diff options
| author | Emmanuel Raviart <eraviart@entrouvert.com> | 2004-07-06 18:16:02 +0000 |
|---|---|---|
| committer | Emmanuel Raviart <eraviart@entrouvert.com> | 2004-07-06 18:16:02 +0000 |
| commit | ac64060db74dca8bd4f6ced4589d479a47242635 (patch) | |
| tree | 5036db08e3950e374aa871ae80871bb104873253 /python/doc/tutorial | |
| parent | 53dda91b657f818263afd759a24ef3f4966a9f89 (diff) | |
| download | lasso-ac64060db74dca8bd4f6ced4589d479a47242635.tar.gz lasso-ac64060db74dca8bd4f6ced4589d479a47242635.tar.xz lasso-ac64060db74dca8bd4f6ced4589d479a47242635.zip | |
Added Python files explaining how to create a SP using Lasso.
Diffstat (limited to 'python/doc/tutorial')
7 files changed, 185 insertions, 0 deletions
diff --git a/python/doc/tutorial/sp-init.py b/python/doc/tutorial/sp-init.py new file mode 100644 index 00000000..13dc6504 --- /dev/null +++ b/python/doc/tutorial/sp-init.py @@ -0,0 +1,19 @@ +import lasso + + +## Initialize service provider context. +## +## This initialization can be done at service provider configuration or launch. +## Once inited, this service provider context is never changed. + +# Initialize with service provider informations. +[...] # Read metadata, public_key, private_key & certificate from file or database or... +server = lasso.Server.new(metadata, public_key, private_key, certificate, lasso.signatureMethods["dsaSha1"]) + +# Add identity provider informations. +[...] # Read idp_metadata, idp_public_key & idp_certificate from file or database or... +server.add_provider(idp_metadata, idp_public_key, idp_certificate) + +# Dump server context to a string and store it in a file. +server_dump = server.dump() +[...] # Save server_dump in a file or database or... diff --git a/python/doc/tutorial/sp-login-process-authn-response.py b/python/doc/tutorial/sp-login-process-authn-response.py new file mode 100644 index 00000000..126cd6e0 --- /dev/null +++ b/python/doc/tutorial/sp-login-process-authn-response.py @@ -0,0 +1,32 @@ +import lasso + + +## Process the authentication response returned by identity provider and send received artifact to identity +## provider. +## +## Called after a HTTP redirect from identity provider. + +query = [...] # Get current URL query. +server_dump = [...] # Load server_dump from file or database or... +server = lasso.Server.new_from_dump(server_dump) +login = lasso.Login.new(server) +if login.init_request(query, lasso.httpMethods['redirect']: + raise Exception('Login error') +if login.build_request_msg(): + raise Exception('Login error') +soap_response = [...] # Send SOAP message login.msg_body to URL login.msg_url. +if login.handle_response(soap_response): + raise Exception('Login error') +name_identifier = login.response.name_identifier +account = [...] # Retrieve user account having this name_identifier. +if account: + user_dump = [...] # Retrieve string user_dump from account. +else: + account = [...] # Create new account. + user_dump = None +login.set_user_from_dump(user_dump) +# Save the new or updated user_dump into account. +user_dump = login.user.dump() +[...] # Store string user_dump into account. +# User is now authenticated => create session, cookie... +[...] diff --git a/python/doc/tutorial/sp-login-send-authn-request.py b/python/doc/tutorial/sp-login-send-authn-request.py new file mode 100644 index 00000000..cda934d4 --- /dev/null +++ b/python/doc/tutorial/sp-login-send-authn-request.py @@ -0,0 +1,26 @@ +import lasso + + +## Send an authentication request to identity provider. +## +## Called when the user press login button on service provider. + +server_dump = [...] # Load server_dump from file or database or... +server = lasso.Server.new_from_dump(server_dump) +login = lasso.Login.new(server) +if login.init_authn_request('http://identification.entrouvert.org'): + raise Exception('Login error') + +# Identity provider will ask user to authenticate himself. +login.request.set_isPassive(False) + +# Identity provider will not ask user to authenticate himself if he has already done it recently. +# login.request.set_forceAuthn(False) + +# Identity provider will create a federation with this service provider and this user, if this was +# not already done. +login.request.set_nameIDPolicy(lasso.libNameIDPolicyTypes['federated']) + +if login.build_authn_request_msg(): + raise Exception('Login error') +[...] # Reply a HTTP redirect to login.msg_url. diff --git a/python/doc/tutorial/sp-logout-process-idp-initiated-redirect-request.py b/python/doc/tutorial/sp-logout-process-idp-initiated-redirect-request.py new file mode 100644 index 00000000..5b8ff7d2 --- /dev/null +++ b/python/doc/tutorial/sp-logout-process-idp-initiated-redirect-request.py @@ -0,0 +1,30 @@ +import lasso + + +## Redirect Logout initiated by identity provider. + +query = [...] # Get current URL query. +server_dump = [...] # Load string server_dump from