diff options
author | Rob Crittenden <rcritten@redhat.com> | 2015-04-21 09:38:14 -0400 |
---|---|---|
committer | Patrick Uiterwijk <puiterwijk@redhat.com> | 2015-05-12 00:39:14 +0200 |
commit | b8325ea0ff101ea90596b122ae3e58ea37725d09 (patch) | |
tree | 47a13a7645bb5b8a476d05b56bb5763068e5d1e1 /ipsilon | |
parent | bc133a7cb4a319675e4bb577812c7475009175b7 (diff) | |
download | ipsilon-b8325ea0ff101ea90596b122ae3e58ea37725d09.tar.gz ipsilon-b8325ea0ff101ea90596b122ae3e58ea37725d09.tar.xz ipsilon-b8325ea0ff101ea90596b122ae3e58ea37725d09.zip |
Create a SAML2 session during login
Use the updated session API to create a SAML2 session.
Note that each session is stored discretely. Previously if
a session for a provider already existed then that one session
held all the session indexes. Now if a new session comes in
it is added separately. During logout all sessions for a provider
are retrieved and all logged-in sessions sent to the SP to
log out.
https://fedorahosted.org/ipsilon/ticket/90
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Diffstat (limited to 'ipsilon')
-rw-r--r-- | ipsilon/providers/saml2/auth.py | 17 |
1 files changed, 4 insertions, 13 deletions
diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py index 611c9bf..495e5a9 100644 --- a/ipsilon/providers/saml2/auth.py +++ b/ipsilon/providers/saml2/auth.py @@ -5,7 +5,7 @@ from ipsilon.providers.common import AuthenticationError, InvalidRequest from ipsilon.providers.saml2.provider import ServiceProvider from ipsilon.providers.saml2.provider import InvalidProviderId from ipsilon.providers.saml2.provider import NameIdNotAllowed -from ipsilon.providers.saml2.sessions import SAMLSessionsContainer +from ipsilon.providers.saml2.sessions import SAMLSessionFactory from ipsilon.tools import saml2metadata as metadata from ipsilon.util.policy import Policy from ipsilon.util.user import UserSession @@ -275,23 +275,14 @@ class AuthenticateRequest(ProviderPageBase): self.debug('Assertion: %s' % login.assertion.dump()) - saml_sessions = us.get_provider_data('saml2') - if saml_sessions is None: - saml_sessions = SAMLSessionsContainer() - - session = saml_sessions.find_session_by_provider( - login.remoteProviderId) - if session: - # TODO: something... - self.debug('Login session for this user already exists!?') - session.dump() + saml_sessions = SAMLSessionFactory() lasso_session = lasso.Session() lasso_session.addAssertion(login.remoteProviderId, login.assertion) saml_sessions.add_session(login.assertion.id, login.remoteProviderId, - lasso_session) - us.save_provider_data('saml2', saml_sessions) + user.name, + lasso_session.dump()) def saml2error(self, login, code, message): status = lasso.Samlp2Status() |