1 | import logging |
---|
2 | |
---|
3 | from sso.lib.base import * |
---|
4 | from ndg.security.common.AttAuthority import AttAuthorityClient |
---|
5 | import base64 |
---|
6 | |
---|
7 | log = logging.getLogger(__name__) |
---|
8 | |
---|
9 | |
---|
10 | class WayfController(BaseController): |
---|
11 | """Where Are You From Controller - display a list of trusted sites for |
---|
12 | login""" |
---|
13 | |
---|
14 | def __before__(self, action): |
---|
15 | """For each action, get 'r' return to URL argument from current URL |
---|
16 | query string. c.b64encReturnTo is used in some of the .kid files""" |
---|
17 | c.b64encReturnTo = request.params.get('r', '') |
---|
18 | log.debug("WayfController.__before__: c.b64encReturnTo = %s" % \ |
---|
19 | c.b64encReturnTo) |
---|
20 | |
---|
21 | # Decode the return URL so that it can be displayed to the user by |
---|
22 | # wayf.kid |
---|
23 | # The URL has previously been encoded from the BaseController and set |
---|
24 | # in ndgPage.kid |
---|
25 | # Use str() - urlsafe_b64decode() doesn't like unicode |
---|
26 | c.returnTo = base64.urlsafe_b64decode(str(c.b64encReturnTo)) |
---|
27 | |
---|
28 | # Ensure login can return to an address over https to |
---|
29 | # preserve confidentiality of credentials |
---|
30 | if g.ndg.security.server.ssoservice.cfg.server in c.returnTo: |
---|
31 | c.returnTo = c.returnTo.replace(g.ndg.security.server.ssoservice.cfg.server, |
---|
32 | g.ndg.security.server.ssoservice.cfg.sslServer) |
---|
33 | c.b64encReturnTo = urlsafe_b64encode(c.returnTo) |
---|
34 | log.debug(\ |
---|
35 | "WayfController.__before__: switched return to address to https = %s" % \ |
---|
36 | c.returnTo) |
---|
37 | |
---|
38 | |
---|
39 | def index(self): |
---|
40 | ''' NDG equivalent to Shibboleth WAYF ''' |
---|
41 | log.debug("WayfController.index ...") |
---|
42 | |
---|
43 | aaClnt = AttAuthorityClient(\ |
---|
44 | uri=g.ndg.security.server.ssoservice.cfg.aaURI, |
---|
45 | tracefile=g.ndg.security.server.ssoservice.cfg.tracefile, |
---|
46 | **g.ndg.security.server.ssoservice.cfg.wss) |
---|
47 | |
---|
48 | # Get list of login uris for trusted sites including THIS one |
---|
49 | log.debug("Calling Attribute Authority getTrustedHostInfo and " + \ |
---|
50 | "getHostInfo for wayf") |
---|
51 | |
---|
52 | hosts = aaClnt.getAllHostsInfo() |
---|
53 | c.providers=dict([(k, v['loginURI']) for k, v in hosts.items()]) |
---|
54 | |
---|
55 | session.save() |
---|
56 | |
---|
57 | return render('ndg.security.wayf') |
---|