def idp_list(request):
metadata = ShibbolethMetadata(settings.SHIB_METADATA)
idps = metadata.getIdps()
idplist = idps.getIdpsByCategory(exclude=('wayf', 'test'))
return render_to_response("idp_list.html", {'idplist': idplist},
context_instance=RequestContext(request))
def entity_list(request, group=None):
if group is not None:
group = "http://aai.grnet.gr%s" % request.path_info
metadata = ShibbolethMetadata(settings.SHIB_METADATA)
entities = metadata.getEntities(augmented=True)
entlist = entities.getEntities(group=group, logosize=(100, 100))
return render_to_response("entity_list.html", {'entlist': entlist,
'group': group}, context_instance=RequestContext(request))
def entity_list(request, group=None):
if group is not None:
group = "http://aai.grnet.gr%s" % request.path_info
metadata = ShibbolethMetadata(settings.SHIB_METADATA)
entities = metadata.getEntities(augmented=True)
entlist = entities.getEntities(group=group, logosize=(100, 100))
return render_to_response("entity_list.html", {
'entlist': entlist,
'group': group
},
context_instance=RequestContext(request))
def sp_list(request):
metadata = ShibbolethMetadata(settings.SHIB_METADATA)
sps = metadata.getSps()
splist = sps.getEntitiesByGroup()
# splist_other = entities in the top group
splist_other = [i[1] for i in splist if i[0] == 'http://www.grnet.gr/aai'][0]
# fitlerids = entity.id for entities not in the top group
filterids = [o['id'] for i in splist for o in i[1] if i[0] != 'http://www.grnet.gr/aai']
# filter out entities not in the top group from splist_other
splist_other_new = filter(lambda x: x['id'] not in filterids, splist_other)
# replace top group with filtered out version in splist
splist.insert(splist.index(('http://www.grnet.gr/aai', splist_other)), ('other', splist_other_new))
splist.remove(('http://www.grnet.gr/aai', splist_other))
return render_to_response("sp_list.html", {'splist': splist}, context_instance=RequestContext(request))
def sp_list(request):
metadata = ShibbolethMetadata(settings.SHIB_METADATA)
sps = metadata.getSps()
splist = sps.getEntitiesByGroup()
# splist_other = entities in the top group
splist_other = [i[1] for i in splist
if i[0] == 'http://www.grnet.gr/aai'][0]
# fitlerids = entity.id for entities not in the top group
filterids = [
o['id'] for i in splist for o in i[1]
if i[0] != 'http://www.grnet.gr/aai'
]
# filter out entities not in the top group from splist_other
splist_other_new = filter(lambda x: x['id'] not in filterids, splist_other)
# replace top group with filtered out version in splist
splist.insert(splist.index(('http://www.grnet.gr/aai', splist_other)),
('other', splist_other_new))
splist.remove(('http://www.grnet.gr/aai', splist_other))
return render_to_response("sp_list.html", {'splist': splist},
context_instance=RequestContext(request))
def wayf(request):
# Instantiate the metadata
metadata = ShibbolethMetadata(settings.SHIB_METADATA)
# Get the IdP list
idps = metadata.getIdps()
# A list to hold the cookies-to-be-set
cookies = []
# Get the current IdP, if there is one
if settings.IDP_COOKIE in request.COOKIES.keys():
current_idp = idps[request.COOKIES[settings.IDP_COOKIE]]
else:
current_idp = None
