diff --git a/lcs/root.ptl b/lcs/root.ptl
index f0615af..4627302 100644
--- a/lcs/root.ptl
+++ b/lcs/root.ptl
@@ -92,50 +92,68 @@ class RootDirectory(Directory):
def _q_index [html] (self):
template.html_top('Lasso Conformance SP')
- if not get_request().user:
- form = Form(enctype='multipart/form-data')
- form.add(HtmlWidget, '
')
- form.add(CheckboxWidget, 'force_authn', value = False,
- title = _('Force Authentication (ForceAuthn)'))
- form.add(CheckboxWidget, 'is_passive',
- title = _('No interaction (IsPassive)'))
- form.add(CheckboxWidget, 'allow_create', value = True,
- title = _('Allow new federation'))
- form.add(SingleSelectWidget, 'nid_format',
- title = _('Name Identifier Format'),
- options = [('persistent', _('Persistent')),
- ('transient', _('Transient')),
- ('none', _('(none'))])
- # XXX: affiliation
- form.add(SingleSelectWidget, 'consent',
- title = _('Consent'),
- options = ['(empty)', 'obtained', 'prior', 'current-implicit',
- 'current-explicit', 'unavailable', 'inapplicable'])
- form.add(SingleSelectWidget, 'authn_context',
- title = _('Authn Req Context'),
- options = ['(empty)', 'password', 'password on protected transport',
- 'Client Certificate'])
- form.add(SingleSelectWidget, 'matching',
- title = _('Matching Rule'),
- options = ['(empty)', 'exact', 'minimum', 'maximum', 'better'])
- form.add(HtmlWidget, '
')
-
- for kidp, idp in get_cfg('idp', {}).items():
- form.add_submit(kidp, _('Log on %s') % kidp)
-
- if form.is_submitted():
- return self.do_login(form)
-
if get_request().user:
- '%s
' % _('Logged in (%s)') % get_request().user.display_name
- '%s
' % _('Logout')
+ self.loggedin_page()
else:
- form.render()
+ self.unlogged_page()
+
+ def unlogged_page [html] (self):
+ form = Form(enctype='multipart/form-data')
+ form.add(HtmlWidget, '')
+ form.add(CheckboxWidget, 'force_authn', value = False,
+ title = _('Force Authentication (ForceAuthn)'))
+ form.add(CheckboxWidget, 'is_passive',
+ title = _('No interaction (IsPassive)'))
+ form.add(CheckboxWidget, 'allow_create', value = True,
+ title = _('Allow new federation'))
+ form.add(SingleSelectWidget, 'nid_format',
+ title = _('Name Identifier Format'),
+ options = [('persistent', _('Persistent')),
+ ('transient', _('Transient')),
+ ('none', _('(none'))])
+ # XXX: affiliation
+ form.add(SingleSelectWidget, 'consent',
+ title = _('Consent'),
+ options = ['(empty)', 'obtained', 'prior', 'current-implicit',
+ 'current-explicit', 'unavailable', 'inapplicable'])
+ form.add(SingleSelectWidget, 'authn_context',
+ title = _('Authn Req Context'),
+ options = ['(empty)', 'password', 'password on protected transport',
+ 'Client Certificate'])
+ form.add(SingleSelectWidget, 'matching',
+ title = _('Matching Rule'),
+ options = ['(empty)', 'exact', 'minimum', 'maximum', 'better'])
+ form.add(HtmlWidget, '
')
+
+ for kidp, idp in get_cfg('idp', {}).items():
+ form.add_submit(kidp, _('Log on %s') % kidp)
+
+ if form.is_submitted():
+ return self.do_login(form)
+
+ form.render()
+
+ def loggedin_page [html] (self):
+ form = Form(enctype='multipart/form-data')
+ form.add_submit('logout', _('Local Logout'))
+ form.add_submit('slo-soap', _('Single Logout (SOAP)'))
+ form.add_submit('slo-redirect', _('Single Logout (Redirect)'))
+
+ if form.is_submitted():
+ if form.get_submit() == 'logout':
+ get_session_manager().expire_session()
+ return redirect('/')
+ if form.get_submit() == 'slo-soap':
+ return self.saml.slo_sp(lasso.HTTP_METHOD_SOAP)
+ if form.get_submit() == 'slo-redirect':
+ return self.saml.slo_sp(lasso.HTTP_METHOD_REDIRECT)
+
+ '%s
' % _('Logged in (%s)') % get_request().user.display_name
''
get_session().lasso_identity_provider_id
'
'
-
+ form.render()
def do_login(self, form):
server = misc.get_lasso_server(protocol = 'saml2')