def verify_ticket(self, ticket): """Verifies CAS 2.0+ XML-based authentication ticket. Returns username on success and None on failure. """ try: from xml.etree import ElementTree except ImportError: from elementtree import ElementTree user = None pgtiou = None params = [('ticket', ticket), ('service', self.service_url)] if self.proxy_callback: params.append(('pgtUrl', self.proxy_callback)) url = (urllib_parse.urljoin(self.server_url, 'serviceValidate') + '?' + urllib_parse.urlencode(params)) page = urlopen(url) try: response = page.read() tree = ElementTree.fromstring(response) if tree[0].tag.endswith('authenticationSuccess'): for element in tree[0]: if element.tag.endswith('user'): user = element.text elif element.tag.endswith('proxyGrantingTicket'): pgtiou = element.text return user, None, pgtiou else: return None, None, None finally: page.close()
def verify_ticket(self, ticket): """Verifies CAS 2.0+ XML-based authentication ticket.""" try: from xml.etree import ElementTree except ImportError: from elementtree import ElementTree user = None pgtiou = None params = [('ticket', ticket), ('service', self.service_url)] if self.proxy_callback: params.append(('pgtUrl', self.proxy_callback)) url = (urllib_parse.urljoin(self.server_url, 'serviceValidate') + '?' + urllib_parse.urlencode(params)) page = urlopen(url) try: response = page.read() tree = ElementTree.fromstring(response) if tree[0].tag.endswith('authenticationSuccess'): for element in tree[0]: if element.tag.endswith('user'): user = element.text elif element.tag.endswith('proxyGrantingTicket'): pgtiou = element.text return user, None, pgtiou else: return None, None, None finally: page.close()
def _verify_cas3(ticket, service): """Verifies CAS 3.0+ XML-based authentication ticket and returns extended attributes. Returns username on success and None on failure. """ try: from xml.etree import ElementTree except ImportError: from elementtree import ElementTree params = [('ticket', ticket), ('service', service)] url = (urllib_parse.urljoin(settings.CAS_SERVER_URL, 'proxyValidate') + '?' + urllib_parse.urlencode(params)) page = urlopen(url) try: user = None attributes = {} response = page.read() tree = ElementTree.fromstring(response) if tree[0].tag.endswith('authenticationSuccess'): for element in tree[0]: if element.tag.endswith('user'): user = element.text elif element.tag.endswith('attributes'): for attribute in element: attributes[attribute.tag.split("}").pop()] = attribute.text return user, attributes finally: page.close()
def get_verification_response(self, ticket): params = [('ticket', ticket), ('service', self.service_url)] if self.proxy_callback: params.append(('pgtUrl', self.proxy_callback)) base_url = urllib_parse.urljoin(self.server_url, 'proxyValidate') url = base_url + '?' + urllib_parse.urlencode(params) page = urlopen(url) return page.read()
def _verify_cas3_saml(ticket, service): """CAS3 + SAML""" try: from xml.etree import ElementTree except ImportError: from elementtree import ElementTree # We do the SAML validation headers = { 'soapaction': 'http://www.oasis-open.org/committees/security', 'cache-control': 'no-cache', 'pragma': 'no-cache', 'accept': 'text/xml', 'connection': 'keep-alive', 'content-type': 'text/xml; ', } params = [('ticket', ticket), ('service', service), ('TARGET', service)] saml_validat_url = urllib_parse.urljoin( settings.CAS_SERVER_URL, 'samlValidate', ) # teste #saml_validat_url = urllib_parse.urljoin(settings.CAS_SERVER_URL, 'proxyValidate',) url = Request( saml_validat_url + '?' + urllib_parse.urlencode(params), '', headers, ) print "#############################" print params print urllib_parse.urlencode(params) print url print "SAML" print get_saml_assertion(ticket) print "" from urllib2 import URLError try: print urlopen(url, data=get_saml_assertion(ticket)) except URLError, e: print "um erro::::" print e
def get_verification_response(self, ticket): params = [('ticket', ticket), ('service', self.service_url)] if self.proxy_callback: params.append(('pgtUrl', self.proxy_callback)) base_url = urllib_parse.urljoin(self.server_url, self.URL_SUFFIX) url = base_url + '?' + urllib_parse.urlencode(params) page = urlopen(url) try: return page.read() finally: page.close()
