def POST(self): SAML_PATH = config_get('saml', 'config_path') request = ctx.env data = dict(param_input()) req = prepare_webpy_request(request, data) auth = OneLogin_Saml2_Auth(req, custom_base_path=SAML_PATH) auth.process_response() errors = auth.get_errors() if not errors: if auth.is_authenticated(): setcookie('saml-nameid', value=auth.get_nameid(), path='/')
def POST(self): if not EXTRA_MODULES['onelogin']: header('X-Rucio-Auth-Token', None) return "SAML not configured on the server side." SAML_PATH = config_get('saml', 'config_path') request = ctx.env data = dict(param_input()) req = prepare_webpy_request(request, data) auth = OneLogin_Saml2_Auth(req, custom_base_path=SAML_PATH) auth.process_response() errors = auth.get_errors() if not errors: if auth.is_authenticated(): setcookie('saml-nameid', value=auth.get_nameid(), path='/')
def GET(self): """ HTTP Success: 200 OK HTTP Error: 401 Unauthorized :param Rucio-Account: Account identifier as a string. :param Rucio-Username: Username as a string. :param Rucio-Password: Password as a string. :param Rucio-AppID: Application identifier as a string. :returns: "X-Rucio-SAML-Auth-URL" as a variable-length string header. """ header('Access-Control-Allow-Origin', ctx.env.get('HTTP_ORIGIN')) header('Access-Control-Allow-Headers', ctx.env.get('HTTP_ACCESS_CONTROL_REQUEST_HEADERS')) header('Access-Control-Allow-Methods', '*') header('Access-Control-Allow-Credentials', 'true') header('Access-Control-Expose-Headers', 'X-Rucio-Auth-Token') header('Content-Type', 'application/octet-stream') header('Cache-Control', 'no-cache, no-store, max-age=0, must-revalidate') header('Cache-Control', 'post-check=0, pre-check=0', False) header('Pragma', 'no-cache') saml_nameid = cookies().get('saml-nameid') account = ctx.env.get('HTTP_X_RUCIO_ACCOUNT') appid = ctx.env.get('HTTP_X_RUCIO_APPID') if appid is None: appid = 'unknown' ip = ctx.env.get('HTTP_X_FORWARDED_FOR') if ip is None: ip = ctx.ip if saml_nameid: try: result = get_auth_token_saml(account, saml_nameid, appid, ip) except AccessDenied: raise generate_http_error( 401, 'CannotAuthenticate', 'Cannot authenticate to account %(account)s with given credentials' % locals()) except RucioException as error: raise generate_http_error(500, error.__class__.__name__, error.args[0]) except Exception as error: print(format_exc()) raise InternalError(error) if not result: raise generate_http_error( 401, 'CannotAuthenticate', 'Cannot authenticate to account %(account)s with given credentials' % locals()) header('X-Rucio-Auth-Token', result.token) header('X-Rucio-Auth-Token-Expires', date_to_str(result.expired_at)) return str() # Path to the SAML config folder SAML_PATH = config_get('saml', 'config_path') request = ctx.env data = dict(param_input()) req = prepare_webpy_request(request, data) auth = OneLogin_Saml2_Auth(req, custom_base_path=SAML_PATH) header('X-Rucio-SAML-Auth-URL', auth.login()) return str()