def use_http_form_post(self, message, destination, relay_state): """ Return a form that will automagically execute and POST the message to the recipient. :param message: :param destination: :param relay_state: :return: tuple (header, message) """ if not isinstance(message, basestring): request = "%s" % (message,) return http_form_post_message(message, destination, relay_state)
def use_http_form_post(self, message, destination, relay_state): """ Return a form that will automagically execute and POST the message to the recipient. :param message: :param destination: :param relay_state: :return: tuple (header, message) """ if not isinstance(message, basestring): request = "%s" % (message, ) return http_form_post_message(message, destination, relay_state)
def use_http_form_post(self, message, destination, relay_state, typ="SAMLRequest"): """ Return a form that will automagically execute and POST the message to the recipient. :param message: :param destination: :param relay_state: :param typ: Whether a Request, Response or Artifact :return: dictionary """ if not isinstance(message, basestring): message = "%s" % (message,) return http_form_post_message(message, destination, relay_state, typ)
def use_http_form_post(message, destination, relay_state, typ="SAMLRequest"): """ Return a form that will automagically execute and POST the message to the recipient. :param message: :param destination: :param relay_state: :param typ: Whether a Request, Response or Artifact :return: dictionary """ if not isinstance(message, six.string_types): message = "%s" % (message,) return http_form_post_message(message, destination, relay_state, typ)
def saml_logout(): saml_client = saml_client_for( current_app.config.get('SECURITY_SAML_IDP_METADATA').split(',')[0]) nid = NameID(format=NAMEID_FORMAT_UNSPECIFIED, text="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified") logout_url = LogoutUrl( text=url_for("saml.saml_logout_postback", _external=True)) destination = current_app.config.get('SECURITY_SAML_FA_URL') extensions = Extensions(extension_elements=[logout_url]) req_id, logout_request = saml_client.create_logout_request( name_id=nid, destination=destination, issuer_entity_id=current_app.config.get('SECURITY_SAML_ENTITY_ID'), sign=True, consent="urn:oasis:names:tc:SAML:2.0:logout:user", extensions=extensions) post_message = http_form_post_message(message=logout_request, location=destination) return post_message['data']
def _send(self, srv): _client = self.client loc = srv["location"] self.qargs["destination"] = loc self.response_args = {} use_artifact = getattr(self.oper, "use_artifact", False) try: req = self.oper.args["message"] except KeyError: req = self.qfunc(**self.qargs) req_id, self.request = self.oper.pre_processing(req, self.args) str_req = "%s" % self.request if use_artifact: saml_art = _client.use_artifact(str_req, self.args["entity_id"]) logger.info("SAML Artifact: %s" % saml_art) info_typ = "SAMLart" else: logger.info("SAML Request: %s" % str_req) info_typ = "SAMLRequest" # depending on binding send the query if self.args["request_binding"] is BINDING_SOAP: res = _client.send_using_soap(str_req, loc) if res.status_code >= 400: logger.info("Received a HTTP error (%d) '%s'" % ( res.status_code, res.text)) raise HTTPError(res.text) else: self.response_args["binding"] = BINDING_SOAP else: self.response_args["binding"] = self.args["response_binding"] if self.args["request_binding"] is BINDING_HTTP_REDIRECT: htargs = http_redirect_message(str_req, loc, self.relay_state, info_typ) self.response_args["outstanding"] = {self.request.id: "/"} # res = _client.send(htargs["headers"][0][1], "GET") elif self.args["request_binding"] is BINDING_HTTP_POST: htargs = http_form_post_message(str_req, loc, self.relay_state, info_typ) info = unpack_form(htargs["data"][3]) data = form_post(info) self.response_args["outstanding"] = {self.request.id: "/"} htargs["data"] = data htargs["headers"] = [("Content-type", 'application/x-www-form-urlencoded')] res = _client.send(loc, "POST", **htargs) elif self.args["request_binding"] == BINDING_URI: self.response_args["binding"] = BINDING_URI htargs = _client.use_http_uri(str_req, "SAMLRequest", loc) res = _client.send(htargs["url"], "GET") else: res = None if res is not None and res.status_code >= 400: logger.info("Received a HTTP error (%d) '%s'" % ( res.status_code, res.text)) raise HTTPError(res.text) self.last_response = res try: self.last_content = res.text except AttributeError: self.last_content = None return res
