The IdP doing form_post or the SP doing post is two different things.

2015-11-13 15:41:31 +01:00
parent 373668e1d3
commit 17c748f516
4 changed files with 61 additions and 11 deletions
--- a/src/saml2/entity.py
+++ b/src/saml2/entity.py
@@ -215,10 +215,16 @@ class Entity(HTTPBase):

        if binding == BINDING_HTTP_POST:
            logger.info("HTTP POST")
-            info = self.use_http_form_post(msg_str, destination,
-                                           relay_state, typ)
-            info["url"] = destination
-            info["method"] = "GET"
+            if self.entity_type == 'sp':
+                info = self.use_http_post(msg_str, destination, relay_state,
+                                          typ)
+                info["url"] = destination
+                info["method"] = "POST"
+            else:
+                info = self.use_http_form_post(msg_str, destination,
+                                               relay_state, typ)
+                info["url"] = destination
+                info["method"] = "GET"
        elif binding == BINDING_HTTP_REDIRECT:
            logger.info("HTTP REDIRECT")
            info = self.use_http_get(msg_str, destination, relay_state, typ,
--- a/src/saml2/httpbase.py
+++ b/src/saml2/httpbase.py
@@ -11,6 +11,7 @@ from six.moves.http_cookies import SimpleCookie
 from saml2.time_util import utc_now
 from saml2 import class_name, SAMLError
 from saml2.pack import http_form_post_message
+from saml2.pack import http_post_message
 from saml2.pack import make_soap_enveloped_saml_thingy
 from saml2.pack import http_redirect_message

@@ -248,6 +249,23 @@ class HTTPBase(object):

        return r

+    @staticmethod
+    def use_http_post(message, destination, relay_state,
+                           typ="SAMLRequest"):
+        """
+        Return a urlencoded message that should be POSTed to the recipient.
+
+        :param message: The response
+        :param destination: Where the response should be sent
+        :param relay_state: The relay_state received in the request
+        :param typ: Whether a Request, Response or Artifact
+        :return: dictionary
+        """
+        if not isinstance(message, six.string_types):
+            message = "%s" % (message,)
+
+        return http_post_message(message, relay_state, typ)
+
    @staticmethod
    def use_http_form_post(message, destination, relay_state,
                           typ="SAMLRequest"):
--- a/src/saml2/httputil.py
+++ b/src/saml2/httputil.py
@@ -17,7 +17,6 @@ from saml2 import time_util

 __author__ = 'rohe0002'

-
 logger = logging.getLogger(__name__)


@@ -73,8 +72,8 @@ class Created(Response):

 class Redirect(Response):
    _template = '<html>\n<head><title>Redirecting to %s</title></head>\n' \
-        '<body>\nYou are being redirected to <a href="%s">%s</a>\n' \
-        '</body>\n</html>'
+                '<body>\nYou are being redirected to <a href="%s">%s</a>\n' \
+                '</body>\n</html>'
    _status = '302 Found'

    def __call__(self, environ, start_response, **kwargs):
@@ -86,8 +85,8 @@ class Redirect(Response):

 class SeeOther(Response):
    _template = '<html>\n<head><title>Redirecting to %s</title></head>\n' \
-        '<body>\nYou are being redirected to <a href="%s">%s</a>\n' \
-        '</body>\n</html>'
+                '<body>\nYou are being redirected to <a href="%s">%s</a>\n' \
+                '</body>\n</html>'
    _status = '303 See Other'

    def __call__(self, environ, start_response, **kwargs):
@@ -156,6 +155,7 @@ class HttpParameters():
        except KeyError:
            pass

+
 def extract(environ, empty=False, err=False):
    """Extracts strings in form data and returns a dict.

@@ -266,7 +266,7 @@ def unpack_artifact(environ):

 def unpack_any(environ):
    if environ['REQUEST_METHOD'].upper() == 'GET':
-    # Could be either redirect or artifact
+        # Could be either redirect or artifact
        _dict = unpack_redirect(environ)
        if "ID" in _dict:
            binding = BINDING_URI
@@ -307,7 +307,7 @@ def cookie_signature(seed, *parts):
    return sha1.hexdigest()


-def make_cookie(name, load, seed, expire=0, domain="",  path="",
+def make_cookie(name, load, seed, expire=0, domain="", path="",
                timestamp=""):
    """
    Create and return a cookie
--- a/src/saml2/pack.py
+++ b/src/saml2/pack.py
@@ -79,6 +79,32 @@ def http_form_post_message(message, location, relay_state="",
    return {"headers": [("Content-type", "text/html")], "data": response}


+def http_post_message(message, relay_state="", typ="SAMLRequest", **kwargs):
+    """
+
+    :param message: The message
+    :param relay_state: for preserving and conveying state information
+    :return: A tuple containing header information and a HTML message.
+    """
+    if not isinstance(message, six.string_types):
+        message = str(message)
+    if not isinstance(message, six.binary_type):
+        message = message.encode('utf-8')
+
+    if typ == "SAMLRequest" or typ == "SAMLResponse":
+        _msg = base64.b64encode(message)
+    else:
+        _msg = message
+    _msg = _msg.decode('ascii')
+
+    part = {typ: _msg}
+    if relay_state:
+        part["RelayState"] = relay_state
+
+    return {"headers": [("Content-type", 'application/x-www-form-urlencoded')],
+            "data": urlencode(part)}
+
+
 def http_redirect_message(message, location, relay_state="", typ="SAMLRequest",
                          sigalg=None, key=None, **kwargs):
    """The HTTP Redirect binding defines a mechanism by which SAML protocol