def _handle_backend_error(self, exception, idp): """ See super class satosa.frontends.base.FrontendModule :type exception: satosa.exception.SATOSAAuthenticationError :type idp: saml.server.Server :rtype: satosa.response.Response :param exception: The SATOSAAuthenticationError :param idp: The saml frontend idp server :return: A response """ loaded_state = self.load_state(exception.state) relay_state = loaded_state["relay_state"] resp_args = loaded_state["resp_args"] error_resp = idp.create_error_response(resp_args["in_response_to"], resp_args["destination"], Exception(exception.message)) http_args = idp.apply_binding( resp_args["binding"], "%s" % error_resp, resp_args["destination"], relay_state, response=True) satosa_logging(LOGGER, logging.DEBUG, "HTTPargs: %s" % http_args, exception.state) return response(resp_args["binding"], http_args)
def _handle_authn_request(self, context, binding_in, idp): """ See doc for handle_authn_request method. :type context: satosa.context.Context :type binding_in: str :type idp: saml.server.Server :rtype: satosa.response.Response :param context: The current context :param binding_in: The pysaml binding type :param idp: The saml frontend idp server :return: response """ request = context.request try: extracted_request = self.extract_request(idp, request["SAMLRequest"], binding_in, context.state) except UnknownPrincipal as excp: satosa_logging(LOGGER, logging.ERROR, "UnknownPrincipal", context.state, exc_info=True) return ServiceError("UnknownPrincipal: %s" % excp) except UnsupportedBinding as excp: satosa_logging(LOGGER, logging.ERROR, "UnsupportedBinding", context.state, exc_info=True) return ServiceError("UnsupportedBinding: %s" % excp) _binding = extracted_request["resp_args"]["binding"] if extracted_request["response"]: # An error response http_args = idp.apply_binding( _binding, "%s" % extracted_request["response"], extracted_request["resp_args"]["destination"], request["RelayState"], response=True, ) satosa_logging(LOGGER, logging.DEBUG, "HTTPargs: %s" % http_args, context.state, exc_info=True) return response(_binding, http_args) else: try: context.internal_data["saml2.target_entity_id"] = request["entityID"] except KeyError: pass request_state = self.save_state( context, idp.response_args(extracted_request["authn_req"]), request["RelayState"] ) context.state.add(self.state_id, request_state) extensions = idp.metadata.extension( extracted_request["resp_args"]["sp_entity_id"], "spsso_descriptor", "urn:oasis:names:tc:SAML:metadata:ui&UIInfo", ) requester_name = None try: requester_name = extensions[0]["display_name"] except IndexError: pass name_format = None if "name_id_policy" in extracted_request["req_args"]: name_format = saml_name_format_to_hash_type(extracted_request["req_args"]["name_id_policy"].format) if name_format is None: # default to requesting transient name id name_format = UserIdHashType.transient internal_req = InternalRequest(name_format, extracted_request["resp_args"]["sp_entity_id"], requester_name) # Get attribute filter idp_policy = idp.config.getattr("policy", "idp") if idp_policy: attribute_filter = self.get_filter_attributes(idp, idp_policy, internal_req.requestor, context.state) internal_req.add_filter(attribute_filter) return self.auth_req_callback_func(context, internal_req)
def _handle_authn_request(self, context, binding_in, idp): """ See doc for handle_authn_request method. :type context: satosa.context.Context :type binding_in: str :type idp: saml.server.Server :rtype: satosa.response.Response :param context: The current context :param binding_in: The pysaml binding type :param idp: The saml frontend idp server :return: response """ request = context.request try: extracted_request = self.extract_request(idp, request["SAMLRequest"], binding_in, context.state) except UnknownPrincipal as excp: satosa_logging(LOGGER, logging.ERROR, "UnknownPrincipal", context.state, exc_info=True) return ServiceError("UnknownPrincipal: %s" % excp) except UnsupportedBinding as excp: satosa_logging(LOGGER, logging.ERROR, "UnsupportedBinding", context.state, exc_info=True) return ServiceError("UnsupportedBinding: %s" % excp) _binding = extracted_request["resp_args"]["binding"] if extracted_request["response"]: # An error response http_args = idp.apply_binding( _binding, "%s" % extracted_request["response"], extracted_request["resp_args"]["destination"], request["RelayState"], response=True) satosa_logging(LOGGER, logging.DEBUG, "HTTPargs: %s" % http_args, context.state, exc_info=True) return response(_binding, http_args) else: try: context.internal_data["saml2.target_entity_id"] = request["entityID"] except KeyError: pass request_state = self.save_state(context, idp.response_args(extracted_request["authn_req"]), request["RelayState"]) context.state.add(self.state_id, request_state) extensions = idp.metadata.extension( extracted_request['resp_args']['sp_entity_id'], 'spsso_descriptor', 'urn:oasis:names:tc:SAML:metadata:ui&UIInfo' ) requester_name = None try: requester_name = extensions[0]['display_name'] except IndexError: pass name_format = None if 'name_id_policy' in extracted_request['req_args']: name_format = saml_name_format_to_hash_type( extracted_request['req_args']['name_id_policy'].format) if name_format is None: # default to requesting transient name id name_format = UserIdHashType.transient internal_req = InternalRequest(name_format, extracted_request["resp_args"]["sp_entity_id"], requester_name) # Get attribute filter idp_policy = idp.config.getattr("policy", "idp") if idp_policy: attribute_filter = self.get_filter_attributes(idp, idp_policy, internal_req.requestor, context.state) internal_req.add_filter(attribute_filter) return self.auth_req_callback_func(context, internal_req)