def logout_list(self, request): all_sessions = models.LibertySession.objects.filter( django_session_key=request.session.session_key) logger.debug("logout_list: all_sessions %s" % str(all_sessions)) provider_ids = set([s.provider_id for s in all_sessions]) logger.debug("logout_list: provider_ids %s" % str(provider_ids)) result = [] for provider_id in provider_ids: name = provider_id provider = None try: provider = models.LibertyProvider.objects.get(entity_id=provider_id) name = provider.name except LibertyProvider.DoesNotExist: logger.error('logout_list: session found for unknown provider %s' \ % provider_id) else: policy = common.get_sp_options_policy(provider) if not policy: logger.error('logout_list: No policy found for %s' % provider_id) elif not policy.forward_slo: logger.info('logout_list: %s configured to not reveive slo' \ % provider_id) else: code = '<div>' code += _('Sending logout to %(name)s....') % { 'name': name or provider_id} code += '<iframe src="%s?provider_id=%s" marginwidth="0" marginheight="0" \ scrolling="no" style="border: none" width="16" height="16"></iframe></div>' % \ (reverse(saml2_endpoints.idp_slo, args=[provider_id]), provider_id) logger.debug("logout_list: code %s" % str(code)) result.append(code) return result
def service_list(self, request): q = models.LibertyServiceProvider.objects.filter(enabled = True) ls = [] for service_provider in q: liberty_provider = service_provider.liberty_provider policy = common.get_sp_options_policy(liberty_provider) if policy and policy.idp_initiated_sso: actions = [] entity_id = liberty_provider.entity_id if liberty_provider.protocol_conformance < 3: protocol = 'idff12' else: protocol = 'saml2' actions.append(('login', 'POST', '/idp/%s/idp_sso/' % protocol, (('provider_id', entity_id ),))) if models.LibertySession.objects.filter( django_session_key=request.session.session_key, provider_id=entity_id).exists(): actions.append(('logout', 'POST', '/idp/%s/idp_slo/' % protocol, (( 'provider_id', entity_id ),))) ls.append(Service(url=None, name=liberty_provider.name, actions=actions)) return ls
def logout_list(self, request): all_sessions = models.LibertySession.objects.filter( django_session_key=request.session.session_key) logger.debug("logout_list: all_sessions %r" % all_sessions) provider_ids = set([s.provider_id for s in all_sessions]) logger.debug("logout_list: provider_ids %r" % provider_ids) result = [] for provider_id in provider_ids: name = provider_id provider = None try: provider = models.LibertyProvider.objects.get(entity_id=provider_id) name = provider.name except models.LibertyProvider.DoesNotExist: logger.error('logout_list: session found for unknown provider %s' \ % provider_id) else: policy = common.get_sp_options_policy(provider) if not policy: logger.error('logout_list: No policy found for %s' % provider_id) elif not policy.forward_slo: logger.info('logout_list: %s configured to not reveive slo' \ % provider_id) else: url = reverse(saml2_endpoints.idp_slo, args=[provider_id]) url = '{0}?provider_id={1}'.format(url, urllib.quote(provider_id)) name = name or provider_id code = render_to_string('idp/saml/logout_fragment.html', { 'needs_iframe': policy.needs_iframe_logout, 'name': name, 'url': url, 'iframe_timeout': policy.iframe_logout_timeout}) result.append(code) return result
def service_list(self, request): q = models.LibertyServiceProvider.objects.filter(enabled = True) \ .select_related() ls = [] sessions = models.LibertySession.objects.filter( django_session_key=request.session.session_key) sessions_eids = set(session.provider_id for session in sessions) all_policy = common.get_sp_options_policy_all() default_policy = common.get_sp_options_policy_default() queries = [] if all_policy and all_policy.idp_initiated_sso: queries.append(q) queries.append(q.filter(liberty_provider__entity_id__in=sessions_eids)) else: queries.append(q.filter(sp_options_policy__enabled=True, sp_options_policy__idp_initiated_sso=True)) queries.append(q.filter(sp_options_policy__enabled=True, sp_options_policy__accept_slo=True, liberty_provider__entity_id__in=sessions_eids)) if default_policy and default_policy.idp_initiated_sso: queries.append(q.filter(sp_options_policy__isnull=True)) if default_policy and default_policy.accept_slo: queries.append(q.filter(sp_options_policy__isnull=True, liberty_provider__entity_id__in=sessions_eids)) qs = reduce(operator.__or__, queries) for service_provider in qs: liberty_provider = service_provider.liberty_provider policy = common.get_sp_options_policy(liberty_provider) if policy: actions = [] entity_id = liberty_provider.entity_id protocol = 'saml2' if policy.idp_initiated_sso: actions.append(('login', 'POST', '/idp/%s/idp_sso/' % protocol, (('provider_id', entity_id ),))) if policy.accept_slo and entity_id in sessions_eids: actions.append(('logout', 'POST', '/idp/%s/idp_slo/' % protocol, (( 'provider_id', entity_id ),))) if actions: ls.append(Service(url=None, name=liberty_provider.name, actions=actions)) return ls
def logout_list(self, request): all_sessions = models.LibertySession.objects.filter( django_session_key=request.session.session_key) self.logger.debug("all_sessions %r" % all_sessions) provider_ids = set([s.provider_id for s in all_sessions]) self.logger.debug("provider_ids %r" % provider_ids) result = [] for provider_id in provider_ids: name = provider_id provider = None try: provider = models.LibertyProvider.objects.get( entity_id=provider_id) name = provider.name except models.LibertyProvider.DoesNotExist: self.logger.error(u'session found for unknown provider %s', provider_id) else: policy = common.get_sp_options_policy(provider) if not policy: self.logger.error(u'No policy found for %s', provider_id) elif not policy.forward_slo: self.logger.info(u'%s configured to not reveive slo', provider_id) else: url = reverse(saml2_endpoints.idp_slo, args=[provider_id]) # add a nonce so this link is never cached nonce = hex(random.getrandbits(128)) url = '{0}?provider_id={1}&nonce={2}'.format( url, urllib.quote(provider_id), nonce) name = name or provider_id code = render_to_string( 'idp/saml/logout_fragment.html', { 'needs_iframe': policy.needs_iframe_logout, 'name': name, 'url': url, 'iframe_timeout': policy.iframe_logout_timeout }) result.append(code) return result