def _verify_cas2_saml(ticket, service): """Verifies CAS 3.0+ XML-based authentication ticket and returns extended attributes. @date: 2011-11-30 @author: Carlos Gonzalez Vila <*****@*****.**> Returns username and attributes on success and None,None on failure. """ try: from xml.etree import ElementTree except ImportError: from elementtree import ElementTree # We do the SAML validation headers = {'soapaction': 'http://www.oasis-open.org/committees/security', 'cache-control': 'no-cache', 'pragma': 'no-cache', 'accept': 'text/xml', 'connection': 'keep-alive', 'content-type': 'text/xml; charset=utf-8'} params = [('TARGET', service)] url = Request(urllib_parse.urljoin(settings.CAS_SERVER_URL, 'samlValidate') + '?' + urllib_parse.urlencode(params), '', headers) page = urlopen(url, data=get_saml_assertion(ticket)) try: user = None attributes = {} response = page.read() print(response) tree = ElementTree.fromstring(response) # Find the authentication status success = tree.find('.//' + SAML_1_0_PROTOCOL_NS + 'StatusCode') if success is not None and success.attrib['Value'] == 'samlp:Success': # User is validated attrs = tree.findall('.//' + SAML_1_0_ASSERTION_NS + 'Attribute') for at in attrs: if 'uid' in list(at.attrib.values()): user = at.find(SAML_1_0_ASSERTION_NS + 'AttributeValue').text attributes['uid'] = user values = at.findall(SAML_1_0_ASSERTION_NS + 'AttributeValue') if len(values) > 1: values_array = [] for v in values: values_array.append(v.text) attributes[at.attrib['AttributeName']] = values_array else: attributes[at.attrib['AttributeName']] = values[0].text return user, attributes finally: page.close()
def verify_ticket(self, ticket): """Verifies CAS 1.0 authentication ticket.""" params = [('ticket', ticket), ('service', self.service)] url = (urllib_parse.urljoin(self.server_url, 'validate') + '?' + urllib_parse.urlencode(params)) page = urlopen(url) try: verified = page.readline().strip() if verified == 'yes': return page.readline().strip(), None, None else: return None, None, None finally: page.close()
def get_proxy_ticket(self, pgt): """Returns proxy ticket given the proxy granting ticket""" response = urlopen(self.get_proxy_url(pgt)) if response.code == 200: from lxml import etree root = etree.fromstring(response.read()) tickets = root.xpath( "//cas:proxyTicket", namespaces={"cas": "http://www.yale.edu/tp/cas"}) if len(tickets) == 1: return tickets[0].text errors = root.xpath( "//cas:authenticationFailure", namespaces={"cas": "http://www.yale.edu/tp/cas"}) if len(errors) == 1: raise CASError(errors[0].attrib['code'], errors[0].text) raise CASError("Bad http code %s" % response.code)
def _verify_cas1(ticket, service): """Verifies CAS 1.0 authentication ticket. Returns username on success and None on failure. """ params = [('ticket', ticket), ('service', service)] url = (urllib_parse.urljoin(settings.CAS_SERVER_URL, 'validate') + '?' + urllib_parse.urlencode(params)) page = urlopen(url) try: verified = page.readline().strip() if verified == 'yes': return page.readline().strip(), None else: return None, None finally: page.close()
def get_proxy_ticket(self, pgt): """Returns proxy ticket given the proxy granting ticket""" response = urlopen(self.get_proxy_url(pgt)) if response.code == 200: from lxml import etree root = etree.fromstring(response.read()) tickets = root.xpath( "//cas:proxyTicket", namespaces={"cas": "http://www.yale.edu/tp/cas"} ) if len(tickets) == 1: return tickets[0].text errors = root.xpath( "//cas:authenticationFailure", namespaces={"cas": "http://www.yale.edu/tp/cas"} ) if len(errors) == 1: raise CASError(errors[0].attrib['code'], errors[0].text) raise CASError("Bad http code %s" % response.code)
def fetch_saml_validation(self, ticket): # We do the SAML validation headers = { 'soapaction': 'http://www.oasis-open.org/committees/security', 'cache-control': 'no-cache', 'pragma': 'no-cache', 'accept': 'text/xml', 'connection': 'keep-alive', 'content-type': 'text/xml; charset=utf-8', } params = [('TARGET', self.service_url)] saml_validate_url = urllib_parse.urljoin( self.server_url, 'samlValidate', ) url = Request( saml_validate_url + '?' + urllib_parse.urlencode(params), '', headers, ) page = urlopen(url, data=self.get_saml_assertion(ticket)) return page
def fetch_saml_validation(self, ticket): # We do the SAML validation headers = { 'soapaction': 'http://www.oasis-open.org/committees/security', 'cache-control': 'no-cache', 'pragma': 'no-cache', 'accept': 'text/xml', 'connection': 'keep-alive', 'content-type': 'text/xml; charset=utf-8', } params = [('TARGET', self.service_url)] saml_validate_url = urllib_parse.urljoin( self.server_url, 'samlValidate', ) request = Request( saml_validate_url + '?' + urllib_parse.urlencode(params), self.get_saml_assertion(ticket), headers, ) page = urlopen(request) return page
def _verify_cas2(ticket, service): """Verifies CAS 2.0+ XML-based authentication ticket. Returns username on success and None on failure. """ try: from xml.etree import ElementTree except ImportError: from elementtree import ElementTree params = [('ticket', ticket), ('service', service)] url = (urllib_parse.urljoin(settings.CAS_SERVER_URL, 'serviceValidate') + '?' + urllib_parse.urlencode(params)) page = urlopen(url) try: response = page.read() tree = ElementTree.fromstring(response) if tree[0].tag.endswith('authenticationSuccess'): return tree[0][0].text, None else: return None, None finally: page.close()
