summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Changelog6
-rw-r--r--README5
-rw-r--r--mellon/app_settings.py1
-rw-r--r--mellon/views.py34
4 files changed, 39 insertions, 7 deletions
diff --git a/Changelog b/Changelog
index ea6dcd6..27d8c4d 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,9 @@
+1.2.x
+-----
+
+- add setting MELLON_VERIFY_SSL_CERTIFICATE
+- improve logs in SAML artifact error paths
+
1.2.16
------
diff --git a/README b/README
index f59cc16..9471f8f 100644
--- a/README
+++ b/README
@@ -241,6 +241,11 @@ MELLON_ERROR_REDIRECT_AFTER_TIMEOUT
Timeout in seconds before automatically redirecting the user to the
continue URL when authentication has failed. Default is 120 seconds.
+MELLON_VERIFY_SSL_CERTIFICATE
+-----------------------------
+
+Verify SSL certificate when doing HTTP requests, used when resolving artifacts.
+Default is True.
Tests
=====
diff --git a/mellon/app_settings.py b/mellon/app_settings.py
index 3dd5b57..717107f 100644
--- a/mellon/app_settings.py
+++ b/mellon/app_settings.py
@@ -26,6 +26,7 @@ class AppSettings(object):
'ERROR_URL': None,
'ERROR_REDIRECT_AFTER_TIMEOUT': 120,
'DEFAULT_ASSERTION_CONSUMER_BINDING': 'post', # or artifact
+ 'VERIFY_SSL_CERTIFICATE': True,
}
@property
diff --git a/mellon/views.py b/mellon/views.py
index 86c0d7f..0e7dc87 100644
--- a/mellon/views.py
+++ b/mellon/views.py
@@ -1,5 +1,6 @@
import logging
import requests
+from requests.exceptions import RequestException
from django.views.generic import View
from django.http import HttpResponseBadRequest, HttpResponseRedirect, HttpResponse
@@ -139,18 +140,36 @@ class LoginView(LogMixin, View):
return HttpResponseRedirect(next_url)
def continue_sso_artifact_get(self, request):
- login = utils.create_login(request)
- login.initRequest(request.META['QUERY_STRING'], lasso.HTTP_METHOD_ARTIFACT_GET)
- login.buildRequestMsg()
-
idp_message = None
status_codes = []
- result = requests.post(login.msgUrl, data=login.msgBody,
- headers={'content-type': 'text/xml'})
+ login = utils.create_login(request)
+ try:
+ login.initRequest(request.META['QUERY_STRING'], lasso.HTTP_METHOD_ARTIFACT_GET)
+ except lasso.ServerProviderNotFoundError:
+ self.log.warning('no entity id found for artifact %s',
+ request.GET['SAMLart'])
+ return HttpResponseBadRequest(
+ 'no entity id found for this artifact %r' %
+ request.GET['SAMLart'])
+ idp = utils.get_idp(login.remoteProviderId)
+ if not idp:
+ self.log.warning('entity id %r is unknown', login.remoteProviderId)
+ return HttpResponseBadRequest(
+ 'entity id %r is unknown' % login.remoteProviderId)
+ verify_ssl_certificate = utils.get_setting(
+ idp, 'VERIFY_SSL_CERTIFICATE')
+ login.buildRequestMsg()
+ try:
+ result = requests.post(login.msgUrl, data=login.msgBody,
+ headers={'content-type': 'text/xml'},
+ verify=verify_ssl_certificate)
+ except RequestException, e:
+ self.log.warning('unable to reach %r: %s', login.msgUrl, e)
+ return HttpResponseBadRequest('unable to reach %r: %s' % (login.msgUrl, e))
if result.status_code != 200:
self.log.warning('SAML authentication failed: '\
- 'IdP returned %s when given artifact' % result.status_code)
+ 'IdP returned %s when given artifact', result.status_code)
return self.sso_failure(request, login, idp_message, status_codes)
try:
@@ -174,6 +193,7 @@ class LoginView(LogMixin, View):
args.append(status.statusMessage)
self.log.warning(*args)
except lasso.Error, e:
+ self.log.exception('unexpected lasso error')
return HttpResponseBadRequest('error processing the authentication '
'response: %r' % e)
else: