def pickup_request(reference_id):
username = ConfigurationManager.get_configuration(
IdpConstants.ADAPTER_USERNAME)
password = ConfigurationManager.get_configuration(
IdpConstants.ADAPTER_PASSWORD)
return "GET " + UrlUtil.pickup_url(reference_id) + "\n" \
+ IdpConstants.PING_ADAPTER_HEADER + ": " \
+ ConfigurationManager.get_configuration(IdpConstants.ADAPTER_ID) + "\n" \
+ "Authentication: " + base64.b64encode((username + ":" + password).encode('ascii')).decode('ascii')
def pickup_attributes(reference_value):
# Pickup the attributes from PingFederate
pickup_location = UrlUtil.pickup_url(reference_value)
username = ConfigurationManager.get_configuration(IdpConstants.ADAPTER_USERNAME)
password = ConfigurationManager.get_configuration(IdpConstants.ADAPTER_PASSWORD)
headers = {
IdpConstants.PING_ADAPTER_HEADER: ConfigurationManager.get_configuration(IdpConstants.ADAPTER_ID)
}
# For simplicity, trust any certificate. Do not use in production.
return requests.get(pickup_location, headers=headers, auth=(username, password), verify=False)
def dropoff_post(user_attributes):
username = ConfigurationManager.get_configuration(
IdpConstants.ADAPTER_USERNAME)
password = ConfigurationManager.get_configuration(
IdpConstants.ADAPTER_PASSWORD)
return "POST " + UrlUtil.dropoff_url() + "\n" \
+ "Content-Type: application/json\n" \
+ "Content-Length: " + str(len(user_attributes)) + "\n" \
+ IdpConstants.PING_ADAPTER_HEADER + ": " \
+ ConfigurationManager.get_configuration(IdpConstants.ADAPTER_ID) + "\n" \
+ "Authentication: " + base64.b64encode((username + ":" + password).encode('ascii')).decode('ascii') + "\n" \
+ "\n" \
+ user_attributes
def handle(self, request):
username = request.form[IdpConstants.USERNAME]
# create dictionary containing user attributes
idp_user_attributes = dict.get(IdpSampleUserLoader.get_user(username),
"attributes")
idp_user_attributes.update({IdpConstants.SUBJECT: username})
idp_user_attributes.update({
IdpConstants.AUTH_INST:
datetime.utcnow().strftime("%Y-%m-%d %H:%M:%S")
})
# Drop the attributes into PingFederate
dropoff_location = UrlUtil.dropoff_url()
username = ConfigurationManager.get_configuration(
IdpConstants.ADAPTER_USERNAME)
password = ConfigurationManager.get_configuration(
IdpConstants.ADAPTER_PASSWORD)
headers = {
"Content-type":
"application/json",
IdpConstants.PING_ADAPTER_HEADER:
ConfigurationManager.get_configuration(IdpConstants.ADAPTER_ID)
