Add samlValidate
This commit is contained in:
parent
700e24e4fd
commit
f71bd22954
52
cas_server/templates/cas_server/samlValidate.xml
Normal file
52
cas_server/templates/cas_server/samlValidate.xml
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
|
||||||
|
<SOAP-ENV:Header />
|
||||||
|
<SOAP-ENV:Body>
|
||||||
|
<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
|
||||||
|
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="{{IssueInstant}}"
|
||||||
|
MajorVersion="1" MinorVersion="1" Recipient="{{Recipient}}"
|
||||||
|
ResponseID="{{ResponseID}}">
|
||||||
|
<Status>
|
||||||
|
<StatusCode Value="samlp:Success">
|
||||||
|
</StatusCode>
|
||||||
|
</Status>
|
||||||
|
<Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="{{ResponseID}}"
|
||||||
|
IssueInstant="{{IssueInstant}}" Issuer="localhost" MajorVersion="1"
|
||||||
|
MinorVersion="1">
|
||||||
|
<Conditions NotBefore="{{IssueInstant}}" NotOnOrAfter="{{expireInstant}}">
|
||||||
|
<AudienceRestrictionCondition>
|
||||||
|
<Audience>
|
||||||
|
https://some-service.example.com/app/
|
||||||
|
</Audience>
|
||||||
|
</AudienceRestrictionCondition>
|
||||||
|
</Conditions>
|
||||||
|
<AttributeStatement>
|
||||||
|
<Subject>
|
||||||
|
<NameIdentifier>{{username}}</NameIdentifier>
|
||||||
|
<SubjectConfirmation>
|
||||||
|
<ConfirmationMethod>
|
||||||
|
urn:oasis:names:tc:SAML:1.0:cm:artifact
|
||||||
|
</ConfirmationMethod>
|
||||||
|
</SubjectConfirmation>
|
||||||
|
</Subject>
|
||||||
|
{% for name, value in attributes %}
|
||||||
|
<Attribute AttributeName="name" AttributeNamespace="http://www.ja-sig.org/products/cas/">
|
||||||
|
<AttributeValue>value</AttributeValue>
|
||||||
|
</Attribute>
|
||||||
|
{% endfor %}
|
||||||
|
</AttributeStatement>
|
||||||
|
<AuthenticationStatement AuthenticationInstant="{{IssueInstant}}"
|
||||||
|
AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
|
||||||
|
<Subject>
|
||||||
|
<NameIdentifier>{{username}}</NameIdentifier>
|
||||||
|
<SubjectConfirmation>
|
||||||
|
<ConfirmationMethod>
|
||||||
|
urn:oasis:names:tc:SAML:1.0:cm:artifact
|
||||||
|
</ConfirmationMethod>
|
||||||
|
</SubjectConfirmation>
|
||||||
|
</Subject>
|
||||||
|
</AuthenticationStatement>
|
||||||
|
</Assertion>
|
||||||
|
</Response>
|
||||||
|
</SOAP-ENV:Body>
|
||||||
|
</SOAP-ENV:Envelope>
|
15
cas_server/templates/cas_server/samlValidateError.xml
Normal file
15
cas_server/templates/cas_server/samlValidateError.xml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
|
||||||
|
<SOAP-ENV:Header />
|
||||||
|
<SOAP-ENV:Body>
|
||||||
|
<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
|
||||||
|
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="{{IssueInstant}}"
|
||||||
|
MajorVersion="1" MinorVersion="1" Recipient="{{Recipient}}"
|
||||||
|
ResponseID="{{ResponseID}}">
|
||||||
|
<Status>
|
||||||
|
<StatusCode Value="samlp:{{code}}">
|
||||||
|
</StatusCode>
|
||||||
|
</Status>
|
||||||
|
</Response>
|
||||||
|
</SOAP-ENV:Body>
|
||||||
|
</SOAP-ENV:Envelope>
|
@ -14,5 +14,6 @@ urlpatterns = patterns('',
|
|||||||
url('^proxy$', views.proxy, name='proxy'),
|
url('^proxy$', views.proxy, name='proxy'),
|
||||||
url('^p3/serviceValidate$', views.p3_serviceValidate, name='p3_serviceValidate'),
|
url('^p3/serviceValidate$', views.p3_serviceValidate, name='p3_serviceValidate'),
|
||||||
