From 582bc41f00075c423d133673a1aa3349d30c9ab2 Mon Sep 17 00:00:00 2001 From: Roland Hedberg Date: Fri, 6 Nov 2009 19:38:34 +0100 Subject: [PATCH] attribute and property name changes --- src/saml2/client.py | 53 +++++++++++++++++++++++++++++++-------------- 1 file changed, 37 insertions(+), 16 deletions(-) diff --git a/src/saml2/client.py b/src/saml2/client.py index cf8d7c3..5954ca5 100644 --- a/src/saml2/client.py +++ b/src/saml2/client.py @@ -41,7 +41,7 @@ FORM_SPEC = """
LAX = True -def verify_idp_conf(config_file): +def verify_sp_conf(config_file): config = eval(open(config_file).read()) # check for those that have to be there @@ -60,6 +60,20 @@ def verify_idp_conf(config_file): for mdfile in config["metadata"]: md.import_metadata(open(mdfile).read()) config["metadata"] = md + if "idp_entity_id" in config: + try: + config["idp_url"] = md.single_sign_on_services( + config["idp_entity_id"])[0] + except Exception: + print "idp_entity_id",config["idp_entity_id"] + print "idps in metadata", \ + [e for e,d in md.entity.items() if "idp_sso" in d] + print "metadata entities", md.entity.keys() + for ent, dic in md.entity.items(): + print ent, dic.keys() + raise + + assert config["idp_url"] return config @@ -196,8 +210,8 @@ class Saml2Client: log.info("location: %s" % location) log.info("service_url: %s" % service_url) log.info("my_name: %s" % my_name) - sid = sid() - authen_req = "%s" % self.create_authn_request(sid, location, + session_id = sid() + authen_req = "%s" % self.create_authn_request(session_id, location, service_url, spentityid, my_name, scoping) log and log.info("AuthNReq: %s" % authen_req) @@ -227,7 +241,7 @@ class Saml2Client: response = ('Location', login_url) else: raise Exception("Unkown binding type: %s" % binding) - return (sid, response) + return (session_id, response) def verify_response(self, xml_response, requestor, outstanding=None, log=None, decode=True, context=""): @@ -280,11 +294,12 @@ class Saml2Client: ava["__userid"] = name_id return (ava, came_from) - def _verify_condition(self, assertion, requestor): - # The Identity Provider MUST include a element + def _verify_condition(self, assertion, requestor, log): + # The Identity Provider MUST include a element #print "Conditions",assertion.conditions assert assertion.conditions condition = assertion.conditions + log and log.info("condition: %s" % condition) now = time.gmtime() not_on_or_after = str_to_time(condition.not_on_or_after) if not_on_or_after < now: @@ -311,13 +326,19 @@ class Saml2Client: def _assertion(self, assertion, outstanding, requestor, log, context): """ """ + if log: + log.info("assertion context: %s" % (context,)) + log.info("assertion keys: %s" % (assertion.keyswv())) + log.info("outstanding: %s" % (outstanding)) + if context == "AuthNReq": self._websso(assertion, outstanding, requestor, log) # The Identity Provider MUST include a element #print "Conditions",assertion.conditions assert assertion.conditions - self._verify_condition(assertion, requestor) + log and log.info("verify_condition") + self._verify_condition(assertion, requestor, log) # The assertion can contain zero or one attributeStatements assert len(assertion.attribute_statement) <= 1 @@ -417,9 +438,9 @@ class Saml2Client: return self._encrypted_assertion(xmlstr, outstanding, requestor, log, context) - def create_attribute_request(self, sid, subject_id, issuer, destination, - attribute=None, sp_name_qualifier=None, name_qualifier=None, - format=None): + def create_attribute_request(self, session_id, subject_id, issuer, + destination, attribute=None, sp_name_qualifier=None, + name_qualifier=None, format=None): """ Constructs an AttributeQuery :param subject_id: The identifier of the subject @@ -438,7 +459,7 @@ class Saml2Client: :return: An AttributeQuery instance """ - attr_query = self._init_request(samlp.AttributeQuery(sid), + attr_query = self._init_request(samlp.AttributeQuery(session_id), destination) subject = saml.Subject() @@ -502,10 +523,10 @@ class Saml2Client: :return: The attributes returned """ - sid = sid() - request = self.create_attribute_request(sid, subject_id, issuer, - destination, attribute, sp_name_qualifier, name_qualifier, - format=format) + session_id = sid() + request = self.create_attribute_request(session_id, subject_id, + issuer, destination, attribute, sp_name_qualifier, + name_qualifier, format=format) log and log.info("Request, created: %s" % request) @@ -523,7 +544,7 @@ class Saml2Client: log and log.info("Verifying response") (identity, came_from) = self.verify_response(response, issuer, - outstanding={sid:""}, + outstanding={session_id:""}, log=log, decode=False, context="AttrReq") log and log.info("identity: %s" % identity)