source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/controllers/wayf.py @ 3914

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/controllers/wayf.py@3914
Revision 3914, 3.6 KB checked in by pjkersha, 12 years ago (diff)
  • New ndg.security.common.zsi_util.httpproxy.ProxyHTTPConnection class replaces urllib2client - easier to fit into existing ZSI client framework.
  • Further OpenID integration into Single Sign On Service. User now authenticates OK but patches needed to AuthKit? + need to handle return_to URL dynamically according to page visited before WAYF call.
Line 
1import logging
2
3from ndg.security.server.sso.sso.lib.base import *
4from ndg.security.common.AttAuthority import AttAuthorityClient
5import base64
6
7log = logging.getLogger(__name__)
8
9
10class WayfController(BaseController):
11    """Where Are You From Controller - display a list of trusted sites for
12    login"""
13   
14    def __before__(self, action): 
15        """For each action, get 'r' return to URL argument from current URL
16        query string.  c.b64encReturnTo is used in some of the .kid files"""
17        c.b64encReturnTo = str(request.params.get('r', ''))
18        log.debug("WayfController.__before__: c.b64encReturnTo = %s" % \
19                                                              c.b64encReturnTo)
20       
21        # Decode the return URL so that it can be displayed to the user by
22        # wayf.kid
23        # The URL has previously been encoded from the BaseController and set
24        # in ndgPage.kid 
25        # Use str() - urlsafe_b64decode() doesn't like unicode
26        c.returnTo = base64.urlsafe_b64decode(str(c.b64encReturnTo))
27       
28        # Ensure login can return to an address over https to
29        # preserve confidentiality of credentials
30        if g.ndg.security.server.ssoservice.cfg.server in c.returnTo:
31            c.returnTo = c.returnTo.replace(\
32                                g.ndg.security.server.ssoservice.cfg.server, 
33                                g.ndg.security.server.ssoservice.cfg.sslServer)
34            c.b64encReturnTo = urlsafe_b64encode(c.returnTo)       
35            log.debug(\
36    "WayfController.__before__: switched return to address to https = %s" % \
37                                                              c.returnTo) 
38
39
40    def index(self):
41        ''' NDG equivalent to Shibboleth WAYF '''
42       
43        # Convenience alias
44        cfg = g.ndg.security.server.ssoservice.cfg
45       
46        log.debug("WayfController.index ...")
47        log.debug("Initialising connection to Attribute Authority [%s]" % \
48                  cfg.aaURI)
49       
50        try:
51            aaClnt = AttAuthorityClient(uri=cfg.aaURI,
52                                    tracefile=cfg.tracefile,
53                                    httpProxyHost=cfg.httpProxyHost,
54                                    ignoreHttpProxyEnv=cfg.ignoreHttpProxyEnv,
55                                    **cfg.wss)
56        except Exception, e:
57            c.xml='Error establishing security context.  Please report ' + \
58                  'the error to your site administrator'
59            log.error("Initialising AttAuthorityClient for " + \
60                      "getAllHostsInfo call: %s" % e)
61            return render('ndg.security.kid', 'ndg.security.error')
62           
63        # Get list of login uris for trusted sites including THIS one
64        log.debug("Calling Attribute Authority getAllHostsInfo for wayf ...")
65
66        hosts = aaClnt.getAllHostsInfo() 
67        try:
68            hosts = aaClnt.getAllHostsInfo() 
69        except Exception, e:
70            c.xml='Error getting a list of trusted sites for login.  ' + \
71                'Please report the error to your site administrator.'
72            log.error("AttAuthorityClient getAllHostsInfo call: %s" % e) 
73            return render('ndg.security.kid', 'ndg.security.error')
74           
75        c.providers = dict([(k, v['loginURI']) for k, v in hosts.items()])
76       
77        session.save()
78       
79        # Use an alias 'ndg.security.kid' to integration with another pylons
80        # code stack.  The alias tells render to pick up the template from a
81        # separate SSO templates directory to whatever is the default
82        return render('ndg.security.kid', 'ndg.security.wayf')
Note: See TracBrowser for help on using the repository browser.