def saml_validateTicket(request):
"""
Method expects 2 GET parameters: 'ticket' & 'sendback'
After a CAS Login:
Redirects the request based on the GET param 'ticket'
Unauthorized Users are redirected to '/' In the event of failure.
Authorized Users are redirected to the GET param 'sendback'
"""
redirect_logout_url = settings.REDIRECT_URL + "/login/"
no_user_url = settings.REDIRECT_URL + "/no_user/"
logger.debug('GET Variables:%s' % request.GET)
ticket = request.GET.get('ticket', None)
if not ticket:
logger.warn("No Ticket received in GET string "
"-- Logout user: %s" % redirect_logout_url)
return HttpResponseRedirect(redirect_logout_url)
logger.debug("ServiceValidate endpoint includes a ticket."
" Ticket must now be validated with SAML")
# ReturnLocation set, apply on successful authentication
saml_client = get_saml_client()
saml_response = saml_client.saml_serviceValidate(ticket)
if not saml_response.success:
logger.debug("CAS Server did NOT validate ticket:%s"
" and included this response:%s"
% (ticket, saml_response.xml))
return HttpResponseRedirect(redirect_logout_url)
try:
user = User.objects.get(username=saml_response.user)
except User.DoesNotExist:
return HttpResponseRedirect(no_user_url)
auth_token = create_session_token(None, user, request, issuer="CAS+SAML")
if auth_token is None:
logger.warn("Failed to create AuthToken")
HttpResponseRedirect(redirect_logout_url)
return_to = request.GET.get('sendback')
if not return_to:
return HttpResponse(saml_response.response,
content_type="text/xml; charset=utf-8")
return_to += "?token=%s" % auth_token
logger.info("Session token created, return to: %s" % return_to)
return HttpResponseRedirect(return_to)
def saml_validateTicket(request):
"""
Method expects 2 GET parameters: 'ticket' & 'sendback'
After a CAS Login:
Redirects the request based on the GET param 'ticket'
Unauthorized Users are redirected to '/' In the event of failure.
Authorized Users are redirected to the GET param 'sendback'
"""
redirect_logout_url = settings.REDIRECT_URL + "/login/"
no_user_url = settings.REDIRECT_URL + "/no_user/"
logger.debug('GET Variables:%s' % request.GET)
ticket = request.GET.get('ticket', None)
if not ticket:
logger.warn("No Ticket received in GET string "
"-- Logout user: %s" % redirect_logout_url)
return HttpResponseRedirect(redirect_logout_url)
logger.debug("ServiceValidate endpoint includes a ticket."
" Ticket must now be validated with SAML")
# ReturnLocation set, apply on successful authentication
saml_client = get_saml_client()
saml_response = saml_client.saml_serviceValidate(ticket)
if not saml_response.success:
logger.debug("CAS Server did NOT validate ticket:%s"
" and included this response:%s" %
(ticket, saml_response.xml))
return HttpResponseRedirect(redirect_logout_url)
try:
user = User.objects.get(username=saml_response.user)
except User.DoesNotExist:
return HttpResponseRedirect(no_user_url)
auth_token = create_session_token(None, user, request, issuer="CAS+SAML")
if auth_token is None:
logger.warn("Failed to create AuthToken")
HttpResponseRedirect(redirect_logout_url)
return_to = request.GET.get('sendback')
if not return_to:
return HttpResponse(saml_response.response,
content_type="text/xml; charset=utf-8")
return_to += "?token=%s" % auth_token
logger.info("Session token created, return to: %s" % return_to)
return HttpResponseRedirect(return_to)
def cas_validateTicket(request):
"""
Method expects 2 GET parameters: 'ticket' & 'sendback'
After a CAS Login:
Redirects the request based on the GET param 'ticket'
Unauthorized Users are redirected to '/' In the event of failure.
Authorized Users are redirected to the GET param 'sendback'
"""
redirect_logout_url = settings.REDIRECT_URL + "/login/"
no_user_url = settings.REDIRECT_URL + "/no_user/"
logger.debug('GET Variables:%s' % request.GET)
ticket = request.GET.get('ticket', None)
sendback = request.GET.get('sendback', None)
if not ticket:
logger.warn("No Ticket received in GET string "
"-- Logout user: %s" % redirect_logout_url)
return HttpResponseRedirect(redirect_logout_url)
logger.debug("ServiceValidate endpoint includes a ticket."
