openstack/deb-python-pysaml2
Code Issues Proposed changes

Removed dirty changes.

Browse Source
This commit is contained in:
Hans Hörberg
2014-02-28 08:38:53 +01:00
parent 0213e18630
commit 234ce011cf
5 changed files with 17 additions and 206 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
example/sp/nocert_sp_conf/sp.xml
View File

@@ -1,2 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<ns0:EntityDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ns1="urn:oasis:names:tc:SAML:metadata:attribute" xmlns:ns2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ns4="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" xmlns:ns5="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" entityID="http://localhost:8087/LocalTestSPHans.xml"><ns0:Extensions><ns1:EntityAttributes><ns2:Attribute Name="http://macedir.org/entity-category"><ns2:AttributeValue xsi:type="xs:string">http://www.geant.net/uri/dataprotection-code-of-conduct/v1</ns2:AttributeValue><ns2:AttributeValue xsi:type="xs:string">http://www.swamid.se/category/research-and-education</ns2:AttributeValue><ns2:AttributeValue xsi:type="xs:string">http://www.swamid.se/category/hei-service</ns2:AttributeValue><ns2:AttributeValue xsi:type="xs:string">http://www.swamid.se/category/sfs-1993-1153</ns2:AttributeValue><ns2:AttributeValue xsi:type="xs:string">http://www.swamid.se/category/nren-service</ns2:AttributeValue><ns2:AttributeValue xsi:type="xs:string">http://www.swamid.se/category/eu-adequate-protection</ns2:AttributeValue></ns2:Attribute></ns1:EntityAttributes></ns0:Extensions><ns0:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><ns0:Extensions><ns4:DiscoveryResponse Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="http://localhost:8087/disco" index="1" /></ns0:Extensions><ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://localhost:8087/slo" /><ns0:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:8087" index="1" /></ns0:SPSSODescriptor><ns0:Organization><ns0:OrganizationName xml:lang="en">Lokal test SP Hans</ns0:OrganizationName><ns0:OrganizationDisplayName xml:lang="se">Lokal test SP Hans</ns0:OrganizationDisplayName><ns0:OrganizationDisplayName xml:lang="en">Lokal test SP Hans</ns0:OrganizationDisplayName><ns0:OrganizationURL xml:lang="en">http://130.239.200.146:8087</ns0:OrganizationURL></ns0:Organization></ns0:EntityDescriptor>

97
example/sp/nocert_sp_conf/sp_conf.py
View File

@@ -1,97 +0,0 @@
from saml2 import BINDING_HTTP_REDIRECT
from saml2.extension.idpdisc import BINDING_DISCO
from saml2.saml import NAME_FORMAT_URI
from saml2.sigver import get_xmlsec_binary, CertHandlerExtra
from saml2.entity_category.edugain import COC
from saml2.entity_category.swamid import RESEARCH_AND_EDUCATION
from saml2.entity_category.swamid import HEI
from saml2.entity_category.swamid import SFS_1993_1153
from saml2.entity_category.swamid import NREN
from saml2.entity_category.swamid import EU
#BASE= "http://130.239.200.146:8087"
BASE= "http://localhost:8087"
#BASE= "http://lingon.catalogix.se:8087"
class SpCertHandlerExtraClass(CertHandlerExtra):
def use_generate_cert_func(self):
return True
def generate_cert(self, generate_cert_info, ca_cert_string, ca_key_string):
print "Hello"
return (ca_cert_string, ca_key_string)
def use_validate_cert_func(self):
return False
def validate_cert(self, cert_str, ca_cert_string, ca_key_string):
pass
CONFIG = {
"entityid": "%s/LocalTestSPHans.xml" % BASE,
"description": "Lokal test SP Hans",
"entity_category": [COC, RESEARCH_AND_EDUCATION, HEI, SFS_1993_1153, NREN, EU],
"only_use_keys_in_metadata": False,
"cert_handler_extra_class": None,#MyCertGeneration(),
"generate_cert_info": {
"cn": "localhost",
"country_code": "se",
"state": "ac",
"city": "Umea",
"organization": "ITS Umea University",
"organization_unit": "DIRG"
},
"tmp_key_file": "pki/tmp_mykey.pem",
"tmp_cert_file": "pki/tmp_mycert.pem",
"validate_certificate": True,
"service": {
"sp": {
"authn_requests_signed": "true", #Will sign the request!
"want_assertions_signed": "true", #Demands that the assertion is signed.
"name": "LocalTestSPHans",
"endpoints": {
"assertion_consumer_service": [BASE],
"single_logout_service": [(BASE + "/slo",
BINDING_HTTP_REDIRECT)],
"discovery_response": [
("%s/disco" % BASE, BINDING_DISCO)
]
},
"required_attributes": ["surname", "givenname",
"edupersonaffiliation"],
"optional_attributes": ["title"],
}
},
"debug": 1,
"key_file": "pki/localhost.ca.key",
"cert_file": "pki/localhost.ca.crt",
"attribute_map_dir": "./attributemaps",
"metadata": {
"local": ["../idp2/idp_nocert.xml"]
# #"remote": [{"url": "http://130.239.201.5/role/idp.xml", "cert": None}],
},
#"metadata": {"local": ["/Users/haho0032/Develop/svn/trunk/pyOpSamlProxy/idp_nocert.xml"]},
# -- below used by make_metadata --
"organization": {
"name": "Lokal test SP Hans",
"display_name": [("Lokal test SP Hans", "se"), ("Lokal test SP Hans", "en")],
"url": "http://130.239.200.146:8087",
},
"contact_person": [
],
"xmlsec_binary": '/usr/local/bin/xmlsec1',
"name_form": NAME_FORMAT_URI,
"logger": {
"rotating": {
"filename": "sp.log",
"maxBytes": 100000,
"backupCount": 5,
},
"loglevel": "debug",
}
}

