115 |
115 |
'''Extract the SAMLRequest field from the POST'''
|
116 |
116 |
msg = request.POST.get(lasso.SAML2_FIELD_RESPONSE, '')
|
117 |
117 |
assert msg is not None, 'no message received'
|
118 |
|
logger.debug('%r: %r', lasso.SAML2_FIELD_RESPONSE, msg)
|
|
118 |
logger.debug('%s: %s', lasso.SAML2_FIELD_RESPONSE, msg)
|
119 |
119 |
return msg
|
120 |
120 |
|
121 |
121 |
def get_saml2_post_request(request):
|
... | ... | |
168 |
168 |
logger.debug('profile.msgBody: %r', profile.msgBody)
|
169 |
169 |
logger.debug('profile.msgUrl: %r', profile.msgUrl)
|
170 |
170 |
logger.debug('profile.msgRelayState: %r', profile.msgRelayState)
|
171 |
|
logger.debug('field_name: %r', field_name)
|
|
171 |
logger.debug('field_name: %s', field_name)
|
172 |
172 |
if profile.msgBody:
|
173 |
173 |
if profile.msgUrl:
|
174 |
174 |
return render_to_response('saml/post_form.html',{
|
... | ... | |
284 |
284 |
try:
|
285 |
285 |
q = LibertySessionDump.objects.get(django_session_key=session_key,
|
286 |
286 |
kind=kind)
|
287 |
|
logger.debug('load_session: session dump found %s' %q.session_dump.encode('utf8'))
|
|
287 |
logger.debug('load_session: session dump found %s', q.session_dump)
|
288 |
288 |
login.setSessionFromDump(q.session_dump.encode('utf8'))
|
289 |
|
logger.debug('load_session: set session from dump done %s' %login.session.dump())
|
290 |
289 |
except ObjectDoesNotExist:
|
291 |
290 |
pass
|
292 |
291 |
|
... | ... | |
308 |
307 |
'''Delete all liberty sessions for a django session'''
|
309 |
308 |
if not session_key:
|
310 |
309 |
session_key = request.session.session_key
|
311 |
|
try:
|
312 |
|
LibertySessionDump.objects.\
|
313 |
|
filter(django_session_key = session_key).delete()
|
314 |
|
except Exception, e:
|
315 |
|
logger.error('delete_session: Exception %s' % str(e))
|
|
310 |
sessions = LibertySessionDump.objects.filter(
|
|
311 |
django_session_key=session_key)
|
|
312 |
sessions..delete()
|
316 |
313 |
|
317 |
314 |
def save_manage(request, manage):
|
318 |
315 |
if not request or not manage:
|
... | ... | |
327 |
324 |
return d
|
328 |
325 |
|
329 |
326 |
def retrieve_metadata_and_create(request, provider_id, sp_or_idp):
|
330 |
|
logger.debug('trying to load %s from wkl' % provider_id)
|
|
327 |
logger.debug('trying to load %s from wkl', provider_id)
|
331 |
328 |
if not provider_id.startswith('http'):
|
332 |
329 |
logger.debug('not an http url, failing')
|
333 |
330 |
return None
|
... | ... | |
336 |
333 |
metadata = get_url(provider_id)
|
337 |
334 |
except Exception, e:
|
338 |
335 |
logging.error('SAML metadata autoload: failure to retrieve metadata '
|
339 |
|
'for entity id %r: %s' % (provider_id, e))
|
|
336 |
'for entity id %s: %s', provider_id, e)
|
340 |
337 |
return None
|
341 |
|
logger.debug('loaded %d bytes' % len(metadata))
|
|
338 |
logger.debug('loaded %d bytes', len(metadata))
|
342 |
339 |
try:
|
343 |
340 |
metadata = unicode(metadata, 'utf8')
|
344 |
341 |
except:
|
345 |
|
logging.error('SAML metadata autoload: retrieved metadata \
|
346 |
|
for entity id %r is not UTF-8' % provider_id)
|
|
342 |
logging.error('SAML metadata autoload: retrieved metadata for entity '
|
|
343 |
'id %s is not UTF-8', provider_id)
|
347 |
344 |
return None
|
348 |
345 |
p = LibertyProvider(metadata=metadata)
|
349 |
346 |
try:
|
350 |
347 |
p.full_clean(exclude=['entity_id','protocol_conformance'])
|
351 |
348 |
except ValidationError, e:
