本文整理汇总了Python中saml2.s_utils.sid函数的典型用法代码示例。如果您正苦于以下问题:Python sid函数的具体用法?Python sid怎么用?Python sid使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了sid函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: _authn_statement
def _authn_statement(self, authn_class=None, authn_auth=None,
authn_decl=None, authn_decl_ref=None):
"""
Construct the AuthnStatement
:param authn_class: Authentication Context Class reference
:param authn_auth: Authenticating Authority
:param authn_decl: Authentication Context Declaration
:param authn_decl_ref: Authentication Context Declaration reference
:return: An AuthnContext instance
"""
if authn_class:
return factory(
saml.AuthnStatement,
authn_instant=instant(),
session_index=sid(),
authn_context=self._authn_context_class_ref(
authn_class, authn_auth))
elif authn_decl:
return factory(
saml.AuthnStatement,
authn_instant=instant(),
session_index=sid(),
authn_context=self._authn_context_decl(authn_decl, authn_auth))
elif authn_decl_ref:
return factory(
saml.AuthnStatement,
authn_instant=instant(),
session_index=sid(),
authn_context=self._authn_context_decl_ref(authn_decl_ref,
authn_auth))
else:
return factory(
saml.AuthnStatement,
authn_instant=instant(),
session_index=sid())示例2: authn_statement
def authn_statement(authn_class=None, authn_auth=None,
authn_decl=None, authn_decl_ref=None, authn_instant="",
subject_locality="", session_not_on_or_after=None):
"""
Construct the AuthnStatement
:param authn_class: Authentication Context Class reference
:param authn_auth: Authenticating Authority
:param authn_decl: Authentication Context Declaration
:param authn_decl_ref: Authentication Context Declaration reference
:param authn_instant: When the Authentication was performed.
Assumed to be seconds since the Epoch.
:param subject_locality: Specifies the DNS domain name and IP address
for the system from which the assertion subject was apparently
authenticated.
:return: An AuthnContext instance
"""
if authn_instant:
_instant = instant(time_stamp=authn_instant)
else:
_instant = instant()
if authn_class:
res = factory(
saml.AuthnStatement,
authn_instant=_instant,
session_index=sid(),
session_not_on_or_after=session_not_on_or_after,
authn_context=_authn_context_class_ref(
authn_class, authn_auth))
elif authn_decl:
res = factory(
saml.AuthnStatement,
authn_instant=_instant,
session_index=sid(),
session_not_on_or_after=session_not_on_or_after,
authn_context=_authn_context_decl(authn_decl, authn_auth))
elif authn_decl_ref:
res = factory(
saml.AuthnStatement,
authn_instant=_instant,
session_index=sid(),
session_not_on_or_after=session_not_on_or_after,
authn_context=_authn_context_decl_ref(authn_decl_ref,
authn_auth))
else:
res = factory(
saml.AuthnStatement,
authn_instant=_instant,
session_index=sid(),
session_not_on_or_after=session_not_on_or_after)
if subject_locality:
res.subject_locality = saml.SubjectLocality(text=subject_locality)
return res示例3: add_certificate_to_cache
def add_certificate_to_cache(self, certificate_str):
_sid = sid()
while _sid in self.certificate_cache():
_sid = sid()
cache = self.certificate_cache()
cache[_sid] = {
"timeout": datetime.datetime.now() + datetime.timedelta(minutes=self.sp_conf.CERT_TIMEOUT),
"cert": base64.b64encode(certificate_str)
}
self.sphandlercache[self.certificate_cache_name] = cache
return _sid示例4: authenticate
def authenticate(self, entityid=None, relay_state="",
binding=BINDING_HTTP_REDIRECT,
log=None, vorg="", scoping=None, sign=None, **kwargs):
""" Makes an authentication request.
:param entityid: The entity ID of the IdP to send the request to
:param relay_state: To where the user should be returned after
successfull log in.
:param binding: Which binding to use for sending the request
:param log: Where to write log messages
:param vorg: The entity_id of the virtual organization I'm a member of
:param scoping: For which IdPs this query are aimed.
:param sign: Whether the request should be signed or not.
