+ Exceptions are handled by the caller
+ """
+ login = self.cfg.idp.get_login_handler()
+
+ login.initIdpInitiatedAuthnRequest(spidentifier)
+
+ # Hardcode for now, handle Artifact later
+ login.request.protocolBinding = lasso.SAML2_METADATA_BINDING_POST
+
+ login.processAuthnRequestMsg()
+
+ if relaystate is not None:
+ login.msgRelayState = relaystate
+ else:
+ provider = ServiceProvider(self.cfg, login.remoteProviderId)
+ if provider.splink is not None:
+ login.msgRelayState = provider.splink
+ else:
+ login.msgRelayState = login.remoteProviderId
+
+ return login
+
+ def saml2login(self, request, spidentifier=None, relaystate=None):
+ """
+ request: the SAML request
+ spidentifier: the provider ID for IdP-initiated login
+ relaystate: optional string to direct user to particular place on
+ the SP after sending POST. If one is not provided then
+ the protected site from the SP is used, otherwise it
+ is set to the remote provider ID.
+ """
+ if not request and not spidentifier: