本文整理汇总了Python中saml2.sigver.signed_instance_factory函数的典型用法代码示例。如果您正苦于以下问题:Python signed_instance_factory函数的具体用法?Python signed_instance_factory怎么用?Python signed_instance_factory使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了signed_instance_factory函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Python代码示例。
示例1: _response
def _response(self, in_response_to, consumer_url=None, status=None,
issuer=None, sign=False, to_sign=None,
encrypt_assertion=False, encrypt_cert=None, **kwargs):
""" Create a Response.
:param in_response_to: The session identifier of the request
:param consumer_url: The URL which should receive the response
:param status: The status of the response
:param issuer: The issuer of the response
:param sign: Whether the response should be signed or not
:param to_sign: If there are other parts to sign
:param kwargs: Extra key word arguments
:return: A Response instance
"""
if not status:
status = success_status_factory()
_issuer = self._issuer(issuer)
response = response_factory(issuer=_issuer,
in_response_to=in_response_to,
status=status)
if consumer_url:
response.destination = consumer_url
self._add_info(response, **kwargs)
if not sign and to_sign and not encrypt_assertion:
return signed_instance_factory(response, self.sec, to_sign)
if encrypt_assertion:
if sign:
response.signature = pre_signature_part(response.id,
self.sec.my_cert, 1)
cbxs = CryptoBackendXmlSec1(self.config.xmlsec_binary)
_, cert_file = make_temp("%s" % encrypt_cert, decode=False)
response = cbxs.encrypt_assertion(response, cert_file,
pre_encryption_part())
# template(response.assertion.id))
if sign:
if to_sign:
signed_instance_factory(response, self.sec, to_sign)
else:
# default is to sign the whole response if anything
sign_class = [(class_name(response), response.id)]
return signed_instance_factory(response, self.sec,
sign_class)
else:
return response
if sign:
return self.sign(response, to_sign=to_sign)
else:
return response
开发者ID:18600597055,项目名称:hue,代码行数:56,代码来源:entity.py
示例2: _response
def _response(self, in_response_to, consumer_url=None, status=None,
issuer=None, sign=False, to_sign=None, **kwargs):
""" Create a Response.
:param in_response_to: The session identifier of the request
:param consumer_url: The URL which should receive the response
:param status: The status of the response
:param issuer: The issuer of the response
:param sign: Whether the response should be signed or not
:param to_sign: If there are other parts to sign
:param kwargs: Extra key word arguments
:return: A Response instance
"""
if not status:
status = success_status_factory()
_issuer = self._issuer(issuer)
response = response_factory(issuer=_issuer,
in_response_to=in_response_to,
status=status)
if consumer_url:
response.destination = consumer_url
self._add_info(response, **kwargs)
if sign:
return self.sign(response, to_sign=to_sign)
elif to_sign:
return signed_instance_factory(response, self.sec, to_sign)
else:
return response
开发者ID:gbel,项目名称:pysaml2,代码行数:34,代码来源:entity.py
示例3: do_authz_decision_query
def do_authz_decision_query(self, entityid, assertion=None, log=None, sign=False):
authz_decision_query = self.authz_decision_query(entityid, assertion)
for destination in self.config.authz_services(entityid):
to_sign = []
if sign:
authz_decision_query.signature = pre_signature_part(authz_decision_query.id, self.sec.my_cert, 1)
to_sign.append((class_name(authz_decision_query), authz_decision_query.id))
authz_decision_query = signed_instance_factory(authz_decision_query, self.sec, to_sign)
response = send_using_soap(
authz_decision_query,
destination,
self.config.key_file,
self.config.cert_file,
log=log,
ca_certs=self.config.ca_certs,
)
if response:
if log:
log.info("Verifying response")
response = self.authz_decision_query_response(response, log)
if response:
# not_done.remove(entity_id)
if log:
log.info("OK response from %s" % destination)
return response
else:
if log:
log.info("NOT OK response from %s" % destination)
return None
