Commit 14c4c555 authored by ale's avatar ale

set audience restriction to issuer

parent ae7c881d
......@@ -201,6 +201,9 @@ class Processor(object):
params['REQUEST_ID'] = request['id']
params['DESTINATION'] = request.get('destination', '')
params['PROVIDER_NAME'] = request.get('providername', '')
issuer = soup.find('saml:issuer')
if issuer:
params['ISSUER'] = issuer.string
self._request_params = params
def _reset(self, sp_config=None):
......
......@@ -28,6 +28,11 @@ class SSOProcessor(base.Processor):
def _decode_request(self):
self._request_xml = zlib.decompress(base64.b64decode(self._saml_request), -15)
def _determine_audience(self):
self._audience = self._request_params.get('ISSUER', None)
if not self._audience:
super(SSOProcessor, self)._determine_audience()
def _format_assertion(self):
# Add attributes that gitlab needs (?).
self._assertion_params['ATTRIBUTES'] = {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment