本文整理汇总了Python中onelogin.saml2.xml_utils.OneLogin_Saml2_XML.validate_xml方法的典型用法代码示例。如果您正苦于以下问题:Python OneLogin_Saml2_XML.validate_xml方法的具体用法?Python OneLogin_Saml2_XML.validate_xml怎么用?Python OneLogin_Saml2_XML.validate_xml使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类onelogin.saml2.xml_utils.OneLogin_Saml2_XML的用法示例。
在下文中一共展示了OneLogin_Saml2_XML.validate_xml方法的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: is_valid
# 需要导入模块: from onelogin.saml2.xml_utils import OneLogin_Saml2_XML [as 别名]
# 或者: from onelogin.saml2.xml_utils.OneLogin_Saml2_XML import validate_xml [as 别名]
def is_valid(self, request_data, request_id=None):
"""
Determines if the SAML LogoutResponse is valid
:param request_id: The ID of the LogoutRequest sent by this SP to the IdP
:type request_id: string
:return: Returns if the SAML LogoutResponse is or not valid
:rtype: boolean
"""
self.__error = None
try:
idp_data = self.__settings.get_idp_data()
idp_entity_id = idp_data['entityId']
get_data = request_data['get_data']
if self.__settings.is_strict():
res = OneLogin_Saml2_XML.validate_xml(self.document, 'saml-schema-protocol-2.0.xsd', self.__settings.is_debug_active())
if isinstance(res, str):
raise Exception('Invalid SAML Logout Request. Not match the saml-schema-protocol-2.0.xsd')
security = self.__settings.get_security_data()
# Check if the InResponseTo of the Logout Response matches the ID of the Logout Request (requestId) if provided
in_response_to = self.document.get('InResponseTo', None)
if request_id is not None and in_response_to and in_response_to != request_id:
raise Exception('The InResponseTo of the Logout Response: %s, does not match the ID of the Logout request sent by the SP: %s' % (in_response_to, request_id))
# Check issuer
issuer = self.get_issuer()
if issuer is not None and issuer != idp_entity_id:
raise Exception('Invalid issuer in the Logout Request')
current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data)
# Check destination
destination = self.document.get('Destination', None)
if destination and current_url not in destination:
raise Exception('The LogoutRequest was received at $currentURL instead of $destination')
if security['wantMessagesSigned']:
if 'Signature' not in get_data:
raise Exception('The Message of the Logout Response is not signed and the SP require it')
return True
# pylint: disable=R0801
except Exception as err:
self.__error = str(err)
debug = self.__settings.is_debug_active()
if debug:
print(err)
return False示例2: validate_metadata
# 需要导入模块: from onelogin.saml2.xml_utils import OneLogin_Saml2_XML [as 别名]
# 或者: from onelogin.saml2.xml_utils.OneLogin_Saml2_XML import validate_xml [as 别名]
def validate_metadata(self, xml):
"""
Validates an XML SP Metadata.
:param xml: Metadata's XML that will be validate
:type xml: string
:returns: The list of found errors
:rtype: list
"""
assert isinstance(xml, compat.text_types)
if len(xml) == 0:
raise Exception('Empty string supplied as input')
errors = []
root = OneLogin_Saml2_XML.validate_xml(xml, 'saml-schema-metadata-2.0.xsd', self.__debug)
if isinstance(root, str):
errors.append(root)
else:
if root.tag != '{%s}EntityDescriptor' % OneLogin_Saml2_Constants.NS_MD:
errors.append('noEntityDescriptor_xml')
else:
if (len(root.findall('.//md:SPSSODescriptor', namespaces=OneLogin_Saml2_Constants.NSMAP))) != 1:
errors.append('onlySPSSODescriptor_allowed_xml')
else:
valid_until, cache_duration = root.get('validUntil'), root.get('cacheDuration')
if valid_until:
valid_until = OneLogin_Saml2_Utils.parse_SAML_to_time(valid_until)
expire_time = OneLogin_Saml2_Utils.get_expire_time(cache_duration, valid_until)
if expire_time is not None and int(time()) > int(expire_time):
errors.append('expired_xml')
# TODO: Validate Sign
return errors示例3: is_valid
# 需要导入模块: from onelogin.saml2.xml_utils import OneLogin_Saml2_XML [as 别名]
# 或者: from onelogin.saml2.xml_utils.OneLogin_Saml2_XML import validate_xml [as 别名]
def is_valid(self, request_data):
"""
Checks if the Logout Request recieved is valid
:param request_data: Request Data
:type request_data: dict
:return: If the Logout Request is or not valid
:rtype: boolean
"""
self.__error = None
try:
root = OneLogin_Saml2_XML.to_etree(self.__logout_request)
idp_data = self.__settings.get_idp_data()
idp_entity_id = idp_data['entityId']
get_data = ('get_data' in request_data and request_data['get_data']) or dict()
if self.__settings.is_strict():
res = OneLogin_Saml2_XML.validate_xml(root, 'saml-schema-protocol-2.0.xsd', self.__settings.is_debug_active())
if isinstance(res, str):
raise Exception('Invalid SAML Logout Request. Not match the saml-schema-protocol-2.0.xsd')
security = self.__settings.get_security_data()
current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data)
# Check NotOnOrAfter
if root.get('NotOnOrAfter', None):
na = OneLogin_Saml2_Utils.parse_SAML_to_time(root.get('NotOnOrAfter'))
if na <= OneLogin_Saml2_Utils.now():
raise Exception('Timing issues (please check your clock settings)')
# Check destination
if root.get('Destination', None):
destination = root.get('Destination')
if destination != '':
if current_url not in destination:
raise Exception(
'The LogoutRequest was received at '
'%(currentURL)s instead of %(destination)s' %
{
'currentURL': current_url,
'destination': destination,
}
)
# Check issuer
issuer = OneLogin_Saml2_Logout_Request.get_issuer(root)
if issuer is not None and issuer != idp_entity_id:
raise Exception('Invalid issuer in the Logout Request')
if security['wantMessagesSigned']:
if 'Signature' not in get_data:
raise Exception('The Message of the Logout Request is not signed and the SP require it')
return True
except Exception as err:
# pylint: disable=R0801
self.__error = str(err)
debug = self.__settings.is_debug_active()
if debug:
print(err)
return False示例4: is_valid
# 需要导入模块: from onelogin.saml2.xml_utils import OneLogin_Saml2_XML [as 别名]
# 或者: from onelogin.saml2.xml_utils.OneLogin_Saml2_XML import validate_xml [as 别名]
def is_valid(self, request_data, request_id=None):
"""
Validates the response object.
:param request_data: Request Data
:type request_data: dict
:param request_id: Optional argument. The ID of the AuthNRequest sent by this SP to the IdP
:type request_id: string
:returns: True if the SAML Response is valid, False if not
:rtype: bool
"""
self.__error = None
try:
# Checks SAML version
if self.document.get('Version', None) != '2.0':
raise Exception('Unsupported SAML version')
# Checks that ID exists
if self.document.get('ID', None) is None:
raise Exception('Missing ID attribute on SAML Response')
# Checks that the response only has one assertion
if not self.validate_num_assertions():
raise Exception('SAML Response must contain 1 assertion')
# Checks that the response has the SUCCESS status
self.check_status()
idp_data = self.__settings.get_idp_data()
idp_entity_id = idp_data['entityId']
sp_data = self.__settings.get_sp_data()
sp_entity_id = sp_data['entityId']
sign_nodes = self.__query('//ds:Signature')
signed_elements = []
for sign_node in sign_nodes:
signed_elements.append(sign_node.getparent().tag)
if self.__settings.is_strict():
res = OneLogin_Saml2_XML.validate_xml(self.document, 'saml-schema-protocol-2.0.xsd', self.__settings.is_debug_active())
if isinstance(res, str):
raise Exception('Invalid SAML Response. Not match the saml-schema-protocol-2.0.xsd')
security = self.__settings.get_security_data()
current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data)
# Check if the InResponseTo of the Response matchs the ID of the AuthNRequest (requestId) if provided
in_response_to = self.document.get('InResponseTo', None)
if in_response_to and request_id:
if in_response_to != request_id:
raise Exception('The InResponseTo of the Response: %s, does not match the ID of the AuthNRequest sent by the SP: %s' % (in_response_to, request_id))
if not self.encrypted and security['wantAssertionsEncrypted']:
raise Exception('The assertion of the Response is not encrypted and the SP require it')
if security['wantNameIdEncrypted']:
encrypted_nameid_nodes = self.__query_assertion('/saml:Subject/saml:EncryptedID/xenc:EncryptedData')
if len(encrypted_nameid_nodes) == 0:
raise Exception('The NameID of the Response is not encrypted and the SP require it')
# Checks that there is at least one AttributeStatement if required
attribute_statement_nodes = self.__query_assertion('/saml:AttributeStatement')
if security['wantAttributeStatement'] and not attribute_statement_nodes:
raise Exception('There is no AttributeStatement on the Response')
# Validates Assertion timestamps
if not self.validate_timestamps():
raise Exception('Timing issues (please check your clock settings)')
encrypted_attributes_nodes = self.__query_assertion('/saml:AttributeStatement/saml:EncryptedAttribute')
if encrypted_attributes_nodes:
raise Exception('There is an EncryptedAttribute in the Response and this SP not support them')
# Checks destination
destination = self.document.get('Destination', '')
if destination:
if not destination.startswith(current_url):
# TODO: Review if following lines are required, since we can control the
# request_data
# current_url_routed = OneLogin_Saml2_Utils.get_self_routed_url_no_query(request_data)
# if not destination.startswith(current_url_routed):
raise Exception('The response was received at %s instead of %s' % (current_url, destination))
# Checks audience
valid_audiences = self.get_audiences()
if valid_audiences and sp_entity_id not in valid_audiences:
raise Exception('%s is not a valid audience for this Response' % sp_entity_id)
# Checks the issuers
issuers = self.get_issuers()
for issuer in issuers:
if issuer is None or issuer != idp_entity_id:
raise Exception('Invalid issuer in the Assertion/Response')
# Checks the session Expiration
session_expiration = self.get_session_not_on_or_after()
if session_expiration and session_expiration <= OneLogin_Saml2_Utils.now():
#.........这里部分代码省略.........