开发者ID:natebeacham,项目名称:saml2,代码行数:35,代码来源:client.py
示例4: create_assertion_id_request_response
def create_assertion_id_request_response(self, assertion_id, sign=False,
sign_alg=None,
digest_alg=None, **kwargs):
"""
:param assertion_id:
:param sign:
:return:
"""
try:
(assertion, to_sign) = self.session_db.get_assertion(assertion_id)
except KeyError:
raise Unknown
if to_sign:
if assertion.signature is None:
assertion.signature = pre_signature_part(assertion.id,
self.sec.my_cert, 1,
sign_alg=sign_alg,
digest_alg=digest_alg)
return signed_instance_factory(assertion, self.sec, to_sign)
else:
return assertion
开发者ID:Lefford,项目名称:pysaml2,代码行数:25,代码来源:server.py
示例5: test_sign_response_2
def test_sign_response_2(self):
assertion2 = factory( saml.Assertion,
version= "2.0",
id= "11122",
issue_instant= "2009-10-30T13:20:28Z",
signature= sigver.pre_signature_part("11122", self.sec.my_cert),
attribute_statement=do_attribute_statement({
("","","surName"): ("Fox",""),
("","","givenName") :("Bear",""),
})
)
response = factory(samlp.Response,
assertion=assertion2,
id="22233",
signature=sigver.pre_signature_part("22233", self.sec.my_cert))
to_sign = [(class_name(assertion2), assertion2.id),
(class_name(response), response.id)]
s_response = sigver.signed_instance_factory(response, self.sec, to_sign)
assert s_response is not None
response2 = response_from_string(s_response)
sass = response2.assertion[0]
assert _eq(sass.keyswv(), ['attribute_statement', 'issue_instant',
'version', 'signature', 'id'])
assert sass.version == "2.0"
assert sass.id == "11122"
item = self.sec.check_signature(response2, class_name(response),
s_response)
assert isinstance(item, samlp.Response)
开发者ID:FluidReview,项目名称:saml2,代码行数:34,代码来源:test_40_sigver.py
示例6: test_sign_response
def test_sign_response(self):
response = factory(samlp.Response,
assertion=self._assertion,
id="22222",
signature=sigver.pre_signature_part("22222",
self.sec
.my_cert))
to_sign = [(class_name(self._assertion), self._assertion.id),
(class_name(response), response.id)]
s_response = sigver.signed_instance_factory(response, self.sec, to_sign)
assert s_response is not None
print(s_response)
response = response_from_string(s_response)
sass = response.assertion[0]
print(sass)
assert _eq(sass.keyswv(), ['attribute_statement', 'issue_instant',
'version', 'signature', 'id'])
assert sass.version == "2.0"
assert sass.id == "11111"
item = self.sec.check_signature(response, class_name(response),
s_response)
assert isinstance(item, samlp.Response)
assert item.id == "22222"
开发者ID:geops,项目名称:pysaml2,代码行数:27,代码来源:test_40_sigver.py
示例7: test_sign_verify_with_cert_from_instance
def test_sign_verify_with_cert_from_instance(self):
response = factory(samlp.Response,
assertion=self._assertion,
id="22222",
signature=sigver.pre_signature_part("22222",
self.sec
.my_cert))
to_sign = [(class_name(self._assertion), self._assertion.id),
(class_name(response), response.id)]
s_response = sigver.signed_instance_factory(response, self.sec, to_sign)
response2 = response_from_string(s_response)
ci = "".join(sigver.cert_from_instance(response2)[0].split())
assert ci == self.sec.my_cert
res = self.sec.verify_signature(s_response,
node_name=class_name(samlp.Response()))
assert res
res = self.sec._check_signature(s_response, response2,
class_name(response2), s_response)
assert res == response2
开发者ID:geops,项目名称:pysaml2,代码行数:27,代码来源:test_40_sigver.py
示例8: slo
def slo(self, request):
"""
generate a SAML2 logout request; reset session; return IDP URL
"""
session = request.SESSION
session.set(self.session_auth_key, False)
del session[self.session_user_properties]
config = self._saml2_config()
scl = Saml2Client(config)
samluid = session.get(self.session_samluid_key, "")
entityid = config.metadata.keys()[0]
sp_url = self.saml2_sp_url
actual_url = request.get("ACTUAL_URL", "")
if not actual_url.startswith(sp_url):
# the request was made from within a context we cannot handle
return None
session.set(self.session_storedurl_key, request.URL1)
