From 9e8576d7dace172f6c9f2ddaa8cb80df71290aa4 Mon Sep 17 00:00:00 2001 From: Mehdi Benadda Date: Mon, 30 Mar 2020 17:09:16 +0200 Subject: [PATCH] Fix SAML ticket verification failing when response is not namespaced Namespacing of the soap response is not necessary. If the response is not namespaced, the status code would be eg. `"Success"` instead of `"ns2:Success"` and cause the client to fail authentication when it had succeeded. We can remove the `:` in the expected status code end substring to support non namespaced responses. --- README.rst | 3 ++- cas.py | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/README.rst b/README.rst index 78a4d1d..ff76b95 100644 --- a/README.rst +++ b/README.rst @@ -96,6 +96,7 @@ Credits * `Édouard Lopez`_. * `Guillaume Vincent`_. * `Evgeny Fadeev`_. +* `Mehdi Benadda`_. References ---------- @@ -125,6 +126,6 @@ References .. _Édouard Lopez: https://github.com/edouard-lopez .. _Guillaume Vincent: https://github.com/guillaumevincent .. _Evgeny Fadeev: https://github.com/evgenyfadeev +.. _Mehdi Benadda: https://github.com/mbenadda .. _API Documentation: https://djangocas.dev/docs/latest/modules/python_cas.html .. _Sample integration with Flask: https://djangocas.dev/blog/python-cas-flask-example/ - diff --git a/cas.py b/cas.py index 0f96d1f..93e5b1c 100644 --- a/cas.py +++ b/cas.py @@ -338,7 +338,7 @@ def verify_ticket(self, ticket, **kwargs): tree = ElementTree.fromstring(response) # Find the authentication status success = tree.find('.//' + SAML_1_0_PROTOCOL_NS + 'StatusCode') - if success is not None and success.attrib['Value'].endswith(':Success'): + if success is not None and success.attrib['Value'].endswith('Success'): # User is validated name_identifier = tree.find('.//' + SAML_1_0_ASSERTION_NS + 'NameIdentifier') if name_identifier is not None: