def test_delete(self):
oqc = OutstandingQueriesCache({})
oqc.set('session_id', '/next')
self.assertEqual(oqc.outstanding_queries(), {'session_id': '/next'})
oqc.delete('session_id')
self.assertEqual(oqc.outstanding_queries(), {})
def assertion_consumer_service(request):
if 'SAMLResponse' not in request.POST:
return HTTPBadRequest("Couldn't find 'SAMLResponse' in POST data.")
xmlstr = request.POST['SAMLResponse']
client = Saml2Client(request.saml2_config,
identity_cache=IdentityCache(request.session))
oq_cache = OutstandingQueriesCache(request.session)
outstanding_queries = oq_cache.outstanding_queries()
try:
# process the authentication response
response = client.parse_authn_request_response(xmlstr, BINDING_HTTP_POST,
outstanding_queries)
except AssertionError:
log.error('SAML response is not verified')
return HTTPBadRequest(
"""SAML response is not verified. May be caused by the response
was not issued at a reasonable time or the SAML status is not ok.
Check the IDP datetime setup""")
if response is None:
log.error('SAML response is None')
return HTTPBadRequest(
"SAML response has errors. Please check the logs")
session_id = response.session_id()
oq_cache.delete(session_id)
# authenticate the remote user
session_info = response.session_info()
log.debug('Trying to locate the user authenticated by the IdP')
log.debug('Session info:\n{!s}\n\n'.format(pprint.pformat(session_info)))
user = authenticate(request, session_info)
if user is None:
log.error('Could not find the user identified by the IdP')
return HTTPUnauthorized("Access not authorized")
headers = login(request, session_info, user)
_set_name_id(request.session, session_info['name_id'])
# redirect the user to the view where he came from
relay_state = request.POST.get('RelayState', '/')
log.debug('Redirecting to the RelayState: ' + relay_state)
return HTTPFound(location=relay_state, headers=headers)