(feat): Chalice - Allow SAML users to login with non-password methods as well as the usual password method, for example Windows Integrated Authentication

2023-03-29 16:24:35 +00:00 · 2023-03-29 16:24:35 +00:00 · 67196ffebc
commit 67196ffebc
parent ea838c171b
1 changed files with 8 additions and 3 deletions
--- a/ee/api/chalicelib/utils/SAML2_helper.py
+++ b/ee/api/chalicelib/utils/SAML2_helper.py
@ -22,7 +22,10 @@ SAML2 = {
        },
        "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
        "x509cert": config("sp_crt", default=""),
-        "privateKey": config("sp_key", default="")
+        "privateKey": config("sp_key", default=""),
+        "security": {
+            "requestedAuthnContext": False
+        }
    },
    "idp": None
 }
@ -38,7 +41,8 @@ if config("SAML2_MD_URL", default=None) is not None and len(config("SAML2_MD_URL
    print("SAML2_MD_URL provided, getting IdP metadata config")
    from onelogin.saml2.idp_metadata_parser import OneLogin_Saml2_IdPMetadataParser

-    idp_data = OneLogin_Saml2_IdPMetadataParser.parse_remote(config("SAML2_MD_URL", default=None))
+    idp_data = OneLogin_Saml2_IdPMetadataParser.parse_remote(
+        config("SAML2_MD_URL", default=None))
    idp = idp_data.get("idp")

 if SAML2["idp"] is None:
@ -73,7 +77,8 @@ def init_saml_auth(req):


 async def prepare_request(request: Request):
-    request.args = dict(request.query_params).copy() if request.query_params else {}
+    request.args = dict(request.query_params).copy(
+    ) if request.query_params else {}
    form: FormData = await request.form()
    request.form = dict(form)
    cookie_str = request.headers.get("cookie", "")