diff --git a/synapse/rest/client/v1/login.py b/synapse/rest/client/v1/login.py
index a31d277935..b59aa3d5c9 100644
--- a/synapse/rest/client/v1/login.py
+++ b/synapse/rest/client/v1/login.py
@@ -487,19 +487,10 @@ class SAMLRedirectServlet(BaseSsoRedirectServlet):
PATTERNS = client_patterns("/login/sso/redirect", v1=True)
def __init__(self, hs):
- self._saml_client = hs.get_saml_client()
+ self._saml_handler = hs.get_saml_handler()
def get_sso_url(self, client_redirect_url):
- reqid, info = self._saml_client.prepare_for_authenticate(
- relay_state=client_redirect_url
- )
-
- for key, value in info["headers"]:
- if key == "Location":
- return value
-
- # this shouldn't happen!
- raise Exception("prepare_for_authenticate didn't return a Location header")
+ return self._saml_handler.handle_redirect_request(client_redirect_url)
class SSOAuthHandler(object):
diff --git a/synapse/rest/saml2/response_resource.py b/synapse/rest/saml2/response_resource.py
index 9ec56d6adb..8ee22473e9 100644
--- a/synapse/rest/saml2/response_resource.py
+++ b/synapse/rest/saml2/response_resource.py
@@ -13,19 +13,11 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-import logging
-
-import saml2
from twisted.web.resource import Resource
from twisted.web.server import NOT_DONE_YET
-from synapse.api.errors import CodeMessageException
from synapse.http.server import wrap_html_request_handler
-from synapse.http.servlet import parse_string
-from synapse.rest.client.v1.login import SSOAuthHandler
-
-logger = logging.getLogger(__name__)
class SAML2ResponseResource(Resource):
@@ -35,8 +27,7 @@ class SAML2ResponseResource(Resource):
def __init__(self, hs):
Resource.__init__(self)
- self._saml_client = hs.get_saml_client()
- self._sso_auth_handler = SSOAuthHandler(hs)
+ self._saml_handler = hs.get_saml_handler()
def render_POST(self, request):
self._async_render_POST(request)
@@ -44,26 +35,4 @@ class SAML2ResponseResource(Resource):
@wrap_html_request_handler
def _async_render_POST(self, request):
- resp_bytes = parse_string(request, "SAMLResponse", required=True)
- relay_state = parse_string(request, "RelayState", required=True)
-
- try:
- saml2_auth = self._saml_client.parse_authn_request_response(
- resp_bytes, saml2.BINDING_HTTP_POST
- )
- except Exception as e:
- logger.warning("Exception parsing SAML2 response", exc_info=1)
- raise CodeMessageException(400, "Unable to parse SAML2 response: %s" % (e,))
-
- if saml2_auth.not_signed:
- raise CodeMessageException(400, "SAML2 response was not signed")
-
- if "uid" not in saml2_auth.ava:
- raise CodeMessageException(400, "uid not in SAML2 response")
-
- username = saml2_auth.ava["uid"][0]
-
- displayName = saml2_auth.ava.get("displayName", [None])[0]
- return self._sso_auth_handler.on_successful_auth(
- username, request, relay_state, user_display_name=displayName
- )
+ return self._saml_handler.handle_saml_response(request)
|
