api.saml package¶
Subpackages¶
Submodules¶
api.saml.auth module¶
- class api.saml.auth.SAMLAuthenticationManager(configuration, subject_parser, subject_filter)[source]¶
Bases:
objectImplements SAML authentication process.
- property configuration¶
Return configuration object.
- Returns:
Configuration object
- Return type:
- finish_authentication(db, idp_entity_id)[source]¶
Finish the SAML authentication workflow by validating AuthnResponse and extracting a SAML assertion from it.
- Parameters:
db (sqlalchemy.orm.session.Session) – Database session
idp_entity_id (string) – IdP’s entityID
- Returns:
Subject object containing name ID and attributes in the case of a successful authentication or ProblemDetail object otherwise
- Return type:
Union[api.saml.metadata.model.SAMLSubject, core.util.problem_detail.ProblemDetail]
- start_authentication(db, idp_entity_id, return_to_url)[source]¶
Start the SAML authentication workflow by sending a AuthnRequest to the IdP.
- Parameters:
db (sqlalchemy.orm.session.Session) – Database session
idp_entity_id (string) – IdP’s entityID
return_to_url (string) – URL which will the user agent will be redirected to after authentication
- Returns:
Redirection URL
- Return type:
string
- class api.saml.auth.SAMLAuthenticationManagerFactory[source]¶
Bases:
objectResponsible for creating SAMLAuthenticationManager instances
- create(configuration)[source]¶
Creates a new instance of SAMLAuthenticationManager class
- Parameters:
configuration (api.saml.configuration.model.SAMLConfiguration) – SAML authentication provider’s configuration
- Returns:
SAML authentication manager
- Return type:
api.saml.controller module¶
- class api.saml.controller.SAMLController(circulation_manager, authenticator)[source]¶
Bases:
objectController used for handing SAML 2.0 authentication requests
- ACCESS_TOKEN = 'access_token'¶
- ERROR = 'error'¶
- IDP_ENTITY_ID = 'idp_entity_id'¶
- LIBRARY_SHORT_NAME = 'library_short_name'¶
- PATRON_INFO = 'patron_info'¶
- PROVIDER_NAME = 'provider'¶
- REDIRECT_URI = 'redirect_uri'¶
- RELAY_STATE = 'RelayState'¶
- saml_authentication_callback(request, db)[source]¶
Creates a Patron object and a bearer token for a patron who has just authenticated with one of our SAML IdPs
- Parameters:
request (Request) – Flask request
db (sqlalchemy.orm.session.Session) – Database session
- Returns:
Redirection response or a ProblemDetail if the response is not correct
- Return type:
Union[Response, ProblemDetail]
- saml_authentication_redirect(params, db)[source]¶
Redirects an unauthenticated patron to the authentication URL of the appropriate SAML IdP. Over on that other site, the patron will authenticate and be redirected back to the circulation manager, ending up in saml_authentication_callback.
- Parameters:
params (Dict) – Query parameters
db (sqlalchemy.orm.session.Session) – Database session
- Returns:
Redirection response
- Return type:
api.saml.provider module¶
- api.saml.provider.AuthenticationProvider¶
alias of
SAMLWebSSOAuthenticationProvider
- class api.saml.provider.SAMLWebSSOAuthenticationProvider(library, integration, analytics=None)[source]¶
Bases:
BaseSAMLAuthenticationProvider,HasExternalIntegrationSAML authentication provider implementing Web Browser SSO profile using the following bindings: - HTTP-Redirect Binding for requests - HTTP-POST Binding for responses
- DESCRIPTION = l'SAML 2.0 authentication provider implementing the Web SSO profile using the following bindings: HTTP-Redirect for requests and HTTP-POST for responses.'¶
- NAME = 'SAML 2.0 Web SSO'¶
- authenticate(db, header)[source]¶
Authenticate a patron based on a WWW-Authenticate header (or equivalent).
- Returns:
A Patron if one can be authenticated; a ProblemDetail if an error occurs; None if the credentials are missing or wrong.
- authenticated_patron(db, token)[source]¶
Go from a token to an authenticated Patron.
- Parameters:
db (sqlalchemy.orm.session.Session) – Database session
token (Dict) – The provider token extracted from the Authorization header. This is _not_ the bearer token found in the Authorization header; it’s the provider-specific token embedded in that token.
- Returns:
A Patron, if one can be authenticated. None, if the credentials do not authenticate any particular patron. A ProblemDetail if an error occurs.
- Return type:
Union[Patron, ProblemDetail]
- get_authentication_manager(configuration)[source]¶
Returns SAML authentication manager used by this provider
- Parameters:
configuration (api.saml.configuration.model.SAMLConfiguration) – SAMLConfiguration object
- Returns:
SAML authentication manager used by this provider
- Return type:
- get_configuration(db)[source]¶
Return a SAMLConfiguration object.
- Parameters:
db (sqlalchemy.orm.session.Session) – Database session
- Returns:
SAMLConfiguration object
- Return type:
- remote_patron_lookup(subject)[source]¶
Creates a PatronData object based on Subject object containing SAML Subject and AttributeStatement
- Parameters:
subject (api.saml.metadata.Subject) – Subject object containing SAML Subject and AttributeStatement
- Returns:
PatronData object containing information about the authenticated SAML subject or ProblemDetail object in the case of any errors
- Return type:
Union[PatronData, ProblemDetail]
- saml_callback(db, subject)[source]¶
Verifies the SAML subject, generates a Bearer token in the case of successful authentication and returns it
- Parameters:
db (sqlalchemy.orm.session.Session) – Database session
subject (api.saml.metadata.Subject) – Subject object containing SAML Subject and AttributeStatement
- Returns:
A ProblemDetail if there’s a problem. Otherwise, a 3-tuple (Credential, Patron, PatronData). The Credential contains the access token provided by the SAML provider. The Patron object represents the authenticated Patron, and the PatronData object includes information about the patron obtained from the OAuth provider which cannot be stored in the circulation manager’s database, but which should be passed on to the client.
- Return type:
Union[Tuple[Credential, Patron, PatronData], ProblemDetail]