diff options
Diffstat (limited to 'ipsilon/providers/saml2')
-rw-r--r-- | ipsilon/providers/saml2/auth.py | 3 | ||||
-rw-r--r-- | ipsilon/providers/saml2/logout.py | 3 | ||||
-rw-r--r-- | ipsilon/providers/saml2/provider.py | 3 | ||||
-rw-r--r-- | ipsilon/providers/saml2/sessions.py | 24 |
4 files changed, 7 insertions, 26 deletions
diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py index 495e5a9..c46d604 100644 --- a/ipsilon/providers/saml2/auth.py +++ b/ipsilon/providers/saml2/auth.py @@ -5,7 +5,6 @@ from ipsilon.providers.common import AuthenticationError, InvalidRequest from ipsilon.providers.saml2.provider import ServiceProvider from ipsilon.providers.saml2.provider import InvalidProviderId from ipsilon.providers.saml2.provider import NameIdNotAllowed -from ipsilon.providers.saml2.sessions import SAMLSessionFactory from ipsilon.tools import saml2metadata as metadata from ipsilon.util.policy import Policy from ipsilon.util.user import UserSession @@ -275,7 +274,7 @@ class AuthenticateRequest(ProviderPageBase): self.debug('Assertion: %s' % login.assertion.dump()) - saml_sessions = SAMLSessionFactory() + saml_sessions = self.cfg.idp.sessionfactory lasso_session = lasso.Session() lasso_session.addAssertion(login.remoteProviderId, login.assertion) diff --git a/ipsilon/providers/saml2/logout.py b/ipsilon/providers/saml2/logout.py index d20370a..cc9b777 100644 --- a/ipsilon/providers/saml2/logout.py +++ b/ipsilon/providers/saml2/logout.py @@ -2,7 +2,6 @@ from ipsilon.providers.common import ProviderPageBase from ipsilon.providers.common import InvalidRequest -from ipsilon.providers.saml2.sessions import SAMLSessionFactory from ipsilon.providers.saml2.auth import UnknownProvider from ipsilon.util.user import UserSession import cherrypy @@ -204,7 +203,7 @@ class LogoutRequest(ProviderPageBase): us = UserSession() - saml_sessions = SAMLSessionFactory() + saml_sessions = self.cfg.idp.sessionfactory if lasso.SAML2_FIELD_REQUEST in message: self._handle_logout_request(us, logout, saml_sessions, message) diff --git a/ipsilon/providers/saml2/provider.py b/ipsilon/providers/saml2/provider.py index c8425bb..3dea631 100644 --- a/ipsilon/providers/saml2/provider.py +++ b/ipsilon/providers/saml2/provider.py @@ -266,12 +266,13 @@ class ServiceProviderCreator(object): class IdentityProvider(Log): - def __init__(self, config): + def __init__(self, config, sessionfactory): self.server = lasso.Server(config.idp_metadata_file, config.idp_key_file, None, config.idp_certificate_file) self.server.role = lasso.PROVIDER_ROLE_IDP + self.sessionfactory = sessionfactory def add_provider(self, sp): self.server.addProviderFromBuffer(lasso.PROVIDER_ROLE_SP, diff --git a/ipsilon/providers/saml2/sessions.py b/ipsilon/providers/saml2/sessions.py index 6b3d860..1000a87 100644 --- a/ipsilon/providers/saml2/sessions.py +++ b/ipsilon/providers/saml2/sessions.py @@ -11,23 +11,6 @@ LOGGING_OUT = 4 LOGGED_OUT = 8 -def expire_sessions(): - """ - Find all expired sessions and remove them. This is executed as a - background cherrypy task. - """ - ss = SAML2SessionStore() - data = ss.get_data() - now = datetime.datetime.now() - for idval in data: - r = data[idval] - exp = r.get('expiration_time', None) - if exp is not None: - exp = datetime.datetime.strptime(exp, '%Y-%m-%d %H:%M:%S.%f') - if exp < now: - ss.remove_session(idval) - - class SAMLSession(Log): """ A SAML login session. @@ -118,8 +101,8 @@ class SAMLSessionFactory(Log): Returns a SAMLSession object representing the new session. """ - def __init__(self): - self._ss = SAML2SessionStore() + def __init__(self, database_url): + self._ss = SAML2SessionStore(database_url=database_url) self.user = None def _data_to_samlsession(self, uuidval, data): @@ -288,10 +271,9 @@ if __name__ == '__main__': provider2 = "http://127.0.0.11/saml2" # temporary values to simulate cherrypy - cherrypy_config['saml2.sessions.db'] = '/tmp/saml2sessions.sqlite' cherrypy_config['tools.sessions.timeout'] = 60 - factory = SAMLSessionFactory() + factory = SAMLSessionFactory('/tmp/saml2sessions.sqlite') factory.wipe_data() sess1 = factory.add_session('_123456', provider1, "admin", "<Login/>") |