Ignore:
Timestamp:
22/05/08 15:07:02 (12 years ago)
Author:
pjkersha
Message:

Initial Integration of Single Sign On Service with OpenID and Pylons AuthKit?:

  • WAYF now contains an OpenID textbox for sign in
  • No role integration carried out yet - OpenID has no better privileges than an anonymous user(!)
  • Integrated into Authkit - requires lots of config settings in pylons ini file
  • HTTP 401 error get redirected automatically to WAYF
  • Need to create an AuthKit? egg from SVN 151 checkout - will put on NDG dist
File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/controllers/wayf.py

    r3914 r3918  
    33from ndg.security.server.sso.sso.lib.base import * 
    44from ndg.security.common.AttAuthority import AttAuthorityClient 
    5 import base64 
     5from base64 import urlsafe_b64decode 
    66 
    77log = logging.getLogger(__name__) 
     
    1111    """Where Are You From Controller - display a list of trusted sites for  
    1212    login""" 
    13      
    14     def __before__(self, action):  
    15         """For each action, get 'r' return to URL argument from current URL  
    16         query string.  c.b64encReturnTo is used in some of the .kid files""" 
    17         c.b64encReturnTo = str(request.params.get('r', '')) 
    18         log.debug("WayfController.__before__: c.b64encReturnTo = %s" % \ 
    19                                                               c.b64encReturnTo) 
    20          
    21         # Decode the return URL so that it can be displayed to the user by  
    22         # wayf.kid 
    23         # The URL has previously been encoded from the BaseController and set  
    24         # in ndgPage.kid   
    25         # Use str() - urlsafe_b64decode() doesn't like unicode 
    26         c.returnTo = base64.urlsafe_b64decode(str(c.b64encReturnTo)) 
    27          
    28         # Ensure login can return to an address over https to  
    29         # preserve confidentiality of credentials 
    30         if g.ndg.security.server.ssoservice.cfg.server in c.returnTo: 
    31             c.returnTo = c.returnTo.replace(\ 
    32                                 g.ndg.security.server.ssoservice.cfg.server,  
    33                                 g.ndg.security.server.ssoservice.cfg.sslServer) 
    34             c.b64encReturnTo = urlsafe_b64encode(c.returnTo)         
    35             log.debug(\ 
    36     "WayfController.__before__: switched return to address to https = %s" % \ 
    37                                                               c.returnTo)  
    38  
    3913 
    4014    def index(self): 
    4115        ''' NDG equivalent to Shibboleth WAYF ''' 
    4216         
    43         # Convenience alias 
    44         cfg = g.ndg.security.server.ssoservice.cfg 
     17        # Check for return to arg in query.  This is necessary only if the  
     18        # WAYF query originates from a different service to this one 
     19        if 'r' in request.params: 
     20            # Convenience alias 
     21            state = g.ndg.security.common.sso.state 
    4522         
    46         log.debug("WayfController.index ...") 
    47         log.debug("Initialising connection to Attribute Authority [%s]" % \ 
    48                   cfg.aaURI) 
    49          
    50         try: 
    51             aaClnt = AttAuthorityClient(uri=cfg.aaURI, 
    52                                     tracefile=cfg.tracefile, 
    53                                     httpProxyHost=cfg.httpProxyHost, 
    54                                     ignoreHttpProxyEnv=cfg.ignoreHttpProxyEnv, 
    55                                     **cfg.wss) 
    56         except Exception, e: 
    57             c.xml='Error establishing security context.  Please report ' + \ 
    58                   'the error to your site administrator' 
    59             log.error("Initialising AttAuthorityClient for " + \ 
    60                       "getAllHostsInfo call: %s" % e) 
    61             return render('ndg.security.kid', 'ndg.security.error') 
    62              
    63         # Get list of login uris for trusted sites including THIS one 
    64         log.debug("Calling Attribute Authority getAllHostsInfo for wayf ...") 
     23            state.b64encReturnToURL = str(request.params['r']) 
     24            state.returnToURL = urlsafe_b64decode(str(state.b64encReturnToURL))  
     25            log.debug("Set return to URL from 'r' query arg: r = %s"% \ 
     26                                                        state.returnToURL) 
    6527 
    66         hosts = aaClnt.getAllHostsInfo()  
    67         try: 
    68             hosts = aaClnt.getAllHostsInfo()  
    69         except Exception, e: 
    70             c.xml='Error getting a list of trusted sites for login.  ' + \ 
    71                 'Please report the error to your site administrator.' 
    72             log.error("AttAuthorityClient getAllHostsInfo call: %s" % e)   
    73             return render('ndg.security.kid', 'ndg.security.error') 
    74              
    75         c.providers = dict([(k, v['loginURI']) for k, v in hosts.items()]) 
    76          
    77         session.save() 
    78          
    79         # Use an alias 'ndg.security.kid' to integration with another pylons 
    80         # code stack.  The alias tells render to pick up the template from a 
    81         # separate SSO templates directory to whatever is the default 
    82         return render('ndg.security.kid', 'ndg.security.wayf') 
     28        # Trigger AuthKit handler: 
     29        abort(401) 
Note: See TracChangeset for help on using the changeset viewer.