Python ecp_auth_requestの例

コード例 #1

ファイル: test_63_ecp.py プロジェクト: GSA/pysaml2

 def test_ecp_authn(self):
     ssid, soap_req = ecp.ecp_auth_request(self.client,
                                         "urn:mace:example.com:saml:roland:idp",
                                         "id1")
     print soap_req
     response = soap.class_instances_from_soap_enveloped_saml_thingies(
                                                                 soap_req,
                                                                 [paos,
                                                                  ecp_prof,
                                                                  samlp])
     print response
     assert len(response["header"]) == 2
     assert response["body"].c_tag == "AuthnRequest"
     assert response["body"].c_namespace == samlp.NAMESPACE
     headers = ["{%s}%s" % (i.c_namespace,
                            i.c_tag) for i in response["header"]]
     print headers
     assert _eq(headers,['{urn:liberty:paos:2003-08}Request',
                 #'{urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp}Request',
                 '{urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp}RelayState'])

コード例 #2

 def test_ecp_authn(self):
     ssid, soap_req = ecp.ecp_auth_request(
         self.client, "urn:mace:example.com:saml:roland:idp", "id1")
     print soap_req
     response = soap.class_instances_from_soap_enveloped_saml_thingies(
         soap_req, [paos, ecp_prof, samlp])
     print response
     assert len(response["header"]) == 2
     assert response["body"].c_tag == "AuthnRequest"
     assert response["body"].c_namespace == samlp.NAMESPACE
     headers = [
         "{%s}%s" % (i.c_namespace, i.c_tag) for i in response["header"]
     ]
     print headers
     assert _eq(
         headers,
         [
             '{urn:liberty:paos:2003-08}Request',
             #'{urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp}Request',
             '{urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp}RelayState'
         ])

コード例 #3

ファイル: sp.py プロジェクト: Goggin/pysaml2

    def _pick_idp(self, came_from):
        """
        If more than one idp and if none is selected, I have to do wayf or
        disco
        """

        _cli = self.sp

        logger.debug("[_pick_idp] %s", self.environ)
        if "HTTP_PAOS" in self.environ:
            if self.environ["HTTP_PAOS"] == PAOS_HEADER_INFO:
                if 'application/vnd.paos+xml' in self.environ["HTTP_ACCEPT"]:
                    # Where should I redirect the user to
                    # entityid -> the IdP to use
                    # relay_state -> when back from authentication

                    logger.debug("- ECP client detected -")

                    _rstate = rndstr()
                    self.cache.relay_state[_rstate] = geturl(self.environ)
                    _entityid = _cli.config.ecp_endpoint(
                        self.environ["REMOTE_ADDR"])

                    if not _entityid:
                        return -1, ServiceError("No IdP to talk to")
                    logger.debug("IdP to talk to: %s", _entityid)
                    return ecp.ecp_auth_request(_cli, _entityid, _rstate)
                else:
                    return -1, ServiceError('Faulty Accept header')
            else:
                return -1, ServiceError('unknown ECP version')

        # Find all IdPs
        idps = self.sp.metadata.with_descriptor("idpsso")

        idp_entity_id = None

        kaka = self.environ.get("HTTP_COOKIE", '')
        if kaka:
            try:
                (idp_entity_id, _) = parse_cookie("ve_disco", "SEED_SAW", kaka)
            except ValueError:
                pass
            except TypeError:
                pass

        # Any specific IdP specified in a query part
        query = self.environ.get("QUERY_STRING")
        if not idp_entity_id and query:
            try:
                _idp_entity_id = dict(parse_qs(query))[
                    self.idp_query_param][0]
                if _idp_entity_id in idps:
                    idp_entity_id = _idp_entity_id
            except KeyError:
                logger.debug("No IdP entity ID in query: %s", query)
                pass

        if not idp_entity_id:

