openstack/deb-python-pysaml2
Code Issues Proposed changes

Methods creating request changed to return a tuple consisting of request id and request.

Browse Source
This commit is contained in:
Roland Hedberg
2014-03-20 21:34:39 +01:00
parent a442e039d2
commit d3b9056e12
2 changed files with 45 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
example/sp-wsgi/sp.py
View File

@@ -529,7 +529,7 @@ class SSO(object):
entity_id=entity_id)
logger.debug("binding: %s, destination: %s" % (_binding,
destination))
req = _cli.create_authn_request(destination, vorg=vorg_name)
req_id, req = _cli.create_authn_request(destination, vorg=vorg_name)
_rstate = rndstr()
self.cache.relay_state[_rstate] = came_from
ht_args = _cli.apply_binding(_binding, "%s" % req, destination,

75
src/s2repoze/plugins/sp.py
View File

@@ -23,7 +23,6 @@ import logging
import sys
import platform
import shelve
import threading
import traceback
import saml2
from urlparse import parse_qs, urlparse
@@ -129,7 +128,8 @@ class SAML2Plugin(object):
implements(IChallenger, IIdentifier, IAuthenticator, IMetadataProvider)
def __init__(self, rememberer_name, config, saml_client, wayf, cache,
sid_store=None, discovery="", idp_query_param="", sid_store_cert=None,):
sid_store=None, discovery="", idp_query_param="",
sid_store_cert=None,):
self.rememberer_name = rememberer_name
self.wayf = wayf
self.saml_client = saml_client
@@ -137,7 +137,8 @@ class SAML2Plugin(object):
self.cache = cache
self.discosrv = discovery
self.idp_query_param = idp_query_param
self.logout_endpoints = [urlparse(ep)[2] for ep in config.endpoint("single_logout_service")]
self.logout_endpoints = [urlparse(ep)[2] for ep in config.endpoint(
"single_logout_service")]
try:
self.metadata = self.conf.metadata
except KeyError:
@@ -153,24 +154,20 @@ class SAML2Plugin(object):
self.iam = platform.node()
def _get_rememberer(self, environ):
rememberer = environ['repoze.who.plugins'][self.rememberer_name]
return rememberer
#### IIdentifier ####
def remember(self, environ, identity):
rememberer = self._get_rememberer(environ)
return rememberer.remember(environ, identity)
#### IIdentifier ####
def forget(self, environ, identity):
rememberer = self._get_rememberer(environ)
return rememberer.forget(environ, identity)
def _get_post(self, environ):
"""
Get the posted information
@@ -293,8 +290,8 @@ class SAML2Plugin(object):
self.outstanding_queries[sid_] = came_from
logger.debug("Redirect to Discovery Service function")
eid = _cli.config.entityid
ret = _cli.config.getattr("endpoints",
"sp")["discovery_response"][0][0]
ret = _cli.config.getattr(
"endpoints", "sp")["discovery_response"][0][0]
ret += "?sid=%s" % sid_
loc = _cli.create_discovery_service_request(
self.discosrv, eid, **{"return": ret})
@@ -379,22 +376,28 @@ class SAML2Plugin(object):
"cert": cert_str,
"key": req_key_str
}
spcertenc = SPCertEnc(x509_data=ds.X509Data(x509_certificate=ds.X509Certificate(text=cert_str)))
extensions = Extensions(extension_elements=[element_to_extension_element(spcertenc)])
spcertenc = SPCertEnc(x509_data=ds.X509Data(
x509_certificate=ds.X509Certificate(text=cert_str)))
extensions = Extensions(extension_elements=[
element_to_extension_element(spcertenc)])
if _cli.authn_requests_signed:
_sid = saml2.s_utils.sid(_cli.seed)
msg_str = _cli.create_authn_request(dest, vorg=vorg_name, sign=_cli.authn_requests_signed,
message_id=_sid, extensions=extensions)
msg_id = msg_str = _cli.create_authn_request(
dest, vorg=vorg_name, sign=_cli.authn_requests_signed,
message_id=_sid, extensions=extensions)
else:
req = _cli.create_authn_request(dest, vorg=vorg_name, sign=False, extensions=extensions)
req_id, req = _cli.create_authn_request(
dest, vorg=vorg_name, sign=False, extensions=extensions)
