From 4128f54a7ddeec53361e0af2cf318823d97ac403 Mon Sep 17 00:00:00 2001 From: Roland Hedberg Date: Fri, 9 Apr 2010 14:40:45 +0200 Subject: [PATCH] Working example with SP and IdP --- .../fro.py | 161 +++++++++++++++++ .../to.py | 161 +++++++++++++++++ .../fro.py | 154 ++++++++++++++++ .../to.py | 170 ++++++++++++++++++ example/idp/README | 8 + example/idp/idp.conf | 34 +++- example/idp/{idp.app.py => idp.py} | 93 +++++----- example/idp/idp_user.ini | 25 +++ example/idp/metadata.xml | 34 ---- example/idp/passwd | 5 + example/idp/who.ini | 8 +- example/run.sh | 17 ++ example/sp/sp.conf | 36 ++++ example/sp/{application.py => sp.py} | 9 +- example/sp/sp_conf.py | 29 --- example/sp/who.ini | 3 +- 16 files changed, 821 insertions(+), 126 deletions(-) create mode 100644 example/attributemaps/urn:oasis:names:tc:SAML:2.0:attrname-format:basic/fro.py create mode 100644 example/attributemaps/urn:oasis:names:tc:SAML:2.0:attrname-format:basic/to.py create mode 100644 example/attributemaps/urn:oasis:names:tc:SAML:2.0:attrname-format:uri/fro.py create mode 100644 example/attributemaps/urn:oasis:names:tc:SAML:2.0:attrname-format:uri/to.py create mode 100644 example/idp/README rename example/idp/{idp.app.py => idp.py} (76%) create mode 100644 example/idp/idp_user.ini delete mode 100644 example/idp/metadata.xml create mode 100644 example/idp/passwd create mode 100755 example/run.sh create mode 100644 example/sp/sp.conf rename example/sp/{application.py => sp.py} (93%) delete mode 100644 example/sp/sp_conf.py diff --git a/example/attributemaps/urn:oasis:names:tc:SAML:2.0:attrname-format:basic/fro.py b/example/attributemaps/urn:oasis:names:tc:SAML:2.0:attrname-format:basic/fro.py new file mode 100644 index 0000000..58e0895 --- /dev/null +++ b/example/attributemaps/urn:oasis:names:tc:SAML:2.0:attrname-format:basic/fro.py @@ -0,0 +1,161 @@ +{ + 'urn:mace:dir:attribute-def:aRecord': 'aRecord', + 'urn:mace:dir:attribute-def:aliasedEntryName': 'aliasedEntryName', + 'urn:mace:dir:attribute-def:aliasedObjectName': 'aliasedObjectName', + 'urn:mace:dir:attribute-def:associatedDomain': 'associatedDomain', + 'urn:mace:dir:attribute-def:associatedName': 'associatedName', + 'urn:mace:dir:attribute-def:audio': 'audio', + 'urn:mace:dir:attribute-def:authorityRevocationList': 'authorityRevocationList', + 'urn:mace:dir:attribute-def:buildingName': 'buildingName', + 'urn:mace:dir:attribute-def:businessCategory': 'businessCategory', + 'urn:mace:dir:attribute-def:c': 'c', + 'urn:mace:dir:attribute-def:cACertificate': 'cACertificate', + 'urn:mace:dir:attribute-def:cNAMERecord': 'cNAMERecord', + 'urn:mace:dir:attribute-def:carLicense': 'carLicense', + 'urn:mace:dir:attribute-def:certificateRevocationList': 'certificateRevocationList', + 'urn:mace:dir:attribute-def:cn': 'cn', + 'urn:mace:dir:attribute-def:co': 'co', + 'urn:mace:dir:attribute-def:commonName': 'commonName', + 'urn:mace:dir:attribute-def:countryName': 'countryName', + 'urn:mace:dir:attribute-def:crossCertificatePair': 'crossCertificatePair', + 'urn:mace:dir:attribute-def:dITRedirect': 'dITRedirect', + 'urn:mace:dir:attribute-def:dSAQuality': 'dSAQuality', + 'urn:mace:dir:attribute-def:dc': 'dc', + 'urn:mace:dir:attribute-def:deltaRevocationList': 'deltaRevocationList', + 'urn:mace:dir:attribute-def:departmentNumber': 'departmentNumber', + 'urn:mace:dir:attribute-def:description': 'description', + 'urn:mace:dir:attribute-def:destinationIndicator': 'destinationIndicator', + 'urn:mace:dir:attribute-def:displayName': 'displayName', + 'urn:mace:dir:attribute-def:distinguishedName': 'distinguishedName', + 'urn:mace:dir:attribute-def:dmdName': 'dmdName', + 'urn:mace:dir:attribute-def:dnQualifier': 'dnQualifier', + 'urn:mace:dir:attribute-def:documentAuthor': 'documentAuthor', + 'urn:mace:dir:attribute-def:documentIdentifier': 'documentIdentifier', + 'urn:mace:dir:attribute-def:documentLocation': 'documentLocation', + 'urn:mace:dir:attribute-def:documentPublisher': 'documentPublisher', + 