            if self.wayf:
                if query:
                    try:
                        wayf_selected = dict(parse_qs(query))[
                            "wayf_selected"][0]
                    except KeyError:
                        return self._wayf_redirect(came_from)
                    idp_entity_id = wayf_selected
                else:
                    return self._wayf_redirect(came_from)
            elif self.discosrv:
                if query:
                    idp_entity_id = _cli.parse_discovery_service_response(
                        query=self.environ.get("QUERY_STRING"))
                if not idp_entity_id:
                    sid_ = sid()
                    self.cache.outstanding_queries[sid_] = came_from
                    logger.debug("Redirect to Discovery Service function")
                    eid = _cli.config.entityid
                    ret = _cli.config.getattr("endpoints",
                                              "sp")["discovery_response"][0][0]
                    ret += "?sid=%s" % sid_
                    loc = _cli.create_discovery_service_request(
                        self.discosrv, eid, **{"return": ret})
                    return -1, SeeOther(loc)
            elif len(idps) == 1:
                # idps is a dictionary
                idp_entity_id = idps.keys()[0]
            elif not len(idps):
                return -1, ServiceError('Misconfiguration')
            else:
                return -1, NotImplemented("No WAYF or DS present!")

        logger.info("Chosen IdP: '%s'", idp_entity_id)
        return 0, idp_entity_id

コード例 #4

ファイル: sp.py プロジェクト: 5monkeys/pysaml2

    def _pick_idp(self, environ, came_from):
        """ 
        If more than one idp and if none is selected, I have to do wayf or 
        disco
        """

        # check headers to see if it's an ECP request
#        headers = {
#                    'Accept' : 'text/html; application/vnd.paos+xml',
#                    'PAOS'   : 'ver="%s";"%s"' % (paos.NAMESPACE, SERVICE)
#                    }

        _cli = self.saml_client

        logger.info("[_pick_idp] %s" % environ)
        if "HTTP_PAOS" in environ:
            if environ["HTTP_PAOS"] == PAOS_HEADER_INFO:
                if 'application/vnd.paos+xml' in environ["HTTP_ACCEPT"]:
                    # Where should I redirect the user to
                    # entityid -> the IdP to use
                    # relay_state -> when back from authentication

                    logger.info("- ECP client detected -")

                    _relay_state = construct_came_from(environ)
                    _entityid = _cli.config.ecp_endpoint(environ["REMOTE_ADDR"])

                    if not _entityid:
                        return -1, HTTPInternalServerError(
                            detail="No IdP to talk to")
                    logger.info("IdP to talk to: %s" % _entityid)
                    return ecp.ecp_auth_request(_cli, _entityid,
                                                _relay_state)
                else:
                    return -1, HTTPInternalServerError(
                        detail='Faulty Accept header')
            else:
                return -1, HTTPInternalServerError(
                    detail='unknown ECP version')

        idps = self.metadata.with_descriptor("idpsso")
        
        logger.info("IdP URL: %s" % idps)

        idp_entity_id = query = None

        for key in ['s2repoze.body', "QUERY_STRING"]:
            query = environ.get(key)
            if query:
                try:
                    _idp_entity_id = dict(parse_qs(query))[
                        self.idp_query_param][0]
                    if _idp_entity_id in idps:
                        idp_entity_id = _idp_entity_id
                    break
                except KeyError:
                    logger.debug("No IdP entity ID in query: %s" % query)
                    pass

        if idp_entity_id is None:
            if len(idps) == 1:
                # idps is a dictionary
                idp_entity_id = idps.keys()[0]
            elif not len(idps):
                return -1, HTTPInternalServerError(detail='Misconfiguration')
            else:
                idp_entity_id = ""
                logger.info("ENVIRON: %s" % environ)

                if self.wayf:
                    if query:
                        try:
                            wayf_selected = dict(parse_qs(query))[
                                "wayf_selected"][0]
                        except KeyError:
                            return self._wayf_redirect(came_from)
                        idp_entity_id = wayf_selected
                    else:
                        return self._wayf_redirect(came_from)
                elif self.discosrv:
                    if query:
                        idp_entity_id = _cli.parse_discovery_service_response(
                            query=environ.get("QUERY_STRING"))
                    else:
                        sid_ = sid()
                        self.outstanding_queries[sid_] = came_from
                        logger.debug("Redirect to Discovery Service function")
                        eid = _cli.config.entityid
                        ret = _cli.config.getattr(
                            "endpoints", "sp")["discovery_response"][0][0]
                        ret += "?sid=%s" % sid_
                        loc = _cli.create_discovery_service_request(
                            self.discosrv, eid, **{"return": ret})
                        return -1, SeeOther(loc)

                else:
                    return -1, HTTPNotImplemented(
                        detail='No WAYF or DJ present!')

