This repository has been archived by the owner on Feb 15, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 5
/
demosp.py
105 lines (80 loc) · 2.57 KB
/
demosp.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
"""
Demo Relying Party based on python and flask
"""
import os
from flask import (Flask, request, render_template, redirect, session,
make_response)
from urllib.parse import urlparse
from onelogin.saml2.auth import OneLogin_Saml2_Auth
from onelogin.saml2.utils import OneLogin_Saml2_Utils
app = Flask(__name__)
app.secret_key = os.urandom(24)
CONFIG_PATH = os.environ.get('SAML_ENV', 'config')
print('Using config from: %s' % CONFIG_PATH)
def build_saml_req():
""" Build a request object suitable for python-saml, based on the
flask request object."""
req = {
'https': 'on' if request.scheme == 'https' else 'off',
'http_host': request.host,
'server_port': urlparse(request.url).port,
'script_name': request.path,
'get_data': request.args.copy(),
'post_data': request.form.copy(),
'query_string': request.query_string
}
return req
def build_saml_auth():
req = build_saml_req()
return OneLogin_Saml2_Auth(req, custom_base_path=CONFIG_PATH)
@app.route('/')
def index():
if 'email' in session:
return redirect('/success')
return render_template('index.html')
@app.route('/login', methods=['POST'])
def login():
"""SAML SSO End-Point
"""
print('Login recieved')
authn = build_saml_auth()
login_url = authn.login()
return redirect(login_url)
@app.route('/success')
def success():
return render_template('success.html')
@app.route('/metadata')
def metadata():
"""SAML Metadata End-Point
"""
auth = build_saml_auth()
saml_settings = auth.get_settings()
metadata = saml_settings.get_sp_metadata()
errors = saml_settings.validate_metadata(metadata)
if errors:
print(auth.get_last_error_reason())
return make_response(', '.join(errors), 500)
resp = make_response(metadata, 200)
resp.headers['Content-Type'] = 'text/xml'
return resp
@app.route('/consume', methods=['POST'])
def consume():
"""SAML ACS End-Point
"""
auth = build_saml_auth()
auth.process_response()
errors = auth.get_errors()
if errors:
print(auth.get_last_error_reason())
return make_response(', '.join(errors), 500)
if not auth.is_authenticated():
return make_response('Auth failed'.join(errors), 500)
session['email'] = auth.get_attribute('email')[0]
return redirect('/success')
@app.route('/logout')
def logout():
name_id = None
session_index = None
auth = build_saml_auth()
session.clear()
return redirect(auth.logout(name_id=name_id, session_index=session_index))