def federated_sso_auth(self, context, protocol_id): try: remote_id_name = utils.get_remote_id_parameter(protocol_id) remote_id = context['environment'][remote_id_name] except KeyError: msg = _('Missing entity ID from environment') LOG.error(msg) raise exception.Unauthorized(msg) if 'origin' in context['query_string']: origin = context['query_string'].get('origin') host = urllib.parse.unquote_plus(origin) else: msg = _('Request must have an origin query parameter') LOG.error(msg) raise exception.ValidationError(msg) if self._is_trusted_dashboard(host): ref = self.federation_api.get_idp_from_remote_id(remote_id) # NOTE(stevemar): the returned object is a simple dict that # contains the idp_id and remote_id. identity_provider = ref['idp_id'] res = self.federated_authentication(context, identity_provider, protocol_id) token_id = res.headers['X-Subject-Token'] return self.render_html_response(host, token_id) else: msg = _('%(host)s is not a trusted dashboard host') msg = msg % {'host': host} LOG.error(msg) raise exception.Unauthorized(msg)
def federated_sso_auth(self, context, protocol_id): try: remote_id_name = utils.get_remote_id_parameter(protocol_id) remote_id = context['environment'][remote_id_name] except KeyError: msg = _('Missing entity ID from environment') LOG.error(msg) raise exception.Unauthorized(msg) if 'origin' in context['query_string']: origin = context['query_string'].get('origin') host = urllib.parse.unquote_plus(origin) else: msg = _('Request must have an origin query parameter') LOG.error(msg) raise exception.ValidationError(msg) if host in CONF.federation.trusted_dashboard: ref = self.federation_api.get_idp_from_remote_id(remote_id) # NOTE(stevemar): the returned object is a simple dict that # contains the idp_id and remote_id. identity_provider = ref['idp_id'] res = self.federated_authentication(context, identity_provider, protocol_id) token_id = res.headers['X-Subject-Token'] return self.render_html_response(host, token_id) else: msg = _('%(host)s is not a trusted dashboard host') msg = msg % {'host': host} LOG.error(msg) raise exception.Unauthorized(msg)
def federated_sso_auth(self, context, protocol_id): try: remote_id_name = utils.get_remote_id_parameter(protocol_id) remote_id = context["environment"][remote_id_name] except KeyError: msg = _("Missing entity ID from environment") LOG.error(msg) raise exception.Unauthorized(msg) if "origin" in context["query_string"]: origin = context["query_string"].get("origin") host = urllib.parse.unquote_plus(origin) else: msg = _("Request must have an origin query parameter") LOG.error(msg) raise exception.ValidationError(msg) if host in CONF.federation.trusted_dashboard: ref = self.federation_api.get_idp_from_remote_id(remote_id) # NOTE(stevemar): the returned object is a simple dict that # contains the idp_id and remote_id. identity_provider = ref["idp_id"] res = self.federated_authentication(context, identity_provider, protocol_id) token_id = res.headers["X-Subject-Token"] return self.render_html_response(host, token_id) else: msg = _("%(host)s is not a trusted dashboard host") msg = msg % {"host": host} LOG.error(msg) raise exception.Unauthorized(msg)
def federated_sso_auth(self, context, protocol_id): try: remote_id_name = utils.get_remote_id_parameter(protocol_id) remote_id = context['environment'][remote_id_name] except KeyError: msg = _('Missing entity ID from environment') LOG.error(msg) raise exception.Unauthorized(msg) host = self._get_sso_origin_host(context) ref = self.federation_api.get_idp_from_remote_id(remote_id) # NOTE(stevemar): the returned object is a simple dict that # contains the idp_id and remote_id. identity_provider = ref['idp_id'] res = self.federated_authentication(context, identity_provider, protocol_id) token_id = res.headers['X-Subject-Token'] return self.render_html_response(host, token_id)