From 3dbadfd7444053a821ca126cbdfb38ac6939bb58 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Alfonso=20Mart=C3=ADnez?= <almartin@redhat.com>
Date: Tue, 24 Mar 2020 09:34:55 +0100
Subject: [PATCH] mgr/dashboard: fix error when enabling SSO with cert. file
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Nautilus dedicated fix: added py2 compatibility code.
Also:
* Disabled security setting 'wantNameIdEncrypted': not all Identity Providers support this and we are already requiring encrypted assertions (which is the default).

Fixes: https://tracker.ceph.com/issues/44666
Signed-off-by: Alfonso Martínez <almartin@redhat.com>
---
 src/pybind/mgr/dashboard/services/sso.py | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/pybind/mgr/dashboard/services/sso.py b/src/pybind/mgr/dashboard/services/sso.py
index 492a6e596344d..9810aa43a0f05 100644
--- a/src/pybind/mgr/dashboard/services/sso.py
+++ b/src/pybind/mgr/dashboard/services/sso.py
@@ -6,6 +6,7 @@ import errno
 import json
 import sys
 import threading
+import six
 
 try:
     from onelogin.saml2.settings import OneLogin_Saml2_Settings
@@ -186,13 +187,15 @@ def handle_sso_command(cmd):
             # pylint: disable=redefined-builtin
             FileNotFoundError = IOError
         try:
-            f = open(sp_x_509_cert, 'r')
+            f = open(sp_x_509_cert, 'r', encoding='utf-8') if six.PY3 else \
+                open(sp_x_509_cert, 'rb')
             sp_x_509_cert = f.read()
             f.close()
         except FileNotFoundError:
             pass
         try:
-            f = open(sp_private_key, 'r')
+            f = open(sp_private_key, 'r', encoding='utf-8') if six.PY3 else \
+                open(sp_private_key, 'rb')
             sp_private_key = f.read()
             f.close()
         except FileNotFoundError:
@@ -204,7 +207,8 @@ def handle_sso_command(cmd):
         # pylint: disable=broad-except
         except Exception:
             try:
-                f = open(idp_metadata, 'r')
+                f = open(idp_metadata, 'r', encoding='utf-8') if six.PY3 else \
+                    open(idp_metadata, 'rb')
                 idp_metadata = f.read()
                 f.close()
             except FileNotFoundError:
@@ -250,7 +254,7 @@ def handle_sso_command(cmd):
                 "wantMessagesSigned": has_sp_cert,
                 "wantAssertionsSigned": has_sp_cert,
                 "wantAssertionsEncrypted": has_sp_cert,
-                "wantNameIdEncrypted": has_sp_cert,
+                "wantNameIdEncrypted": False,  # Not all Identity Providers support this.
                 "metadataValidUntil": '',
                 "wantAttributeStatement": False
             }
-- 
2.39.5