Browse Source

Add a PAOS endpoint to support ECP

See "4.13.2. Service Provider Metadata" in mellon_user_guide.

Note: SOAP reversed: PAOS

Change-Id: If94f9d306cb73e716560d608851412395adfe88d
Closes-Bug: #1833134
changes/71/665771/3
Dmitrii Shcherbakov 3 years ago
parent
commit
b1b4ff3253
  1. 4
      src/lib/charm/openstack/keystone_saml_mellon.py
  2. 2
      src/templates/mellon-sp-metadata.xml

4
src/lib/charm/openstack/keystone_saml_mellon.py

@ -111,6 +111,10 @@ class KeystoneSAMLMellonConfigurationAdapter(
def sp_post_response_path(self):
return '{}/postResponse'.format(self.mellon_endpoint_path)
@property
def sp_paos_response_path(self):
return '{}/paosResponse'.format(self.mellon_endpoint_path)
@property
def sp_logout_path(self):
return '{}/logout'.format(self.mellon_endpoint_path)

2
src/templates/mellon-sp-metadata.xml

@ -15,9 +15,11 @@
</KeyDescriptor>
{% endif %}
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="{{ keystone_fid_service_provider.base_url }}{{ options.sp_logout_path }}"/>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="{{ keystone_fid_service_provider.base_url }}{{ options.sp_logout_path }}"/>
{% for format in options.supported_nameid_formats -%}
<NameIDFormat>{{ format }}</NameIDFormat>
{% endfor -%}
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="{{ keystone_fid_service_provider.base_url }}{{ options.sp_post_response_path }}" isDefault="true" index="0"/>
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="{{ keystone_fid_service_provider.base_url }}{{ options.sp_paos_response_path }}" index="1"/>
</SPSSODescriptor>
</EntityDescriptor>

Loading…
Cancel
Save