SAML: Allow specifying the IdP entityid to use. (#8630)

If the SAML metadata includes multiple IdPs it is necessary to specify which IdP to redirect users to for authentication.
author: Ben Banfield-Zanin <benbz@matrix.org> 2020-11-19 14:57:13 +0000
committer: GitHub <noreply@github.com> 2020-11-19 09:57:13 -0500
commit: 53a6f5ddf0c6bf2a8c8c3b757fb54a0c7755daf7 (patch)
tree: 9dc5edaf1408de85cc569a0dd12fbe7643ca31cd /synapse/handlers/saml_handler.py
parent: Consistently use room_id from federation request body (#8776) (diff)
download: synapse-53a6f5ddf0c6bf2a8c8c3b757fb54a0c7755daf7.tar.xz
1 files changed, 2 insertions, 1 deletions
diff --git a/synapse/handlers/saml_handler.py b/synapse/handlers/saml_handler.py
index aee772239a..9bf430b656 100644
--- a/synapse/handlers/saml_handler.py
+++ b/synapse/handlers/saml_handler.py
@@ -58,6 +58,7 @@ class SamlHandler(BaseHandler):
     def __init__(self, hs: "synapse.server.HomeServer"):
         super().__init__(hs)
         self._saml_client = Saml2Client(hs.config.saml2_sp_config)
+        self._saml_idp_entityid = hs.config.saml2_idp_entityid
         self._auth_handler = hs.get_auth_handler()
         self._registration_handler = hs.get_registration_handler()
 
@@ -100,7 +101,7 @@ class SamlHandler(BaseHandler):
             URL to redirect to
         """
         reqid, info = self._saml_client.prepare_for_authenticate(
-            relay_state=client_redirect_url
+            entityid=self._saml_idp_entityid, relay_state=client_redirect_url
         )
 
         # Since SAML sessions timeout it is useful to log when they were created.
author	Ben Banfield-Zanin <benbz@matrix.org>	2020-11-19 14:57:13 +0000
committer	GitHub <noreply@github.com>	2020-11-19 09:57:13 -0500
commit	53a6f5ddf0c6bf2a8c8c3b757fb54a0c7755daf7 (patch)
tree	9dc5edaf1408de85cc569a0dd12fbe7643ca31cd /synapse/handlers/saml_handler.py
parent	Consistently use room_id from federation request body (#8776) (diff)
download	synapse-53a6f5ddf0c6bf2a8c8c3b757fb54a0c7755daf7.tar.xz