works with more than one IdP

2005-05-24 11:07:43 +00:00 · 2005-05-24 11:07:43 +00:00 · c79cd93d90
parent 792565b1b2
commit c79cd93d90
1 changed files with 49 additions and 7 deletions
--- a/wcs/liberty/root.ptl
+++ b/wcs/liberty/root.ptl
@ -5,7 +5,6 @@ import httplib

 from quixote import get_request, get_response, redirect, get_field
 from quixote.directory import Directory
-from quixote.form import *
 from quixote.html import htmltext

 from quixote.http_request import parse_header
@ -16,19 +15,62 @@ import lasso

 import wcs.misc
 from wcs import storage
+from wcs.form import *
+
+
+def html_top [html] (title = None):
+    try:
+        css = wcs.misc.cfg['appearance']['css']
+    except KeyError:
+        css = '/css/wcs.css'
+    return """<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <title>%s</title>
+    <link rel="stylesheet" type="text/css" href="%s"/>
+  </head>
+  <body>
+  <div id="page">
+  <div id="top">
+  <h1>%s</h1>
+  </div>
+  <div id="main-content">""" % (title, css, title)
+
+def html_foot [html] ():
+    return """</div><div id="footer"><p id="lasso">Powered by Lasso</p></div></div></body></html>"""
+

 class RootDirectory(Directory):
    _q_exports = ["", "login", "assertionConsumer", "singleLogout", "soapEndpoint",
            "federationTermination", "federationTerminationReturn"]

-    def login(self):
-        server = wcs.misc.get_lasso_server()
-        login = lasso.Login(server)
+    def login [html] (self):
        idps = wcs.misc.cfg.get('idp', {}).values()
        if len(idps) > 1:
-            # XXX: form to select idp
-            pass
-        login.initAuthnRequest(None, lasso.HTTP_METHOD_REDIRECT)
+            form = Form(enctype="multipart/form-data")
+            options = []
+            # XXX: use intro cookie to get value
+            value = None
+            for kidp, idp in wcs.misc.cfg.get('idp', {}).items():
+                p = lasso.Provider(lasso.PROVIDER_ROLE_IDP, idp['metadata'], idp['publickey'], None)
+                options.append((p.providerId, wcs.misc.get_provider_label(p)))
+                if not value:
+                    value = p.providerId
+            form.add(RadiobuttonsWidget, 'idp', value = value, options = options, delim = "<br/>")
+            form.add_submit("submit", _("Submit"))
+            if not form.is_submitted() or form.has_errors():
+                html_top(_('Login'))
+                '<p>%s</p>' % _('Select the identity provider you want to use.')
+                form.render()
+                html_foot()
+            else:
+                return self.perform_login(form.get_widget('idp').parse())
+        else:
+            return self.perform_login()
+
+    def perform_login(self, idp = None):
+        server = wcs.misc.get_lasso_server()
+        login = lasso.Login(server)
+        login.initAuthnRequest(idp, lasso.HTTP_METHOD_REDIRECT)
        login.request.nameIdPolicy = "federated"
        login.request.forceAuthn = False
        login.request.isPassive = False