'urn:mace:dir:attribute-def:documentTitle': 'documentTitle', + 'urn:mace:dir:attribute-def:documentVersion': 'documentVersion', + 'urn:mace:dir:attribute-def:domainComponent': 'domainComponent', + 'urn:mace:dir:attribute-def:drink': 'drink', + 'urn:mace:dir:attribute-def:eduOrgHomePageURI': 'eduOrgHomePageURI', + 'urn:mace:dir:attribute-def:eduOrgIdentityAuthNPolicyURI': 'eduOrgIdentityAuthNPolicyURI', + 'urn:mace:dir:attribute-def:eduOrgLegalName': 'eduOrgLegalName', + 'urn:mace:dir:attribute-def:eduOrgSuperiorURI': 'eduOrgSuperiorURI', + 'urn:mace:dir:attribute-def:eduOrgWhitePagesURI': 'eduOrgWhitePagesURI', + 'urn:mace:dir:attribute-def:eduPersonAffiliation': 'eduPersonAffiliation', + 'urn:mace:dir:attribute-def:eduPersonEntitlement': 'eduPersonEntitlement', + 'urn:mace:dir:attribute-def:eduPersonNickname': 'eduPersonNickname', + 'urn:mace:dir:attribute-def:eduPersonOrgDN': 'eduPersonOrgDN', + 'urn:mace:dir:attribute-def:eduPersonOrgUnitDN': 'eduPersonOrgUnitDN', + 'urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation': 'eduPersonPrimaryAffiliation', + 'urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN': 'eduPersonPrimaryOrgUnitDN', + 'urn:mace:dir:attribute-def:eduPersonPrincipalName': 'eduPersonPrincipalName', + 'urn:mace:dir:attribute-def:eduPersonScopedAffiliation': 'eduPersonScopedAffiliation', + 'urn:mace:dir:attribute-def:eduPersonTargetedID': 'eduPersonTargetedID', + 'urn:mace:dir:attribute-def:email': 'email', + 'urn:mace:dir:attribute-def:emailAddress': 'emailAddress', + 'urn:mace:dir:attribute-def:employeeNumber': 'employeeNumber', + 'urn:mace:dir:attribute-def:employeeType': 'employeeType', + 'urn:mace:dir:attribute-def:enhancedSearchGuide': 'enhancedSearchGuide', + 'urn:mace:dir:attribute-def:facsimileTelephoneNumber': 'facsimileTelephoneNumber', + 'urn:mace:dir:attribute-def:favouriteDrink': 'favouriteDrink', + 'urn:mace:dir:attribute-def:fax': 'fax', + 'urn:mace:dir:attribute-def:federationFeideSchemaVersion': 'federationFeideSchemaVersion', + 'urn:mace:dir:attribute-def:friendlyCountryName': 'friendlyCountryName', + 'urn:mace:dir:attribute-def:generationQualifier': 'generationQualifier', + 'urn:mace:dir:attribute-def:givenName': 'givenName', + 'urn:mace:dir:attribute-def:gn': 'gn', + 'urn:mace:dir:attribute-def:homePhone': 'homePhone', + 'urn:mace:dir:attribute-def:homePostalAddress': 'homePostalAddress', + 'urn:mace:dir:attribute-def:homeTelephoneNumber': 'homeTelephoneNumber', + 'urn:mace:dir:attribute-def:host': 'host', + 'urn:mace:dir:attribute-def:houseIdentifier': 'houseIdentifier', + 'urn:mace:dir:attribute-def:info': 'info', + 'urn:mace:dir:attribute-def:initials': 'initials', + 'urn:mace:dir:attribute-def:internationaliSDNNumber': 'internationaliSDNNumber', + 'urn:mace:dir:attribute-def:janetMailbox': 'janetMailbox', + 'urn:mace:dir:attribute-def:jpegPhoto': 'jpegPhoto', + 'urn:mace:dir:attribute-def:knowledgeInformation': 'knowledgeInformation', + 'urn:mace:dir:attribute-def:l': 'l', + 'urn:mace:dir:attribute-def:labeledURI': 'labeledURI', + 'urn:mace:dir:attribute-def:localityName': 'localityName', + 'urn:mace:dir:attribute-def:mDRecord': 'mDRecord', + 'urn:mace:dir:attribute-def:mXRecord': 'mXRecord', + 'urn:mace:dir:attribute-def:mail': 'mail', + 'urn:mace:dir:attribute-def:mailPreferenceOption': 'mailPreferenceOption', + 'urn:mace:dir:attribute-def:manager': 'manager', + 'urn:mace:dir:attribute-def:member': 'member', + 'urn:mace:dir:attribute-def:mobile': 'mobile', + 'urn:mace:dir:attribute-def:mobileTelephoneNumber': 'mobileTelephoneNumber', + 'urn:mace:dir:attribute-def:nSRecord': 'nSRecord', + 'urn:mace:dir:attribute-def:name': 'name', + 'urn:mace:dir:attribute-def:norEduOrgAcronym': 'norEduOrgAcronym', + 'urn:mace:dir:attribute-def:norEduOrgNIN': 'norEduOrgNIN', + 'urn:mace:dir:attribute-def:norEduOrgSchemaVersion': 'norEduOrgSchemaVersion', + 'urn:mace:dir:attribute-def:norEduOrgUniqueIdentifier': 'norEduOrgUniqueIdentifier', + 'urn:mace:dir:attribute-def:norEduOrgUniqueNumber': 