def buildMetadata(self, sp_settings, dbSave = True):
try:
makeMetadata = self.makeMetadata(sp_settings)
if makeMetadata.error.code == '200':
metadata = makeMetadata.result.metadata
sp = sp_settings['result']['sp']['cod_sp']
## insert into DB
if dbSave:
task = asyncio.run_coroutine_threadsafe(self.dbobjSaml.execute_statment("write_assertion('%s', '%s', %s, '%s')" %
(metadata.replace("'", "''"), sp, 'NULL', self.remote_ip)), globalsObj.ioloop)
wrtMetada = waitFuture(task)
if wrtMetada['error'] == 0:
task = asyncio.run_coroutine_threadsafe(self.dbobjJwt.execute_statment("get_token_by_cod('%s')" %
(wrtMetada['result'][0]['cod_token'])), globalsObj.ioloop)
jwt = waitFuture(task)
response_obj = ResponseObj(httpcode=200, ID = wrtMetada['result'][0]['ID_assertion'])
response_obj.setError('200')
response_obj.setResult(metadata = metadata, jwt=jwt['result'][0]['token'],
idassertion=wrtMetada['result'][0]['ID_assertion'])
# insert metadata in saml.metadata table
task = asyncio.run_coroutine_threadsafe(self.dbobjSaml.execute_query(self.dbobjSaml.query['insert_metadata']['sql'],
sp+"_metadata", metadata, sp), globalsObj.ioloop)
insert_metadata = waitFuture(task)
else:
response_obj = ResponseObj(httpcode=500, debugMessage=wrtMetada['result'])
response_obj.setError("easyspid105")
logging.getLogger(type(self).__module__+"."+type(self).__qualname__).error('Exception',exc_info=True)
else:
response_obj = ResponseObj(httpcode=200)
response_obj.setError('200')
response_obj.setResult(metadata = metadata, jwt="")
else:
response_obj = makeMetadata
except tornado.web.MissingArgumentError as error:
response_obj = ResponseObj(debugMessage=error.log_message, httpcode=error.status_code,
devMessage=error.log_message)
response_obj.setError(str(error.status_code))
logging.getLogger(type(self).__module__+"."+type(self).__qualname__).error('%s'% error,exc_info=True)
except Exception as inst:
response_obj = ResponseObj(httpcode=500)
response_obj.setError('500')
logging.getLogger(type(self).__module__+"."+type(self).__qualname__).error('Exception',exc_info=True)
return response_obj
def chkExistsReq(self, checkInResponseTo):
# try to get sp searching a corresponding request and raise error if checkInResponseTo is True
inResponseChk = waitFuture(
asyncio.run_coroutine_threadsafe(
self.dbobjSaml.execute_statment("chk_idAssertion('%s')" %
self.inResponseTo),
globalsObj.ioloop))
if inResponseChk['error'] == 0 and inResponseChk['result'] is not None:
return inResponseChk['result'][0]['cod_sp']
elif checkInResponseTo and inResponseChk[
'error'] == 0 and inResponseChk['result'] == None:
response_obj = ResponseObj(httpcode=404, ID=self.ResponseID)
response_obj.setError('easyspid120')
response_obj.setResult(response=str(self.response, 'utf-8'))
raise goExit(response_obj, 'exit by chkExistsReq')
elif not checkInResponseTo and inResponseChk[
'error'] == 0 and inResponseChk['result'] == None:
response_obj = ResponseObj(httpcode=404, ID=self.ResponseID)
response_obj.setError('easyspid120')
response_obj.setResult(response=str(self.response, 'utf-8'))
return None
elif inResponseChk['error'] > 0:
response_obj = ResponseObj(httpcode=500)
response_obj.setError('easyspid105')
response_obj.setResult(inResponseChk['result'])
raise goExit(response_obj, 'exit by chkExistsReq')
def getSpByAudience(self):
task3 = asyncio.run_coroutine_threadsafe(
self.dbobjSaml.execute_statment(
"get_provider_byentityid(%s, '%s')" %
('True', '{' + (self.audience.text.strip()) + '}')),
globalsObj.ioloop)
audienceChk = waitFuture(task3)
if audienceChk['error'] == 0 and audienceChk['result'] is not None:
