From 419979f4edf49633e263c4c0578e2e110987bf27 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Fri, 30 Jan 2015 15:07:12 -0500 Subject: Implement Single Logout Service for SP-initiated logout https://fedorahosted.org/ipsilon/ticket/24 Signed-off-by: Rob Crittenden --- ipsilon/providers/saml2/auth.py | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'ipsilon/providers/saml2/auth.py') diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py index 46ad7eb..44ed834 100644 --- a/ipsilon/providers/saml2/auth.py +++ b/ipsilon/providers/saml2/auth.py @@ -20,6 +20,7 @@ from ipsilon.providers.common import AuthenticationError, InvalidRequest from ipsilon.providers.saml2.provider import ServiceProvider from ipsilon.providers.saml2.provider import InvalidProviderId from ipsilon.providers.saml2.provider import NameIdNotAllowed +from ipsilon.providers.saml2.sessions import SAMLSessionsContainer from ipsilon.util.user import UserSession from ipsilon.util.trans import Transaction import cherrypy @@ -239,6 +240,24 @@ class AuthenticateRequest(ProviderPageBase): self.debug('Assertion: %s' % login.assertion.dump()) + saml_sessions = us.get_provider_data('saml2') + if saml_sessions is None: + saml_sessions = SAMLSessionsContainer() + + session = saml_sessions.find_session_by_provider( + login.remoteProviderId) + if session: + # TODO: something... + self.debug('Login session for this user already exists!?') + session.dump() + + lasso_session = lasso.Session() + lasso_session.addAssertion(login.remoteProviderId, login.assertion) + saml_sessions.add_session(login.assertion.id, + login.remoteProviderId, + lasso_session) + us.save_provider_data('saml2', saml_sessions) + def saml2error(self, login, code, message): status = lasso.Samlp2Status() status.statusCode = lasso.Samlp2StatusCode() -- cgit