'norEduOrgUniqueNumber', + 'urn:mace:dir:attribute-def:norEduOrgUnitUniqueIdentifier': 'norEduOrgUnitUniqueIdentifier', + 'urn:mace:dir:attribute-def:norEduOrgUnitUniqueNumber': 'norEduOrgUnitUniqueNumber', + 'urn:mace:dir:attribute-def:norEduPersonBirthDate': 'norEduPersonBirthDate', + 'urn:mace:dir:attribute-def:norEduPersonLIN': 'norEduPersonLIN', + 'urn:mace:dir:attribute-def:norEduPersonNIN': 'norEduPersonNIN', + 'urn:mace:dir:attribute-def:o': 'o', + 'urn:mace:dir:attribute-def:objectClass': 'objectClass', + 'urn:mace:dir:attribute-def:organizationName': 'organizationName', + 'urn:mace:dir:attribute-def:organizationalStatus': 'organizationalStatus', + 'urn:mace:dir:attribute-def:organizationalUnitName': 'organizationalUnitName', + 'urn:mace:dir:attribute-def:otherMailbox': 'otherMailbox', + 'urn:mace:dir:attribute-def:ou': 'ou', + 'urn:mace:dir:attribute-def:owner': 'owner', + 'urn:mace:dir:attribute-def:pager': 'pager', + 'urn:mace:dir:attribute-def:pagerTelephoneNumber': 'pagerTelephoneNumber', + 'urn:mace:dir:attribute-def:personalSignature': 'personalSignature', + 'urn:mace:dir:attribute-def:personalTitle': 'personalTitle', + 'urn:mace:dir:attribute-def:photo': 'photo', + 'urn:mace:dir:attribute-def:physicalDeliveryOfficeName': 'physicalDeliveryOfficeName', + 'urn:mace:dir:attribute-def:pkcs9email': 'pkcs9email', + 'urn:mace:dir:attribute-def:postOfficeBox': 'postOfficeBox', + 'urn:mace:dir:attribute-def:postalAddress': 'postalAddress', + 'urn:mace:dir:attribute-def:postalCode': 'postalCode', + 'urn:mace:dir:attribute-def:preferredDeliveryMethod': 'preferredDeliveryMethod', + 'urn:mace:dir:attribute-def:preferredLanguage': 'preferredLanguage', + 'urn:mace:dir:attribute-def:presentationAddress': 'presentationAddress', + 'urn:mace:dir:attribute-def:protocolInformation': 'protocolInformation', + 'urn:mace:dir:attribute-def:pseudonym': 'pseudonym', + 'urn:mace:dir:attribute-def:registeredAddress': 'registeredAddress', + 'urn:mace:dir:attribute-def:rfc822Mailbox': 'rfc822Mailbox', + 'urn:mace:dir:attribute-def:roleOccupant': 'roleOccupant', + 'urn:mace:dir:attribute-def:roomNumber': 'roomNumber', + 'urn:mace:dir:attribute-def:sOARecord': 'sOARecord', + 'urn:mace:dir:attribute-def:searchGuide': 'searchGuide', + 'urn:mace:dir:attribute-def:secretary': 'secretary', + 'urn:mace:dir:attribute-def:seeAlso': 'seeAlso', + 'urn:mace:dir:attribute-def:serialNumber': 'serialNumber', + 'urn:mace:dir:attribute-def:singleLevelQuality': 'singleLevelQuality', + 'urn:mace:dir:attribute-def:sn': 'sn', + 'urn:mace:dir:attribute-def:st': 'st', + 'urn:mace:dir:attribute-def:stateOrProvinceName': 'stateOrProvinceName', + 'urn:mace:dir:attribute-def:street': 'street', + 'urn:mace:dir:attribute-def:streetAddress': 'streetAddress', + 'urn:mace:dir:attribute-def:subtreeMaximumQuality': 'subtreeMaximumQuality', + 'urn:mace:dir:attribute-def:subtreeMinimumQuality': 'subtreeMinimumQuality', + 'urn:mace:dir:attribute-def:supportedAlgorithms': 'supportedAlgorithms', + 'urn:mace:dir:attribute-def:supportedApplicationContext': 'supportedApplicationContext', + 'urn:mace:dir:attribute-def:surname': 'surname', + 'urn:mace:dir:attribute-def:telephoneNumber': 'telephoneNumber', + 'urn:mace:dir:attribute-def:teletexTerminalIdentifier': 'teletexTerminalIdentifier', + 'urn:mace:dir:attribute-def:telexNumber': 'telexNumber', + 'urn:mace:dir:attribute-def:textEncodedORAddress': 'textEncodedORAddress', + 'urn:mace:dir:attribute-def:title': 'title', + 'urn:mace:dir:attribute-def:uid': 'uid', + 'urn:mace:dir:attribute-def:uniqueIdentifier': 'uniqueIdentifier', + 'urn:mace:dir:attribute-def:uniqueMember': 'uniqueMember', + 'urn:mace:dir:attribute-def:userCertificate': 'userCertificate', + 'urn:mace:dir:attribute-def:userClass': 'userClass', + 'urn:mace:dir:attribute-def:userPKCS12': 'userPKCS12', + 'urn:mace:dir:attribute-def:userPassword': 'userPassword', + 'urn:mace:dir:attribute-def:userSMIMECertificate': 'userSMIMECertificate', + 