        logger.info("Chosen IdP: '%s'" % idp_entity_id)
        return 0, idp_entity_id

コード例 #5

    def _pick_idp(self, environ, came_from):
        """
        If more than one idp and if none is selected, I have to do wayf or
        disco
        """

        # check headers to see if it's an ECP request
        #        headers = {
        #                    'Accept' : 'text/html; application/vnd.paos+xml',
        #                    'PAOS'   : 'ver="%s";"%s"' % (paos.NAMESPACE,
        # SERVICE)
        #                    }

        _cli = self.saml_client

        logger.info("[_pick_idp] %s" % environ)
        if "HTTP_PAOS" in environ:
            if environ["HTTP_PAOS"] == PAOS_HEADER_INFO:
                if 'application/vnd.paos+xml' in environ["HTTP_ACCEPT"]:
                    # Where should I redirect the user to
                    # entityid -> the IdP to use
                    # relay_state -> when back from authentication

                    logger.info("- ECP client detected -")

                    _relay_state = construct_came_from(environ)
                    _entityid = _cli.config.ecp_endpoint(environ["REMOTE_ADDR"])

                    if not _entityid:
                        return -1, HTTPInternalServerError(
                            detail="No IdP to talk to")
                    logger.info("IdP to talk to: %s" % _entityid)
                    return ecp.ecp_auth_request(_cli, _entityid,
                                                _relay_state)
                else:
                    return -1, HTTPInternalServerError(
                        detail='Faulty Accept header')
            else:
                return -1, HTTPInternalServerError(
                    detail='unknown ECP version')

        idps = self.metadata.with_descriptor("idpsso")

        logger.info("IdP URL: %s" % idps)

        idp_entity_id = query = None

        for key in ['s2repoze.body', "QUERY_STRING"]:
            query = environ.get(key)
            if query:
                try:
                    _idp_entity_id = dict(parse_qs(query))[
                        self.idp_query_param][0]
                    if _idp_entity_id in idps:
                        idp_entity_id = _idp_entity_id
                    break
                except KeyError:
                    logger.debug("No IdP entity ID in query: %s" % query)
                    pass

        if idp_entity_id is None:
            if len(idps) == 1:
                # idps is a dictionary
                idp_entity_id = idps.keys()[0]
            elif not len(idps):
                return -1, HTTPInternalServerError(detail='Misconfiguration')
            else:
                idp_entity_id = ""
                logger.info("ENVIRON: %s" % environ)

                if self.wayf:
                    if query:
                        try:
                            wayf_selected = dict(parse_qs(query))[
                                "wayf_selected"][0]
                        except KeyError:
                            return self._wayf_redirect(came_from)
                        idp_entity_id = wayf_selected
                    else:
                        return self._wayf_redirect(came_from)
                elif self.discosrv:
                    if query:
                        idp_entity_id = _cli.parse_discovery_service_response(
                            query=environ.get("QUERY_STRING"))
                    else:
                        sid_ = sid()
                        self.outstanding_queries[sid_] = came_from
                        logger.debug("Redirect to Discovery Service function")
                        eid = _cli.config.entityid
                        ret = _cli.config.getattr(
                            "endpoints", "sp")["discovery_response"][0][0]
                        ret += "?sid=%s" % sid_
                        loc = _cli.create_discovery_service_request(
                            self.discosrv, eid, **{"return": ret})
                        return -1, SeeOther(loc)

                else:
                    return -1, HTTPNotImplemented(
                        detail='No WAYF or DJ present!')

        logger.info("Chosen IdP: '%s'" % idp_entity_id)
        return 0, idp_entity_id

コード例 #6

ファイル: sp.py プロジェクト: vasukikoppula/pysaml2

    def _pick_idp(self, came_from):
        """
        If more than one idp and if none is selected, I have to do wayf or
        disco
        """