42
example/sp/nocert_sp_conf/who.ini
View File

@@ -1,42 +0,0 @@
[plugin:auth_tkt]
# identification
use = repoze.who.plugins.auth_tkt:make_plugin
secret = kasamark
cookie_name = pysaml2
secure = False
include_ip = True
timeout = 3600
reissue_time = 3000
# IDENTIFIER
# @param :
# - rememberer_name : name of the plugin for remembering (delegate)
[plugin:saml2auth]
use = s2repoze.plugins.sp:make_plugin
saml_conf = sp_conf
remember_name = auth_tkt
sid_store = outstanding
idp_query_param = IdPEntityId
discovery = http://130.239.201.5/role/idp.ds
[general]
request_classifier = s2repoze.plugins.challenge_decider:my_request_classifier
challenge_decider = repoze.who.classifiers:default_challenge_decider
remote_user_key = REMOTE_USER
[identifiers]
# plugin_name;classifier_name:.. or just plugin_name (good for any)
plugins =
saml2auth
auth_tkt
[authenticators]
# plugin_name;classifier_name.. or just plugin_name (good for any)
plugins = saml2auth
[challengers]
# plugin_name;classifier_name:.. or just plugin_name (good for any)
plugins = saml2auth
[mdproviders]
plugins = saml2auth

