46 |
46 |
from authentic2.compat import get_user_model
|
47 |
47 |
import authentic2.views as a2_views
|
48 |
48 |
from authentic2.saml.models import (LibertyArtifact,
|
49 |
|
LibertySession, LibertyFederation,
|
|
49 |
LibertySession, LibertyFederation,
|
50 |
50 |
nameid2kwargs, saml2_urn_to_nidformat,
|
51 |
51 |
nidformat_to_saml2_urn, save_key_values, get_and_delete_key_values,
|
52 |
52 |
LibertyProvider, LibertyServiceProvider, SAMLAttribute, NAME_ID_FORMATS)
|
... | ... | |
674 |
674 |
lasso.SAML2_STATUS_CODE_NO_PASSIVE)
|
675 |
675 |
return finish_sso(request, login)
|
676 |
676 |
|
|
677 |
# check if user is authorized through this service
|
|
678 |
service = LibertyServiceProvider.objects.get(
|
|
679 |
liberty_provider__entity_id=login.remoteProviderId).liberty_provider
|
|
680 |
if not service.authorize(request):
|
|
681 |
return redirect_to_unauthorized(request, service)
|
|
682 |
|
677 |
683 |
#Do not ask consent for federation if a transient nameID is provided
|
678 |
684 |
transient = False
|
679 |
685 |
if nid_format == 'transient':
|
... | ... | |
1551 |
1557 |
logger.info('return from redirect')
|
1552 |
1558 |
relay_state = request.REQUEST.get('RelayState')
|
1553 |
1559 |
if not relay_state:
|
1554 |
|
return error_redirect(request, N_('slo no relay state in response'),
|
|
1560 |
return error_redirect(request, N_('slo no relay state in response'),
|
1555 |
1561 |
default_url=icon_url('ko'))
|
1556 |
1562 |
logger.debug('relay_state %r', relay_state)
|
1557 |
1563 |
try:
|
1558 |
|
-
|