def saml_login(): if not app.config.get('SAML_ENABLED'): return abort(400) req = utils.prepare_flask_request(request) auth = utils.init_saml_auth(req) redirect_url=OneLogin_Saml2_Utils.get_self_url(req) + url_for('saml_authorized') return redirect(auth.login(return_to=redirect_url))
def logout(): if app.config.get('SAML_ENABLED') and 'samlSessionIndex' in session and app.config.get('SAML_LOGOUT'): req = utils.prepare_flask_request(request) auth = utils.init_saml_auth(req) if app.config.get('SAML_LOGOUT_URL'): return redirect(auth.logout(name_id_format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", return_to = app.config.get('SAML_LOGOUT_URL'), session_index = session['samlSessionIndex'], name_id=session['samlNameId'])) return redirect(auth.logout(name_id_format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", session_index = session['samlSessionIndex'], name_id=session['samlNameId'])) clear_session() redirect_url = url_for('login') return redirect(url_for('login'))
def saml_logout(): req = utils.prepare_flask_request(request) auth = utils.init_saml_auth(req) url = auth.process_slo() errors = auth.get_errors() if len(errors) == 0: clear_session() if url is not None: return redirect(url) elif app.config.get('SAML_LOGOUT_URL') is not None: return redirect(app.config.get('SAML_LOGOUT_URL')) else: return redirect(url_for('login')) else: return render_template('errors/SAML.html', errors=errors)
def saml_metadata(): if not app.config.get('SAML_ENABLED'): return abort(400) req = utils.prepare_flask_request(request) auth = utils.init_saml_auth(req) settings = auth.get_settings() metadata = settings.get_sp_metadata() errors = settings.validate_metadata(metadata) if len(errors) == 0: resp = make_response(metadata, 200) resp.headers['Content-Type'] = 'text/xml' else: resp = make_response(errors.join(', '), 500) return resp
def saml_authorized(): errors = [] if not app.config.get('SAML_ENABLED'): return abort(400) req = utils.prepare_flask_request(request) auth = utils.init_saml_auth(req) auth.process_response() errors = auth.get_errors() if len(errors) == 0: session['samlUserdata'] = auth.get_attributes() session['samlNameId'] = auth.get_nameid() session['samlSessionIndex'] = auth.get_session_index() self_url = OneLogin_Saml2_Utils.get_self_url(req) self_url = self_url + req['script_name'] if 'RelayState' in request.form and self_url != request.form[ 'RelayState']: return redirect(auth.redirect_to(request.form['RelayState'])) user = User.query.filter_by( username=session['samlNameId'].lower()).first() if not user: # create user user = User(username=session['samlNameId'], plain_text_password=None, email=session['samlNameId']) user.create_local_user() session['user_id'] = user.id if session['samlUserdata'].has_key("email"): user.email = session['samlUserdata']["email"][0].lower() if session['samlUserdata'].has_key("givenname"): user.firstname = session['samlUserdata']["givenname"][0] if session['samlUserdata'].has_key("surname"): user.lastname = session['samlUserdata']["surname"][0] user.plain_text_password = None user.update_profile() session['external_auth'] = True login_user(user, remember=False) return redirect(url_for('index')) else: return render_template('errors/SAML.html', errors=errors)