def test_request_to_discovery_service(self): disc_url = "http://example.com/saml2/idp/disc" url = discovery_service_request_url("urn:mace:example.com:saml:roland:sp", disc_url) print url assert url == "http://example.com/saml2/idp/disc?entityID=urn%3Amace%3Aexample.com%3Asaml%3Aroland%3Asp" url = discovery_service_request_url( self.client.config.entityid, disc_url, return_url= "http://example.org/saml2/sp/ds") print url assert url == "http://example.com/saml2/idp/disc?entityID=urn%3Amace%3Aexample.com%3Asaml%3Aroland%3Asp&return=http%3A%2F%2Fexample.org%2Fsaml2%2Fsp%2Fds"
def _pick_idp(self, environ, came_from): """ If more than one idp and if none is selected, I have to do wayf or disco """ # check headers to see if it's an ECP request # headers = { # 'Accept' : 'text/html; application/vnd.paos+xml', # 'PAOS' : 'ver="%s";"%s"' % (paos.NAMESPACE, SERVICE) # } logger.info("[_pick_idp] %s" % environ) if "HTTP_PAOS" in environ: if environ["HTTP_PAOS"] == PAOS_HEADER_INFO: if 'application/vnd.paos+xml' in environ["HTTP_ACCEPT"]: # Where should I redirect the user to # entityid -> the IdP to use # relay_state -> when back from authentication logger.info("- ECP client detected -") _relay_state = construct_came_from(environ) _entityid = self.saml_client.config.ecp_endpoint( environ["REMOTE_ADDR"]) if not _entityid: return -1, HTTPInternalServerError( detail="No IdP to talk to" ) logger.info("IdP to talk to: %s" % _entityid) return ecp.ecp_auth_request(self.saml_client, _entityid, _relay_state) else: return -1, HTTPInternalServerError( detail='Faulty Accept header') else: return -1, HTTPInternalServerError( detail='unknown ECP version') idps = self.metadata.with_descriptor("idpsso") logger.info("IdP URL: %s" % idps) if len( idps ) == 1: # idps is a dictionary idp_entity_id = idps.keys()[0] elif not len(idps): return -1, HTTPInternalServerError(detail='Misconfiguration') else: idp_entity_id = "" logger.info("ENVIRON: %s" % environ) query = environ.get('s2repoze.body','') if not query: query = environ.get("QUERY_STRING","") logger.info("<_pick_idp> query: %s" % query) if self.wayf: if query: try: wayf_selected = dict(parse_qs(query))["wayf_selected"][0] except KeyError: return self._wayf_redirect(came_from) idp_entity_id = wayf_selected else: return self._wayf_redirect(came_from) elif self.discovery: if query: idp_entity_id = discovery_service_response( query=environ.get("QUERY_STRING")) else: sid_ = sid() self.outstanding_queries[sid_] = came_from logger.info("Redirect to Discovery Service function") eid = self.saml_client.config.entity_id loc = discovery_service_request_url(eid, self.discovery) return -1, HTTPSeeOther(headers = [('Location',loc)]) else: return -1, HTTPNotImplemented(detail='No WAYF or DJ present!') logger.info("Choosen IdP: '%s'" % idp_entity_id) return 0, idp_entity_id
def _pick_idp(self, environ, came_from): """ If more than one idp and if none is selected, I have to do wayf or disco """ # check headers to see if it's an ECP request # headers = { # 'Accept' : 'text/html; application/vnd.paos+xml', # 'PAOS' : 'ver="%s";"%s"' % (paos.NAMESPACE, SERVICE) # } logger.info("[_pick_idp] %s" % environ) if "HTTP_PAOS" in environ: if environ["HTTP_PAOS"] == PAOS_HEADER_INFO: if 'application/vnd.paos+xml' in environ["HTTP_ACCEPT"]: # Where should I redirect the user to # entityid -> the IdP to use # relay_state -> when back from authentication logger.info("- ECP client detected -") _relay_state = construct_came_from(environ) _entityid = self.saml_client.config.ecp_endpoint( environ["REMOTE_ADDR"]) if not _entityid: return -1, HTTPInternalServerError( detail="No IdP to talk to") logger.info("IdP to talk to: %s" % _entityid) return ecp.ecp_auth_request(self.saml_client, _entityid, _relay_state) else: return -1, HTTPInternalServerError( detail='Faulty Accept header') else: return -1, HTTPInternalServerError( detail='unknown ECP version') idps = self.metadata.with_descriptor("idpsso") logger.info("IdP URL: %s" % idps) if len(idps) == 1: # idps is a dictionary idp_entity_id = idps.keys()[0] elif not len(idps): return -1, HTTPInternalServerError(detail='Misconfiguration') else: idp_entity_id = "" logger.info("ENVIRON: %s" % environ) query = environ.get('s2repoze.body', '') if not query: query = environ.get("QUERY_STRING", "") logger.info("<_pick_idp> query: %s" % query) if self.wayf: if query: try: wayf_selected = dict( parse_qs(query))["wayf_selected"][0] except KeyError: return self._wayf_redirect(came_from) idp_entity_id = wayf_selected else: return self._wayf_redirect(came_from) elif self.discovery: if query: idp_entity_id = discovery_service_response( query=environ.get("QUERY_STRING")) else: sid_ = sid() self.outstanding_queries[sid_] = came_from logger.info("Redirect to Discovery Service function") eid = self.saml_client.config.entity_id loc = discovery_service_request_url(eid, self.discovery) return -1, HTTPSeeOther(headers=[('Location', loc)]) else: return -1, HTTPNotImplemented(detail='No WAYF or DJ present!') logger.info("Choosen IdP: '%s'" % idp_entity_id) return 0, idp_entity_id