nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-05 05:00:19 -05:00
Code

SAML NameID Policy AllowCreate should be null (#918)

Browse Source 
* SAML NameID Policy AllowCreate should be null

* Determine if transient, then null, otherwise true
This commit is contained in:
Chad Scharf 2020-09-08 10:43:07 -04:00 committed by GitHub
parent 44c3dc4786
commit 6574d083fe
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
bitwarden_license/src/Sso/Utilities/DynamicAuthenticationSchemeProvider.cs
View File

@ -331,11 +331,16 @@ namespace Bit.Core.Business.Sso
var spEntityId = new Sustainsys.Saml2.Metadata.EntityId( var spEntityId = new Sustainsys.Saml2.Metadata.EntityId(
config.BuildSaml2ModulePath(_globalSettings.BaseServiceUri.Sso)); config.BuildSaml2ModulePath(_globalSettings.BaseServiceUri.Sso));
bool? allowCreate = null;
if (config.SpNameIdFormat != Saml2NameIdFormat.Transient)
{
allowCreate = true;
}
var spOptions = new SPOptions var spOptions = new SPOptions
{ {
EntityId = spEntityId, EntityId = spEntityId,
ModulePath = config.BuildSaml2ModulePath(), ModulePath = config.BuildSaml2ModulePath(),
NameIdPolicy = new Saml2NameIdPolicy(true, GetNameIdFormat(config.SpNameIdFormat)), NameIdPolicy = new Saml2NameIdPolicy(allowCreate, GetNameIdFormat(config.SpNameIdFormat)),
WantAssertionsSigned = config.SpWantAssertionsSigned, WantAssertionsSigned = config.SpWantAssertionsSigned,
AuthenticateRequestSigningBehavior = GetSigningBehavior(config.SpSigningBehavior), AuthenticateRequestSigningBehavior = GetSigningBehavior(config.SpSigningBehavior),
ValidateCertificates = config.SpValidateCertificates, ValidateCertificates = config.SpValidateCertificates,