Exemplo n.º 1
0
    def initialize_session(self, request, callback, **callback_kwargs):
        config = self.instance.config

        if not config.get("client_secret"):
            # PKCE
            code_challenge, code_verifier = generate_pkce_codes()
            backend_state = {"code_verifier": code_verifier}
        else:
            # client secret
            code_challenge = None
            backend_state = None

        from realms.models import RealmAuthenticationSession
        ras = RealmAuthenticationSession(realm=self.instance,
                                         backend_state=backend_state,
                                         callback=callback,
                                         callback_kwargs=callback_kwargs)
        ras.save()

        # add state to session to prevent CSRF
        self._add_ras_to_session(request, ras)

        return build_authorization_code_flow_url(config["discovery_url"],
                                                 config["client_id"],
                                                 self.ac_redirect_uri(),
                                                 config["extra_scopes"],
                                                 str(ras.pk), code_challenge)
Exemplo n.º 2
0
 def initialize_session(self, callback, **callback_kwargs):
     from realms.models import RealmAuthenticationSession
     ras = RealmAuthenticationSession(realm=self.instance,
                                      callback=callback,
                                      callback_kwargs=callback_kwargs)
     ras.save()
     saml2_client = self.get_saml2_client()
     _, request_info = saml2_client.prepare_for_authenticate(
         relay_state=str(ras.pk))
     return dict(request_info["headers"])["Location"]
Exemplo n.º 3
0
    def initialize_session(self,
                           callback,
                           save_password_hash=False,
                           **callback_kwargs):
        from realms.models import RealmAuthenticationSession
        ras = RealmAuthenticationSession(realm=self.instance,
                                         save_password_hash=save_password_hash,
                                         callback=callback,
                                         callback_kwargs=callback_kwargs)
        ras.save()

        return reverse("realms:ldap_login", args=(ras.realm.pk, ras.pk))
Exemplo n.º 4
0
    def initialize_session(self, request, callback, **callback_kwargs):
        from realms.models import RealmAuthenticationSession
        ras = RealmAuthenticationSession(
            realm=self.instance,
            callback=callback,
            callback_kwargs=remove_null_character(callback_kwargs))
        ras.save()

        saml2_client = self.get_saml2_client()
        # can throw error
        # like saml2.s_utils.UnsupportedBinding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
        # if the IdP configuration and thus the metadata is wrong, but these should be caught at creation time
        # in the realm form.
        request_id, request_info = saml2_client.prepare_for_authenticate(
            relay_state=str(ras.pk))

        # save request ID in auth session
        ras.backend_state = {"request_id": request_id}
        ras.save()

        return dict(request_info["headers"])["Location"]