sso.py 3.38 KB
Newer Older
marcus-tun's avatar
marcus-tun committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
#!/usr/bin/env python 

from mod_python import apache
from mod_python import util
import httplib2
import hashlib
from base64 import b64encode, b64decode



def handler(req):
    assertionLocation = str(req.subprocess_env['Shib-Assertion-01'])
    h1 = httplib2.HTTPSConnectionWithTimeout('saml-delegation.data.kit.edu')

    # get the path portion of the assertion link
    (i, assertionPath) = assertionLocation.split('https://saml-delegation.data.kit.edu')

    # get the assertion
    h1.request('GET', assertionPath)
    response = h1.getresponse()
    assertion = response.read()

    # remove newlines
    assertion = assertion.replace("\n", "")

    # find out at which url we were called
    (none, none, location) = req.uri.split('/')

    # sso
    if location == 'sso.py':
        req.content_type = 'text/html'
        req.write('''<!DOCTYPE html>
            <html>
            <head>
            <meta http-equiv="refresh" content="1
                  URL=https://saml-delegation.data.kit.edu/sd/ecp.py">

                  <!--   URI:     %s -->

            </head>
            <body>
            <br/>
            Save your assertion as "/tmp/samlup_uXXXX.tmp" where you replace
                  "XXXX" with your user id.<br>
            </body>
            </html>'''% req.uri)
        return apache.OK

    # sso via javascript
    if location == 'js.py':
        req.content_type = 'text/html'
        req.write('''<!DOCTYPE html>
            <html>
            <head>

            </head>
            <body>
                <script type="text/javascript">''')
        req.sendfile(req.document_root() + "/sd/js.js")
        req.write(''' </script> </body> </html> ''')
        return apache.OK

    # ecp
    if location == 'ecp.py':
        req.content_type='application/octet-stream'\
                '\nContent-Disposition: attachment; filename=samlup_uXXXX.tmp'
        req.write(assertion)
        return apache.OK

    # upload via javascript
    if location == 'jsupload.py':
        req.content_type = 'text/plain'
        req.write("not here")
        return apache.OK

    # upload
    if location == 'upload.py':
        req.content_type = 'text/plain'
        # we expect the data via post in encrypted assertion.
        # we will return the url of where to collect the assertion
        # request.
        if req.method != 'POST':
            req.write("Error, i was expecting a post request")
            return apache.OK

        form = util.FieldStorage(req)
        if form.has_key("encrypted_assertion"):
            buf = form.get("encrypted_assertion", "ooops")
            if buf == "ooops":
                req.write ("Error: did not obtain the encrypted_assertion")
                return apache.OK

            # decode assertion
            encrypted_assertion = b64decode(buf)

            # create hash
            assertion_hash = str(hashlib.md5(encrypted_assertion).hexdigest())
            assertion_path=req.document_root() + '/assertions/' + assertion_hash
            assertion_url ='https://' + req.hostname + '/assertions/' + assertion_hash

            # write to file
            file=open(assertion_path, 'w')
            file.write(encrypted_assertion)
            file.close()

            req.write("url=%s" % assertion_url)

        return apache.OK

    req.content_type = 'text/plain'
    req.write("Error: Your request was not understood")
    return apache.OK
    #return apache.HTTP_BAD_REQUEST