'urn:mace:dir:attribute-def:userid': 'userid', + 'urn:mace:dir:attribute-def:x121Address': 'x121Address', + 'urn:mace:dir:attribute-def:x500UniqueIdentifier': 'x500UniqueIdentifier', +} diff --git a/example/attributemaps/urn:oasis:names:tc:SAML:2.0:attrname-format:basic/to.py b/example/attributemaps/urn:oasis:names:tc:SAML:2.0:attrname-format:basic/to.py new file mode 100644 index 0000000..4edd8cf --- /dev/null +++ b/example/attributemaps/urn:oasis:names:tc:SAML:2.0:attrname-format:basic/to.py @@ -0,0 +1,161 @@ +{ + 'aRecord': 'urn:mace:dir:attribute-def:aRecord', + 'aliasedEntryName': 'urn:mace:dir:attribute-def:aliasedEntryName', + 'aliasedObjectName': 'urn:mace:dir:attribute-def:aliasedObjectName', + 'associatedDomain': 'urn:mace:dir:attribute-def:associatedDomain', + 'associatedName': 'urn:mace:dir:attribute-def:associatedName', + 'audio': 'urn:mace:dir:attribute-def:audio', + 'authorityRevocationList': 'urn:mace:dir:attribute-def:authorityRevocationList', + 'buildingName': 'urn:mace:dir:attribute-def:buildingName', + 'businessCategory': 'urn:mace:dir:attribute-def:businessCategory', + 'c': 'urn:mace:dir:attribute-def:c', + 'cACertificate': 'urn:mace:dir:attribute-def:cACertificate', + 'cNAMERecord': 'urn:mace:dir:attribute-def:cNAMERecord', + 'carLicense': 'urn:mace:dir:attribute-def:carLicense', + 'certificateRevocationList': 'urn:mace:dir:attribute-def:certificateRevocationList', + 'cn': 'urn:mace:dir:attribute-def:cn', + 'co': 'urn:mace:dir:attribute-def:co', + 'commonName': 'urn:mace:dir:attribute-def:commonName', + 'countryName': 'urn:mace:dir:attribute-def:countryName', + 'crossCertificatePair': 'urn:mace:dir:attribute-def:crossCertificatePair', + 'dITRedirect': 'urn:mace:dir:attribute-def:dITRedirect', + 'dSAQuality': 'urn:mace:dir:attribute-def:dSAQuality', + 'dc': 'urn:mace:dir:attribute-def:dc', + 'deltaRevocationList': 'urn:mace:dir:attribute-def:deltaRevocationList', + 'departmentNumber': 'urn:mace:dir:attribute-def:departmentNumber', + 'description': 'urn:mace:dir:attribute-def:description', + 'destinationIndicator': 'urn:mace:dir:attribute-def:destinationIndicator', + 'displayName': 'urn:mace:dir:attribute-def:displayName', + 'distinguishedName': 'urn:mace:dir:attribute-def:distinguishedName', + 'dmdName': 'urn:mace:dir:attribute-def:dmdName', + 'dnQualifier': 'urn:mace:dir:attribute-def:dnQualifier', + 'documentAuthor': 'urn:mace:dir:attribute-def:documentAuthor', + 'documentIdentifier': 'urn:mace:dir:attribute-def:documentIdentifier', + 'documentLocation': 'urn:mace:dir:attribute-def:documentLocation', + 'documentPublisher': 'urn:mace:dir:attribute-def:documentPublisher', + 'documentTitle': 'urn:mace:dir:attribute-def:documentTitle', + 'documentVersion': 'urn:mace:dir:attribute-def:documentVersion', + 'domainComponent': 'urn:mace:dir:attribute-def:domainComponent', + 'drink': 'urn:mace:dir:attribute-def:drink', + 'eduOrgHomePageURI': 'urn:mace:dir:attribute-def:eduOrgHomePageURI', + 'eduOrgIdentityAuthNPolicyURI': 'urn:mace:dir:attribute-def:eduOrgIdentityAuthNPolicyURI', + 'eduOrgLegalName': 'urn:mace:dir:attribute-def:eduOrgLegalName', + 'eduOrgSuperiorURI': 'urn:mace:dir:attribute-def:eduOrgSuperiorURI', + 'eduOrgWhitePagesURI': 'urn:mace:dir:attribute-def:eduOrgWhitePagesURI', + 'eduPersonAffiliation': 'urn:mace:dir:attribute-def:eduPersonAffiliation', + 'eduPersonEntitlement': 'urn:mace:dir:attribute-def:eduPersonEntitlement', + 'eduPersonNickname': 'urn:mace:dir:attribute-def:eduPersonNickname', + 'eduPersonOrgDN': 'urn:mace:dir:attribute-def:eduPersonOrgDN', + 'eduPersonOrgUnitDN': 'urn:mace:dir:attribute-def:eduPersonOrgUnitDN', + 'eduPersonPrimaryAffiliation': 'urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation', + 'eduPersonPrimaryOrgUnitDN': 'urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN', + 'eduPersonPrincipalName': 'urn:mace:dir:attribute-def:eduPersonPrincipalName', + 'eduPersonScopedAffiliation': 'urn:mace:dir:attribute-def:eduPersonScopedAffiliation', + 