authentik/passbook/providers/samlv2/views/sso.py

42 lines
1.7 KiB
Python
Raw Normal View History

"""Single Signon Views"""
2020-05-07 18:25:15 +01:00
from django.http import HttpRequest, HttpResponse, HttpResponseBadRequest
2020-05-07 18:25:15 +01:00
from passbook.providers.samlv2.saml.constants import REQ_KEY_REQUEST, REQ_KEY_SIGNATURE
from passbook.providers.samlv2.saml.parser import SAMLRequest
from passbook.providers.samlv2.views.base import BaseSAMLView
2020-05-07 18:25:15 +01:00
# SAML Authentication flow in passbook
# - Parse and Verify SAML Request
# - Check access to application (this is done after parsing as it might take a few seconds)
# - Ask for user authorization (if required from Application)
# - Log Access to audit log
# - Create response with unique ID to protect against replay
class SAMLPostBindingView(BaseSAMLView):
"""Handle SAML POST-type Requests"""
2020-05-07 18:25:15 +01:00
# pylint: disable=unused-argument
def post(self, request: HttpRequest, app_slug: str) -> HttpResponse:
"""Handle POST Requests"""
if REQ_KEY_REQUEST not in request.POST:
return HttpResponseBadRequest()
raw_saml_request = request.POST.get(REQ_KEY_REQUEST)
detached_signature = request.POST.get(REQ_KEY_SIGNATURE, None)
srq = SAMLRequest.parse(raw_saml_request, detached_signature)
return self.handle_saml_request(srq)
2020-05-07 18:25:15 +01:00
class SAMLRedirectBindingView(BaseSAMLView):
"""Handle SAML Redirect-type Requests"""
2020-05-07 18:25:15 +01:00
# pylint: disable=unused-argument
def get(self, request: HttpRequest, app_slug: str) -> HttpResponse:
"""Handle GET Requests"""
if REQ_KEY_REQUEST not in request.GET:
return HttpResponseBadRequest()
raw_saml_request = request.GET.get(REQ_KEY_REQUEST)
detached_signature = request.GET.get(REQ_KEY_SIGNATURE, None)
srq = SAMLRequest.parse(raw_saml_request, detached_signature)
return self.handle_saml_request(srq)