def ecp_auth_request(cls, entityid=None, relay_state="", sign=False): """ Makes an authentication request. :param entityid: The entity ID of the IdP to send the request to :param relay_state: To where the user should be returned after successfull log in. :param sign: Whether the request should be signed or not. :return: AuthnRequest response """ eelist = [] # ---------------------------------------- # <paos:Request> # ---------------------------------------- my_url = cls.service_url(BINDING_PAOS) # must_understan and actor according to the standard # paos_request = paos.Request(must_understand="1", actor=ACTOR, response_consumer_url=my_url, service=SERVICE) eelist.append(element_to_extension_element(paos_request)) # ---------------------------------------- # <ecp:Request> # ---------------------------------------- # idp = samlp.IDPEntry( # provider_id = "https://idp.example.org/entity", # name = "Example identity provider", # loc = "https://idp.example.org/saml2/sso", # ) # # idp_list = samlp.IDPList(idp_entry= [idp]) # # ecp_request = ecp.Request(actor = ACTOR, must_understand = "1", # provider_name = "Example Service Provider", # issuer=saml.Issuer(text="https://sp.example.org/entity"), # idp_list = idp_list) # # eelist.append(element_to_extension_element(ecp_request)) # ---------------------------------------- # <ecp:RelayState> # ---------------------------------------- relay_state = ecp.RelayState(actor=ACTOR, must_understand="1", text=relay_state) eelist.append(element_to_extension_element(relay_state)) header = soapenv.Header() header.extension_elements = eelist # ---------------------------------------- # <samlp:AuthnRequest> # ---------------------------------------- logger.info("entityid: %s, binding: %s" % (entityid, BINDING_SOAP)) location = cls._sso_location(entityid, binding=BINDING_SOAP) session_id = sid() authn_req = cls.authn(location, session_id, binding=BINDING_PAOS, service_url_binding=BINDING_PAOS) body = soapenv.Body() body.extension_elements = [element_to_extension_element(authn_req)] # ---------------------------------------- # The SOAP envelope # ---------------------------------------- soap_envelope = soapenv.Envelope(header=header, body=body) return session_id, "%s" % soap_envelope
def create_ecp_authn_request(self, entityid=None, relay_state="", sign=False, **kwargs): """ Makes an authentication request. :param entityid: The entity ID of the IdP to send the request to :param relay_state: A token that can be used by the SP to know where to continue the conversation with the client :param sign: Whether the request should be signed or not. :return: SOAP message with the AuthnRequest """ # ---------------------------------------- # <paos:Request> # ---------------------------------------- my_url = self.service_urls(BINDING_PAOS)[0] # must_understand and act according to the standard # paos_request = paos.Request(must_understand="1", actor=ACTOR, response_consumer_url=my_url, service=ECP_SERVICE) # ---------------------------------------- # <ecp:RelayState> # ---------------------------------------- relay_state = ecp.RelayState(actor=ACTOR, must_understand="1", text=relay_state) # ---------------------------------------- # <samlp:AuthnRequest> # ---------------------------------------- try: authn_req = kwargs["authn_req"] try: req_id = authn_req.id except AttributeError: req_id = 0 # Unknown but since it's SOAP it doesn't matter except KeyError: try: _binding = kwargs["binding"] except KeyError: _binding = BINDING_SOAP kwargs["binding"] = _binding logger.debug("entityid: %s, binding: %s", entityid, _binding) # The IDP publishes support for ECP by using the SOAP binding on # SingleSignOnService _, location = self.pick_binding("single_sign_on_service", [_binding], entity_id=entityid) req_id, authn_req = self.create_authn_request( location, service_url_binding=BINDING_PAOS, **kwargs) # ---------------------------------------- # The SOAP envelope # ---------------------------------------- soap_envelope = make_soap_enveloped_saml_thingy( authn_req, [paos_request, relay_state]) return req_id, "%s" % soap_envelope