present sso options
git-svn-id: svn://localhost/lasso-conform/trunk@8 2a3a78c3-912c-0410-af21-e1fb2d1df599
This commit is contained in:
fpeters
parent
0cdadf6685
commit
94ea195174
67
lcs/root.ptl
67
lcs/root.ptl
|
|
@ -92,17 +92,80 @@ class RootDirectory(Directory):
|
|||
def _q_index [html] (self):
|
||||
template.html_top('Lasso Conformance SP')
|
||||
|
||||
if not get_request().user:
|
||||
form = Form(enctype='multipart/form-data')
|
||||
form.add(HtmlWidget, '<div id="sso-options">')
|
||||
form.add(CheckboxWidget, 'force_authn', value = False,
|
||||
title = _('Force Authentication (ForceAuthn)'))
|
||||
form.add(CheckboxWidget, 'is_passive',
|
||||
title = _('No interaction (IsPassive)'))
|
||||
form.add(CheckboxWidget, 'allow_create', value = True,
|
||||
title = _('Allow new federation'))
|
||||
form.add(SingleSelectWidget, 'nid_format',
|
||||
title = _('Name Identifier Format'),
|
||||
options = [('persistent', _('Persistent')),
|
||||
('transient', _('Transient')),
|
||||
('none', _('(none'))])
|
||||
# XXX: affiliation
|
||||
form.add(SingleSelectWidget, 'consent',
|
||||
title = _('Consent'),
|
||||
options = ['(empty)', 'obtained', 'prior', 'current-implicit',
|
||||
'current-explicit', 'unavailable', 'inapplicable'])
|
||||
form.add(SingleSelectWidget, 'authn_context',
|
||||
title = _('Authn Req Context'),
|
||||
options = ['(empty)', 'password', 'password on protected transport',
|
||||
'Client Certificate'])
|
||||
form.add(SingleSelectWidget, 'matching',
|
||||
title = _('Matching Rule'),
|
||||
options = ['(empty)', 'exact', 'minimum', 'maximum', 'better'])
|
||||
form.add(HtmlWidget, '</div>')
|
||||
|
||||
for kidp, idp in get_cfg('idp', {}).items():
|
||||
form.add_submit(kidp, _('Log on %s') % kidp)
|
||||
|
||||
if form.is_submitted():
|
||||
return self.do_login(form)
|
||||
|
||||
if get_request().user:
|
||||
'<p>%s</p>' % _('Logged in (%s)') % get_request().user.display_name
|
||||
'<p id="logout"><a href="logout">%s</a></p>' % _('Logout')
|
||||
else:
|
||||
if get_cfg('sp'):
|
||||
'<p id="login"><a href="login">%s</a></p>' % _('Login')
|
||||
form.render()
|
||||
|
||||
'<pre>'
|
||||
get_session().lasso_identity_provider_id
|
||||
'</pre>'
|
||||
|
||||
|
||||
def do_login(self, form):
|
||||
server = misc.get_lasso_server(protocol = 'saml2')
|
||||
login = lasso.Login(server)
|
||||
|
||||
idp = None
|
||||
# XXX: get idp from submitted button
|
||||
|
||||
login.initAuthnRequest(idp, lasso.HTTP_METHOD_REDIRECT) # XXX: method must be an option
|
||||
|
||||
nid_format = form.get_widget('nid_format').parse()
|
||||
if nid_format == 'persistent':
|
||||
login.request.nameIDPolicy.format = lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT
|
||||
elif nid_format == 'transient':
|
||||
login.request.nameIDPolicy.format = lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT
|
||||
elif nid_format == 'none':
|
||||
login.request.nameIDPolicy.format = lasso.SAML2_NAME_IDENTIFIER_FORMAT_NONE
|
||||
|
||||
login.request.nameIDPolicy.allowCreate = form.get_widget('allow_create').parse()
|
||||
login.request.forceAuthn = form.get_widget('force_authn').parse()
|
||||
login.request.isPassive = form.get_widget('is_passive').parse()
|
||||
|
||||
consent = form.get_widget('consent').parse()
|
||||
if consent:
|
||||
login.request.consent = 'urn:oasis:names:tc:SAML:2.0:consent:%s' % consent
|
||||
|
||||
login.buildAuthnRequestMsg()
|
||||
return redirect(login.msgUrl)
|
||||
|
||||
|
||||
def logout(self):
|
||||
logger.info('logout')
|
||||
session = get_session()
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ div#page {
|
|||
text-align: justify;
|
||||
background: white url(img/page.png) repeat-y;
|
||||
color: black;
|
||||
position: relative;
|
||||
}
|
||||
|
||||
#top {
|
||||
|
|
@ -316,3 +317,13 @@ div.buttons {
|
|||
clear: both;
|
||||
}
|
||||
|
||||
div#sso-options {
|
||||
font-size: 80%;
|
||||
position: absolute;
|
||||
right: 20px;
|
||||
top: 30px;
|
||||
background: white;
|
||||
border: 1px solid black;
|
||||
padding: 4px;
|
||||
}
|
||||
|
||||
|
|
|
|||
Reference in New Issue