def saml2_post_consumer(request):
'''
This is the postback from IDP
'''
# TODO: compare with auth response id
auth_request_id = "retrieve the id"
# Validate the response id against session
__SAMLResponse = base64.b64decode(request.POST['SAMLResponse'])
__SAMLResponse_manager = SAMLResponseManager(
__SAMLResponse.decode('utf-8'))
__SAMLResponse_IDP_Metadata_manager = IDP_metadata_manager(
request.registry.settings['auth.idp.metadata'])
__skip_verification = request.registry.settings.get(
'auth.skip.verify', False)
# TODO: enable auth_request_id
# if __SAMLResponse_manager.is_auth_request_id_ok(auth_request_id)
condition = __SAMLResponse_manager.is_condition_ok()
status = __SAMLResponse_manager.is_status_ok()
signature = __SAMLResponse_manager.is_signature_ok(
__SAMLResponse_IDP_Metadata_manager.get_trusted_pem_filename())
if condition and status and (__skip_verification or signature):
# create a session
identity_parser_class = load_class(
request.registry.settings.get(
'auth.saml.identity_parser',
'edauth.security.basic_identity_parser.BasicIdentityParser'))
saml = __SAMLResponse_manager.get_SAMLResponse()
assertion = saml.get_assertion()
session_id = create_session(request, assertion.get_attributes(),
assertion.get_name_id(),
assertion.get_session_index(),
identity_parser_class)
# Save session id to cookie
headers = remember(request, session_id)
# Get the url saved in RelayState from SAML request, redirect it back to it
# If it's not found, redirect to list of reports
# TODO: Need a landing other page
redirect_url = request.POST.get('RelayState')
if redirect_url:
redirect_url = _get_cipher().decrypt(redirect_url)
else:
redirect_url = request.route_url('list_of_reports')
else:
message = "SAML response failed with Condition: {0}, Status: {1}, Signature: {2}".format(
str(condition), str(status), str(signature))
write_security_event(message, SECURITY_EVENT_TYPE.WARN)
redirect_url = request.route_url('login')
headers = []
return _get_landing_page(request, redirect_url, headers=headers)
def test_condition_ok(self):
manager = SAMLResponseManager(read_resource('SAMLResponse_time_test1.txt'))
self.assertTrue(manager.is_condition_ok())
def test_condition_ok(self):
manager = SAMLResponseManager(
read_resource('SAMLResponse_time_test1.txt'))
self.assertTrue(manager.is_condition_ok())
def test_is_condition_not_ok2(self):
manager = SAMLResponseManager(read_resource('SAMLResponse_time_test2.txt'))
self.assertFalse(manager.is_condition_ok())
def test_is_condition_not_ok2(self):
manager = SAMLResponseManager(
read_resource('SAMLResponse_time_test2.txt'))
self.assertFalse(manager.is_condition_ok())