def buildMetadata(self, sp_settings, dbSave = True): try: makeMetadata = self.makeMetadata(sp_settings) if makeMetadata.error.code == '200': metadata = makeMetadata.result.metadata sp = sp_settings['result']['sp']['cod_sp'] ## insert into DB if dbSave: task = asyncio.run_coroutine_threadsafe(self.dbobjSaml.execute_statment("write_assertion('%s', '%s', %s, '%s')" % (metadata.replace("'", "''"), sp, 'NULL', self.remote_ip)), globalsObj.ioloop) wrtMetada = waitFuture(task) if wrtMetada['error'] == 0: task = asyncio.run_coroutine_threadsafe(self.dbobjJwt.execute_statment("get_token_by_cod('%s')" % (wrtMetada['result'][0]['cod_token'])), globalsObj.ioloop) jwt = waitFuture(task) response_obj = ResponseObj(httpcode=200, ID = wrtMetada['result'][0]['ID_assertion']) response_obj.setError('200') response_obj.setResult(metadata = metadata, jwt=jwt['result'][0]['token'], idassertion=wrtMetada['result'][0]['ID_assertion']) # insert metadata in saml.metadata table task = asyncio.run_coroutine_threadsafe(self.dbobjSaml.execute_query(self.dbobjSaml.query['insert_metadata']['sql'], sp+"_metadata", metadata, sp), globalsObj.ioloop) insert_metadata = waitFuture(task) else: response_obj = ResponseObj(httpcode=500, debugMessage=wrtMetada['result']) response_obj.setError("easyspid105") logging.getLogger(type(self).__module__+"."+type(self).__qualname__).error('Exception',exc_info=True) else: response_obj = ResponseObj(httpcode=200) response_obj.setError('200') response_obj.setResult(metadata = metadata, jwt="") else: response_obj = makeMetadata except tornado.web.MissingArgumentError as error: response_obj = ResponseObj(debugMessage=error.log_message, httpcode=error.status_code, devMessage=error.log_message) response_obj.setError(str(error.status_code)) logging.getLogger(type(self).__module__+"."+type(self).__qualname__).error('%s'% error,exc_info=True) except Exception as inst: response_obj = ResponseObj(httpcode=500) response_obj.setError('500') logging.getLogger(type(self).__module__+"."+type(self).__qualname__).error('Exception',exc_info=True) return response_obj
def chkExistsReq(self, checkInResponseTo): # try to get sp searching a corresponding request and raise error if checkInResponseTo is True inResponseChk = waitFuture( asyncio.run_coroutine_threadsafe( self.dbobjSaml.execute_statment("chk_idAssertion('%s')" % self.inResponseTo), globalsObj.ioloop)) if inResponseChk['error'] == 0 and inResponseChk['result'] is not None: return inResponseChk['result'][0]['cod_sp'] elif checkInResponseTo and inResponseChk[ 'error'] == 0 and inResponseChk['result'] == None: response_obj = ResponseObj(httpcode=404, ID=self.ResponseID) response_obj.setError('easyspid120') response_obj.setResult(response=str(self.response, 'utf-8')) raise goExit(response_obj, 'exit by chkExistsReq') elif not checkInResponseTo and inResponseChk[ 'error'] == 0 and inResponseChk['result'] == None: response_obj = ResponseObj(httpcode=404, ID=self.ResponseID) response_obj.setError('easyspid120') response_obj.setResult(response=str(self.response, 'utf-8')) return None elif inResponseChk['error'] > 0: response_obj = ResponseObj(httpcode=500) response_obj.setError('easyspid105') response_obj.setResult(inResponseChk['result']) raise goExit(response_obj, 'exit by chkExistsReq')
