ciecplib.ui module

User-interface functions for SAML ECP authentication

ciecplib.ui.get_cert(endpoint=None, hours=168, username=None, kerberos=False, spurl='https://ecp.cilogon.org/secure/getcert', debug=False, session=None)

Create an X.509 credential using SAML/ECP.

Parameters:

• endpoint (str, optional) – the identity provider URL

• hours (int, optional) – the desired validity of the credential

• username (str, optional) – the username to use when authenticating

• kerberos (bool, optional) – if True use an existing kerberos TGT to authenticate

• debug (bool, optional) – if True enable verbose debugging from requests, currently unused

• session (requests.Session, optional) – an active requests.Session to use with the query

Returns:

• cert (cryptography.x509.Certificate) – The newly minted certificate.

• key (cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey) – The RSA key object used to sign the certificate.

ciecplib.ui.get_cookie(url, endpoint=None, username=None, kerberos=False, debug=False, session=None)

Create a SAML/ECP session cookie valid for the given URL

Parameters:

• url (str) – the target URL/domain

• endpoint (str, optional) – the identity provider URL

• username (str, optional) – the username to use when authenticating

• kerberos (bool, optional) – if True use an existing kerberos TGT to authenticate

• debug (bool, optional) – if True enable verbose debugging from requests, currently unused

• session (requests.Session, optional) – an active requests.Session to use with the query

• return_all (bool, optional) – return all cookies from the authentication request

Returns:

cookie (http.cookiejar.Cookie) – the newly-minted session cookie