}
# For simplicity, trust any certificate. Do not use in production.
response = requests.post(dropoff_location,
json=idp_user_attributes,
auth=(username, password),
headers=headers,
verify=False)
response_dict = json.loads(response.text)
response_json = json.dumps(response.json(), indent=4)
idp_user_attributes = json.dumps(idp_user_attributes, indent=4)
return render_template(
'Dropoff.html',
resumePath=request.form[IdpConstants.RESUME_PATH],
resumeUrl=UrlUtil.resume_url(request),
REF=response_dict[IdpConstants.REF],
configureUrl=UrlUtil.configure_url(request),
userAttributes=idp_user_attributes,
httpStatus=ReferenceAdapterUtil.http_status(response.status_code),
dropoffEndpoint=IdpConstants.DROPOFF_ENDPOINT,
ssoUrl=UrlUtil.sso_url(),
rawRequest=ReferenceAdapterUtil.dropoff_post(idp_user_attributes),
rawResponse=ReferenceAdapterUtil.session_response(
response.headers, response_json))
def handle(self, request):
if request.method == 'GET':
return render_template(
'Configuration.html',
configurationError=None,
configureUrl=UrlUtil.configure_url(request),
basePfUrlName=IdpConstants.BASE_PF_URL,
basePfUrl=ConfigurationManager.get_configuration(
IdpConstants.BASE_PF_URL),
adapterUsernameName=IdpConstants.ADAPTER_USERNAME,
adapterUsername=ConfigurationManager.get_configuration(
IdpConstants.ADAPTER_USERNAME),
adapterPassphraseName=IdpConstants.ADAPTER_PASSWORD,
adapterPassphrase=ConfigurationManager.get_configuration(
IdpConstants.ADAPTER_PASSWORD),
adapterIdName=IdpConstants.ADAPTER_ID,
adapterId=ConfigurationManager.get_configuration(
IdpConstants.ADAPTER_ID),
targetUrlName=IdpConstants.TARGET_URL,
targetUrl=ConfigurationManager.get_configuration(
IdpConstants.TARGET_URL),
partnerIdName=IdpConstants.PARTNER_ENTITY_ID,
partnerId=ConfigurationManager.get_configuration(
IdpConstants.PARTNER_ENTITY_ID))
else:
try:
ConfigurationManager.save_configuration(request)
ConfigurationManager.load_configuration()
return redirect(UrlUtil.sso_url(), code=302)
except Exception as e:
return render_template(
'Configuration.html',
configurationError=e,
configureUrl=UrlUtil.configure_url(request),
basePfUrlName=IdpConstants.BASE_PF_URL,
basePfUrl=request.form[IdpConstants.BASE_PF_URL],
adapterUsernameName=IdpConstants.ADAPTER_USERNAME,
adapterUsername=request.form[
IdpConstants.ADAPTER_USERNAME],
adapterPassphraseName=IdpConstants.ADAPTER_PASSWORD,
adapterPassphrase=request.form[
IdpConstants.ADAPTER_PASSWORD],
adapterIdName=IdpConstants.ADAPTER_ID,
adapterId=request.form[IdpConstants.ADAPTER_ID],
targetUrlName=IdpConstants.TARGET_URL,
targetUrl=request.form[IdpConstants.TARGET_URL],
partnerIdName=IdpConstants.PARTNER_ENTITY_ID,
partnerId=request.form[IdpConstants.PARTNER_ENTITY_ID])
def dropoff_url():
return ConfigurationManager.get_configuration(IdpConstants.BASE_PF_URL) \
+ IdpConstants.DROPOFF_ENDPOINT
def pickup_url(reference_id):
return ConfigurationManager.get_configuration(IdpConstants.BASE_PF_URL) \
+ IdpConstants.PICKUP_ENDPOINT \
+ "?REF=" + reference_id
def sso_url():
return ConfigurationManager.get_configuration(IdpConstants.BASE_PF_URL) + IdpConstants.START_SP_SSO \
+ "?PartnerIdpId=" + ConfigurationManager.get_configuration(IdpConstants.PARTNER_ENTITY_ID)
def resume_logout_url(request, reference_id):
return ConfigurationManager.get_configuration(IdpConstants.BASE_PF_URL) + request.form[IdpConstants.RESUME_PATH] \
+ "?REF=" + reference_id
def resume_to_pf_url(request):
return ConfigurationManager.get_configuration(IdpConstants.BASE_PF_URL) + request.form[IdpConstants.RESUME_PATH] \
+ "?REF=" + request.form[IdpConstants.REF] + "&TargetResource=" \
+ url.quote_plus(ConfigurationManager.get_configuration(IdpConstants.TARGET_URL))
return controller.handle(request)
@app.route('/AgentlessIdPSample/app/login', methods=['POST', 'GET'])
def login():
controller = LoginController()
return controller.handle(request)
@app.route('/AgentlessIdPSample/app/resume', methods=['POST'])
def resume():
controller = ResumeController()
return controller.handle(request)
@app.route('/AgentlessIdPSample/app/logout', methods=['POST', 'GET'])
def logout():
controller = LogoutController()
return controller.handle(request)
@app.route('/AgentlessIdPSample/app/configure', methods=['POST', 'GET'])
def configure():
controller = ConfigurationController()
return controller.handle(request)
if __name__ == "__main__":
ConfigurationManager()
app.run(host='127.0.0.1', port=8080, ssl_context='adhoc')