'eduPersonTargetedID': 'urn:mace:dir:attribute-def:eduPersonTargetedID', + 'email': 'urn:mace:dir:attribute-def:email', + 'emailAddress': 'urn:mace:dir:attribute-def:emailAddress', + 'employeeNumber': 'urn:mace:dir:attribute-def:employeeNumber', + 'employeeType': 'urn:mace:dir:attribute-def:employeeType', + 'enhancedSearchGuide': 'urn:mace:dir:attribute-def:enhancedSearchGuide', + 'facsimileTelephoneNumber': 'urn:mace:dir:attribute-def:facsimileTelephoneNumber', + 'favouriteDrink': 'urn:mace:dir:attribute-def:favouriteDrink', + 'fax': 'urn:mace:dir:attribute-def:fax', + 'federationFeideSchemaVersion': 'urn:mace:dir:attribute-def:federationFeideSchemaVersion', + 'friendlyCountryName': 'urn:mace:dir:attribute-def:friendlyCountryName', + 'generationQualifier': 'urn:mace:dir:attribute-def:generationQualifier', + 'givenName': 'urn:mace:dir:attribute-def:givenName', + 'gn': 'urn:mace:dir:attribute-def:gn', + 'homePhone': 'urn:mace:dir:attribute-def:homePhone', + 'homePostalAddress': 'urn:mace:dir:attribute-def:homePostalAddress', + 'homeTelephoneNumber': 'urn:mace:dir:attribute-def:homeTelephoneNumber', + 'host': 'urn:mace:dir:attribute-def:host', + 'houseIdentifier': 'urn:mace:dir:attribute-def:houseIdentifier', + 'info': 'urn:mace:dir:attribute-def:info', + 'initials': 'urn:mace:dir:attribute-def:initials', + 'internationaliSDNNumber': 'urn:mace:dir:attribute-def:internationaliSDNNumber', + 'janetMailbox': 'urn:mace:dir:attribute-def:janetMailbox', + 'jpegPhoto': 'urn:mace:dir:attribute-def:jpegPhoto', + 'knowledgeInformation': 'urn:mace:dir:attribute-def:knowledgeInformation', + 'l': 'urn:mace:dir:attribute-def:l', + 'labeledURI': 'urn:mace:dir:attribute-def:labeledURI', + 'localityName': 'urn:mace:dir:attribute-def:localityName', + 'mDRecord': 'urn:mace:dir:attribute-def:mDRecord', + 'mXRecord': 'urn:mace:dir:attribute-def:mXRecord', + 'mail': 'urn:mace:dir:attribute-def:mail', + 'mailPreferenceOption': 'urn:mace:dir:attribute-def:mailPreferenceOption', + 'manager': 'urn:mace:dir:attribute-def:manager', + 'member': 'urn:mace:dir:attribute-def:member', + 'mobile': 'urn:mace:dir:attribute-def:mobile', + 'mobileTelephoneNumber': 'urn:mace:dir:attribute-def:mobileTelephoneNumber', + 'nSRecord': 'urn:mace:dir:attribute-def:nSRecord', + 'name': 'urn:mace:dir:attribute-def:name', + 'norEduOrgAcronym': 'urn:mace:dir:attribute-def:norEduOrgAcronym', + 'norEduOrgNIN': 'urn:mace:dir:attribute-def:norEduOrgNIN', + 'norEduOrgSchemaVersion': 'urn:mace:dir:attribute-def:norEduOrgSchemaVersion', + 'norEduOrgUniqueIdentifier': 'urn:mace:dir:attribute-def:norEduOrgUniqueIdentifier', + 'norEduOrgUniqueNumber': 'urn:mace:dir:attribute-def:norEduOrgUniqueNumber', + 'norEduOrgUnitUniqueIdentifier': 'urn:mace:dir:attribute-def:norEduOrgUnitUniqueIdentifier', + 'norEduOrgUnitUniqueNumber': 'urn:mace:dir:attribute-def:norEduOrgUnitUniqueNumber', + 'norEduPersonBirthDate': 'urn:mace:dir:attribute-def:norEduPersonBirthDate', + 'norEduPersonLIN': 'urn:mace:dir:attribute-def:norEduPersonLIN', + 'norEduPersonNIN': 'urn:mace:dir:attribute-def:norEduPersonNIN', + 'o': 'urn:mace:dir:attribute-def:o', + 'objectClass': 'urn:mace:dir:attribute-def:objectClass', + 'organizationName': 'urn:mace:dir:attribute-def:organizationName', + 'organizationalStatus': 'urn:mace:dir:attribute-def:organizationalStatus', + 'organizationalUnitName': 'urn:mace:dir:attribute-def:organizationalUnitName', + 'otherMailbox': 'urn:mace:dir:attribute-def:otherMailbox', + 'ou': 'urn:mace:dir:attribute-def:ou', + 'owner': 'urn:mace:dir:attribute-def:owner', + 'pager': 'urn:mace:dir:attribute-def:pager', + 'pagerTelephoneNumber': 'urn:mace:dir:attribute-def:pagerTelephoneNumber', + 'personalSignature': 'urn:mace:dir:attribute-def:personalSignature', + 'personalTitle': 'urn:mace:dir:attribute-def:personalTitle', + 'photo': 'urn:mace:dir:attribute-def:photo', + 'physicalDeliveryOfficeName': 'urn:mace:dir:attribute-def:physicalDeliveryOfficeName', + 'pkcs9email': 