| from satosa.exception import SATOSAAuthenticationError | |
| from satosa.internal_data import InternalResponse | |
| from satosa.micro_services.base import ResponseMicroService | |
| from satosa.response import Response | |
| STATE_KEY = "2fa" | |
| class SecondFactorAuth(ResponseMicroService): | |
| def process(self, context, internal_response): |
| import base64 | |
| import datetime as dt | |
| from time import sleep | |
| from redis.client import StrictRedis | |
| from rq.job import Job, JobStatus, requeue_job | |
| from rq.queue import Queue, get_failed_queue | |
| from rq.utils import utcnow | |
| from rq.worker import SimpleWorker |
All JWS's passed between entities MUST contain the "kid" header parameter to allow explicitly signaling a key change to the recipient. Furthermore, all key id's used by an entity MUST be scoped (to avoid name conflicts) by a unique URI managed by the organization owning the entity. In the same way, all JWK's passed between entities must have a scoped key id.
JWS's in the model:
| $array = array( | |
| "id_token" => array( | |
| "auth_time" => array( | |
| "essential"=> true | |
| ), | |
| "acr" => array( | |
| "values" => ["urn:mace:incommon:iap:silver"] | |
| ) | |
| ) | |
| ); |