Add samlValidate

cas_server/templates/cas_server/samlValidate.xml

@@ -0,0 +1,52 @@
+<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
+  <SOAP-ENV:Header />
+  <SOAP-ENV:Body>
+    <Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
+    xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="{{IssueInstant}}"
+    MajorVersion="1" MinorVersion="1" Recipient="{{Recipient}}"
+    ResponseID="{{ResponseID}}">
+      <Status>
+        <StatusCode Value="samlp:Success">
+        </StatusCode>
+      </Status>
+      <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="{{ResponseID}}"
+      IssueInstant="{{IssueInstant}}" Issuer="localhost" MajorVersion="1"
+      MinorVersion="1">
+        <Conditions NotBefore="{{IssueInstant}}" NotOnOrAfter="{{expireInstant}}">
+          <AudienceRestrictionCondition>
+            <Audience>
+              https://some-service.example.com/app/
+            </Audience>
+          </AudienceRestrictionCondition>
+        </Conditions>
+        <AttributeStatement>
+          <Subject>
+            <NameIdentifier>{{username}}</NameIdentifier>
+            <SubjectConfirmation>
+              <ConfirmationMethod>
+                urn:oasis:names:tc:SAML:1.0:cm:artifact
+              </ConfirmationMethod>
+            </SubjectConfirmation>
+          </Subject>
+{% for name, value in attributes %}
+          <Attribute AttributeName="name" AttributeNamespace="http://www.ja-sig.org/products/cas/">
+            <AttributeValue>value</AttributeValue>
+          </Attribute>
+{% endfor %}
+        </AttributeStatement>
+        <AuthenticationStatement AuthenticationInstant="{{IssueInstant}}"
+        AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
+          <Subject>
+            <NameIdentifier>{{username}}</NameIdentifier>
+            <SubjectConfirmation>
+              <ConfirmationMethod>
+                urn:oasis:names:tc:SAML:1.0:cm:artifact
+              </ConfirmationMethod>
+            </SubjectConfirmation>
+          </Subject>
+        </AuthenticationStatement>
+      </Assertion>
+    </Response>
+  </SOAP-ENV:Body>
+</SOAP-ENV:Envelope>

cas_server/templates/cas_server/samlValidateError.xml

@@ -0,0 +1,15 @@
+<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
+  <SOAP-ENV:Header />
+  <SOAP-ENV:Body>
+    <Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
+    xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="{{IssueInstant}}"
+    MajorVersion="1" MinorVersion="1" Recipient="{{Recipient}}"
+    ResponseID="{{ResponseID}}">
+      <Status>
+        <StatusCode Value="samlp:{{code}}">
+        </StatusCode>
+      </Status>
+    </Response>
+  </SOAP-ENV:Body>
+</SOAP-ENV:Envelope>

cas_server/urls.py

@@ -14,5 +14,6 @@ urlpatterns = patterns('',
     url('^proxy$', views.proxy, name='proxy'),
     url('^p3/serviceValidate$', views.p3_serviceValidate, name='p3_serviceValidate'),
     url('^p3/proxyValidate$', views.p3_proxyValidate, name='p3_proxyValidate'),
+    url('^samlValidate$', views.samlValidate, name='samlValidate'),
 )
 

cas_server/views.py

@@ -5,10 +5,12 @@ from django.shortcuts import render, redirect
 from django.http import HttpResponse, StreamingHttpResponse
 from django.conf import settings
 from django.contrib import messages
+from django.views.decorators.csrf import csrf_exempt
 from django.utils.translation import ugettext as _
 
 import requests
 from datetime import datetime, timedelta
+from lxml import etree
 
 import utils
 import forms
@@ -218,3 +220,35 @@ def p3_serviceValidate(request):
 
 def p3_proxyValidate(request):
     return proxyValidate(request)
+
+@csrf_exempt
+def samlValidate(request):
+    if request.method == 'POST':
+        target = request.GET.get('TARGET')
+        root = etree.fromstring(request.body)
+        try:
+            auth_req = root.getchildren()[1].getchildren()[0]
+            IssueInstant = auth_req.attrib['IssueInstant']
+            RequestID = auth_req.attrib['RequestID']
+            ticket = auth_req.getchildren()[0].text
+            ticket = models.ServiceTicket.objects.get(value=ticket, service=target, validate=False, creation__gt=(datetime.now() - timedelta(seconds=settings.CAS_TICKET_VALIDITY)))
+            ticket.validate = True
+            ticket.save()
+            expireInstant = (ticket.creation + timedelta(seconds=settings.CAS_TICKET_VALIDITY)).isoformat()
+            attributes = []
+            for key, value in ticket.attributs.items():
+                if isinstance(value, list):
+                    for v in value:
+                        attributes.append((key, v))
+                else:
+                    attributes.append((key, value))
+            params = {'IssueInstant':IssueInstant, 'expireInstant':expireInstant,'Recipient':target, 'ResponseID':RequestID, 'username':ticket.user.username, 'attributes':attributes}
+            if ticket.service_pattern.user_field and ticket.user.attributs.get(ticket.service_pattern.user_field):
+                params['username'] = ticket.user.attributs.get(ticket.service_pattern.user_field)
+            return render(request, "cas_server/samlValidate.xml", params, content_type="text/xml; charset=utf-8")
+        except IndexError:
+            return render(request, "cas_server/samlValidateError.xml", {'code':'VersionMismatch'}, content_type="text/xml; charset=utf-8")
+        except KeyError:
+            return render(request, "cas_server/samlValidateError.xml", {'code':'VersionMismatch'}, content_type="text/xml; charset=utf-8")
+        except models.ServiceTicket.DoesNotExist:
+            return render(request, "cas_server/samlValidateError.xml", {'code':'AuthnFailed'}, content_type="text/xml; charset=utf-8")