81
example/sp/sp_conf.py.example
View File

@@ -1,64 +1,19 @@
from saml2 import BINDING_HTTP_REDIRECT from saml2 import BINDING_HTTP_REDIRECT
from saml2.extension.idpdisc import BINDING_DISCO
from saml2.saml import NAME_FORMAT_URI from saml2.saml import NAME_FORMAT_URI
from saml2.sigver import get_xmlsec_binary, CertHandlerExtra
from saml2.entity_category.edugain import COC
from saml2.entity_category.swamid import RESEARCH_AND_EDUCATION
from saml2.entity_category.swamid import HEI
from saml2.entity_category.swamid import SFS_1993_1153
from saml2.entity_category.swamid import NREN
from saml2.entity_category.swamid import EU
#BASE= "http://130.239.200.146:8087"
BASE= "http://localhost:8087" BASE= "http://localhost:8087"
#BASE= "http://lingon.catalogix.se:8087" #BASE= "http://lingon.catalogix.se:8087"
class SpCertHandlerExtraClass(CertHandlerExtra):
def use_generate_cert_func(self):
return True
def generate_cert(self, generate_cert_info, ca_cert_string, ca_key_string):
print "Hello"
return (ca_cert_string, ca_key_string)
def use_validate_cert_func(self):
return False
def validate_cert(self, cert_str, ca_cert_string, ca_key_string):
pass
CONFIG = { CONFIG = {
"entityid": "%s/LocalTestSPHans.xml" % BASE, "entityid": "%s/sp.xml" % BASE,
"description": "Lokal test SP Hans", "description": "My SP",
"entity_category": [COC, RESEARCH_AND_EDUCATION, HEI, SFS_1993_1153, NREN, EU],
"only_use_keys_in_metadata": False,
"cert_handler_extra_class": None,#MyCertGeneration(),
"generate_cert_info": {
"cn": "localhost",
"country_code": "se",
"state": "ac",
"city": "Umea",
"organization": "ITS Umea University",
"organization_unit": "DIRG"
},
"tmp_key_file": "pki/tmp_mykey.pem",
"tmp_cert_file": "pki/tmp_mycert.pem",
"validate_certificate": True,
"service": { "service": {
"sp": { "sp": {
"authn_requests_signed": "true", #Will sign the request! "name": "Rolands SP",
"want_assertions_signed": "true", #Demands that the assertion is signed.
"name": "LocalTestSPHans",
"endpoints": { "endpoints": {
"assertion_consumer_service": [BASE], "assertion_consumer_service": [BASE],
"single_logout_service": [(BASE + "/slo", "single_logout_service": [(BASE + "/slo",
BINDING_HTTP_REDIRECT)], BINDING_HTTP_REDIRECT)],
"discovery_response": [
("%s/disco" % BASE, BINDING_DISCO)
]
}, },
"required_attributes": ["surname", "givenname", "required_attributes": ["surname", "givenname",
"edupersonaffiliation"], "edupersonaffiliation"],
@@ -66,25 +21,24 @@ CONFIG = {
} }
}, },
"debug": 1, "debug": 1,
"key_file": "pki/localhost.ca.key", "key_file": "pki/mykey.pem",
"cert_file": "pki/localhost.ca.crt", "cert_file": "pki/mycert.pem",
"attribute_map_dir": "./attributemaps", "attribute_map_dir": "./attributemaps",
"metadata": { "metadata": {"local": ["../idp2/idp.xml"]},
#"local": ["../idp2/idp_nocert.xml"]
"local": ["/Users/haho0032/Develop/svn/trunk/pyOpSamlProxy/idp_nocert.xml"]
# #"remote": [{"url": "http://130.239.201.5/role/idp.xml", "cert": None}],
},
#"metadata": {"local": ["/Users/haho0032/Develop/svn/trunk/pyOpSamlProxy/idp_nocert.xml"]},
# -- below used by make_metadata -- # -- below used by make_metadata --
"organization": { "organization": {
"name": "Lokal test SP Hans", "name": "Exempel AB",
"display_name": [("Lokal test SP Hans", "se"), ("Lokal test SP Hans", "en")], "display_name": [("Exempel AB", "se"), ("Example Co.", "en")],
"url": "http://130.239.200.146:8087", "url": "http://www.example.com/roland",
}, },
"contact_person": [ "contact_person": [{
"given_name":"John",
"sur_name": "Smith",
"email_address": ["john.smith@example.com"],
"contact_type": "technical",
},
], ],
"xmlsec_binary": '/usr/local/bin/xmlsec1', #"xmlsec_binary":"/opt/local/bin/xmlsec1",
"name_form": NAME_FORMAT_URI, "name_form": NAME_FORMAT_URI,
"logger": { "logger": {
"rotating": { "rotating": {
@@ -94,5 +48,4 @@ CONFIG = {
}, },
"loglevel": "debug", "loglevel": "debug",
} }
} }

1
example/sp/who.ini
View File

@@ -17,7 +17,6 @@ saml_conf = sp_conf
remember_name = auth_tkt remember_name = auth_tkt
sid_store = outstanding sid_store = outstanding
idp_query_param = IdPEntityId idp_query_param = IdPEntityId
discovery = http://130.239.201.5/role/idp.ds
[general] [general]
request_classifier = s2repoze.plugins.challenge_decider:my_request_classifier request_classifier = s2repoze.plugins.challenge_decider:my_request_classifier