|
352 |
|
logging.error('SAML metadata autoload: retrieved metadata \
|
353 |
|
for entity id %r are invalid, %s' % (provider_id, e.args))
|
|
349 |
logging.error('SAML metadata autoload: retrieved metadata for entity '
|
|
350 |
'id %s are invalid, %s', provider_id, e.args)
|
354 |
351 |
return None
|
355 |
352 |
except:
|
356 |
|
logging.exception('SAML metadata autoload: retrieved metadata validation raised an unknown exception')
|
|
353 |
logging.exception('SAML metadata autoload: retrieved metadata '
|
|
354 |
'validation raised an unknown exception')
|
357 |
355 |
return None
|
358 |
356 |
p.save()
|
359 |
|
logger.debug('%s saved' % p)
|
|
357 |
logger.debug('%s saved', p)
|
360 |
358 |
if sp_or_idp == 'sp':
|
361 |
359 |
s = LibertyServiceProvider(liberty_provider=p, enabled=True)
|
362 |
360 |
s.save()
|
... | ... | |
410 |
408 |
liberty_provider.metadata.encode('utf8'))
|
411 |
409 |
else:
|
412 |
410 |
raise Exception('unsupported option sp_or_idp = %r' % sp_or_idp)
|
413 |
|
logger.debug('loaded provider %r', entity_id)
|
|
411 |
logger.debug('loaded provider %s', entity_id)
|
414 |
412 |
return liberty_provider
|
415 |
413 |
|
416 |
414 |
# Federation management
|
... | ... | |
422 |
420 |
kwargs['idp'] = LibertyProvider.objects.get(entity_id=provider_id).identity_provider
|
423 |
421 |
fed = LibertyFederation(user=user, **kwargs)
|
424 |
422 |
fed.save()
|
425 |
|
logger.debug('federation %r linked to user %r', fed.name_id_content, user)
|
|
423 |
logger.debug('federation %s linked to user %s', fed.name_id_content, user)
|
426 |
424 |
return fed
|
427 |
425 |
|
428 |
426 |
def lookup_federation_by_name_identifier(name_id=None, profile=None):
|
... | ... | |
530 |
528 |
LibertySessionSP.objects.\
|
531 |
529 |
filter(django_session_key=session_key).delete()
|
532 |
530 |
except Exception, e:
|
533 |
|
logger.error('remove_liberty_session_sp: Exception %s' % str(e))
|
|
531 |
logger.error('remove_liberty_session_sp: Exception %s', e)
|
534 |
532 |
|
535 |
533 |
def get_provider_of_active_session(request):
|
536 |
534 |
if not request:
|
... | ... | |
567 |
565 |
host, query = urllib.splithost(url[6:])
|
568 |
566 |
conn = httplib.HTTPSConnection(host,
|
569 |
567 |
key_file = client_cert, cert_file = client_cert)
|
570 |
|
logger.debug('host %s' % host)
|
571 |
|
logger.debug('query %s' % query)
|
572 |
|
logger.debug('msg %s' % msg)
|
|
568 |
logger.debug('host %r', host)
|
|
569 |
logger.debug('query %r', query)
|
|
570 |
logger.debug('msg %r', msg)
|
573 |
571 |
try:
|
574 |
572 |
conn.request('POST', query, msg, {'Content-Type': 'text/xml'})
|
575 |
573 |
response = conn.getresponse()
|
576 |
574 |
except Exception, err:
|
577 |
575 |
logging.error('SOAP error (on %s): %s' % (url, err))
|
578 |
576 |
raise SOAPException(url, err)
|
579 |
|
logger.debug('response %s' % str(response))
|
|
577 |
logger.debug('response %r', response)
|
580 |
578 |
try:
|
581 |
579 |
data = response.read()
|
582 |
580 |
except Exception, err:
|
583 |
581 |
logging.error('SOAP error (on %s): %s' % (url, err))
|
584 |
582 |
raise SOAPException(url, err)
|
585 |
|
logger.debug('data %s' % str(data))
|
|
583 |
logger.debug('data %r', data)
|
586 |
584 |
conn.close()
|
587 |
585 |
if response.status not in (200, 204): # 204 ok for federation termination
|
588 |
586 |
logging.warning('SOAP error (%s) (on %s)' % (response.status, url))
|
589 |
|
-
|