openstack/deb-python-pysaml2
Code Issues Proposed changes

Idp2 uses ssl

Browse Source
This commit is contained in:
Mathias Hedström
2015-09-17 16:39:42 +02:00
parent bf7ef77cb2
commit 015fac5eac
2 changed files with 69 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
example/idp2/idp.py
View File

@@ -7,10 +7,13 @@ import os
import re import re
import socket import socket
import time import time
import ssl
from Cookie import SimpleCookie from Cookie import SimpleCookie
from hashlib import sha1 from hashlib import sha1
from urlparse import parse_qs from urlparse import parse_qs
from cherrypy import wsgiserver
from cherrypy.wsgiserver import ssl_pyopenssl
from saml2 import BINDING_HTTP_ARTIFACT from saml2 import BINDING_HTTP_ARTIFACT
from saml2 import BINDING_URI from saml2 import BINDING_URI
@@ -1044,13 +1047,15 @@ if __name__ == '__main__':
parser.add_argument(dest="config") parser.add_argument(dest="config")
args = parser.parse_args() args = parser.parse_args()
CONFIG = importlib.import_module(args.config)
AUTHN_BROKER = AuthnBroker() AUTHN_BROKER = AuthnBroker()
AUTHN_BROKER.add(authn_context_class_ref(PASSWORD), AUTHN_BROKER.add(authn_context_class_ref(PASSWORD),
username_password_authn, 10, username_password_authn, 10,
"http://%s" % socket.gethostname()) CONFIG.BASE)
AUTHN_BROKER.add(authn_context_class_ref(UNSPECIFIED), AUTHN_BROKER.add(authn_context_class_ref(UNSPECIFIED),
"", 0, "http://%s" % socket.gethostname()) "", 0, CONFIG.BASE)
CONFIG = importlib.import_module(args.config)
IDP = server.Server(args.config, cache=Cache()) IDP = server.Server(args.config, cache=Cache())
IDP.ticket = {} IDP.ticket = {}
@@ -1062,6 +1067,17 @@ if __name__ == '__main__':
HOST = CONFIG.HOST HOST = CONFIG.HOST
PORT = CONFIG.PORT PORT = CONFIG.PORT
SRV = make_server(HOST, PORT, application) SRV = wsgiserver.CherryPyWSGIServer((HOST, PORT), application)
print("IdP listening on %s:%s" % (HOST, PORT))
SRV.serve_forever() _https = ""
if CONFIG.HTTPS:
SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(CONFIG.SERVER_CERT,
CONFIG.SERVER_KEY, CONFIG.CERT_CHAIN)
_https = " using SSL/TLS"
logger.info("Server starting")
print("IDP listening on %s:%s%s" % (HOST, PORT, _https))
try:
SRV.start()
except KeyboardInterrupt:
SRV.stop()

56
example/idp2/idp_conf.py.example
View File

@@ -15,9 +15,9 @@ except ImportError:
get_xmlsec_binary = None get_xmlsec_binary = None
if get_xmlsec_binary: if get_xmlsec_binary:
xmlsec_path = get_xmlsec_binary(["/opt/local/bin"]) xmlsec_path = get_xmlsec_binary(["/opt/local/bin","/usr/local/bin"])
else: else:
xmlsec_path = '/usr/bin/xmlsec1' xmlsec_path = '/usr/local/bin/xmlsec1'
BASEDIR = os.path.abspath(os.path.dirname(__file__)) BASEDIR = os.path.abspath(os.path.dirname(__file__))
@@ -25,15 +25,26 @@ BASEDIR = os.path.abspath(os.path.dirname(__file__))
def full_path(local_file): def full_path(local_file):
return os.path.join(BASEDIR, local_file) return os.path.join(BASEDIR, local_file)
#HOST = '130.239.200.190'
HOST = 'localhost' HOST = 'localhost'
PORT = 8088 PORT = 8088
BASE = "http://%s:%s" % (HOST, PORT) HTTPS = True
if HTTPS:
BASE = "https://%s:%s" % (HOST, PORT)
else:
BASE = "http://%s:%s" % (HOST, PORT)
# HTTPS cert information
SERVER_CERT = "pki/mycert.pem"
SERVER_KEY = "pki/mykey.pem"
CERT_CHAIN = ""
CONFIG = { CONFIG = {
"entityid": "%s/idp.xml" % BASE, "entityid": "%s/idp.xml" % BASE,
"description": "My IDP", "description": "My IDP",
"valid_for": 168, # "valid_for": 168,
"service": { "service": {
"aa": { "aa": {
"endpoints": { "endpoints": {
@@ -81,6 +92,29 @@ CONFIG = {
("%s/nim" % BASE, BINDING_SOAP), ("%s/nim" % BASE, BINDING_SOAP),
], ],
}, },
"ui_info": {
"display_name": [
{
"text": "InAcademia.org - TEST",
"lang": "en"
}
],
"description": [
{
"text": "The InAcademia Simple validation Sevice allows for the easy validation of affiliation (Student, Faculty, Staff) of a user in Academia. This is a TEST instance",
"lang": "en"
}
],
"logo": [
{
"text": "https://inacademia.org/static/logo.png",
"width": "120",
"height": "60",
"lang": "en"
}
],
},
"policy": { "policy": {
"default": { "default": {
"lifetime": {"minutes": 15}, "lifetime": {"minutes": 15},
@@ -98,19 +132,23 @@ CONFIG = {
"key_file": full_path("pki/mykey.pem"), "key_file": full_path("pki/mykey.pem"),
"cert_file": full_path("pki/mycert.pem"), "cert_file": full_path("pki/mycert.pem"),
"metadata": { "metadata": {
"local": [full_path("../sp-wsgi/sp.xml")], #"local": [full_path("../sp-wsgi/sp.xml")],
"local": ["/Users/mathiashedstrom/work/DIRG/VOpaas_proxy/example/saml2.xml"],
# "local": ["/Users/mathiashedstrom/work/DIRG/VOpaas_proxy/example/proxy.xml"],
# "local": ["/Users/mathiashedstrom/work/DIRG/s2sproxy/example/proxy.xml"],
}, },
"organization": { "organization": {
"display_name": "Rolands Identiteter", "display_name": [("Rolands Identiteter", "en")],
"name": "Rolands Identiteter", "name": [("Rolands Identiteter", "se"), ("Rolands Identities", "en")],
"url": "http://www.example.com", "url": [("http://www.example.com", "en"), ("http://www.example.se", "se")],
}, },
"contact_person": [ "contact_person": [
{ {
"contact_type": "technical", "contact_type": "technical",
"given_name": "Roland", "given_name": "Roland",
"sur_name": "Hedberg", "sur_name": "Hedberg",
"email_address": "technical@example.com" "email_address": ["technical@example.com", "support@example.com"],
}, { }, {
"contact_type": "support", "contact_type": "support",
"given_name": "Support", "given_name": "Support",