fixed SAML settings

UiL-OTS-labs · Jun 3, 2024 · c43e0e7 · c43e0e7
1 parent 863881e
commit c43e0e7
Showing 1 changed file with 12 additions and 2 deletions.
diff --git a/lab/ppn_backend/saml_settings.py b/lab/ppn_backend/saml_settings.py
@@ -1,5 +1,6 @@
 from os import getenv
 
+import saml2
 from cdh.federated_auth.saml.settings import (
     SAML_APPS,
     SAML_MIDDLEWARE,
@@ -16,11 +17,11 @@ def enable_saml(namespace):
         cert_file="/run/secrets/SAML_CERT",
         idp_metadata=getenv("SAML_IDP_METADATA"),
         contact_given_name=getenv("SAML_CONTACT_NAME"),
-        contact_email=getenv("SAML_CONTACT_EMAIL")
+        contact_email=getenv("SAML_CONTACT_EMAIL"),
     )
 
     namespace["SAML_ATTRIBUTE_MAPPING"] = {
-        "uushortid": ("username",),
+        "uuShortID": ("username",),
         "mail": ("email",),
         "givenName": ("name",),
         "uuPrefixedSn": ("phonenumber",),
@@ -35,3 +36,12 @@ def enable_saml(namespace):
 
     namespace["INSTALLED_APPS"] += SAML_APPS
     namespace["MIDDLEWARE"] += SAML_MIDDLEWARE
+
+    # prevent automatically creating user accounts
+    namespace["SAML_CREATE_UNKNOWN_USER"] = False
+
+    namespace["SAML_DEFAULT_BINDING"] = saml2.BINDING_HTTP_REDIRECT  # or saml2.BIND_HTTP_POST
+    namespace["SAML_LOGOUT_REQUEST_PREFERRED_BINDING"] = saml2.BINDING_HTTP_REDIRECT  # or saml2.BIND_HTTP_POST
+    namespace["SAML_IGNORE_LOGOUT_ERRORS"] = True
+    namespace["SAML_SESSION_COOKIE_NAME"] = "saml_session"
+    namespace["SAML_ACS_FAILURE_RESPONSE_FUNCTION"] = "cdh.federated_auth.saml.views.login_error"