Esempio n. 1
0
    def federated_sso_auth(self, context, protocol_id):
        try:
            remote_id_name = utils.get_remote_id_parameter(protocol_id)
            remote_id = context['environment'][remote_id_name]
        except KeyError:
            msg = _('Missing entity ID from environment')
            LOG.error(msg)
            raise exception.Unauthorized(msg)

        if 'origin' in context['query_string']:
            origin = context['query_string'].get('origin')
            host = urllib.parse.unquote_plus(origin)
        else:
            msg = _('Request must have an origin query parameter')
            LOG.error(msg)
            raise exception.ValidationError(msg)

        if self._is_trusted_dashboard(host):
            ref = self.federation_api.get_idp_from_remote_id(remote_id)
            # NOTE(stevemar): the returned object is a simple dict that
            # contains the idp_id and remote_id.
            identity_provider = ref['idp_id']
            res = self.federated_authentication(context, identity_provider,
                                                protocol_id)
            token_id = res.headers['X-Subject-Token']
            return self.render_html_response(host, token_id)
        else:
            msg = _('%(host)s is not a trusted dashboard host')
            msg = msg % {'host': host}
            LOG.error(msg)
            raise exception.Unauthorized(msg)
Esempio n. 2
0
    def federated_sso_auth(self, context, protocol_id):
        try:
            remote_id_name = utils.get_remote_id_parameter(protocol_id)
            remote_id = context['environment'][remote_id_name]
        except KeyError:
            msg = _('Missing entity ID from environment')
            LOG.error(msg)
            raise exception.Unauthorized(msg)

        if 'origin' in context['query_string']:
            origin = context['query_string'].get('origin')
            host = urllib.parse.unquote_plus(origin)
        else:
            msg = _('Request must have an origin query parameter')
            LOG.error(msg)
            raise exception.ValidationError(msg)

        if host in CONF.federation.trusted_dashboard:
            ref = self.federation_api.get_idp_from_remote_id(remote_id)
            # NOTE(stevemar): the returned object is a simple dict that
            # contains the idp_id and remote_id.
            identity_provider = ref['idp_id']
            res = self.federated_authentication(context, identity_provider,
                                                protocol_id)
            token_id = res.headers['X-Subject-Token']
            return self.render_html_response(host, token_id)
        else:
            msg = _('%(host)s is not a trusted dashboard host')
            msg = msg % {'host': host}
            LOG.error(msg)
            raise exception.Unauthorized(msg)
Esempio n. 3
0
    def federated_sso_auth(self, context, protocol_id):
        try:
            remote_id_name = utils.get_remote_id_parameter(protocol_id)
            remote_id = context["environment"][remote_id_name]
        except KeyError:
            msg = _("Missing entity ID from environment")
            LOG.error(msg)
            raise exception.Unauthorized(msg)

        if "origin" in context["query_string"]:
            origin = context["query_string"].get("origin")
            host = urllib.parse.unquote_plus(origin)
        else:
            msg = _("Request must have an origin query parameter")
            LOG.error(msg)
            raise exception.ValidationError(msg)

        if host in CONF.federation.trusted_dashboard:
            ref = self.federation_api.get_idp_from_remote_id(remote_id)
            # NOTE(stevemar): the returned object is a simple dict that
            # contains the idp_id and remote_id.
            identity_provider = ref["idp_id"]
            res = self.federated_authentication(context, identity_provider, protocol_id)
            token_id = res.headers["X-Subject-Token"]
            return self.render_html_response(host, token_id)
        else:
            msg = _("%(host)s is not a trusted dashboard host")
            msg = msg % {"host": host}
            LOG.error(msg)
            raise exception.Unauthorized(msg)
Esempio n. 4
0
    def federated_sso_auth(self, context, protocol_id):
        try:
            remote_id_name = utils.get_remote_id_parameter(protocol_id)
            remote_id = context['environment'][remote_id_name]
        except KeyError:
            msg = _('Missing entity ID from environment')
            LOG.error(msg)
            raise exception.Unauthorized(msg)

        host = self._get_sso_origin_host(context)

        ref = self.federation_api.get_idp_from_remote_id(remote_id)
        # NOTE(stevemar): the returned object is a simple dict that
        # contains the idp_id and remote_id.
        identity_provider = ref['idp_id']
        res = self.federated_authentication(context, identity_provider,
                                            protocol_id)
        token_id = res.headers['X-Subject-Token']
        return self.render_html_response(host, token_id)
Esempio n. 5
0
    def federated_sso_auth(self, context, protocol_id):
        try:
            remote_id_name = utils.get_remote_id_parameter(protocol_id)
            remote_id = context['environment'][remote_id_name]
        except KeyError:
            msg = _('Missing entity ID from environment')
            LOG.error(msg)
            raise exception.Unauthorized(msg)

        host = self._get_sso_origin_host(context)

        ref = self.federation_api.get_idp_from_remote_id(remote_id)
        # NOTE(stevemar): the returned object is a simple dict that
        # contains the idp_id and remote_id.
        identity_provider = ref['idp_id']
        res = self.federated_authentication(context, identity_provider,
                                            protocol_id)
        token_id = res.headers['X-Subject-Token']
        return self.render_html_response(host, token_id)