838 |
838 |
if not saml_policy:
|
839 |
839 |
return error_page(request, _('No service provider policy defined'), logger=logger)
|
840 |
840 |
|
|
841 |
# pylint: disable=pointless-string-statement
|
841 |
842 |
'''User consent for federation management
|
842 |
843 |
|
843 |
844 |
1- Check if the policy enforce the consent
|
... | ... | |
900 |
901 |
)
|
901 |
902 |
logger.debug('consent already given (existing federation) for %s', login.remoteProviderId)
|
902 |
903 |
consent_obtained = True
|
903 |
|
'''This is abusive since a federation may exist even if we have
|
904 |
|
not previously asked the user consent.'''
|
|
904 |
# This is abusive since a federation may exist even if we have not previously asked the user consent.
|
905 |
905 |
consent_value = 'urn:oasis:names:tc:SAML:2.0:consent:prior'
|
906 |
906 |
except ObjectDoesNotExist:
|
907 |
907 |
logger.debug('consent not yet given (no existing federation) for %s', login.remoteProviderId)
|
... | ... | |
1296 |
1296 |
logger.warning('received slo from %s not authorized', logout.remoteProviderId)
|
1297 |
1297 |
return return_logout_error(request, logout, AUTHENTIC_STATUS_CODE_UNAUTHORIZED)
|
1298 |
1298 |
|
1299 |
|
'''Find all active sessions on SPs but the SP initiating the SLO'''
|
|
1299 |
# Find all active sessions on SPs but the SP initiating the SLO
|
1300 |
1300 |
found, lib_sessions, django_session_keys = get_only_last_session(
|
1301 |
1301 |
logout.server.providerId,
|
1302 |
1302 |
logout.remoteProviderId,
|
... | ... | |
1324 |
1324 |
try:
|
1325 |
1325 |
logout.validateRequest()
|
1326 |
1326 |
except lasso.LogoutUnsupportedProfileError:
|
1327 |
|
"""
|
1328 |
|
If one provider does not support SLO by SOAP,
|
1329 |
|
continue with others!
|
1330 |
|
"""
|
|
1327 |
# If one provider does not support SLO by SOAP, continue with others!
|
1331 |
1328 |
logger.warning(
|
1332 |
1329 |
'one provider does not support SOAP among %s', [s.provider_id for s in lib_sessions]
|
1333 |
1330 |
)
|
... | ... | |
1341 |
1338 |
for lib_session in lib_sessions:
|
1342 |
1339 |
try:
|
1343 |
1340 |
logger.debug('slo, relaying logout to provider %s', lib_session.provider_id)
|
1344 |
|
'''
|
1345 |
|
As we are in a synchronous binding, we need SOAP support
|
1346 |
|
'''
|
|
1341 |
# As we are in a synchronous binding, we need SOAP support
|
1347 |
1342 |
logout.initRequest(lib_session.provider_id, lasso.HTTP_METHOD_SOAP)
|
1348 |
1343 |
logout.buildRequestMsg()
|
1349 |
1344 |
if logout.msgBody:
|
... | ... | |
1355 |
1350 |
except lasso.Error as e:
|
1356 |
1351 |
logger.warning('slo, relaying to %s failed: %s', lib_session.provider_id, e)
|
1357 |
1352 |
|
1358 |
|
'''
|
1359 |
|
Respond to the SP initiating SLO
|
1360 |
|
'''
|
|
1353 |
# Respond to the SP initiating SLO
|
1361 |
1354 |
try:
|
1362 |
1355 |
logout.buildResponseMsg()
|
1363 |
1356 |
except lasso.Error as e:
|