def testAccessors(self): """Test for LogoutRequest accessors""" self.lr.id = "request id" self.lr.version = saml2.VERSION self.lr.issue_instant = "2007-09-14T01:05:02Z" self.lr.destination = "http://www.example.com/Destination" self.lr.consent = saml.CONSENT_UNSPECIFIED self.lr.issuer = saml.Issuer() self.lr.signature = ds.Signature() self.lr.extensions = samlp.Extensions() self.lr.not_on_or_after = "2007-10-14T01:05:02Z" self.lr.reason = "http://www.example.com/Reason" self.lr.base_id = saml.BaseID() self.lr.name_id = saml.NameID() self.lr.encrypted_id = saml.EncryptedID() self.lr.session_index = samlp.SessionIndex() new_lr = samlp.logout_request_from_string(self.lr.to_string()) assert new_lr.id == "request id" assert new_lr.version == saml2.VERSION assert new_lr.issue_instant == "2007-09-14T01:05:02Z" assert new_lr.destination == "http://www.example.com/Destination" assert new_lr.consent == saml.CONSENT_UNSPECIFIED assert isinstance(new_lr.issuer, saml.Issuer) assert isinstance(new_lr.signature, ds.Signature) assert isinstance(new_lr.extensions, samlp.Extensions) assert new_lr.not_on_or_after == "2007-10-14T01:05:02Z" assert new_lr.reason == "http://www.example.com/Reason" assert isinstance(new_lr.base_id, saml.BaseID) assert isinstance(new_lr.name_id, saml.NameID) assert isinstance(new_lr.encrypted_id, saml.EncryptedID) assert isinstance(new_lr.session_index[0], samlp.SessionIndex)
def createLogoutRequest(self, session_index, name_id): now = saml2.utils.getDateAndTime(time.time()) req = samlp.LogoutRequest(id=saml2.utils.createID(), version=saml2.V2, issue_instant=now) req.issuer = saml.Issuer(text=self.config.get('issuer_name')) req.name_id = name_id req.session_index = samlp.SessionIndex(text=session_index) req.signature = self._get_signature() return req
def slo(self, request): """ generate a SAML2 logout request; reset session; return IDP URL """ session = request.SESSION session.set(self.session_auth_key, False) del session[self.session_user_properties] config = self._saml2_config() scl = Saml2Client(config) samluid = session.get(self.session_samluid_key, '') entityid = config.metadata.keys()[0] sp_url = self.saml2_sp_url actual_url = request.get("ACTUAL_URL", '') if not actual_url.startswith(sp_url): # the request was made from within a context we cannot handle return None session.set(self.session_storedurl_key, request.URL1) # we cannot simply call global_logout on the client since it doesn't know about our user... srvs = scl.metadata.single_logout_service(entityid, BINDING_HTTP_REDIRECT, "idpsso") destination = destinations(srvs)[0] samlrequest = scl.create_logout_request( destination, entityid, name_id=saml.NameID(text=samluid)) samlrequest.session_index = samlp.SessionIndex( session.get(self.session_samlsessionindex_key)) to_sign = [] samlrequest = signed_instance_factory(samlrequest, scl.sec, to_sign) logger.info('SSO logout request: %s' % samlrequest.to_string()) session_id = samlrequest.id rstate = scl._relay_state(session_id) msg = http_redirect_message(samlrequest, destination, rstate) headers = dict(msg['headers']) location = headers['Location'] logger.info( 'attempting to post: {loc}'.format(loc=headers['Location'])) return location