def _handle_backend_error(self, exception, idp):
"""
See super class satosa.frontends.base.FrontendModule
:type exception: satosa.exception.SATOSAAuthenticationError
:type idp: saml.server.Server
:rtype: satosa.response.Response
:param exception: The SATOSAAuthenticationError
:param idp: The saml frontend idp server
:return: A response
"""
loaded_state = self.load_state(exception.state)
relay_state = loaded_state["relay_state"]
resp_args = loaded_state["resp_args"]
error_resp = idp.create_error_response(resp_args["in_response_to"],
resp_args["destination"],
Exception(exception.message))
http_args = idp.apply_binding(
resp_args["binding"], "%s" % error_resp,
resp_args["destination"],
relay_state, response=True)
satosa_logging(LOGGER, logging.DEBUG, "HTTPargs: %s" % http_args, exception.state)
return response(resp_args["binding"], http_args)
def _handle_backend_error(self, exception, idp):
"""
See super class satosa.frontends.base.FrontendModule
:type exception: satosa.exception.SATOSAAuthenticationError
:type idp: saml.server.Server
:rtype: satosa.response.Response
:param exception: The SATOSAAuthenticationError
:param idp: The saml frontend idp server
:return: A response
"""
loaded_state = self.load_state(exception.state)
relay_state = loaded_state["relay_state"]
resp_args = loaded_state["resp_args"]
error_resp = idp.create_error_response(resp_args["in_response_to"],
resp_args["destination"],
Exception(exception.message))
http_args = idp.apply_binding(
resp_args["binding"], "%s" % error_resp,
resp_args["destination"],
relay_state, response=True)
satosa_logging(LOGGER, logging.DEBUG, "HTTPargs: %s" % http_args, exception.state)
return response(resp_args["binding"], http_args)
def _handle_authn_request(self, context, binding_in, idp):
"""
See doc for handle_authn_request method.
:type context: satosa.context.Context
:type binding_in: str
:type idp: saml.server.Server
:rtype: satosa.response.Response
:param context: The current context
:param binding_in: The pysaml binding type
:param idp: The saml frontend idp server
:return: response
"""
request = context.request
try:
extracted_request = self.extract_request(idp, request["SAMLRequest"], binding_in, context.state)
except UnknownPrincipal as excp:
satosa_logging(LOGGER, logging.ERROR, "UnknownPrincipal", context.state, exc_info=True)
return ServiceError("UnknownPrincipal: %s" % excp)
except UnsupportedBinding as excp:
satosa_logging(LOGGER, logging.ERROR, "UnsupportedBinding", context.state, exc_info=True)
return ServiceError("UnsupportedBinding: %s" % excp)
_binding = extracted_request["resp_args"]["binding"]
if extracted_request["response"]: # An error response
http_args = idp.apply_binding(
_binding,
"%s" % extracted_request["response"],
extracted_request["resp_args"]["destination"],
request["RelayState"],
response=True,
)
satosa_logging(LOGGER, logging.DEBUG, "HTTPargs: %s" % http_args, context.state, exc_info=True)
return response(_binding, http_args)
else:
try:
context.internal_data["saml2.target_entity_id"] = request["entityID"]
except KeyError:
pass
request_state = self.save_state(
context, idp.response_args(extracted_request["authn_req"]), request["RelayState"]
)
context.state.add(self.state_id, request_state)
extensions = idp.metadata.extension(
extracted_request["resp_args"]["sp_entity_id"],
"spsso_descriptor",
"urn:oasis:names:tc:SAML:metadata:ui&UIInfo",
)
requester_name = None
try:
requester_name = extensions[0]["display_name"]
except IndexError:
pass
name_format = None
if "name_id_policy" in extracted_request["req_args"]:
name_format = saml_name_format_to_hash_type(extracted_request["req_args"]["name_id_policy"].format)
if name_format is None:
# default to requesting transient name id
name_format = UserIdHashType.transient
internal_req = InternalRequest(name_format, extracted_request["resp_args"]["sp_entity_id"], requester_name)
# Get attribute filter
idp_policy = idp.config.getattr("policy", "idp")
if idp_policy:
attribute_filter = self.get_filter_attributes(idp, idp_policy, internal_req.requestor, context.state)
internal_req.add_filter(attribute_filter)
return self.auth_req_callback_func(context, internal_req)
def _handle_authn_request(self, context, binding_in, idp):
"""
See doc for handle_authn_request method.
:type context: satosa.context.Context
:type binding_in: str
:type idp: saml.server.Server
:rtype: satosa.response.Response
:param context: The current context
:param binding_in: The pysaml binding type
:param idp: The saml frontend idp server
:return: response
"""
request = context.request
try:
extracted_request = self.extract_request(idp, request["SAMLRequest"], binding_in,
context.state)
except UnknownPrincipal as excp:
satosa_logging(LOGGER, logging.ERROR, "UnknownPrincipal", context.state, exc_info=True)
return ServiceError("UnknownPrincipal: %s" % excp)
except UnsupportedBinding as excp:
satosa_logging(LOGGER, logging.ERROR, "UnsupportedBinding", context.state,
exc_info=True)
return ServiceError("UnsupportedBinding: %s" % excp)
_binding = extracted_request["resp_args"]["binding"]
if extracted_request["response"]: # An error response
http_args = idp.apply_binding(
_binding, "%s" % extracted_request["response"],
extracted_request["resp_args"]["destination"],
request["RelayState"], response=True)
satosa_logging(LOGGER, logging.DEBUG, "HTTPargs: %s" % http_args, context.state,
exc_info=True)
return response(_binding, http_args)
else:
try:
context.internal_data["saml2.target_entity_id"] = request["entityID"]
except KeyError:
pass
request_state = self.save_state(context,
idp.response_args(extracted_request["authn_req"]),
request["RelayState"])
context.state.add(self.state_id, request_state)
extensions = idp.metadata.extension(
extracted_request['resp_args']['sp_entity_id'],
'spsso_descriptor',
'urn:oasis:names:tc:SAML:metadata:ui&UIInfo'
)
requester_name = None
try:
requester_name = extensions[0]['display_name']
except IndexError:
pass
name_format = None
if 'name_id_policy' in extracted_request['req_args']:
name_format = saml_name_format_to_hash_type(
extracted_request['req_args']['name_id_policy'].format)
if name_format is None:
# default to requesting transient name id
name_format = UserIdHashType.transient
internal_req = InternalRequest(name_format,
extracted_request["resp_args"]["sp_entity_id"],
requester_name)
# Get attribute filter
idp_policy = idp.config.getattr("policy", "idp")
if idp_policy:
attribute_filter = self.get_filter_attributes(idp,
idp_policy,
internal_req.requestor,
context.state)
internal_req.add_filter(attribute_filter)
return self.auth_req_callback_func(context, internal_req)