def getSpByAudience(self): task3 = asyncio.run_coroutine_threadsafe( self.dbobjSaml.execute_statment( "get_provider_byentityid(%s, '%s')" % ('True', '{' + (self.audience.text.strip()) + '}')), globalsObj.ioloop) audienceChk = waitFuture(task3) if audienceChk['error'] == 0 and audienceChk['result'] is not None: return audienceChk['result'][0]['cod_provider'] elif audienceChk['error'] == 0 and audienceChk['result'] is None: response_obj = ResponseObj(httpcode=404) response_obj.setError('easyspid115') raise goExit(response_obj, 'exit by getSpByAudience') elif audienceChk['error'] > 0: response_obj = ResponseObj(httpcode=500) response_obj.setError('easyspid105') response_obj.setResult(audienceChk['result']) raise goExit(response_obj, 'exit by getSpByAudience')
def getIdentyIdp(self): # get IdP task2 = asyncio.run_coroutine_threadsafe( self.dbobjSaml.execute_statment( "get_provider_byentityid(%s, '%s')" % ('True', '{' + (self.issuer.text.strip()) + '}')), globalsObj.ioloop) idpEntityId = waitFuture(task2) if idpEntityId['error'] == 0 and idpEntityId['result'] is not None: idp_metadata = idpEntityId['result'][0]['xml'] idp = idpEntityId['result'][0]['cod_provider'] return (idp_metadata, idp) elif idpEntityId['error'] == 0 and idpEntityId['result'] is None: response_obj = ResponseObj(httpcode=404) response_obj.setError('easyspid103') raise goExit(response_obj, 'exit by getIdentyIdp') elif idpEntityId['error'] > 0: response_obj = ResponseObj(httpcode=500, debugMessage=idpEntityId['result']) response_obj.setError("easyspid105") raise goExit(response_obj, 'exit by getIdentyIdp')
def buildAthnReq(self, sp_settings, attributeIndex, sp_metadata=None, signed=True): try: if sp_settings['error'] == 0 and sp_settings['result'] is not None: sp = sp_settings['result']['sp']['cod_sp'] idp = sp_settings['result']['idp']['cod_idp'] # get sp metadata to read attributeIndex location. if sp_metadata is None: sp_metadata = buildMetadatahandler.makeMetadata( sp_settings).result.metadata ns = { 'md0': OneLogin_Saml2_Constants.NS_MD, 'md1': OneLogin_Saml2_Constants.NS_SAML } parsedMetadata = xml.etree.ElementTree.fromstring(sp_metadata) attributeConsumingService = parsedMetadata.find( "md0:SPSSODescriptor/md0:AssertionConsumerService[@index='%s']" % attributeIndex, ns) if attributeConsumingService == None: response_obj = ResponseObj(httpcode=404) response_obj.setError('easyspid102') return response_obj spSettings = Saml2_Settings(sp_settings['result']) key = spSettings.get_sp_key() cert = spSettings.get_sp_cert() sign_alg = ( spSettings.get_security_data())['signatureAlgorithm'] digest = (spSettings.get_security_data())['digestAlgorithm'] # build auth request authn_request = Saml2_Authn_Request(spSettings, force_authn=True, is_passive=False, set_nameid_policy=True) authn_request_xml = authn_request.get_xml() ## inserisci attribute index ns = { 'md0': OneLogin_Saml2_Constants.NS_MD, 'md1': OneLogin_Saml2_Constants.NS_SAML } xml.etree.ElementTree.register_namespace( 'md0', OneLogin_Saml2_Constants.NS_MD) xml.etree.ElementTree.register_namespace( 'md1', OneLogin_Saml2_Constants.NS_SAML) parsedMetadata = xml.etree.ElementTree.fromstring( authn_request_xml) parsedMetadata.attrib[ 'AttributeConsumingServiceIndex'] = attributeIndex parsedMetadata.attrib[ 'AssertionConsumerServiceURL'] = attributeConsumingService.attrib[ 'Location'] issuer = parsedMetadata.find("md1:Issuer", ns) issuer.set("Format", "urn:oasis:names:tc:SAML:2.0:nameid-format:entity") issuer.set("NameQualifier", (spSettings.get_sp_data())['entityId']) ## inserisci attributi del nodo isuuer authn_request_xml = xml.etree.ElementTree.tostring( parsedMetadata, encoding="unicode") if signed: #authn_request_signed = OneLogin_Saml2_Utils.add_sign(authn_request_xml, key, cert, debug=False, # sign_algorithm=sign_alg, digest_algorithm=digest) authn_request_signed = AddSign(authn_request_xml, key, cert, False, sign_alg, digest) authn_request_signed = str(authn_request_signed, 'utf-8') else: authn_request_signed = authn_request_xml ## insert into DB task = asyncio.run_coroutine_threadsafe( self.dbobjSaml.execute_statment( "write_assertion('%s', '%s', '%s', '%s')" % (authn_request_signed.replace( "'", "''"), sp, idp, self.remote_ip)), globalsObj.ioloop) #assert not task.done() #wrtAuthn = task.result() wrtAuthn = waitFuture(task) if wrtAuthn['error'] == 0: task = asyncio.run_coroutine_threadsafe( self.dbobjJwt.execute_statment( "get_token_by_cod('%s')" % (wrtAuthn['result'][0]['cod_token'])), globalsObj.ioloop) #assert not task.done() #jwt = task.result() jwt = waitFuture(task) response_obj = ResponseObj( httpcode=200, ID=wrtAuthn['result'][0]['ID_assertion']) response_obj.setError('200') response_obj.setResult( authnrequest=authn_request_signed, jwt=jwt['result'][0]['token'], idassertion=wrtAuthn['result'][0]['ID_assertion']) else: response_obj = ResponseObj(httpcode=500, debugMessage=wrtAuthn['result']) response_obj.setError("easyspid105") logging.getLogger( type(self).__module__ + "." + type(self).__qualname__).error('Exception', exc_info=True) elif sp_settings['error'] == 0 and sp_settings['result'] == None: response_obj = ResponseObj(httpcode=404) response_obj.setError('easyspid101') elif sp_settings['error'] > 0: response_obj = ResponseObj(httpcode=500, debugMessage=sp_settings['result']) response_obj.setError("easyspid105") except tornado.web.MissingArgumentError as error: response_obj = ResponseObj(debugMessage=error.log_message, httpcode=error.status_code, devMessage=error.log_message) response_obj.setError(str(error.status_code)) logging.getLogger( type(self).__module__ + "." + type(self).__qualname__).error( '%s' % error, exc_info=True) except Exception as inst: response_obj = ResponseObj(httpcode=500) response_obj.setError('500') logging.getLogger( type(self).__module__ + "." + type(self).__qualname__).error( 'Exception', exc_info=True) return response_obj
def processResponse(self, chkTime=True, checkInResponseTo=True): try: # get response and Relay state responsePost = self.get_argument('SAMLResponse') srelayPost = self.get_argument('RelayState') # decode saml response #response = responsePost self.response = responsePost try: self.response = OneLogin_Saml2_Utils.decode_base64_and_inflate( responsePost) except Exception: try: self.response = OneLogin_Saml2_Utils.b64decode( responsePost) except Exception: pass # try: # #response = OneLogin_Saml2_Utils.b64decode(responsePost) # self.response = OneLogin_Saml2_Utils.b64decode(responsePost) # except Exception: # pass ## parse XML and make some check ns = { 'md0': OneLogin_Saml2_Constants.NS_SAMLP, 'md1': OneLogin_Saml2_Constants.NS_SAML } parsedResponse = xml.etree.ElementTree.fromstring(self.response) self.inResponseTo = parsedResponse.get('InResponseTo') self.ResponseID = parsedResponse.get('ID') issuer = self.issuer = parsedResponse.find("md1:Issuer", ns) if issuer is None: response_obj = ResponseObj(httpcode=401) response_obj.setError('easyspid118') return response_obj #spByInResponseTo = None # try to get sp searching a corresponding request and raise error if checkInResponseTo is True # inResponseChk = waitFuture(asyncio.run_coroutine_threadsafe(self.dbobjSaml.execute_statment("chk_idAssertion('%s')" % # inResponseTo), globalsObj.ioloop)) # if inResponseChk['error'] == 0 and inResponseChk['result'] is not None: # spByInResponseTo = inResponseChk['result'][0]['cod_sp'] # # elif checkInResponseTo and inResponseChk['error'] == 0 and inResponseChk['result'] == None: # response_obj = ResponseObj(httpcode=404, ID = ResponseID) # response_obj.setError('easyspid120') # response_obj.setResult(response = str(response, 'utf-8')) # return response_obj # # elif inResponseChk['error'] > 0: # response_obj = ResponseObj(httpcode=500) # response_obj.setError('easyspid105') # response_obj.setResult(inResponseChk['result']) # return response_obj # try to get sp searching a corresponding request and raise error if checkInResponseTo is True spByInResponseTo = self.chkExistsReq(checkInResponseTo) ### check StatusCode to find errors firstChk = easyspid.lib.utils.validateAssertion( str(self.response, 'utf-8'), None, None) if not firstChk['chkStatus']: #get errors codes samlErrors = waitFuture( asyncio.run_coroutine_threadsafe( getResponseError(parsedResponse, sp=spByInResponseTo, namespace=ns), globalsObj.ioloop)) if samlErrors['error'] == '0': response_obj = ResponseObj(httpcode=400, ID=self.ResponseID) response_obj.setError('easyspid121') response_obj.setResult(response=str( self.response, 'utf-8'), format='json', samlErrors=samlErrors['status']) return self.formatError(response_obj, srelayPost, samlErrors['service']) elif samlErrors['error'] == 'easyspid114': response_obj = ResponseObj(httpcode=404) response_obj.setError('easyspid114') return response_obj else: response_obj = ResponseObj(httpcode=500) response_obj.setError('500') response_obj.setResult(samlErrors['error']) return response_obj #decode Relay state #srelay = srelayPost self.srelay = srelayPost try: self.srelay = OneLogin_Saml2_Utils.decode_base64_and_inflate( srelayPost) except Exception: try: self.srelay = OneLogin_Saml2_Utils.b64decode(srelayPost) except Exception: pass #self.srelay = OneLogin_Saml2_Utils.b64decode(srelayPost) #pass # try: # #srelay = OneLogin_Saml2_Utils.b64decode(srelayPost) # self.srelay = OneLogin_Saml2_Utils.b64decode(srelayPost) # except Exception: # pass ## get sp by ID #ns = {'md0': OneLogin_Saml2_Constants.NS_SAMLP, 'md1': OneLogin_Saml2_Constants.NS_SAML} #parsedResponse = xml.etree.ElementTree.fromstring(response) #issuer = self.issuer = parsedResponse.find("md1:Issuer", ns) #inResponseTo = parsedResponse.get('InResponseTo') #get audience audience = self.audience = parsedResponse.find( 'md1:Assertion/md1:Conditions/md1:AudienceRestriction/md1:Audience', ns) if audience is None: response_obj = ResponseObj(httpcode=401) response_obj.setError('easyspid118') return response_obj # if issuer is None or audience is None: # response_obj = ResponseObj(httpcode=401) # response_obj.setError('easyspid118') # return response_obj #task1 = asyncio.run_coroutine_threadsafe(self.dbobjSaml.execute_statment("chk_idAssertion('%s')" % # inResponseTo), globalsObj.ioloop) # task2 = asyncio.run_coroutine_threadsafe(self.dbobjSaml.execute_statment("get_provider_byentityid(%s, '%s')" % # ('True', '{'+(self.issuer.text.strip())+'}')), globalsObj.ioloop) #task3 = asyncio.run_coroutine_threadsafe(self.dbobjSaml.execute_statment("get_provider_byentityid(%s, '%s')" % # ('True', '{'+(audience.text.strip())+'}')), globalsObj.ioloop) #assert not task1.done() #inResponseChk = task1.result() #inResponseChk = waitFuture(task1) #audienceChk = waitFuture(task3) #spByAudience = None #spByInResponseTo = None #if inResponseChk['error'] == 0 and inResponseChk['result'] is not None: # spByInResponseTo = inResponseChk['result'][0]['cod_sp'] # if audienceChk['error'] == 0 and audienceChk['result'] is not None: # spByAudience = audienceChk['result'][0]['cod_provider'] #check audinece # if spByAudience is None: # response_obj = ResponseObj(httpcode=404) # response_obj.setError('easyspid115') # return response_obj # get sp by audience spByAudience = self.getSpByAudience() #check inresponseTo and spByAudience == spByInResponseTo if checkInResponseTo and spByAudience == spByInResponseTo: sp = spByAudience elif checkInResponseTo and spByAudience != spByInResponseTo: response_obj = ResponseObj(httpcode=401) response_obj.setError('easyspid110') return response_obj sp = spByAudience # get service by sp and relay_state try: task = asyncio.run_coroutine_threadsafe( self.dbobjSaml.execute_statment( "get_service(%s, '%s', '%s')" % ('True', str(self.srelay), sp)), globalsObj.ioloop) #assert not task.done() #service = task.result() service = waitFuture(task) if service['error'] == 0 and service['result'] is not None: # costruisci il routing self.routing = dict() self.routing['url'] = service['result'][0]['url'] self.routing['relaystate'] = self.srelay self.routing['format'] = service['result'][0]['format'] elif service['error'] > 0 or service['result'] is None: response_obj = ResponseObj(httpcode=500, debugMessage=service['result']) response_obj.setError("easyspid111") return response_obj except Exception: pass # get IdP # idpEntityId = waitFuture(task2) # # if idpEntityId['error'] == 0 and idpEntityId['result'] is not None: # idp_metadata = idpEntityId['result'][0]['xml'] # idp = idpEntityId['result'][0]['cod_provider'] # # elif idpEntityId['error'] == 0 and idpEntityId['result'] is None: # response_obj = ResponseObj(httpcode=404) # response_obj.setError('easyspid103') # return response_obj # # elif idpEntityId['error'] > 0: # response_obj = ResponseObj(httpcode=500, debugMessage=idpEntityId['result']) # response_obj.setError("easyspid105") # return response_obj # get IdP and metadata (idp_metadata, idp) = self.getIdentyIdp() # get sp settings task = asyncio.run_coroutine_threadsafe( easyspid.lib.easyspid.spSettings(sp, idp, close=True), globalsObj.ioloop) sp_settings = waitFuture(task) if sp_settings['error'] == 0 and sp_settings['result'] != None: ## insert response into DB task = asyncio.run_coroutine_threadsafe( self.dbobjSaml.execute_statment( "write_assertion('%s', '%s', '%s', '%s')" % (str(self.response, 'utf-8').replace( "'", "''"), sp, idp, self.remote_ip)), globalsObj.ioloop) wrtAuthn = waitFuture(task) if wrtAuthn['error'] == 0: if self.routing['format'] == 'saml': return self.passthrough() task = asyncio.run_coroutine_threadsafe( self.dbobjJwt.execute_statment( "get_token_by_cod('%s')" % (wrtAuthn['result'][0]['cod_token'])), globalsObj.ioloop) #assert not task.done() #jwt = task.result() jwt = waitFuture(task) else: response_obj = ResponseObj(httpcode=500, debugMessage=wrtAuthn['result']) response_obj.setError("easyspid105") logging.getLogger( type(self).__module__ + "." + type(self).__qualname__).error('Exception', exc_info=True) return response_obj # create settings OneLogin dict #settings = sp_settings['result'] prvdSettings = Saml2_Settings(sp_settings['result']) chk = easyspid.lib.utils.validateAssertion( str(self.response, 'utf-8'), sp_settings['result']['idp']['x509cert_fingerprint'], sp_settings['result']['idp']['x509cert_fingerprintalg']) chk['issuer'] = issuer.text.strip() chk['audience'] = audience.text.strip() if not chk['chkStatus']: response_obj = ResponseObj(httpcode=401) response_obj.setError('easyspid107') return response_obj elif not chk['schemaValidate']: response_obj = ResponseObj(httpcode=401) response_obj.setError('easyspid104') response_obj.setResult(responseValidate=chk) return response_obj elif not chk['signCheck']: response_obj = ResponseObj(httpcode=401) response_obj.setError('easyspid106') response_obj.setResult(responseValidate=chk) return response_obj elif not chk[ 'certAllowed'] and globalsObj.easyspid_checkCertificateAllowed: response_obj = ResponseObj(httpcode=401) response_obj.setError('easyspid116') response_obj.setResult(responseValidate=chk) return response_obj elif not chk[ 'certValidity'] and globalsObj.easyspid_checkCertificateValidity: response_obj = ResponseObj(httpcode=401) response_obj.setError('easyspid117') response_obj.setResult(responseValidate=chk) return response_obj elif chkTime and not chk['chkTime']: response_obj = ResponseObj(httpcode=401) response_obj.setError('easyspid108') return response_obj #get all attributes attributes = chk['serviceAttributes'] attributes_tmp = dict() for key in attributes: attributes_tmp[key] = attributes[key][0] attributes = attributes_tmp # build response form try: with open( os.path.join(globalsObj.modules_basedir, globalsObj.easyspid_responseFormPath), 'rb') as myfile: response_form = myfile.read().decode("utf-8") except: with open(globalsObj.easyspid_responseFormPath, 'rb') as myfile: response_form = myfile.read().decode("utf-8") response_obj = ResponseObj( httpcode=200, ID=wrtAuthn['result'][0]['ID_assertion']) response_obj.setError('200') response_obj.setResult(attributes=attributes, jwt=jwt['result'][0]['token'], responseValidate=chk, response=str(self.response, 'utf-8'), format='json') response_form = response_form.replace("%URLTARGET%", self.routing['url']) response_form = response_form.replace("%RELAYSTATE%", srelayPost) response_form = response_form.replace( "%RESPONSE%", OneLogin_Saml2_Utils.b64encode(response_obj.jsonWrite())) self.postTo = response_form elif sp_settings['error'] == 0 and sp_settings['result'] == None: response_obj = ResponseObj(httpcode=404) response_obj.setError('easyspid114') elif sp_settings['error'] > 0: #response_obj = sp_settings['result'] response_obj = sp_settings except goExit as e: return e.expression except tornado.web.MissingArgumentError as error: response_obj = ResponseObj(debugMessage=error.log_message, httpcode=error.status_code, devMessage=error.log_message) response_obj.setError(str(error.status_code)) logging.getLogger( type(self).__module__ + "." + type(self).__qualname__).error( '%s' % error, exc_info=True) except Exception as inst: response_obj = ResponseObj(httpcode=500) response_obj.setError('500') logging.getLogger( type(self).__module__ + "." + type(self).__qualname__).error( 'Exception', exc_info=True) return response_obj
def loginAuthnReq(self, sp_settings, idp_metadata, attributeIndex, binding, srelay_cod): try: if binding == 'redirect': authn_request = authnreqBuildhandler.buildAthnReq( self, sp_settings, attributeIndex, signed=False) elif binding == 'post': authn_request = authnreqBuildhandler.buildAthnReq( self, sp_settings, attributeIndex, signed=True) bindingMap = { 'redirect': OneLogin_Saml2_Constants.BINDING_HTTP_REDIRECT, 'post': OneLogin_Saml2_Constants.BINDING_HTTP_POST } if (sp_settings['error'] == 0 and sp_settings['result'] is not None and idp_metadata.error.code == '200' and authn_request.error.code == '200'): sp = sp_settings['result']['sp']['cod_sp'] idp = sp_settings['result']['idp']['cod_idp'] # get relay state task = asyncio.run_coroutine_threadsafe( self.dbobjSaml.execute_statment( "get_service(%s, '%s', '%s')" % ('True', str(srelay_cod), sp)), globalsObj.ioloop) #assert not task.done() #srelay = task.result() srelay = waitFuture(task) if srelay['error'] == 0 and srelay['result'] is None: response_obj = ResponseObj(httpcode=404) response_obj.setError('easyspid113') return response_obj elif srelay['error'] > 0: response_obj = ResponseObj( httpcode=500, debugMessage=sp_settings['result']) response_obj.setError("easyspid105") return response_obj #if (sp_settings['error'] == 0 and sp_settings['result'] is not None #and idp_metadata.error.code == '200' and authn_request.error.code == '200'): idp_data = OneLogin_Saml2_IdPMetadataParser.parse( idp_metadata.result.metadata, required_sso_binding=bindingMap[binding], required_slo_binding=bindingMap[binding]) idp_settings = idp_data['idp'] # fake authn_request req = { "http_host": "", "script_name": "", "server_port": "", "get_data": "", "post_data": "" } settings = sp_settings['result'] if 'entityId' in idp_settings: settings['idp']['entityId'] = idp_settings['entityId'] if 'singleLogoutService' in idp_settings: settings['idp']['singleLogoutService'] = idp_settings[ 'singleLogoutService'] if 'singleSignOnService' in idp_settings: settings['idp']['singleSignOnService'] = idp_settings[ 'singleSignOnService'] if 'x509cert' in idp_settings: settings['idp']['x509cert'] = idp_settings['x509cert'] auth = OneLogin_Saml2_Auth(req, sp_settings['result']) spSettings = Saml2_Settings(sp_settings['result']) sign_alg = ( spSettings.get_security_data())['signatureAlgorithm'] # build login message # redirect binding if binding == 'redirect': saml_request = OneLogin_Saml2_Utils.deflate_and_base64_encode( authn_request.result.authnrequest) parameters = {'SAMLRequest': saml_request} parameters['RelayState'] = srelay['result'][0][ 'relay_state'] auth.add_request_signature(parameters, sign_alg) redirectLocation = auth.redirect_to( auth.get_sso_url(), parameters) response_obj = ResponseObj(httpcode=200) response_obj.setError('200') response_obj.setResult(redirectTo=redirectLocation, jwt=authn_request.result.jwt) # POST binding elif binding == 'post': saml_request_signed = OneLogin_Saml2_Utils.b64encode( authn_request.result.authnrequest) relay_state = OneLogin_Saml2_Utils.b64encode( srelay['result'][0]['relay_state']) idpsso = idp_settings['singleSignOnService']['url'] try: with open( os.path.join(globalsObj.modules_basedir, globalsObj.easyspid_postFormPath), 'rb') as myfile: post_form = myfile.read().decode("utf-8").replace( '\n', '') except: with open(globalsObj.easyspid_postFormPath, 'rb') as myfile: post_form = myfile.read().decode("utf-8").replace( '\n', '') post_form = post_form.replace("%IDPSSO%", idpsso) post_form = post_form.replace("%AUTHNREQUEST%", saml_request_signed) post_form = post_form.replace("%RELAYSTATE%", relay_state) response_obj = ResponseObj(httpcode=200) response_obj.setError('200') response_obj.setResult(postTo=post_form, jwt=authn_request.result.jwt) elif sp_settings['error'] == 0 and sp_settings['result'] is None: response_obj = ResponseObj(httpcode=404) response_obj.setError('easyspid101') elif sp_settings['error'] > 0: response_obj = ResponseObj(httpcode=500, debugMessage=sp_settings['result']) response_obj.setError("easyspid105") except tornado.web.MissingArgumentError as error: response_obj = ResponseObj(debugMessage=error.log_message, httpcode=error.status_code, devMessage=error.log_message) response_obj.setError(str(error.status_code)) logging.getLogger( type(self).__module__ + "." + type(self).__qualname__).error( '%s' % error, exc_info=True) except Exception as inst: response_obj = ResponseObj(httpcode=500) response_obj.setError('500') logging.getLogger( type(self).__module__ + "." + type(self).__qualname__).error( 'Exception', exc_info=True) return response_obj