Source code for saml2.authn_request
# -*- coding: utf-8 -*-
# Copyright (c) 2014, OneLogin, Inc.
# All rights reserved.
from base64 import b64encode
from datetime import datetime
from zlib import compress
from saml2.utils import OneLogin_Saml2_Utils
from saml2.constants import OneLogin_Saml2_Constants
[docs]class OneLogin_Saml2_Authn_Request:
def __init__(self, settings):
"""
Constructs the AuthnRequest object.
Arguments are:
* (OneLogin_Saml2_Settings) settings. Setting data
"""
self.__settings = settings
sp_data = self.__settings.get_sp_data()
security = self.__settings.get_security_data()
uid = OneLogin_Saml2_Utils.generate_unique_id()
issue_instant = OneLogin_Saml2_Utils.parse_time_to_SAML(
int(datetime.now().strftime("%s"))
)
name_id_policy_format = sp_data['NameIDFormat']
if 'wantNameIdEncrypted' in security and security['wantNameIdEncrypted']:
name_id_policy_format = OneLogin_Saml2_Constants.NAMEID_ENCRYPTED
provider_name_str = ''
organization_data = settings.get_organization()
if isinstance(organization_data, dict):
langs = organization_data.keys()
if 'en-US' in langs:
lang = 'en-US'
else:
lang = langs[0]
if 'displayname' in organization_data[lang] and organization_data[lang]['displayname'] is not None:
provider_name_str = 'ProviderName="%s"' % organization_data[lang]['displayname']
request = """<samlp:AuthnRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="%(id)s"
Version="2.0"
%(provider_name)s
IssueInstant="%(issue_instant)s"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
AssertionConsumerServiceURL="%(assertion_url)s">
<saml:Issuer>%(entity_id)s</saml:Issuer>
<samlp:NameIDPolicy
Format="%(name_id_policy)s"
AllowCreate="true" />
<samlp:RequestedAuthnContext Comparison="exact">
<saml:AuthnContextMethodRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextMethodRef>
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>""" % {
'id': uid,
'provider_name': provider_name_str,
'issue_instant': issue_instant,
'assertion_url': sp_data['assertionConsumerService']['url'],
'entity_id': sp_data['entityId'],
'name_id_policy': name_id_policy_format,
}
self.__authn_request = request
[docs] def get_request(self):
"""
Returns unsigned AuthnRequest.
:return: Unsigned AuthnRequest
:rtype: str object
"""
deflated_request = compress(self.__authn_request)[2:-4]
return b64encode(deflated_request)