyterhub-samlauthenticator that referenced this pull request Sep 18, 2024
@jeanmonet
Working with JupyterHub 5 & SP-initiated login
cbffcf6 
Includes additions & fixes to:
- HewlettPackard#67
- HewlettPackard#72
@jeanmonet jeanmonet mentioned this pull request Sep 18, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@miettal miettal miettal left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tomcatling @miettal