def _createAuthzDecisionQuery( self, issuer="/O=Site A/CN=PEP", subject="https://openid.localhost/philip.kershaw", resource=None, action=Action.HTTP_GET_ACTION, actionNs=Action.GHPP_NS_URI): query = AuthzDecisionQuery() query.version = SAMLVersion(SAMLVersion.VERSION_20) query.id = str(uuid4()) query.issueInstant = datetime.utcnow() query.issuer = Issuer() query.issuer.format = Issuer.X509_SUBJECT query.issuer.value = issuer query.subject = Subject() query.subject.nameID = NameID() query.subject.nameID.format = ESGFSamlNamespaces.NAMEID_FORMAT query.subject.nameID.value = subject if resource is None: query.resource = self.__class__.RESOURCE_URI else: query.resource = resource query.actions.append(Action()) query.actions[0].namespace = actionNs query.actions[0].value = action return query
def create_authz_decision_query(self): """Convenience utility to make an Authorisation decision query""" authz_decision_query = AuthzDecisionQuery() self._set_query_common_attrs(authz_decision_query) authz_decision_query.resource = self.resource_id authz_decision_query.actions.append(Action()) authz_decision_query.actions[-1].namespace = self.action_namespace authz_decision_query.actions[-1].value = self.action return authz_decision_query
def _createAuthzDecisionQuery(self, issuer="/O=Site A/CN=PEP", subject="https://openid.localhost/philip.kershaw", resource=None, action=Action.HTTP_GET_ACTION, actionNs=Action.GHPP_NS_URI): query = AuthzDecisionQuery() query.version = SAMLVersion(SAMLVersion.VERSION_20) query.id = str(uuid4()) query.issueInstant = datetime.utcnow() query.issuer = Issuer() query.issuer.format = Issuer.X509_SUBJECT query.issuer.value = issuer query.subject = Subject() query.subject.nameID = NameID() query.subject.nameID.format = ESGFSamlNamespaces.NAMEID_FORMAT query.subject.nameID.value = subject if resource is None: query.resource = self.__class__.RESOURCE_URI else: query.resource = resource query.actions.append(Action()) query.actions[0].namespace = actionNs query.actions[0].value = action return query
def buildAuthzDecisionQuery(self, issuer=ISSUER_DN, issuerFormat=Issuer.X509_SUBJECT, subjectNameID=NAMEID_VALUE, subjectNameIdFormat=NAMEID_FORMAT, resource=UNCORRECTED_RESOURCE_URI, actions=((Action.HTTP_GET_ACTION, Action.GHPP_NS_URI),)): """Convenience utility to make an Authorisation decision query""" authzDecisionQuery = AuthzDecisionQuery() authzDecisionQuery.version = SAMLVersion(SAMLVersion.VERSION_20) authzDecisionQuery.id = str(uuid4()) authzDecisionQuery.issueInstant = datetime.utcnow() authzDecisionQuery.issuer = Issuer() authzDecisionQuery.issuer.format = issuerFormat authzDecisionQuery.issuer.value = issuer authzDecisionQuery.subject = Subject() authzDecisionQuery.subject.nameID = NameID() authzDecisionQuery.subject.nameID.format = subjectNameIdFormat authzDecisionQuery.subject.nameID.value = subjectNameID authzDecisionQuery.resource = resource for action, namespace in actions: authzDecisionQuery.actions.append(Action()) authzDecisionQuery.actions[-1].namespace = namespace authzDecisionQuery.actions[-1].value = action return authzDecisionQuery
def check_access(openid, url=None): query = AuthzDecisionQuery() query.id = str(uuid4()) query.version = SAMLVersion(SAMLVersion.VERSION_20) query.issueInstant = datetime.utcnow() query.issuer = Issuer() query.issuer.format = Issuer.X509_SUBJECT query.issuer.value = "/O=Site A/CN=PEP" query.subject = Subject() query.subject.nameID = NameID() query.subject.nameID.format = "urn:esgf:openid" query.subject.nameID.value = openid if url is None: query.resource = request.url else: query.resource = url query.actions.append(Action()) query.actions[-1].namespace = Action.RWEDC_NS_URI query.actions[-1].value = "Read" binding = AuthzDecisionQuerySslSOAPBinding() binding.clockSkewTolerance = 1. if __auth_url__ is None: raise ValueError("No AUTHORIZATION_SERVICE_ENDPOINT provided.") try: response = binding.send(query, uri=__auth_url__) for assertion in response.assertions: for statement in assertion.authzDecisionStatements: if statement.resource == query.resource: if statement.decision == "Permit": return True else: return False except: raise ValueError("Unable to send authorization query") return False
def _createAuthzDecisionQuery(self): authzDecisionQuery = AuthzDecisionQuery() authzDecisionQuery.version = SAMLVersion(SAMLVersion.VERSION_20) authzDecisionQuery.id = str(uuid4()) authzDecisionQuery.issueInstant = datetime.utcnow() authzDecisionQuery.issuer = Issuer() authzDecisionQuery.issuer.format = Issuer.X509_SUBJECT authzDecisionQuery.issuer.value = SAMLTestCase.ISSUER_DN authzDecisionQuery.subject = Subject() authzDecisionQuery.subject.nameID = NameID() authzDecisionQuery.subject.nameID.format = SAMLTestCase.NAMEID_FORMAT authzDecisionQuery.subject.nameID.value = SAMLTestCase.NAMEID_VALUE authzDecisionQuery.resource = "http://LOCALHOST:80/My Secured URI" return authzDecisionQuery