示例#1
0
 def single_logout_service(self):
     """
     SLO endpoint
     """
     try:
         spid_request = self._parse_message(action='logout')
         issuer_name = spid_request.saml_tree.issuer.text
         _slo = self._sp_single_logout_service(issuer_name)
         if _slo is None:
             self._raise_error(
                 'Impossibile trovare un servizio di'
                 ' Single Logout per il service provider {}'.format(
                     issuer_name))
         response_binding = _slo.get('Binding')
         logger.info('Response binding: \n{}'.format(response_binding))
         destination = _slo.get('Location')
         response = create_logout_response(
             {
                 'logout_response': {
                     'attrs': {
                         'in_response_to': spid_request.saml_tree.id,
                         'destination': destination
                     }
                 },
                 'issuer': {
                     'attrs': {
                         'name_qualifier': 'something',
                     },
                     'text': self._config.entity_id
                 }
             }, {
                 'status_code': STATUS_SUCCESS
             }).to_xml()
         relay_state = spid_request.data.relay_state or ''
         if response_binding == BINDING_HTTP_POST:
             response = sign_http_post(response,
                                       self._config.idp_key,
                                       self._config.idp_certificate,
                                       message=True,
                                       assertion=False)
             rendered_template = render_template(
                 'form_http_post.html', **{
                     'action': destination,
                     'relay_state': relay_state,
                     'message': base64.b64encode(response).decode('ascii'),
                     'message_type': 'SAMLResponse'
                 })
             return rendered_template, 200
         elif response_binding == BINDING_HTTP_REDIRECT:
             query_string = sign_http_redirect(
                 response,
                 self._config.idp_key,
                 relay_state,
             )
             location = '{}?{}'.format(destination, query_string)
             if location:
                 return redirect(location)
     except RequestParserError as err:
         self._raise_error(err.args[0])
     except SignatureVerificationError as err:
         self._raise_error(err.args[0])
     except UnknownEntityIDError as err:
         self._raise_error(err.args[0])
     except DeserializationError as err:
         return self._handle_errors(err.initial_data, err.details)
     except MetadataLoadError as err:
         self._raise_error(err.args[0])
     abort(400)
示例#2
0
    def single_logout_service(self):
        """
        SLO endpoint
        """

        self.app.logger.debug("req: '%s'", request)
        try:
            spid_request = self._parse_message(action='logout')
            issuer_name = spid_request.saml_tree.issuer.text
            # TODO: retrieve the following data from some custom structure
            _slo = self._sp_single_logout_service(issuer_name)
            if _slo is None:
                self._raise_error(
                    'Impossibile trovare un servizio di'\
                    ' Single Logout per il service provider {}'.format(
                        issuer_name
                    )
                )
            response_binding = _slo[0].get('binding')
            self.app.logger.debug(
                'Response binding: \n{}'.format(
                    response_binding
                )
            )
            destination = _slo[0].get('location')
            response = create_logout_response(
                {
                    'logout_response': {
                        'attrs': {
                            'in_response_to': spid_request.saml_tree.id,
                            'destination': destination
                        }
                    },
                    'issuer': {
                        'attrs': {
                            'name_qualifier': 'something',
                        },
                        'text': self.server.config.entityid
                    }
                },
                {
                    'status_code': STATUS_SUCCESS
                }
            ).to_xml()
            key_file = self.server.config.key_file
            cert_file = self.server.config.cert_file
            key = open(key_file, 'rb').read()
            cert = open(cert_file, 'rb').read()
            relay_state = spid_request.data.relay_state or ''
            if response_binding == BINDING_HTTP_POST:
                response = sign_http_post(
                    response, key, cert,
                    message=True, assertion=False
                )
                rendered_template = render_template(
                    'form_http_post.html',
                    **{
                        'action': destination,
                        'relay_state': relay_state,
                        'message': response,
                        'message_type': 'SAMLResponse'
                    }
                )
                return rendered_template, 200
            elif response_binding == BINDING_HTTP_REDIRECT:
                query_string = sign_http_redirect(response, key, relay_state)
                location = '{}?{}'.format(destination, query_string)
                if location:
                    return redirect(location)
        except RequestParserError as err:
            self._raise_error(err.args[0])
        except SignatureVerificationError as err:
            self._raise_error(err.args[0])
        except UnknownEntityIDError as err:
            self._raise_error(err.args[0])
        except DeserializationError as err:
            return self._handle_errors(err.initial_data, err.details)
        abort(400)