def gbac_create_update_saml_idp_page():
logger.debug("gbac_create_update_saml_idp_page()")
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
idp_id = request.args.get('idpId')
idp_info = okta_admin.get_idp(idp_id)
if 'id' in idp_info:
cert_info = okta_admin.get_idp_certificate(
idp_info['protocol']['credentials']['trust']['kid'])
cert_display_data = IDPUtil.getCertificateDisplayValues(
cert_info['x5c'][0])
idp_info['cert_expiry'] = cert_display_data.not_valid_after
idp_info['cert_issuer'] = cert_display_data.issuer.rfc4514_string()
logger.debug("Retrieved IDP: {0}".format(idp_info))
return render_template("/managesamlidp.html",
templatename=get_app_vertical(),
user_info=get_userinfo(),
idp_info=idp_info,
config=session[SESSION_INSTANCE_SETTINGS_KEY])
def gbac_update_saml_idp():
logger.debug("gbac_update_saml_idp()")
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
idpMetadataFile = request.files.get('idpMetadata')
# If we're updating, we need to pull current data.
if request.form.get('idpId'):
idpAPIData = okta_admin.get_idp(request.form.get('idpId'))
else:
idpAPIData = IDPUtil.getIDPModel()
idpAPIData['name'] = request.form.get('idpName')
if idpMetadataFile:
# Use metadata here.
logger.info("Metadata uploaded. Parsing...")
data = IDPUtil.parseIDPMetadata(idpMetadataFile.read())
idpAPIData['protocol']['endpoints']['sso']['url'] = data['ssoUrl']
idpAPIData['protocol']['endpoints']['sso']['binding'] = data[
'bindingType']
idpAPIData['protocol']['endpoints']['sso']['destination'] = data[
'ssoUrl']
idpAPIData['protocol']['credentials']['trust']['issuer'] = data[
'entityID']
certData = data['signingCert']
else:
logger.info("Using manual entry.")
idpCertificateFile = request.files.get('idpCertificate')
idpAPIData['protocol']['credentials']['trust'][
'issuer'] = request.form.get('idpIssuer')
idpAPIData['protocol']['endpoints']['sso']['url'] = request.form.get(
'ssoUrl')
idpAPIData['protocol']['endpoints']['sso'][
'destination'] = request.form.get('ssoUrl')
certData = IDPUtil.parseX509File(idpCertificateFile)
if certData:
kid = IDPUtil.getCertificateKid(certData, okta_admin)
else:
# Unlike other form inputs, if we're not changing the cert in update mode, the cert file upload will be null instead of filled out.
# so rather than loading from formdata like normal, we have to load from the fetched Okta data.
kid = idpAPIData['protocol']['credentials']['trust']['kid']
if not kid:
logger.info("Certificate not in store yet- uploading.")
idp_cert_data = {"x5c": [certData]}
resp = okta_admin.upload_idp_certificate(idp_cert_data)
logger.info(resp)
if "kid" in resp:
kid = resp["kid"]
elif "errorCode" in resp:
logger.error(resp)
# How do i handle the error properly here?
else:
logger.error("An exception was thrown.")
else:
logger.info("Certificate already in store- using kid: {0}".format(kid))
idpAPIData['protocol']['credentials']['trust']['kid'] = kid
logger.info("About to upload! {0}".format(idpAPIData))
if request.form.get('idpId'):
resp = okta_admin.update_idp(request.form.get('idpId'), idpAPIData)
else: # Create.
resp = okta_admin.create_idp(idpAPIData)
logger.info(resp)
return redirect(
url_for("gbac_manageidps_bp.gbac_saml_idps",
_external="True",
_scheme="http",
message="Success!"))
