Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

saml: Sign LogoutRequests and LogoutResponses if certs are set up.

This commit is contained in:
Mateusz Mandera 2021-11-05 12:17:54 +01:00 committed by Tim Abbott
parent 0bb0220ebb
commit e8f3b87b17
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
zproject/computed_settings.py
View File

@ -1109,6 +1109,15 @@ if PRODUCTION:
"/etc/zulip/saml/zulip-private-key.key"
)
if SOCIAL_AUTH_SAML_SP_PUBLIC_CERT and SOCIAL_AUTH_SAML_SP_PRIVATE_KEY:
# If the certificates are set up, it's certainly desirable to sign
# LogoutRequests and LogoutResponses unless explicitly specified otherwise
# in the configuration.
if "logoutRequestSigned" not in SOCIAL_AUTH_SAML_SECURITY_CONFIG:
SOCIAL_AUTH_SAML_SECURITY_CONFIG["logoutRequestSigned"] = True
if "logoutResponseSigned" not in SOCIAL_AUTH_SAML_SECURITY_CONFIG:
SOCIAL_AUTH_SAML_SECURITY_CONFIG["logoutResponseSigned"] = True
if "signatureAlgorithm" not in SOCIAL_AUTH_SAML_SECURITY_CONFIG:
# If the configuration doesn't explicitly specify the algorithm,
# we set RSA1 with SHA256 to override the python3-saml default, which uses