Source code for saml2.authn_request

# -*- coding: utf-8 -*-

# Copyright (c) 2014, OneLogin, Inc.
# All rights reserved.

from base64 import b64encode
from datetime import datetime
from zlib import compress

from saml2.utils import OneLogin_Saml2_Utils
from saml2.constants import OneLogin_Saml2_Constants


[docs]class OneLogin_Saml2_Authn_Request: def __init__(self, settings): """ Constructs the AuthnRequest object. Arguments are: * (OneLogin_Saml2_Settings) settings. Setting data """ self.__settings = settings sp_data = self.__settings.get_sp_data() security = self.__settings.get_security_data() uid = OneLogin_Saml2_Utils.generate_unique_id() issue_instant = OneLogin_Saml2_Utils.parse_time_to_SAML( int(datetime.now().strftime("%s")) ) name_id_policy_format = sp_data['NameIDFormat'] if 'wantNameIdEncrypted' in security and security['wantNameIdEncrypted']: name_id_policy_format = OneLogin_Saml2_Constants.NAMEID_ENCRYPTED provider_name_str = '' organization_data = settings.get_organization() if isinstance(organization_data, dict): langs = organization_data.keys() if 'en-US' in langs: lang = 'en-US' else: lang = langs[0] if 'displayname' in organization_data[lang] and organization_data[lang]['displayname'] is not None: provider_name_str = 'ProviderName="%s"' % organization_data[lang]['displayname'] request = """<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="%(id)s" Version="2.0" %(provider_name)s IssueInstant="%(issue_instant)s" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="%(assertion_url)s"> <saml:Issuer>%(entity_id)s</saml:Issuer> <samlp:NameIDPolicy Format="%(name_id_policy)s" AllowCreate="true" /> <samlp:RequestedAuthnContext Comparison="exact"> <saml:AuthnContextMethodRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextMethodRef> </samlp:RequestedAuthnContext> </samlp:AuthnRequest>""" % { 'id': uid, 'provider_name': provider_name_str, 'issue_instant': issue_instant, 'assertion_url': sp_data['assertionConsumerService']['url'], 'entity_id': sp_data['entityId'], 'name_id_policy': name_id_policy_format, } self.__authn_request = request
[docs] def get_request(self): """ Returns unsigned AuthnRequest. :return: Unsigned AuthnRequest :rtype: str object """ deflated_request = compress(self.__authn_request)[2:-4] return b64encode(deflated_request)