# we cannot simply call global_logout on the client since it doesn't know about our user...
srvs = scl.metadata.single_logout_service(entityid, BINDING_HTTP_REDIRECT, "idpsso")
destination = destinations(srvs)[0]
samlrequest = scl.create_logout_request(destination, entityid, name_id=saml.NameID(text=samluid))
samlrequest.session_index = samlp.SessionIndex(session.get(self.session_samlsessionindex_key))
to_sign = []
samlrequest = signed_instance_factory(samlrequest, scl.sec, to_sign)
logger.info("SSO logout request: %s" % samlrequest.to_string())
session_id = samlrequest.id
rstate = scl._relay_state(session_id)
msg = http_redirect_message(samlrequest, destination, rstate)
headers = dict(msg["headers"])
location = headers["Location"]
logger.info("attempting to post: {loc}".format(loc=headers["Location"]))
return location
开发者ID:Haufe-Lexware,项目名称:hl.pas.samlplugin,代码行数:33,代码来源:plugin.py
示例9: test_sign_verify_assertion_with_cert_from_instance
def test_sign_verify_assertion_with_cert_from_instance(self):
assertion = factory(saml.Assertion,
version="2.0",
id="11100",
issue_instant="2009-10-30T13:20:28Z",
signature=sigver.pre_signature_part("11100",
self.sec
.my_cert),
attribute_statement=do_attribute_statement({
("", "", "surName"): ("Fox", ""),
("", "", "givenName"): ("Bear", ""),
})
)
to_sign = [(class_name(assertion), assertion.id)]
s_assertion = sigver.signed_instance_factory(assertion, self.sec,
to_sign)
print(s_assertion)
ass = assertion_from_string(s_assertion)
ci = "".join(sigver.cert_from_instance(ass)[0].split())
assert ci == self.sec.my_cert
res = self.sec.verify_signature(s_assertion,
node_name=class_name(ass))
assert res
res = self.sec._check_signature(s_assertion, ass, class_name(ass))
assert res
开发者ID:geops,项目名称:pysaml2,代码行数:29,代码来源:test_40_sigver.py
示例10: test_exception_sign_verify_with_cert_from_instance
def test_exception_sign_verify_with_cert_from_instance(self):
assertion = factory(saml.Assertion,
version="2.0",
id="11100",
issue_instant="2009-10-30T13:20:28Z",
#signature= sigver.pre_signature_part("11100",
# self.sec.my_cert),
attribute_statement=do_attribute_statement({
("", "", "surName"): ("Foo", ""),
("", "", "givenName"): ("Bar", ""),
})
)
response = factory(samlp.Response,
assertion=assertion,
id="22222",
signature=sigver.pre_signature_part("22222",
self.sec
.my_cert))
to_sign = [(class_name(response), response.id)]
s_response = sigver.signed_instance_factory(response, self.sec, to_sign)
response2 = response_from_string(s_response)
# Change something that should make everything fail
response2.id = "23456"
raises(sigver.SignatureError, self.sec._check_signature,
s_response, response2, class_name(response2))
开发者ID:geops,项目名称:pysaml2,代码行数:29,代码来源:test_40_sigver.py
示例11: sign
def sign(self, msg, mid=None, to_sign=None):
if msg.signature is None:
msg.signature = pre_signature_part(msg.id, self.sec.my_cert, 1)