def _send(self, srv): _client = self.client loc = srv["location"] self.qargs["destination"] = loc self.response_args = {} use_artifact = getattr(self.oper, "use_artifact", False) try: req = self.oper.args["message"] except KeyError: req = self.qfunc(**self.qargs) req_id, self.request = self.oper.pre_processing(req, self.args) str_req = "%s" % self.request if use_artifact: saml_art = _client.use_artifact(str_req, self.args["entity_id"]) logger.info("SAML Artifact: %s", saml_art) info_typ = "SAMLart" else: logger.info("SAML Request: %s", str_req) info_typ = "SAMLRequest" # depending on binding send the query if self.args["request_binding"] is BINDING_SOAP: res = _client.send_using_soap(str_req, loc) if res.status_code >= 400: logger.info("Received a HTTP error (%d) '%s'", res.status_code, res.text) raise HTTPError(res.text) else: self.response_args["binding"] = BINDING_SOAP else: self.response_args["binding"] = self.args["response_binding"] if self.args["request_binding"] is BINDING_HTTP_REDIRECT: htargs = http_redirect_message(str_req, loc, self.relay_state, info_typ) self.response_args["outstanding"] = {self.request.id: "/"} # res = _client.send(htargs["headers"][0][1], "GET") elif self.args["request_binding"] is BINDING_HTTP_POST: htargs = http_form_post_message(str_req, loc, self.relay_state, info_typ) info = unpack_form(htargs["data"][3]) data = form_post(info) self.response_args["outstanding"] = {self.request.id: "/"} htargs["data"] = data htargs["headers"] = [("Content-type", 'application/x-www-form-urlencoded')] res = _client.send(loc, "POST", **htargs) elif self.args["request_binding"] == BINDING_URI: self.response_args["binding"] = BINDING_URI htargs = _client.use_http_uri(str_req, "SAMLRequest", loc) res = _client.send(htargs["url"], "GET") else: res = None if res is not None and res.status_code >= 400: logger.info("Received a HTTP error (%d) '%s'", res.status_code, res.text) raise HTTPError(res.text) self.last_response = res try: self.last_content = res.text except AttributeError: self.last_content = None return res
resp = BadRequest("ConsumerURL and return destination mismatch") raise resp(environ, start_response) try: authn_resp = IDP.create_authn_response(identity, userid=userid, authn=AUTHN, **resp_args) except Exception, excp: logger.error("Exception: %s" % (excp, )) raise logger.info("AuthNResponse: %s" % authn_resp) http_args = http_form_post_message(authn_resp, resp_args["destination"], relay_state=query["RelayState"][0], typ="SAMLResponse") resp = Response(http_args["data"], headers=http_args["headers"]) return resp(environ, start_response) def whoami(environ, start_response, user): identity = environ["repoze.who.identity"].copy() for prop in ["login", "password"]: try: del identity[prop] except KeyError: continue response = Response(dict_to_table(identity)) return response(environ, start_response)
logger.error("%s != %s" % (req.message.assertion_consumer_service_url, resp_args["destination"])) resp = BadRequest("ConsumerURL and return destination mismatch") raise resp(environ, start_response) try: authn_resp = IDP.create_authn_response(identity, userid=userid, authn=AUTHN, **resp_args) except Exception, excp: logger.error("Exception: %s" % (excp,)) raise logger.info("AuthNResponse: %s" % authn_resp) http_args = http_form_post_message(authn_resp, resp_args["destination"], relay_state=query["RelayState"][0], typ="SAMLResponse") resp = Response(http_args["data"], headers=http_args["headers"]) return resp(environ, start_response) def whoami(environ, start_response, user): identity = environ["repoze.who.identity"].copy() for prop in ["login", "password"]: try: del identity[prop] except KeyError: continue response = Response(dict_to_table(identity)) return response(environ, start_response)