1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
#! /usr/bin/env python
# -*- coding: utf-8 -*-
import sys
sys.path.insert(0, '../')
import string
import lasso
####################
# Service provider #
####################
server = lasso.Server.new("../../examples/sp.xml",
"../../examples/rsapub.pem", "../../examples/rsakey.pem", "../../examples/rsacert.pem",
lasso.signatureMethodRsaSha1)
server.add_provider("../../examples/idp.xml", None, None)
server_dump = server.dump()
server.destroy()
# create AuthnRequest
server = lasso.Server.new_from_dump(server_dump)
splogin = lasso.Login.new(server)
ret = splogin.init_authn_request("https://identity-provider:2003/liberty-alliance/metadata")
splogin.request.set_isPassive(0)
splogin.request.set_forceAuthn(1)
splogin.request.set_nameIDPolicy(lasso.libNameIDPolicyTypeFederated)
splogin.request.set_relayState("fake")
splogin.request.set_consent(lasso.libConsentObtained)
splogin.request.set_protocolProfile(lasso.libProtocolProfileBrwsArt)
splogin.build_authn_request_msg()
print "message url =", splogin.msg_url
#####################
# Identity provider #
#####################
server = lasso.Server.new("../../examples/idp.xml",
None, "../../examples/rsakey.pem", "../../examples/rootcert.pem",
lasso.signatureMethodRsaSha1)
server.add_provider("../../examples/sp.xml",
"../../examples/rsapub.pem", "../../examples/rsacert.pem")
# create AuthnResponse OR artifact (depending ProtocolProfile)
idplogin = lasso.Login.new(server)
# get query part in msg_url
authn_request_msg = string.split(splogin.msg_url, '?')[1]
ret = idplogin.init_from_authn_request_msg(authn_request_msg,
lasso.httpMethodRedirect)
print "ProtocolProfile =", idplogin.protocolProfile
must_authenticate = idplogin.must_authenticate()
print "User must be authenticated =", must_authenticate
if idplogin.protocolProfile == lasso.loginProtocolProfileBrwsArt:
ret = idplogin.build_artifact_msg(1,
lasso.samlAuthenticationMethodPassword,
"",
lasso.httpMethodRedirect)
print "ret = %d, msg_url = %s" % (ret, idplogin.msg_url)
sess = idplogin.get_session()
print sess.providerIDs
####################
# Service provider #
####################
server = lasso.Server.new("../../examples/sp.xml",
"../../examples/rsapub.pem", "../../examples/rsakey.pem", "../../examples/rsacert.pem",
lasso.signatureMethodRsaSha1)
server.add_provider("../../examples/idp.xml", None, None)
# create Request OR finish (if an authnResponse was received)
splogin = lasso.Login.new(server)
response_msg = string.split(idplogin.msg_url, '?')[1]
ret = splogin.init_request(response_msg,
lasso.httpMethodRedirect)
ret = splogin.build_request_msg()
print "ret = %d, msg_url = %s, msg_body = %s" % (ret, splogin.msg_url, splogin.msg_body)
#####################
# Identity provider #
#####################
server = lasso.Server.new("../../examples/idp.xml",
None, "../../examples/rsakey.pem", "../../examples/rootcert.pem",
lasso.signatureMethodRsaSha1)
server.add_provider("../../examples/sp.xml",
"../../examples/rsapub.pem", "../../examples/rsacert.pem")
# create Response
idplogin = lasso.Login.new(server)
ret = idplogin.process_request_msg(splogin.msg_body)
print "samlp:AssertionArtifact = %s" % idplogin.assertionArtifact
|