:return: AuthnRequest response
"""
destination = self._sso_location(entityid, binding=binding)
session_id = sid()
_req_str = "%s" % self.authn(destination, session_id, vorg, scoping, log,
sign, **kwargs)
logger.info("AuthNReq: %s" % _req_str)
info = self.apply_binding(binding, _req_str, destination, relay_state)
return session_id, info示例5: multiple_signatures
def multiple_signatures(self, statement, to_sign, key=None, key_file=None):
"""
Sign multiple parts of a statement
:param statement: The statement that should be sign, this is XML text
:param to_sign: A list of (items, id, id attribute name) tuples that
specifies what to sign
:param key: A key that should be used for doing the signing
:param key_file: A file that contains the key to be used
:return: A possibly multiple signed statement
"""
for (item, sid, id_attr) in to_sign:
if not sid:
if not item.id:
sid = item.id = sid()
else:
sid = item.id
if not item.signature:
item.signature = pre_signature_part(sid, self.cert_file)
statement = self.sign_statement(statement, class_name(item),
key=key, key_file=key_file,
node_id=sid, id_attr=id_attr)
return statement示例6: _handle_discovery_request
def _handle_discovery_request(self):
"""Handle SAML Discovery Service request. This method is called
internally by the `authenticate` method when multiple acceptable IdPs
are detected.
Returns:
Tuple containing session Id and Flask Response object to return to
user containing either HTTP_REDIRECT to configured Discovery
Service end point.
Raises:
AuthException: when unable to find discovery response end point.
"""
session_id = sid()
try:
return_url = self._config.getattr(
'endpoints', 'sp')['discovery_response'][0][0]
except KeyError:
raise AuthException(
"Multiple IdPs configured with no configured Discovery" + \
" response end point.")
return_url += "?session_id=%s" % session_id
disco_url = Saml2Client.create_discovery_service_request(
self.discovery_service_end_point,
self._config.entityid, **{'return': return_url})
LOGGER.debug("Redirect to Discovery Service %s", disco_url)
return (session_id, make_response('', 302, {'Location': disco_url}))示例7: persistent
def persistent(self, entity_id, subject_id):
""" Keeps the link between a permanent identifier and a
temporary/pseudo-temporary identifier for a subject
The store supports look-up both ways: from a permanent local
identifier to a identifier used talking to a SP and from an
identifier given back by an SP to the local permanent.
:param entity_id: SP entity ID or VO entity ID
:param subject_id: The local permanent identifier of the subject
:return: An arbitrary identifier for the subject unique to the
service/group of services/VO with a given entity_id
"""
try:
return self._get_remote("persistent", entity_id, subject_id)
except KeyError:
temp_id = "xyz"
while True:
temp_id = sid()
try:
self._get_local("persistent", entity_id, temp_id)
except KeyError:
break
self._store("persistent", entity_id, subject_id, temp_id)
self.map.sync()
return temp_id示例8: _status_response
def _status_response(self, response_class, issuer, status, sign=False,
**kwargs):
""" Create a StatusResponse.
:param response_class: Which subclass of StatusResponse that should be
used
:param issuer: The issuer of the response message
:param status: The return status of the response operation
:param sign: Whether the response should be signed or not
:param kwargs: Extra arguments to the response class
:return: Class instance or string representation of the instance
"""
mid = sid()
for key in ["destination", "binding"]:
try:
del kwargs[key]
except KeyError:
pass
if not status:
status = success_status_factory()
response = response_class(issuer=issuer, id=mid, version=VERSION,
issue_instant=instant(),
status=status, **kwargs)
if sign:
return self.sign(response, mid)
else:
return response示例9: entities_descriptor
def entities_descriptor(eds, valid_for, name, ident, sign, secc):
entities = md.EntitiesDescriptor(entity_descriptor=eds)
if valid_for:
entities.valid_until = in_a_while(hours=valid_for)
if name:
entities.name = name
if ident:
entities.id = ident
if sign:
if not ident:
ident = sid()
if not secc.key_file:
raise SAMLError("If you want to do signing you should define " +
"a key to sign with")
if not secc.my_cert:
raise SAMLError("If you want to do signing you should define " +
"where your public key are")
entities.signature = pre_signature_part(ident, secc.my_cert, 1)
entities.id = ident
xmldoc = secc.sign_statement("%s" % entities, class_name(entities))
entities = md.entities_descriptor_from_string(xmldoc)
else:
xmldoc = None
return entities, xmldoc示例10: authz_decision_query
def authz_decision_query(self, entityid, action,
evidence=None, resource=None, subject=None,
binding=saml2.BINDING_HTTP_REDIRECT, sign=None):
""" Creates an authz decision query.
:param entityid: The entity ID of the IdP to send the request to
:param action: The action you want to perform (has to be at least one)
:param evidence: Why you should be able to perform the action
:param resource: The resource you want to perform the action on
:param subject: Who wants to do the thing
:param binding: Which binding to use for sending the request
:param sign: Whether the request should be signed or not.
