Affichage variables SAMLResponse apres authentification

django/sp_sso/saml/views.py

@@ -1,24 +1,6 @@
 from django.shortcuts import render
 from django.http import HttpResponse
-#from django.template import RequestContext
 from django.views.decorators.csrf import csrf_exempt
-
-import xml.etree.ElementTree as ET
-import ldap
-import ldap.modlist as modlist
-import json
-
-#import django-mellonA
-
-
-# From combo/commbo/public/views.py
-#   TODO dependency boil-down
-#=======================
-import json
-import urllib
-import urlparse
-
-import django
 from django.conf import settings
 from django.contrib import messages
 from django.contrib.auth import logout as auth_logout
@@ -29,21 +11,22 @@ from django.http import (Http404, HttpResponse, HttpResponseRedirect,
         HttpResponsePermanentRedirect)
 from django.shortcuts import render, resolve_url
 from django.template import RequestContext, loader
-
-if django.VERSION >= (1, 8):
-    from django.utils import lorem_ipsum
-else:
-    from django.contrib.webdesign import lorem_ipsum
-
 from django.utils.translation import ugettext as _
 from django.forms.widgets import Media
 from mellon.utils import get_idps
-#============================
-
-import pdb
 from mellon.models import UserSAMLIdentifier
 from inspect import getmembers
 
+
+import xml.etree.ElementTree as ET
+import ldap
+import ldap.modlist as modlist
+import json
+import urllib
+import urlparse
+import django
+import pdb
+
 # Create your views here.
 base = "ou=People,dc=entrouvert,dc=lan"
 scope = ldap.SCOPE_SUBTREE
@@ -61,43 +44,18 @@ def index(request):
     #    # We need to format the entry before adding it
     #    #   in the LDAP directory
     #    LDAPAddEntry(identity)
-
-    #pdb.set_trace()
-    #req = request.META
-
     #return HttpResponse(WCSSubmit(identity))
-    #return HttpResponse("'"+str(req)+"'")
-
-    #XXX transactional/atomic operation
-    #loggedin = UserSAMLIdentifier.objects.last()
-    #loggedin = UserSAMLIdentifier.objects.last().user
-    #loggedin = UserSAMLIdentifier.objects.last().serializable_value
-    #loggedin = UserSAMLIdentifier.objects.last()
-    #loggedin = dir(UserSAMLIdentifier.objects.last())
-    #loggedin = dir(dict(UserSAMLIdentifier.objects.last()))
-    #loggedin = UserSAMLIdentifier.objects.last().id
-    #loggedin = dir(UserSAMLIdentifier.objects.last().user)
-    #loggedin = UserSAMLIdentifier.objects.last().user.first_name
-    #loggedin = getmembers(UserSAMLIdentifier.objects.last().user)
-    #return HttpResponse(str(loggedin))
-    #loggedin = UserSAMLIdentifier.objects.last().user
-    #loggedin = UserSAMLIdentifier.objects.last().user.username
-    #loggedin = str(UserSAMLIdentifier.objects.last().user.username)
-    #loggedin = getmembers(UserSAMLIdentifier.objects.last().user)
-    #return render(request, 'logged.html', {'loggedin' : loggedin})
-    #return HttpResponse(str(settings.MELLON_ATTRIBUTE_MAPPING.keys()))
-    #return HttpResponse(loggedin)
 
     loggedin = {}
-    workaround = "          "
 
-    #keys = settings.MELLON_ATTRIBUTE_MAPPING.keys()
+    # Build the SSO operation summary:
     loggedin['first_name'] = UserSAMLIdentifier.objects.last().user.first_name
     loggedin['last_name'] = UserSAMLIdentifier.objects.last().user.last_name
     loggedin['email'] = UserSAMLIdentifier.objects.last().user.email
     loggedin['password'] = UserSAMLIdentifier.objects.last().user.password
-    return render(request, 'logged.html', {'loggedin' : loggedin, 'workaround' : workaround})
-    #return HttpResponse(str(dict))
+
+    # Render HTML from minimalistic POC template:
+    return render(request, 'logged.html', {'loggedin' : loggedin})
 
 def ParseSAML(saml_assert):
     # XML namespaces defined in the sample SAML assertion:

django/sp_sso/sp_sso/settings.py

@@ -44,9 +44,6 @@ LOGIN_REDIRECT_URL = '/saml/index/'
 LOGOUT_URL = '/saml/logout/'
 
