def create_authz_decision_query_response(cls): """Helper method for Authz Decision Response""" response = Response() now = datetime.utcnow() response.issueInstant = now # Make up a request ID that this response is responding to response.inResponseTo = str(uuid4()) response.id = str(uuid4()) response.version = SAMLVersion(SAMLVersion.VERSION_20) response.issuer = Issuer() response.issuer.format = Issuer.X509_SUBJECT response.issuer.value = cls.ISSUER_DN response.status = Status() response.status.statusCode = StatusCode() response.status.statusCode.value = StatusCode.SUCCESS_URI response.status.statusMessage = StatusMessage() response.status.statusMessage.value = "Response created successfully" assertion = Assertion() assertion.version = SAMLVersion(SAMLVersion.VERSION_20) assertion.id = str(uuid4()) assertion.issueInstant = now authzDecisionStatement = AuthzDecisionStatement() authzDecisionStatement.decision = DecisionType.PERMIT authzDecisionStatement.resource = cls.RESOURCE_URI authzDecisionStatement.actions.append(Action()) authzDecisionStatement.actions[-1].namespace = Action.GHPP_NS_URI authzDecisionStatement.actions[-1].value = Action.HTTP_GET_ACTION assertion.authzDecisionStatements.append(authzDecisionStatement) # Add a conditions statement for a validity of 8 hours assertion.conditions = Conditions() assertion.conditions.notBefore = now assertion.conditions.notOnOrAfter = now + timedelta(seconds=60*60*8) assertion.subject = Subject() assertion.subject.nameID = NameID() assertion.subject.nameID.format = cls.NAMEID_FORMAT assertion.subject.nameID.value = cls.NAMEID_VALUE assertion.issuer = Issuer() assertion.issuer.format = Issuer.X509_SUBJECT assertion.issuer.value = cls.ISSUER_DN response.assertions.append(assertion) return response
def authzDecisionQuery(query, response): now = datetime.utcnow() response.issueInstant = now # Make up a request ID that this response is responding to response.inResponseTo = query.id response.id = str(uuid4()) response.version = SAMLVersion(SAMLVersion.VERSION_20) response.status = Status() response.status.statusCode = StatusCode() response.status.statusCode.value = StatusCode.SUCCESS_URI response.status.statusMessage = StatusMessage() response.status.statusMessage.value = \ "Response created successfully" assertion = Assertion() assertion.version = SAMLVersion(SAMLVersion.VERSION_20) assertion.id = str(uuid4()) assertion.issueInstant = now authzDecisionStatement = AuthzDecisionStatement() authzDecisionStatement.decision = DecisionType.PERMIT authzDecisionStatement.resource = \ TestAuthorisationServiceMiddleware.RESOURCE_URI authzDecisionStatement.actions.append(Action()) authzDecisionStatement.actions[-1].namespace = Action.GHPP_NS_URI authzDecisionStatement.actions[-1].value = Action.HTTP_GET_ACTION assertion.authzDecisionStatements.append(authzDecisionStatement) # Add a conditions statement for a validity of 8 hours assertion.conditions = Conditions() assertion.conditions.notBefore = now assertion.conditions.notOnOrAfter = now + timedelta(seconds=60 * 60 * 8) assertion.subject = Subject() assertion.subject.nameID = NameID() assertion.subject.nameID.format = query.subject.nameID.format assertion.subject.nameID.value = query.subject.nameID.value assertion.issuer = Issuer() assertion.issuer.format = Issuer.X509_SUBJECT assertion.issuer.value = \ TestAuthorisationServiceMiddleware.ISSUER_DN response.assertions.append(assertion) return response
def authzDecisionQuery(query, response): now = datetime.utcnow() response.issueInstant = now # Make up a request ID that this response is responding to response.inResponseTo = query.id response.id = str(uuid4()) response.version = SAMLVersion(SAMLVersion.VERSION_20) response.status = Status() response.status.statusCode = StatusCode() response.status.statusCode.value = StatusCode.SUCCESS_URI response.status.statusMessage = StatusMessage() response.status.statusMessage.value = \ "Response created successfully" assertion = Assertion() assertion.version = SAMLVersion(SAMLVersion.VERSION_20) assertion.id = str(uuid4()) assertion.issueInstant = now authzDecisionStatement = AuthzDecisionStatement() authzDecisionStatement.decision = DecisionType.PERMIT authzDecisionStatement.resource = \ TestAuthorisationServiceMiddleware.RESOURCE_URI authzDecisionStatement.actions.append(Action()) authzDecisionStatement.actions[-1].namespace = Action.GHPP_NS_URI authzDecisionStatement.actions[-1].value = Action.HTTP_GET_ACTION assertion.authzDecisionStatements.append(authzDecisionStatement) # Add a conditions statement for a validity of 8 hours assertion.conditions = Conditions() assertion.conditions.notBefore = now assertion.conditions.notOnOrAfter = now + timedelta(seconds=60*60*8) assertion.subject = Subject() assertion.subject.nameID = NameID() assertion.subject.nameID.format = query.subject.nameID.format assertion.subject.nameID.value = query.subject.nameID.value assertion.issuer = Issuer() assertion.issuer.format = Issuer.X509_SUBJECT assertion.issuer.value = \ TestAuthorisationServiceMiddleware.ISSUER_DN response.assertions.append(assertion) return response