" Ticket must now be validated with CAS")
# ReturnLocation set, apply on successful authentication
caslib = get_cas_client()
caslib.service_url = cas_set_redirect_url(sendback, request)
cas_response = caslib.cas_serviceValidate(ticket)
if not cas_response.success:
logger.debug("CAS Server did NOT validate ticket:%s"
" and included this response:%s (Err:%s)"
% (ticket, cas_response.object, cas_response.error_str))
return HttpResponseRedirect(redirect_logout_url)
if not cas_response.user:
logger.debug("User attribute missing from cas response!"
"This may require a fix to caslib.py")
return HttpResponseRedirect(redirect_logout_url)
if not cas_response.proxy_granting_ticket:
logger.error("""Proxy Granting Ticket missing!
Atmosphere requires CAS proxy as a service to authenticate users.
Possible Causes:
* ServerName variable is wrong in /etc/apache2/apache2.conf
* Proxy URL does not exist
* Proxy URL is not a valid RSA-2/VeriSigned SSL certificate
* /etc/host and hostname do not match machine.""")
return HttpResponseRedirect(redirect_logout_url)
updated = cas_updateUserProxy(
cas_response.user, cas_response.proxy_granting_ticket)
if not updated:
return HttpResponseRedirect(redirect_logout_url)
logger.info("Updated proxy for <%s> -- Auth success!" % cas_response.user)
try:
user = User.objects.get(username=cas_response.user)
except User.DoesNotExist:
return HttpResponseRedirect(no_user_url)
auth_token = create_session_token(None, user, request, issuer="CAS")
if auth_token is None:
logger.warn("Failed to create AuthToken")
HttpResponseRedirect(redirect_logout_url)
return_to = request.GET['sendback']
logger.info("Session token created, User logged in, return to: %s"
% return_to)
return HttpResponseRedirect(return_to)
def cas_validateTicket(request):
"""
Method expects 2 GET parameters: 'ticket' & 'sendback'
After a CAS Login:
Redirects the request based on the GET param 'ticket'
Unauthorized Users are redirected to '/' In the event of failure.
Authorized Users are redirected to the GET param 'sendback'
"""
redirect_logout_url = settings.REDIRECT_URL + "/login/"
no_user_url = settings.REDIRECT_URL + "/no_user/"
logger.debug('GET Variables:%s' % request.GET)
ticket = request.GET.get('ticket', None)
sendback = request.GET.get('sendback', None)
if not ticket:
logger.warn("No Ticket received in GET string "
"-- Logout user: %s" % redirect_logout_url)
return HttpResponseRedirect(redirect_logout_url)
logger.debug("ServiceValidate endpoint includes a ticket."
" Ticket must now be validated with CAS")
# ReturnLocation set, apply on successful authentication
caslib = get_cas_client()
caslib.service_url = cas_set_redirect_url(sendback, request)
cas_response = caslib.cas_serviceValidate(ticket)
if not cas_response.success:
logger.debug("CAS Server did NOT validate ticket:%s"
" and included this response:%s (Err:%s)" %
(ticket, cas_response.object, cas_response.error_str))
return HttpResponseRedirect(redirect_logout_url)
if not cas_response.user:
logger.debug("User attribute missing from cas response!"
"This may require a fix to caslib.py")
return HttpResponseRedirect(redirect_logout_url)
if not cas_response.proxy_granting_ticket:
logger.error("""Proxy Granting Ticket missing!
Atmosphere requires CAS proxy as a service to authenticate users.
Possible Causes:
* ServerName variable is wrong in /etc/apache2/apache2.conf
* Proxy URL does not exist
* Proxy URL is not a valid RSA-2/VeriSigned SSL certificate
* /etc/host and hostname do not match machine.""")
return HttpResponseRedirect(redirect_logout_url)
updated = cas_updateUserProxy(cas_response.user,
cas_response.proxy_granting_ticket)
if not updated:
return HttpResponseRedirect(redirect_logout_url)
logger.info("Updated proxy for <%s> -- Auth success!" % cas_response.user)
try:
user = User.objects.get(username=cas_response.user)
except User.DoesNotExist:
return HttpResponseRedirect(no_user_url)
auth_token = create_session_token(None, user, request, issuer="CAS")
if auth_token is None:
logger.warn("Failed to create AuthToken")
HttpResponseRedirect(redirect_logout_url)
return_to = request.GET['sendback']
logger.info("Session token created, User logged in, return to: %s" %
return_to)
return HttpResponseRedirect(return_to)