 MELLON_ATTRIBUTE_MAPPING = {
-    #'email': '{attributes[email][0]}',
-    #'first_name': '{attributes[first_name][0]}',
-    #'last_name': '{attributes[last_name][0]}',
     'first_name': '{attributes[fname_test][0]}',
     'last_name': '{attributes[lname_test][0]}',
     'email' : '{attributes[email_test][0]}',
@@ -59,7 +56,6 @@ MELLON_SUPERUSER_MAPPING = {
 
 MELLON_USERNAME_TEMPLATE = '{attributes[name_id_content]}'
 
-#MELLON_IDENTITY_PROVIDERS = []
 MELLON_IDENTITY_PROVIDERS = [{
     'METADATA_URL': 'http://localhost:8000/idp/saml2/metadata'
 }]

django/sp_sso/sp_sso/views.py

@@ -5,4 +5,4 @@ from django.views.decorators.csrf import csrf_exempt
 
 @csrf_exempt
 def index(request):
-    return HttpResponse("Minimalistic homepage<br>"+request.scheme+" <br><br>"+request.method+" <br><br>"+str(request.body)+" <br><br>"+str(request.COOKIES)+" <br><br>"+str(request.META))
+    return HttpResponse("SP located at /saml/{login,index}")

django/sp_sso/templates/logged.html

@@ -3,6 +3,6 @@
 {% block content %}
 {% csrf_token %}
 {% for l, u in loggedin.items %}
-    {{ workaround }}  {{ l }} : {{ u }} <br>
+    {{ l }} : {{ u }} <br>
 {% endfor %}
 {% endblock %}

