Changeset 3914 for TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/controllers/wayf.py

Timestamp:

20/05/08 17:11:20 (12 years ago)

Author:

pjkersha

Message:

• New ndg.security.common.zsi_util.httpproxy.ProxyHTTPConnection class replaces urllib2client - easier to fit into existing ZSI client framework.
• Further OpenID integration into Single Sign On Service. User now authenticates OK but patches needed to AuthKit? + need to handle return_to URL dynamically according to page visited before WAYF call.

File:

• TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/controllers/wayf.py (modified) (2 diffs)

TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/controllers/wayf.py

@@ -29 +29 @@
         # preserve confidentiality of credentials
         if g.ndg.security.server.ssoservice.cfg.server in c.returnTo:
-            c.returnTo = c.returnTo.replace(g.ndg.security.server.ssoservice.cfg.server, 
-                                            g.ndg.security.server.ssoservice.cfg.sslServer)
+            c.returnTo = c.returnTo.replace(\
+                                g.ndg.security.server.ssoservice.cfg.server, 
+                                g.ndg.security.server.ssoservice.cfg.sslServer)
             c.b64encReturnTo = urlsafe_b64encode(c.returnTo)        
             log.debug(\
@@ -39 +40 @@
     def index(self):
         ''' NDG equivalent to Shibboleth WAYF '''
+        
+        # Convenience alias
+        cfg = g.ndg.security.server.ssoservice.cfg
+        
         log.debug("WayfController.index ...")
+        log.debug("Initialising connection to Attribute Authority [%s]" % \
+                  cfg.aaURI)
+        
+        try:
+            aaClnt = AttAuthorityClient(uri=cfg.aaURI,
+                                    tracefile=cfg.tracefile,
+                                    httpProxyHost=cfg.httpProxyHost,
+                                    ignoreHttpProxyEnv=cfg.ignoreHttpProxyEnv,
+                                    **cfg.wss)
+        except Exception, e:
+            c.xml='Error establishing security context.  Please report ' + \
+                  'the error to your site administrator'
+            log.error("Initialising AttAuthorityClient for " + \
+                      "getAllHostsInfo call: %s" % e)
+            return render('ndg.security.kid', 'ndg.security.error')
+            
+        # Get list of login uris for trusted sites including THIS one
+        log.debug("Calling Attribute Authority getAllHostsInfo for wayf ...")
 
-        aaClnt = AttAuthorityClient(\
-                    uri=g.ndg.security.server.ssoservice.cfg.aaURI,
-                    tracefile=g.ndg.security.server.ssoservice.cfg.tracefile,
-                    **g.ndg.security.server.ssoservice.cfg.wss)
-
-        # Get list of login uris for trusted sites including THIS one
-        log.debug("Calling Attribute Authority getTrustedHostInfo and " + \
-                  "getHostInfo for wayf")
-
-        hosts = aaClnt.getAllHostsInfo()    
-        c.providers=dict([(k, v['loginURI']) for k, v in hosts.items()])
+        hosts = aaClnt.getAllHostsInfo() 
+        try:
+            hosts = aaClnt.getAllHostsInfo() 
+        except Exception, e:
+            c.xml='Error getting a list of trusted sites for login.  ' + \
+                'Please report the error to your site administrator.'
+            log.error("AttAuthorityClient getAllHostsInfo call: %s" % e)  
+            return render('ndg.security.kid', 'ndg.security.error')
+            
+        c.providers = dict([(k, v['loginURI']) for k, v in hosts.items()])
         
         session.save()