def _create_base_saml_assertion(self, context, auth): issuer = CONF.saml.idp_entity_id sp_id = auth['scope']['service_provider']['id'] service_provider = self.federation_api.get_sp(sp_id) utils.assert_enabled_service_provider_object(service_provider) sp_url = service_provider.get('sp_url') token_id = auth['identity']['token']['id'] token_data = self.token_provider_api.validate_token(token_id) token_ref = token_model.KeystoneToken(token_id, token_data) subject = token_ref.user_name roles = token_ref.role_names if not token_ref.project_scoped: action = _('Use a project scoped token when attempting to create ' 'a SAML assertion') raise exception.ForbiddenAction(action=action) project = token_ref.project_name # NOTE(rodrigods): the domain name is necessary in order to distinguish # between projects with the same name in different domains. domain = token_ref.project_domain_name generator = keystone_idp.SAMLGenerator() response = generator.samlize_token(issuer, sp_url, subject, roles, project, domain) return (response, service_provider)
def _create_base_saml_assertion(self, context, auth): issuer = CONF.saml.idp_entity_id sp_id = auth['scope']['service_provider']['id'] service_provider = self.federation_api.get_sp(sp_id) utils.assert_enabled_service_provider_object(service_provider) sp_url = service_provider.get('sp_url') token_id = auth['identity']['token']['id'] token_data = self.token_provider_api.validate_token(token_id) token_ref = token_model.KeystoneToken(token_id, token_data) if not token_ref.project_scoped: action = _('Use a project scoped token when attempting to create ' 'a SAML assertion') raise exception.ForbiddenAction(action=action) subject = token_ref.user_name roles = token_ref.role_names project = token_ref.project_name # NOTE(rodrigods): the domain name is necessary in order to distinguish # between projects and users with the same name in different domains. project_domain_name = token_ref.project_domain_name subject_domain_name = token_ref.user_domain_name generator = keystone_idp.SAMLGenerator() response = generator.samlize_token(issuer, sp_url, subject, subject_domain_name, roles, project, project_domain_name) return (response, service_provider)
def create_saml_assertion(self, context, auth): """Exchange a scoped token for a SAML assertion. :param auth: Dictionary that contains a token and service provider id :returns: SAML Assertion based on properties from the token """ issuer = CONF.saml.idp_entity_id sp_id = auth['scope']['service_provider']['id'] service_provider = self.federation_api.get_sp(sp_id) utils.assert_enabled_service_provider_object(service_provider) sp_url = service_provider.get('sp_url') auth_url = service_provider.get('auth_url') token_id = auth['identity']['token']['id'] token_data = self.token_provider_api.validate_token(token_id) token_ref = token_model.KeystoneToken(token_id, token_data) subject = token_ref.user_name roles = token_ref.role_names if not token_ref.project_scoped: action = _('Use a project scoped token when attempting to create ' 'a SAML assertion') raise exception.ForbiddenAction(action=action) project = token_ref.project_name generator = keystone_idp.SAMLGenerator() response = generator.samlize_token(issuer, sp_url, subject, roles, project) return wsgi.render_response(body=response.to_string(), status=('200', 'OK'), headers=[('Content-Type', 'text/xml'), ('X-sp-url', six.binary_type(sp_url)), ('X-auth-url', six.binary_type(auth_url))])
def _create_base_saml_assertion(self, context, auth): issuer = CONF.saml.idp_entity_id sp_id = auth['scope']['service_provider']['id'] service_provider = self.federation_api.get_sp(sp_id) utils.assert_enabled_service_provider_object(service_provider) sp_url = service_provider.get('sp_url') token_id = auth['identity']['token']['id'] token_data = self.token_provider_api.validate_token(token_id) token_ref = token_model.KeystoneToken(token_id, token_data) subject = token_ref.user_name roles = token_ref.role_names if not token_ref.project_scoped: action = _('Use a project scoped token when attempting to create ' 'a SAML assertion') raise exception.ForbiddenAction(action=action) project = token_ref.project_name generator = keystone_idp.SAMLGenerator() response = generator.samlize_token(issuer, sp_url, subject, roles, project) return (response, service_provider)
def create_saml_assertion(self, context, auth): """Exchange a scoped token for a SAML assertion. :param auth: Dictionary that contains a token and service provider id :returns: SAML Assertion based on properties from the token """ issuer = CONF.saml.idp_entity_id sp_id = auth['scope']['service_provider']['id'] service_provider = self.federation_api.get_sp(sp_id) utils.assert_enabled_service_provider_object(service_provider) sp_url = service_provider.get('sp_url') auth_url = service_provider.get('auth_url') token_id = auth['identity']['token']['id'] token_data = self.token_provider_api.validate_token(token_id) token_ref = token_model.KeystoneToken(token_id, token_data) subject = token_ref.user_name roles = token_ref.role_names if not token_ref.project_scoped: action = _('Use a project scoped token when attempting to create ' 'a SAML assertion') raise exception.ForbiddenAction(action=action) project = token_ref.project_name generator = keystone_idp.SAMLGenerator() response = generator.samlize_token(issuer, sp_url, subject, roles, project) return wsgi.render_response(body=response.to_string(), status=('200', 'OK'), headers=[('Content-Type', 'text/xml'), ('X-sp-url', sp_url), ('X-auth-url', auth_url)])