101 lines
3.5 KiB
Python
101 lines
3.5 KiB
Python
#! /usr/bin/env python
|
|
# -*- coding: utf-8 -*-
|
|
|
|
import sys
|
|
sys.path.insert(0, '../')
|
|
import string
|
|
|
|
import lasso
|
|
|
|
####################
|
|
# Service provider #
|
|
####################
|
|
server = lasso.Server.new("../../examples/sp.xml",
|
|
"../../examples/rsapub.pem", "../../examples/rsakey.pem", "../../examples/rsacert.pem",
|
|
lasso.signatureMethodRsaSha1)
|
|
|
|
server.add_provider("../../examples/idp.xml", None, None)
|
|
server_dump = server.dump()
|
|
server.destroy()
|
|
|
|
# create AuthnRequest
|
|
server = lasso.Server.new_from_dump(server_dump)
|
|
splogin = lasso.Login.new(server)
|
|
ret = splogin.init_authn_request("https://identity-provider:2003/liberty-alliance/metadata")
|
|
splogin.request.set_isPassive(0)
|
|
splogin.request.set_forceAuthn(1)
|
|
splogin.request.set_nameIDPolicy(lasso.libNameIDPolicyTypeFederated)
|
|
splogin.request.set_relayState("fake")
|
|
splogin.request.set_consent(lasso.libConsentObtained)
|
|
splogin.request.set_protocolProfile(lasso.libProtocolProfileBrwsArt)
|
|
|
|
splogin.build_authn_request_msg()
|
|
print "message url =", splogin.msg_url
|
|
|
|
#####################
|
|
# Identity provider #
|
|
#####################
|
|
server = lasso.Server.new("../../examples/idp.xml",
|
|
None, "../../examples/rsakey.pem", "../../examples/rootcert.pem",
|
|
lasso.signatureMethodRsaSha1)
|
|
|
|
server.add_provider("../../examples/sp.xml",
|
|
"../../examples/rsapub.pem", "../../examples/rsacert.pem")
|
|
|
|
# create AuthnResponse OR artifact (depending ProtocolProfile)
|
|
idplogin = lasso.Login.new(server)
|
|
|
|
# get query part in msg_url
|
|
authn_request_msg = string.split(splogin.msg_url, '?')[1]
|
|
ret = idplogin.init_from_authn_request_msg(authn_request_msg,
|
|
lasso.httpMethodRedirect)
|
|
|
|
print "ProtocolProfile =", idplogin.protocolProfile
|
|
|
|
must_authenticate = idplogin.must_authenticate()
|
|
print "User must be authenticated =", must_authenticate
|
|
|
|
if idplogin.protocolProfile == lasso.loginProtocolProfileBrwsArt:
|
|
ret = idplogin.build_artifact_msg(1,
|
|
lasso.samlAuthenticationMethodPassword,
|
|
"",
|
|
lasso.httpMethodRedirect)
|
|
print "ret = %d, msg_url = %s" % (ret, idplogin.msg_url)
|
|
sess = idplogin.get_session()
|
|
print sess.providerIDs
|
|
|
|
####################
|
|
# Service provider #
|
|
####################
|
|
server = lasso.Server.new("../../examples/sp.xml",
|
|
"../../examples/rsapub.pem", "../../examples/rsakey.pem", "../../examples/rsacert.pem",
|
|
lasso.signatureMethodRsaSha1)
|
|
|
|
server.add_provider("../../examples/idp.xml", None, None)
|
|
|
|
# create Request OR finish (if an authnResponse was received)
|
|
splogin = lasso.Login.new(server)
|
|
|
|
response_msg = string.split(idplogin.msg_url, '?')[1]
|
|
ret = splogin.init_request(response_msg,
|
|
lasso.httpMethodRedirect)
|
|
|
|
ret = splogin.build_request_msg()
|
|
print "ret = %d, msg_url = %s, msg_body = %s" % (ret, splogin.msg_url, splogin.msg_body)
|
|
|
|
#####################
|
|
# Identity provider #
|
|
#####################
|
|
server = lasso.Server.new("../../examples/idp.xml",
|
|
None, "../../examples/rsakey.pem", "../../examples/rootcert.pem",
|
|
lasso.signatureMethodRsaSha1)
|
|
|
|
server.add_provider("../../examples/sp.xml",
|
|
"../../examples/rsapub.pem", "../../examples/rsacert.pem")
|
|
|
|
# create Response
|
|
idplogin = lasso.Login.new(server)
|
|
|
|
ret = idplogin.process_request_msg(splogin.msg_body)
|
|
print "samlp:AssertionArtifact = %s" % idplogin.assertionArtifact
|