Merge "Add federated auth for idp specific websso"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
5718e5adbf
|
|
@ -316,6 +316,15 @@ class Auth(auth_controllers.Auth):
|
|||
token_id = res.headers['X-Subject-Token']
|
||||
return self.render_html_response(host, token_id)
|
||||
|
||||
def federated_idp_specific_sso_auth(self, context, idp_id, protocol_id):
|
||||
host = self._get_sso_origin_host(context)
|
||||
|
||||
# NOTE(lbragstad): We validate that the Identity Provider actually
|
||||
# exists in the Mapped authentication plugin.
|
||||
res = self.federated_authentication(context, idp_id, protocol_id)
|
||||
token_id = res.headers['X-Subject-Token']
|
||||
return self.render_html_response(host, token_id)
|
||||
|
||||
def render_html_response(self, host, token_id):
|
||||
"""Forms an HTML Form from a template with autosubmit."""
|
||||
|
||||
|
|
|
|||
|
|
@ -72,6 +72,9 @@ class FederationExtension(wsgi.V3ExtensionRouter):
|
|||
protocols/{protocol}/auth
|
||||
POST /OS-FEDERATION/identity_providers/{identity_provider}/
|
||||
protocols/{protocol}/auth
|
||||
GET /auth/OS-FEDERATION/identity_providers/
|
||||
{idp_id}/protocols/{protocol_id}/websso
|
||||
?origin=https%3A//horizon.example.com
|
||||
|
||||
POST /auth/OS-FEDERATION/saml2
|
||||
POST /auth/OS-FEDERATION/saml2/ecp
|
||||
|
|
@ -225,6 +228,16 @@ class FederationExtension(wsgi.V3ExtensionRouter):
|
|||
path_vars={
|
||||
'protocol_id': PROTOCOL_ID_PARAMETER_RELATION,
|
||||
})
|
||||
self._add_resource(
|
||||
mapper, auth_controller,
|
||||
path='/auth' + self._construct_url(
|
||||
'identity_providers/{idp_id}/protocols/{protocol_id}/websso'),
|
||||
get_post_action='federated_idp_specific_sso_auth',
|
||||
rel=build_resource_relation(resource_name='identity_providers'),
|
||||
path_vars={
|
||||
'idp_id': IDP_ID_PARAMETER_RELATION,
|
||||
'protocol_id': PROTOCOL_ID_PARAMETER_RELATION,
|
||||
})
|
||||
|
||||
# Keystone-Identity-Provider metadata endpoint
|
||||
self._add_resource(
|
||||
|
|
|
|||
|
|
@ -3363,6 +3363,16 @@ class WebSSOTests(FederatedTokenTests):
|
|||
self.api.federated_sso_auth,
|
||||
context, self.PROTOCOL)
|
||||
|
||||
def test_identity_provider_specific_federated_authentication(self):
|
||||
environment = {self.REMOTE_ID_ATTR: self.REMOTE_IDS[0]}
|
||||
context = {'environment': environment}
|
||||
query_string = {'origin': self.ORIGIN}
|
||||
self._inject_assertion(context, 'EMPLOYEE_ASSERTION', query_string)
|
||||
resp = self.api.federated_idp_specific_sso_auth(context,
|
||||
self.idp['id'],
|
||||
self.PROTOCOL)
|
||||
self.assertIn(self.TRUSTED_DASHBOARD, resp.body)
|
||||
|
||||
|
||||
class K2KServiceCatalogTests(FederationTests):
|
||||
SP1 = 'SP1'
|
||||
|
|
|
|||
|
|
@ -170,6 +170,8 @@ BASE_ACCESS_TOKEN = (
|
|||
# TODO(stevemar): Use BASE_IDP_PROTOCOL when bug 1420125 is resolved.
|
||||
FEDERATED_AUTH_URL = ('/OS-FEDERATION/identity_providers/{identity_provider}'
|
||||
'/protocols/{protocol}/auth')
|
||||
FEDERATED_IDP_SPECIFIC_WEBSSO = ('/auth/OS-FEDERATION/identity_providers/'
|
||||
'{idp_id}/protocols/{protocol_id}/websso')
|
||||
|
||||
V3_JSON_HOME_RESOURCES_INHERIT_DISABLED = {
|
||||
json_home.build_v3_resource_relation('auth_tokens'): {
|
||||
|
|
@ -368,6 +370,11 @@ V3_JSON_HOME_RESOURCES_INHERIT_DISABLED = {
|
|||
{
|
||||
'href-template': '/OS-FEDERATION/identity_providers/{idp_id}',
|
||||
'href-vars': {'idp_id': IDP_ID_PARAMETER_RELATION, }},
|
||||
_build_federation_rel(resource_name='identity_providers'): {
|
||||
'href-template': FEDERATED_IDP_SPECIFIC_WEBSSO,
|
||||
'href-vars': {
|
||||
'idp_id': IDP_ID_PARAMETER_RELATION,
|
||||
'protocol_id': PROTOCOL_ID_PARAM_RELATION, }},
|
||||
_build_federation_rel(resource_name='service_provider'):
|
||||
{
|
||||
'href-template': '/OS-FEDERATION/service_providers/{sp_id}',
|
||||
|
|
|
|||
Loading…
Reference in New Issue