def build(self, in_response_to): """ Creates a Logout Response object. :param in_response_to: InResponseTo value for the Logout Response. :type in_response_to: string """ sp_data = self.__settings.get_sp_data() idp_data = self.__settings.get_idp_data() uid = OneLogin_Saml2_Utils.generate_unique_id() issue_instant = OneLogin_Saml2_Utils.parse_time_to_SAML( OneLogin_Saml2_Utils.now()) logout_response = OneLogin_Saml2_Templates.LOGOUT_RESPONSE % \ { 'id': uid, 'issue_instant': issue_instant, 'destination': idp_data['singleLogoutService']['url'], 'in_response_to': in_response_to, 'entity_id': sp_data['entityId'], 'status': "urn:oasis:names:tc:SAML:2.0:status:Success" } self.__logout_response = logout_response
def __init__(self, settings, force_authn=False, is_passive=False, set_nameid_policy=True): """ Constructs the AuthnRequest object. :param settings: OSetting data :type settings: OneLogin_Saml2_Settings :param force_authn: Optional argument. When true the AuthNRequest will set the ForceAuthn='true'. :type force_authn: bool :param is_passive: Optional argument. When true the AuthNRequest will set the Ispassive='true'. :type is_passive: bool :param set_nameid_policy: Optional argument. When true the AuthNRequest will set a nameIdPolicy element. :type set_nameid_policy: bool """ self.__settings = settings sp_data = self.__settings.get_sp_data() idp_data = self.__settings.get_idp_data() security = self.__settings.get_security_data() uid = OneLogin_Saml2_Utils.generate_unique_id() self.__id = uid issue_instant = OneLogin_Saml2_Utils.parse_time_to_SAML( OneLogin_Saml2_Utils.now()) destination = idp_data['singleSignOnService']['url'] provider_name_str = '' organization_data = settings.get_organization() if isinstance(organization_data, dict) and organization_data: langs = organization_data if 'en-US' in langs: lang = 'en-US' else: lang = sorted(langs)[0] display_name = 'displayname' in organization_data[ lang] and organization_data[lang]['displayname'] if display_name: provider_name_str = "\n" + ' ProviderName="%s"' % organization_data[ lang]['displayname'] force_authn_str = '' if force_authn is True: force_authn_str = "\n" + ' ForceAuthn="true"' is_passive_str = '' if is_passive is True: is_passive_str = "\n" + ' IsPassive="true"' nameid_policy_str = '' if set_nameid_policy: name_id_policy_format = sp_data['NameIDFormat'] if security['wantNameIdEncrypted']: name_id_policy_format = OneLogin_Saml2_Constants.NAMEID_ENCRYPTED nameid_policy_str = """ <samlp:NameIDPolicy Format="%s" AllowCreate="true" />""" % name_id_policy_format requested_authn_context_str = '' if security['requestedAuthnContext'] is not False: authn_comparison = 'exact' if 'requestedAuthnContextComparison' in security.keys(): authn_comparison = security['requestedAuthnContextComparison'] if security['requestedAuthnContext'] is True: requested_authn_context_str = """ <samlp:RequestedAuthnContext Comparison="%s"> <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef> </samlp:RequestedAuthnContext>""" % authn_comparison else: requested_authn_context_str = ' <samlp:RequestedAuthnContext Comparison="%s">' % authn_comparison for authn_context in security['requestedAuthnContext']: requested_authn_context_str += '<saml:AuthnContextClassRef>%s</saml:AuthnContextClassRef>' % authn_context requested_authn_context_str += ' </samlp:RequestedAuthnContext>' attr_consuming_service_str = '' if 'attributeConsumingService' in sp_data and sp_data[ 'attributeConsumingService']: attr_consuming_service_str = "\n AttributeConsumingServiceIndex=\"1\"" request = OneLogin_Saml2_Templates.AUTHN_REQUEST % \ { 'id': uid, 'provider_name': provider_name_str, 'force_authn_str': force_authn_str, 'is_passive_str': is_passive_str, 'issue_instant': issue_instant, 'destination': destination, 'assertion_url': sp_data['assertionConsumerService']['url'], 'entity_id': sp_data['entityId'], 'nameid_policy_str': nameid_policy_str, 'requested_authn_context_str': requested_authn_context_str, 'attr_consuming_service_str': attr_consuming_service_str, } self.__authn_request = request
def __init__(self, settings, request=None, name_id=None, session_index=None, nq=None, name_id_format=None): """ Constructs the Logout Request object. :param settings: Setting data :type settings: OneLogin_Saml2_Settings :param request: Optional. A LogoutRequest to be loaded instead build one. :type request: string :param name_id: The NameID that will be set in the LogoutRequest. :type name_id: string :param session_index: SessionIndex that identifies the session of the user. :type session_index: string :param nq: IDP Name Qualifier :type: string :param name_id_format: The NameID Format that will be set in the LogoutRequest. :type: string """ self.__settings = settings self.__error = None self.id = None if request is None: sp_data = self.__settings.get_sp_data() idp_data = self.__settings.get_idp_data() security = self.__settings.get_security_data() uid = OneLogin_Saml2_Utils.generate_unique_id() self.id = uid issue_instant = OneLogin_Saml2_Utils.parse_time_to_SAML( OneLogin_Saml2_Utils.now()) cert = None if security['nameIdEncrypted']: exists_multix509enc = 'x509certMulti' in idp_data and \ 'encryption' in idp_data['x509certMulti'] and \ idp_data['x509certMulti']['encryption'] if exists_multix509enc: cert = idp_data['x509certMulti']['encryption'][0] else: cert = idp_data['x509cert'] if name_id is not None: if not name_id_format and sp_data[ 'NameIDFormat'] != OneLogin_Saml2_Constants.NAMEID_UNSPECIFIED: name_id_format = sp_data['NameIDFormat'] else: name_id_format = OneLogin_Saml2_Constants.NAMEID_ENTITY sp_name_qualifier = None if name_id_format == OneLogin_Saml2_Constants.NAMEID_ENTITY: name_id = idp_data['entityId'] nq = None elif nq is not None: # We only gonna include SPNameQualifier if NameQualifier is provided sp_name_qualifier = sp_data['entityId'] name_id_obj = OneLogin_Saml2_Utils.generate_name_id( name_id, sp_name_qualifier, name_id_format, cert, False, nq) if session_index: session_index_str = '<samlp:SessionIndex>%s</samlp:SessionIndex>' % session_index else: session_index_str = '' logout_request = OneLogin_Saml2_Templates.LOGOUT_REQUEST % \ { 'id': uid, 'issue_instant': issue_instant, 'single_logout_url': idp_data['singleLogoutService']['url'], 'entity_id': sp_data['entityId'], 'name_id': name_id_obj, 'session_index': session_index_str, } else: logout_request = OneLogin_Saml2_Utils.decode_base64_and_inflate( request, ignore_zip=True) self.id = self.get_id(logout_request) self.__logout_request = compat.to_string(logout_request)