def use_http_form_post(self, message, destination, relay_state):
"""
Return a form that will automagically execute and POST the message
to the recipient.
:param message:
:param destination:
:param relay_state:
:return: tuple (header, message)
"""
if not isinstance(message, basestring):
request = "%s" % (message,)
return http_form_post_message(message, destination, relay_state)
def use_http_form_post(self, message, destination, relay_state):
"""
Return a form that will automagically execute and POST the message
to the recipient.
:param message:
:param destination:
:param relay_state:
:return: tuple (header, message)
"""
if not isinstance(message, basestring):
request = "%s" % (message, )
return http_form_post_message(message, destination, relay_state)
def use_http_form_post(self, message, destination, relay_state, typ="SAMLRequest"):
"""
Return a form that will automagically execute and POST the message
to the recipient.
:param message:
:param destination:
:param relay_state:
:param typ: Whether a Request, Response or Artifact
:return: dictionary
"""
if not isinstance(message, basestring):
message = "%s" % (message,)
return http_form_post_message(message, destination, relay_state, typ)
def use_http_form_post(message, destination, relay_state,
typ="SAMLRequest"):
"""
Return a form that will automagically execute and POST the message
to the recipient.
:param message:
:param destination:
:param relay_state:
:param typ: Whether a Request, Response or Artifact
:return: dictionary
"""
if not isinstance(message, six.string_types):
message = "%s" % (message,)
return http_form_post_message(message, destination, relay_state, typ)
def saml_logout():
saml_client = saml_client_for(
current_app.config.get('SECURITY_SAML_IDP_METADATA').split(',')[0])
nid = NameID(format=NAMEID_FORMAT_UNSPECIFIED,
text="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified")
logout_url = LogoutUrl(
text=url_for("saml.saml_logout_postback", _external=True))
destination = current_app.config.get('SECURITY_SAML_FA_URL')
extensions = Extensions(extension_elements=[logout_url])
req_id, logout_request = saml_client.create_logout_request(
name_id=nid,
destination=destination,
issuer_entity_id=current_app.config.get('SECURITY_SAML_ENTITY_ID'),
sign=True,
consent="urn:oasis:names:tc:SAML:2.0:logout:user",
extensions=extensions)
post_message = http_form_post_message(message=logout_request,
location=destination)
return post_message['data']
def _send(self, srv):
_client = self.client
loc = srv["location"]
self.qargs["destination"] = loc
self.response_args = {}
use_artifact = getattr(self.oper, "use_artifact", False)
try:
req = self.oper.args["message"]
except KeyError:
req = self.qfunc(**self.qargs)
req_id, self.request = self.oper.pre_processing(req, self.args)
str_req = "%s" % self.request
if use_artifact:
saml_art = _client.use_artifact(str_req, self.args["entity_id"])
logger.info("SAML Artifact: %s" % saml_art)
info_typ = "SAMLart"
else:
logger.info("SAML Request: %s" % str_req)
info_typ = "SAMLRequest"
# depending on binding send the query
if self.args["request_binding"] is BINDING_SOAP:
res = _client.send_using_soap(str_req, loc)
if res.status_code >= 400:
logger.info("Received a HTTP error (%d) '%s'" % (
res.status_code, res.text))
raise HTTPError(res.text)
else:
self.response_args["binding"] = BINDING_SOAP
else:
self.response_args["binding"] = self.args["response_binding"]
if self.args["request_binding"] is BINDING_HTTP_REDIRECT:
htargs = http_redirect_message(str_req, loc, self.relay_state,
info_typ)
self.response_args["outstanding"] = {self.request.id: "/"}
#
res = _client.send(htargs["headers"][0][1], "GET")
elif self.args["request_binding"] is BINDING_HTTP_POST:
htargs = http_form_post_message(str_req, loc, self.relay_state,
info_typ)
info = unpack_form(htargs["data"][3])
data = form_post(info)
self.response_args["outstanding"] = {self.request.id: "/"}
htargs["data"] = data
htargs["headers"] = [("Content-type",
'application/x-www-form-urlencoded')]
res = _client.send(loc, "POST", **htargs)
elif self.args["request_binding"] == BINDING_URI:
self.response_args["binding"] = BINDING_URI