if mid is None:
mid = msg.id
try:
to_sign.append([(class_name(msg), mid)])
except AttributeError:
to_sign = [(class_name(msg), mid)]
logger.info("REQUEST: %s" % msg)
return signed_instance_factory(msg, self.sec, to_sign)
开发者ID:caustin,项目名称:pysaml2,代码行数:15,代码来源:entity.py
示例12: test_sign_verify
def test_sign_verify(self):
response = factory(
samlp.Response, assertion=self._assertion, id="22233",
signature=sigver.pre_signature_part("22233", self.sec.my_cert))
to_sign = [(class_name(self._assertion), self._assertion.id),
(class_name(response), response.id)]
s_response = sigver.signed_instance_factory(response, self.sec, to_sign)
print(s_response)
res = self.sec.verify_signature(s_response,
node_name=class_name(samlp.Response()))
print(res)
assert res
开发者ID:lvanderree,项目名称:pysaml2-3,代码行数:16,代码来源:test_40_sigver.py
示例13: sign
def sign(self, msg, mid=None, to_sign=None, sign_prepare=False):
if msg.signature is None:
msg.signature = pre_signature_part(msg.id, self.sec.my_cert, 1)
if sign_prepare:
return msg
if mid is None:
mid = msg.id
try:
to_sign += [(class_name(msg), mid)]
except (AttributeError, TypeError):
to_sign = [(class_name(msg), mid)]
logger.info("REQUEST: %s" % msg)
return signed_instance_factory(msg, self.sec, to_sign)
开发者ID:gbel,项目名称:pysaml2,代码行数:17,代码来源:entity.py
示例14: create_logout_response
def create_logout_response(self, request, binding, status=None,
sign=False, issuer=None):
""" Create a LogoutResponse. What is returned depends on which binding
is used.
:param request: The request this is a response to
:param binding: Which binding the request came in over
:param status: The return status of the response operation
:param issuer: The issuer of the message
:return: A logout message.
"""
mid = sid()
if not status:
status = success_status_factory()
# response and packaging differs depending on binding
response = ""
if binding in [BINDING_SOAP, BINDING_HTTP_POST]:
response = logoutresponse_factory(sign=sign, id = mid,
in_response_to = request.id,
status = status)
elif binding == BINDING_HTTP_REDIRECT:
sp_entity_id = request.issuer.text.strip()
srvs = self.metadata.single_logout_service(sp_entity_id, "spsso")
if not srvs:
raise Exception("Nowhere to send the response")
destination = destinations(srvs)[0]
_issuer = self.issuer(issuer)
response = logoutresponse_factory(sign=sign, id = mid,
in_response_to = request.id,
status = status,
issuer = _issuer,
destination = destination,
sp_entity_id = sp_entity_id,
instant=instant())
if sign:
to_sign = [(class_name(response), mid)]
response = signed_instance_factory(response, self.sec, to_sign)
logger.info("Response: %s" % (response,))
return response
开发者ID:GSA,项目名称:pysaml2,代码行数:45,代码来源:server.py
示例15: _response
def _response(self, in_response_to, consumer_url=None, status=None,
issuer=None, sign=False, to_sign=None,
**kwargs):
""" Create a Response that adhers to the ??? profile.
