def federated_sso_auth(self, context, protocol_id):
try:
remote_id_name = utils.get_remote_id_parameter(protocol_id)
remote_id = context['environment'][remote_id_name]
except KeyError:
msg = _('Missing entity ID from environment')
LOG.error(msg)
raise exception.Unauthorized(msg)
if 'origin' in context['query_string']:
origin = context['query_string'].get('origin')
host = urllib.parse.unquote_plus(origin)
else:
msg = _('Request must have an origin query parameter')
LOG.error(msg)
raise exception.ValidationError(msg)
if self._is_trusted_dashboard(host):
ref = self.federation_api.get_idp_from_remote_id(remote_id)
# NOTE(stevemar): the returned object is a simple dict that
# contains the idp_id and remote_id.
identity_provider = ref['idp_id']
res = self.federated_authentication(context, identity_provider,
protocol_id)
token_id = res.headers['X-Subject-Token']
return self.render_html_response(host, token_id)
else:
msg = _('%(host)s is not a trusted dashboard host')
msg = msg % {'host': host}
LOG.error(msg)
raise exception.Unauthorized(msg)
def federated_sso_auth(self, context, protocol_id):
try:
remote_id_name = utils.get_remote_id_parameter(protocol_id)
remote_id = context['environment'][remote_id_name]
except KeyError:
msg = _('Missing entity ID from environment')
LOG.error(msg)
raise exception.Unauthorized(msg)
if 'origin' in context['query_string']:
origin = context['query_string'].get('origin')
host = urllib.parse.unquote_plus(origin)
else:
msg = _('Request must have an origin query parameter')
LOG.error(msg)
raise exception.ValidationError(msg)
if host in CONF.federation.trusted_dashboard:
ref = self.federation_api.get_idp_from_remote_id(remote_id)
# NOTE(stevemar): the returned object is a simple dict that
# contains the idp_id and remote_id.
identity_provider = ref['idp_id']
res = self.federated_authentication(context, identity_provider,
protocol_id)
token_id = res.headers['X-Subject-Token']
return self.render_html_response(host, token_id)
else:
msg = _('%(host)s is not a trusted dashboard host')
msg = msg % {'host': host}
LOG.error(msg)
raise exception.Unauthorized(msg)
def federated_sso_auth(self, context, protocol_id):
try:
remote_id_name = utils.get_remote_id_parameter(protocol_id)
remote_id = context["environment"][remote_id_name]
except KeyError:
msg = _("Missing entity ID from environment")
LOG.error(msg)
raise exception.Unauthorized(msg)
if "origin" in context["query_string"]:
origin = context["query_string"].get("origin")
host = urllib.parse.unquote_plus(origin)
else:
msg = _("Request must have an origin query parameter")
LOG.error(msg)
raise exception.ValidationError(msg)
if host in CONF.federation.trusted_dashboard:
ref = self.federation_api.get_idp_from_remote_id(remote_id)
# NOTE(stevemar): the returned object is a simple dict that
# contains the idp_id and remote_id.
identity_provider = ref["idp_id"]
res = self.federated_authentication(context, identity_provider, protocol_id)
token_id = res.headers["X-Subject-Token"]
return self.render_html_response(host, token_id)
else:
msg = _("%(host)s is not a trusted dashboard host")
msg = msg % {"host": host}
LOG.error(msg)
raise exception.Unauthorized(msg)
def federated_sso_auth(self, context, protocol_id):
try:
remote_id_name = utils.get_remote_id_parameter(protocol_id)
remote_id = context['environment'][remote_id_name]
except KeyError:
msg = _('Missing entity ID from environment')
LOG.error(msg)
raise exception.Unauthorized(msg)
host = self._get_sso_origin_host(context)
ref = self.federation_api.get_idp_from_remote_id(remote_id)
# NOTE(stevemar): the returned object is a simple dict that
# contains the idp_id and remote_id.
identity_provider = ref['idp_id']
res = self.federated_authentication(context, identity_provider,
protocol_id)
token_id = res.headers['X-Subject-Token']
return self.render_html_response(host, token_id)
def federated_sso_auth(self, context, protocol_id):
try:
remote_id_name = utils.get_remote_id_parameter(protocol_id)
remote_id = context['environment'][remote_id_name]
except KeyError:
msg = _('Missing entity ID from environment')
LOG.error(msg)
raise exception.Unauthorized(msg)
host = self._get_sso_origin_host(context)
ref = self.federation_api.get_idp_from_remote_id(remote_id)
# NOTE(stevemar): the returned object is a simple dict that
# contains the idp_id and remote_id.
identity_provider = ref['idp_id']
res = self.federated_authentication(context, identity_provider,
protocol_id)
token_id = res.headers['X-Subject-Token']
return self.render_html_response(host, token_id)