fix: 修复 saml2 登陆的问题

2025-09-01 15:37:19 +00:00 · 2021-12-13 17:47:56 +08:00
parent 21d4ffa33b
commit 330917df4c
4 changed files with 30 additions and 8 deletions
--- a/apps/authentication/backends/saml2/backends.py
+++ b/apps/authentication/backends/saml2/backends.py
@@ -17,8 +17,7 @@ logger = get_logger(__file__)


 class SAML2Backend(ModelBackend):
-    @staticmethod
-    def user_can_authenticate(user):
+    def user_can_authenticate(self, user):
        is_valid = getattr(user, 'is_valid', None)
        return is_valid or is_valid is None

@@ -42,9 +41,10 @@ class SAML2Backend(ModelBackend):
        log_prompt = "Process authenticate [SAML2AuthCodeBackend]: {}"
        logger.debug(log_prompt.format('Start'))
        if saml_user_data is None:
-            logger.debug(log_prompt.format('saml_user_data is missing'))
+            logger.error(log_prompt.format('saml_user_data is missing'))
            return None

+        logger.debug(log_prompt.format('saml data, {}'.format(saml_user_data)))
        username = saml_user_data.get('username')
        if not username:
            logger.debug(log_prompt.format('username is missing'))
--- a/apps/authentication/backends/saml2/views.py
+++ b/apps/authentication/backends/saml2/views.py
@@ -1,5 +1,4 @@
-import json
-import os
+import copy

 from django.views import View
 from django.contrib import auth as auth
@@ -96,10 +95,18 @@ class PrepareRequestMixin:
    def get_advanced_settings():
        try:
            other_settings = dict(settings.SAML2_SP_ADVANCED_SETTINGS)
+            other_settings = copy.deepcopy(other_settings)
        except Exception as error:
            logger.error('Get other settings error: %s', error)
            other_settings = {}

+        security_default = {
+            'wantAttributeStatement': False,
+            'allowRepeatAttributeName': True
+        }
+        security = other_settings.get('security', {})
+        security_default.update(security)
+
        default = {
            "organization": {
                "en": {
@@ -107,9 +114,10 @@ class PrepareRequestMixin:
                    "displayname": "JumpServer",
                    "url": "https://jumpserver.org/"
                }
-            }
+            },
        }
        default.update(other_settings)
+        default['security'] = security_default
        return default

    def get_sp_settings(self):
@@ -156,9 +164,12 @@ class PrepareRequestMixin:
        user_attrs = {}
        real_key_index = len(settings.SITE_URL) + 1
        attrs = saml_instance.get_attributes()
+        valid_attrs = ['username', 'name', 'email', 'comment', 'phone']

        for attr, value in attrs.items():
            attr = attr[real_key_index:]
+            if attr not in valid_attrs:
+                continue
            user_attrs[attr] = self.value_to_str(value)
        return user_attrs