file or database or... +server = lasso.Server.new_from_dump(server_dump) +logout = lasso.Logout.new(server) +if logout.handle_request(query, lasso.httpMethods['redirect']): + raise Exception('Logout error') +name_identifier = logout.response.name_identifier +account = [...] # Retrieve user account having this name_identifier. +if not account: + # Unknown account. + logout.response_status = lasso.libStatusCodes['unknownPrincipal'] +else: + user_dump = [...] # Retrieve string user_dump from account. + if not user_dump: + logout.response_status = lasso.libStatusCodes['unknownPrincipal'] + else: + user = lasso.User.new_from_dump(user_dump) + del user.authn_assertion + user_dump = user.dump() + [...] # Store string user_dump into account (replace the previous one). + # User is now logged out => delete session, cookie... + [...] +if logout.build_response_msg(): + raise Exception('Logout error') +[...] # Reply a HTTP redirect to logout.msg_url. diff --git a/python/doc/tutorial/sp-logout-process-idp-initiated-soap-request.py b/python/doc/tutorial/sp-logout-process-idp-initiated-soap-request.py new file mode 100644 index 00000000..6f7ad43d --- /dev/null +++ b/python/doc/tutorial/sp-logout-process-idp-initiated-soap-request.py @@ -0,0 +1,30 @@ +import lasso + + +## SOAP Logout initiated by identity provider. + +soap_request = [...] # Get content of HTTP POST command. +server_dump = [...] # Load string server_dump from file or database or... +server = lasso.Server.new_from_dump(server_dump) +logout = lasso.Logout.new(server) +if logout.handle_request(soap_request, lasso.httpMethods['soap']): + raise Exception('Logout error') +name_identifier = logout.response.name_identifier +account = [...] # Retrieve user account having this name_identifier. +if not account: + # Unknown account. + logout.response_status = lasso.libStatusCodes['unknownPrincipal'] +else: + user_dump = [...] # Retrieve string user_dump from account. + if not user_dump: + logout.response_status = lasso.libStatusCodes['unknownPrincipal'] + else: + user = lasso.User.new_from_dump(user_dump) + del user.authn_assertion + user_dump = user.dump() + [...] # Store string user_dump into account (replace the previous one). + # User is now logged out => delete session, cookie... + [...] +if logout.build_response_msg(): + raise Exception('Logout error') +[...] # Reply a HTTP SOAP response using logout.msg_body. diff --git a/python/doc/tutorial/sp-logout-process-response.py b/python/doc/tutorial/sp-logout-process-response.py new file mode 100644 index 00000000..e57e06d5 --- /dev/null +++ b/python/doc/tutorial/sp-logout-process-response.py @@ -0,0 +1,19 @@ +import lasso + + +## Logout initiated by service provider (continued): Process the HTTP redirect logout response returned by +## identity provider. + +query = [...] # Get current URL query. +server_dump = [...] # Load string server_dump from file or database or... +server = lasso.Server.new_from_dump(server_dump) +user_dump = [...] # Retrieve string user_dump from logged user account. +user = lasso.User.new_from_dump(user_dump) +logout = lasso.Logout.new(server, user) +if logout.handle_response(query, lasso.httpMethods['redirect']): + raise Exception('Logout error') +# Save the updated user_dump into account. +user_dump = logout.user.dump() +[...] # Store string user_dump into account (replace the previous one). +# User is now logged out => delete session, cookie... +[...] diff --git a/python/doc/tutorial/sp-logout-send-request.py b/python/doc/tutorial/sp-logout-send-request.py new file mode 100644 index 00000000..d739cf14 --- /dev/null +++ b/python/doc/tutorial/sp-logout-send-request.py @@ -0,0 +1,29 @@ +import lasso + + +## Logout initiated by service provider: Send a logout request to identity provider. +## +## Called when the user press logout button on service provider. + +server_dump = [...] # Load string server_dump from file or database or... +server = lasso.Server.new_from_dump(server_dump) +user_dump = [...] # Retrieve string user_dump from logged user account. +user = lasso.User.new_from_dump(user_dump) +logout = lasso.Logout.new(server, user) +if logout.init_request(): + raise Exception('Logout error') +if logout.build_request_msg(): + raise Exception('Logout error') +if not logout.msg_body: + [...] # Reply a HTTP redirect to logout.msg_url. +else: + # Send a logout SOAP message to identity provider. + [...] # Logout user from service provider, but do not erase user_dump. + soap_response = [...] # Send SOAP message logout.msg_body to URL logout.msg_url. + if logout.handle_response(soap_response, lasso.httpMethods['soap']): + raise Exception('Logout error') + # Save the updated user_dump into account. + user_dump = logout.user.dump() + [...] # Store string user_dump into account (replace the previous one). + # User is now logged out => delete session, cookie... + [...] |