openstack/deb-python-pysaml2
Code Issues Proposed changes

Merge pull request #211 from HaToHo/master

Browse Source 
Updated wsgi sp to follow pefim
This commit is contained in:
Roland Hedberg
2015-04-24 10:13:05 -07:00
parent 81e50ff687 00a3a04ade
commit 357d073124
1 changed files with 25 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
example/sp-wsgi/sp.py
View File

@@ -2,13 +2,14 @@
import logging import logging
import re import re
import argparse import argparse
from saml2.extension.pefim import SPCertEnc
import service_conf import service_conf
from Cookie import SimpleCookie from Cookie import SimpleCookie
from urlparse import parse_qs from urlparse import parse_qs
import sys import sys
from saml2 import BINDING_HTTP_REDIRECT from saml2 import BINDING_HTTP_REDIRECT, element_to_extension_element
from saml2 import BINDING_SOAP from saml2 import BINDING_SOAP
from saml2 import time_util from saml2 import time_util
from saml2 import ecp from saml2 import ecp
@@ -33,6 +34,8 @@ from saml2.s_utils import UnsupportedBinding
from saml2.s_utils import sid from saml2.s_utils import sid
from saml2.s_utils import rndstr from saml2.s_utils import rndstr
#from srtest import exception_trace #from srtest import exception_trace
from saml2.md import Extensions
import xmldsig as ds
logger = logging.getLogger("") logger = logging.getLogger("")
hdlr = logging.FileHandler('spx.log') hdlr = logging.FileHandler('spx.log')
@@ -152,6 +155,7 @@ class Cache(object):
self.uid2user = {} self.uid2user = {}
self.cookie_name = "spauthn" self.cookie_name = "spauthn"
self.outstanding_queries = {} self.outstanding_queries = {}
self.outstanding_certs = {}
self.relay_state = {} self.relay_state = {}
self.user = {} self.user = {}
self.result = {} self.result = {}
@@ -348,7 +352,7 @@ class ACS(Service):
try: try:
self.response = self.sp.parse_authn_request_response( self.response = self.sp.parse_authn_request_response(
response, binding, self.outstanding_queries) response, binding, self.outstanding_queries, self.cache.outstanding_certs)
except UnknownPrincipal, excp: except UnknownPrincipal, excp:
logger.error("UnknownPrincipal: %s" % (excp,)) logger.error("UnknownPrincipal: %s" % (excp,))
resp = ServiceError("UnknownPrincipal: %s" % (excp,)) resp = ServiceError("UnknownPrincipal: %s" % (excp,))
@@ -551,13 +555,31 @@ class SSO(object):
"assertion_consumer_service"] "assertion_consumer_service"]
# just pick one # just pick one
endp, return_binding = acs[0] endp, return_binding = acs[0]
extensions = None
cert = None
if _cli.config.generate_cert_func is not None:
cert_str, req_key_str = _cli.config.generate_cert_func()
cert = {
"cert": cert_str,
"key": req_key_str
}
spcertenc = SPCertEnc(x509_data=ds.X509Data(
x509_certificate=ds.X509Certificate(text=cert_str)))
extensions = Extensions(extension_elements=[
element_to_extension_element(spcertenc)])
req_id, req = _cli.create_authn_request(destination, req_id, req = _cli.create_authn_request(destination,
binding=return_binding) binding=return_binding, extensions=extensions)
_rstate = rndstr() _rstate = rndstr()
self.cache.relay_state[_rstate] = came_from self.cache.relay_state[_rstate] = came_from
ht_args = _cli.apply_binding(_binding, "%s" % req, destination, ht_args = _cli.apply_binding(_binding, "%s" % req, destination,
relay_state=_rstate) relay_state=_rstate)
_sid = req_id _sid = req_id
if cert is not None:
self.cache.outstanding_certs[_sid] = cert
except Exception, exc: except Exception, exc:
logger.exception(exc) logger.exception(exc)
resp = ServiceError( resp = ServiceError(