示例#1
0
 def __init__(
         self,
         rememberer_name,
         sp_metadata,
         sp_priv_key,
         sp_cert,
         idp_metadata,
         idp_cert=None,
         idp_ca_cert=None,
         logout_handler_path=None,
         post_logout_url=None):
     self.sp_metadata = sp_metadata
     self.sp_priv_key = sp_priv_key
     self.sp_cert = sp_cert
     self.idp_metadata = idp_metadata
     self.idp_cert = idp_cert
     self.idp_ca_cert = idp_ca_cert
     self.rememberer_name = rememberer_name
     self.logout_handler_path = logout_handler_path
     self.post_logout_url = post_logout_url
     self.server = Server(
         self.sp_metadata,
         self.sp_priv_key,
         certificate=self.sp_cert
     )
     self.server.addProvider(
         PROVIDER_ROLE_IDP,
         self.idp_metadata,
         self.idp_cert,
         self.idp_ca_cert
     )
示例#2
0
 def __init__(
     self,
     rememberer_name,
     sp_metadata,
     sp_priv_key,
     sp_cert,
     idp_metadata,
     idp_cert=None,
     idp_ca_cert=None,
     logout_handler_path=None,
     post_logout_url=None,
 ):
     self.sp_metadata = sp_metadata
     self.sp_priv_key = sp_priv_key
     self.sp_cert = sp_cert
     self.idp_metadata = idp_metadata
     self.idp_cert = idp_cert
     self.idp_ca_cert = idp_ca_cert
     self.rememberer_name = rememberer_name
     self.logout_handler_path = logout_handler_path
     self.post_logout_url = post_logout_url
     self.server = Server(self.sp_metadata, self.sp_priv_key, certificate=self.sp_cert)
     self.server.addProvider(PROVIDER_ROLE_IDP, self.idp_metadata, self.idp_cert, self.idp_ca_cert)
示例#3
0
class SAML2Plugin(object):
    """docstring for SAML2Plugin"""

    implements(
        IChallenger,
        IIdentifier,
        IAuthenticator,
        IMetadataProvider
    )

    def __init__(
            self,
            rememberer_name,
            sp_metadata,
            sp_priv_key,
            sp_cert,
            idp_metadata,
            idp_cert=None,
            idp_ca_cert=None,
            logout_handler_path=None,
            post_logout_url=None):
        self.sp_metadata = sp_metadata
        self.sp_priv_key = sp_priv_key
        self.sp_cert = sp_cert
        self.idp_metadata = idp_metadata
        self.idp_cert = idp_cert
        self.idp_ca_cert = idp_ca_cert
        self.rememberer_name = rememberer_name
        self.logout_handler_path = logout_handler_path
        self.post_logout_url = post_logout_url
        self.server = Server(
            self.sp_metadata,
            self.sp_priv_key,
            certificate=self.sp_cert
        )
        self.server.addProvider(
            PROVIDER_ROLE_IDP,
            self.idp_metadata,
            self.idp_cert,
            self.idp_ca_cert
        )

    def _get_rememberer(self, environ):
        """Get the rememberer"""
        rememberer = environ['repoze.who.plugins'][self.rememberer_name]
        return rememberer

    def __repr__(self):
        return '<%s %s>' % (self.__class__.__name__, id(self))

    # IIdentifier
    def identify(self, environ):
        """identify"""
        req = Request(environ)
        if SAML2_FIELD_RESPONSE not in req.POST:
            logger.debug('[saml2.identify] got an empty request')
            return {}

        uri = req.path
        logger.debug('[saml2.identify] uri: %s', uri)

        # path = req.path
        login = Login(self.server)
        try:
            login.processAuthnResponseMsg(req.POST[SAML2_FIELD_RESPONSE])
            # request_id = login.response.inResponseTo
            login.acceptSso()
            # attribs = get_attributes_from_assertion(login.assertion)
            username = login.nameIdentifier
            return {
                'login': username,
                'password': '',
                'repoze.who.userid': username,
                'user': '',
            }
        except Error as msg:
            logger.debug(msg)
            return {}
        return None

    # IIdentifier
    def remember(self, environ, identity):
        """remember"""
        rememberer = self._get_rememberer(environ)
        return rememberer.remember(environ, identity)

    # IIdentifier
    def forget(self, environ, identity):
        """forget"""
        rememberer = self._get_rememberer(environ)
        return rememberer.forget(environ, identity)

    # IAuthenticatorPlugin
    def authenticate(self, environ, identity):
        """authenticate"""
        return identity.get('login')

