From b99a8de8c6614d456c5aefd22cc57d125ff61619 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolfo=20G=C3=B3mez=20Garc=C3=ADa?= Date: Fri, 24 Jun 2022 16:53:33 +0200 Subject: [PATCH] Added metadata config fields for SAML --- server/src/uds/auths/SAML/saml.py | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/server/src/uds/auths/SAML/saml.py b/server/src/uds/auths/SAML/saml.py index f5bc7cdf4..cd3b00cd3 100644 --- a/server/src/uds/auths/SAML/saml.py +++ b/server/src/uds/auths/SAML/saml.py @@ -33,6 +33,7 @@ import re from urllib.parse import urlparse import xml.sax +import datetime import requests import logging import typing @@ -43,6 +44,8 @@ from onelogin.saml2.idp_metadata_parser import OneLogin_Saml2_IdPMetadataParser from onelogin.saml2.settings import OneLogin_Saml2_Settings from django.utils.translation import gettext_noop as _, gettext + +from uds.models import getSqlDatetime from uds.core.ui import gui from uds.core import auths from uds.core.managers import cryptoManager @@ -282,6 +285,23 @@ class SAMLAuthenticator(auths.Authenticator): tab=_('Security'), ) + metadataCacheDuration = gui.NumericField( + label=_('Metadata cache duration'), + defvalue=0, + order=22, + tooltip=_('Duration of metadata cache in seconds'), + tab=_('Metadata'), + ) + + metadataValidityDuration = gui.NumericField( + label=_('Metadata validity duration'), + defvalue=0, + order=22, + tooltip=_('Duration of metadata validity in seconds'), + tab=_('Metadata'), + ) + + manageUrl = gui.HiddenField(serializable=True) def initialize(self, values: typing.Optional[typing.Dict[str, typing.Any]]) -> None: @@ -456,6 +476,8 @@ class SAMLAuthenticator(auths.Authenticator): }, 'idp': self.getIdpMetadataDict()['idp'], 'security': { + 'metadataCacheDuration': self.metadataCacheDuration.int_value if self.metadataCacheDuration.int_value > 0 else None, + 'metadataValidUntil': getSqlDatetime() + datetime.timedelta(seconds=self.metadataValidityDuration.int_value) if self.metadataCacheDuration.int_value > 0 else None, 'nameIdEncrypted': self.nameIdEncrypted.isTrue(), 'authnRequestsSigned': self.authnRequestsSigned.isTrue(), 'logoutRequestSigned': self.logoutRequestSigned.isTrue(),