def get_authn_request(request, came_from, selected_idp,
required_loa=None, force_authn=False):
# Request the right AuthnContext for workmode
# (AL1 for 'personal', AL2 for 'helpdesk' and AL3 for 'admin' by default)
if required_loa is None:
required_loa = request.registry.settings.get('required_loa', {})
workmode = request.registry.settings.get('workmode')
required_loa = required_loa.get(workmode, '')
log.debug('Requesting AuthnContext {!r}'.format(required_loa))
kwargs = {
"requested_authn_context": RequestedAuthnContext(
authn_context_class_ref=AuthnContextClassRef(
text=required_loa
)
),
"force_authn": str(force_authn).lower(),
}
client = Saml2Client(request.saml2_config)
try:
(session_id, info) = client.prepare_for_authenticate(
entityid=selected_idp, relay_state=came_from,
binding=BINDING_HTTP_REDIRECT,
**kwargs
)
except TypeError:
log.error('Unable to know which IdP to use')
raise
oq_cache = OutstandingQueriesCache(request.session)
oq_cache.set(session_id, came_from)
return info
def test_delete(self):
oqc = OutstandingQueriesCache({})
oqc.set('session_id', '/next')
self.assertEqual(oqc.outstanding_queries(), {'session_id': '/next'})
oqc.delete('session_id')
self.assertEqual(oqc.outstanding_queries(), {})
def login_view(request):
login_redirect_url = request.registry.settings.get(
'saml2.login_redirect_url', '/')
came_from = request.GET.get('next', login_redirect_url)
if authenticated_userid(request):
return HTTPFound(location=came_from)
selected_idp = request.GET.get('idp', None)
idps = request.saml2_config.getattr('idp')
if selected_idp is None and len(idps) > 1:
log.debug('A discovery process is needed')
return render_to_response('templates/wayf.jinja2', {
'available_idps': idps.items(),
'came_from': came_from,
'login_url': request.route_url('saml2-login'),
})
# Request the right AuthnContext for workmode
# (AL1 for 'personal', AL2 for 'helpdesk' and AL3 for 'admin' by default)
required_loa = request.registry.settings.get('required_loa', {})
workmode = request.registry.settings.get('workmode')
required_loa = required_loa.get(workmode, '')
log.debug('Requesting AuthnContext {!r} for workmode {!r}'.format(required_loa, workmode))
kwargs = {
"requested_authn_context": RequestedAuthnContext(
authn_context_class_ref=AuthnContextClassRef(
text=required_loa
)
)
}
client = Saml2Client(request.saml2_config)
try:
(session_id, result) = client.prepare_for_authenticate(
entityid=selected_idp, relay_state=came_from,
binding=BINDING_HTTP_REDIRECT,
**kwargs
)
except TypeError:
log.error('Unable to know which IdP to use')
raise
oq_cache = OutstandingQueriesCache(request.session)
oq_cache.set(session_id, came_from)
log.debug('Redirecting the user to the IdP')
if not request.is_xhr:
return HTTPFound(location=get_location(result))
else:
loginurl = request.route_url('saml2-login',
_query=(('next', request.path),))
return HTTPXRelocate(loginurl)
def add_outstanding_query(self, came_from):
queryUtility = self.testapp.app.registry.queryUtility
session_factory = queryUtility(ISessionFactory)
request = DummyRequest()
session = session_factory(request)
session.persist()
# ensure that session id is a NCName valid
session._sess.id = "a" + session._sess.id
oq_cache = OutstandingQueriesCache(session)
oq_cache.set(session._sess.id, came_from)
session.persist()
self.testapp.cookies['beaker.session.id'] = session._sess.id
return session._sess.id