# Try to get the user's last used IdP
if settings.LAST_IDP_COOKIE in request.COOKIES.keys():
selectedidp = idps[request.COOKIES[settings.LAST_IDP_COOKIE]]
else:
selectedidp = None
# If this is the first visit, use some IP-based heuristics, as in utils.py's getUserRealm()
# this uses the getUserRealm magic from dnsutils
#if not selectedidp:
# selectedidp = idps.getIdpForScope(getUserRealm(request.META['REMOTE_ADDR']))
# First check to see if anything has changed
if request.method == "POST":
if 'clear' in request.POST.keys():
if request.POST['clear']:
response = HttpResponseRedirect("/")
response.delete_cookie(settings.IDP_COOKIE,
domain=settings.COOKIE_DOMAIN)
response['P3P'] = settings.P3P_HEADER
return response
elif 'user_idp' in request.POST.keys():
current_idp = idps[request.POST['user_idp']]
if current_idp:
cookies.append({
'name': settings.LAST_IDP_COOKIE,
'data': request.POST['user_idp'],
'age': 86400 * 100
})
if request.POST.get('save'):
if request.POST.get('savetype') == 'perm':
age = 86400 * 100
else:
age = None
cookies.append({
'name': settings.IDP_COOKIE,
'data': request.POST['user_idp'],
'age': age
})
# At this point we have handled the cookies and have an IdP, if the intent is such
if not request.GET:
# We were called without any arguments
if current_idp:
response = render_to_response(
"wayf_set.html", {'currentidp': current_idp.getName()},
context_instance=RequestContext(request))
for cookie in cookies:
if cookie['age']:
expires = time.strftime(
"%a, %d-%m-%y %H:%M:%S GMT",
time.gmtime(time.time() + cookie['age']))
else:
expires = None
response.set_cookie(cookie['name'],
cookie['data'],
domain=settings.COOKIE_DOMAIN,
max_age=cookie['age'],
expires=expires)
else:
idplist = idps.getIdpsByCategory()
response = render_to_response(
"wayf.html", {
'idplist': idplist,
'request': request,
'selected': selectedidp
},
context_instance=RequestContext(request))
response['P3P'] = settings.P3P_HEADER
return response
# If we got to this point, then this is a request comming from an SP
if current_idp:
# We have an IdP to route the request to
if 'entityID' in request.GET.keys() and 'return' in request.GET.keys():
# a SAML Discovery Service request
# Discovery Service mandates that 'entityID' holds the SP's ID
if 'returnIDParam' in request.GET.keys(
) and request.GET['returnIDParam']:
returnparam = request.GET['returnIDParam']
else:
returnparam = 'entityID'
response = HttpResponseRedirect(request.GET['return'] + "&" +
urlencode(((returnparam,
current_idp.id), )))
elif 'shire' in request.GET.keys() and 'target' in request.GET.keys():
# an old Shibboleth 1.x request
# We just redirect the user to the given IdP
response = HttpResponseRedirect(
current_idp.
sso['urn:mace:shibboleth:1.0:profiles:AuthnRequest'] + "?" +
request.GET.urlencode())
else:
response = render_to_response("500.html")
response.status_code = 400 # bad request
for cookie in cookies:
if cookie['age']:
expires = time.strftime(
"%a, %d-%m-%y %H:%M:%S GMT",
time.gmtime(time.time() + cookie['age']))
else:
expires = None
response.set_cookie(cookie['name'],
cookie['data'],
domain=settings.COOKIE_DOMAIN,
max_age=cookie['age'],
expires=expires)
