Ignore:
Timestamp:
04/04/08 10:11:04 (12 years ago)
Author:
pjkersha
Message:
 
File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/controllers/wayf.py

    r3658 r3754  
    2828        # Ensure login can return to an address over https to  
    2929        # preserve confidentiality of credentials 
    30         if g.securityCfg.server in c.returnTo: 
    31             c.returnTo = c.returnTo.replace(g.securityCfg.server,  
    32                                             g.securityCfg.sslServer) 
     30        if g.ndg.security.server.ssoservice.cfg.server in c.returnTo: 
     31            c.returnTo = c.returnTo.replace(g.ndg.security.server.ssoservice.cfg.server,  
     32                                            g.ndg.security.server.ssoservice.cfg.sslServer) 
    3333            c.b64encReturnTo = urlsafe_b64encode(c.returnTo)         
    3434            log.debug(\ 
    3535    "WayfController.__before__: switched return to address to https = %s" % \ 
    3636                                                              c.returnTo)  
    37 #         
    38 #        # Check return to address - getCredentials should NOT be returned to 
    39 #        # with its query args intact 
    40 #        b64decReturnTo = base64.urlsafe_b64decode(c.returnTo) 
    41 #        scheme, netloc, pathInfo, query, frag = urlsplit(b64decReturnTo) 
    42 #        if 'getCredentials' in pathInfo: 
    43 #            # Swap to discovery and remove sensitive creds query args 
    44 #            # 
    45 #            # TODO: re-write to be more robust and modular.  Nb.  
    46 #            # BaseController.__call__ should filter out 'getCredentials' 
    47 #            # calls from c.requestURL so this code should never need to be  
    48 #            # executed. 
    49 #            filteredReturnTo = urlunsplit((scheme,netloc,'/login','','')) 
    50 #            c.returnTo = base64.urlsafe_b64encode(filteredReturnTo) 
    51 #         
    52 #        # Check return to address - getCredentials should NOT be returned to 
    53 #        # with its query args intact 
    54 #        log.debug("LoginController.__before__: Decoded c.returnTo = %s" % \ 
    55 #                                      base64.urlsafe_b64decode(c.returnTo)) 
     37 
    5638 
    5739    def index(self): 
     
    5941        log.debug("WayfController.index ...") 
    6042 
    61         # Inclusive namespace prefixes for WS-Security digital signature 
    62         # (Exclusive C14N only) 
    63         refC14nKw = {'unsuppressedPrefixes':g.securityCfg.wssRefInclNS} 
    64         signedInfoC14nKw = {'unsuppressedPrefixes': 
    65                             g.securityCfg.wssSignedInfoInclNS} 
    66          
    67         aaClnt = AttAuthorityClient(uri=g.securityCfg.aaURI, 
    68                         signingCertFilePath=g.securityCfg.wssCertFilePath, 
    69                         signingPriKeyFilePath=g.securityCfg.wssPriKeyFilePath, 
    70                         signingPriKeyPwd=g.securityCfg.wssPriKeyPwd, 
    71                         caCertFilePathList=g.securityCfg.wssCACertFilePathList, 
    72                         refC14nKw=refC14nKw, 
    73                         signedInfoC14nKw=signedInfoC14nKw, 
    74                         tracefile=g.securityCfg.tracefile) 
     43        aaClnt = AttAuthorityClient(\ 
     44                    uri=g.ndg.security.server.ssoservice.cfg.aaURI, 
     45                    tracefile=g.ndg.security.server.ssoservice.cfg.tracefile, 
     46                    **g.ndg.security.server.ssoservice.cfg.wss) 
    7547 
    7648        # Get list of login uris for trusted sites including THIS one 
Note: See TracChangeset for help on using the changeset viewer.