SimpleSAML integration to support FAU's StudOn#127
Conversation
…n and making the two changes mentioned in Garmelon/issues/126. TFA not tested yet.
…branch"quickNdirty-SAML").
…n and making the two changes mentioned in Garmelon/issues/126. TFA not tested yet.
…ERD-FAU into simpleSAML-integration
|
Is this still something you are interested in? |
|
Yes. I'm using my modified version daily. |
I-Al-Istannen
left a comment
I-Al-Istannen
left a comment
There was a problem hiding this comment.
WDYT about these?
| form = cast(Tag, soup.find("form", {"method": "post"})) | ||
| action = cast(str, form["action"]) | ||
| # dynamically determine full URL from action (FAU uses full URL here, KIT uses relative URL) | ||
| url = action if action.startswith("https") else str(saml_url.origin()) + action |
There was a problem hiding this comment.
This sounds like you want a urljoin?
There was a problem hiding this comment.
Yes would be better.
(I just copied this from shibboleth_login.py)
| if csrf_token_input := form.find("input", {"name": "csrf_token"}): | ||
| data["csrf_token"] = csrf_token_input["value"] # type: ignore | ||
|
|
||
| soup = await _post(sess, url, data) |
There was a problem hiding this comment.
The URL returned here doesn't matter, I assume? It is okay to re-use the saml_url from above later on.
There was a problem hiding this comment.
Sorry, I don't quite get your point.
What would you suggest instead.
There was a problem hiding this comment.
I was just wondering whether the post also redirects you and you need to use the new URL for your later POSTs. But if it works for you it probably doesn't and the existing code is fine
There was a problem hiding this comment.
Ah, I see.
I'm not sure whether the new URL is necessary, as the login always works after the first POST (no furhter iterations necessary).
I think we can leave it as is.
2 participants
As discussed in issue #126, I implemented the SimpleSAML login method
simple-saml.My implementation is based (and tested) on the ILIAS instance StudOn of the Friedrich-Alexander-Universität Erlangen-Nürnberg, which uses SimpleSAML as a SSO method.
The class
SimpleSAMLLoginwas created by duplicating the classShibbolethLoginand making the two changes mentioned in the issue.TFA had to be slightly modified as well to work for the FAU's login page (www.sso.uni-erlangen.de).
The scripts
formatandcheckran without errors or warnings.I briefly updated the documetation in
CONFIG.md.I think it would be helpful to provide some example configuration like the following, but I didn't know where to put it in the documentation.