summaryrefslogtreecommitdiffstats
path: root/idp/extra/modules/saml2.py
diff options
context:
space:
mode:
authorFrederic Peters <fpeters@0d.be>2009-04-06 16:10:25 (GMT)
committerFrederic Peters <fpeters@0d.be>2009-04-06 16:10:25 (GMT)
commit370a21371a3612761232a51b21e446bbd4267cc1 (patch)
tree55acda6d8b510ba2d853c362a220459bbf70ffba /idp/extra/modules/saml2.py
parent57f3c1d64b73e9811b82cbfe1c88aa8478b920e2 (diff)
downloadpratic-370a21371a3612761232a51b21e446bbd4267cc1.zip
pratic-370a21371a3612761232a51b21e446bbd4267cc1.tar.gz
pratic-370a21371a3612761232a51b21e446bbd4267cc1.tar.bz2
stop unauthorized user right on IdP (beo#267)
Diffstat (limited to 'idp/extra/modules/saml2.py')
-rw-r--r--idp/extra/modules/saml2.py12
1 files changed, 12 insertions, 0 deletions
diff --git a/idp/extra/modules/saml2.py b/idp/extra/modules/saml2.py
index f6f0089..6fcbe0a 100644
--- a/idp/extra/modules/saml2.py
+++ b/idp/extra/modules/saml2.py
@@ -2,6 +2,7 @@ from quixote import get_session
from qommon import get_cfg
from qommon import errors
+from qommon import template
import liberty.saml2
@@ -69,3 +70,14 @@ class AlternateSaml2Directory(liberty.saml2.RootDirectory):
provider_key = misc.get_provider_key(provider_id)
return check_access_authorizations(provider_key)
+ def sso_after_authentication(self, login, user_authenticated, proxied = False):
+ if user_authenticated:
+ if not self.check_access_authorizations(login):
+ provider_id = login.remoteProviderId
+ provider_key = misc.get_provider_key(provider_id)
+ label = misc.get_provider_and_label(provider_key)
+ return template.error_page(_('''\
+You do not have required authorizations to access the "%s" service,
+you should contact the administration of your collectivity.'''))
+ return AlternateSaml2Directory.sso_after_authentication(
+ self, login, user_authenticated, proxied=proxied)