anny-booking-automation/auth/providers/tum.py

from auth.providers.base import SSOProvider
from utils.helpers import extract_html_value


class TUMProvider(SSOProvider):
    """SSO provider for Karlsruhe Institute of Technology (KIT)."""

    name = "TUM"
    domain = "tum.de"

    def authenticate(self) -> str:
        # Implement SAML authentication flow
        # Use self.session, self.redirect_response, self.username, self.password
        # Return HTML containing SAMLResponse

        # to get this done on tum we have to:
        # 1. do one post to e1s1
        # 2. do post to e1s2 with login data
        # ->
        self.session.headers.pop("x-requested-with", None)
        self.session.headers.pop("x-inertia", None)
        self.session.headers.pop("x-inertia-version", None)

        csrf_token1 = extract_html_value(
            self.redirect_response.text, r'name="csrf_token" value="([^"]+)"'
        )

        response1 = self.session.post(
            # 'https://idp.scc.kit.edu/idp/profile/SAML2/Redirect/SSO?execution=e1s1',
            "https://login.tum.de/idp/profile/SAML2/Redirect/SSO?execution=e1s1",
            data={
                "csrf_token": csrf_token1,
                "shib_idp_ls_exception.shib_idp_session_ss": "",
                "shib_idp_ls_success.shib_idp_session_ss": "true",
                "shib_idp_ls_value.shib_idp_session_ss": "",
                "shib_idp_ls_exception.shib_idp_persistent_ss": "",
                "shib_idp_ls_success.shib_idp_persistent_ss": "true",
                "shib_idp_ls_value.shib_idp_persistent_ss": "",
                "shib_idp_ls_supported": "true",
                "_eventId_proceed": "",
            },
        )

        # print(response1.text)
        csrf_token2 = extract_html_value(
            response1.text, r'name="csrf_token" value="([^"]+)"'
        )

        response2 = self.session.post(
            "https://login.tum.de/idp/profile/SAML2/Redirect/SSO?execution=e1s2",
            data={
                "csrf_token": csrf_token2,
                "j_username": self.username,
                "j_password": self.password,
                "donotcache": "1",
                "_eventId_proceed": "",
            },
        )

        # print(response2.text)
        saml_response = extract_html_value(
            response2.text, r'name="SAMLResponse" value="([^"]+)"'
        )

        if len(saml_response) < 3:
            raise ValueError("TUM auth no work:(")
        else:
            print("nice we got saml response starting with: " + saml_response[0:49])
        return response2.text
        # print(saml_response)
        # sys.exit()
        # if "/consume" not in html.unescape(response.text):
        #     raise ValueError("TUM authentication failed - invalid credentials or SSO error")

        # return response.text
lol 2026-02-02 13:21:04 +01:00			`from auth.providers.base import SSOProvider`
			`from utils.helpers import extract_html_value`


			`class TUMProvider(SSOProvider):`
			`"""SSO provider for Karlsruhe Institute of Technology (KIT)."""`

			`name = "TUM"`
			`domain = "tum.de"`

			`def authenticate(self) -> str:`
			`# Implement SAML authentication flow`
			`# Use self.session, self.redirect_response, self.username, self.password`
			`# Return HTML containing SAMLResponse`

			`# to get this done on tum we have to:`
			`# 1. do one post to e1s1`
			`# 2. do post to e1s2 with login data`
			`# ->`
only formatting hopefully 2026-02-06 17:42:40 +01:00			`self.session.headers.pop("x-requested-with", None)`
			`self.session.headers.pop("x-inertia", None)`
			`self.session.headers.pop("x-inertia-version", None)`
lol 2026-02-02 13:21:04 +01:00
			`csrf_token1 = extract_html_value(`
only formatting hopefully 2026-02-06 17:42:40 +01:00			`self.redirect_response.text, r'name="csrf_token" value="([^"]+)"'`
lol 2026-02-02 13:21:04 +01:00			`)`

			`response1 = self.session.post(`
			`# 'https://idp.scc.kit.edu/idp/profile/SAML2/Redirect/SSO?execution=e1s1',`
only formatting hopefully 2026-02-06 17:42:40 +01:00			`"https://login.tum.de/idp/profile/SAML2/Redirect/SSO?execution=e1s1",`
lol 2026-02-02 13:21:04 +01:00			`data={`
only formatting hopefully 2026-02-06 17:42:40 +01:00			`"csrf_token": csrf_token1,`
			`"shib_idp_ls_exception.shib_idp_session_ss": "",`
			`"shib_idp_ls_success.shib_idp_session_ss": "true",`
			`"shib_idp_ls_value.shib_idp_session_ss": "",`
			`"shib_idp_ls_exception.shib_idp_persistent_ss": "",`
			`"shib_idp_ls_success.shib_idp_persistent_ss": "true",`
			`"shib_idp_ls_value.shib_idp_persistent_ss": "",`
			`"shib_idp_ls_supported": "true",`
			`"_eventId_proceed": "",`
			`},`
lol 2026-02-02 13:21:04 +01:00			`)`

			`# print(response1.text)`
			`csrf_token2 = extract_html_value(`
only formatting hopefully 2026-02-06 17:42:40 +01:00			`response1.text, r'name="csrf_token" value="([^"]+)"'`
lol 2026-02-02 13:21:04 +01:00			`)`

			`response2 = self.session.post(`
only formatting hopefully 2026-02-06 17:42:40 +01:00			`"https://login.tum.de/idp/profile/SAML2/Redirect/SSO?execution=e1s2",`
lol 2026-02-02 13:21:04 +01:00			`data={`
only formatting hopefully 2026-02-06 17:42:40 +01:00			`"csrf_token": csrf_token2,`
			`"j_username": self.username,`
			`"j_password": self.password,`
			`"donotcache": "1",`
			`"_eventId_proceed": "",`
			`},`
lol 2026-02-02 13:21:04 +01:00			`)`

			`# print(response2.text)`
			`saml_response = extract_html_value(`
only formatting hopefully 2026-02-06 17:42:40 +01:00			`response2.text, r'name="SAMLResponse" value="([^"]+)"'`
lol 2026-02-02 13:21:04 +01:00			`)`

only formatting hopefully 2026-02-06 17:42:40 +01:00			`if len(saml_response) < 3:`
lol 2026-02-02 13:21:04 +01:00			`raise ValueError("TUM auth no work:(")`
			`else:`
only formatting hopefully 2026-02-06 17:42:40 +01:00			`print("nice we got saml response starting with: " + saml_response[0:49])`
lol 2026-02-02 13:21:04 +01:00			`return response2.text`
			`# print(saml_response)`
			`# sys.exit()`
			`# if "/consume" not in html.unescape(response.text):`
			`# raise ValueError("TUM authentication failed - invalid credentials or SSO error")`

			`# return response.text`