def test_request_to_discovery_service(self):
disc_url = "http://example.com/saml2/idp/disc"
url = discovery_service_request_url("urn:mace:example.com:saml:roland:sp",
disc_url)
print url
assert url == "http://example.com/saml2/idp/disc?entityID=urn%3Amace%3Aexample.com%3Asaml%3Aroland%3Asp"
url = discovery_service_request_url(
self.client.config.entityid,
disc_url,
return_url= "http://example.org/saml2/sp/ds")
print url
assert url == "http://example.com/saml2/idp/disc?entityID=urn%3Amace%3Aexample.com%3Asaml%3Aroland%3Asp&return=http%3A%2F%2Fexample.org%2Fsaml2%2Fsp%2Fds"
def _pick_idp(self, environ, came_from):
"""
If more than one idp and if none is selected, I have to do wayf or
disco
"""
# check headers to see if it's an ECP request
# headers = {
# 'Accept' : 'text/html; application/vnd.paos+xml',
# 'PAOS' : 'ver="%s";"%s"' % (paos.NAMESPACE, SERVICE)
# }
logger.info("[_pick_idp] %s" % environ)
if "HTTP_PAOS" in environ:
if environ["HTTP_PAOS"] == PAOS_HEADER_INFO:
if 'application/vnd.paos+xml' in environ["HTTP_ACCEPT"]:
# Where should I redirect the user to
# entityid -> the IdP to use
# relay_state -> when back from authentication
logger.info("- ECP client detected -")
_relay_state = construct_came_from(environ)
_entityid = self.saml_client.config.ecp_endpoint(
environ["REMOTE_ADDR"])
if not _entityid:
return -1, HTTPInternalServerError(
detail="No IdP to talk to"
)
logger.info("IdP to talk to: %s" % _entityid)
return ecp.ecp_auth_request(self.saml_client, _entityid,
_relay_state)
else:
return -1, HTTPInternalServerError(
detail='Faulty Accept header')
else:
return -1, HTTPInternalServerError(
detail='unknown ECP version')
idps = self.metadata.with_descriptor("idpsso")
logger.info("IdP URL: %s" % idps)
if len( idps ) == 1:
# idps is a dictionary
idp_entity_id = idps.keys()[0]
elif not len(idps):
return -1, HTTPInternalServerError(detail='Misconfiguration')
else:
idp_entity_id = ""
logger.info("ENVIRON: %s" % environ)
query = environ.get('s2repoze.body','')
if not query:
query = environ.get("QUERY_STRING","")
logger.info("<_pick_idp> query: %s" % query)
if self.wayf:
if query:
try:
wayf_selected = dict(parse_qs(query))["wayf_selected"][0]
except KeyError:
return self._wayf_redirect(came_from)
idp_entity_id = wayf_selected
else:
return self._wayf_redirect(came_from)
elif self.discovery:
if query:
idp_entity_id = discovery_service_response(
query=environ.get("QUERY_STRING"))
else:
sid_ = sid()
self.outstanding_queries[sid_] = came_from
logger.info("Redirect to Discovery Service function")
eid = self.saml_client.config.entity_id
loc = discovery_service_request_url(eid, self.discovery)
return -1, HTTPSeeOther(headers = [('Location',loc)])
else:
return -1, HTTPNotImplemented(detail='No WAYF or DJ present!')
logger.info("Choosen IdP: '%s'" % idp_entity_id)
return 0, idp_entity_id
def _pick_idp(self, environ, came_from):
"""
If more than one idp and if none is selected, I have to do wayf or
disco
"""
# check headers to see if it's an ECP request
# headers = {
# 'Accept' : 'text/html; application/vnd.paos+xml',
# 'PAOS' : 'ver="%s";"%s"' % (paos.NAMESPACE, SERVICE)
# }
logger.info("[_pick_idp] %s" % environ)
if "HTTP_PAOS" in environ:
if environ["HTTP_PAOS"] == PAOS_HEADER_INFO:
if 'application/vnd.paos+xml' in environ["HTTP_ACCEPT"]:
# Where should I redirect the user to
# entityid -> the IdP to use
# relay_state -> when back from authentication
logger.info("- ECP client detected -")
_relay_state = construct_came_from(environ)
_entityid = self.saml_client.config.ecp_endpoint(
environ["REMOTE_ADDR"])
if not _entityid:
return -1, HTTPInternalServerError(
detail="No IdP to talk to")
logger.info("IdP to talk to: %s" % _entityid)
return ecp.ecp_auth_request(self.saml_client, _entityid,
_relay_state)
else:
return -1, HTTPInternalServerError(
detail='Faulty Accept header')
else:
return -1, HTTPInternalServerError(
detail='unknown ECP version')
idps = self.metadata.with_descriptor("idpsso")
logger.info("IdP URL: %s" % idps)
if len(idps) == 1:
# idps is a dictionary
idp_entity_id = idps.keys()[0]
elif not len(idps):
return -1, HTTPInternalServerError(detail='Misconfiguration')
else:
idp_entity_id = ""
logger.info("ENVIRON: %s" % environ)
query = environ.get('s2repoze.body', '')
if not query:
query = environ.get("QUERY_STRING", "")
logger.info("<_pick_idp> query: %s" % query)
if self.wayf:
if query:
try:
wayf_selected = dict(
parse_qs(query))["wayf_selected"][0]
except KeyError:
return self._wayf_redirect(came_from)
idp_entity_id = wayf_selected
else:
return self._wayf_redirect(came_from)
elif self.discovery:
if query:
idp_entity_id = discovery_service_response(
query=environ.get("QUERY_STRING"))
else:
sid_ = sid()
self.outstanding_queries[sid_] = came_from
logger.info("Redirect to Discovery Service function")
eid = self.saml_client.config.entity_id
loc = discovery_service_request_url(eid, self.discovery)
return -1, HTTPSeeOther(headers=[('Location', loc)])
else:
return -1, HTTPNotImplemented(detail='No WAYF or DJ present!')
logger.info("Choosen IdP: '%s'" % idp_entity_id)
return 0, idp_entity_id
