def saml_validateTicket(request): """ Method expects 2 GET parameters: 'ticket' & 'sendback' After a CAS Login: Redirects the request based on the GET param 'ticket' Unauthorized Users are redirected to '/' In the event of failure. Authorized Users are redirected to the GET param 'sendback' """ redirect_logout_url = settings.REDIRECT_URL + "/login/" no_user_url = settings.REDIRECT_URL + "/no_user/" logger.debug('GET Variables:%s' % request.GET) ticket = request.GET.get('ticket', None) if not ticket: logger.warn("No Ticket received in GET string " "-- Logout user: %s" % redirect_logout_url) return HttpResponseRedirect(redirect_logout_url) logger.debug("ServiceValidate endpoint includes a ticket." " Ticket must now be validated with SAML") # ReturnLocation set, apply on successful authentication saml_client = get_saml_client() saml_response = saml_client.saml_serviceValidate(ticket) if not saml_response.success: logger.debug("CAS Server did NOT validate ticket:%s" " and included this response:%s" % (ticket, saml_response.xml)) return HttpResponseRedirect(redirect_logout_url) try: user = User.objects.get(username=saml_response.user) except User.DoesNotExist: return HttpResponseRedirect(no_user_url) auth_token = create_session_token(None, user, request, issuer="CAS+SAML") if auth_token is None: logger.warn("Failed to create AuthToken") HttpResponseRedirect(redirect_logout_url) return_to = request.GET.get('sendback') if not return_to: return HttpResponse(saml_response.response, content_type="text/xml; charset=utf-8") return_to += "?token=%s" % auth_token logger.info("Session token created, return to: %s" % return_to) return HttpResponseRedirect(return_to)
def cas_validateTicket(request): """ Method expects 2 GET parameters: 'ticket' & 'sendback' After a CAS Login: Redirects the request based on the GET param 'ticket' Unauthorized Users are redirected to '/' In the event of failure. Authorized Users are redirected to the GET param 'sendback' """ redirect_logout_url = settings.REDIRECT_URL + "/login/" no_user_url = settings.REDIRECT_URL + "/no_user/" logger.debug('GET Variables:%s' % request.GET) ticket = request.GET.get('ticket', None) sendback = request.GET.get('sendback', None) if not ticket: logger.warn("No Ticket received in GET string " "-- Logout user: %s" % redirect_logout_url) return HttpResponseRedirect(redirect_logout_url) logger.debug("ServiceValidate endpoint includes a ticket." " Ticket must now be validated with CAS") # ReturnLocation set, apply on successful authentication caslib = get_cas_client() caslib.service_url = cas_set_redirect_url(sendback, request) cas_response = caslib.cas_serviceValidate(ticket) if not cas_response.success: logger.debug("CAS Server did NOT validate ticket:%s" " and included this response:%s (Err:%s)" % (ticket, cas_response.object, cas_response.error_str)) return HttpResponseRedirect(redirect_logout_url) if not cas_response.user: logger.debug("User attribute missing from cas response!" "This may require a fix to caslib.py") return HttpResponseRedirect(redirect_logout_url) if not cas_response.proxy_granting_ticket: logger.error("""Proxy Granting Ticket missing! Atmosphere requires CAS proxy as a service to authenticate users. Possible Causes: * ServerName variable is wrong in /etc/apache2/apache2.conf * Proxy URL does not exist * Proxy URL is not a valid RSA-2/VeriSigned SSL certificate * /etc/host and hostname do not match machine.""") return HttpResponseRedirect(redirect_logout_url) updated = cas_updateUserProxy( cas_response.user, cas_response.proxy_granting_ticket) if not updated: return HttpResponseRedirect(redirect_logout_url) logger.info("Updated proxy for <%s> -- Auth success!" % cas_response.user) try: user = User.objects.get(username=cas_response.user) except User.DoesNotExist: return HttpResponseRedirect(no_user_url) auth_token = create_session_token(None, user, request, issuer="CAS") if auth_token is None: logger.warn("Failed to create AuthToken") HttpResponseRedirect(redirect_logout_url) return_to = request.GET['sendback'] logger.info("Session token created, User logged in, return to: %s" % return_to) return HttpResponseRedirect(return_to)
def cas_validateTicket(request): """ Method expects 2 GET parameters: 'ticket' & 'sendback' After a CAS Login: Redirects the request based on the GET param 'ticket' Unauthorized Users are redirected to '/' In the event of failure. Authorized Users are redirected to the GET param 'sendback' """ redirect_logout_url = settings.REDIRECT_URL + "/login/" no_user_url = settings.REDIRECT_URL + "/no_user/" logger.debug('GET Variables:%s' % request.GET) ticket = request.GET.get('ticket', None) sendback = request.GET.get('sendback', None) if not ticket: logger.warn("No Ticket received in GET string " "-- Logout user: %s" % redirect_logout_url) return HttpResponseRedirect(redirect_logout_url) logger.debug("ServiceValidate endpoint includes a ticket." " Ticket must now be validated with CAS") # ReturnLocation set, apply on successful authentication caslib = get_cas_client() caslib.service_url = cas_set_redirect_url(sendback, request) cas_response = caslib.cas_serviceValidate(ticket) if not cas_response.success: logger.debug("CAS Server did NOT validate ticket:%s" " and included this response:%s (Err:%s)" % (ticket, cas_response.object, cas_response.error_str)) return HttpResponseRedirect(redirect_logout_url) if not cas_response.user: logger.debug("User attribute missing from cas response!" "This may require a fix to caslib.py") return HttpResponseRedirect(redirect_logout_url) if not cas_response.proxy_granting_ticket: logger.error("""Proxy Granting Ticket missing! Atmosphere requires CAS proxy as a service to authenticate users. Possible Causes: * ServerName variable is wrong in /etc/apache2/apache2.conf * Proxy URL does not exist * Proxy URL is not a valid RSA-2/VeriSigned SSL certificate * /etc/host and hostname do not match machine.""") return HttpResponseRedirect(redirect_logout_url) updated = cas_updateUserProxy(cas_response.user, cas_response.proxy_granting_ticket) if not updated: return HttpResponseRedirect(redirect_logout_url) logger.info("Updated proxy for <%s> -- Auth success!" % cas_response.user) try: user = User.objects.get(username=cas_response.user) except User.DoesNotExist: return HttpResponseRedirect(no_user_url) auth_token = create_session_token(None, user, request, issuer="CAS") if auth_token is None: logger.warn("Failed to create AuthToken") HttpResponseRedirect(redirect_logout_url) return_to = request.GET['sendback'] logger.info("Session token created, User logged in, return to: %s" % return_to) return HttpResponseRedirect(return_to)