import lasso
+class AuthenticationError(Exception):
+
+ def __init__(self, message, code):
+ super(AuthenticationError, self).__init__(message)
+ self.message = message
+ self.code = code
+
+ def __str__(self):
+ return repr(self.message)
+
+
class InvalidRequest(Exception):
def __init__(self, message):
self.stage = self.STAGE_INIT
def auth(self, login):
- self.saml2checks(login)
- self.saml2assertion(login)
+ try:
+ self.saml2checks(login)
+ self.saml2assertion(login)
+ except AuthenticationError, e:
+ self.saml2error(login, e.code, e.message)
return self.reply(login)
def _parse_request(self, message):
except (lasso.ServerProviderNotFoundError,
lasso.ProfileUnknownProviderError), e:
- msg = 'Invalid Service Provider (%r [%r])' % (e, message)
- # TODO: return to SP anyway ?
+ msg = 'Invalid SP [%s] (%r [%r])' % (login.remoteProviderId,
+ e, message)
raise InvalidRequest(msg)
+ self._debug('SP %s requested authentication' % login.remoteProviderId)
+
return login
def saml2login(self, request):
'%s/saml2/SSO/Continue' % self.basepath)
raise cherrypy.HTTPRedirect('%s/login' % self.basepath)
else:
- raise cherrypy.HTTPError(401)
+ raise AuthenticationError(
+ "Unknown user", lasso.SAML2_STATUS_CODE_AUTHN_FAILED)
self._audit("Logged in user: %s [%s]" % (user.name, user.fullname))
# TODO: add user attributes as policy requires taking from 'user'
+ def saml2error(self, login, code, message):
+ status = lasso.Samlp2Status()
+ status.statusCode = lasso.Samlp2StatusCode()
+ status.statusCode.value = lasso.SAML2_STATUS_CODE_RESPONDER
+ status.statusCode.statusCode = lasso.Samlp2StatusCode()
+ status.statusCode.statusCode.value = code
+ login.response.status = status
+
def reply(self, login):
if login.protocolProfile == lasso.LOGIN_PROTOCOL_PROFILE_BRWS_ART:
# TODO