        _cli = self.sp

        logger.debug("[_pick_idp] %s", self.environ)
        if "HTTP_PAOS" in self.environ:
            if self.environ["HTTP_PAOS"] == PAOS_HEADER_INFO:
                if MIME_PAOS in self.environ["HTTP_ACCEPT"]:
                    # Where should I redirect the user to
                    # entityid -> the IdP to use
                    # relay_state -> when back from authentication

                    logger.debug("- ECP client detected -")

                    _rstate = rndstr()
                    self.cache.relay_state[_rstate] = geturl(self.environ)
                    _entityid = _cli.config.ecp_endpoint(
                        self.environ["REMOTE_ADDR"])

                    if not _entityid:
                        return -1, ServiceError("No IdP to talk to")
                    logger.debug("IdP to talk to: %s", _entityid)
                    return ecp.ecp_auth_request(_cli, _entityid, _rstate)
                else:
                    return -1, ServiceError("Faulty Accept header")
            else:
                return -1, ServiceError("unknown ECP version")

        # Find all IdPs
        idps = self.sp.metadata.with_descriptor("idpsso")

        idp_entity_id = None

        kaka = self.environ.get("HTTP_COOKIE", "")
        if kaka:
            try:
                (idp_entity_id, _) = parse_cookie("ve_disco", "SEED_SAW", kaka)
            except ValueError:
                pass
            except TypeError:
                pass

        # Any specific IdP specified in a query part
        query = self.environ.get("QUERY_STRING")
        if not idp_entity_id and query:
            try:
                _idp_entity_id = dict(parse_qs(query))[self.idp_query_param][0]
                if _idp_entity_id in idps:
                    idp_entity_id = _idp_entity_id
            except KeyError:
                logger.debug("No IdP entity ID in query: %s", query)
                pass

        if not idp_entity_id:

            if self.wayf:
                if query:
                    try:
                        wayf_selected = dict(
                            parse_qs(query))["wayf_selected"][0]
                    except KeyError:
                        return self._wayf_redirect(came_from)
                    idp_entity_id = wayf_selected
                else:
                    return self._wayf_redirect(came_from)
            elif self.discosrv:
                if query:
                    idp_entity_id = _cli.parse_discovery_service_response(
                        query=self.environ.get("QUERY_STRING"))
                if not idp_entity_id:
                    sid_ = sid()
                    self.cache.outstanding_queries[sid_] = came_from
                    logger.debug("Redirect to Discovery Service function")
                    eid = _cli.config.entityid
                    ret = _cli.config.getattr("endpoints",
                                              "sp")["discovery_response"][0][0]
                    ret += "?sid=%s" % sid_
                    loc = _cli.create_discovery_service_request(
                        self.discosrv, eid, **{"return": ret})
                    return -1, SeeOther(loc)
            elif len(idps) == 1:
                # idps is a dictionary
                idp_entity_id = list(idps.keys())[0]
            elif not len(idps):
                return -1, ServiceError("Misconfiguration")
            else:
                return -1, NotImplemented("No WAYF or DS present!")

        logger.info("Chosen IdP: '%s'", idp_entity_id)
        return 0, idp_entity_id

コード例 #7

ファイル: sp.py プロジェクト: rohe/actester

    def _pick_idp(self, came_from):
        """
        If more than one idp and if none is selected, I have to do wayf or
        disco
        """

        _cli = self.sp

        logger.info("[_pick_idp] %s" % self.environ)
        if "HTTP_PAOS" in self.environ:
            if self.environ["HTTP_PAOS"] == PAOS_HEADER_INFO:
                if 'application/vnd.paos+xml' in self.environ["HTTP_ACCEPT"]:
                    # Where should I redirect the user to
                    # entityid -> the IdP to use
                    # relay_state -> when back from authentication

                    logger.info("- ECP client detected -")

                    _rstate = rndstr()
                    self.cache.relay_state[_rstate] = geturl(self.environ)
                    _entityid = _cli.config.ecp_endpoint(
                        self.environ["REMOTE_ADDR"])

                    if not _entityid:
                        return -1, ServiceError("No IdP to talk to")
                    logger.info("IdP to talk to: %s" % _entityid)
                    return ecp.ecp_auth_request(_cli, _entityid, _rstate)
                else:
                    return -1, ServiceError('Faulty Accept header')
            else:
                return -1, ServiceError('unknown ECP version')