def authzDecisionQuery(query, response): """Authorisation Decision Query interface called by the next middleware in the stack the SAML SOAP Query interface middleware instance (ndg.saml.saml2.binding.soap.server.wsgi.queryinterface.SOAPQueryInterfaceMiddleware) """ now = datetime.utcnow() response.issueInstant = now # Make up a request ID that this response is responding to response.inResponseTo = query.id response.id = str(uuid4()) response.version = SAMLVersion(SAMLVersion.VERSION_20) response.status = Status() response.status.statusCode = StatusCode() response.status.statusCode.value = StatusCode.SUCCESS_URI response.status.statusMessage = StatusMessage() response.status.statusMessage.value = \ "Response created successfully" assertion = Assertion() assertion.version = SAMLVersion(SAMLVersion.VERSION_20) assertion.id = str(uuid4()) assertion.issueInstant = now authzDecisionStatement = AuthzDecisionStatement() # Make some simple logic to simulate a full access policy if query.resource == self.__class__.RESOURCE_URI: if query.actions[0].value == Action.HTTP_GET_ACTION: authzDecisionStatement.decision = DecisionType.PERMIT else: authzDecisionStatement.decision = DecisionType.DENY else: authzDecisionStatement.decision = DecisionType.INDETERMINATE authzDecisionStatement.resource = query.resource authzDecisionStatement.actions.append(Action()) authzDecisionStatement.actions[-1].namespace = Action.GHPP_NS_URI authzDecisionStatement.actions[-1].value = Action.HTTP_GET_ACTION assertion.authzDecisionStatements.append(authzDecisionStatement) # Add a conditions statement for a validity of 8 hours assertion.conditions = Conditions() assertion.conditions.notBefore = now assertion.conditions.notOnOrAfter = now + timedelta(seconds=60*60*8) assertion.subject = Subject() assertion.subject.nameID = NameID() assertion.subject.nameID.format = query.subject.nameID.format assertion.subject.nameID.value = query.subject.nameID.value assertion.issuer = Issuer() assertion.issuer.format = Issuer.X509_SUBJECT assertion.issuer.value = \ TestAuthorisationServiceMiddleware.ISSUER_DN response.assertions.append(assertion) return response
def authzDecisionQuery(query, response): """Authorisation Decision Query interface called by the next middleware in the stack the SAML SOAP Query interface middleware instance (ndg.saml.saml2.binding.soap.server.wsgi.queryinterface.SOAPQueryInterfaceMiddleware) """ now = datetime.utcnow() response.issueInstant = now # Make up a request ID that this response is responding to response.inResponseTo = query.id response.id = str(uuid4()) response.version = SAMLVersion(SAMLVersion.VERSION_20) response.status = Status() response.status.statusCode = StatusCode() response.status.statusCode.value = StatusCode.SUCCESS_URI response.status.statusMessage = StatusMessage() response.status.statusMessage.value = \ "Response created successfully" assertion = Assertion() assertion.version = SAMLVersion(SAMLVersion.VERSION_20) assertion.id = str(uuid4()) assertion.issueInstant = now authzDecisionStatement = AuthzDecisionStatement() # Make some simple logic to simulate a full access policy if query.resource == self.__class__.RESOURCE_URI: if query.actions[0].value == Action.HTTP_GET_ACTION: authzDecisionStatement.decision = DecisionType.PERMIT else: authzDecisionStatement.decision = DecisionType.DENY else: authzDecisionStatement.decision = DecisionType.INDETERMINATE authzDecisionStatement.resource = query.resource authzDecisionStatement.actions.append(Action()) authzDecisionStatement.actions[-1].namespace = Action.GHPP_NS_URI authzDecisionStatement.actions[-1].value = Action.HTTP_GET_ACTION assertion.authzDecisionStatements.append(authzDecisionStatement) # Add a conditions statement for a validity of 8 hours assertion.conditions = Conditions() assertion.conditions.notBefore = now assertion.conditions.notOnOrAfter = now + timedelta(seconds=60 * 60 * 8) assertion.subject = Subject() assertion.subject.nameID = NameID() assertion.subject.nameID.format = query.subject.nameID.format assertion.subject.nameID.value = query.subject.nameID.value assertion.issuer = Issuer() assertion.issuer.format = Issuer.X509_SUBJECT assertion.issuer.value = \ TestAuthorisationServiceMiddleware.ISSUER_DN response.assertions.append(assertion) return response