From 67196ffebc1c9413ece7b7d48bbbf2759c882518 Mon Sep 17 00:00:00 2001
From: Dayan Graham <d.graham50@hotmail.co.uk>
Date: Wed, 29 Mar 2023 16:24:35 +0000
Subject: [PATCH 1/2] (feat): Chalice - Allow SAML users to login with
 non-password methods as well as the usual password method, for example
 Windows Integrated Authentication

---
 ee/api/chalicelib/utils/SAML2_helper.py | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/ee/api/chalicelib/utils/SAML2_helper.py b/ee/api/chalicelib/utils/SAML2_helper.py
index f12f7e795..2a7430ff9 100644
--- a/ee/api/chalicelib/utils/SAML2_helper.py
+++ b/ee/api/chalicelib/utils/SAML2_helper.py
@@ -22,7 +22,10 @@ SAML2 = {
         },
         "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
         "x509cert": config("sp_crt", default=""),
-        "privateKey": config("sp_key", default="")
+        "privateKey": config("sp_key", default=""),
+        "security": {
+            "requestedAuthnContext": False
+        }
     },
     "idp": None
 }
@@ -38,7 +41,8 @@ if config("SAML2_MD_URL", default=None) is not None and len(config("SAML2_MD_URL
     print("SAML2_MD_URL provided, getting IdP metadata config")
     from onelogin.saml2.idp_metadata_parser import OneLogin_Saml2_IdPMetadataParser
 
-    idp_data = OneLogin_Saml2_IdPMetadataParser.parse_remote(config("SAML2_MD_URL", default=None))
+    idp_data = OneLogin_Saml2_IdPMetadataParser.parse_remote(
+        config("SAML2_MD_URL", default=None))
     idp = idp_data.get("idp")
 
 if SAML2["idp"] is None:
@@ -73,7 +77,8 @@ def init_saml_auth(req):
 
 
 async def prepare_request(request: Request):
-    request.args = dict(request.query_params).copy() if request.query_params else {}
+    request.args = dict(request.query_params).copy(
+    ) if request.query_params else {}
     form: FormData = await request.form()
     request.form = dict(form)
     cookie_str = request.headers.get("cookie", "")

From d14d8d3018e47a71c8e63fb686ee6e4de153aeeb Mon Sep 17 00:00:00 2001
From: Dayan Graham <d.graham50@hotmail.co.uk>
Date: Wed, 12 Apr 2023 17:38:21 +0000
Subject: [PATCH 2/2] Move security field to correct area under SAML2 settings

---
 ee/api/chalicelib/utils/SAML2_helper.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ee/api/chalicelib/utils/SAML2_helper.py b/ee/api/chalicelib/utils/SAML2_helper.py
index 2a7430ff9..fc3d878b3 100644
--- a/ee/api/chalicelib/utils/SAML2_helper.py
+++ b/ee/api/chalicelib/utils/SAML2_helper.py
@@ -23,9 +23,9 @@ SAML2 = {
         "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
         "x509cert": config("sp_crt", default=""),
         "privateKey": config("sp_key", default=""),
-        "security": {
-            "requestedAuthnContext": False
-        }
+    },
+    "security": {
+        "requestedAuthnContext": False
     },
     "idp": None
 }