response['P3P'] = settings.P3P_HEADER
return response
# If we got this far, then we need to be redirected, but don't know where to.
# Let the user pick an IdP
# Generate the category - idp list
idplist = idps.getIdpsByCategory()
# Render the apropriate wayf template
response = render_to_response("wayf_from_sp.html", {
'idplist': idplist,
'request': request,
'selected': selectedidp
},
context_instance=RequestContext(request))
response['P3P'] = settings.P3P_HEADER
return response
def idp_list(request):
metadata = ShibbolethMetadata(settings.SHIB_METADATA)
idps = metadata.getIdps()
idplist = idps.getIdpsByCategory(exclude=('wayf', 'test'))
return render_to_response("idp_list.html", {'idplist': idplist}, context_instance=RequestContext(request))
def wayf(request):
# Instantiate the metadata
metadata = ShibbolethMetadata(settings.SHIB_METADATA)
# Get the IdP list
idps = metadata.getIdps()
sps = metadata.getSps()
# A list to hold the cookies-to-be-set
cookies = []
# Get the current IdP, if there is one
if settings.IDP_COOKIE in request.COOKIES.keys():
current_idp = idps[request.COOKIES[settings.IDP_COOKIE]]
else:
current_idp = None
# Try to get the user's last used IdP
if settings.LAST_IDP_COOKIE in request.COOKIES.keys():
selectedidp = idps[request.COOKIES[settings.LAST_IDP_COOKIE]]
else:
selectedidp = None
# If this is the first visit, use some IP-based heuristics, as in utils.py's getUserRealm()
# this uses the getUserRealm magic from dnsutils
# if not selectedidp:
# selectedidp = idps.getIdpForScope(getUserRealm(request.META['REMOTE_ADDR']))
# First check to see if anything has changed
if request.method == "POST":
if 'clear' in request.POST.keys():
if request.POST['clear']:
response = HttpResponseRedirect("/")
response.delete_cookie(settings.IDP_COOKIE, domain=settings.COOKIE_DOMAIN)
response['P3P'] = settings.P3P_HEADER
return response
elif 'user_idp' in request.POST.keys():
current_idp = idps[request.POST['user_idp']]
if current_idp:
cookies.append({'name': settings.LAST_IDP_COOKIE, 'data': request.POST['user_idp'], 'age': 86400 * 100})
if request.POST.get('save'):
if request.POST.get('savetype') == 'perm':
age = 86400 * 100
else:
age = None
cookies.append({'name': settings.IDP_COOKIE, 'data': request.POST['user_idp'], 'age': age})
# At this point we have handled the cookies and have an IdP, if the intent is such
if not request.GET:
# We were called without any arguments
if current_idp:
response = render_to_response("wayf_set.html", {'currentidp': current_idp.getName()},
context_instance=RequestContext(request))
for cookie in cookies:
if cookie['age']:
expires = time.strftime("%a, %d-%m-%y %H:%M:%S GMT", time.gmtime(time.time() + cookie['age']))
else:
expires = None
response.set_cookie(cookie['name'], cookie['data'], domain=settings.COOKIE_DOMAIN,
max_age=cookie['age'], expires=expires)
else:
idplist = idps.getIdpsByCategory()
response = render_to_response("wayf.html", {'idplist': idplist, 'request': request, 'selected': selectedidp},
context_instance=RequestContext(request))
response['P3P'] = settings.P3P_HEADER
return response
# If we got to this point, then this is a request comming from an SP
if current_idp:
# We have an IdP to route the request to
if 'entityID' in request.GET.keys() and 'return' in request.GET.keys():
# a SAML Discovery Service request
# Discovery Service mandates that 'entityID' holds the SP's ID
if 'returnIDParam' in request.GET.keys() and request.GET['returnIDParam']:
returnparam = request.GET['returnIDParam']
else:
returnparam = 'entityID'
# check if the return url is a valid response url
returnval = request.GET['return']
if not sps.isDiscoveryResponseLocation(returnval):
response = render_to_response("400.html")
response.status_code = 400 # bad request
else:
response = HttpResponseRedirect(returnval + "&" + urlencode(((returnparam, current_idp.id),)))
elif 'shire' in request.GET.keys() and 'target' in request.GET.keys():
# an old Shibboleth 1.x request
# We just redirect the user to the given IdP
response = HttpResponseRedirect(
current_idp.sso['urn:mace:shibboleth:1.0:profiles:AuthnRequest'] + "?" + request.GET.urlencode()
)
else:
response = render_to_response("400.html")
response.status_code = 400 # bad request
for cookie in cookies:
if cookie['age']:
expires = time.strftime("%a, %d-%m-%y %H:%M:%S GMT", time.gmtime(time.time() + cookie['age']))
else:
expires = None
response.set_cookie(cookie['name'], cookie['data'], domain=settings.COOKIE_DOMAIN, max_age=cookie['age'],
expires=expires)
response['P3P'] = settings.P3P_HEADER
return response
# If we got this far, then we need to be redirected, but don't know where to.
# Let the user pick an IdP
# Generate the category - idp list
idplist = idps.getIdpsByCategory()
# Render the apropriate wayf template
response = render_to_response("wayf_from_sp.html", {'idplist': idplist, 'request': request, 'selected': selectedidp},
context_instance=RequestContext(request))
response['P3P'] = settings.P3P_HEADER
return response