217 |
217 |
if user is not None:
|
218 |
218 |
if user.is_active:
|
219 |
219 |
utils.login(request, user)
|
|
220 |
class_ref = attributes['authn_context_class_ref']
|
|
221 |
idp = self.get_idp(request)
|
|
222 |
authn_classref_levels = utils.get_setting(idp, 'AUTHN_CLASSREF_LEVELS')
|
|
223 |
if authn_classref_levels and class_ref.startswith(authn_classref_levels):
|
|
224 |
request.session['auth_level'] = int(class_ref.split('/')[-1])
|
220 |
225 |
self.log.info('user %s (NameID is %r) logged in using SAML', user,
|
221 |
226 |
attributes['name_id_content'])
|
222 |
227 |
request.session['mellon_session'] = utils.flatten_datetime(attributes)
|
... | ... | |
375 |
380 |
request, is_passive=request.GET.get('passive') == '1')
|
376 |
381 |
|
377 |
382 |
next_url = check_next_url(self.request, request.GET.get(REDIRECT_FIELD_NAME))
|
|
383 |
requested_auth_level = request.GET.get('auth_level')
|
378 |
384 |
idp = self.get_idp(request)
|
379 |
385 |
if idp is None:
|
380 |
386 |
return HttpResponseBadRequest('no idp found')
|
... | ... | |
394 |
400 |
authn_request.isPassive = True
|
395 |
401 |
# configure requested AuthnClassRef
|
396 |
402 |
authn_classref = utils.get_setting(idp, 'AUTHN_CLASSREF')
|
397 |
|
if authn_classref:
|
|
403 |
authn_classref_levels = utils.get_setting(idp, 'AUTHN_CLASSREF_LEVELS')
|
|
404 |
if requested_auth_level and authn_classref_levels:
|
|
405 |
authn_classref = (authn_classref_levels + str(requested_auth_level),)
|
|
406 |
req_authncontext = lasso.Samlp2RequestedAuthnContext()
|
|
407 |
authn_request.requestedAuthnContext = req_authncontext
|
|
408 |
req_authncontext.authnContextClassRef = authn_classref
|
|
409 |
elif authn_classref:
|
398 |
410 |
authn_classref = tuple([str(x) for x in authn_classref])
|
399 |
411 |
req_authncontext = lasso.Samlp2RequestedAuthnContext()
|
400 |
412 |
authn_request.requestedAuthnContext = req_authncontext
|
401 |
|
-
|