How to use the satosa.util function in SATOSA
To help you get started, we’ve selected a few SATOSA examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
IdentityPython / SATOSA / src / satosa / backends / saml2.py View on Github 
def construct_requested_authn_context(self, entity_id):
if not self.acr_mapping:
return None
acr_entry = util.get_dict_defaults(self.acr_mapping, entity_id)
if not acr_entry:
return None
if type(acr_entry) is not dict:
acr_entry = {
"class_ref": acr_entry,
"comparison": self.VALUE_ACR_COMPARISON_DEFAULT,
}
authn_context = requested_authn_context(
acr_entry['class_ref'], comparison=acr_entry.get(
'comparison', self.VALUE_ACR_COMPARISON_DEFAULT))
return authn_contextcontext, self.config, self.sp.config
)
try:
binding, destination = self.sp.pick_binding(
"single_sign_on_service", None, "idpsso", entity_id=entity_id
)
msg = "binding: {}, destination: {}".format(binding, destination)
logline = lu.LOG_FMT.format(id=lu.get_session_id(context.state), message=msg)
logger.debug(logline)
acs_endp, response_binding = self.sp.config.getattr("endpoints", "sp")["assertion_consumer_service"][0]
req_id, req = self.sp.create_authn_request(
destination, binding=response_binding, **kwargs
)
relay_state = util.rndstr()
ht_args = self.sp.apply_binding(binding, "%s" % req, destination, relay_state=relay_state)
msg = "ht_args: {}".format(ht_args)
logline = lu.LOG_FMT.format(id=lu.get_session_id(context.state), message=msg)
logger.debug(logline)
except Exception as exc:
msg = "Failed to construct the AuthnRequest for state"
logline = lu.LOG_FMT.format(id=lu.get_session_id(context.state), message=msg)
logger.debug(logline, exc_info=True)
raise SATOSAAuthenticationError(context.state, "Failed to construct the AuthnRequest") from exc
if self.sp.config.getattr('allow_unsolicited', 'sp') is False:
if req_id in self.outstanding_queries:
msg = "Request with duplicate id {}".format(req_id)
logline = lu.LOG_FMT.format(id=lu.get_session_id(context.state), message=msg)
logger.debug(logline)
raise SATOSAAuthenticationError(context.state, msg)def init_config(self, config):
config = super().init_config(config)
spec_eidas = {
'entityid_endpoint': True,
}
return util.check_set_dict_defaults(config, spec_eidas)"time": datetime.datetime.utcnow().timestamp(),
}
hash_type = UserIdHasher.hash_type(state)
try:
fmt = hash_type_to_format[hash_type]
except KeyError as e:
raise ValueError("Unknown hash type: {}".format(hash_type)) from e
else:
user_id = fmt.format(**format_args)
hasher = (
(lambda salt, value: value)
if hash_type
in [NAMEID_FORMAT_EMAILADDRESS, NAMEID_FORMAT_UNSPECIFIED]
else util.hash_data
)
return hasher(salt, user_id)internal_response.attributes = self._filter_attributes(
idp, internal_response, context)
ava = self.converter.from_internal(
self.attribute_profile, internal_response.attributes)
auth_info = {}
if self.acr_mapping:
auth_info["class_ref"] = self.acr_mapping.get(
internal_response.auth_info.issuer, self.acr_mapping[""])
else:
auth_info["class_ref"] = internal_response.auth_info.auth_class_ref
auth_info["authn_auth"] = internal_response.auth_info.issuer
if self.custom_attribute_release:
custom_release = util.get_dict_defaults(
self.custom_attribute_release,
internal_response.auth_info.issuer,
sp_entity_id)
attributes_to_remove = custom_release.get("exclude", [])
for k in attributes_to_remove:
ava.pop(k, None)
nameid_value = internal_response.subject_id
nameid_format = subject_type_to_saml_nameid_format(
internal_response.subject_type
)
# If the backend did not receive a SAML and so
# name_id is set to None then do not create a NameID instance.
# Instead pass None as the name name_id to the IdP server
# instance and it will use its configured policy to constructdef hash_data(salt, value):
"""
Hashes a value together with a salt.
:type salt: str
:type value: str
:param salt: hash salt
:param value: value to hash together with the salt
:return: hash value (SHA512)
"""
msg = "UserIdHasher is deprecated; use satosa.util.hash_data instead."
_warnings.warn(msg, DeprecationWarning)
return util.hash_data(salt, value)'acr_mapping': {
"": {
'class_ref': self.VALUE_ACR_CLASS_REF_DEFAULT,
'comparison': self.VALUE_ACR_COMPARISON_DEFAULT,
},
},
'sp_config.service.sp.authn_requests_signed': True,
'sp_config.service.sp.want_response_signed': True,
'sp_config.service.sp.allow_unsolicited': False,
'sp_config.service.sp.force_authn': True,
'sp_config.service.sp.hide_assertion_consumer_service': True,
'sp_config.service.sp.sp_type': ['private', 'public'],
'sp_config.service.sp.sp_type_in_metadata': [True, False],
}
return util.check_set_dict_defaults(config, spec_eidas_sp)
Popular SATOSA functions
- satosa.attribute_mapping.AttributeMapper
- satosa.backends.saml2.SAMLBackend
- satosa.base.SATOSABase
- satosa.context.Context
- satosa.exception.SATOSAAuthenticationError
- satosa.internal.AuthenticationInformation
- satosa.internal.InternalData
- satosa.internal_data.InternalRequest
- satosa.internal_data.UserIdHasher.hash_id
- satosa.internal_data.UserIdHashType
- satosa.logging_util
- satosa.logging_util.get_session_id
- satosa.logging_util.LOG_FMT
- satosa.logging_util.LOG_FMT.format
- satosa.metadata_creation.saml_metadata.create_entity_descriptors
- satosa.proxy_server.make_app
- satosa.response.Redirect
- satosa.satosa_config.SATOSAConfig
- satosa.state.State
- satosa.util