Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Carry IdP Session IDs through user-mapping sessions. #13839

Merged
merged 2 commits into from
Sep 27, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/13839.misc
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Carry IdP Session IDs through user-mapping sessions.
9 changes: 9 additions & 0 deletions synapse/handlers/sso.py
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,9 @@ class UsernameMappingSession:
# A unique identifier for this SSO provider, e.g. "oidc" or "saml".
auth_provider_id: str

# An optional session ID from the IdP.
auth_provider_session_id: Optional[str]

# user ID on the IdP server
remote_user_id: str

Expand Down Expand Up @@ -461,6 +464,7 @@ async def complete_sso_login_request(
client_redirect_url,
next_step_url,
extra_login_attributes,
auth_provider_session_id,
)

user_id = await self._register_mapped_user(
Expand Down Expand Up @@ -582,6 +586,7 @@ async def _redirect_to_next_new_user_step(
client_redirect_url: str,
next_step_url: bytes,
extra_login_attributes: Optional[JsonDict],
auth_provider_session_id: Optional[str],
) -> NoReturn:
"""Creates a UsernameMappingSession and redirects the browser

Expand All @@ -604,6 +609,8 @@ async def _redirect_to_next_new_user_step(
extra_login_attributes: An optional dictionary of extra
attributes to be provided to the client in the login response.

auth_provider_session_id: An optional session ID from the IdP.

Raises:
RedirectException
"""
Expand All @@ -612,6 +619,7 @@ async def _redirect_to_next_new_user_step(
now = self._clock.time_msec()
session = UsernameMappingSession(
auth_provider_id=auth_provider_id,
auth_provider_session_id=auth_provider_session_id,
remote_user_id=remote_user_id,
display_name=attributes.display_name,
emails=attributes.emails,
Expand Down Expand Up @@ -965,6 +973,7 @@ async def register_sso_user(self, request: Request, session_id: str) -> None:
session.client_redirect_url,
session.extra_login_attributes,
new_user=True,
auth_provider_session_id=session.auth_provider_session_id,
)

def _expire_old_sessions(self) -> None:
Expand Down