Merge pull request #8 from skip-pay/remove_optional_auth_context

Remove optional auth context (SAML)

Author: rubickcz

auth_token/contrib/ms_sso/helpers.py

@@ -73,9 +73,10 @@ def init_saml_auth(request):
     service_provider_settings = {
         'strict': True,
         'debug': django_settings.DEBUG,
-        **({'security': {
-            'allowSingleLabelDomains': True,
-        }} if getattr(django_settings, "AUTH_TOKEN_TEST", False) else {}),
+        'security': {
+            'requestedAuthnContext': False,  # do not enforce any particular authentication method
+            **({'allowSingleLabelDomains': True} if getattr(django_settings, "AUTH_TOKEN_TEST", False) else {}),
+        },
         'sp': {
             'entityId': settings.MS_SSO_SAML_ENTITY_ID,
             'assertionConsumerService': {

example/dj/apps/app/tests/ms_sso.py

@@ -270,7 +270,7 @@ def test_saml_should_prevent_open_redirect_attack(self):
             assert_true(response.wsgi_request.user.is_authenticated)
 
     @httpretty.activate
-    def test_saml_auth_should_be_correclty_initialized(self):
+    def test_saml_auth_should_be_correctly_initialized(self):
         self._register_metadata_url(httpretty)
         auth = init_saml_auth(RequestFactory().get('/'))
         service_provider_settings = auth._settings._sp
@@ -279,3 +279,5 @@ def test_saml_auth_should_be_correclty_initialized(self):
             service_provider_settings['assertionConsumerService']['url'],
             'http://testserver/login/mso/saml/callback',
         )
+        security_settings = auth._settings._security
+        assert_equal(security_settings['requestedAuthnContext'], False)