msg_str = "%s" % req
_sid = req.id
_sid = req_id
if cert is not None:
self.outstanding_certs[_sid] = cert
ht_args = _cli.apply_binding(_binding, msg_str, destination=dest, relay_state=came_from)
ht_args = _cli.apply_binding(_binding, msg_str,
destination=dest,
relay_state=came_from)
logger.debug("ht_args: %s" % ht_args)
except Exception, exc:
@@ -402,10 +405,11 @@ class SAML2Plugin(object):
raise Exception(
"Failed to construct the AuthnRequest: %s" % exc)
try:
ret = _cli.config.getattr("endpoints","sp")["discovery_response"][0][0]
if (environ["PATH_INFO"]) in ret and ret.split(environ["PATH_INFO"])[1] == "":
ret = _cli.config.getattr(
"endpoints","sp")["discovery_response"][0][0]
if (environ["PATH_INFO"]) in ret and ret.split(
environ["PATH_INFO"])[1] == "":
query = parse_qs(environ["QUERY_STRING"])
sid = query["sid"][0]
came_from = self.outstanding_queries[sid]
@@ -440,7 +444,8 @@ class SAML2Plugin(object):
# Evaluate the response, returns a AuthnResponse instance
try:
authresp = self.saml_client.parse_authn_request_response(
post["SAMLResponse"], binding, self.outstanding_queries, self.outstanding_certs)
post["SAMLResponse"], binding, self.outstanding_queries,
self.outstanding_certs)
except Exception, excp:
logger.exception("Exception: %s" % (excp,))
@@ -476,12 +481,13 @@ class SAML2Plugin(object):
#### IIdentifier ####
def identify(self, environ):
"""
Tries do the identification
Tries to do the identification
"""
#logger = environ.get('repoze.who.logger', '')
query = parse_dict_querystring(environ)
if ("CONTENT_LENGTH" not in environ or not environ["CONTENT_LENGTH"]) and "SAMLResponse" not in query and "SAMLRequest" not in query:
if ("CONTENT_LENGTH" not in environ or not environ["CONTENT_LENGTH"]) and \
"SAMLResponse" not in query and "SAMLRequest" not in query:
logger.debug('[identify] get or empty post')
return {}
@@ -517,7 +523,9 @@ class SAML2Plugin(object):
if logout and "SAMLRequest" in post:
print("logout request received")
try:
response = self.saml_client.handle_logout_request(post["SAMLRequest"], self.saml_client.users.subjects()[0], binding)
response = self.saml_client.handle_logout_request(
post["SAMLRequest"],
self.saml_client.users.subjects()[0], binding)
environ['samlsp.pending'] = self._handle_logout(response)
return {}
except:
@@ -537,15 +545,18 @@ class SAML2Plugin(object):
#if self.debug:
try:
if logout:
response = self.saml_client.parse_logout_request_response(post["SAMLResponse"], binding)
response = self.saml_client.parse_logout_request_response(
post["SAMLResponse"], binding)
if response:
action = self.saml_client.handle_logout_response(response)
request = None
action = self.saml_client.handle_logout_response(
response)
if type(action) == dict:
request = self._handle_logout(action)
else:
#logout complete
request = HTTPSeeOther(headers=[('Location', "/")])
request = HTTPSeeOther(headers=[
('Location', "/")])
if request:
environ['samlsp.pending'] = request
return {}
@@ -621,9 +632,9 @@ class SAML2Plugin(object):
# remove cookie and demand re-authentication
pass
# @return
# used 2 times : one to get the ticket, the other to validate it
def _service_url(self, environ, qstr=None):
# used 2 times : one to get the ticket, the other to validate it
@staticmethod
def _service_url(environ, qstr=None):
if qstr is not None:
url = construct_url(environ, querystring=qstr)
else:
@@ -641,7 +652,8 @@ class SAML2Plugin(object):
else:
return None
def _handle_logout(self, responses):
@staticmethod
def _handle_logout(responses):
if 'data' in responses:
ht_args = responses
else:
@@ -652,6 +664,7 @@ class SAML2Plugin(object):
else:
return ht_args["data"]
def make_plugin(remember_name=None, # plugin for remember
cache="", # cache
# Which virtual organization to support