return audienceChk['result'][0]['cod_provider']
elif audienceChk['error'] == 0 and audienceChk['result'] is None:
response_obj = ResponseObj(httpcode=404)
response_obj.setError('easyspid115')
raise goExit(response_obj, 'exit by getSpByAudience')
elif audienceChk['error'] > 0:
response_obj = ResponseObj(httpcode=500)
response_obj.setError('easyspid105')
response_obj.setResult(audienceChk['result'])
raise goExit(response_obj, 'exit by getSpByAudience')
def getIdentyIdp(self):
# get IdP
task2 = asyncio.run_coroutine_threadsafe(
self.dbobjSaml.execute_statment(
"get_provider_byentityid(%s, '%s')" %
('True', '{' + (self.issuer.text.strip()) + '}')),
globalsObj.ioloop)
idpEntityId = waitFuture(task2)
if idpEntityId['error'] == 0 and idpEntityId['result'] is not None:
idp_metadata = idpEntityId['result'][0]['xml']
idp = idpEntityId['result'][0]['cod_provider']
return (idp_metadata, idp)
elif idpEntityId['error'] == 0 and idpEntityId['result'] is None:
response_obj = ResponseObj(httpcode=404)
response_obj.setError('easyspid103')
raise goExit(response_obj, 'exit by getIdentyIdp')
elif idpEntityId['error'] > 0:
response_obj = ResponseObj(httpcode=500,
debugMessage=idpEntityId['result'])
response_obj.setError("easyspid105")
raise goExit(response_obj, 'exit by getIdentyIdp')
def buildAthnReq(self,
sp_settings,
attributeIndex,
sp_metadata=None,
signed=True):
try:
if sp_settings['error'] == 0 and sp_settings['result'] is not None:
sp = sp_settings['result']['sp']['cod_sp']
idp = sp_settings['result']['idp']['cod_idp']
# get sp metadata to read attributeIndex location.
if sp_metadata is None:
sp_metadata = buildMetadatahandler.makeMetadata(
sp_settings).result.metadata
ns = {
'md0': OneLogin_Saml2_Constants.NS_MD,
'md1': OneLogin_Saml2_Constants.NS_SAML
}
parsedMetadata = xml.etree.ElementTree.fromstring(sp_metadata)
attributeConsumingService = parsedMetadata.find(
"md0:SPSSODescriptor/md0:AssertionConsumerService[@index='%s']"
% attributeIndex, ns)
if attributeConsumingService == None:
response_obj = ResponseObj(httpcode=404)
response_obj.setError('easyspid102')
return response_obj
spSettings = Saml2_Settings(sp_settings['result'])
key = spSettings.get_sp_key()
cert = spSettings.get_sp_cert()
sign_alg = (
spSettings.get_security_data())['signatureAlgorithm']
digest = (spSettings.get_security_data())['digestAlgorithm']
# build auth request
authn_request = Saml2_Authn_Request(spSettings,
force_authn=True,
is_passive=False,
set_nameid_policy=True)
authn_request_xml = authn_request.get_xml()
## inserisci attribute index
ns = {
'md0': OneLogin_Saml2_Constants.NS_MD,
'md1': OneLogin_Saml2_Constants.NS_SAML
}
xml.etree.ElementTree.register_namespace(
'md0', OneLogin_Saml2_Constants.NS_MD)
xml.etree.ElementTree.register_namespace(
'md1', OneLogin_Saml2_Constants.NS_SAML)
parsedMetadata = xml.etree.ElementTree.fromstring(
authn_request_xml)
parsedMetadata.attrib[
'AttributeConsumingServiceIndex'] = attributeIndex
parsedMetadata.attrib[
'AssertionConsumerServiceURL'] = attributeConsumingService.attrib[
'Location']
issuer = parsedMetadata.find("md1:Issuer", ns)
issuer.set("Format",
"urn:oasis:names:tc:SAML:2.0:nameid-format:entity")
issuer.set("NameQualifier",
(spSettings.get_sp_data())['entityId'])
## inserisci attributi del nodo isuuer
authn_request_xml = xml.etree.ElementTree.tostring(
parsedMetadata, encoding="unicode")
if signed:
#authn_request_signed = OneLogin_Saml2_Utils.add_sign(authn_request_xml, key, cert, debug=False,
# sign_algorithm=sign_alg, digest_algorithm=digest)
authn_request_signed = AddSign(authn_request_xml, key,
