diff options
| author | Erick Tryzelaar <erick.tryzelaar@gmail.com> | 2014-12-24 20:13:03 -0800 |
|---|---|---|
| committer | Erick Tryzelaar <erick.tryzelaar@gmail.com> | 2015-04-06 17:18:12 -0700 |
| commit | f4169837c128cf64f3aa439ee9fa8833480b3139 (patch) | |
| tree | 266430ce99aa06a9a8fe1230b6b2b89d1a582bfe /src/saml2/client.py | |
| parent | d38e94715be08e838e0c9c51676604d1c82669d7 (diff) | |
| download | pysaml2-f4169837c128cf64f3aa439ee9fa8833480b3139.tar.gz | |
Add support for SingleSignOnService with HTTP-POST binding
Warning, this changes the return type of `prepare_for_authentication`
by including the chosen binding, and opens the door for supporting
other SingleSignOnService bindings.
Diffstat (limited to 'src/saml2/client.py')
| -rw-r--r-- | src/saml2/client.py | 33 |
1 files changed, 22 insertions, 11 deletions
diff --git a/src/saml2/client.py b/src/saml2/client.py index d64bd806..ebd744a0 100644 --- a/src/saml2/client.py +++ b/src/saml2/client.py @@ -42,7 +42,7 @@ class Saml2Client(Base): """ The basic pySAML2 service provider class """ def prepare_for_authenticate(self, entityid=None, relay_state="", - binding=saml2.BINDING_HTTP_REDIRECT, vorg="", + binding=None, vorg="", nameid_format=None, scoping=None, consent=None, extensions=None, sign=None, @@ -64,20 +64,31 @@ class Saml2Client(Base): :return: session id and AuthnRequest info """ - destination = self._sso_location(entityid, binding) + expected_binding = binding - reqid, req = self.create_authn_request(destination, vorg, scoping, - response_binding, nameid_format, - consent=consent, - extensions=extensions, sign=sign, - **kwargs) - _req_str = "%s" % req + for binding in [BINDING_HTTP_REDIRECT, BINDING_HTTP_POST]: + if expected_binding and binding != expected_binding: + continue - logger.info("AuthNReq: %s" % _req_str) + destination = self._sso_location(entityid, binding) + logger.info("destination to provider: %s" % destination) - info = self.apply_binding(binding, _req_str, destination, relay_state) + reqid, request = self.create_authn_request( + destination, vorg, scoping, response_binding, nameid_format, + consent=consent, + extensions=extensions, sign=sign, + **kwargs) - return reqid, info + _req_str = str(request) + + logger.info("AuthNReq: %s" % _req_str) + + http_info = self.apply_binding(binding, _req_str, destination, + relay_state) + + return reqid, binding, http_info + else: + raise SignonError("No binding available for singon") def global_logout(self, name_id, reason="", expire=None, sign=None): """ More or less a layer of indirection :-/ |