:param in_response_to: The session identifier of the request
:param consumer_url: The URL which should receive the response
:param status: The status of the response
:param issuer: The issuer of the response
:param sign: Whether the response should be signed or not
:param to_sign: What other parts to sign
:param kwargs: Extra key word arguments
:return: A Response instance
"""
if not status:
status = success_status_factory()
_issuer = self.issuer(issuer)
response = response_factory(
issuer=_issuer,
in_response_to = in_response_to,
status = status,
)
if consumer_url:
response.destination = consumer_url
for key, val in kwargs.items():
setattr(response, key, val)
if sign:
try:
to_sign.append((class_name(response), response.id))
except AttributeError:
to_sign = [(class_name(response), response.id)]
return signed_instance_factory(response, self.sec, to_sign)
开发者ID:GSA,项目名称:pysaml2,代码行数:40,代码来源:server.py
示例16: _message
def _message(self, request_cls, destination=None, id=0,
consent=None, extensions=None, sign=False, **kwargs):
"""
Some parameters appear in all requests so simplify by doing
it in one place
:param request_cls: The specific request type
:param destination: The recipient
:param id: A message identifier
:param consent: Whether the principal have given her consent
:param extensions: Possible extensions
:param kwargs: Key word arguments specific to one request type
:return: An instance of the request_cls
"""
if not id:
id = sid(self.seed)
req = request_cls(id=id, version=VERSION, issue_instant=instant(),
issuer=self._issuer(), **kwargs)
if destination:
req.destination = destination
if consent:
req.consent = consent
if extensions:
req.extensions = extensions
if sign:
req.signature = pre_signature_part(req.id, self.sec.my_cert, 1)
to_sign = [(class_name(req), req.id)]
else:
to_sign = []
logger.info("REQUEST: %s" % req)
return signed_instance_factory(req, self.sec, to_sign)
开发者ID:paulftw,项目名称:pysaml2,代码行数:38,代码来源:client_base.py
示例17: do_logout
def do_logout(self, subject_id, entity_ids, reason, expire, sign=None):
"""
:param subject_id: Identifier of the Subject
:param entity_ids: List of entity ids for the IdPs that have provided
information concerning the subject
:param reason: The reason for doing the logout
:param expire: Try to logout before this time.
:param sign: Whether to sign the request or not
:return:
"""
# check time
if not not_on_or_after(expire): # I've run out of time
# Do the local logout anyway
self.local_logout(subject_id)
return 0, "504 Gateway Timeout", [], []
# for all where I can use the SOAP binding, do those first
not_done = entity_ids[:]
responses = {}
for entity_id in entity_ids:
response = False
for binding in [#BINDING_SOAP,
BINDING_HTTP_POST,
BINDING_HTTP_REDIRECT]:
srvs = self.metadata.single_logout_service(entity_id, "idpsso",
binding=binding)
if not srvs:
continue
destination = destinations(srvs)[0]
logger.info("destination to provider: %s" % destination)
request = self.create_logout_request(destination, entity_id,
subject_id, reason=reason,
expire=expire)
to_sign = []
if binding.startswith("http://"):
sign = True
if sign is None:
sign = self.logout_requests_signed_default
if sign:
request.signature = pre_signature_part(request.id,
self.sec.my_cert, 1)
to_sign = [(class_name(request), request.id)]
logger.info("REQUEST: %s" % request)
srequest = signed_instance_factory(request, self.sec, to_sign)
if binding == BINDING_SOAP:
response = self.send_using_soap(srequest, destination)
if response:
logger.info("Verifying response")
response = self.logout_request_response(response)
if response:
not_done.remove(entity_id)
logger.info("OK response from %s" % destination)
responses[entity_id] = logout_response_from_string(response)
else:
logger.info("NOT OK response from %s" % destination)
else:
session_id = request.id
rstate = self._relay_state(session_id)
self.state[session_id] = {"entity_id": entity_id,
"operation": "SLO",
"entity_ids": entity_ids,
"subject_id": subject_id,
"reason": reason,
"not_on_of_after": expire,
"sign": sign}
if binding == BINDING_HTTP_POST:
response = self.use_http_form_post(srequest,
destination,
rstate)
else:
response = self.use_http_get(srequest, destination,
rstate)
responses[entity_id] = response
not_done.remove(entity_id)
# only try one binding
break
if not_done:
# upstream should try later
raise LogoutError("%s" % (entity_ids,))
return responses
开发者ID:GSA,项目名称:pysaml2,代码行数:100,代码来源:client.py
示例18: _response
def _response(self, in_response_to, consumer_url=None, status=None,
issuer=None, sign=False, to_sign=None,
encrypt_assertion=False, encrypt_assertion_self_contained=False, encrypted_advice_attributes=False,
encrypt_cert=None, **kwargs):
""" Create a Response.