misc/samlassert.xml

@@ -0,0 +1,39 @@
+<?xml version="1.0"?>
+<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_CD4CC621A02FDE6054649B69E6DBCC41" InResponseTo="_A79D6A8E4A93A92D65EE570ECA571BDB" Version="2.0" IssueInstant="2017-02-15T14:14:04Z" Destination="http://localhost:8008/accounts/mellon/login/" Consent="urn:oasis:names:tc:SAML:2.0:consent:prior">
+  <saml:Issuer>http://localhost:8000/idp/saml2/metadata</saml:Issuer>
+  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">\n<SignedInfo>\n<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>\n<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>\n<Reference URI="#_CD4CC621A02FDE6054649B69E6DBCC41">\n<Transforms>\n<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>\n<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>\n</Transforms>\n<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>\n<DigestValue>ozqrnvN5HCJ8jxnPK8oT8U/+sHk=</DigestValue>\n</Reference>\n</SignedInfo>\n<SignatureValue>Ccne2rcykuXTgGW8QSNCANcliOvvl854uyiwPXGTGYbKfDNrFq87HNmDDizLslDY\nZVETw6TdVRi6vKlHebW0uWO9F4XRy7o4qEGiIEhLLGe1MIz+PWKqd1G1FcoQcEVG\nojZioS1BfWxcySZrU/OXftIsW929wYeXV+FsHauihGolAp5tnf+e0es5Gk2kuawy\nLBSEoWtriXRVMpEDfl1BHM61Y1uzkpmeA221e07WLDLr/KuAf4PS0px7l8YUEDz4\nA87GHekQ8ar2OiS+9unJ9DhZ+qFzLeddb6IdxHqUfWkdmAdajGffAyvfefEcm5wp\njE2b6cQPv0xh530CEFRXUw==</SignatureValue>\n<KeyInfo>\n<X509Data>\n<X509Certificate>MIIDIzCCAgugAwIBAgIJANUBoick1pDpMA0GCSqGSIb3DQEBBQUAMBUxEzARBgNV\nBAoTCkVudHJvdXZlcnQwHhcNMTAxMjE0MTUzMzAyWhcNMTEwMTEzMTUzMzAyWjAV\nMRMwEQYDVQQKEwpFbnRyb3V2ZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAvxFkfPdndlGgQPDZgFGXbrNAc/79PULZBuNdWFHDD9P5hNhZn9Kqm4Cp\n06Pe/A6u+g5wLnYvbZQcFCgfQAEzziJtb3J55OOlB7iMEI/T2AX2WzrUH8QT8NGh\nABONKU2Gg4XiyeXNhH5R7zdHlUwcWq3ZwNbtbY0TVc+n665EbrfV/59xihSqsoFr\nkmBLH0CoepUXtAzA7WDYn8AzusIuMx3n8844pJwgxhTB7Gjuboptlz9Hri8JRdXi\nVT9OS9Wt69ubcNoM6zuKASmtm48UuGnhj8v6XwvbjKZrL9kA+xf8ziazZfvvw/VG\nTm+IVFYB7d1x457jY5zjjXJvNysoowIDAQABo3YwdDAdBgNVHQ4EFgQUeF8ePnu0\nfcAK50iBQDgAhHkOu8kwRQYDVR0jBD4wPIAUeF8ePnu0fcAK50iBQDgAhHkOu8mh\nGaQXMBUxEzARBgNVBAoTCkVudHJvdXZlcnSCCQDVAaInJNaQ6TAMBgNVHRMEBTAD\nAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAy8l3GhUtpPHx0FxzbRHVaaUSgMwYKGPhE\nIdGhqekKUJIx8et4xpEMFBl5XQjBNq/mp5vO3SPb2h2PVSks7xWnG3cvEkqJSOeo\nfEEhkqnM45b2MH1S5uxp4i8UilPG6kmQiXU2rEUBdRk9xnRWos7epVivTSIv1Ncp\nlG6l41SXp6YgIb2ToT+rOKdIGIQuGDlzeR88fDxWEU0vEujZv/v1PE1YOV0xKjTT\nJumlBc6IViKhJeo1wiBBrVRIIkKKevHKQzteK8pWm9CYWculxT26TZ4VWzGbo06j\no2zbumirrLLqnt1gmBDvDvlOwC/zAAyL4chbz66eQHTiIYZZvYgy</X509Certificate>\n</X509Data>\n</KeyInfo>\n</Signature>
+  <samlp:Status>
+    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+  </samlp:Status>
+  <saml:Assertion Version="2.0" ID="_A86605DF1F9D51A8BD5EFB5F9B02A712" IssueInstant="2017-02-15T14:14:10Z">
+    <saml:Issuer>http://localhost:8000/idp/saml2/metadata</saml:Issuer>
+    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">\n<SignedInfo>\n<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>\n<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>\n<Reference