def logout_list(self, request):
all_sessions = models.LibertySession.objects.filter(
django_session_key=request.session.session_key)
logger.debug("logout_list: all_sessions %s" % str(all_sessions))
provider_ids = set([s.provider_id for s in all_sessions])
logger.debug("logout_list: provider_ids %s" % str(provider_ids))
result = []
for provider_id in provider_ids:
name = provider_id
provider = None
try:
provider = models.LibertyProvider.objects.get(entity_id=provider_id)
name = provider.name
except LibertyProvider.DoesNotExist:
logger.error('logout_list: session found for unknown provider %s' \
% provider_id)
else:
policy = common.get_sp_options_policy(provider)
if not policy:
logger.error('logout_list: No policy found for %s' % provider_id)
elif not policy.forward_slo:
logger.info('logout_list: %s configured to not reveive slo' \
% provider_id)
else:
code = '<div>'
code += _('Sending logout to %(name)s....') % { 'name': name or provider_id}
code += '<iframe src="%s?provider_id=%s" marginwidth="0" marginheight="0" \
scrolling="no" style="border: none" width="16" height="16"></iframe></div>' % \
(reverse(saml2_endpoints.idp_slo, args=[provider_id]), provider_id)
logger.debug("logout_list: code %s" % str(code))
result.append(code)
return result
def service_list(self, request):
q = models.LibertyServiceProvider.objects.filter(enabled = True)
ls = []
for service_provider in q:
liberty_provider = service_provider.liberty_provider
policy = common.get_sp_options_policy(liberty_provider)
if policy and policy.idp_initiated_sso:
actions = []
entity_id = liberty_provider.entity_id
if liberty_provider.protocol_conformance < 3:
protocol = 'idff12'
else:
protocol = 'saml2'
actions.append(('login', 'POST',
'/idp/%s/idp_sso/' % protocol,
(('provider_id', entity_id ),)))
if models.LibertySession.objects.filter(
django_session_key=request.session.session_key,
provider_id=entity_id).exists():
actions.append(('logout', 'POST',
'/idp/%s/idp_slo/' % protocol,
(( 'provider_id', entity_id ),)))
ls.append(Service(url=None, name=liberty_provider.name,
actions=actions))
return ls
def logout_list(self, request):
all_sessions = models.LibertySession.objects.filter(
django_session_key=request.session.session_key)
logger.debug("logout_list: all_sessions %r" % all_sessions)
provider_ids = set([s.provider_id for s in all_sessions])
logger.debug("logout_list: provider_ids %r" % provider_ids)
result = []
for provider_id in provider_ids:
name = provider_id
provider = None
try:
provider = models.LibertyProvider.objects.get(entity_id=provider_id)
name = provider.name
except models.LibertyProvider.DoesNotExist:
logger.error('logout_list: session found for unknown provider %s' \
% provider_id)
else:
policy = common.get_sp_options_policy(provider)
if not policy:
logger.error('logout_list: No policy found for %s' % provider_id)
elif not policy.forward_slo:
logger.info('logout_list: %s configured to not reveive slo' \
% provider_id)
else:
url = reverse(saml2_endpoints.idp_slo, args=[provider_id])
url = '{0}?provider_id={1}'.format(url,
urllib.quote(provider_id))
name = name or provider_id
code = render_to_string('idp/saml/logout_fragment.html', {
'needs_iframe': policy.needs_iframe_logout,
'name': name, 'url': url,
'iframe_timeout': policy.iframe_logout_timeout})
result.append(code)
return result
def service_list(self, request):
q = models.LibertyServiceProvider.objects.filter(enabled = True) \
.select_related()
ls = []
sessions = models.LibertySession.objects.filter(
django_session_key=request.session.session_key)
sessions_eids = set(session.provider_id for session in sessions)
all_policy = common.get_sp_options_policy_all()
default_policy = common.get_sp_options_policy_default()
queries = []
if all_policy and all_policy.idp_initiated_sso:
queries.append(q)
queries.append(q.filter(liberty_provider__entity_id__in=sessions_eids))
else:
queries.append(q.filter(sp_options_policy__enabled=True,
sp_options_policy__idp_initiated_sso=True))
queries.append(q.filter(sp_options_policy__enabled=True,
sp_options_policy__accept_slo=True,
liberty_provider__entity_id__in=sessions_eids))
if default_policy and default_policy.idp_initiated_sso:
queries.append(q.filter(sp_options_policy__isnull=True))
if default_policy and default_policy.accept_slo:
queries.append(q.filter(sp_options_policy__isnull=True,
liberty_provider__entity_id__in=sessions_eids))
qs = reduce(operator.__or__, queries)
for service_provider in qs:
liberty_provider = service_provider.liberty_provider
policy = common.get_sp_options_policy(liberty_provider)
if policy:
actions = []
entity_id = liberty_provider.entity_id
protocol = 'saml2'
if policy.idp_initiated_sso:
actions.append(('login', 'POST',
'/idp/%s/idp_sso/' % protocol,
(('provider_id', entity_id ),)))
if policy.accept_slo and entity_id in sessions_eids:
actions.append(('logout', 'POST',
'/idp/%s/idp_slo/' % protocol,
(( 'provider_id', entity_id ),)))
if actions:
ls.append(Service(url=None, name=liberty_provider.name,
actions=actions))
return ls
def logout_list(self, request):
all_sessions = models.LibertySession.objects.filter(
django_session_key=request.session.session_key)
self.logger.debug("all_sessions %r" % all_sessions)
provider_ids = set([s.provider_id for s in all_sessions])
self.logger.debug("provider_ids %r" % provider_ids)
result = []
for provider_id in provider_ids:
name = provider_id
provider = None
try:
provider = models.LibertyProvider.objects.get(
entity_id=provider_id)
name = provider.name
except models.LibertyProvider.DoesNotExist:
self.logger.error(u'session found for unknown provider %s',
provider_id)
else:
policy = common.get_sp_options_policy(provider)
if not policy:
self.logger.error(u'No policy found for %s', provider_id)
elif not policy.forward_slo:
self.logger.info(u'%s configured to not reveive slo',
provider_id)
else:
url = reverse(saml2_endpoints.idp_slo, args=[provider_id])
# add a nonce so this link is never cached
nonce = hex(random.getrandbits(128))
url = '{0}?provider_id={1}&nonce={2}'.format(
url, urllib.quote(provider_id), nonce)
name = name or provider_id
code = render_to_string(
'idp/saml/logout_fragment.html', {
'needs_iframe': policy.needs_iframe_logout,
'name': name,
'url': url,
'iframe_timeout': policy.iframe_logout_timeout
})
result.append(code)
return result
