diff options
author | Roland Hedberg <roland.hedberg@adm.umu.se> | 2015-03-09 11:23:18 -0700 |
---|---|---|
committer | Roland Hedberg <roland.hedberg@adm.umu.se> | 2015-03-09 11:23:18 -0700 |
commit | 43a962f535823b463a9c00be342cae9a6d68b1ee (patch) | |
tree | 289b52de79698ca3e8a5f4416473cc782d243f79 | |
parent | 428531cc94dd6f29b4b07320d1b4489645dd86e9 (diff) | |
parent | 65399af7db4968949a3ca4f2b7c23c19bdb7c946 (diff) | |
download | pysaml2-43a962f535823b463a9c00be342cae9a6d68b1ee.tar.gz |
Merge pull request #191 from rebeckag/force_authn
Small improvements of idp2.
-rw-r--r-- | example/idp2/htdocs/login.mako | 2 | ||||
-rwxr-xr-x | example/idp2/idp.py | 28 |
2 files changed, 18 insertions, 12 deletions
diff --git a/example/idp2/htdocs/login.mako b/example/idp2/htdocs/login.mako index 6f236732..7555deb7 100644 --- a/example/idp2/htdocs/login.mako +++ b/example/idp2/htdocs/login.mako @@ -14,7 +14,7 @@ <label for="login">Username</label> </div> <div> - <input type="text" name="login" value="${login}"/><br/> + <input type="text" name="login" value="${login}" autofocus><br/> </div> <div class="label"> diff --git a/example/idp2/idp.py b/example/idp2/idp.py index 90339c8b..08c0e0c0 100755 --- a/example/idp2/idp.py +++ b/example/idp2/idp.py @@ -143,7 +143,7 @@ class Service(object): saml_msg["RelayState"], encrypt_cert=_encrypt_cert, **kwargs) except KeyError: - # Can live with no relay state # TODO or can we, for inacademia? + # Can live with no relay state return self.do(saml_msg["SAMLRequest"], binding, saml_msg["RelayState"], **kwargs) @@ -211,10 +211,13 @@ class Service(object): def not_authn(self, key, requested_authn_context): ruri = geturl(self.environ, query=False) - return do_authentication(self.environ, self.start_response, - authn_context=requested_authn_context, - key=key, redirect_uri=ruri) + kwargs = dict(authn_context=requested_authn_context, key=key, redirect_uri=ruri) + # Clear cookie, if it already exists + kaka = delete_cookie(self.environ, "idpauthn") + if kaka: + kwargs["headers"] = [kaka] + return do_authentication(self.environ, self.start_response, **kwargs) # ----------------------------------------------------------------------------- @@ -422,7 +425,8 @@ class SSO(Service): saml_msg["SAMLRequest"], BINDING_HTTP_POST) _req = self.req_info.message if self.user: - if _req.force_authn: + if _req.force_authn is not None and \ + _req.force_authn.lower() == 'true': saml_msg["req_info"] = self.req_info key = self._store_request(saml_msg) return self.not_authn(key, _req.requested_authn_context) @@ -486,7 +490,7 @@ class SSO(Service): def do_authentication(environ, start_response, authn_context, key, - redirect_uri): + redirect_uri, headers=None): """ Display the login form """ @@ -496,7 +500,7 @@ def do_authentication(environ, start_response, authn_context, key, if len(auth_info): method, reference = auth_info[0] logger.debug("Authn chosen: %s (ref=%s)" % (method, reference)) - return method(environ, start_response, reference, key, redirect_uri) + return method(environ, start_response, reference, key, redirect_uri, headers) else: resp = Unauthorized("No usable authentication method") return resp(environ, start_response) @@ -513,15 +517,17 @@ PASSWD = { def username_password_authn(environ, start_response, reference, key, - redirect_uri): + redirect_uri, headers=None): """ Display the login form """ logger.info("The login page") - headers = [] - resp = Response(mako_template="login.mako", template_lookup=LOOKUP, - headers=headers) + kwargs = dict(mako_template="login.mako", template_lookup=LOOKUP) + if headers: + kwargs["headers"] = headers + + resp = Response(**kwargs) argv = { "action": "/verify", |