def _validate_request(self): """ Validates the _saml_request. Sub-classes should override this and throw an Exception if the validation does not succeed. """ super(Processor, self)._validate_request() if not '.google.com/a/' in self._request_params['ACS_URL']: raise exceptions.CannotHandleAssertion('AssertionConsumerService is not a Google Apps URL.')
def _validate_request(self): """ Validates the _saml_request. By default, simply verifies that the ACS_URL is valid, according to settings. Sub-classes should override this and throw a CannotHandleAssertion Exception if the validation does not succeed. """ acs_url = self._request_params['ACS_URL'] for name, sp_config in saml2idp_metadata.SAML2IDP_REMOTES.items(): if acs_url == sp_config['acs_url']: self._sp_config = sp_config return msg = "Could not find ACS url '%s' in SAML2IDP_REMOTES setting." % acs_url raise exceptions.CannotHandleAssertion(msg)
def can_handle(self, request): """ Returns true if this processor can handle this request. """ self._reset(request) # Read the request. try: self._extract_saml_request() self._decode_request() self._parse_request() except Exception, e: msg = 'Exception while reading request: %s' % e self._logger.debug(msg) raise exceptions.CannotHandleAssertion(msg)
mod = import_module(sp_module) except ImportError, e: raise ImproperlyConfigured('Error importing processors %s: "%s"' % (sp_module, e)) try: sp_class = getattr(mod, sp_classname) except AttributeError: raise ImproperlyConfigured( 'processors module "%s" does not define a "%s" class' % (sp_module, sp_classname)) instance = sp_class() return instance def find_processor(request): """ Returns the Processor instance that is willing to handle this request. """ for name, sp_config in saml2idp_metadata.SAML2IDP_REMOTES.items(): proc = get_processor(sp_config['processor']) try: if proc.can_handle(request): return proc except exceptions.CannotHandleAssertion, e: # Log these, but keep looking. logger.debug('%s %s' % (proc, e)) raise exceptions.CannotHandleAssertion( 'None of the processors in SAML2IDP_REMOTES could handle this request.' )