Ignore:
Timestamp:
27/04/09 16:08:37 (11 years ago)
Author:
pjkersha
Message:

1.0.1 rc2

Added capability for Policy Information Point to query an Attribute Authority directly without a remote Session Manager intermediary to cache credentials. This is the use case for ESG based IdP connecting to NDG services.

Location:
TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/authn.py

    r5224 r5227  
    154154            return True 
    155155        else: 
    156             log.debug("%s.checker skipping status %s", cls.__name__, status) 
     156            log.debug("%s.checker skipping status [%s]", cls.__name__, status) 
    157157            return False 
    158158 
     
    182182         
    183183        if self.signoutPath and self.pathInfo == self.signoutPath: 
     184            log.debug("SessionHandlerMiddleware: caught signout path [%s]", 
     185                      self.signoutPath) 
     186             
    184187            referer = session.get(self.__class__.logoutReturn2URIArgName) 
    185188            if referer is not None: 
     
    200203            session.save() 
    201204        else: 
     205            log.debug("SessionHandlerMiddleware: checking for REMOTE_* " 
     206                      "environment variable settings set by OpenID Relying " 
     207                      "Party signin...") 
     208             
    202209            if 'username' not in session and 'REMOTE_USER' in environ: 
     210                log.debug("SessionHandlerMiddleware: updating session with " 
     211                          "username=%s", environ['REMOTE_USER']) 
     212                 
    203213                session['username'] = environ['REMOTE_USER'] 
    204214                 
    205215            if environ.get('REMOTE_USER_DATA', ''): 
     216                log.debug("SessionHandlerMiddleware: found REMOTE_USER_DATA=" 
     217                          "%s, set from OpenID Relying Party signin") 
     218                 
    206219                # eval is safe here because AuthKit cookie is signed and  
    207220                # AuthKit middleware checks for tampering 
     
    214227                    sessionId = axData['ax']['value.sessionId.1'] 
    215228                    session['sessionId'] = sessionId 
     229 
     230                    log.debug("SessionHandlerMiddleware: updated session " 
     231                              "with sessionManagerURI=%s and sessionId=%s",  
     232                              sessionManagerURI, sessionId) 
    216233                     
    217234                # Reset cookie removing user data 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/authz/__init__.py

    r5224 r5227  
    140140        request = Request() 
    141141        request.subject[Subject.USERID_NS] = session['username'] 
     142         
     143        # The following won't be set if the IdP running the OpenID Provider 
     144        # hasn't also deployed a Session Manager.  In this case, the 
     145        # Attribute Authority will be queried directly from here without a 
     146        # remote Session Manager intermediary to cache credentials 
    142147        request.subject[Subject.SESSIONID_NS] = session.get('sessionId') 
    143148        request.subject[Subject.SESSIONMANAGERURI_NS] = session.get( 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/provider/authninterface/sessionmanager.py

    r5189 r5227  
    7575        @param password: corresponding password for username givens 
    7676         
    77         @raise AuthNInterfaceUsername2IdentifierMismatch: no OpenID identifiers 
    78         match the given username 
     77        @raise AuthNInterfaceUsername2IdentifierMismatch: no OpenID  
     78        identifiers match the given username 
    7979        @raise AuthNInterfaceInvalidCredentials: invalid username/password 
    8080        """ 
     
    9696                    result = connection.execute(query) 
    9797                except Exception, e: 
    98                     log.error('Connecting database for user logon query : %s' % 
     98                    log.error('Connecting database for user logon query : %s'% 
    9999                              e) 
    100100                    raise 
Note: See TracChangeset for help on using the changeset viewer.