Refactor SSO authentication to support multiple providers and enhance error handling

2026-01-22 16:17:05 +01:00 · 2026-01-22 16:17:05 +01:00 · c4cef0d9b5
commit c4cef0d9b5
parent 862518a45f
10 changed files with 233 additions and 66 deletions
--- a/auth/providers/kit.py
+++ b/auth/providers/kit.py
@ -0,0 +1,36 @@
+import html
+from auth.providers.base import SSOProvider
+from utils.helpers import extract_html_value
+
+
+class KITProvider(SSOProvider):
+    """SSO provider for Karlsruhe Institute of Technology (KIT)."""
+
+    name = "KIT"
+    domain = "kit.edu"
+
+    def authenticate(self) -> str:
+        self.session.headers.pop('x-requested-with', None)
+        self.session.headers.pop('x-inertia', None)
+        self.session.headers.pop('x-inertia-version', None)
+
+        csrf_token = extract_html_value(
+            self.redirect_response.text,
+            r'name="csrf_token" value="([^"]+)"'
+        )
+
+        response = self.session.post(
+            'https://idp.scc.kit.edu/idp/profile/SAML2/Redirect/SSO?execution=e1s1',
+            data={
+                'csrf_token': csrf_token,
+                'j_username': self.username,
+                'j_password': self.password,
+                '_eventId_proceed': '',
+                'fudis_web_authn_assertion_input': '',
+            }
+        )
+
+        if "/consume" not in html.unescape(response.text):
+            raise ValueError("KIT authentication failed - invalid credentials or SSO error")
+
+        return response.text