1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
#! /usr/bin/env python
# -*- coding: utf-8 -*-
import sys
sys.path.insert(0, '../')
import lasso
lasso.init()
# creation d'une AuthnRequest
req = lasso.AuthnRequest("http://providerid.com")
req.set_forceAuthn(0)
req.set_isPassive(1)
req.set_protocolProfile(lasso.libProtocolProfilePost)
req.set_requestAuthnContext(["test1", "test2"],
None,
lasso.libAuthnContextComparisonExact)
req.set_scoping(proxyCount=1)
# url encodage de la request (+ signature)
query = req.export_to_query(1, "../../examples/rsakey.pem")
req.destroy()
# creation de la response AuthnResponse OU Response
# en fonction de la valeur de ProtocolProfile
protocolProfile = lasso.authn_request_get_protocolProfile(query)
if protocolProfile == lasso.libProtocolProfilePost:
# partie IDP
res = lasso.AuthnResponse.new_from_request_query(query, "http://providerid.com")
# verification de la signature de la query
print "Query signature check:", res.verify_signature("../../examples/rsapub.pem",
"../../examples/rsakey.pem")
must_authenticate = res.must_authenticate(is_authenticated=0)
print "Must authenticate? :", must_authenticate
if must_authenticate:
# dump (sauvegarde avant authentification)
dump_response = res.dump()
res.destroy()
# reconstruction de la reponse apres authentification du Principal
res = lasso.AuthnResponse.new_from_dump(dump_response)
res.process_authentication_result(1)
# if NameIDPolicy omitted or none and federation KO
# statusCode = lib:FederationDoesNotExist
# creation de l'assertion
assertion = lasso.Assertion("issuer", res.get_attr_value("InResponseTo"))
authentication_statement = lasso.AuthenticationStatement("password",
"tralala",
"dslqkjfslfj",
"http://service-provider.com",
"federated",
"wxkfjesmqfj",
"http://idp-provider.com",
"federated")
assertion.add_authenticationStatement(authentication_statement)
assertion.set_signature(1, "../../examples/rsakey.pem",
"../../examples/rsacert.pem");
# ajout de l'assertion
res.add_assertion(assertion)
# export de la response (base64 encodée) pr envoi au SP
res_b64 = res.export_to_base64()
res.destroy()
else:
print "La Response (par artifact) n'est pas encore implementée"
lasso.shutdown()
sys.exit(0)
# partie SP
# reconstruction de la reponse
res = lasso.AuthnResponse.new_from_export(res_b64, type=1)
# Verification de la signature de l'assertion
assertion = res.get_child("Assertion")
if assertion:
print "Assertion signature check: ", res.get_child("Assertion").verify_signature("../../examples/rootcert.pem")
# recuperation du StatusCode
status_code = res.get_child("StatusCode")
# recuperation de la valeur de l'attribut "Value"
print "Resultat de la demande d'authentification:", status_code.get_attr_value("Value")
res.destroy()
lasso.shutdown()
|