'urn:mace:dir:attribute-def:pkcs9email', + 'postOfficeBox': 'urn:mace:dir:attribute-def:postOfficeBox', + 'postalAddress': 'urn:mace:dir:attribute-def:postalAddress', + 'postalCode': 'urn:mace:dir:attribute-def:postalCode', + 'preferredDeliveryMethod': 'urn:mace:dir:attribute-def:preferredDeliveryMethod', + 'preferredLanguage': 'urn:mace:dir:attribute-def:preferredLanguage', + 'presentationAddress': 'urn:mace:dir:attribute-def:presentationAddress', + 'protocolInformation': 'urn:mace:dir:attribute-def:protocolInformation', + 'pseudonym': 'urn:mace:dir:attribute-def:pseudonym', + 'registeredAddress': 'urn:mace:dir:attribute-def:registeredAddress', + 'rfc822Mailbox': 'urn:mace:dir:attribute-def:rfc822Mailbox', + 'roleOccupant': 'urn:mace:dir:attribute-def:roleOccupant', + 'roomNumber': 'urn:mace:dir:attribute-def:roomNumber', + 'sOARecord': 'urn:mace:dir:attribute-def:sOARecord', + 'searchGuide': 'urn:mace:dir:attribute-def:searchGuide', + 'secretary': 'urn:mace:dir:attribute-def:secretary', + 'seeAlso': 'urn:mace:dir:attribute-def:seeAlso', + 'serialNumber': 'urn:mace:dir:attribute-def:serialNumber', + 'singleLevelQuality': 'urn:mace:dir:attribute-def:singleLevelQuality', + 'sn': 'urn:mace:dir:attribute-def:sn', + 'st': 'urn:mace:dir:attribute-def:st', + 'stateOrProvinceName': 'urn:mace:dir:attribute-def:stateOrProvinceName', + 'street': 'urn:mace:dir:attribute-def:street', + 'streetAddress': 'urn:mace:dir:attribute-def:streetAddress', + 'subtreeMaximumQuality': 'urn:mace:dir:attribute-def:subtreeMaximumQuality', + 'subtreeMinimumQuality': 'urn:mace:dir:attribute-def:subtreeMinimumQuality', + 'supportedAlgorithms': 'urn:mace:dir:attribute-def:supportedAlgorithms', + 'supportedApplicationContext': 'urn:mace:dir:attribute-def:supportedApplicationContext', + 'surname': 'urn:mace:dir:attribute-def:surname', + 'telephoneNumber': 'urn:mace:dir:attribute-def:telephoneNumber', + 'teletexTerminalIdentifier': 'urn:mace:dir:attribute-def:teletexTerminalIdentifier', + 'telexNumber': 'urn:mace:dir:attribute-def:telexNumber', + 'textEncodedORAddress': 'urn:mace:dir:attribute-def:textEncodedORAddress', + 'title': 'urn:mace:dir:attribute-def:title', + 'uid': 'urn:mace:dir:attribute-def:uid', + 'uniqueIdentifier': 'urn:mace:dir:attribute-def:uniqueIdentifier', + 'uniqueMember': 'urn:mace:dir:attribute-def:uniqueMember', + 'userCertificate': 'urn:mace:dir:attribute-def:userCertificate', + 'userClass': 'urn:mace:dir:attribute-def:userClass', + 'userPKCS12': 'urn:mace:dir:attribute-def:userPKCS12', + 'userPassword': 'urn:mace:dir:attribute-def:userPassword', + 'userSMIMECertificate': 'urn:mace:dir:attribute-def:userSMIMECertificate', + 'userid': 'urn:mace:dir:attribute-def:userid', + 'x121Address': 'urn:mace:dir:attribute-def:x121Address', + 'x500UniqueIdentifier': 'urn:mace:dir:attribute-def:x500UniqueIdentifier', +} diff --git a/example/attributemaps/urn:oasis:names:tc:SAML:2.0:attrname-format:uri/fro.py b/example/attributemaps/urn:oasis:names:tc:SAML:2.0:attrname-format:uri/fro.py new file mode 100644 index 0000000..5dbeb8c --- /dev/null +++ b/example/attributemaps/urn:oasis:names:tc:SAML:2.0:attrname-format:uri/fro.py @@ -0,0 +1,154 @@ +{ + 'urn:oid:1.3.6.1.4.1.5923.1.1.1.2': 'eduPersonNickname', + 'urn:oid:1.3.6.1.4.1.5923.1.1.1.9': 'eduPersonScopedAffiliation', + 'urn:oid:1.3.6.1.4.1.5923.1.1.1.11': 'eduPersonAssurance', + 'urn:oid:1.3.6.1.4.1.5923.1.1.1.10': 'eduPersonTargetedID', + 'urn:oid:1.3.6.1.4.1.5923.1.1.1.4': 'eduPersonOrgUnitDN', + 'urn:oid:1.3.6.1.4.1.5923.1.1.1.1': 'eduPersonAffiliation', + 'urn:oid:2.16.840.1.113730.3.1.40': 'userSMIMECertificate', + 'urn:oid:2.16.840.1.113730.3.1.241': 'displayName', + 'urn:oid:0.9.2342.19200300.100.1.37': 'associatedDomain', + 'urn:oid:0.9.2342.19200300.100.1.1': "uid", + 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6': 'eduPersonPrincipalName', + 'urn:oid:2.5.4.53': 'deltaRevocationList', + 'urn:oid:2.5.4.52': 'supportedAlgorithms', + 'urn:oid:2.5.4.51': 