Merge pull request #71 from uc-cdis/feat/shib

feat(shib): support redirect
uc-cdis · Jan 29, 2018 · 265c567 · 265c567
2 parents aa6880b + ec39f29
commit 265c567
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 9 deletions.
diff --git a/fence/blueprints/login.py b/fence/blueprints/login.py
@@ -12,7 +12,9 @@
 
 @blueprint.route('/shib', methods=['GET'])
 def login_from_shibboleth():
-    return redirect(capp.config['SSO_URL'] + urllib.quote_plus(request.url))
+    redirect_url = request.args.get('redirect')
+    return redirect(capp.config['SSO_URL'] + redirect_url)
+
 
 
 @blueprint.route('/google', methods=['GET'])

diff --git a/fence/local_settings.example.py b/fence/local_settings.example.py
@@ -58,7 +58,14 @@
 HTTP_PROXY = None
 
 STORAGES = ['cleversafe-server-a']
-ITRUST_GLOBAL_LOGOUT = 'https://itrusteauth.nih.gov/siteminderagent/smlogout.asp?mode=nih&AppReturnUrl='
+
+SHIBBOLETH_HEADER = 'persistent_id'
+
+# assumes shibboleth is deployed under {HOSTNAME}/shibboleth
+SSO_URL = 'https://auth.nih.gov/affwebservices/public/saml2sso?SPID={}/shibboleth&RelayState='.format(HOSTNAME)
+
+ITRUST_GLOBAL_LOGOUT = 'https://auth.nih.gov/siteminderagent/smlogout.asp?mode=nih&AppReturnUrl='
+
 SESSION_COOKIE_SECURE = False
 ENABLE_CSRF_PROTECTION = True
 INDEXD = '/index'

diff --git a/fence/settings.py b/fence/settings.py
@@ -1,18 +1,11 @@
 from collections import OrderedDict
 from datetime import timedelta
 
-from local_settings import *
 
 APPLICATION_ROOT = '/user'
 DEBUG = True
 OAUTH2_PROVIDER_ERROR_URI = "/api/oauth2/errors"
 
-HOSTNAME = 'http://localhost:8000'
-SHIBBOLETH_HEADER = 'persistent_id'
-SSO_URL = 'https://itrusteauth.nih.gov/affwebservices/public/saml2sso?SPID=https://bionimbus-pdc.opensciencedatacloud.org/shibboleth&RelayState='
-SINGLE_LOGOUT = 'https://itrusteauth.nih.gov/siteminderagent/smlogout.asp?mode=nih&AppReturnUrl=https://bionimbus-pdc.opensciencedatacloud.org/storage/login'
-
-LOGOUT = "https://bionimbus-pdc.opensciencedatacloud.org/auth/logout/?next=/Shibboleth.sso/Logout%3Freturn%3Dhttps%3A%2F%2Fbionimbus-pdc.opensciencedatacloud.org/api"
 BIONIMBUS_ACCOUNT_ID = 655886864976
 
 ACCESS_TOKEN_LIFETIME = timedelta(seconds=600)
@@ -31,3 +24,6 @@
 JWT_KEYPAIR_FILES = OrderedDict([
     ('key-01', ('keys/jwt_public_key.pem', 'keys/jwt_private_key.pem')),
 ])
+
+
+from local_settings import *