X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=blobdiff_plain;f=ipsilon%2Fproviders%2Fsaml2%2Fauth.py;h=036ed5e9e9264348abdae3dcae171dba0ba0ee9c;hp=ff81af692dd9fc725cd69a0059f9c2904dda5c6c;hb=c4aa2a8fc207d464aa23e065b5f2ad0549a58f5e;hpb=8f6f3b2226d66a085fffa521dea1cf31c42e896f

diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py
index ff81af6..036ed5e 100755
--- a/ipsilon/providers/saml2/auth.py
+++ b/ipsilon/providers/saml2/auth.py
@@ -42,6 +42,13 @@ class InvalidRequest(ProviderException):
         self._debug(message)
 
 
+class UnknownProvider(ProviderException):
+
+    def __init__(self, message):
+        super(UnknownProvider, self).__init__(message)
+        self._debug(message)
+
+
 class AuthenticateRequest(ProviderPageBase):
 
     def __init__(self, *args, **kwargs):
@@ -59,7 +66,7 @@ class AuthenticateRequest(ProviderPageBase):
 
     def _parse_request(self, message):
 
-        login = lasso.Login(self.cfg.idp)
+        login = self.cfg.idp.get_login_handler()
 
         try:
             login.processAuthnRequestMsg(message)
@@ -81,7 +88,7 @@ class AuthenticateRequest(ProviderPageBase):
 
             msg = 'Invalid SP [%s] (%r [%r])' % (login.remoteProviderId,
                                                  e, message)
-            raise InvalidRequest(msg)
+            raise UnknownProvider(msg)
 
         self._debug('SP %s requested authentication' % login.remoteProviderId)
 
@@ -98,6 +105,9 @@ class AuthenticateRequest(ProviderPageBase):
         except InvalidRequest, e:
             self._debug(str(e))
             raise cherrypy.HTTPError(400, 'Invalid SAML request token')
+        except UnknownProvider, e:
+            self._debug(str(e))
+            raise cherrypy.HTTPError(400, 'Unknown Service Provider')
         except Exception, e:  # pylint: disable=broad-except
             self._debug(str(e))
             raise cherrypy.HTTPError(500)
@@ -164,10 +174,10 @@ class AuthenticateRequest(ProviderPageBase):
 
         nameid = None
         if nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT:
-            ## TODO map to something else ?
+            # TODO map to something else ?
             nameid = provider.normalize_username(user.name)
         elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT:
-            ## TODO map to something else ?
+            # TODO map to something else ?
             nameid = provider.normalize_username(user.name)
         elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS:
             nameid = us.get_data('user', 'krb_principal_name')