def post(self):
"""Exchange a scoped token for an ECP assertion.
POST /v3/auth/OS-FEDERATION/saml2/ecp
"""
auth = self.request_body_json.get('auth')
validation.lazy_validate(federation_schema.saml_create, auth)
saml_assertion, service_provider = saml.create_base_saml_assertion(
auth)
relay_state_prefix = service_provider['relay_state_prefix']
generator = keystone_idp.ECPGenerator()
ecp_assertion = generator.generate_ecp(saml_assertion,
relay_state_prefix)
headers = _build_response_headers(service_provider)
response = flask.make_response(ecp_assertion.to_string(),
http_client.OK)
for header, value in headers:
response.headers[header] = value
return response
def create_ecp_assertion(self, request, auth):
"""Exchange a scoped token for an ECP assertion.
:param auth: Dictionary that contains a token and service provider ID
:returns: ECP Assertion based on properties from the token
"""
validation.lazy_validate(schema.saml_create, auth)
t = self._create_base_saml_assertion(request.context_dict, auth)
(saml_assertion, service_provider) = t
relay_state_prefix = service_provider['relay_state_prefix']
generator = keystone_idp.ECPGenerator()
ecp_assertion = generator.generate_ecp(saml_assertion,
relay_state_prefix)
headers = self._build_response_headers(service_provider)
return wsgi.render_response(
body=ecp_assertion.to_string(),
status=(http_client.OK, http_client.responses[http_client.OK]),
headers=headers)