79 lines
2.8 KiB
Python
79 lines
2.8 KiB
Python
import html,sys
|
|
from auth.providers.base import SSOProvider
|
|
from utils.helpers import extract_html_value
|
|
|
|
|
|
class TUMProvider(SSOProvider):
|
|
"""SSO provider for Karlsruhe Institute of Technology (KIT)."""
|
|
|
|
name = "TUM"
|
|
domain = "tum.de"
|
|
|
|
def authenticate(self) -> str:
|
|
# Implement SAML authentication flow
|
|
# Use self.session, self.redirect_response, self.username, self.password
|
|
# Return HTML containing SAMLResponse
|
|
|
|
# to get this done on tum we have to:
|
|
# 1. do one post to e1s1
|
|
# 2. do post to e1s2 with login data
|
|
# ->
|
|
self.session.headers.pop('x-requested-with', None)
|
|
self.session.headers.pop('x-inertia', None)
|
|
self.session.headers.pop('x-inertia-version', None)
|
|
|
|
csrf_token1 = extract_html_value(
|
|
self.redirect_response.text,
|
|
r'name="csrf_token" value="([^"]+)"'
|
|
)
|
|
|
|
response1 = self.session.post(
|
|
# 'https://idp.scc.kit.edu/idp/profile/SAML2/Redirect/SSO?execution=e1s1',
|
|
'https://login.tum.de/idp/profile/SAML2/Redirect/SSO?execution=e1s1',
|
|
data={
|
|
'csrf_token': csrf_token1,
|
|
'shib_idp_ls_exception.shib_idp_session_ss': '',
|
|
'shib_idp_ls_success.shib_idp_session_ss': 'true',
|
|
'shib_idp_ls_value.shib_idp_session_ss': '',
|
|
'shib_idp_ls_exception.shib_idp_persistent_ss': '',
|
|
'shib_idp_ls_success.shib_idp_persistent_ss': 'true',
|
|
'shib_idp_ls_value.shib_idp_persistent_ss': '',
|
|
'shib_idp_ls_supported': 'true',
|
|
'_eventId_proceed': '',
|
|
}
|
|
)
|
|
|
|
# print(response1.text)
|
|
csrf_token2 = extract_html_value(
|
|
response1.text,
|
|
r'name="csrf_token" value="([^"]+)"'
|
|
)
|
|
|
|
response2 = self.session.post(
|
|
'https://login.tum.de/idp/profile/SAML2/Redirect/SSO?execution=e1s2',
|
|
data={
|
|
'csrf_token': csrf_token2,
|
|
'j_username': self.username,
|
|
'j_password': self.password,
|
|
'donotcache': '1',
|
|
'_eventId_proceed': '',
|
|
}
|
|
)
|
|
|
|
# print(response2.text)
|
|
saml_response = extract_html_value(
|
|
response2.text,
|
|
r'name="SAMLResponse" value="([^"]+)"'
|
|
)
|
|
|
|
if len(saml_response)<3:
|
|
raise ValueError("TUM auth no work:(")
|
|
else:
|
|
print("nice we got saml response starting with: "+saml_response[0:49])
|
|
return response2.text
|
|
# print(saml_response)
|
|
# sys.exit()
|
|
# if "/consume" not in html.unescape(response.text):
|
|
# raise ValueError("TUM authentication failed - invalid credentials or SSO error")
|
|
|
|
# return response.text
|