def get_cas3_verification_response(ticket, service): params = [('ticket', ticket), ('service', service)] base_url = urllib_parse.urljoin(settings.CAS_SERVER_URL, 'proxyValidate') url = base_url + '?' + urllib_parse.urlencode(params) page = urlopen(url) return page.read()
def _verify_cas3_saml(ticket, service): """CAS3 + SAML""" try: from xml.etree import ElementTree except ImportError: from elementtree import ElementTree # We do the SAML validation headers = { 'soapaction': 'http://www.oasis-open.org/committees/security', 'cache-control': 'no-cache', 'pragma': 'no-cache', 'accept': 'text/xml', 'connection': 'keep-alive', 'content-type': 'text/xml; charset=utf-8', } params = [('ticket', ticket), ('service', service), ('TARGET', service)] saml_validat_url = urllib_parse.urljoin( settings.CAS_SERVER_URL, 'samlValidate', ) # teste #saml_validat_url = urllib_parse.urljoin(settings.CAS_SERVER_URL, 'proxyValidate',) url = Request( saml_validat_url + '?' + urllib_parse.urlencode(params), '', headers, ) page = urlopen(url, data=get_saml_assertion(ticket)) try: user = None attributes = {} response = page.read() #.replace('\n','') #response = response.encode("utf-8") tree = ElementTree.fromstring(response) #print response # Find the authentication status success = tree.find('.//' + SAML_1_0_PROTOCOL_NS + 'StatusCode') if success is not None and success.attrib['Value'] == 'saml1p:Success': # User is validated attrs = tree.findall('.//' + SAML_1_0_ASSERTION_NS + 'Attribute') for at in attrs: attributes[at.attrib['AttributeName']] = at.find( SAML_1_0_ASSERTION_NS + 'AttributeValue').text """ if 'login' in list(at.attrib.values()): user = at.find(SAML_1_0_ASSERTION_NS + 'AttributeValue').text attributes['login'] = user #user = attributes['idPessoa'] values = at.findall(SAML_1_0_ASSERTION_NS + 'AttributeValue') if len(values) > 1: values_array = [] for v in values: values_array.append(v.text) attributes[at.attrib['AttributeName']] = values_array else: attributes[at.attrib['AttributeName']] = values[0].text """ return attributes['login'], attributes finally: page.close()
print "#############################" print params print urllib_parse.urlencode(params) print url print "SAML" print get_saml_assertion(ticket) print "" from urllib2 import URLError try: print urlopen(url, data=get_saml_assertion(ticket)) except URLError, e: print "um erro::::" print e print "-------" page = urlopen(url, data=get_saml_assertion(ticket)) print "###################################" try: user = None attributes = {} response = page.read()#.replace('\n','') #response = response.encode("utf-8") print response tree = ElementTree.fromstring(response) #print response # Find the authentication status success = tree.find('.//' + SAML_1_0_PROTOCOL_NS + 'StatusCode') if success is not None and success.attrib['Value'] == 'saml1p:Success': # User is validated
def _verify_cas2_saml(ticket, service): """Verifies CAS 3.0+ XML-based authentication ticket and returns extended attributes. @date: 2011-11-30 @author: Carlos Gonzalez Vila <*****@*****.**> Returns username and attributes on success and None,None on failure. """ try: from xml.etree import ElementTree except ImportError: from elementtree import ElementTree # We do the SAML validation headers = { 'soapaction': 'http://www.oasis-open.org/committees/security', 'cache-control': 'no-cache', 'pragma': 'no-cache', 'accept': 'text/xml', 'connection': 'keep-alive', 'content-type': 'text/xml; charset=utf-8', } params = [('TARGET', service)] saml_validat_url = urllib_parse.urljoin( settings.CAS_SERVER_URL, 'samlValidate', ) url = Request( saml_validat_url + '?' + urllib_parse.urlencode(params), '', headers, ) page = urlopen(url, data=get_saml_assertion(ticket)) try: user = None attributes = {} response = page.read() tree = ElementTree.fromstring(response) # Find the authentication status success = tree.find('.//' + SAML_1_0_PROTOCOL_NS + 'StatusCode') if success is not None and success.attrib['Value'] == 'samlp:Success': # User is validated attrs = tree.findall('.//' + SAML_1_0_ASSERTION_NS + 'Attribute') for at in attrs: if 'uid' in list(at.attrib.values()): user = at.find(SAML_1_0_ASSERTION_NS + 'AttributeValue').text attributes['uid'] = user values = at.findall(SAML_1_0_ASSERTION_NS + 'AttributeValue') if len(values) > 1: values_array = [] for v in values: values_array.append(v.text) attributes[at.attrib['AttributeName']] = values_array else: attributes[at.attrib['AttributeName']] = values[0].text return user, attributes finally: page.close()