Add way to deal with missing expiration date

This is a bug in SP, but it sems quite widespread, so allow way to handle this using configuration. See OTA-Insight#96
nijel · Feb 8, 2021 · f576bab · f576bab
1 parent e123199
commit f576bab
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/djangosaml2idp/utils.py b/djangosaml2idp/utils.py
@@ -6,6 +6,7 @@
 import zlib
 from xml.parsers.expat import ExpatError
 from django.conf import settings
+from django.utils.timezone import now
 from django.utils.translation import gettext as _
 import arrow
 import requests
@@ -67,6 +68,9 @@ def extract_validuntil_from_metadata(metadata: str) -> datetime.datetime:
     try:
         metadata_expiration_dt = arrow.get(ET.fromstring(metadata).attrib['validUntil']).datetime
     except Exception as e:
+        fallback = settings.get("SAML_IDP_FALLBACK_EXPIRATION_DAYS")
+        if fallback:
+            return now() + datetime.timedelta(days=fallback)
         raise ValidationError(f'Could not extra ValidUntil timestamp from metadata: {e}')
 
     if not settings.USE_TZ:

diff --git a/docs/configuration.rst b/docs/configuration.rst
@@ -96,3 +96,7 @@ Other settings you can set as defaults to be used if not overriden by an SP are
 
     SAML_AUTHN_SIGN_ALG = saml2.xmldsig.SIG_RSA_SHA256
     SAML_AUTHN_DIGEST_ALG = saml2.xmldsig.DIGEST_SHA256
+
+In case your SP does not properly expose validuntil in metadata, you can provide fallback setting for it using::
+
+   SAML_IDP_FALLBACK_EXPIRATION_DAYS = 30