The following example checks if the user has entered the string good as the token number. If the value of the token number is anything other than good, the plugin displays a prompt to the user up to three times. After three unsuccessful attempts, the plugin terminates the connection.
def authenticate(self, key_value_pairs, cookie):
if key_value_pairs.get('token') == "good":
return {'verdict': 'ACCEPT'}
cookie['cnt'] = cookie.get('cnt', 0) + 1
if cookie['cnt'] > 3:
return {'verdict': 'DENY'}
return {'verdict': 'NEEDINFO',
'question': ('token', 'Enter token number: '),
'cookie': cookie
}The following example shows how to use the cookie to transfer data from the authenticate method to the session_ended method.
import sys
class Plugin(object):
def authenticate(self, session_id, cookie, protocol,
connection_name, client_ip, client_port, key_value_pairs):
token = key_value_pairs.pop('token', None)
# Accept the connection if the user provides a token number
if token:
# Write code here that validates the token number and
retrieves the username and usergroups of the user
# We add the client_ip to the 'cookie' so it will be
available in the session_ended method as well
return {
'verdict': 'ACCEPT',
'gateway_user': 'username-received-from-third-party',
'gateway_groups': [
'usergroup1-received-from-third-party',
'usergroup2-received-from-third-party'],
'additional_metadata': token,
'cookie': {'client_ip': client_ip}
}
# Display a prompt to the user to request a token number
else:
return {
'verdict': 'NEEDINFO',
'question': ('token', 'Enter your token number: ')
}
def session_ended(self, session_id, cookie):
session_details = ','.join([
'{0}={1}'.format(key, cookie[key]) for key in
sorted(cookie.keys())
])
# Send a log message when the session ends, including the
# client_ip address received in the cookie
print("Session ended; session_id='{0}', session_details='{1}'".
format(session_id, session_details))© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center