diff options
author | Rob Crittenden <rcritten@redhat.com> | 2015-01-30 15:07:12 -0500 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2015-02-13 17:51:14 -0500 |
commit | ac1bae1e0f2a4720db15852798346cb46f204dae (patch) | |
tree | a109f87b879c85331c80619a9218649822325504 /ipsilon/providers/saml2idp.py | |
parent | d87d8df01c4ed93416910fa5eda34e98eacc5011 (diff) | |
download | ipsilon-ac1bae1e0f2a4720db15852798346cb46f204dae.tar.gz ipsilon-ac1bae1e0f2a4720db15852798346cb46f204dae.tar.xz ipsilon-ac1bae1e0f2a4720db15852798346cb46f204dae.zip |
Implement Single Logout Service for SP-initiated logout
https://fedorahosted.org/ipsilon/ticket/24
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'ipsilon/providers/saml2idp.py')
-rw-r--r-- | ipsilon/providers/saml2idp.py | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/ipsilon/providers/saml2idp.py b/ipsilon/providers/saml2idp.py index c8f5dab..256fcf9 100644 --- a/ipsilon/providers/saml2idp.py +++ b/ipsilon/providers/saml2idp.py @@ -17,6 +17,7 @@ from ipsilon.providers.common import ProviderBase, ProviderPageBase from ipsilon.providers.saml2.auth import AuthenticateRequest +from ipsilon.providers.saml2.logout import LogoutRequest from ipsilon.providers.saml2.admin import Saml2AdminPage from ipsilon.providers.saml2.provider import IdentityProvider from ipsilon.tools.certs import Certificate @@ -89,6 +90,19 @@ class Continue(AuthenticateRequest): return self.auth(login) +class RedirectLogout(LogoutRequest): + + def GET(self, *args, **kwargs): + query = cherrypy.request.query_string + + relaystate = kwargs.get(lasso.SAML2_FIELD_RELAYSTATE) + response = kwargs.get(lasso.SAML2_FIELD_RESPONSE) + + return self.logout(query, + relaystate=relaystate, + samlresponse=response) + + class SSO(ProviderPageBase): def __init__(self, *args, **kwargs): @@ -98,6 +112,14 @@ class SSO(ProviderPageBase): self.Continue = Continue(*args, **kwargs) +class SLO(ProviderPageBase): + + def __init__(self, *args, **kwargs): + super(SLO, self).__init__(*args, **kwargs) + self._debug('SLO init') + self.Redirect = RedirectLogout(*args, **kwargs) + + # one week METADATA_RENEW_INTERVAL = 60 * 60 * 24 * 7 # 30 days @@ -138,6 +160,7 @@ class SAML2(ProviderPageBase): super(SAML2, self).__init__(*args, **kwargs) self.metadata = Metadata(*args, **kwargs) self.SSO = SSO(*args, **kwargs) + self.SLO = SLO(*args, **kwargs) class IdpProvider(ProviderBase): |