auth.py

About this file

We attempted to read from templates/app_lib_onelogin_saml2_auth.py_hw.txt but failed.

Code Check Report


app/lib/onelogin/saml2/auth.py:526:121: E501 line too long (123 > 120 characters)

Documentation drawn from source code

OneLogin_Saml2_Auth class

Copyright (c) 2010-2018 OneLogin, Inc.
MIT License

Main class of OneLogin's Python Toolkit.

Initializes the SP SAML instance

OneLogin_Saml2_Auth(object):

This class implements the SP SAML instance.

Defines the methods that you can invoke in your application in
order to add SAML support (initiates SSO, initiates SLO, processes a
SAML Response, a Logout Request or a Logout Response).

__init__(self, request_data, old_settings=None, custom_base_path=None):

Initializes the SP SAML instance.

:param request_data: Request Data
:type request_data: dict

:param old_settings: Optional. SAML Toolkit Settings
:type old_settings: dict

:param custom_base_path: Optional. Path where are stored the settings file and the cert folder
:type custom_base_path: string

get_settings(self):

Returns the settings info
:return: Setting info
:rtype: OneLogin_Saml2_Setting object

set_strict(self, value):

Set the strict mode active/disable

:param value:
:type value: bool

process_response(self, request_id=None):

Process the SAML Response sent by the IdP.

:param request_id: Is an optional argument. Is the ID of the AuthNRequest sent by this SP to the IdP.
:type request_id: string

:raises: OneLogin_Saml2_Error.SAML_RESPONSE_NOT_FOUND, when a POST with a SAMLResponse is not found

process_slo(self, keep_local_session=False, request_id=None, delete_session_cb=None):

Process the SAML Logout Response / Logout Request sent by the IdP.

:param keep_local_session: When false will destroy the local session, otherwise will destroy it
:type keep_local_session: bool

:param request_id: The ID of the LogoutRequest sent by this SP to the IdP
:type request_id: string

:returns: Redirection url

redirect_to(self, url=None, parameters={}):

Redirects the user to the URL passed by parameter or to the URL that we defined in our SSO Request.

:param url: The target URL to redirect the user
:type url: string
:param parameters: Extra parameters to be passed as part of the URL
:type parameters: dict

:returns: Redirection URL

is_authenticated(self):

Checks if the user is authenticated or not.

:returns: True if is authenticated, False if not
:rtype: bool

get_attributes(self):

Returns the set of SAML attributes.

:returns: SAML attributes
:rtype: dict

get_nameid(self):

Returns the nameID.

:returns: NameID
:rtype: string|None

get_nameid_format(self):

Returns the nameID Format.

:returns: NameID Format
:rtype: string|None

get_session_index(self):

Returns the SessionIndex from the AuthnStatement.
:returns: The SessionIndex of the assertion
:rtype: string

get_session_expiration(self):

Returns the SessionNotOnOrAfter from the AuthnStatement.
:returns: The SessionNotOnOrAfter of the assertion
:rtype: DateTime|None

get_last_assertion_not_on_or_after(self):

The NotOnOrAfter value of the valid SubjectConfirmationData node
(if any) of the last assertion processed

get_errors(self):

Returns a list with code errors if something went wrong

:returns: List of errors
:rtype: list

get_last_error_reason(self):

Returns the reason for the last error

:returns: Reason of the last error
:rtype: None | string

get_attribute(self, name):

Returns the requested SAML attribute.

:param name: Name of the attribute
:type name: string

:returns: Attribute value if exists or []
:rtype: string

get_last_request_id(self):

:returns: The ID of the last Request SAML message generated.
:rtype: string

get_last_message_id(self):

:returns: The ID of the last Response SAML message processed.
:rtype: string

get_last_assertion_id(self):

:returns: The ID of the last assertion processed.
:rtype: string

get_last_authn_contexts(self):

:returns: The list of authentication contexts sent in the last SAML resposne.
:rtype: list

login(self, return_to=None, force_authn=False, is_passive=False, set_nameid_policy=True):

Initiates the SSO process.

