''' Created on Apr 2, 2012 @author: leifj ''' from saml2 import server, BINDING_SOAP from saml2 import soap from saml2 import config import logging from django.contrib.auth.models import User from django.http import HttpResponse, HttpResponseBadRequest from saml2.metadata import entity_descriptor from saml2.saml import NAME_FORMAT_URI from django.conf import settings from django.views.decorators.csrf import csrf_exempt from saml2.request import AttributeQuery def get_full_path(request,path=None): if path == None: path = request.path full_path = ('http', ('', 's')[request.is_secure()], '://', request.META['HTTP_HOST'], path) return ''.join(full_path) def _config(request): host = request.get_host().replace(":","-") c = { "entityid" : get_full_path(request,"/saml2/entity"), "description": "COIP", "service": { "aa": { "name" : "COIP", "endpoints" : { "attribute_service" : [(get_full_path(request,"/saml2/aq"), BINDING_SOAP)], }, "policy": { "default": { "lifetime": {"minutes":15}, "attribute_restrictions": None, # means all I have "name_form": NAME_FORMAT_URI }, }, "subject_data": ("dict", {}), } }, "debug" : 1, "key_file" : "%s/%s.key" % (settings.SSL_KEY_DIR,host), "cert_file" : "%s/%s.crt" % (settings.SSL_CRT_DIR,host), "attribute_map_dir" : "%s/saml2/attributemaps" % settings.BASE_DIR, "metadata" : { "local": ["%s/saml2/metadata/sp.xml" % settings.BASE_DIR], }, "organization": { "display_name": "COIP on %s" % host, "name": "COIP on %s" % host, "url": get_full_path(request,"/"), }, } return c def _aa_reply(aa, aq, user, sp_entityid): consumer_url = aa.metadata.consumer_url(aq.issuer.text) in_response_to = aq.id name_id = aq.subject.name_id logging.info("name_id: %s" % name_id) return aa.do_aa_response(in_response_to, consumer_url, sp_entityid, identity=user, name_id=name_id, issuer=aa.conf.entityid) def metadata(request): cnf = config.Config().load(_config(request), metadata_construction=True) ed = entity_descriptor(cnf, 0) return HttpResponse(content=ed,content_type="text/xml") def parse_attribute_query(aa, xml_string, decode=True): """ Parse an attribute query :param xml_string: The Attribute Query as an XML string :param decode: Whether the xmlstring is base64encoded and zipped :return: 3-Tuple containing: subject - identifier of the subject attribute - which attributes that the requestor wants back query - the whole query """ receiver_addresses = aa.conf.endpoint("attribute_service") attribute_query = AttributeQuery( aa.sec, receiver_addresses) attribute_query = attribute_query.loads(xml_string, decode=decode) attribute_query = attribute_query.verify() logging.info(repr(attribute_query)) #logging.info("KEYS: %s" % attribute_query.message.keys()) # Subject is described in the a saml.Subject instance subject = attribute_query.subject_id() attribute = attribute_query.attribute() return subject, attribute, attribute_query.message @csrf_exempt def aq(request): if request.method == 'POST': cnf = config.Config().load(_config(request)) cnf.context = 'aa' aa = server.Server(config=cnf, log=logging, debug=1, stype="aa") request_xml = soap.parse_soap_enveloped_saml_attribute_query(request.raw_post_data) logging.debug(request_xml) (subject, attribute, aq) = parse_attribute_query(aa,request_xml,False) sp_entityid = aq.issuer.text claims = {} try: logging.debug("Subject: %s" % subject.text) user = User.objects.get(username=subject.text) p = user.get_profile() claims = {'uid': user.username,'displayName': p.display_name} except Exception,exc: logging.debug(exc) pass aa_response = _aa_reply(aa, aq, claims, sp_entityid) xml = soap.make_soap_enveloped_saml_thingy(aa_response) logging.debug(xml) return HttpResponse(content=xml, content_type="application/soap+xml") else: return HttpResponseBadRequest("No

Bad Request

Go sell crazy someplace else, we're all stocked up here!

")