Exemplo n.º 1
0
    def create_authz_decision_query_response(cls):
        """Helper method for Authz Decision Response"""
        response = Response()
        now = datetime.utcnow()
        response.issueInstant = now
        
        # Make up a request ID that this response is responding to
        response.inResponseTo = str(uuid4())
        response.id = str(uuid4())
        response.version = SAMLVersion(SAMLVersion.VERSION_20)
            
        response.issuer = Issuer()
        response.issuer.format = Issuer.X509_SUBJECT
        response.issuer.value = cls.ISSUER_DN
        
        response.status = Status()
        response.status.statusCode = StatusCode()
        response.status.statusCode.value = StatusCode.SUCCESS_URI
        response.status.statusMessage = StatusMessage()        
        response.status.statusMessage.value = "Response created successfully"
           
        assertion = Assertion()
        assertion.version = SAMLVersion(SAMLVersion.VERSION_20)
        assertion.id = str(uuid4())
        assertion.issueInstant = now
        
        authzDecisionStatement = AuthzDecisionStatement()
        authzDecisionStatement.decision = DecisionType.PERMIT
        authzDecisionStatement.resource = cls.RESOURCE_URI
        authzDecisionStatement.actions.append(Action())
        authzDecisionStatement.actions[-1].namespace = Action.GHPP_NS_URI
        authzDecisionStatement.actions[-1].value = Action.HTTP_GET_ACTION
        assertion.authzDecisionStatements.append(authzDecisionStatement)
        
        # Add a conditions statement for a validity of 8 hours
        assertion.conditions = Conditions()
        assertion.conditions.notBefore = now
        assertion.conditions.notOnOrAfter = now + timedelta(seconds=60*60*8)
               
        assertion.subject = Subject()  
        assertion.subject.nameID = NameID()
        assertion.subject.nameID.format = cls.NAMEID_FORMAT
        assertion.subject.nameID.value = cls.NAMEID_VALUE    
            
        assertion.issuer = Issuer()
        assertion.issuer.format = Issuer.X509_SUBJECT
        assertion.issuer.value = cls.ISSUER_DN

        response.assertions.append(assertion)
        
        return response
Exemplo n.º 2
0
        def authzDecisionQuery(query, response):
            now = datetime.utcnow()
            response.issueInstant = now

            # Make up a request ID that this response is responding to
            response.inResponseTo = query.id
            response.id = str(uuid4())
            response.version = SAMLVersion(SAMLVersion.VERSION_20)

            response.status = Status()
            response.status.statusCode = StatusCode()
            response.status.statusCode.value = StatusCode.SUCCESS_URI
            response.status.statusMessage = StatusMessage()
            response.status.statusMessage.value = \
                                                "Response created successfully"

            assertion = Assertion()
            assertion.version = SAMLVersion(SAMLVersion.VERSION_20)
            assertion.id = str(uuid4())
            assertion.issueInstant = now

            authzDecisionStatement = AuthzDecisionStatement()
            authzDecisionStatement.decision = DecisionType.PERMIT
            authzDecisionStatement.resource = \
                TestAuthorisationServiceMiddleware.RESOURCE_URI
            authzDecisionStatement.actions.append(Action())
            authzDecisionStatement.actions[-1].namespace = Action.GHPP_NS_URI
            authzDecisionStatement.actions[-1].value = Action.HTTP_GET_ACTION
            assertion.authzDecisionStatements.append(authzDecisionStatement)

            # Add a conditions statement for a validity of 8 hours
            assertion.conditions = Conditions()
            assertion.conditions.notBefore = now
            assertion.conditions.notOnOrAfter = now + timedelta(seconds=60 *
                                                                60 * 8)

            assertion.subject = Subject()
            assertion.subject.nameID = NameID()
            assertion.subject.nameID.format = query.subject.nameID.format
            assertion.subject.nameID.value = query.subject.nameID.value

            assertion.issuer = Issuer()
            assertion.issuer.format = Issuer.X509_SUBJECT
            assertion.issuer.value = \
                                    TestAuthorisationServiceMiddleware.ISSUER_DN

            response.assertions.append(assertion)
            return response
     def authzDecisionQuery(query, response):
         now = datetime.utcnow()
         response.issueInstant = now
         
         # Make up a request ID that this response is responding to
         response.inResponseTo = query.id
         response.id = str(uuid4())
         response.version = SAMLVersion(SAMLVersion.VERSION_20)
         
         response.status = Status()
         response.status.statusCode = StatusCode()
         response.status.statusCode.value = StatusCode.SUCCESS_URI
         response.status.statusMessage = StatusMessage()        
         response.status.statusMessage.value = \
                                             "Response created successfully"
            
         assertion = Assertion()
         assertion.version = SAMLVersion(SAMLVersion.VERSION_20)
         assertion.id = str(uuid4())
         assertion.issueInstant = now
         
         authzDecisionStatement = AuthzDecisionStatement()
         authzDecisionStatement.decision = DecisionType.PERMIT
         authzDecisionStatement.resource = \
             TestAuthorisationServiceMiddleware.RESOURCE_URI
         authzDecisionStatement.actions.append(Action())
         authzDecisionStatement.actions[-1].namespace = Action.GHPP_NS_URI
         authzDecisionStatement.actions[-1].value = Action.HTTP_GET_ACTION
         assertion.authzDecisionStatements.append(authzDecisionStatement)
         
