def artifact_resolve(request, soap_message):
'''Resolve a SAMLv1.1 ArtifactResolve request
'''
server = create_idff12_server(request, reverse(metadata))
login = lasso.Login(server)
try:
login.processRequestMsg(soap_message)
except:
raise
logging.debug('ID-FFv1.2 artifact resolve %r' % soap_message)
liberty_artifact = LibertyArtifact.objects.get(
artifact = login.assertionArtifact)
if liberty_artifact:
liberty_artifact.delete()
provider_id = liberty_artifact.provider_id
load_provider(request, provider_id, server=login.server)
load_session(request, login,
session_key = liberty_artifact.django_session_key)
logging.info('ID-FFv1.2 artifact resolve from %r for artifact %r' % (
provider_id, login.assertionArtifact))
else:
logging.warning('ID-FFv1.2 no artifact found for %r' % login.assertionArtifact)
provider_id = None
return finish_artifact_resolve(request, login, provider_id,
session_key = liberty_artifact.django_session_key)
def artifact_resolve(request, soap_message):
'''Resolve a SAMLv1.1 ArtifactResolve request
'''
server = create_idff12_server(request, reverse(metadata))
login = lasso.Login(server)
try:
login.processRequestMsg(soap_message)
except:
raise
logging.debug('ID-FFv1.2 artifact resolve %r' % soap_message)
liberty_artifact = LibertyArtifact.objects.get(
artifact=login.assertionArtifact)
if liberty_artifact:
liberty_artifact.delete()
provider_id = liberty_artifact.provider_id
load_provider(request, provider_id, server=login.server)
load_session(request,
login,
session_key=liberty_artifact.django_session_key)
logging.info('ID-FFv1.2 artifact resolve from %r for artifact %r' %
(provider_id, login.assertionArtifact))
else:
logging.warning('ID-FFv1.2 no artifact found for %r' %
login.assertionArtifact)
provider_id = None
return finish_artifact_resolve(
request,
login,
provider_id,
session_key=liberty_artifact.django_session_key)
def sso_after_process_request(request, login,
consent_obtained = True, user = None, save = True):
'''Common path for sso and idp_initiated_sso.
consent_obtained: whether the user has given his consent to this federation
user: the user which must be federated, if None, current user is the default.
save: whether to save the result of this transaction or not.
'''
if user is None:
user = request.user
# Flags possible:
# - consent
# - isPassive
# - forceAuthn
#
# 3. TODO: Check for permission
if login.mustAuthenticate():
# TODO:
# check that it exists a login transaction for this request id
# - if there is, then provoke one with a redirect to
# login?next=<current_url>
# - if there is then set user_authenticated to the result of the
# login event
# Work around lack of informations returned by mustAuthenticate()
if login.request.forceAuthn or request.user.is_anonymous():
return redirect_to_login(request.get_full_path())
else:
user_authenticated = True
else:
user_authenticated = not request.user.is_anonymous()
# 3.1 Ask for consent
if user_authenticated:
# TODO: for autoloaded providers always ask for consent
if login.mustAskForConsent() or not consent_obtained:
# TODO: replace False by check against request id
if False:
consent_obtained = True
# i.e. redirect to /idp/consent?id=requestId
# then check that Consent(id=requestId) exists in the database
else:
return HttpResponseRedirect('consent_federation?id=%s&next=%s' %
( login.request.requestId,
urllib.quote(request.get_full_path())) )
# 4. Validate the request, passing authentication and consent status
try:
login.validateRequestMsg(user_authenticated, consent_obtained)
except:
raise
do_federation = False
else:
do_federation = True
# 5. Lookup the federations
if do_federation:
load_federation(request, login, user)
load_session(request, login)
# 3. Build and assertion, fill attributes
build_assertion(request, login)
return finish_sso(request, login, user = user, save = save)
def sso_after_process_request(request,
login,
consent_obtained=True,
user=None,
save=True):
'''Common path for sso and idp_initiated_sso.
consent_obtained: whether the user has given his consent to this federation
user: the user which must be federated, if None, current user is the default.
save: whether to save the result of this transaction or not.
'''
if user is None:
user = request.user
# Flags possible:
# - consent
# - isPassive
# - forceAuthn
#
# 3. TODO: Check for permission
if login.mustAuthenticate():
# TODO:
# check that it exists a login transaction for this request id
# - if there is, then provoke one with a redirect to
# login?next=<current_url>
# - if there is then set user_authenticated to the result of the
# login event
# Work around lack of informations returned by mustAuthenticate()
if login.request.forceAuthn or request.user.is_anonymous():
return redirect_to_login(request.get_full_path())
else:
user_authenticated = True
else:
user_authenticated = not request.user.is_anonymous()
# 3.1 Ask for consent
if user_authenticated:
# TODO: for autoloaded providers always ask for consent
if login.mustAskForConsent() or not consent_obtained:
# TODO: replace False by check against request id
if False:
consent_obtained = True
# i.e. redirect to /idp/consent?id=requestId
# then check that Consent(id=requestId) exists in the database
else:
return HttpResponseRedirect(
'consent_federation?id=%s&next=%s' %
(login.request.requestId,
urllib.quote(request.get_full_path())))
# 4. Validate the request, passing authentication and consent status
try:
login.validateRequestMsg(user_authenticated, consent_obtained)
except:
raise
do_federation = False
else:
do_federation = True
# 5. Lookup the federations
if do_federation:
load_federation(request, login, user)
load_session(request, login)
# 3. Build and assertion, fill attributes
build_assertion(request, login)
return finish_sso(request, login, user=user, save=save)
