def get_authn_request(request, came_from, selected_idp, required_loa=None, force_authn=False): # Request the right AuthnContext for workmode # (AL1 for 'personal', AL2 for 'helpdesk' and AL3 for 'admin' by default) if required_loa is None: required_loa = request.registry.settings.get('required_loa', {}) workmode = request.registry.settings.get('workmode') required_loa = required_loa.get(workmode, '') log.debug('Requesting AuthnContext {!r}'.format(required_loa)) kwargs = { "requested_authn_context": RequestedAuthnContext( authn_context_class_ref=AuthnContextClassRef( text=required_loa ) ), "force_authn": str(force_authn).lower(), } client = Saml2Client(request.saml2_config) try: (session_id, info) = client.prepare_for_authenticate( entityid=selected_idp, relay_state=came_from, binding=BINDING_HTTP_REDIRECT, **kwargs ) except TypeError: log.error('Unable to know which IdP to use') raise oq_cache = OutstandingQueriesCache(request.session) oq_cache.set(session_id, came_from) return info
def test_delete(self): oqc = OutstandingQueriesCache({}) oqc.set('session_id', '/next') self.assertEqual(oqc.outstanding_queries(), {'session_id': '/next'}) oqc.delete('session_id') self.assertEqual(oqc.outstanding_queries(), {})
def login_view(request): login_redirect_url = request.registry.settings.get( 'saml2.login_redirect_url', '/') came_from = request.GET.get('next', login_redirect_url) if authenticated_userid(request): return HTTPFound(location=came_from) selected_idp = request.GET.get('idp', None) idps = request.saml2_config.getattr('idp') if selected_idp is None and len(idps) > 1: log.debug('A discovery process is needed') return render_to_response('templates/wayf.jinja2', { 'available_idps': idps.items(), 'came_from': came_from, 'login_url': request.route_url('saml2-login'), }) # Request the right AuthnContext for workmode # (AL1 for 'personal', AL2 for 'helpdesk' and AL3 for 'admin' by default) required_loa = request.registry.settings.get('required_loa', {}) workmode = request.registry.settings.get('workmode') required_loa = required_loa.get(workmode, '') log.debug('Requesting AuthnContext {!r} for workmode {!r}'.format(required_loa, workmode)) kwargs = { "requested_authn_context": RequestedAuthnContext( authn_context_class_ref=AuthnContextClassRef( text=required_loa ) ) } client = Saml2Client(request.saml2_config) try: (session_id, result) = client.prepare_for_authenticate( entityid=selected_idp, relay_state=came_from, binding=BINDING_HTTP_REDIRECT, **kwargs ) except TypeError: log.error('Unable to know which IdP to use') raise oq_cache = OutstandingQueriesCache(request.session) oq_cache.set(session_id, came_from) log.debug('Redirecting the user to the IdP') if not request.is_xhr: return HTTPFound(location=get_location(result)) else: loginurl = request.route_url('saml2-login', _query=(('next', request.path),)) return HTTPXRelocate(loginurl)
def add_outstanding_query(self, came_from): queryUtility = self.testapp.app.registry.queryUtility session_factory = queryUtility(ISessionFactory) request = DummyRequest() session = session_factory(request) session.persist() # ensure that session id is a NCName valid session._sess.id = "a" + session._sess.id oq_cache = OutstandingQueriesCache(session) oq_cache.set(session._sess.id, came_from) session.persist() self.testapp.cookies['beaker.session.id'] = session._sess.id return session._sess.id