diff options
author | Marek Denis <marek.denis@cern.ch> | 2014-06-12 13:39:42 +0200 |
---|---|---|
committer | Marek Denis <marek.denis@cern.ch> | 2014-07-22 22:07:34 +0200 |
commit | c758a2fc506f6687fd6234ff6e662185a010d642 (patch) | |
tree | 5f446145b02b0d464ec6d0ce3256011a50fc43d4 /keystoneclient/contrib | |
parent | c9ae9d1fa267653c1779a9a17613bd287f1297a3 (diff) | |
download | python-keystoneclient-c758a2fc506f6687fd6234ff6e662185a010d642.tar.gz |
Scope unscoped saml2 tokens.
Scope unscoped federation token.
The plugin mimics standard v3.Token behaviour.
Change-Id: I81f30a7c893be15e715c57bd43035b12d8435f58
Implements: blueprint add-saml2-cli-authentication
Diffstat (limited to 'keystoneclient/contrib')
-rw-r--r-- | keystoneclient/contrib/auth/v3/saml2.py | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/keystoneclient/contrib/auth/v3/saml2.py b/keystoneclient/contrib/auth/v3/saml2.py index 6434bd4..947c1e7 100644 --- a/keystoneclient/contrib/auth/v3/saml2.py +++ b/keystoneclient/contrib/auth/v3/saml2.py @@ -141,7 +141,7 @@ class Saml2UnscopedToken(v3.AuthConstructor): def _first(self, _list): if len(_list) != 1: - raise IndexError("Only single element list can be flatten") + raise IndexError("Only single element is acceptable") return _list[0] def _prepare_idp_saml2_request(self, saml2_authn_request): @@ -409,3 +409,27 @@ class Saml2UnscopedToken(v3.AuthConstructor): token, token_json = self._get_unscoped_token(session, **kwargs) return access.AccessInfoV3(token, **token_json) + + +class Saml2ScopedTokenMethod(v3.TokenMethod): + _method_name = 'saml2' + + def get_auth_data(self, session, auth, headers, **kwargs): + """Build and return request body for token scoping step.""" + + t = super(Saml2ScopedTokenMethod, self).get_auth_data( + session, auth, headers, **kwargs) + _token_method, token = t + return self._method_name, token + + +class Saml2ScopedToken(v3.Token): + """Class for scoping unscoped saml2 token.""" + + _auth_method_class = Saml2ScopedTokenMethod + + def __init__(self, auth_url, token, **kwargs): + super(Saml2ScopedToken, self).__init__(auth_url, token, **kwargs) + if not (self.project_id or self.domain_id): + raise exceptions.ValidationError( + 'Neither project nor domain specified') |