Univention Bugzilla – Attachment 10839 Details for
Bug 52888
saml message is not updated in umc-server process
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch (git:fbest/52888-reauthenticate-on-new-saml-message)
52888.patch (text/plain), 1.88 KB, created by
Florian Best
on 2021-10-05 09:48:43 CEST
(
hide
)
Description:
patch (git:fbest/52888-reauthenticate-on-new-saml-message)
Filename:
MIME Type:
Creator:
Florian Best
Created:
2021-10-05 09:48:43 CEST
Size:
1.88 KB
patch
obsolete
>commit fda2216c11f86a874bb8d03ea430492524ea36f5 >Author: Florian Best <best@univention.de> >Date: Tue Oct 5 09:45:39 2021 +0200 > > Bug #52888: force re-authentication at UMC-Server when a new SAML message is available > >diff --git management/univention-management-console/univention-management-console-web-server management/univention-management-console/univention-management-console-web-server >index 65b5436b65..dabc67a7b1 100755 >--- management/univention-management-console/univention-management-console-web-server >+++ management/univention-management-console/univention-management-console-web-server >@@ -1259,7 +1259,8 @@ class SAML(Ressource): > def attribute_consuming_service(self, binding, message, relay_state): > response = self.acs(message, binding) > saml = SAMLUser(response, message) >- self.set_session(self.create_sessionid(), saml.username, saml=saml) >+ user = self.set_session(self.create_sessionid(), saml.username, saml=saml) >+ self.drop_umcp_authentication(user.sessionid) > > # protect against javascript:alert('XSS'), mailto:foo and other non relative links! > location = urlparse(relay_state) >@@ -1275,10 +1276,17 @@ class SAML(Ressource): > saml = SAMLUser(response, message) > sessionid = self.create_sessionid() > self.set_session(sessionid, saml.username, saml=saml) >+ self.drop_umcp_authentication(sessionid) > cherrypy.response.headers['Content-Type'] = 'text/html' > data = {"status": 200, "result": {"username": saml.username}} > return b'<html><body><textarea>%s</textarea></body></html>' % (json.dumps(data).encode('ASCII'),) > >+ def drop_umcp_authentication(self, sessionid): >+ """Force re-authentication if we get a new SAML message""" >+ client = UMCP_Dispatcher.sessions.get(sessionid) >+ if client: >+ client.authenticated = False >+ > @cherrypy.expose > def slo(self, *args, **kwargs): # single logout service > binding, message, relay_state = self._get_saml_message()
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=10839">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 52888
:
10711
| 10839