Merge "Add remote_id definition in _perform_auth"

This commit is contained in:
Zuul 2019-09-20 18:25:39 +00:00 committed by Gerrit Code Review
commit e6d41159c6
3 changed files with 18 additions and 0 deletions

View File

@ -338,6 +338,7 @@ class AuthFederationWebSSOResource(_AuthFederationWebSSOBase):
@classmethod
def _perform_auth(cls, protocol_id):
idps = PROVIDERS.federation_api.list_idps()
remote_id = None
for idp in idps:
try:
remote_id_name = federation_utils.get_remote_id_parameter(

View File

@ -4886,6 +4886,16 @@ class WebSSOTests(FederatedTokenTests):
auth_api.AuthFederationWebSSOResource._perform_auth,
self.PROTOCOL)
def test_federated_sso_auth_protocol_not_found(self):
environment = {self.REMOTE_ID_ATTR: self.REMOTE_IDS[0],
'QUERY_STRING': 'origin=%s' % self.ORIGIN}
environment.update(mapping_fixtures.EMPLOYEE_ASSERTION)
with self.make_request(environ=environment):
self.assertRaises(
exception.Unauthorized,
auth_api.AuthFederationWebSSOResource._perform_auth,
'no_this_protocol')
def test_federated_sso_untrusted_dashboard(self):
environment = {self.REMOTE_ID_ATTR: self.REMOTE_IDS[0],
'QUERY_STRING': 'origin=%s' % uuid.uuid4().hex}

View File

@ -0,0 +1,7 @@
---
fixes:
- |
[`bug 1844207 <https://bugs.launchpad.net/keystone/+bug/1844207>`_]
Fixes an issue with WebSSO auth where a server error was raised if a remote
ID can't be found for the requested federation protocol, now correctly
raises an Unauthorized client error.