        # Find all IdPs
        idps = self.sp.metadata.with_descriptor("idpsso")

        idp_entity_id = None

        # Any specific IdP specified in a query part
        query = self.environ.get("QUERY_STRING")
        if query:
            qdict = dict(parse_qs(query))
            try:
                _idp_entity_id = qdict[self.idp_query_param][0]
                if _idp_entity_id in idps:
                    idp_entity_id = _idp_entity_id
            except KeyError:
                logger.debug("No IdP entity ID in query: %s" % query)
                pass

        if idp_entity_id is None:
            if len(idps) == 1:
                # idps is a dictionary
                idp_entity_id = idps.keys()[0]
            elif not len(idps):
                return -1, ServiceError('Misconfiguration')
            else:
                logger.info("ENVIRON: %s" % self.environ)

                if self.wayf:
                    if query:
                        try:
                            wayf_selected = dict(
                                parse_qs(query))["wayf_selected"][0]
                        except KeyError:
                            return self._wayf_redirect(came_from)
                        idp_entity_id = wayf_selected
                    else:
                        return self._wayf_redirect(came_from)
                elif self.discosrv:
                    if query and "foo" in qdict:
                        idp_entity_id = _cli.parse_discovery_service_response(
                            query=query)
                    else:
                        sid_ = sid()
                        SESSIONDB[sid_] = self.kwargs
                        self.cache.outstanding_queries[sid_] = came_from
                        logger.info("Redirect to Discovery Service function")
                        eid = _cli.config.entityid
                        ret = _cli.config.getattr(
                            "endpoints", "sp")["discovery_response"][0][0]
                        ret += "?sid=%s" % sid_
                        loc = _cli.create_discovery_service_request(
                            self.discosrv, eid, **{"return": ret})
                        return -1, SeeOther(headers=[('Location', loc)])
                else:
                    return -1, NotImplemented("No WAYF or DS present!")

        logger.info("Chosen IdP: '%s'" % idp_entity_id)
        return 0, idp_entity_id

コード例 #8

    def _pick_idp(self, environ, came_from):
        """ 
        If more than one idp and if none is selected, I have to do wayf or 
        disco
        """

        # check headers to see if it's an ECP request
        #        headers = {
        #                    'Accept' : 'text/html; application/vnd.paos+xml',
        #                    'PAOS'   : 'ver="%s";"%s"' % (paos.NAMESPACE, SERVICE)
        #                    }

        logger.info("[_pick_idp] %s" % environ)
        if "HTTP_PAOS" in environ:
            if environ["HTTP_PAOS"] == PAOS_HEADER_INFO:
                if 'application/vnd.paos+xml' in environ["HTTP_ACCEPT"]:
                    # Where should I redirect the user to
                    # entityid -> the IdP to use
                    # relay_state -> when back from authentication

                    logger.info("- ECP client detected -")

                    _relay_state = construct_came_from(environ)
                    _entityid = self.saml_client.config.ecp_endpoint(
                        environ["REMOTE_ADDR"])
                    if not _entityid:
                        return -1, HTTPInternalServerError(
                            detail="No IdP to talk to")
                    logger.info("IdP to talk to: %s" % _entityid)
                    return ecp.ecp_auth_request(self.saml_client, _entityid,
                                                _relay_state)
                else:
                    return -1, HTTPInternalServerError(
                        detail='Faulty Accept header')
            else:
                return -1, HTTPInternalServerError(
                    detail='unknown ECP version')

        idps = self.conf.idps()

        logger.info("IdP URL: %s" % idps)

        if len(idps) == 1:
            # idps is a dictionary
            idp_entity_id = idps.keys()[0]
        elif not len(idps):
            return -1, HTTPInternalServerError(detail='Misconfiguration')
        else:
            idp_entity_id = ""
            logger.info("ENVIRON: %s" % environ)
            query = environ.get('s2repoze.body', '')
            if not query:
                query = environ.get("QUERY_STRING", "")