cert, False, sign_alg,
digest)
authn_request_signed = str(authn_request_signed, 'utf-8')
else:
authn_request_signed = authn_request_xml
## insert into DB
task = asyncio.run_coroutine_threadsafe(
self.dbobjSaml.execute_statment(
"write_assertion('%s', '%s', '%s', '%s')" %
(authn_request_signed.replace(
"'", "''"), sp, idp, self.remote_ip)),
globalsObj.ioloop)
#assert not task.done()
#wrtAuthn = task.result()
wrtAuthn = waitFuture(task)
if wrtAuthn['error'] == 0:
task = asyncio.run_coroutine_threadsafe(
self.dbobjJwt.execute_statment(
"get_token_by_cod('%s')" %
(wrtAuthn['result'][0]['cod_token'])),
globalsObj.ioloop)
#assert not task.done()
#jwt = task.result()
jwt = waitFuture(task)
response_obj = ResponseObj(
httpcode=200, ID=wrtAuthn['result'][0]['ID_assertion'])
response_obj.setError('200')
response_obj.setResult(
authnrequest=authn_request_signed,
jwt=jwt['result'][0]['token'],
idassertion=wrtAuthn['result'][0]['ID_assertion'])
else:
response_obj = ResponseObj(httpcode=500,
debugMessage=wrtAuthn['result'])
response_obj.setError("easyspid105")
logging.getLogger(
type(self).__module__ + "." +
type(self).__qualname__).error('Exception',
exc_info=True)
elif sp_settings['error'] == 0 and sp_settings['result'] == None:
response_obj = ResponseObj(httpcode=404)
response_obj.setError('easyspid101')
elif sp_settings['error'] > 0:
response_obj = ResponseObj(httpcode=500,
debugMessage=sp_settings['result'])
response_obj.setError("easyspid105")
except tornado.web.MissingArgumentError as error:
response_obj = ResponseObj(debugMessage=error.log_message,
httpcode=error.status_code,
devMessage=error.log_message)
response_obj.setError(str(error.status_code))
logging.getLogger(
type(self).__module__ + "." + type(self).__qualname__).error(
'%s' % error, exc_info=True)
except Exception as inst:
response_obj = ResponseObj(httpcode=500)
response_obj.setError('500')
logging.getLogger(
type(self).__module__ + "." + type(self).__qualname__).error(
'Exception', exc_info=True)
return response_obj
def processResponse(self, chkTime=True, checkInResponseTo=True):
try:
# get response and Relay state
responsePost = self.get_argument('SAMLResponse')
srelayPost = self.get_argument('RelayState')
# decode saml response
#response = responsePost
self.response = responsePost
try:
self.response = OneLogin_Saml2_Utils.decode_base64_and_inflate(
responsePost)
except Exception:
try:
self.response = OneLogin_Saml2_Utils.b64decode(
responsePost)
except Exception:
pass
# try:
# #response = OneLogin_Saml2_Utils.b64decode(responsePost)
# self.response = OneLogin_Saml2_Utils.b64decode(responsePost)
# except Exception:
# pass
## parse XML and make some check
ns = {
'md0': OneLogin_Saml2_Constants.NS_SAMLP,
'md1': OneLogin_Saml2_Constants.NS_SAML
}
parsedResponse = xml.etree.ElementTree.fromstring(self.response)
self.inResponseTo = parsedResponse.get('InResponseTo')
self.ResponseID = parsedResponse.get('ID')
issuer = self.issuer = parsedResponse.find("md1:Issuer", ns)
if issuer is None:
response_obj = ResponseObj(httpcode=401)
response_obj.setError('easyspid118')
return response_obj
#spByInResponseTo = None