:param return_to: Optional argument. The target URL the user should be redirected to after login.
:type return_to: string

:param force_authn: Optional argument. When true the AuthNRequest will set the ForceAuthn='true'.
:type force_authn: bool

:param is_passive: Optional argument. When true the AuthNRequest will set the Ispassive='true'.
:type is_passive: bool

:param set_nameid_policy: Optional argument. When true the AuthNRequest will set a nameIdPolicy element.
:type set_nameid_policy: bool

:returns: Redirection URL
:rtype: string

logout(self, return_to=None, name_id=None, session_index=None, nq=None, name_id_format=None):

Initiates the SLO process.

:param return_to: Optional argument. The target URL the user should be redirected to after logout.
:type return_to: string

:param name_id: The NameID that will be set in the LogoutRequest.
:type name_id: string

:param session_index: SessionIndex that identifies the session of the user.
:type session_index: string

:param nq: IDP Name Qualifier
:type: string

:param name_id_format: The NameID Format that will be set in the LogoutRequest.
:type: string

:returns: Redirection URL

get_sso_url(self):

Gets the SSO URL.

:returns: An URL, the SSO endpoint of the IdP
:rtype: string

get_slo_url(self):

Gets the SLO URL.

:returns: An URL, the SLO endpoint of the IdP
:rtype: string

add_request_signature(self, request_data, sign_algorithm=OneLogin_Saml2_Constants.RSA_SHA1):

Builds the Signature of the SAML Request.

:param request_data: The Request parameters
:type request_data: dict

:param sign_algorithm: Signature algorithm method
:type sign_algorithm: string

add_response_signature(self, response_data, sign_algorithm=OneLogin_Saml2_Constants.RSA_SHA1):

Builds the Signature of the SAML Response.
:param response_data: The Response parameters
:type response_data: dict

:param sign_algorithm: Signature algorithm method
:type sign_algorithm: string

__build_sign_query(saml_data, relay_state, algorithm, saml_type, lowercase_urlencoding=False):

Build sign query

:param saml_data: The Request data
:type saml_data: str

:param relay_state: The Relay State
:type relay_state: str

:param algorithm: The Signature Algorithm
:type algorithm: str

:param saml_type: The target URL the user should be redirected to
:type saml_type: string SAMLRequest | SAMLResponse

:param lowercase_urlencoding: lowercase or no
:type lowercase_urlencoding: boolean

__build_signature(self, data, saml_type, sign_algorithm=OneLogin_Saml2_Constants.RSA_SHA1):

Builds the Signature
:param data: The Request data
:type data: dict

:param saml_type: The target URL the user should be redirected to
:type saml_type: string SAMLRequest | SAMLResponse

:param sign_algorithm: Signature algorithm method
:type sign_algorithm: string

validate_request_signature(self, request_data):

Validate Request Signature

:param request_data: The Request data
:type request_data: dict

validate_response_signature(self, request_data):

Validate Response Signature

:param request_data: The Request data
:type request_data: dict

__validate_signature(self, data, saml_type, raise_exceptions=False):

Validate Signature

:param data: The Request data
:type data: dict

:param cert: The certificate to check signature
:type cert: str

:param saml_type: The target URL the user should be redirected to
:type saml_type: string SAMLRequest | SAMLResponse

:param raise_exceptions: Whether to return false on failure or raise an exception
:type raise_exceptions: Boolean

get_last_response_xml(self, pretty_print_if_possible=False):

Retrieves the raw XML (decrypted) of the last SAML response,
or the last Logout Response generated or processed
:returns: SAML response XML
:rtype: string|None

get_last_request_xml(self):

Retrieves the raw XML sent in the last SAML request
:returns: SAML request XML
:rtype: string|None

Source code