openstack/deb-python-pysaml2
Code Issues Proposed changes

Make the IDP log according to the idp configuration.

Browse Source
This commit is contained in:
Roland Hedberg
2012-12-14 10:52:12 +01:00
parent e2afeaa0f3
commit 402f31f2e8
2 changed files with 28 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
example/idp/idp.py
View File

@@ -2,6 +2,8 @@
import re import re
import base64 import base64
import logging
#from cgi import parse_qs #from cgi import parse_qs
from urlparse import parse_qs from urlparse import parse_qs
from saml2 import server, root_logger from saml2 import server, root_logger
@@ -9,6 +11,8 @@ from saml2 import BINDING_HTTP_REDIRECT, BINDING_HTTP_POST
from saml2 import time_util from saml2 import time_util
from Cookie import SimpleCookie from Cookie import SimpleCookie
logger = logging.getLogger("saml2.IDP")
def _expiration(timeout, format=None): def _expiration(timeout, format=None):
if timeout == "now": if timeout == "now":
return time_util.instant(format) return time_util.instant(format)
@@ -63,7 +67,7 @@ FORM_SPEC = """<form name="myform" method="post" action="%s">
<input type="hidden" name="RelayState" value="%s" /> <input type="hidden" name="RelayState" value="%s" />
</form>""" </form>"""
def sso(environ, start_response, user, logger): def sso(environ, start_response, user):
""" Supposted to return a POST """ """ Supposted to return a POST """
#edict = dict_to_table(environ) #edict = dict_to_table(environ)
#if logger: logger.info("Environ keys: %s" % environ.keys()) #if logger: logger.info("Environ keys: %s" % environ.keys())
@@ -107,7 +111,7 @@ def sso(environ, start_response, user, logger):
"<title>SAML 2.0 POST</title>", "<title>SAML 2.0 POST</title>",
"</head><body>", "</head><body>",
FORM_SPEC % (req_info["consumer_url"], FORM_SPEC % (req_info["consumer_url"],
base64.b64encode("".join(authn_resp)), "/"), base64.b64encode(str(authn_resp)), "/"),
"""<script type="text/javascript" language="JavaScript">""", """<script type="text/javascript" language="JavaScript">""",
" document.myform.submit();", " document.myform.submit();",
"""</script>""", """</script>""",
@@ -116,7 +120,7 @@ def sso(environ, start_response, user, logger):
start_response('200 OK', [('Content-Type', 'text/html')]) start_response('200 OK', [('Content-Type', 'text/html')])
return response return response
def whoami(environ, start_response, user, logger): def whoami(environ, start_response, user):
start_response('200 OK', [('Content-Type', 'text/html')]) start_response('200 OK', [('Content-Type', 'text/html')])
identity = environ["repoze.who.identity"].copy() identity = environ["repoze.who.identity"].copy()
for prop in ["login", "password"]: for prop in ["login", "password"]:
@@ -127,19 +131,19 @@ def whoami(environ, start_response, user, logger):
response = dict_to_table(identity) response = dict_to_table(identity)
return response[:] return response[:]
def not_found(environ, start_response, logger): def not_found(environ, start_response):
"""Called if no URL matches.""" """Called if no URL matches."""
start_response('404 NOT FOUND', [('Content-Type', 'text/plain')]) start_response('404 NOT FOUND', [('Content-Type', 'text/plain')])
return ['Not Found'] return ['Not Found']
def not_authn(environ, start_response, logger): def not_authn(environ, start_response):
if "QUERY_STRING" in environ: if "QUERY_STRING" in environ:
query = parse_qs(environ["QUERY_STRING"]) query = parse_qs(environ["QUERY_STRING"])
if logger: logger.info("query: %s" % query) logger.info("query: %s" % query)
start_response('401 Unauthorized', [('Content-Type', 'text/plain')]) start_response('401 Unauthorized', [('Content-Type', 'text/plain')])
return ['Unknown user'] return ['Unknown user']
def slo(environ, start_response, user, logger): def slo(environ, start_response, user):
""" Expects a HTTP-redirect logout request """ """ Expects a HTTP-redirect logout request """
query = None query = None
@@ -231,9 +235,8 @@ def application(environ, start_response):
user = environ.get("repoze.who.identity", "") user = environ.get("repoze.who.identity", "")
path = environ.get('PATH_INFO', '').lstrip('/') path = environ.get('PATH_INFO', '').lstrip('/')
logger = environ.get('repoze.who.logger') logger.info("<application> PATH: %s" % path)
if logger: logger.info("<application> PATH: %s" % path) logger.info("Cookie: %s" % (kaka,))
if logger: logger.info("Cookie: %s" % (kaka,))
for regex, callback in URLS: for regex, callback in URLS:
if user: if user:
match = re.search(regex, path) match = re.search(regex, path)
@@ -242,12 +245,12 @@ def application(environ, start_response):
environ['myapp.url_args'] = match.groups()[0] environ['myapp.url_args'] = match.groups()[0]
except IndexError: except IndexError:
environ['myapp.url_args'] = path environ['myapp.url_args'] = path
if logger: logger.info("callback: %s" % (callback,)) logger.info("callback: %s" % (callback,))
return callback(environ, start_response, user, logger) return callback(environ, start_response, user)
else: else:
if logger: logger.info("-- No USER --") logger.info("-- No USER --")
return not_authn(environ, start_response, logger) return not_authn(environ, start_response)
return not_found(environ, start_response, logger) return not_found(environ, start_response)
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------

