Skip to content

Commit 4769e53

Browse files
roherohe
authored
Merge pull request #351 from ashimaathri/support-session-not-on-or-after
Support session not on or after
2 parents 3b6952c + 40c01d6 commit 4769e53

File tree

3 files changed

+30
-13
lines changed

3 files changed

+30
-13
lines changed

.gitignore

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,8 @@ tmp*
3131
*.tmpl
3232
*.iml
3333
_build/
34+
.cache
35+
*.swp
3436

3537
example/idp3/htdocs/login.mako
3638

src/saml2/assertion.py

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -615,7 +615,7 @@ def _authn_context_decl_ref(decl_ref, authn_auth=None):
615615

616616
def authn_statement(authn_class=None, authn_auth=None,
617617
authn_decl=None, authn_decl_ref=None, authn_instant="",
618-
subject_locality=""):
618+
subject_locality="", session_not_on_or_after=None):
619619
"""
620620
Construct the AuthnStatement
621621
:param authn_class: Authentication Context Class reference
@@ -639,26 +639,30 @@ def authn_statement(authn_class=None, authn_auth=None,
639639
saml.AuthnStatement,
640640
authn_instant=_instant,
641641
session_index=sid(),
642+
session_not_on_or_after=session_not_on_or_after,
642643
authn_context=_authn_context_class_ref(
643644
authn_class, authn_auth))
644645
elif authn_decl:
645646
res = factory(
646647
saml.AuthnStatement,
647648
authn_instant=_instant,
648649
session_index=sid(),
650+
session_not_on_or_after=session_not_on_or_after,
649651
authn_context=_authn_context_decl(authn_decl, authn_auth))
650652
elif authn_decl_ref:
651653
res = factory(
652654
saml.AuthnStatement,
653655
authn_instant=_instant,
654656
session_index=sid(),
657+
session_not_on_or_after=session_not_on_or_after,
655658
authn_context=_authn_context_decl_ref(authn_decl_ref,
656659
authn_auth))
657660
else:
658661
res = factory(
659662
saml.AuthnStatement,
660663
authn_instant=_instant,
661-
session_index=sid())
664+
session_index=sid(),
665+
session_not_on_or_after=session_not_on_or_after)
662666

663667
if subject_locality:
664668
res.subject_locality = saml.SubjectLocality(text=subject_locality)
@@ -719,7 +723,7 @@ def construct(self, sp_entity_id, attrconvs, policy, issuer, farg,
719723
authn_class=None, authn_auth=None, authn_decl=None,
720724
encrypt=None, sec_context=None, authn_decl_ref=None,
721725
authn_instant="", subject_locality="", authn_statem=None,
722-
name_id=None):
726+
name_id=None, session_not_on_or_after=None):
723727
""" Construct the Assertion
724728
725729
:param sp_entity_id: The entityid of the SP
@@ -770,7 +774,8 @@ def construct(self, sp_entity_id, attrconvs, policy, issuer, farg,
770774
_authn_statement = authn_statement(authn_class, authn_auth,
771775
authn_decl, authn_decl_ref,
772776
authn_instant,
773-
subject_locality)
777+
subject_locality,
778+
session_not_on_or_after=session_not_on_or_after)
774779
else:
775780
_authn_statement = None
776781

src/saml2/server.py

Lines changed: 19 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -326,7 +326,8 @@ def update_farg(in_response_to, consumer_url, farg=None):
326326

327327
def setup_assertion(self, authn, sp_entity_id, in_response_to, consumer_url,
328328
name_id, policy, _issuer, authn_statement, identity,
329-
best_effort, sign_response, farg=None, **kwargs):
329+
best_effort, sign_response, farg=None,
330+
session_not_on_or_after=None, **kwargs):
330331
"""
331332
Construct and return the Assertion
332333
@@ -370,17 +371,20 @@ def setup_assertion(self, authn, sp_entity_id, in_response_to, consumer_url,
370371
assertion = ast.construct(
371372
sp_entity_id, self.config.attribute_converters, policy,
372373
issuer=_issuer, farg=farg['assertion'], name_id=name_id,
374+
session_not_on_or_after=session_not_on_or_after,
373375
**authn_args)
374376