'houseIdentifier', + 'urn:oid:2.5.4.50': 'uniqueMember', + 'urn:oid:2.5.4.19': 'physicalDeliveryOfficeName', + 'urn:oid:2.5.4.18': 'postOfficeBox', + 'urn:oid:2.5.4.17': 'postalCode', + 'urn:oid:2.5.4.16': 'postalAddress', + 'urn:oid:2.5.4.15': 'businessCategory', + 'urn:oid:2.5.4.14': 'searchGuide', + 'urn:oid:1.3.6.1.4.1.5923.1.1.1.5': 'eduPersonPrimaryAffiliation', + 'urn:oid:2.5.4.12': 'title', + 'urn:oid:2.5.4.11': 'ou', + 'urn:oid:2.5.4.10': 'o', + 'urn:oid:2.5.4.37': 'cACertificate', + 'urn:oid:2.5.4.36': 'userCertificate', + 'urn:oid:2.5.4.31': 'member', + 'urn:oid:2.5.4.30': 'supportedApplicationContext', + 'urn:oid:2.5.4.33': 'roleOccupant', + 'urn:oid:2.5.4.32': 'owner', + 'urn:oid:2.16.840.1.113730.3.1.1': 'carLicense', + 'urn:oid:1.2.840.113549.1.9.1': 'email', + 'urn:oid:2.16.840.1.113730.3.1.3': 'employeeNumber', + 'urn:oid:2.16.840.1.113730.3.1.2': 'departmentNumber', + 'urn:oid:2.5.4.39': 'certificateRevocationList', + 'urn:oid:2.5.4.38': 'authorityRevocationList', + 'urn:oid:2.16.840.1.113730.3.1.216': 'userPKCS12', + 'urn:oid:1.3.6.1.4.1.5923.1.1.1.8': 'eduPersonPrimaryOrgUnitDN', + 'urn:oid:2.5.4.9': 'street', + 'urn:oid:2.5.4.8': 'st', + 'urn:oid:2.16.840.1.113730.3.1.39': 'preferredLanguage', + 'urn:oid:1.3.6.1.4.1.5923.1.1.1.7': 'eduPersonEntitlement', + 'urn:oid:2.5.4.2': 'knowledgeInformation', + 'urn:oid:2.5.4.7': 'l', + 'urn:oid:2.5.4.6': 'c', + 'urn:oid:2.5.4.5': 'serialNumber', + 'urn:oid:2.5.4.4': 'sn', + 'urn:oid:0.9.2342.19200300.100.1.60': 'jpegPhoto', + 'urn:oid:2.5.4.65': 'pseudonym', + 'urn:oid:0.9.2342.19200300.100.1.3': 'mail', + 'urn:oid:0.9.2342.19200300.100.1.25': 'dc', + 'urn:oid:2.5.4.40': 'crossCertificatePair', + 'urn:oid:2.5.4.42': 'givenName', + 'urn:oid:2.5.4.43': 'initials', + 'urn:oid:2.5.4.44': 'generationQualifier', + 'urn:oid:2.5.4.45': 'x500UniqueIdentifier', + 'urn:oid:2.5.4.46': 'dnQualifier', + 'urn:oid:2.5.4.47': 'enhancedSearchGuide', + 'urn:oid:2.5.4.48': 'protocolInformation', + 'urn:oid:2.5.4.54': 'dmdName', + 'urn:oid:2.16.840.1.113730.3.1.4': 'employeeType', + 'urn:oid:2.5.4.22': 'teletexTerminalIdentifier', + 'urn:oid:2.5.4.23': 'facsimileTelephoneNumber', + 'urn:oid:2.5.4.20': 'telephoneNumber', + 'urn:oid:2.5.4.21': 'telexNumber', + 'urn:oid:2.5.4.26': 'registeredAddress', + 'urn:oid:2.5.4.27': 'destinationIndicator', + 'urn:oid:2.5.4.24': 'x121Address', + 'urn:oid:2.5.4.25': 'internationaliSDNNumber', + 'urn:oid:2.5.4.28': 'preferredDeliveryMethod', + 'urn:oid:2.5.4.29': 'presentationAddress', + # noredu + 'urn:oid:1.3.6.1.4.1.5923.1.1.1.3': 'eduPersonOrgDN', + 'urn:oid:1.3.6.1.4.1.2428.90.1.8': 'norEduOrgUnitUniqueIdentifier', + 'urn:oid:1.3.6.1.4.1.2428.90.1.9': 'federationFeideSchemaVersion', + 'urn:oid:1.3.6.1.4.1.2428.90.1.6': 'norEduOrgAcronym', + 'urn:oid:1.3.6.1.4.1.2428.90.1.7': 'norEduOrgUniqueIdentifier', + 'urn:oid:1.3.6.1.4.1.2428.90.1.4': 'norEduPersonLIN', + 'urn:oid:1.3.6.1.4.1.2428.90.1.5': 'norEduPersonNIN', + 'urn:oid:1.3.6.1.4.1.2428.90.1.2': 'norEduOrgUnitUniqueNumber', + 'urn:oid:1.3.6.1.4.1.2428.90.1.3': 'norEduPersonBirthDate', + 'urn:oid:1.3.6.1.4.1.2428.90.1.1': 'norEduOrgUniqueNumber', + # schac + 'urn:oid:1.3.6.1.4.1.25178.1.2.14': 'schacPersonalUniqueCode', + 'urn:oid:1.3.6.1.4.1.25178.1.2.15': 'schacPersonalUniqueID', + 'urn:oid:1.3.6.1.4.1.25178.1.2.16': 'schacUUID', + 'urn:oid:1.3.6.1.4.1.25178.1.2.17': 'schacExpiryDate', + 'urn:oid:1.3.6.1.4.1.25178.1.2.10': 'schacHomeOrganizationType', + 'urn:oid:1.3.6.1.4.1.25178.1.2.12': 'schacUserPresenceID', + 'urn:oid:1.3.6.1.4.1.25178.1.2.13': 'schacPersonalPosition', + 'urn:oid:1.3.6.1.4.1.25178.1.2.18': 'schacUserPrivateAttribute', + 'urn:oid:1.3.6.1.4.1.25178.1.2.19': 'schacUserStatus', + 'urn:oid:1.3.6.1.4.1.25178.1.2.11': 'schacCountryOfResidence', + 'urn:oid:1.3.6.1.4.1.25178.1.2.5': 'schacCountryOfCitizenship', + 'urn:oid:1.3.6.1.4.1.25178.1.2.2': 'schacGender', + 'urn:oid:1.3.6.1.4.1.25178.1.2.3': 'schacDateOfBirth', + 'urn:oid:1.3.6.1.4.1.25178.1.2.1': 