81 lines
2.5 KiB
Python
81 lines
2.5 KiB
Python
import logging
|
|
from saml2.attribute_resolver import AttributeResolver
|
|
from saml2.saml import NAMEID_FORMAT_PERSISTENT
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
class VirtualOrg(object):
|
|
def __init__(self, sp, vorg, cnf):
|
|
self.sp = sp # The parent SP client instance
|
|
self._name = vorg
|
|
self.common_identifier = cnf["common_identifier"]
|
|
try:
|
|
self.member = cnf["member"]
|
|
except KeyError:
|
|
self.member = []
|
|
try:
|
|
self.nameid_format = cnf["nameid_format"]
|
|
except KeyError:
|
|
self.nameid_format = NAMEID_FORMAT_PERSISTENT
|
|
|
|
def _cache_session(self, session_info):
|
|
return True
|
|
|
|
def _affiliation_members(self):
|
|
"""
|
|
Get the member of the Virtual Organization from the metadata,
|
|
more specifically from AffiliationDescriptor.
|
|
"""
|
|
return self.sp.config.metadata.vo_members(self._name)
|
|
|
|
def members_to_ask(self, name_id):
|
|
"""Find the member of the Virtual Organization that I haven't already
|
|
spoken too
|
|
"""
|
|
|
|
vo_members = self._affiliation_members()
|
|
for member in self.member:
|
|
if member not in vo_members:
|
|
vo_members.append(member)
|
|
|
|
# Remove the ones I have cached data from about this subject
|
|
vo_members = [m for m in vo_members if not self.sp.users.cache.active(
|
|
name_id, m)]
|
|
logger.info("VO members (not cached): %s", vo_members)
|
|
return vo_members
|
|
|
|
def get_common_identifier(self, name_id):
|
|
(ava, _) = self.sp.users.get_identity(name_id)
|
|
if ava == {}:
|
|
return None
|
|
|
|
ident = self.common_identifier
|
|
|
|
try:
|
|
return ava[ident][0]
|
|
except KeyError:
|
|
return None
|
|
|
|
def do_aggregation(self, name_id):
|
|
|
|
logger.info("** Do VO aggregation **\nSubjectID: %s, VO:%s",
|
|
name_id, self._name)
|
|
|
|
to_ask = self.members_to_ask(name_id)
|
|
if to_ask:
|
|
com_identifier = self.get_common_identifier(name_id)
|
|
|
|
resolver = AttributeResolver(self.sp)
|
|
# extends returns a list of session_infos
|
|
for session_info in resolver.extend(
|
|
com_identifier, self.sp.config.entityid, to_ask):
|
|
_ = self._cache_session(session_info)
|
|
|
|
logger.info(">Issuers: %s", self.sp.users.issuers_of_info(name_id))
|
|
logger.info("AVA: %s", self.sp.users.get_identity(name_id))
|
|
|
|
return True
|
|
else:
|
|
return False
|