Bases: keystoneclient.auth.identity.v3.Token
Class for scoping unscoped saml2 token.
Bases: keystoneclient.auth.identity.v3.TokenMethod
Build and return request body for token scoping step.
Bases: keystoneclient.auth.identity.v3.AuthConstructor
Implement authentication plugin for SAML2 protocol.
ECP stands for Enhanced Client or Proxy and is a SAML2 extension for federated authentication where a transportation layer consists of HTTP protocol and XML SOAP messages.
Read for more information:: https://wiki.shibboleth.net/confluence/display/SHIB2/ECP
The SAML2 ECP specification can be found at:: https://www.oasis-open.org/committees/download.php/ 49979/saml-ecp-v2.0-wd09.pdf
Currently only HTTPBasicAuth mechanism is available for the IdP authenication.
Authenticate via SAML2 protocol and retrieve unscoped token.
This is a multi-step process where a client does federated authn receives an unscoped token.
Federated authentication utilizing SAML2 Enhanced Client or Proxy extension. See Saml2UnscopedToken_get_unscoped_token() for more information on that step. Upon successful authentication and assertion mapping an unscoped token is returned and stored within the plugin object for further use.
:param session : a session object to send out HTTP requests. :type session: keystoneclient.session.Session
Return access.AccessInfoV3: | |
---|---|
an object with scoped token’s id and unscoped token json included. |
Return full URL where authorization data is sent.
Bases: keystoneclient.auth.identity.v3.AuthMethod