From ee5c0a9c218f131d231c8fd8540e04e9decb6b30 Mon Sep 17 00:00:00 2001 From: Guillaume Rousse Date: Wed, 22 Jan 2025 10:43:20 +0100 Subject: [PATCH] make metadata endpoints configurable as others Rather have a working metadata exposure endpoint registration, whatever base url is, than try to deduce it from entityID. --- example/plugins/backends/saml2_backend.yaml.example | 2 ++ src/satosa/backends/saml2.py | 8 +++----- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/example/plugins/backends/saml2_backend.yaml.example b/example/plugins/backends/saml2_backend.yaml.example index 08eb6404..a9dc0c0e 100644 --- a/example/plugins/backends/saml2_backend.yaml.example +++ b/example/plugins/backends/saml2_backend.yaml.example @@ -66,6 +66,8 @@ config: - [/acs/post, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'] discovery_response: - [/disco, 'urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol'] + metadata_exposal: /proxy_saml2_backend.xml + metadata_reload: /reload-metadata # name_id_format: a list of strings to set the element in SP metadata # name_id_policy_format: a string to set the Format attribute in the NameIDPolicy element diff --git a/src/satosa/backends/saml2.py b/src/satosa/backends/saml2.py index 3b120df7..b0ecfa86 100644 --- a/src/satosa/backends/saml2.py +++ b/src/satosa/backends/saml2.py @@ -611,14 +611,12 @@ def register_endpoints(self): ("^%s$" % endp, self.disco_response)) if self.expose_entityid_endpoint(): - logger.debug("Exposing backend entity endpoint = {}".format(self.sp.config.entityid)) - parsed_entity_id = urlparse(self.sp.config.entityid) - url_map.append(("^{0}".format(parsed_entity_id.path[1:]), - self._metadata_endpoint)) + url_map.append( + ("^%s$" % sp_endpoints["metadata_exposal"], self._metadata_endpoint)) if self.enable_metadata_reload(): url_map.append( - ("^%s/%s$" % (self.name, "reload-metadata"), self._reload_metadata)) + ("^%s$" % sp_endpoints["metadata_reload"], self._reload_metadata)) logger.debug(f"Loaded SAML2 endpoints: {url_map}") return url_map