:return: AuthzDecisionQuery instance
"""
spentityid = self._issuer()
service_url = self.service_url()
my_name = self._my_name()
logger.info("spentityid: %s\nservice_url: %s\nmy_name: %s" % (
spentityid, service_url, my_name))
# authen_req = self.authn_request(session_id, location,
# service_url, spentityid, my_name, vorg,
# scoping, sign)
request = samlp.AuthzDecisionQuery(action, evidence, resource,
subject=subject,
issuer=spentityid,
id=sid(),
issue_instant=instant(),
version=VERSION,
destination=entityid)
return request示例11: test_create_artifact_resolve
def test_create_artifact_resolve():
b64art = create_artifact(SP, "aabbccddeeffgghhiijj", 1)
artifact = base64.b64decode(b64art)
#assert artifact[:2] == '\x00\x04'
#assert int(artifact[2:4]) == 0
#
s = sha1(SP.encode('ascii'))
assert artifact[4:24] == s.digest()
with closing(Server(config_file="idp_all_conf")) as idp:
typecode = artifact[:2]
assert typecode == ARTIFACT_TYPECODE
destination = idp.artifact2destination(b64art, "spsso")
msg_id, msg = idp.create_artifact_resolve(b64art, destination, sid())
print(msg)
args = idp.use_soap(msg, destination, None, False)
sp = Saml2Client(config_file="servera_conf")
ar = sp.parse_artifact_resolve(args["data"])
print(ar)
assert ar.artifact.text == b64art示例12: construct_logout_request
def construct_logout_request(self, subject_id, destination, issuer_entity_id, reason=None, expire=None):
""" Constructs a LogoutRequest
:param subject_id: The identifier of the subject
:param destination:
:param issuer_entity_id: The entity ID of the IdP the request is
target at.
:param reason: An indication of the reason for the logout, in the
form of a URI reference.
:param expire: The time at which the request expires,
after which the recipient may discard the message.
:return: A LogoutRequest instance
"""
session_id = sid()
# create NameID from subject_id
name_id = saml.NameID(text=self.users.get_entityid(subject_id, issuer_entity_id, False))
request = samlp.LogoutRequest(
id=session_id,
version=VERSION,
issue_instant=instant(),
destination=destination,
issuer=self.issuer(),
name_id=name_id,
)
if reason:
request.reason = reason
if expire:
request.not_on_or_after = expire
return request示例13: make_logout_response
def make_logout_response(self, idp_entity_id, request_id, status_code, binding=BINDING_HTTP_REDIRECT):
""" Constructs a LogoutResponse
:param idp_entity_id: The entityid of the IdP that want to do the
logout
:param request_id: The Id of the request we are replying to
:param status_code: The status code of the response
:param binding: The type of binding that will be used for the response
:return: A LogoutResponse instance
"""
destination = self.config.single_logout_services(idp_entity_id, binding)[0]
status = samlp.Status(status_code=samlp.StatusCode(value=status_code))
response = samlp.LogoutResponse(
id=sid(),
version=VERSION,
issue_instant=instant(),
destination=destination,
issuer=self.issuer(),
in_response_to=request_id,
status=status,
)
return response, destination示例14: sign_entity_descriptor
def sign_entity_descriptor(edesc, ident, secc):
if not ident:
ident = sid()
edesc.signature = pre_signature_part(ident, secc.my_cert, 1)
edesc.id = ident
xmldoc = secc.sign_statement_using_xmlsec("%s" % edesc, class_name(edesc))
return md.entity_descriptor_from_string(xmldoc)示例15: authentication_request
def authentication_request(cls, ecp, idp_entity_id, destination,
log=None, sign=False):
""" Does a authentication request to an Identity provider.
This function uses the SOAP binding other bindings could be used but are
not
supported right now.
:param cls: The SAML2 client instance
:param ecp: The ECP client instance
:param idp_entity_id: The identifier of the subject
:param destination: To whom the query should be sent
:param log: Function to use for logging
:param sign: Whether the request should be signed or not
:return: A Authentication Response
"""
if log is None:
log = cls.logger
session_id = sid()
acsus = cls.config.endpoint('assertion_consumer_service',
saml2.BINDING_PAOS)
if not acsus and log:
log.error("Couldn't find own PAOS endpoint")
acsu = acsus[0]
spentityid = cls.config.entityid
# create the request
request = cls.authn_request(session_id,
destination,
acsu,
spentityid,
"",
log=LOG(),
sign=sign,
binding=saml2.BINDING_PAOS,
nameid_format=saml.NAMEID_FORMAT_PERSISTENT)
try:
try:
headers = {config.USERNAME_HEADER: ecp.user}
except AttributeError:
headers = None
print >> sys.stderr, "Headers: {0:>s}".format(headers)
# send the request and receive the response
response = ecp.phase2(request, acsu, idp_entity_id, headers,
destination)
except Exception, exc:
exception_trace("soap", exc, log)
if log:
log.info("SoapClient exception: %s" % (exc,))
return None