URI="#_A86605DF1F9D51A8BD5EFB5F9B02A712">\n<Transforms>\n<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>\n<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>\n</Transforms>\n<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>\n<DigestValue>F9UyV7kkrdL45HhZmIG+qR8hqE8=</DigestValue>\n</Reference>\n</SignedInfo>\n<SignatureValue>cmFamTX6vzK0evsehNv8U7Mjz1JXdz60ZGpzEuner+xEdB8I4rISzWZBLmLQYMiU\n8IlCZYvOeaeHIwf/xStowUZy+dfjzYKMmN5OD9z9ifD5Kr6rNNS9a0Tsmu55HUvv\nD83CkGS2c8HsdpWTR3Og7ED2lVT6rsXTx+VgTJ1mzl0ONVKPSnTp8x09VgHbMFXh\nLq5Pg+5im+G0jJIcpVN3VesVzLdfP6w3CjJz5f+aMllfvRdYYSad0vyXlLUx59Al\nAsIeqFTFq3uKsVHH4yd/JZoFwrhFE4Q6Ve9UeTRw9qR+y6M+fd/cJTcvFzHjKo2A\nTEt9QYM4RpfPPy4conjGqg==</SignatureValue>\n<KeyInfo>\n<X509Data>\n<X509Certificate>MIIDIzCCAgugAwIBAgIJANUBoick1pDpMA0GCSqGSIb3DQEBBQUAMBUxEzARBgNV\nBAoTCkVudHJvdXZlcnQwHhcNMTAxMjE0MTUzMzAyWhcNMTEwMTEzMTUzMzAyWjAV\nMRMwEQYDVQQKEwpFbnRyb3V2ZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAvxFkfPdndlGgQPDZgFGXbrNAc/79PULZBuNdWFHDD9P5hNhZn9Kqm4Cp\n06Pe/A6u+g5wLnYvbZQcFCgfQAEzziJtb3J55OOlB7iMEI/T2AX2WzrUH8QT8NGh\nABONKU2Gg4XiyeXNhH5R7zdHlUwcWq3ZwNbtbY0TVc+n665EbrfV/59xihSqsoFr\nkmBLH0CoepUXtAzA7WDYn8AzusIuMx3n8844pJwgxhTB7Gjuboptlz9Hri8JRdXi\nVT9OS9Wt69ubcNoM6zuKASmtm48UuGnhj8v6XwvbjKZrL9kA+xf8ziazZfvvw/VG\nTm+IVFYB7d1x457jY5zjjXJvNysoowIDAQABo3YwdDAdBgNVHQ4EFgQUeF8ePnu0\nfcAK50iBQDgAhHkOu8kwRQYDVR0jBD4wPIAUeF8ePnu0fcAK50iBQDgAhHkOu8mh\nGaQXMBUxEzARBgNVBAoTCkVudHJvdXZlcnSCCQDVAaInJNaQ6TAMBgNVHRMEBTAD\nAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAy8l3GhUtpPHx0FxzbRHVaaUSgMwYKGPhE\nIdGhqekKUJIx8et4xpEMFBl5XQjBNq/mp5vO3SPb2h2PVSks7xWnG3cvEkqJSOeo\nfEEhkqnM45b2MH1S5uxp4i8UilPG6kmQiXU2rEUBdRk9xnRWos7epVivTSIv1Ncp\nlG6l41SXp6YgIb2ToT+rOKdIGIQuGDlzeR88fDxWEU0vEujZv/v1PE1YOV0xKjTT\nJumlBc6IViKhJeo1wiBBrVRIIkKKevHKQzteK8pWm9CYWculxT26TZ4VWzGbo06j\no2zbumirrLLqnt1gmBDvDvlOwC/zAAyL4chbz66eQHTiIYZZvYgy</X509Certificate>\n</X509Data>\n</KeyInfo>\n</Signature>
+    <saml:Subject>
+      <saml:NameID NameQualifier="http://localhost:8000/idp/saml2/metadata">_1E83322C6A38FF13CF515D299647E04E</saml:NameID>
+      <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+        <saml:SubjectConfirmationData NotOnOrAfter="2017-02-15T14:15:10.325204Z" Recipient="http://localhost:8008/accounts/mellon/login/" InResponseTo="_A79D6A8E4A93A92D65EE570ECA571BDB"/>
+      </saml:SubjectConfirmation>
+    </saml:Subject>
+    <saml:Conditions NotBefore="2017-02-15T14:13:10.325204Z" NotOnOrAfter="2017-02-15T14:15:10.325204Z">
+      <saml:AudienceRestriction>
+        <saml:Audience>http://localhost:8008/accounts/mellon/metadata/</saml:Audience>
+      </saml:AudienceRestriction>
+    </saml:Conditions>
+    <saml:AuthnStatement AuthnInstant="2017-02-15T14:14:10.325204Z" SessionIndex="_A86605DF1F9D51A8BD5EFB5F9B02A712" SessionNotOnOrAfter="2017-03-01T14:14:10Z">
+      <saml:AuthnContext>
+        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
+      </saml:AuthnContext>
+    </saml:AuthnStatement>
+    <saml:AttributeStatement>
+      <saml:Attribute Name="id_test" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Test ID">
+        <saml:AttributeValue>2</saml:AttributeValue>
+      </saml:Attribute>
+      <saml:Attribute Name="lname_test" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Test Last Name">
+        <saml:AttributeValue>Marillonnet</saml:AttributeValue>
+      </saml:Attribute>
+      <saml:Attribute Name="fname_test" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Test First Name">
+        <saml:AttributeValue>Paul</saml:AttributeValue>
+      </saml:Attribute>
+    </saml:AttributeStatement>
+  </saml:Assertion>
+</samlp:Response>