Create a SAML2 session during login

Use the updated session API to create a SAML2 session. Note that each session is stored discretely. Previously if a session for a provider already existed then that one session held all the session indexes. Now if a new session comes in it is added separately. During logout all sessions for a provider are retrieved and all logged-in sessions sent to the SP to log out. https://fedorahosted.org/ipsilon/ticket/90 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
author: Rob Crittenden <rcritten@redhat.com> 2015-04-21 09:38:14 -0400
committer: Patrick Uiterwijk <puiterwijk@redhat.com> 2015-05-12 00:39:14 +0200
commit: b8325ea0ff101ea90596b122ae3e58ea37725d09 (patch)
tree: 47a13a7645bb5b8a476d05b56bb5763068e5d1e1 /ipsilon
parent: bc133a7cb4a319675e4bb577812c7475009175b7 (diff)
download: ipsilon-b8325ea0ff101ea90596b122ae3e58ea37725d09.tar.gz
ipsilon-b8325ea0ff101ea90596b122ae3e58ea37725d09.tar.xz
ipsilon-b8325ea0ff101ea90596b122ae3e58ea37725d09.zip
1 files changed, 4 insertions, 13 deletions
diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py
index 611c9bf..495e5a9 100644
--- a/ipsilon/providers/saml2/auth.py
+++ b/ipsilon/providers/saml2/auth.py
@@ -5,7 +5,7 @@ from ipsilon.providers.common import AuthenticationError, InvalidRequest
 from ipsilon.providers.saml2.provider import ServiceProvider
 from ipsilon.providers.saml2.provider import InvalidProviderId
 from ipsilon.providers.saml2.provider import NameIdNotAllowed
-from ipsilon.providers.saml2.sessions import SAMLSessionsContainer
+from ipsilon.providers.saml2.sessions import SAMLSessionFactory
 from ipsilon.tools import saml2metadata as metadata
 from ipsilon.util.policy import Policy
 from ipsilon.util.user import UserSession
@@ -275,23 +275,14 @@ class AuthenticateRequest(ProviderPageBase):
 
         self.debug('Assertion: %s' % login.assertion.dump())
 
-        saml_sessions = us.get_provider_data('saml2')
-        if saml_sessions is None:
-            saml_sessions = SAMLSessionsContainer()
-
-        session = saml_sessions.find_session_by_provider(
-            login.remoteProviderId)
-        if session:
-            # TODO: something...
-            self.debug('Login session for this user already exists!?')
-            session.dump()
+        saml_sessions = SAMLSessionFactory()
 
         lasso_session = lasso.Session()
         lasso_session.addAssertion(login.remoteProviderId, login.assertion)
         saml_sessions.add_session(login.assertion.id,
                                   login.remoteProviderId,
-                                  lasso_session)
-        us.save_provider_data('saml2', saml_sessions)
+                                  user.name,
+                                  lasso_session.dump())
 
     def saml2error(self, login, code, message):
         status = lasso.Samlp2Status()
author	Rob Crittenden <rcritten@redhat.com>	2015-04-21 09:38:14 -0400
committer	Patrick Uiterwijk <puiterwijk@redhat.com>	2015-05-12 00:39:14 +0200
commit	b8325ea0ff101ea90596b122ae3e58ea37725d09 (patch)
tree	47a13a7645bb5b8a476d05b56bb5763068e5d1e1 /ipsilon
parent	bc133a7cb4a319675e4bb577812c7475009175b7 (diff)
download	ipsilon-b8325ea0ff101ea90596b122ae3e58ea37725d09.tar.gz ipsilon-b8325ea0ff101ea90596b122ae3e58ea37725d09.tar.xz ipsilon-b8325ea0ff101ea90596b122ae3e58ea37725d09.zip