# try to get sp searching a corresponding request and raise error if checkInResponseTo is True
# inResponseChk = waitFuture(asyncio.run_coroutine_threadsafe(self.dbobjSaml.execute_statment("chk_idAssertion('%s')" %
# inResponseTo), globalsObj.ioloop))
# if inResponseChk['error'] == 0 and inResponseChk['result'] is not None:
# spByInResponseTo = inResponseChk['result'][0]['cod_sp']
#
# elif checkInResponseTo and inResponseChk['error'] == 0 and inResponseChk['result'] == None:
# response_obj = ResponseObj(httpcode=404, ID = ResponseID)
# response_obj.setError('easyspid120')
# response_obj.setResult(response = str(response, 'utf-8'))
# return response_obj
#
# elif inResponseChk['error'] > 0:
# response_obj = ResponseObj(httpcode=500)
# response_obj.setError('easyspid105')
# response_obj.setResult(inResponseChk['result'])
# return response_obj
# try to get sp searching a corresponding request and raise error if checkInResponseTo is True
spByInResponseTo = self.chkExistsReq(checkInResponseTo)
### check StatusCode to find errors
firstChk = easyspid.lib.utils.validateAssertion(
str(self.response, 'utf-8'), None, None)
if not firstChk['chkStatus']:
#get errors codes
samlErrors = waitFuture(
asyncio.run_coroutine_threadsafe(
getResponseError(parsedResponse,
sp=spByInResponseTo,
namespace=ns), globalsObj.ioloop))
if samlErrors['error'] == '0':
response_obj = ResponseObj(httpcode=400,
ID=self.ResponseID)
response_obj.setError('easyspid121')
response_obj.setResult(response=str(
self.response, 'utf-8'),
format='json',
samlErrors=samlErrors['status'])
return self.formatError(response_obj, srelayPost,
samlErrors['service'])
elif samlErrors['error'] == 'easyspid114':
response_obj = ResponseObj(httpcode=404)
response_obj.setError('easyspid114')
return response_obj
else:
response_obj = ResponseObj(httpcode=500)
response_obj.setError('500')
response_obj.setResult(samlErrors['error'])
return response_obj
#decode Relay state
#srelay = srelayPost
self.srelay = srelayPost
try:
self.srelay = OneLogin_Saml2_Utils.decode_base64_and_inflate(
srelayPost)
except Exception:
try:
self.srelay = OneLogin_Saml2_Utils.b64decode(srelayPost)
except Exception:
pass
#self.srelay = OneLogin_Saml2_Utils.b64decode(srelayPost)
#pass
# try:
# #srelay = OneLogin_Saml2_Utils.b64decode(srelayPost)
# self.srelay = OneLogin_Saml2_Utils.b64decode(srelayPost)
# except Exception:
# pass
## get sp by ID
#ns = {'md0': OneLogin_Saml2_Constants.NS_SAMLP, 'md1': OneLogin_Saml2_Constants.NS_SAML}
#parsedResponse = xml.etree.ElementTree.fromstring(response)
#issuer = self.issuer = parsedResponse.find("md1:Issuer", ns)
#inResponseTo = parsedResponse.get('InResponseTo')
#get audience
audience = self.audience = parsedResponse.find(
'md1:Assertion/md1:Conditions/md1:AudienceRestriction/md1:Audience',
ns)
if audience is None:
response_obj = ResponseObj(httpcode=401)
response_obj.setError('easyspid118')
return response_obj
# if issuer is None or audience is None:
# response_obj = ResponseObj(httpcode=401)
# response_obj.setError('easyspid118')
# return response_obj
#task1 = asyncio.run_coroutine_threadsafe(self.dbobjSaml.execute_statment("chk_idAssertion('%s')" %
# inResponseTo), globalsObj.ioloop)
# task2 = asyncio.run_coroutine_threadsafe(self.dbobjSaml.execute_statment("get_provider_byentityid(%s, '%s')" %
# ('True', '{'+(self.issuer.text.strip())+'}')), globalsObj.ioloop)
#task3 = asyncio.run_coroutine_threadsafe(self.dbobjSaml.execute_statment("get_provider_byentityid(%s, '%s')" %
# ('True', '{'+(audience.text.strip())+'}')), globalsObj.ioloop)
#assert not task1.done()
#inResponseChk = task1.result()
#inResponseChk = waitFuture(task1)
#audienceChk = waitFuture(task3)
#spByAudience = None
#spByInResponseTo = None
#if inResponseChk['error'] == 0 and inResponseChk['result'] is not None:
# spByInResponseTo = inResponseChk['result'][0]['cod_sp']
# if audienceChk['error'] == 0 and audienceChk['result'] is not None:
# spByAudience = audienceChk['result'][0]['cod_provider']
#check audinece