Encryption:
encrypt_assertion must be true for encryption to be performed. If encrypted_advice_attributes also is
true, then will the function try to encrypt the assertion in the the advice element of the main
assertion. Only one assertion element is allowed in the advice element, if multiple assertions exists
in the advice element the main assertion will be encrypted instead, since it's no point to encrypt
If encrypted_advice_attributes is
false the main assertion will be encrypted. Since the same key
:param in_response_to: The session identifier of the request
:param consumer_url: The URL which should receive the response
:param status: The status of the response
:param issuer: The issuer of the response
:param sign: Whether the response should be signed or not
:param to_sign: If there are other parts to sign
:param kwargs: Extra key word arguments
:return: A Response instance
"""
if not status:
status = success_status_factory()
_issuer = self._issuer(issuer)
response = response_factory(issuer=_issuer,
in_response_to=in_response_to,
status=status)
if consumer_url:
response.destination = consumer_url
self._add_info(response, **kwargs)
if not sign and to_sign and not encrypt_assertion:
return signed_instance_factory(response, self.sec, to_sign)
if encrypt_assertion:
node_xpath = None
if sign:
response.signature = pre_signature_part(response.id,
self.sec.my_cert, 1)
sign_class = [(class_name(response), response.id)]
cbxs = CryptoBackendXmlSec1(self.config.xmlsec_binary)
if encrypted_advice_attributes and response.assertion.advice is not None \
and len(response.assertion.advice.assertion) == 1:
tmp_assertion = response.assertion.advice.assertion[0]
response.assertion.advice.encrypted_assertion = []
response.assertion.advice.encrypted_assertion.append(EncryptedAssertion())
if isinstance(tmp_assertion, list):
response.assertion.advice.encrypted_assertion[0].add_extension_elements(tmp_assertion)
else:
response.assertion.advice.encrypted_assertion[0].add_extension_element(tmp_assertion)
response.assertion.advice.assertion = []
if encrypt_assertion_self_contained:
advice_tag = response.assertion.advice._to_element_tree().tag
assertion_tag = tmp_assertion._to_element_tree().tag
response = response.get_xml_string_with_self_contained_assertion_within_advice_encrypted_assertion(
assertion_tag, advice_tag)
node_xpath = ''.join(["/*[local-name()=\"%s\"]" % v for v in
["Response", "Assertion", "Advice", "EncryptedAssertion", "Assertion"]])
elif encrypt_assertion_self_contained:
assertion_tag = response.assertion._to_element_tree().tag
response = pre_encrypt_assertion(response)
response = response.get_xml_string_with_self_contained_assertion_within_encrypted_assertion(
assertion_tag)
else:
response = pre_encrypt_assertion(response)
if to_sign:
response = signed_instance_factory(response, self.sec, to_sign)
_, cert_file = make_temp("%s" % encrypt_cert, decode=False)
response = cbxs.encrypt_assertion(response, cert_file,
pre_encryption_part(), node_xpath=node_xpath)
# template(response.assertion.id))
if sign:
return signed_instance_factory(response, self.sec, sign_class)
else:
return response
if sign:
return self.sign(response, to_sign=to_sign)
else:
return response
开发者ID:Itxaka,项目名称:pysaml2,代码行数:86,代码来源:entity.py
示例19: logout_response
def logout_response(self, request, bindings, status=None, sign=False, issuer=None):
""" Create a LogoutResponse. What is returned depends on which binding
is used.
:param request: The request this is a response to
:param bindings: Which bindings that can be used to send the response
:param status: The return status of the response operation
:param issuer: The issuer of the message
:return: A 3-tuple consisting of HTTP return code, HTTP headers and
possibly a message.
