Attachment #10839 for bug #52888




	def attribute_consuming_service(self, binding, message, relay_state):
		response = self.acs(message, binding)
		saml = SAMLUser(response, message)
		user = self.set_session(self.create_sessionid(), saml.username, saml=saml)
		self.drop_umcp_authentication(user.sessionid)

		# protect against javascript:alert('XSS'), mailto:foo and other non relative links!
		location = urlparse(relay_state)

		saml = SAMLUser(response, message)
		sessionid = self.create_sessionid()
		self.set_session(sessionid, saml.username, saml=saml)
		self.drop_umcp_authentication(sessionid)
		cherrypy.response.headers['Content-Type'] = 'text/html'
		data = {"status": 200, "result": {"username": saml.username}}
		return b'<html><body><textarea>%s</textarea></body></html>' % (json.dumps(data).encode('ASCII'),)

	def drop_umcp_authentication(self, sessionid):
		"""Force re-authentication if we get a new SAML message"""
		client = UMCP_Dispatcher.sessions.get(sessionid)
		if client:
			client.authenticated = False

	@cherrypy.expose
	def slo(self, *args, **kwargs):  # single logout service
		binding, message, relay_state = self._get_saml_message()

Return to bug 52888

Lines 1259-1265 class SAML(Ressource): Link Here

(-)management/univention-management-console/univention-management-console-web-server (-1 / +9 lines)
1259	def attribute_consuming_service(self, binding, message, relay_state):	1259	def attribute_consuming_service(self, binding, message, relay_state):
1260	response = self.acs(message, binding)	1260	response = self.acs(message, binding)
1261	saml = SAMLUser(response, message)	1261	saml = SAMLUser(response, message)
1262	self.set_session(self.create_sessionid(), saml.username, saml=saml)	1262	user = self.set_session(self.create_sessionid(), saml.username, saml=saml)
		1263	self.drop_umcp_authentication(user.sessionid)
1263		1264
1264	# protect against javascript:alert('XSS'), mailto:foo and other non relative links!	1265	# protect against javascript:alert('XSS'), mailto:foo and other non relative links!
1265	location = urlparse(relay_state)	1266	location = urlparse(relay_state)
Lines 1275-1284 class SAML(Ressource): Link Here
1275	saml = SAMLUser(response, message)	1276	saml = SAMLUser(response, message)
1276	sessionid = self.create_sessionid()	1277	sessionid = self.create_sessionid()
1277	self.set_session(sessionid, saml.username, saml=saml)	1278	self.set_session(sessionid, saml.username, saml=saml)
		1279	self.drop_umcp_authentication(sessionid)
1278	cherrypy.response.headers['Content-Type'] = 'text/html'	1280	cherrypy.response.headers['Content-Type'] = 'text/html'
1279	data = {"status": 200, "result": {"username": saml.username}}	1281	data = {"status": 200, "result": {"username": saml.username}}
1280	return b'<html><body><textarea>%s</textarea></body></html>' % (json.dumps(data).encode('ASCII'),)	1282	return b'<html><body><textarea>%s</textarea></body></html>' % (json.dumps(data).encode('ASCII'),)
1281		1283
		1284	def drop_umcp_authentication(self, sessionid):
		1285	"""Force re-authentication if we get a new SAML message"""
		1286	client = UMCP_Dispatcher.sessions.get(sessionid)
		1287	if client:
		1288	client.authenticated = False
		1289
1282	@cherrypy.expose	1290	@cherrypy.expose
1283	def slo(self, args, *kwargs): # single logout service	1291	def slo(self, args, *kwargs): # single logout service
1284	binding, message, relay_state = self._get_saml_message()	1292	binding, message, relay_state = self._get_saml_message()