source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/controllers/wayf.py @ 3892

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/controllers/wayf.py@3892
Revision 3892, 2.6 KB checked in by pjkersha, 12 years ago (diff)
  • Big changes enabling modularised security from Discovery/Browse? Pylons code stack. Changes are for login only and don't include the Gatekeeper yet.
  • Updates to OpenID AuthKit? test code to enable kid templates.

ndg.security.server/ndg/security/server/sso/sso/config/ssoServiceMiddleware.py

  • include client in ndg.security.client.cfg class for globals - needed for server/sslServer config settings for SSO Client BaseController?
  • read WS-Security settings using ndg.security.common.wssecurity.WSSecurityConfig

ndg.security.server/ndg/security/server/sso/sso/controllers/login.py,
ndg.security.server/ndg/security/server/sso/sso/controllers/logout.py:

  • Give specific alias for kid templates to enable a separate security templates dir to ows_server

ndg.security.server/ndg/security/server/sso/sso/controllers/wayf.py:

  • ditto to above
  • fix to URL input into base 64 encode - convert from unicode to regular string as otherwise b64 code will fail

ndg.security.server/ndg/security/server/sso/sso/lib/base.py:

  • Provide full path to sso.* imports so that controllers can be imported across into ows_server or any other pylons code stack.
  • LoginServiceQuery? -> SSOServiceQuery

ndg.security.server/ndg/security/server/sso/sso/templates/ndg/security/wayf.kid:

  • got rid of login status info - it's confusing to the user

ndg.security.client/ndg/security/client/ssoclient/ssoClient.cfg:

  • added tracefile option for ZSI SOAP i/o display

ndg.security.client/ndg/security/client/ssoclient/ssoclient/config/ssoClientMiddleware.py:

  • SSOMiddleware interface changed to enable reading direct from an existing config object as well as from file

ndg.security.client/ndg/security/client/ssoclient/ssoclient/controllers/logout.py:

  • fixes for full path import statements + correct g config attr settings

ndg.security.client/ndg/security/client/ssoclient/ssoclient/lib/base.py:

  • enable processing of logout response from a separate SSO Service - logout flag in URL arg tells base controller to delete the security details from the cookie.

ndg.security.client/ndg/security/client/ssoclient/ssoclient/templates/ndg/security/ndgPage.kid: typo fix

Tests/authtest/development.ini,
Tests/authtest/authtest/config/environment.py,
Tests/authtest/authtest/controllers/auth.py:

  • enable kid template for OpenID signin

Tests/authtest/authtest/tests/functional/test_test2.py,
Tests/authtest/authtest/controllers/test2.py: test controller

ndg.security.common/ndg/security/common/wssecurity/init.py:

  • enable initialisation from an existing config file object

ndg.security.common/ndg/security/common/pylons/security_util.py:

ndg.security.common/ndg/security/common/init.py: fix to imports

ndg.security.common/ndg/security/common/wsSecurity.py: fix for altered WSSecurityConfig interface

ndg.security.common/ndg/security/common/m2CryptoSSLUtility.py:

  • fix to HostCheck?.call - check for peerCert is None when peer tries http instead of https
Line 
1import logging
2
3from ndg.security.server.sso.sso.lib.base import *
4from ndg.security.common.AttAuthority import AttAuthorityClient
5import base64
6
7log = logging.getLogger(__name__)
8
9
10class WayfController(BaseController):
11    """Where Are You From Controller - display a list of trusted sites for
12    login"""
13   
14    def __before__(self, action): 
15        """For each action, get 'r' return to URL argument from current URL
16        query string.  c.b64encReturnTo is used in some of the .kid files"""
17        c.b64encReturnTo = str(request.params.get('r', ''))
18        log.debug("WayfController.__before__: c.b64encReturnTo = %s" % \
19                                                              c.b64encReturnTo)
20       
21        # Decode the return URL so that it can be displayed to the user by
22        # wayf.kid
23        # The URL has previously been encoded from the BaseController and set
24        # in ndgPage.kid 
25        # Use str() - urlsafe_b64decode() doesn't like unicode
26        c.returnTo = base64.urlsafe_b64decode(str(c.b64encReturnTo))
27       
28        # Ensure login can return to an address over https to
29        # preserve confidentiality of credentials
30        if g.ndg.security.server.ssoservice.cfg.server in c.returnTo:
31            c.returnTo = c.returnTo.replace(g.ndg.security.server.ssoservice.cfg.server, 
32                                            g.ndg.security.server.ssoservice.cfg.sslServer)
33            c.b64encReturnTo = urlsafe_b64encode(c.returnTo)       
34            log.debug(\
35    "WayfController.__before__: switched return to address to https = %s" % \
36                                                              c.returnTo) 
37
38
39    def index(self):
40        ''' NDG equivalent to Shibboleth WAYF '''
41        log.debug("WayfController.index ...")
42
43        aaClnt = AttAuthorityClient(\
44                    uri=g.ndg.security.server.ssoservice.cfg.aaURI,
45                    tracefile=g.ndg.security.server.ssoservice.cfg.tracefile,
46                    **g.ndg.security.server.ssoservice.cfg.wss)
47
48        # Get list of login uris for trusted sites including THIS one
49        log.debug("Calling Attribute Authority getTrustedHostInfo and " + \
50                  "getHostInfo for wayf")
51
52        hosts = aaClnt.getAllHostsInfo()   
53        c.providers=dict([(k, v['loginURI']) for k, v in hosts.items()])
54       
55        session.save()
56       
57        # Use an alias 'ndg.security.kid' to integration with another pylons
58        # code stack.  The alias tells render to pick up the template from a
59        # separate SSO templates directory to whatever is the default
60        return render('ndg.security.kid', 'ndg.security.wayf')
Note: See TracBrowser for help on using the repository browser.