coip/apps/saml2/views.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

'''
Created on Apr 2, 2012

@author: leifj
'''

import re
from saml2 import server, BINDING_SOAP
from saml2 import saml
from saml2 import soap
import logging
from django.contrib.auth.models import User
from django.http import HttpResponse, HttpResponseBadRequest
from saml2.config import Config
from saml2.metadata import entity_descriptor
from saml2.saml import NAME_FORMAT_URI
from django.conf import settings

def _config(request):
    host = request.get_host()
    c = {
            "entityid" : request.build_absolute_uri("/saml2/entity"),
            "description": "COIP",
            "service": {
                "aa": {
                    "name" : "COIP",
                    "endpoints" : {
                        "attribute_service" : [(request.build_absolute_uri("/saml2/aq"), BINDING_SOAP)],
                    },
                    "policy": {
                        "default": {
                            "lifetime": {"minutes":15},
                            "attribute_restrictions": None, # means all I have
                            "name_form": NAME_FORMAT_URI
                        },
                    },
                    "subject_data": ("dict", {}),
                }
            },
            "debug" : 1,
            "key_file" : "%s/%s.key" % (settings.SSL_KEY_DIR,host),
            "cert_file" : "%s/%s.crt" % (settings.SSL_CRT_DIR,host),
            "attribute_map_dir" : "%s/saml2/attributemaps" % settings.BASE_DIR,
            "metadata" : {
                "local": ["%s/saml2/metadata/sp.xml" % settings.BASE_DIR],
            },
            "organization": {
                "display_name": "COIP on %s" % host,
                "name": "COIP on %s" % host,
                "url": request.build_absolute_uri("/"),
            },
         }
    
    return Config().load(c)

def _aa_reply(aa, aq, user, sp_entityid):
    consumer_url = aa.metadata.consumer_url(aq.issuer.text)
    in_response_to = aq.id
    name_id = aq.subject.name_id

    logging.info("name_id: %s" % name_id)
    return  aa.do_aa_response(in_response_to, 
                              consumer_url,
                              sp_entityid,
                              identity=user,
                              name_id=name_id,
                              issuer=aa.conf.entityid)

def metadata(request):
    cnf = Config().load(_config(request), metadata_construction=True)
    ed = entity_descriptor(cnf, 0)
    return HttpResponse(content=ed,content_type="text/xml")

def aq(request):
    if request.method == 'POST':
        aa = server.Server(config=_config(request), log=logging, debug=1, stype="aa")
        request_xml = soap.parse_soap_enveloped_saml_attribute_query(request.raw_post_data)
        logging.debug(request_xml)
        (subject, attribute, aq) = aa.parse_attribute_query(request_xml,False)
        sp_entityid = aq.issuer.text
        
        claims = {}
        try:
            logging.debug("Subject: %s" % subject.text)
            user = User.objects.get(username=subject.text)
            p = user.get_profile()
            claims = {'uid': user.username,'displayName': p.display_name}
        except Exception,exc:
            logging.debug(exc)
            pass
        
        aa_response = _aa_reply(aa, aq, claims, sp_entityid)
        xml = soap.make_soap_enveloped_saml_thingy(aa_response)
        logging.debug(xml)
        return HttpResponse(content=xml, content_type="application/soap+xml")
    else:
        return HttpResponseBadRequest("<html><head><title>No</title></head><body><h1>Bad Request</h1><p>Go sell crazy someplace else, we're all stocked up here!</p></body></html>")