From 8b0b9277ca3aa0dc5313ac635a06c0f80000b6ac Mon Sep 17 00:00:00 2001
From: =?utf8?q?Alfonso=20Mart=C3=ADnez?= <almartin@redhat.com>
Date: Wed, 18 Mar 2020 17:19:13 +0100
Subject: [PATCH] mgr/dashboard: fix error when enabling SSO with cert. file
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Also:
* Disabled security setting 'wantNameIdEncrypted': not all Identity Providers support this and we are already requiring encrypted assertions (which is the default).

Fixes: https://tracker.ceph.com/issues/44666
Signed-off-by: Alfonso Martínez <almartin@redhat.com>
---
 src/pybind/mgr/dashboard/services/sso.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/pybind/mgr/dashboard/services/sso.py b/src/pybind/mgr/dashboard/services/sso.py
index ca9a221abcb..adab60d5190 100644
--- a/src/pybind/mgr/dashboard/services/sso.py
+++ b/src/pybind/mgr/dashboard/services/sso.py
@@ -191,12 +191,12 @@ def handle_sso_command(cmd):
         has_sp_cert = sp_x_509_cert_path != "" and sp_private_key_path != ""
         if has_sp_cert:
             try:
-                with open(sp_x_509_cert_path, 'r') as f:
+                with open(sp_x_509_cert_path, 'r', encoding='utf-8') as f:
                     sp_x_509_cert = f.read()
             except FileNotFoundError:
                 return -errno.EINVAL, '', '`{}` not found.'.format(sp_x_509_cert_path)
             try:
-                with open(sp_private_key_path, 'r') as f:
+                with open(sp_private_key_path, 'r', encoding='utf-8') as f:
                     sp_private_key = f.read()
             except FileNotFoundError:
                 return -errno.EINVAL, '', '`{}` not found.'.format(sp_private_key_path)
@@ -207,7 +207,7 @@ def handle_sso_command(cmd):
         if os.path.isfile(idp_metadata):
             warnings.warn(
                 "Please prepend 'file://' to indicate a local SAML2 IdP file", DeprecationWarning)
-            with open(idp_metadata, 'r') as f:
+            with open(idp_metadata, 'r', encoding='utf-8') as f:
                 idp_settings = Saml2Parser.parse(f.read(), entity_id=idp_entity_id)
         elif parse.urlparse(idp_metadata)[0] in ('http', 'https', 'file'):
             idp_settings = Saml2Parser.parse_remote(
@@ -249,7 +249,7 @@ def handle_sso_command(cmd):
                 "wantMessagesSigned": has_sp_cert,
                 "wantAssertionsSigned": has_sp_cert,
                 "wantAssertionsEncrypted": has_sp_cert,
-                "wantNameIdEncrypted": has_sp_cert,
+                "wantNameIdEncrypted": False,  # Not all Identity Providers support this.
                 "metadataValidUntil": '',
                 "wantAttributeStatement": False
             }
-- 
2.39.5