|
1
|
import sys
|
|
2
|
from quixote import get_response, redirect
|
|
3
|
from quixote.directory import Directory
|
|
4
|
from quixote.errors import TraversalError
|
|
5
|
|
|
6
|
import admin
|
|
7
|
import liberty
|
|
8
|
import saml2
|
|
9
|
|
|
10
|
import errors
|
|
11
|
import logger
|
|
12
|
import misc
|
|
13
|
import template
|
|
14
|
from form import *
|
|
15
|
|
|
16
|
from users import User
|
|
17
|
|
|
18
|
class LibertySite(Directory):
|
|
19
|
|
|
20
|
_q_exports = ["", "login", "logout", "liberty"]
|
|
21
|
|
|
22
|
liberty = liberty.Liberty()
|
|
23
|
|
|
24
|
def __init__(self, component):
|
|
25
|
self.name = component
|
|
26
|
|
|
27
|
def _q_index(self):
|
|
28
|
return 'todo'
|
|
29
|
|
|
30
|
def login [html] (self):
|
|
31
|
logger.info('login')
|
|
32
|
idps = misc.cfg.get('idp', {})
|
|
33
|
|
|
34
|
# if len(idps) == 0:
|
|
35
|
return template.error_page(_('SSO support is not yet configured'))
|
|
36
|
|
|
37
|
if len(idps) == 1 or len([x for x in idps.values() if not x.get('hide', False)]) == 1:
|
|
38
|
# if there is only one visible IdP, perform login automatically on
|
|
39
|
# this one.
|
|
40
|
server = misc.get_lasso_server('liberty')
|
|
41
|
if (server is None):
|
|
42
|
# Get a templated page instead
|
|
43
|
return _("This site doesn't exist or doesn't have SSO support")
|
|
44
|
for x in server.providerIds:
|
|
45
|
key_provider_id = x.replace(str('://'), str('-')).replace(str('/'), str('-'))
|
|
46
|
if not idps.get(key_provider_id, {}).get('hide', False):
|
|
47
|
return self.liberty.perform_login(x)
|
|
48
|
|
|
49
|
server = misc.get_lasso_server('saml2')
|
|
50
|
for x in server.providerIds:
|
|
51
|
key_provider_id = x.replace(str('://'), str('-')).replace(str('/'), str('-'))
|
|
52
|
if not idps.get(key_provider_id, {}).get('hide', False):
|
|
53
|
return self.saml.perform_login(x)
|
|
54
|
|
|
55
|
form = Form(enctype='multipart/form-data')
|
|
56
|
options = []
|
|
57
|
# XXX: use intro cookie to get preferred value
|
|
58
|
value = None
|
|
59
|
providers = {}
|
|
60
|
for kidp, idp in misc.cfg.get('idp', {}).items():
|
|
61
|
if idp.get('hide'):
|
|
62
|
continue
|
|
63
|
p = lasso.Provider(lasso.PROVIDER_ROLE_IDP,
|
|
64
|
misc.get_abs_path(idp['metadata']),
|
|
65
|
misc.get_abs_path(idp['publickey']), None)
|
|
66
|
providers[p.providerId] = p
|
|
67
|
|
|
68
|
include_protocol = True
|
|
69
|
if len([x for x in providers.values() if
|
|
70
|
x.getProtocolConformance() == lasso.PROTOCOL_SAML_2_0]) in (0, len(providers)):
|
|
71
|
include_protocol = False
|
|
72
|
|
|
73
|
for p in providers.values():
|
|
74
|
label = misc.get_provider_label(p)
|
|
75
|
if include_protocol:
|
|
76
|
if p.getProtocolConformance() == lasso.PROTOCOL_SAML_2_0:
|
|
77
|
label = '%s (SAML 2.0)' % label
|
|
78
|
else:
|
|
79
|
label = '%s (Liberty ID-FF 1.2)' % label
|
|
80
|
options.append((p.providerId, label))
|
|
81
|
if not value:
|
|
82
|
value = p.providerId
|
|
83
|
form.add(RadiobuttonsWidget, 'idp', value = value, options = options, delim = '<br/>')
|
|
84
|
form.add_submit('submit', _('Submit'))
|
|
85
|
|
|
86
|
if form.is_submitted() and not form.has_errors():
|
|
87
|
idp = form.get_widget('idp').parse()
|
|
88
|
p = providers[form.get_widget('idp').parse()]
|
|
89
|
if p.getProtocolConformance() == lasso.PROTOCOL_SAML_2_0:
|
|
90
|
return self.saml.perform_login(idp)
|
|
91
|
else:
|
|
92
|
return self.liberty.perform_login(idp)
|
|
93
|
|
|
94
|
template.html_top(_('Login'))
|
|
95
|
'<p>%s</p>' % _('Select the identity provider you want to use.')
|
|
96
|
form.render()
|
|
97
|
|
|
98
|
def logout(self):
|
|
99
|
logger.info('logout')
|
|
100
|
session = get_session()
|
|
101
|
if not session:
|
|
102
|
return redirect('/')
|
|
103
|
# add settings to disable single logout?
|
|
104
|
# (and to set it as none/get/soap?)
|
|
105
|
return self.liberty.singleLogout()
|
|
106
|
|
|
107
|
def defederate(self):
|
|
108
|
logger.info('defederate')
|
|
109
|
session = get_session()
|
|
110
|
if not session:
|
|
111
|
return redirect('/')
|
|
112
|
|
|
113
|
idps = misc.cfg.get('idp', {})
|
|
114
|
|
|
115
|
if len(idps) == 0:
|
|
116
|
return template.error_page(_('SSO support is not yet configured'))
|
|
117
|
|
|
118
|
if len(idps) == 1 or len([x for x in idps.values() if not x.get('hide', False)]) == 1:
|
|
119
|
# if there is only one visible IdP, perform login automatically on
|
|
120
|
# this one.
|
|
121
|
server = misc.get_lasso_server('liberty')
|
|
122
|
if (server is None):
|
|
123
|
# Get a templated page instead
|
|
124
|
return _("This site doesn't exist or doesn't have SSO support")
|
|
125
|
for x in server.providerIds:
|
|
126
|
key_provider_id = x.replace(str('://'), str('-')).replace(str('/'), str('-'))
|
|
127
|
if not idps.get(key_provider_id, {}).get('hide', False):
|
|
128
|
return self.liberty.defederate(x)
|