From af9e87c0252dd680bc7704e5ef0daf23f94ab69d Mon Sep 17 00:00:00 2001 From: JimMoen Date: Wed, 27 Sep 2023 17:35:08 +0800 Subject: [PATCH 1/2] fix: saml callback should check saml state --- apps/emqx_dashboard_sso/rebar.config | 2 +- .../src/emqx_dashboard_sso_saml_api.erl | 16 ++++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/apps/emqx_dashboard_sso/rebar.config b/apps/emqx_dashboard_sso/rebar.config index 46f26fd99..2691afbc1 100644 --- a/apps/emqx_dashboard_sso/rebar.config +++ b/apps/emqx_dashboard_sso/rebar.config @@ -4,5 +4,5 @@ {deps, [ {emqx_ldap, {path, "../../apps/emqx_ldap"}}, {emqx_dashboard, {path, "../../apps/emqx_dashboard"}}, - {esaml, {git, "https://github.com/emqx/esaml", {tag, "v1.1.1"}}} + {esaml, {git, "https://github.com/emqx/esaml", {tag, "v1.1.2"}}} ]}. diff --git a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_saml_api.erl b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_saml_api.erl index 44e98d652..fecf433c4 100644 --- a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_saml_api.erl +++ b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_saml_api.erl @@ -82,19 +82,17 @@ schema("/sso/saml/metadata") -> sp_saml_metadata(get, _Req) -> case emqx_dashboard_sso_manager:lookup_state(saml) of - undefined -> - {404, #{code => ?BACKEND_NOT_FOUND, message => <<"Backend not found">>}}; - #{sp := SP} = _State -> + #{enable := true, sp := SP} = _State -> SignedXml = esaml_sp:generate_metadata(SP), Metadata = xmerl:export([SignedXml], xmerl_xml), - {200, #{<<"Content-Type">> => <<"text/xml">>}, erlang:iolist_to_binary(Metadata)} + {200, #{<<"Content-Type">> => <<"text/xml">>}, erlang:iolist_to_binary(Metadata)}; + _ -> + {404, #{code => ?BACKEND_NOT_FOUND, message => <<"Backend not found">>}} end. sp_saml_callback(post, Req) -> case emqx_dashboard_sso_manager:lookup_state(saml) of - undefined -> - {404, #{code => ?BACKEND_NOT_FOUND, message => <<"Backend not found">>}}; - State -> + State = #{enable := true} -> case (provider(saml)):callback(Req, State) of {redirect, Redirect} -> Redirect; @@ -105,7 +103,9 @@ sp_saml_callback(post, Req) -> reason => Reason }), {403, #{code => <<"UNAUTHORIZED">>, message => Reason}} - end + end; + _ -> + {404, #{code => ?BACKEND_NOT_FOUND, message => <<"Backend not found">>}} end. %%-------------------------------------------------------------------- From c9194cd6b285bf9f9dbd16ad151222b124a8cacd Mon Sep 17 00:00:00 2001 From: JimMoen Date: Wed, 27 Sep 2023 18:46:24 +0800 Subject: [PATCH 2/2] fix(saml_sso): donot load IDP metadata when disabling saml --- apps/emqx_dashboard_sso/src/emqx_dashboard_sso_saml.erl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_saml.erl b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_saml.erl index fc2cadfe6..e2fa36382 100644 --- a/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_saml.erl +++ b/apps/emqx_dashboard_sso/src/emqx_dashboard_sso_saml.erl @@ -100,6 +100,8 @@ desc(_) -> %% APIs %%------------------------------------------------------------------------------ +create(#{enable := false} = _Config) -> + {ok, undefined}; create(#{sp_sign_request := true} = Config) -> try do_create(ensure_cert_and_key(Config))