            logger.info("<_pick_idp> query: %s" % query)

            if self.wayf:
                if query:
                    try:
                        wayf_selected = dict(
                            parse_qs(query))["wayf_selected"][0]
                    except KeyError:
                        return self._wayf_redirect(came_from)
                    idp_entity_id = wayf_selected
                else:
                    return self._wayf_redirect(came_from)
            elif self.discovery:
                if query:
                    idp_entity_id = self.saml_client.get_idp_from_discovery_service(
                        query=environ.get("QUERY_STRING"))
                else:
                    sid_ = sid()
                    self.outstanding_queries[sid_] = came_from
                    logger.info("Redirect to Discovery Service function")
                    loc = self.saml_client.request_to_discovery_service(
                        self.discovery)
                    return -1, HTTPSeeOther(headers=[('Location', loc)])
            else:
                return -1, HTTPNotImplemented(detail='No WAYF or DJ present!')

        logger.info("Choosen IdP: '%s'" % idp_entity_id)
        return 0, idp_entity_id

コード例 #9

ファイル: sp.py プロジェクト: evansd/pysaml2

    def _pick_idp(self, environ, came_from):
        """ 
        If more than one idp and if none is selected, I have to do wayf or 
        disco
        """

        # check headers to see if it's an ECP request
#        headers = {
#                    'Accept' : 'text/html; application/vnd.paos+xml',
#                    'PAOS'   : 'ver="%s";"%s"' % (paos.NAMESPACE, SERVICE)
#                    }

        logger.info("[_pick_idp] %s" % environ)
        if "HTTP_PAOS" in environ:
            if environ["HTTP_PAOS"] == PAOS_HEADER_INFO:
                if 'application/vnd.paos+xml' in environ["HTTP_ACCEPT"]:
                    # Where should I redirect the user to
                    # entityid -> the IdP to use
                    # relay_state -> when back from authentication

                    logger.info("- ECP client detected -")

                    _relay_state = construct_came_from(environ)
                    _entityid = self.saml_client.config.ecp_endpoint(
                                                    environ["REMOTE_ADDR"])
                    if not _entityid:
                        return -1, HTTPInternalServerError(
                                        detail="No IdP to talk to"
                        )
                    logger.info("IdP to talk to: %s" % _entityid)
                    return ecp.ecp_auth_request(self.saml_client, _entityid,
                                                _relay_state)
                else:
                    return -1, HTTPInternalServerError(
                                    detail='Faulty Accept header')
            else:
                return -1, HTTPInternalServerError(
                                                detail='unknown ECP version')


        idps = self.conf.idps()
        
        logger.info("IdP URL: %s" % idps)

        if len( idps ) == 1:
            # idps is a dictionary
            idp_entity_id = idps.keys()[0]
        elif not len(idps):
            return -1, HTTPInternalServerError(detail='Misconfiguration')
        else:
            idp_entity_id = ""
            logger.info("ENVIRON: %s" % environ)
            query = environ.get('s2repoze.body','')
            if not query:
                query = environ.get("QUERY_STRING","")
                
            logger.info("<_pick_idp> query: %s" % query)

            if self.wayf:
                if query:
                    try:
                        wayf_selected = dict(parse_qs(query))["wayf_selected"][0]
                    except KeyError:
                        return self._wayf_redirect(came_from)
                    idp_entity_id = wayf_selected
                else:
                    return self._wayf_redirect(came_from)
            elif self.discovery:
                if query:
                    idp_entity_id = self.saml_client.get_idp_from_discovery_service(
                                            query=environ.get("QUERY_STRING"))
                else:
                    sid_ = sid()
                    self.outstanding_queries[sid_] = came_from
                    logger.info("Redirect to Discovery Service function")
                    loc = self.saml_client.request_to_discovery_service(
                                                                self.discovery)
                    return -1, HTTPSeeOther(headers = [('Location',loc)])
            else:
                return -1, HTTPNotImplemented(detail='No WAYF or DJ present!')

        logger.info("Choosen IdP: '%s'" % idp_entity_id)
        return 0, idp_entity_id