htargs = _client.use_http_uri(str_req, "SAMLRequest", loc)
res = _client.send(htargs["url"], "GET")
else:
res = None
if res is not None and res.status_code >= 400:
logger.info("Received a HTTP error (%d) '%s'" % (
res.status_code, res.text))
raise HTTPError(res.text)
self.last_response = res
try:
self.last_content = res.text
except AttributeError:
self.last_content = None
return res
def _send(self, srv):
_client = self.client
loc = srv["location"]
self.qargs["destination"] = loc
self.response_args = {}
use_artifact = getattr(self.oper, "use_artifact", False)
try:
req = self.oper.args["message"]
except KeyError:
req = self.qfunc(**self.qargs)
req_id, self.request = self.oper.pre_processing(req, self.args)
str_req = "%s" % self.request
if use_artifact:
saml_art = _client.use_artifact(str_req, self.args["entity_id"])
logger.info("SAML Artifact: %s", saml_art)
info_typ = "SAMLart"
else:
logger.info("SAML Request: %s", str_req)
info_typ = "SAMLRequest"
# depending on binding send the query
if self.args["request_binding"] is BINDING_SOAP:
res = _client.send_using_soap(str_req, loc)
if res.status_code >= 400:
logger.info("Received a HTTP error (%d) '%s'",
res.status_code, res.text)
raise HTTPError(res.text)
else:
self.response_args["binding"] = BINDING_SOAP
else:
self.response_args["binding"] = self.args["response_binding"]
if self.args["request_binding"] is BINDING_HTTP_REDIRECT:
htargs = http_redirect_message(str_req, loc, self.relay_state,
info_typ)
self.response_args["outstanding"] = {self.request.id: "/"}
#
res = _client.send(htargs["headers"][0][1], "GET")
elif self.args["request_binding"] is BINDING_HTTP_POST:
htargs = http_form_post_message(str_req, loc, self.relay_state,
info_typ)
info = unpack_form(htargs["data"][3])
data = form_post(info)
self.response_args["outstanding"] = {self.request.id: "/"}
htargs["data"] = data
htargs["headers"] = [("Content-type",
'application/x-www-form-urlencoded')]
res = _client.send(loc, "POST", **htargs)
elif self.args["request_binding"] == BINDING_URI:
self.response_args["binding"] = BINDING_URI
htargs = _client.use_http_uri(str_req, "SAMLRequest", loc)
res = _client.send(htargs["url"], "GET")
else:
res = None
if res is not None and res.status_code >= 400:
logger.info("Received a HTTP error (%d) '%s'",
res.status_code, res.text)
raise HTTPError(res.text)
self.last_response = res
try:
self.last_content = res.text
except AttributeError:
self.last_content = None
return res
resp = BadRequest("ConsumerURL and return destination mismatch")
raise resp(environ, start_response)
try:
authn_resp = IDP.create_authn_response(identity,
userid=userid,
authn=AUTHN,
**resp_args)
except Exception, excp:
logger.error("Exception: %s" % (excp, ))
raise
logger.info("AuthNResponse: %s" % authn_resp)
http_args = http_form_post_message(authn_resp,
resp_args["destination"],
relay_state=query["RelayState"][0],
typ="SAMLResponse")
resp = Response(http_args["data"], headers=http_args["headers"])
return resp(environ, start_response)
def whoami(environ, start_response, user):
identity = environ["repoze.who.identity"].copy()
for prop in ["login", "password"]:
try:
del identity[prop]
except KeyError:
continue
response = Response(dict_to_table(identity))
return response(environ, start_response)
logger.error("%s != %s" % (req.message.assertion_consumer_service_url,
resp_args["destination"]))
resp = BadRequest("ConsumerURL and return destination mismatch")
raise resp(environ, start_response)
try:
authn_resp = IDP.create_authn_response(identity, userid=userid,
authn=AUTHN, **resp_args)
except Exception, excp:
logger.error("Exception: %s" % (excp,))
raise
logger.info("AuthNResponse: %s" % authn_resp)
http_args = http_form_post_message(authn_resp, resp_args["destination"],
relay_state=query["RelayState"][0],
typ="SAMLResponse")
resp = Response(http_args["data"], headers=http_args["headers"])
return resp(environ, start_response)
def whoami(environ, start_response, user):
identity = environ["repoze.who.identity"].copy()
for prop in ["login", "password"]:
try:
del identity[prop]
except KeyError:
continue
response = Response(dict_to_table(identity))
return response(environ, start_response)
