adding optional configuration for ADFS SAML compatibility

pradipanand-zz · Feb 12, 2018 · 4d274ab · 4d274ab
1 parent 8e8f3c3
commit 4d274ab
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 2 deletions.
diff --git a/README.rst b/README.rst
@@ -145,6 +145,8 @@ How to use?
                 'BEFORE_LOGIN': 'path.to.your.login.hook.method',
             },
             'ASSERTION_URL': 'https://mysite.com', # Custom URL to validate incoming SAML requests against
+            'ENTITY_ID': 'https://mysite.com/saml2_auth/acs/', # Populates the Issuer element in authn request
+            'NAME_ID_FORMAT': FormatString, # Sets the Format property of authn NameIDPolicy element
         }
 
 #. In your SAML2 SSO identity provider, set the Single-sign-on URL and Audience
@@ -177,9 +179,14 @@ attributes are returned by the SAML2 identity provider. This method should accep
 **ASSERTION_URL** A URL to validate incoming SAML responses against. By default,
 django-saml2-auth will validate the SAML response's Service Provider address
 against the actual HTTP request's host and scheme. If this value is set, it
-will validate against ASSERTION_URL instead - perfect for when django running 
+will validate against ASSERTION_URL instead - perfect for when django running
 behind a reverse proxy.
 
+**ENTITY_ID** The optional entity ID string to be passed in the 'Issuer' element of authn request, if required by the IDP.
+
+**NAME_ID_FORMAT** Set to the string 'None', to exclude sending the 'Format' property of the 'NameIDPolicy' element in authn requests.
+Default value if not specified is 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'.
+
 Customize
 =========
 

diff --git a/django_saml2_auth/views.py b/django_saml2_auth/views.py
@@ -89,6 +89,12 @@ def _get_saml_client(domain):
         },
     }
 
+    if 'ENTITY_ID' in settings.SAML2_AUTH:
+        saml_settings['entityid'] = settings.SAML2_AUTH['ENTITY_ID']
+
+    if 'NAME_ID_FORMAT' in settings.SAML2_AUTH:
+        saml_settings['service']['sp']['name_id_format'] = settings.SAML2_AUTH['NAME_ID_FORMAT']
+
     spConfig = Saml2Config()
     spConfig.load(saml_settings)
     spConfig.allow_unknown_attributes = True

diff --git a/setup.py b/setup.py
@@ -60,6 +60,6 @@
 
     packages=find_packages(),
 
-    install_requires=['pysaml2==4.0.5'],
+    install_requires=['pysaml2==4.5.0'],
     include_package_data=True,
 )