sso.py 3.82 KB
Newer Older
marcus-tun's avatar
marcus-tun committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
#!/usr/bin/env python 

from mod_python import apache
from mod_python import util
import httplib2
import hashlib
from base64 import b64encode, b64decode



def handler(req):
    assertionLocation = str(req.subprocess_env['Shib-Assertion-01'])
    h1 = httplib2.HTTPSConnectionWithTimeout('saml-delegation.data.kit.edu')

    # get the path portion of the assertion link
    (i, assertionPath) = assertionLocation.split('https://saml-delegation.data.kit.edu')

    # get the assertion
    h1.request('GET', assertionPath)
    response = h1.getresponse()
    assertion = response.read()

    # remove newlines
    assertion = assertion.replace("\n", "")

    # find out at which url we were called
    (none, none, location) = req.uri.split('/')

    # sso
    if location == 'sso.py':
        req.content_type = 'text/html'
        req.write('''<!DOCTYPE html>
            <html>
            <head>
            <meta http-equiv="refresh" content="1
                  URL=https://saml-delegation.data.kit.edu/sd/ecp.py">

                  <!--   URI:     %s -->

            </head>
            <body>
            <br/>
            Save your assertion as "/tmp/samlup_uXXXX.tmp" where you replace
                  "XXXX" with your user id.<br>
            </body>
            </html>'''% req.uri)
        return apache.OK

49
    # js: sso via javascript
marcus-tun's avatar
marcus-tun committed
50
51
52
53
54
    if location == 'js.py':
        req.content_type = 'text/html'
        req.write('''<!DOCTYPE html>
            <html>
            <head>
55
56
            <script src="js/twofish/2-fish.js"> </script>
            <script src="js/seedrandom/seedrandom.min.js"> </script>
marcus-tun's avatar
marcus-tun committed
57
58
59
60
61
62
63
64
65
            </head>
            <body>
                <script type="text/javascript">''')
        req.sendfile(req.document_root() + "/sd/js.js")
        req.write(''' </script> </body> </html> ''')
        return apache.OK

    # ecp
    if location == 'ecp.py':
66
67
68
69
        # octet stream will force saving to disk, while
        # text will allow to open with a text editor
        #req.content_type='application/octet-stream'\
        req.content_type='application/text'\
marcus-tun's avatar
marcus-tun committed
70
71
72
73
74
                '\nContent-Disposition: attachment; filename=samlup_uXXXX.tmp'
        req.write(assertion)
        return apache.OK

    # upload
75
    if location in ( 'upload.py', 'jsupload.py'):
marcus-tun's avatar
marcus-tun committed
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
        req.content_type = 'text/plain'
        # we expect the data via post in encrypted assertion.
        # we will return the url of where to collect the assertion
        # request.
        if req.method != 'POST':
            req.write("Error, i was expecting a post request")
            return apache.OK

        form = util.FieldStorage(req)
        if form.has_key("encrypted_assertion"):
            buf = form.get("encrypted_assertion", "ooops")
            if buf == "ooops":
                req.write ("Error: did not obtain the encrypted_assertion")
                return apache.OK

            # decode assertion
            encrypted_assertion = b64decode(buf)

            # create hash
            assertion_hash = str(hashlib.md5(encrypted_assertion).hexdigest())
            assertion_path=req.document_root() + '/assertions/' + assertion_hash
            assertion_url ='https://' + req.hostname + '/assertions/' + assertion_hash

            # write to file
100
101
102
103
104
105
            try:
                file=open(assertion_path, 'w')
                file.write(encrypted_assertion)
                file.close()
            except:
                req.write("could not save assertion")
marcus-tun's avatar
marcus-tun committed
106

107
108
109
110
111
            if location == 'jsupload.py':
                req.write('You can use this url as a temporary password in all federation-enabled services:\n\n%s' % assertion_url);

            else:
                req.write("url=%s" % assertion_url)
marcus-tun's avatar
marcus-tun committed
112
113
114
115
116
117
118

        return apache.OK

    req.content_type = 'text/plain'
    req.write("Error: Your request was not understood")
    return apache.OK
    #return apache.HTTP_BAD_REQUEST