Add samlValidate
This commit is contained in:
parent
700e24e4fd
commit
f71bd22954
4 changed files with 102 additions and 0 deletions
52
cas_server/templates/cas_server/samlValidate.xml
Normal file
52
cas_server/templates/cas_server/samlValidate.xml
Normal file
|
@ -0,0 +1,52 @@
|
|||
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
|
||||
<SOAP-ENV:Header />
|
||||
<SOAP-ENV:Body>
|
||||
<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
|
||||
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="{{IssueInstant}}"
|
||||
MajorVersion="1" MinorVersion="1" Recipient="{{Recipient}}"
|
||||
ResponseID="{{ResponseID}}">
|
||||
<Status>
|
||||
<StatusCode Value="samlp:Success">
|
||||
</StatusCode>
|
||||
</Status>
|
||||
<Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="{{ResponseID}}"
|
||||
IssueInstant="{{IssueInstant}}" Issuer="localhost" MajorVersion="1"
|
||||
MinorVersion="1">
|
||||
<Conditions NotBefore="{{IssueInstant}}" NotOnOrAfter="{{expireInstant}}">
|
||||
<AudienceRestrictionCondition>
|
||||
<Audience>
|
||||
https://some-service.example.com/app/
|
||||
</Audience>
|
||||
</AudienceRestrictionCondition>
|
||||
</Conditions>
|
||||
<AttributeStatement>
|
||||
<Subject>
|
||||
<NameIdentifier>{{username}}</NameIdentifier>
|
||||
<SubjectConfirmation>
|
||||
<ConfirmationMethod>
|
||||
urn:oasis:names:tc:SAML:1.0:cm:artifact
|
||||
</ConfirmationMethod>
|
||||
</SubjectConfirmation>
|
||||
</Subject>
|
||||
{% for name, value in attributes %}
|
||||
<Attribute AttributeName="name" AttributeNamespace="http://www.ja-sig.org/products/cas/">
|
||||
<AttributeValue>value</AttributeValue>
|
||||
</Attribute>
|
||||
{% endfor %}
|
||||
</AttributeStatement>
|
||||
<AuthenticationStatement AuthenticationInstant="{{IssueInstant}}"
|
||||
AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
|
||||
<Subject>
|
||||
<NameIdentifier>{{username}}</NameIdentifier>
|
||||
<SubjectConfirmation>
|
||||
<ConfirmationMethod>
|
||||
urn:oasis:names:tc:SAML:1.0:cm:artifact
|
||||
</ConfirmationMethod>
|
||||
</SubjectConfirmation>
|
||||
</Subject>
|
||||
</AuthenticationStatement>
|
||||
</Assertion>
|
||||
</Response>
|
||||
</SOAP-ENV:Body>
|
||||
</SOAP-ENV:Envelope>
|
15
cas_server/templates/cas_server/samlValidateError.xml
Normal file
15
cas_server/templates/cas_server/samlValidateError.xml
Normal file
|
@ -0,0 +1,15 @@
|
|||
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
|
||||
<SOAP-ENV:Header />
|
||||
<SOAP-ENV:Body>
|
||||
<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
|
||||
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="{{IssueInstant}}"
|
||||
MajorVersion="1" MinorVersion="1" Recipient="{{Recipient}}"
|
||||
ResponseID="{{ResponseID}}">
|
||||
<Status>
|
||||
<StatusCode Value="samlp:{{code}}">
|
||||
</StatusCode>
|
||||
</Status>
|
||||
</Response>
|
||||
</SOAP-ENV:Body>
|
||||
</SOAP-ENV:Envelope>
|
|
@ -14,5 +14,6 @@ urlpatterns = patterns('',
|
|||
url('^proxy$', views.proxy, name='proxy'),
|
||||
url('^p3/serviceValidate$', views.p3_serviceValidate, name='p3_serviceValidate'),
|
||||
url('^p3/proxyValidate$', views.p3_proxyValidate, name='p3_proxyValidate'),
|
||||
url('^samlValidate$', views.samlValidate, name='samlValidate'),
|
||||
)
|
||||
|
||||
|
|
|
@ -5,10 +5,12 @@ from django.shortcuts import render, redirect
|
|||
from django.http import HttpResponse, StreamingHttpResponse
|
||||
from django.conf import settings
|
||||
from django.contrib import messages
|
||||
from django.views.decorators.csrf import csrf_exempt
|
||||
from django.utils.translation import ugettext as _
|
||||
|
||||
import requests
|
||||
from datetime import datetime, timedelta
|
||||
from lxml import etree
|
||||
|
||||
import utils
|
||||
import forms
|
||||
|
@ -218,3 +220,35 @@ def p3_serviceValidate(request):
|
|||
|
||||
def p3_proxyValidate(request):
|
||||
return proxyValidate(request)
|
||||
|
||||
@csrf_exempt
|
||||
def samlValidate(request):
|
||||
if request.method == 'POST':
|
||||
target = request.GET.get('TARGET')
|
||||
root = etree.fromstring(request.body)
|
||||
try:
|
||||
auth_req = root.getchildren()[1].getchildren()[0]
|
||||
IssueInstant = auth_req.attrib['IssueInstant']
|
||||
RequestID = auth_req.attrib['RequestID']
|
||||
ticket = auth_req.getchildren()[0].text
|
||||
ticket = models.ServiceTicket.objects.get(value=ticket, service=target, validate=False, creation__gt=(datetime.now() - timedelta(seconds=settings.CAS_TICKET_VALIDITY)))
|
||||
ticket.validate = True
|
||||
ticket.save()
|
||||
expireInstant = (ticket.creation + timedelta(seconds=settings.CAS_TICKET_VALIDITY)).isoformat()
|
||||
attributes = []
|
||||
for key, value in ticket.attributs.items():
|
||||
if isinstance(value, list):
|
||||
for v in value:
|
||||
attributes.append((key, v))
|
||||
else:
|
||||
attributes.append((key, value))
|
||||
params = {'IssueInstant':IssueInstant, 'expireInstant':expireInstant,'Recipient':target, 'ResponseID':RequestID, 'username':ticket.user.username, 'attributes':attributes}
|
||||
if ticket.service_pattern.user_field and ticket.user.attributs.get(ticket.service_pattern.user_field):
|
||||
params['username'] = ticket.user.attributs.get(ticket.service_pattern.user_field)
|
||||
return render(request, "cas_server/samlValidate.xml", params, content_type="text/xml; charset=utf-8")
|
||||
except IndexError:
|
||||
return render(request, "cas_server/samlValidateError.xml", {'code':'VersionMismatch'}, content_type="text/xml; charset=utf-8")
|
||||
except KeyError:
|
||||
return render(request, "cas_server/samlValidateError.xml", {'code':'VersionMismatch'}, content_type="text/xml; charset=utf-8")
|
||||
except models.ServiceTicket.DoesNotExist:
|
||||
return render(request, "cas_server/samlValidateError.xml", {'code':'AuthnFailed'}, content_type="text/xml; charset=utf-8")
|
||||
|
|
Loading…
Reference in a new issue