375377
elif authn_statement: # Got a complete AuthnStatement
376378
assertion = ast.construct(
377379
sp_entity_id, self.config.attribute_converters, policy,
378380
issuer=_issuer, authn_statem=authn_statement,
379-
farg=farg['assertion'], name_id=name_id, **kwargs)
381+
farg=farg['assertion'], name_id=name_id,
382+
**kwargs)
380383
else:
381384
assertion = ast.construct(
382385
sp_entity_id, self.config.attribute_converters, policy,
383386
issuer=_issuer, farg=farg['assertion'], name_id=name_id,
387+
session_not_on_or_after=session_not_on_or_after,
384388
**kwargs)
385389
return assertion
386390

@@ -394,7 +398,7 @@ def _authn_response(self, in_response_to, consumer_url,
394398
encrypt_assertion_self_contained=False,
395399
encrypted_advice_attributes=False,
396400
pefim=False, sign_alg=None, digest_alg=None,
397-
farg=None):
401+
farg=None, session_not_on_or_after=None):
398402
""" Create a response. A layer of indirection.
399403
400404
:param in_response_to: The session identifier of the request
@@ -455,7 +459,7 @@ def _authn_response(self, in_response_to, consumer_url,
455459
assertion = self.setup_assertion(
456460
authn, sp_entity_id, in_response_to, consumer_url, name_id,
457461
policy, _issuer, authn_statement, [], True, sign_response,
458-
farg=farg)
462+
farg=farg, session_not_on_or_after=session_not_on_or_after)
459463
assertion.advice = saml.Advice()
460464

461465
# assertion.advice.assertion_id_ref.append(saml.AssertionIDRef())
@@ -465,7 +469,8 @@ def _authn_response(self, in_response_to, consumer_url,
465469
assertion = self.setup_assertion(
466470
authn, sp_entity_id, in_response_to, consumer_url, name_id,
467471
policy, _issuer, authn_statement, identity, True,
468-
sign_response, farg=farg)
472+
sign_response, farg=farg,
473+
session_not_on_or_after=session_not_on_or_after)
469474

470475
to_sign = []
471476
if not encrypt_assertion:
@@ -681,6 +686,7 @@ def create_authn_response(self, identity, in_response_to, destination,
681686
encrypt_assertion_self_contained=True,
682687
encrypted_advice_attributes=False, pefim=False,
683688
sign_alg=None, digest_alg=None,
689+
session_not_on_or_after=None,
684690
**kwargs):
685691
""" Constructs an AuthenticationResponse
686692
@@ -741,11 +747,13 @@ def create_authn_response(self, identity, in_response_to, destination,
741747
return self._authn_response(
742748
in_response_to, destination, sp_entity_id, identity,
743749
authn=_authn, issuer=issuer, pefim=pefim,
744-
sign_alg=sign_alg, digest_alg=digest_alg, **args)
750+
sign_alg=sign_alg, digest_alg=digest_alg,
751+
session_not_on_or_after=session_not_on_or_after, **args)
745752
return self._authn_response(
746753
in_response_to, destination, sp_entity_id, identity,
747754
authn=_authn, issuer=issuer, pefim=pefim, sign_alg=sign_alg,
748-
digest_alg=digest_alg, **args)
755+
digest_alg=digest_alg,
756+
session_not_on_or_after=session_not_on_or_after, **args)
749757

750758
except MissingValue as exc:
751759
return self.create_error_response(in_response_to, destination,
@@ -756,13 +764,15 @@ def create_authn_request_response(self, identity, in_response_to,
756764
name_id_policy=None, userid=None,
757765
name_id=None, authn=None, authn_decl=None,
758766
issuer=None, sign_response=False,
759-
sign_assertion=False, **kwargs):
767+
sign_assertion=False,
768+
session_not_on_or_after=None, **kwargs):
760769

761770
return self.create_authn_response(identity, in_response_to, destination,
762771
sp_entity_id, name_id_policy, userid,
763772
name_id, authn, issuer,
764773
sign_response, sign_assertion,
765-
authn_decl=authn_decl)
774+
authn_decl=authn_decl,
775+
session_not_on_or_after=session_not_on_or_after)
766776

767777
# noinspection PyUnusedLocal
768778
def create_assertion_id_request_response(self, assertion_id, sign=False,

0 commit comments

Comments
 (0)