The following example checks if the user has entered the string good as the token number. If the value of the token number is anything other than good, the plugin displays a prompt to the user up to three times. After three unsuccessful attempts, the plugin terminates the connection.
def authenticate(self, key_value_pairs, cookie): if key_value_pairs.get('token') == "good": return {'verdict': 'ACCEPT'} cookie['cnt'] = cookie.get('cnt', 0) + 1 if cookie['cnt'] > 3: return {'verdict': 'DENY'} return {'verdict': 'NEEDINFO', 'question': ('token', 'Enter token number: '), 'cookie': cookie }
The following example shows how to use the cookie to transfer data from the authenticate method to the session_ended method.
import sys class Plugin(object): def authenticate(self, session_id, cookie, protocol, connection_name, client_ip, client_port, key_value_pairs): token = key_value_pairs.pop('token', None) # Accept the connection if the user provides a token number if token: # Write code here that validates the token number and retrieves the username and usergroups of the user # We add the client_ip to the 'cookie' so it will be available in the session_ended method as well return { 'verdict': 'ACCEPT', 'gateway_user': 'username-received-from-third-party', 'gateway_groups': [ 'usergroup1-received-from-third-party', 'usergroup2-received-from-third-party'], 'additional_metadata': token, 'cookie': {'client_ip': client_ip} } # Display a prompt to the user to request a token number else: return { 'verdict': 'NEEDINFO', 'question': ('token', 'Enter your token number: ') } def session_ended(self, session_id, cookie): session_details = ','.join([ '{0}={1}'.format(key, cookie[key]) for key in sorted(cookie.keys()) ]) # Send a log message when the session ends, including the # client_ip address received in the cookie print("Session ended; session_id='{0}', session_details='{1}'". format(session_id, session_details))
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center