def __init__(self, config_file, entityid=None, debug=False): self.urls = [] self.cache = {} self.debug = debug sp_conf = config_factory("sp", config_file) idp_conf = config_factory("idp", config_file) self.config = {"SP": sp_conf, "IDP": idp_conf} sys.path.insert(0, os.path.dirname(config_file)) conf = importlib.import_module(os.path.basename(config_file)) self.attribute_module = conf.ATTRIBUTE_MODULE # If entityID is set it means this is a proxy in front of one IdP. if entityid: self.entity_id = entityid self.sp_args = {} else: self.entity_id = None self.sp_args = {"discosrv": conf.DISCO_SRV} sp = SamlSP(None, None, self.config["SP"], self.cache, **self.sp_args) self.urls.extend(sp.register_endpoints()) idp = SamlIDP(None, None, self.config["IDP"], self.cache, None) self.urls.extend(idp.register_endpoints())
def run_entity(self, spec, environ, start_response): """ Picks entity and method to run by that entity. :param spec: a tuple (entity_type, response_type, binding) :param environ: WSGI environ :param start_response: WSGI start_response :return: """ if isinstance(spec, tuple): if spec[0] == "SP": inst = SamlSP(environ, start_response, self.config["SP"], self.cache, self.outgoing, **self.sp_args) else: inst = SamlIDP(environ, start_response, self.config["IDP"], self.cache, self.incoming) func = getattr(inst, spec[1]) return func(*spec[2:]) else: return spec()
def incoming(self, info, environ, start_response, relay_state): """ An Authentication request has been requested, this is the second step in the sequence :param info: Information about the authentication request :param environ: WSGI environment :param start_response: WSGI start_response :param relay_state: :return: response """ # If I know which IdP to authenticate at return a redirect to it. inst = SamlSP(environ, start_response, self.config["SP"], self.cache, self.outgoing, **self.sp_args) if self.entity_id: state_key = inst.store_state(info["authn_req"], relay_state, info["req_args"]) return inst.authn_request(self.entity_id, state_key) else: # Start the process by finding out which IdP to authenticate at. return inst.disco_query(info["authn_req"], relay_state, info["req_args"])