root / aai / shibboleth.py @ 53481544
History | View | Annotate | Download (3.2 kB)
| 1 |
# Copyright 2011 GRNET S.A. All rights reserved.
|
|---|---|
| 2 |
#
|
| 3 |
# Redistribution and use in source and binary forms, with or without
|
| 4 |
# modification, are permitted provided that the following conditions
|
| 5 |
# are met:
|
| 6 |
#
|
| 7 |
# 1. Redistributions of source code must retain the above copyright
|
| 8 |
# notice, this list of conditions and the following disclaimer.
|
| 9 |
#
|
| 10 |
# 2. Redistributions in binary form must reproduce the above copyright
|
| 11 |
# notice, this list of conditions and the following disclaimer in the
|
| 12 |
# documentation and/or other materials provided with the distribution.
|
| 13 |
#
|
| 14 |
# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
| 15 |
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
| 16 |
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
| 17 |
# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
| 18 |
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
| 19 |
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
| 20 |
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
| 21 |
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
| 22 |
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
| 23 |
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
| 24 |
# SUCH DAMAGE.
|
| 25 |
|
| 26 |
#
|
| 27 |
# The views and conclusions contained in the software and documentation are
|
| 28 |
# those of the authors and should not be interpreted as representing official
|
| 29 |
# policies, either expressed or implied, of GRNET S.A.
|
| 30 |
|
| 31 |
# Business Logic for working with sibbolleth users
|
| 32 |
|
| 33 |
from synnefo.logic import users |
| 34 |
|
| 35 |
class Tokens: |
| 36 |
# these are mapped by the Shibboleth SP software
|
| 37 |
SHIB_EPPN = "eppn" # eduPersonPrincipalName |
| 38 |
SHIB_NAME = "Shib-InetOrgPerson-givenName"
|
| 39 |
SHIB_SURNAME = "Shib-Person-surname"
|
| 40 |
SHIB_CN = "Shib-Person-commonName"
|
| 41 |
SHIB_DISPLAYNAME = "Shib-InetOrgPerson-displayName"
|
| 42 |
SHIB_EP_AFFILIATION = "Shib-EP-Affiliation"
|
| 43 |
SHIB_SESSION_ID = "Shib-Session-ID"
|
| 44 |
|
| 45 |
|
| 46 |
class NoUniqueToken(BaseException): |
| 47 |
def __init__(self, msg): |
| 48 |
self.msg = msg
|
| 49 |
|
| 50 |
|
| 51 |
class NoRealName(BaseException): |
| 52 |
def __init__(self, msg): |
| 53 |
self.msg = msg
|
| 54 |
|
| 55 |
|
| 56 |
def register_shibboleth_user(tokens): |
| 57 |
"""Registers a Shibboleth user using the input hash as a source for data."""
|
| 58 |
|
| 59 |
if Tokens.SHIB_DISPLAYNAME in tokens: |
| 60 |
realname = tokens[Tokens.SHIB_DISPLAYNAME] |
| 61 |
elif Tokens.SHIB_CN in tokens: |
| 62 |
realname = tokens[Tokens.SHIB_CN] |
| 63 |
elif Tokens.SHIB_NAME in tokens and Tokens.SHIB_SURNAME in tokens: |
| 64 |
realname = tokens[Tokens.SHIB_NAME] + ' ' + tokens[Tokens.SHIB_SURNAME]
|
| 65 |
else:
|
| 66 |
raise NoRealName("Authentication does not return the user's name") |
| 67 |
|
| 68 |
try:
|
| 69 |
affiliation = tokens[Tokens.SHIB_EP_AFFILIATION] |
| 70 |
except KeyError: |
| 71 |
affiliation = 'member'
|
| 72 |
|
| 73 |
try:
|
| 74 |
eppn = tokens[Tokens.SHIB_EPPN] |
| 75 |
except KeyError: |
| 76 |
raise NoUniqueToken("Authentication does not return a unique token") |
| 77 |
|
| 78 |
if affiliation == 'student': |
| 79 |
users.register_student(realname, '' , eppn)
|
| 80 |
else:
|
| 81 |
# this includes faculty but also staff, alumni, member, other, ...
|
| 82 |
users.register_professor(realname, '' , eppn)
|
| 83 |
|
| 84 |
return True |