self._debug(message)
+class UnknownProvider(ProviderException):
+
+ def __init__(self, message):
+ super(UnknownProvider, self).__init__(message)
+ self._debug(message)
+
+
class AuthenticateRequest(ProviderPageBase):
def __init__(self, *args, **kwargs):
msg = 'Invalid SP [%s] (%r [%r])' % (login.remoteProviderId,
e, message)
- raise InvalidRequest(msg)
+ raise UnknownProvider(msg)
self._debug('SP %s requested authentication' % login.remoteProviderId)
except InvalidRequest, e:
self._debug(str(e))
raise cherrypy.HTTPError(400, 'Invalid SAML request token')
+ except UnknownProvider, e:
+ self._debug(str(e))
+ raise cherrypy.HTTPError(400, 'Unknown Service Provider')
except Exception, e: # pylint: disable=broad-except
self._debug(str(e))
raise cherrypy.HTTPError(500)
nameid = None
if nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT:
- ## TODO map to something else ?
+ # TODO map to something else ?
nameid = provider.normalize_username(user.name)
elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT:
- ## TODO map to something else ?
+ # TODO map to something else ?
nameid = provider.normalize_username(user.name)
elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS:
nameid = us.get_data('user', 'krb_principal_name')
raise AuthenticationError("Unavailable Name ID type",
lasso.SAML2_STATUS_CODE_AUTHN_FAILED)
- # TODO: add user attributes as policy requires from 'usersession'
+ # TODO: filter user attributes as policy requires from 'usersession'
+ if not login.assertion.attributeStatement:
+ attrstat = lasso.Saml2AttributeStatement()
+ login.assertion.attributeStatement = [attrstat]
+ else:
+ attrstat = login.assertion.attributeStatement[0]
+ if not attrstat.attribute:
+ attrstat.attribute = ()
+
+ attributes = us.get_user_attrs()
+ for key in attributes:
+ attr = lasso.Saml2Attribute()
+ attr.name = key
+ attr.nameFormat = lasso.SAML2_ATTRIBUTE_NAME_FORMAT_BASIC
+ value = str(attributes[key]).encode('utf-8')
+ node = lasso.MiscTextNode.newWithString(value)
+ node.textChild = True
+ attrvalue = lasso.Saml2AttributeValue()
+ attrvalue.any = [node]
+ attr.attributeValue = [attrvalue]
+ attrstat.attribute = attrstat.attribute + (attr,)
+
+ self.debug('Assertion: %s' % login.assertion.dump())
def saml2error(self, login, code, message):
status = lasso.Samlp2Status()