url('^p3/proxyValidate$', views.p3_proxyValidate, name='p3_proxyValidate'),
|
url('^p3/proxyValidate$', views.p3_proxyValidate, name='p3_proxyValidate'),
|
||||||
|
url('^samlValidate$', views.samlValidate, name='samlValidate'),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -5,10 +5,12 @@ from django.shortcuts import render, redirect
|
|||||||
from django.http import HttpResponse, StreamingHttpResponse
|
from django.http import HttpResponse, StreamingHttpResponse
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.contrib import messages
|
from django.contrib import messages
|
||||||
|
from django.views.decorators.csrf import csrf_exempt
|
||||||
from django.utils.translation import ugettext as _
|
from django.utils.translation import ugettext as _
|
||||||
|
|
||||||
import requests
|
import requests
|
||||||
from datetime import datetime, timedelta
|
from datetime import datetime, timedelta
|
||||||
|
from lxml import etree
|
||||||
|
|
||||||
import utils
|
import utils
|
||||||
import forms
|
import forms
|
||||||
@ -218,3 +220,35 @@ def p3_serviceValidate(request):
|
|||||||
|
|
||||||
def p3_proxyValidate(request):
|
def p3_proxyValidate(request):
|
||||||
return proxyValidate(request)
|
return proxyValidate(request)
|
||||||
|
|
||||||
|
@csrf_exempt
|
||||||
|
def samlValidate(request):
|
||||||
|
if request.method == 'POST':
|
||||||
|
target = request.GET.get('TARGET')
|
||||||
|
root = etree.fromstring(request.body)
|
||||||
|
try:
|
||||||
|
auth_req = root.getchildren()[1].getchildren()[0]
|
||||||
|
IssueInstant = auth_req.attrib['IssueInstant']
|
||||||
|
RequestID = auth_req.attrib['RequestID']
|
||||||
|
ticket = auth_req.getchildren()[0].text
|
||||||
|
ticket = models.ServiceTicket.objects.get(value=ticket, service=target, validate=False, creation__gt=(datetime.now() - timedelta(seconds=settings.CAS_TICKET_VALIDITY)))
|
||||||
|
ticket.validate = True
|
||||||
|
ticket.save()
|
||||||
|
expireInstant = (ticket.creation + timedelta(seconds=settings.CAS_TICKET_VALIDITY)).isoformat()
|
||||||
|
attributes = []
|
||||||
|
for key, value in ticket.attributs.items():
|
||||||
|
if isinstance(value, list):
|
||||||
|
for v in value:
|
||||||
|
attributes.append((key, v))
|
||||||
|
else:
|
||||||
|
attributes.append((key, value))
|
||||||
|
params = {'IssueInstant':IssueInstant, 'expireInstant':expireInstant,'Recipient':target, 'ResponseID':RequestID, 'username':ticket.user.username, 'attributes':attributes}
|
||||||
|
if ticket.service_pattern.user_field and ticket.user.attributs.get(ticket.service_pattern.user_field):
|
||||||
|
params['username'] = ticket.user.attributs.get(ticket.service_pattern.user_field)
|
||||||
|
return render(request, "cas_server/samlValidate.xml", params, content_type="text/xml; charset=utf-8")
|
||||||
|
except IndexError:
|
||||||
|
return render(request, "cas_server/samlValidateError.xml", {'code':'VersionMismatch'}, content_type="text/xml; charset=utf-8")
|
||||||
|
except KeyError:
|
||||||
|
return render(request, "cas_server/samlValidateError.xml", {'code':'VersionMismatch'}, content_type="text/xml; charset=utf-8")
|
||||||
|
except models.ServiceTicket.DoesNotExist:
|
||||||
|
return render(request, "cas_server/samlValidateError.xml", {'code':'AuthnFailed'}, content_type="text/xml; charset=utf-8")
|
||||||
|
Loading…
Reference in New Issue
Block a user