18
example/sp/sp.py
View File

@@ -5,6 +5,8 @@ import re
from cgi import parse_qs from cgi import parse_qs
from saml2 import BINDING_HTTP_REDIRECT from saml2 import BINDING_HTTP_REDIRECT
logger = logging.getLogger("")
# ----------------------------------------------------------------------------- # -----------------------------------------------------------------------------
def dict_to_table(ava, lev=0, width=1): def dict_to_table(ava, lev=0, width=1):
txt = ['<table border=%s bordercolor="black">\n' % width] txt = ['<table border=%s bordercolor="black">\n' % width]
@@ -48,7 +50,7 @@ def dict_to_table(ava, lev=0, width=1):
#noinspection PyUnusedLocal #noinspection PyUnusedLocal
def whoami(environ, start_response, user, logger): def whoami(environ, start_response, user):
identity = environ["repoze.who.identity"]["user"] identity = environ["repoze.who.identity"]["user"]
if not identity: if not identity:
return not_authn(environ, start_response) return not_authn(environ, start_response)
@@ -70,13 +72,12 @@ def not_authn(environ, start_response):
return ['Unknown user'] return ['Unknown user']
#noinspection PyUnusedLocal #noinspection PyUnusedLocal
def slo(environ, start_response, user, logger): def slo(environ, start_response, user):
# so here I might get either a LogoutResponse or a LogoutRequest # so here I might get either a LogoutResponse or a LogoutRequest
client = environ['repoze.who.plugins']["saml2auth"] client = environ['repoze.who.plugins']["saml2auth"]
sids = None sids = None
if "QUERY_STRING" in environ: if "QUERY_STRING" in environ:
query = parse_qs(environ["QUERY_STRING"]) query = parse_qs(environ["QUERY_STRING"])
if logger:
logger.info("query: %s" % query) logger.info("query: %s" % query)
try: try:
(sids, code, head, message) = client.saml_client.logout_response( (sids, code, head, message) = client.saml_client.logout_response(
@@ -92,13 +93,13 @@ def slo(environ, start_response, user, logger):
return ["Successfull Logout"] return ["Successfull Logout"]
#noinspection PyUnusedLocal #noinspection PyUnusedLocal
def logout(environ, start_response, user, logger): def logout(environ, start_response, user):
client = environ['repoze.who.plugins']["saml2auth"] client = environ['repoze.who.plugins']["saml2auth"]
subject_id = environ["repoze.who.identity"]['repoze.who.userid'] subject_id = environ["repoze.who.identity"]['repoze.who.userid']
logger.info("[logout] subject_id: '%s'" % (subject_id,)) logger.info("[logout] subject_id: '%s'" % (subject_id,))
target = "/done" target = "/done"
# What if more than one # What if more than one
tmp = client.saml_client.global_logout(subject_id, return_to=target) tmp = client.saml_client.global_logout(subject_id)
logger.info("[logout] global_logout > %s" % (tmp,)) logger.info("[logout] global_logout > %s" % (tmp,))
(session_id, code, header, result) = tmp (session_id, code, header, result) = tmp
@@ -114,7 +115,7 @@ def logout(environ, start_response, user, logger):
return ["Failed to logout from identity services"] return ["Failed to logout from identity services"]
#noinspection PyUnusedLocal #noinspection PyUnusedLocal
def done(environ, start_response, user, logger): def done(environ, start_response, user):
# remove cookie and stored info # remove cookie and stored info
logger.info("[done] environ: %s" % environ) logger.info("[done] environ: %s" % environ)
subject_id = environ["repoze.who.identity"]['repoze.who.userid'] subject_id = environ["repoze.who.identity"]['repoze.who.userid']
@@ -157,10 +158,9 @@ def application(environ, start_response):
user = environ.get("repoze.who.identity", "") user = environ.get("repoze.who.identity", "")
path = environ.get('PATH_INFO', '').lstrip('/') path = environ.get('PATH_INFO', '').lstrip('/')
logger = environ.get('repoze.who.logger')
logger.info("<application> PATH: %s" % path) logger.info("<application> PATH: %s" % path)
logger.info("logger name: %s" % logger.name) logger.info("logger name: %s" % logger.name)
logger.info(logging.Logger.manager.loggerDict) #logger.info(logging.Logger.manager.loggerDict)
for regex, callback in urls: for regex, callback in urls:
if user: if user:
match = re.search(regex, path) match = re.search(regex, path)
@@ -169,7 +169,7 @@ def application(environ, start_response):
environ['myapp.url_args'] = match.groups()[0] environ['myapp.url_args'] = match.groups()[0]
except IndexError: except IndexError:
environ['myapp.url_args'] = path environ['myapp.url_args'] = path
return callback(environ, start_response, user, logger) return callback(environ, start_response, user)
else: else:
return not_authn(environ, start_response) return not_authn(environ, start_response)
return not_found(environ, start_response) return not_found(environ, start_response)