def artifact_resolve(request, soap_message): '''Resolve a SAMLv1.1 ArtifactResolve request ''' server = create_idff12_server(request, reverse(metadata)) login = lasso.Login(server) try: login.processRequestMsg(soap_message) except: raise logging.debug('ID-FFv1.2 artifact resolve %r' % soap_message) liberty_artifact = LibertyArtifact.objects.get( artifact = login.assertionArtifact) if liberty_artifact: liberty_artifact.delete() provider_id = liberty_artifact.provider_id load_provider(request, provider_id, server=login.server) load_session(request, login, session_key = liberty_artifact.django_session_key) logging.info('ID-FFv1.2 artifact resolve from %r for artifact %r' % ( provider_id, login.assertionArtifact)) else: logging.warning('ID-FFv1.2 no artifact found for %r' % login.assertionArtifact) provider_id = None return finish_artifact_resolve(request, login, provider_id, session_key = liberty_artifact.django_session_key)
def artifact_resolve(request, soap_message): '''Resolve a SAMLv1.1 ArtifactResolve request ''' server = create_idff12_server(request, reverse(metadata)) login = lasso.Login(server) try: login.processRequestMsg(soap_message) except: raise logging.debug('ID-FFv1.2 artifact resolve %r' % soap_message) liberty_artifact = LibertyArtifact.objects.get( artifact=login.assertionArtifact) if liberty_artifact: liberty_artifact.delete() provider_id = liberty_artifact.provider_id load_provider(request, provider_id, server=login.server) load_session(request, login, session_key=liberty_artifact.django_session_key) logging.info('ID-FFv1.2 artifact resolve from %r for artifact %r' % (provider_id, login.assertionArtifact)) else: logging.warning('ID-FFv1.2 no artifact found for %r' % login.assertionArtifact) provider_id = None return finish_artifact_resolve( request, login, provider_id, session_key=liberty_artifact.django_session_key)
def sso_after_process_request(request, login, consent_obtained = True, user = None, save = True): '''Common path for sso and idp_initiated_sso. consent_obtained: whether the user has given his consent to this federation user: the user which must be federated, if None, current user is the default. save: whether to save the result of this transaction or not. ''' if user is None: user = request.user # Flags possible: # - consent # - isPassive # - forceAuthn # # 3. TODO: Check for permission if login.mustAuthenticate(): # TODO: # check that it exists a login transaction for this request id # - if there is, then provoke one with a redirect to # login?next=<current_url> # - if there is then set user_authenticated to the result of the # login event # Work around lack of informations returned by mustAuthenticate() if login.request.forceAuthn or request.user.is_anonymous(): return redirect_to_login(request.get_full_path()) else: user_authenticated = True else: user_authenticated = not request.user.is_anonymous() # 3.1 Ask for consent if user_authenticated: # TODO: for autoloaded providers always ask for consent if login.mustAskForConsent() or not consent_obtained: # TODO: replace False by check against request id if False: consent_obtained = True # i.e. redirect to /idp/consent?id=requestId # then check that Consent(id=requestId) exists in the database else: return HttpResponseRedirect('consent_federation?id=%s&next=%s' % ( login.request.requestId, urllib.quote(request.get_full_path())) ) # 4. Validate the request, passing authentication and consent status try: login.validateRequestMsg(user_authenticated, consent_obtained) except: raise do_federation = False else: do_federation = True # 5. Lookup the federations if do_federation: load_federation(request, login, user) load_session(request, login) # 3. Build and assertion, fill attributes build_assertion(request, login) return finish_sso(request, login, user = user, save = save)
def sso_after_process_request(request, login, consent_obtained=True, user=None, save=True): '''Common path for sso and idp_initiated_sso. consent_obtained: whether the user has given his consent to this federation user: the user which must be federated, if None, current user is the default. save: whether to save the result of this transaction or not. ''' if user is None: user = request.user # Flags possible: # - consent # - isPassive # - forceAuthn # # 3. TODO: Check for permission if login.mustAuthenticate(): # TODO: # check that it exists a login transaction for this request id # - if there is, then provoke one with a redirect to # login?next=<current_url> # - if there is then set user_authenticated to the result of the # login event # Work around lack of informations returned by mustAuthenticate() if login.request.forceAuthn or request.user.is_anonymous(): return redirect_to_login(request.get_full_path()) else: user_authenticated = True else: user_authenticated = not request.user.is_anonymous() # 3.1 Ask for consent if user_authenticated: # TODO: for autoloaded providers always ask for consent if login.mustAskForConsent() or not consent_obtained: # TODO: replace False by check against request id if False: consent_obtained = True # i.e. redirect to /idp/consent?id=requestId # then check that Consent(id=requestId) exists in the database else: return HttpResponseRedirect( 'consent_federation?id=%s&next=%s' % (login.request.requestId, urllib.quote(request.get_full_path()))) # 4. Validate the request, passing authentication and consent status try: login.validateRequestMsg(user_authenticated, consent_obtained) except: raise do_federation = False else: do_federation = True # 5. Lookup the federations if do_federation: load_federation(request, login, user) load_session(request, login) # 3. Build and assertion, fill attributes build_assertion(request, login) return finish_sso(request, login, user=user, save=save)