         # Add a conditions statement for a validity of 8 hours
         assertion.conditions = Conditions()
         assertion.conditions.notBefore = now
         assertion.conditions.notOnOrAfter = now + timedelta(seconds=60*60*8)
                
         assertion.subject = Subject()  
         assertion.subject.nameID = NameID()
         assertion.subject.nameID.format = query.subject.nameID.format
         assertion.subject.nameID.value = query.subject.nameID.value
             
         assertion.issuer = Issuer()
         assertion.issuer.format = Issuer.X509_SUBJECT
         assertion.issuer.value = \
                                 TestAuthorisationServiceMiddleware.ISSUER_DN
 
         response.assertions.append(assertion)
         return response
     def authzDecisionQuery(query, response):
         """Authorisation Decision Query interface called by the next 
         middleware in the stack the SAML SOAP Query interface middleware 
         instance
         (ndg.saml.saml2.binding.soap.server.wsgi.queryinterface.SOAPQueryInterfaceMiddleware)
         """
         now = datetime.utcnow()
         response.issueInstant = now
         
         # Make up a request ID that this response is responding to
         response.inResponseTo = query.id
         response.id = str(uuid4())
         response.version = SAMLVersion(SAMLVersion.VERSION_20)
         
         response.status = Status()
         response.status.statusCode = StatusCode()
         response.status.statusCode.value = StatusCode.SUCCESS_URI
         response.status.statusMessage = StatusMessage()        
         response.status.statusMessage.value = \
                                             "Response created successfully"
            
         assertion = Assertion()
         assertion.version = SAMLVersion(SAMLVersion.VERSION_20)
         assertion.id = str(uuid4())
         assertion.issueInstant = now
         
         authzDecisionStatement = AuthzDecisionStatement()
         
         # Make some simple logic to simulate a full access policy
         if query.resource == self.__class__.RESOURCE_URI:
             if query.actions[0].value == Action.HTTP_GET_ACTION:
                 authzDecisionStatement.decision = DecisionType.PERMIT
             else:
                 authzDecisionStatement.decision = DecisionType.DENY
         else:
             authzDecisionStatement.decision = DecisionType.INDETERMINATE
             
         authzDecisionStatement.resource = query.resource
             
         authzDecisionStatement.actions.append(Action())
         authzDecisionStatement.actions[-1].namespace = Action.GHPP_NS_URI
         authzDecisionStatement.actions[-1].value = Action.HTTP_GET_ACTION
         assertion.authzDecisionStatements.append(authzDecisionStatement)
         
         # Add a conditions statement for a validity of 8 hours
         assertion.conditions = Conditions()
         assertion.conditions.notBefore = now
         assertion.conditions.notOnOrAfter = now + timedelta(seconds=60*60*8)
                
         assertion.subject = Subject()  
         assertion.subject.nameID = NameID()
         assertion.subject.nameID.format = query.subject.nameID.format
         assertion.subject.nameID.value = query.subject.nameID.value
             
         assertion.issuer = Issuer()
         assertion.issuer.format = Issuer.X509_SUBJECT
         assertion.issuer.value = \
                                 TestAuthorisationServiceMiddleware.ISSUER_DN
 
         response.assertions.append(assertion)
         return response
Exemplo n.º 5
0
        def authzDecisionQuery(query, response):
            """Authorisation Decision Query interface called by the next 
            middleware in the stack the SAML SOAP Query interface middleware 
            instance
            (ndg.saml.saml2.binding.soap.server.wsgi.queryinterface.SOAPQueryInterfaceMiddleware)
            """
            now = datetime.utcnow()
            response.issueInstant = now

            # Make up a request ID that this response is responding to
            response.inResponseTo = query.id
            response.id = str(uuid4())
            response.version = SAMLVersion(SAMLVersion.VERSION_20)

            response.status = Status()
            response.status.statusCode = StatusCode()
            response.status.statusCode.value = StatusCode.SUCCESS_URI
            response.status.statusMessage = StatusMessage()
            response.status.statusMessage.value = \
                                                "Response created successfully"

            assertion = Assertion()
            assertion.version = SAMLVersion(SAMLVersion.VERSION_20)
            assertion.id = str(uuid4())
            assertion.issueInstant = now

            authzDecisionStatement = AuthzDecisionStatement()

            # Make some simple logic to simulate a full access policy
            if query.resource == self.__class__.RESOURCE_URI:
                if query.actions[0].value == Action.HTTP_GET_ACTION:
                    authzDecisionStatement.decision = DecisionType.PERMIT
                else:
                    authzDecisionStatement.decision = DecisionType.DENY
            else:
                authzDecisionStatement.decision = DecisionType.INDETERMINATE

            authzDecisionStatement.resource = query.resource

            authzDecisionStatement.actions.append(Action())
            authzDecisionStatement.actions[-1].namespace = Action.GHPP_NS_URI
            authzDecisionStatement.actions[-1].value = Action.HTTP_GET_ACTION
            assertion.authzDecisionStatements.append(authzDecisionStatement)

            # Add a conditions statement for a validity of 8 hours
            assertion.conditions = Conditions()
            assertion.conditions.notBefore = now
            assertion.conditions.notOnOrAfter = now + timedelta(seconds=60 *
                                                                60 * 8)

            assertion.subject = Subject()
            assertion.subject.nameID = NameID()
            assertion.subject.nameID.format = query.subject.nameID.format
            assertion.subject.nameID.value = query.subject.nameID.value

            assertion.issuer = Issuer()
            assertion.issuer.format = Issuer.X509_SUBJECT
            assertion.issuer.value = \
                                    TestAuthorisationServiceMiddleware.ISSUER_DN

            response.assertions.append(assertion)
            return response