"""
sp_entity_id = request.issuer.text.strip()
binding = None
destinations = []
for binding in bindings:
destinations = self.conf.single_logout_services(sp_entity_id, binding)
if destinations:
break
if not destinations:
if self.log:
self.log.error("Not way to return a response !!!")
return ("412 Precondition Failed", [("Content-type", "text/html")], ["No return way defined"])
# Pick the first
destination = destinations[0]
if self.log:
self.log.info("Logout Destination: %s, binding: %s" % (destination, binding))
if not status:
status = success_status_factory()
mid = sid()
rcode = "200 OK"
# response and packaging differs depending on binding
if binding == BINDING_SOAP:
response = logoutresponse_factory(sign=sign, id=mid, in_response_to=request.id, status=status)
if sign:
to_sign = [(class_name(response), mid)]
response = signed_instance_factory(response, self.sec, to_sign)
(headers, message) = http_soap_message(response)
else:
_issuer = self.issuer(issuer)
response = logoutresponse_factory(
sign=sign,
id=mid,
in_response_to=request.id,
status=status,
issuer=_issuer,
destination=destination,
sp_entity_id=sp_entity_id,
instant=instant(),
)
if sign:
to_sign = [(class_name(response), mid)]
response = signed_instance_factory(response, self.sec, to_sign)
if self.log:
self.log.info("Response: %s" % (response,))
if binding == BINDING_HTTP_REDIRECT:
(headers, message) = http_redirect_message(response, destination, typ="SAMLResponse")
rcode = "302 Found"
else:
(headers, message) = http_post_message(response, destination, typ="SAMLResponse")
return rcode, headers, message
开发者ID:howow,项目名称:pysaml2,代码行数:70,代码来源:server.py
示例20: authn_request
def authn_request(
self,
query_id,
destination,
service_url,
spentityid,
my_name="",
vorg="",
scoping=None,
log=None,
sign=None,
binding=saml2.BINDING_HTTP_POST,
nameid_format=saml.NAMEID_FORMAT_TRANSIENT,
):
""" Creates an authentication request.
:param query_id: The identifier for this request
:param destination: Where the request should be sent.
:param service_url: Where the reply should be sent.
:param spentityid: The entity identifier for this service.
:param my_name: The name of this service.
:param vorg: The vitual organization the service belongs to.
:param scoping: The scope of the request
:param log: A service to which logs should be written
:param sign: Whether the request should be signed or not.
:param binding: The protocol to use for the Response !!
:return: <samlp:AuthnRequest> instance
"""
request = samlp.AuthnRequest(
id=query_id,
version=VERSION,
issue_instant=instant(),
assertion_consumer_service_url=service_url,
protocol_binding=binding,
)
if destination:
request.destination = destination
if my_name:
request.provider_name = my_name
if scoping:
request.scoping = scoping
# Profile stuff, should be configurable
if nameid_format == saml.NAMEID_FORMAT_TRANSIENT:
name_id_policy = samlp.NameIDPolicy(allow_create="true", format=nameid_format)
else:
name_id_policy = samlp.NameIDPolicy(format=nameid_format)
if vorg:
try:
name_id_policy.sp_name_qualifier = vorg
name_id_policy.format = saml.NAMEID_FORMAT_PERSISTENT
except KeyError:
pass
if sign is None:
sign = self.authn_requests_signed_default
if sign:
request.signature = pre_signature_part(request.id, self.sec.my_cert, 1)
to_sign = [(class_name(request), request.id)]
else:
to_sign = []
request.name_id_policy = name_id_policy
request.issuer = self.issuer(spentityid)
if log is None:
log = self.logger
if log:
log.info("REQUEST: %s" % request)
return signed_instance_factory(request, self.sec, to_sign)
开发者ID:natebeacham,项目名称:saml2,代码行数:75,代码来源:client.py
注:本文中的saml2.sigver.signed_instance_factory函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论