def authzDecisionQuery(query, response):
now = datetime.utcnow()
response.issueInstant = now
# Make up a request ID that this response is responding to
response.inResponseTo = query.id
response.id = str(uuid4())
response.version = SAMLVersion(SAMLVersion.VERSION_20)
response.status = Status()
response.status.statusCode = StatusCode()
response.status.statusCode.value = StatusCode.SUCCESS_URI
response.status.statusMessage = StatusMessage()
response.status.statusMessage.value = \
"Response created successfully"
assertion = Assertion()
assertion.version = SAMLVersion(SAMLVersion.VERSION_20)
assertion.id = str(uuid4())
assertion.issueInstant = now
authzDecisionStatement = AuthzDecisionStatement()
authzDecisionStatement.decision = DecisionType.PERMIT
authzDecisionStatement.resource = \
TestAuthorisationServiceMiddleware.RESOURCE_URI
authzDecisionStatement.actions.append(Action())
authzDecisionStatement.actions[-1].namespace = Action.GHPP_NS_URI
authzDecisionStatement.actions[-1].value = Action.HTTP_GET_ACTION
assertion.authzDecisionStatements.append(authzDecisionStatement)
# Add a conditions statement for a validity of 8 hours
assertion.conditions = Conditions()
assertion.conditions.notBefore = now
assertion.conditions.notOnOrAfter = now + timedelta(seconds=60 *
60 * 8)
assertion.subject = Subject()
assertion.subject.nameID = NameID()
assertion.subject.nameID.format = query.subject.nameID.format
assertion.subject.nameID.value = query.subject.nameID.value
assertion.issuer = Issuer()
assertion.issuer.format = Issuer.X509_SUBJECT
assertion.issuer.value = \
TestAuthorisationServiceMiddleware.ISSUER_DN
response.assertions.append(assertion)
return response
def authzDecisionQuery(query, response):
"""Authorisation Decision Query interface called by the next
middleware in the stack the SAML SOAP Query interface middleware
instance
(ndg.saml.saml2.binding.soap.server.wsgi.queryinterface.SOAPQueryInterfaceMiddleware)
"""
now = datetime.utcnow()
response.issueInstant = now
# Make up a request ID that this response is responding to
response.inResponseTo = query.id
response.id = str(uuid4())
response.version = SAMLVersion(SAMLVersion.VERSION_20)
response.status = Status()
response.status.statusCode = StatusCode()
response.status.statusCode.value = StatusCode.SUCCESS_URI
response.status.statusMessage = StatusMessage()
response.status.statusMessage.value = \
"Response created successfully"
assertion = Assertion()
assertion.version = SAMLVersion(SAMLVersion.VERSION_20)
assertion.id = str(uuid4())
assertion.issueInstant = now
authzDecisionStatement = AuthzDecisionStatement()
# Make some simple logic to simulate a full access policy
if query.resource == self.__class__.RESOURCE_URI:
if query.actions[0].value == Action.HTTP_GET_ACTION:
authzDecisionStatement.decision = DecisionType.PERMIT
else:
authzDecisionStatement.decision = DecisionType.DENY
else:
authzDecisionStatement.decision = DecisionType.INDETERMINATE
authzDecisionStatement.resource = query.resource
authzDecisionStatement.actions.append(Action())
authzDecisionStatement.actions[-1].namespace = Action.GHPP_NS_URI
authzDecisionStatement.actions[-1].value = Action.HTTP_GET_ACTION
assertion.authzDecisionStatements.append(authzDecisionStatement)
# Add a conditions statement for a validity of 8 hours
assertion.conditions = Conditions()
assertion.conditions.notBefore = now
assertion.conditions.notOnOrAfter = now + timedelta(seconds=60 *
60 * 8)
assertion.subject = Subject()
assertion.subject.nameID = NameID()
assertion.subject.nameID.format = query.subject.nameID.format
assertion.subject.nameID.value = query.subject.nameID.value
assertion.issuer = Issuer()
assertion.issuer.format = Issuer.X509_SUBJECT
assertion.issuer.value = \
TestAuthorisationServiceMiddleware.ISSUER_DN
response.assertions.append(assertion)
return response
