325 |
325 |
notOnOrAfter = now + datetime.timedelta(0, app_settings.SECONDS_TOLERANCE)
|
326 |
326 |
ssl = 'HTTPS' in request.environ
|
327 |
327 |
if app_settings.AUTHN_CONTEXT_FROM_SESSION:
|
328 |
|
backend = request.session[BACKEND_SESSION_KEY]
|
329 |
|
logger.debug('authentication from session with backend %s', backend)
|
330 |
|
backend = load_backend(backend)
|
331 |
|
if hasattr(backend, 'get_saml2_authn_context'):
|
332 |
|
authn_context = backend.get_saml2_authn_context()
|
|
328 |
auth_level = request.session.get('auth_level', 1)
|
|
329 |
if auth_level > 1:
|
|
330 |
authn_context = next(
|
|
331 |
uri for uri, lvl in app_settings.AUTH_LEVELS_MAPPING.items()
|
|
332 |
if lvl == auth_level
|
|
333 |
)
|
333 |
334 |
else:
|
334 |
|
raise Exception('backend unsupported: ' + backend)
|
335 |
|
if authn_context == lasso.SAML2_AUTHN_CONTEXT_PASSWORD and ssl:
|
336 |
|
authn_context = lasso.SAML2_AUTHN_CONTEXT_PASSWORD_PROTECTED_TRANSPORT
|
|
335 |
backend = request.session[BACKEND_SESSION_KEY]
|
|
336 |
logger.debug('authentication from session with backend %s', backend)
|
|
337 |
backend = load_backend(backend)
|
|
338 |
if hasattr(backend, 'get_saml2_authn_context'):
|
|
339 |
authn_context = backend.get_saml2_authn_context()
|
|
340 |
else:
|
|
341 |
raise Exception('backend unsupported: ' + backend)
|
|
342 |
if authn_context == lasso.SAML2_AUTHN_CONTEXT_PASSWORD and ssl:
|
|
343 |
authn_context = lasso.SAML2_AUTHN_CONTEXT_PASSWORD_PROTECTED_TRANSPORT
|
337 |
344 |
else:
|
338 |
345 |
try:
|
339 |
346 |
event = find_authentication_event(request, login.request.id)
|
... | ... | |
346 |
353 |
lasso.SAML2_AUTHN_CONTEXT_PASSWORD_PROTECTED_TRANSPORT
|
347 |
354 |
elif how == 'ssl':
|
348 |
355 |
authn_context = lasso.SAML2_AUTHN_CONTEXT_X509
|
|
356 |
elif event.get('auth_level'):
|
|
357 |
authn_context = next(
|
|
358 |
uri for uri, lvl in app_settings.AUTH_LEVELS_MAPPING.items()
|
|
359 |
if lvl == event['auth_level']
|
|
360 |
)
|
349 |
361 |
else:
|
350 |
362 |
raise NotImplementedError('Unknown authentication method %s',
|
351 |
363 |
how)
|
352 |
|
-
|