# if spByAudience is None:
# response_obj = ResponseObj(httpcode=404)
# response_obj.setError('easyspid115')
# return response_obj
# get sp by audience
spByAudience = self.getSpByAudience()
#check inresponseTo and spByAudience == spByInResponseTo
if checkInResponseTo and spByAudience == spByInResponseTo:
sp = spByAudience
elif checkInResponseTo and spByAudience != spByInResponseTo:
response_obj = ResponseObj(httpcode=401)
response_obj.setError('easyspid110')
return response_obj
sp = spByAudience
# get service by sp and relay_state
try:
task = asyncio.run_coroutine_threadsafe(
self.dbobjSaml.execute_statment(
"get_service(%s, '%s', '%s')" %
('True', str(self.srelay), sp)), globalsObj.ioloop)
#assert not task.done()
#service = task.result()
service = waitFuture(task)
if service['error'] == 0 and service['result'] is not None:
# costruisci il routing
self.routing = dict()
self.routing['url'] = service['result'][0]['url']
self.routing['relaystate'] = self.srelay
self.routing['format'] = service['result'][0]['format']
elif service['error'] > 0 or service['result'] is None:
response_obj = ResponseObj(httpcode=500,
debugMessage=service['result'])
response_obj.setError("easyspid111")
return response_obj
except Exception:
pass
# get IdP
# idpEntityId = waitFuture(task2)
#
# if idpEntityId['error'] == 0 and idpEntityId['result'] is not None:
# idp_metadata = idpEntityId['result'][0]['xml']
# idp = idpEntityId['result'][0]['cod_provider']
#
# elif idpEntityId['error'] == 0 and idpEntityId['result'] is None:
# response_obj = ResponseObj(httpcode=404)
# response_obj.setError('easyspid103')
# return response_obj
#
# elif idpEntityId['error'] > 0:
# response_obj = ResponseObj(httpcode=500, debugMessage=idpEntityId['result'])
# response_obj.setError("easyspid105")
# return response_obj
# get IdP and metadata
(idp_metadata, idp) = self.getIdentyIdp()
# get sp settings
task = asyncio.run_coroutine_threadsafe(
easyspid.lib.easyspid.spSettings(sp, idp, close=True),
globalsObj.ioloop)
sp_settings = waitFuture(task)
if sp_settings['error'] == 0 and sp_settings['result'] != None:
## insert response into DB
task = asyncio.run_coroutine_threadsafe(
self.dbobjSaml.execute_statment(
"write_assertion('%s', '%s', '%s', '%s')" %
(str(self.response, 'utf-8').replace(
"'", "''"), sp, idp, self.remote_ip)),
globalsObj.ioloop)
wrtAuthn = waitFuture(task)
if wrtAuthn['error'] == 0:
if self.routing['format'] == 'saml':
return self.passthrough()
task = asyncio.run_coroutine_threadsafe(
self.dbobjJwt.execute_statment(
"get_token_by_cod('%s')" %
(wrtAuthn['result'][0]['cod_token'])),
globalsObj.ioloop)
#assert not task.done()
#jwt = task.result()
jwt = waitFuture(task)
else:
response_obj = ResponseObj(httpcode=500,
debugMessage=wrtAuthn['result'])
response_obj.setError("easyspid105")
logging.getLogger(
type(self).__module__ + "." +
type(self).__qualname__).error('Exception',
exc_info=True)
return response_obj
# create settings OneLogin dict
#settings = sp_settings['result']
prvdSettings = Saml2_Settings(sp_settings['result'])
chk = easyspid.lib.utils.validateAssertion(
str(self.response, 'utf-8'),
sp_settings['result']['idp']['x509cert_fingerprint'],
sp_settings['result']['idp']['x509cert_fingerprintalg'])
chk['issuer'] = issuer.text.strip()
chk['audience'] = audience.text.strip()
if not chk['chkStatus']:
response_obj = ResponseObj(httpcode=401)
response_obj.setError('easyspid107')
return response_obj
elif not chk['schemaValidate']:
response_obj = ResponseObj(httpcode=401)
response_obj.setError('easyspid104')
response_obj.setResult(responseValidate=chk)
return response_obj
elif not chk['signCheck']:
response_obj = ResponseObj(httpcode=401)
response_obj.setError('easyspid106')
response_obj.setResult(responseValidate=chk)
return response_obj
elif not chk[
'certAllowed'] and globalsObj.easyspid_checkCertificateAllowed:
response_obj = ResponseObj(httpcode=401)
response_obj.setError('easyspid116')
response_obj.setResult(responseValidate=chk)
return response_obj
elif not chk[
'certValidity'] and globalsObj.easyspid_checkCertificateValidity:
response_obj = ResponseObj(httpcode=401)
response_obj.setError('easyspid117')
response_obj.setResult(responseValidate=chk)
return response_obj
elif chkTime and not chk['chkTime']:
response_obj = ResponseObj(httpcode=401)
response_obj.setError('easyspid108')
return response_obj
#get all attributes
attributes = chk['serviceAttributes']
attributes_tmp = dict()
for key in attributes:
attributes_tmp[key] = attributes[key][0]
attributes = attributes_tmp
# build response form
try:
with open(
os.path.join(globalsObj.modules_basedir,
globalsObj.easyspid_responseFormPath),
'rb') as myfile:
response_form = myfile.read().decode("utf-8")
except:
with open(globalsObj.easyspid_responseFormPath,
'rb') as myfile:
response_form = myfile.read().decode("utf-8")
response_obj = ResponseObj(
httpcode=200, ID=wrtAuthn['result'][0]['ID_assertion'])
response_obj.setError('200')
response_obj.setResult(attributes=attributes,
jwt=jwt['result'][0]['token'],
responseValidate=chk,
response=str(self.response, 'utf-8'),
format='json')
response_form = response_form.replace("%URLTARGET%",
self.routing['url'])
response_form = response_form.replace("%RELAYSTATE%",
srelayPost)
response_form = response_form.replace(
"%RESPONSE%",
OneLogin_Saml2_Utils.b64encode(response_obj.jsonWrite()))
self.postTo = response_form
elif sp_settings['error'] == 0 and sp_settings['result'] == None:
response_obj = ResponseObj(httpcode=404)
response_obj.setError('easyspid114')
elif sp_settings['error'] > 0:
#response_obj = sp_settings['result']
response_obj = sp_settings
except goExit as e:
return e.expression
except tornado.web.MissingArgumentError as error:
response_obj = ResponseObj(debugMessage=error.log_message,
httpcode=error.status_code,
devMessage=error.log_message)
response_obj.setError(str(error.status_code))
logging.getLogger(
type(self).__module__ + "." + type(self).__qualname__).error(
'%s' % error, exc_info=True)
except Exception as inst:
response_obj = ResponseObj(httpcode=500)
response_obj.setError('500')
logging.getLogger(
type(self).__module__ + "." + type(self).__qualname__).error(
'Exception', exc_info=True)
return response_obj
def loginAuthnReq(self, sp_settings, idp_metadata, attributeIndex, binding,
srelay_cod):
try:
if binding == 'redirect':
authn_request = authnreqBuildhandler.buildAthnReq(
self, sp_settings, attributeIndex, signed=False)
elif binding == 'post':
authn_request = authnreqBuildhandler.buildAthnReq(
self, sp_settings, attributeIndex, signed=True)
bindingMap = {
'redirect': OneLogin_Saml2_Constants.BINDING_HTTP_REDIRECT,
'post': OneLogin_Saml2_Constants.BINDING_HTTP_POST
}
if (sp_settings['error'] == 0 and sp_settings['result'] is not None
and idp_metadata.error.code == '200'
and authn_request.error.code == '200'):
sp = sp_settings['result']['sp']['cod_sp']
idp = sp_settings['result']['idp']['cod_idp']
# get relay state
task = asyncio.run_coroutine_threadsafe(
self.dbobjSaml.execute_statment(
"get_service(%s, '%s', '%s')" %
('True', str(srelay_cod), sp)), globalsObj.ioloop)
#assert not task.done()
#srelay = task.result()
srelay = waitFuture(task)
if srelay['error'] == 0 and srelay['result'] is None:
response_obj = ResponseObj(httpcode=404)
response_obj.setError('easyspid113')
return response_obj
elif srelay['error'] > 0:
response_obj = ResponseObj(
httpcode=500, debugMessage=sp_settings['result'])
response_obj.setError("easyspid105")
return response_obj
#if (sp_settings['error'] == 0 and sp_settings['result'] is not None
#and idp_metadata.error.code == '200' and authn_request.error.code == '200'):
idp_data = OneLogin_Saml2_IdPMetadataParser.parse(
idp_metadata.result.metadata,
required_sso_binding=bindingMap[binding],
required_slo_binding=bindingMap[binding])
idp_settings = idp_data['idp']
# fake authn_request
req = {
"http_host": "",
"script_name": "",
"server_port": "",
"get_data": "",
"post_data": ""
}
settings = sp_settings['result']
if 'entityId' in idp_settings:
settings['idp']['entityId'] = idp_settings['entityId']
if 'singleLogoutService' in idp_settings:
settings['idp']['singleLogoutService'] = idp_settings[
'singleLogoutService']
if 'singleSignOnService' in idp_settings:
settings['idp']['singleSignOnService'] = idp_settings[
'singleSignOnService']
if 'x509cert' in idp_settings:
settings['idp']['x509cert'] = idp_settings['x509cert']
auth = OneLogin_Saml2_Auth(req, sp_settings['result'])
spSettings = Saml2_Settings(sp_settings['result'])
sign_alg = (
spSettings.get_security_data())['signatureAlgorithm']
# build login message
# redirect binding
if binding == 'redirect':
saml_request = OneLogin_Saml2_Utils.deflate_and_base64_encode(
authn_request.result.authnrequest)
parameters = {'SAMLRequest': saml_request}
parameters['RelayState'] = srelay['result'][0][
'relay_state']
auth.add_request_signature(parameters, sign_alg)
redirectLocation = auth.redirect_to(
auth.get_sso_url(), parameters)
response_obj = ResponseObj(httpcode=200)
response_obj.setError('200')
response_obj.setResult(redirectTo=redirectLocation,
jwt=authn_request.result.jwt)
# POST binding
elif binding == 'post':
saml_request_signed = OneLogin_Saml2_Utils.b64encode(
authn_request.result.authnrequest)
relay_state = OneLogin_Saml2_Utils.b64encode(
srelay['result'][0]['relay_state'])
idpsso = idp_settings['singleSignOnService']['url']
try:
with open(
os.path.join(globalsObj.modules_basedir,
globalsObj.easyspid_postFormPath),
'rb') as myfile:
post_form = myfile.read().decode("utf-8").replace(
'\n', '')
except:
with open(globalsObj.easyspid_postFormPath,
'rb') as myfile:
post_form = myfile.read().decode("utf-8").replace(
'\n', '')
post_form = post_form.replace("%IDPSSO%", idpsso)
post_form = post_form.replace("%AUTHNREQUEST%",
saml_request_signed)
post_form = post_form.replace("%RELAYSTATE%", relay_state)
response_obj = ResponseObj(httpcode=200)
response_obj.setError('200')
response_obj.setResult(postTo=post_form,
jwt=authn_request.result.jwt)
elif sp_settings['error'] == 0 and sp_settings['result'] is None:
response_obj = ResponseObj(httpcode=404)
response_obj.setError('easyspid101')
elif sp_settings['error'] > 0:
response_obj = ResponseObj(httpcode=500,
debugMessage=sp_settings['result'])
response_obj.setError("easyspid105")
except tornado.web.MissingArgumentError as error:
response_obj = ResponseObj(debugMessage=error.log_message,
httpcode=error.status_code,
devMessage=error.log_message)
response_obj.setError(str(error.status_code))
logging.getLogger(
type(self).__module__ + "." + type(self).__qualname__).error(
'%s' % error, exc_info=True)
except Exception as inst:
response_obj = ResponseObj(httpcode=500)
response_obj.setError('500')
logging.getLogger(
type(self).__module__ + "." + type(self).__qualname__).error(
'Exception', exc_info=True)
return response_obj