    # IChallenger
    def challenge(self, environ, status, app_headers, forget_headers):
        """challenge"""
        req = Request(environ)
        if req.path in [self.logout_handler_path, self.post_logout_url]:
            headers = app_headers + forget_headers
            return HTTPFound(headers=headers)
        else:
            came_from = get_came_from(environ)
            logger.debug("[saml2.challenge] RelayState >> '%s'", came_from)
            login = Login(self.server)
            try:
                login.initAuthnRequest()
                login.buildAuthnRequestMsg()
                logger.debug(
                    "[saml2.challenge] RequestID: %r", login.request.iD
                )
                headers = [('Location', login.msgUrl)]
                logger.debug(
                    "[saml2.challenge] Redirected to: %s", login.msgUrl
                )
                cookies = [
                    (_hdr, _val) for (_hdr, _val) in app_headers
                    if _hdr.lower() == 'set-cookie'
                ]
                headers = headers + forget_headers + cookies
                return HTTPFound(headers=headers)
            except Error as msg:
                logger.debug("[saml2.challenge] error: %s", msg)
                raise

    # IMetadataProvider
    def add_metadata(self, environ, identity):
        """add_metadata"""
        return {}
示例#4
0
class SAML2Plugin(object):
    """docstring for SAML2Plugin"""

    implements(IChallenger, IIdentifier, IAuthenticator, IMetadataProvider)

    def __init__(
        self,
        rememberer_name,
        sp_metadata,
        sp_priv_key,
        sp_cert,
        idp_metadata,
        idp_cert=None,
        idp_ca_cert=None,
        logout_handler_path=None,
        post_logout_url=None,
    ):
        self.sp_metadata = sp_metadata
        self.sp_priv_key = sp_priv_key
        self.sp_cert = sp_cert
        self.idp_metadata = idp_metadata
        self.idp_cert = idp_cert
        self.idp_ca_cert = idp_ca_cert
        self.rememberer_name = rememberer_name
        self.logout_handler_path = logout_handler_path
        self.post_logout_url = post_logout_url
        self.server = Server(self.sp_metadata, self.sp_priv_key, certificate=self.sp_cert)
        self.server.addProvider(PROVIDER_ROLE_IDP, self.idp_metadata, self.idp_cert, self.idp_ca_cert)

    def _get_rememberer(self, environ):
        """Get the rememberer"""
        rememberer = environ["repoze.who.plugins"][self.rememberer_name]
        return rememberer

    def __repr__(self):
        return "<%s %s>" % (self.__class__.__name__, id(self))

    # IIdentifier
    def identify(self, environ):
        """identify"""
        req = Request(environ)
        if SAML2_FIELD_RESPONSE not in req.POST:
            logger.debug("[saml2.identify] got an empty request")
            return {}

        uri = req.path
        logger.debug("[saml2.identify] uri: %s", uri)

        # path = req.path
        login = Login(self.server)
        try:
            login.processAuthnResponseMsg(req.POST[SAML2_FIELD_RESPONSE])
            # request_id = login.response.inResponseTo
            login.acceptSso()
            # attribs = get_attributes_from_assertion(login.assertion)
            username = login.nameIdentifier
            return {"login": username, "password": "", "repoze.who.userid": username, "user": ""}
        except Error as msg:
            logger.debug(msg)
            return {}
        return None

    # IIdentifier
    def remember(self, environ, identity):
        """remember"""
        rememberer = self._get_rememberer(environ)
        return rememberer.remember(environ, identity)

    # IIdentifier
    def forget(self, environ, identity):
        """forget"""
        rememberer = self._get_rememberer(environ)
        return rememberer.forget(environ, identity)

    # IAuthenticatorPlugin
    def authenticate(self, environ, identity):
        """authenticate"""
        return identity.get("login")

    # IChallenger
    def challenge(self, environ, status, app_headers, forget_headers):
        """challenge"""
        req = Request(environ)
        if req.path in [self.logout_handler_path, self.post_logout_url]:
            headers = app_headers + forget_headers
            return HTTPFound(headers=headers)
        else:
            came_from = get_came_from(environ)
            logger.debug("[saml2.challenge] RelayState >> '%s'", came_from)
            login = Login(self.server)
            try:
                login.initAuthnRequest()
                login.buildAuthnRequestMsg()
                logger.debug("[saml2.challenge] RequestID: %r", login.request.iD)
                headers = [("Location", login.msgUrl)]
                logger.debug("[saml2.challenge] Redirected to: %s", login.msgUrl)
                cookies = [(_hdr, _val) for (_hdr, _val) in app_headers if _hdr.lower() == "set-cookie"]
                headers = headers + forget_headers + cookies
                return HTTPFound(headers=headers)
            except Error as msg:
                logger.debug("[saml2.challenge] error: %s", msg)
                raise

    # IMetadataProvider
    def add_metadata(self, environ, identity):
        """add_metadata"""
        return {}