'schacMotherTongue', + 'urn:oid:1.3.6.1.4.1.25178.1.2.6': 'schacSn1', + 'urn:oid:1.3.6.1.4.1.25178.1.2.7': 'schacSn2', + 'urn:oid:1.3.6.1.4.1.25178.1.2.4': 'schacPlaceOfBirth', + 'urn:oid:1.3.6.1.4.1.25178.1.2.8': 'schacPersonalTitle', + 'urn:oid:1.3.6.1.4.1.25178.1.2.9': 'schacHomeOrganization', + # umuse + 'urn:oid:1.2.752.17.6.1.37': 'umuSeCourseDN', + 'urn:oid:1.2.752.17.6.1.36': 'umuSeCourseSemester', + 'urn:oid:1.2.752.17.6.1.22': 'umuSeChildLIN', + 'urn:oid:1.2.752.17.6.1.23': 'umuSePersonEmploymentFrom', + 'urn:oid:1.2.752.17.6.1.20': 'umuSeLIN', + 'urn:oid:1.2.752.17.6.1.21': 'umuSeParentLIN', + 'urn:oid:1.2.752.17.6.1.26': 'umuSeOrgUnitNumber', + 'urn:oid:1.2.752.17.6.1.27': 'umuSeFormalName', + 'urn:oid:1.2.752.17.6.1.24': 'umuSePersonEmploymentTo', + 'urn:oid:1.2.752.17.6.1.25': 'umuSePersonEmploymentPost', + 'urn:oid:1.2.752.17.6.1.28': 'umuSeID', + 'urn:oid:1.2.752.17.6.1.29': 'umuSeAffiliatedToLIN', + 'urn:oid:1.2.752.17.6.1.3': 'umuSePersonCardSIS', + 'urn:oid:1.2.752.17.6.1.2': 'umuSePersonCardNr', + 'urn:oid:1.2.752.17.6.1.1': 'umuSePersonPrivacy', + 'urn:oid:1.2.752.17.6.1.7': 'umuSeSMSNumber', + 'urn:oid:1.2.752.17.6.1.6': 'umuSePersonHomeMobile', + 'urn:oid:1.2.752.17.6.1.5': 'umuSePersonPrimaryCampus', + 'urn:oid:1.2.752.17.6.1.4': 'umuSePersonCampus', + 'urn:oid:1.2.752.17.6.1.9': 'umuSePersonResearch', + 'urn:oid:1.2.752.17.6.1.8': 'umuSePersonInstantMessage', + 'urn:oid:1.2.752.17.6.1.45': 'umuSeCourseRegId', + 'urn:oid:1.2.752.17.6.1.17': 'umuSeOrgUnitType', + 'urn:oid:1.2.752.17.6.1.16': 'umuSeOrgUnitChild', + 'urn:oid:1.2.752.17.6.1.33': 'umuSeMemberLIN', + 'urn:oid:1.2.752.17.6.1.14': 'umuSePersonEmploymentStatusCode', + 'urn:oid:1.2.752.17.6.1.13': 'umuSePersonEmploymentStatus', + 'urn:oid:1.2.752.17.6.1.12': 'umuSePersonEmploymentType', + 'urn:oid:1.2.752.17.6.1.11': 'umuSePersonAlternateContact', + 'urn:oid:1.2.752.17.6.1.10': 'umuSePersonExpertise', + 'urn:oid:1.2.752.17.6.1.39': 'umuSeCourseInstAccId', + 'urn:oid:1.2.752.17.6.1.38': 'umuSeCourseOrgUnitDN', + 'urn:oid:1.2.752.17.6.1.19': 'umuSePersonEmploymentExtent', + 'urn:oid:1.2.752.17.6.1.18': 'umuSePersonSpokenName', + 'urn:oid:1.2.752.17.6.1.44': 'passportIssuingCountry', + 'urn:oid:1.2.752.17.6.1.31': 'umuSeValidTo', + 'urn:oid:1.2.752.17.6.1.46': 'umuSeCareOf', + 'urn:oid:1.2.752.17.6.1.47': 'umuSeAlternateTelephoneNumber', + 'urn:oid:1.2.752.17.6.1.40': 'umuSeCourseInstRegId', + 'urn:oid:1.2.752.17.6.1.41': 'umuSePersonnelLIN', + 'urn:oid:1.2.752.17.6.1.42': 'umuSeOrgType', + 'urn:oid:1.2.752.17.6.1.30': 'umuSeAccountNumber', + 'urn:oid:1.2.752.17.6.1.43': 'passportNumber', + 'urn:oid:1.2.752.17.6.1.48': 'umuSeLabeledDN', + 'urn:oid:1.2.752.17.6.1.49': 'umuSePrimaryMail', + 'urn:oid:1.2.752.17.6.1.32': 'umuSeValidFrom', + 'urn:oid:1.2.752.17.6.1.35': 'umuSeCourseInstId', + 'urn:oid:1.2.752.17.6.1.34': 'umuSeCourseId', +} diff --git a/example/attributemaps/urn:oasis:names:tc:SAML:2.0:attrname-format:uri/to.py b/example/attributemaps/urn:oasis:names:tc:SAML:2.0:attrname-format:uri/to.py new file mode 100644 index 0000000..c633f5a --- /dev/null +++ b/example/attributemaps/urn:oasis:names:tc:SAML:2.0:attrname-format:uri/to.py @@ -0,0 +1,170 @@ +{ + 'roleOccupant': 'urn:oid:2.5.4.33', + 'gn': 'urn:oid:2.5.4.42', + 'title': 'urn:oid:2.5.4.12', + 'facsimileTelephoneNumber': 'urn:oid:2.5.4.23', + 'mail': 'urn:oid:0.9.2342.19200300.100.1.3', + 'postOfficeBox': 'urn:oid:2.5.4.18', + 'fax': 'urn:oid:2.5.4.23', + 'telephoneNumber': 'urn:oid:2.5.4.20', + 'rfc822Mailbox': 'urn:oid:0.9.2342.19200300.100.1.3', + 'dc': 'urn:oid:0.9.2342.19200300.100.1.25', + 'countryName': 'urn:oid:2.5.4.6', + 'emailAddress': 'urn:oid:1.2.840.113549.1.9.1', + 'employeeNumber': 'urn:oid:2.16.840.1.113730.3.1.3', + 'organizationName': 'urn:oid:2.5.4.10', + 'eduPersonAssurance': 'urn:oid:1.3.6.1.4.1.5923.1.1.1.11', + 'registeredAddress': 'urn:oid:2.5.4.26', + 'physicalDeliveryOfficeName': 'urn:oid:2.5.4.19', + 'associatedDomain': 'urn:oid:0.9.2342.19200300.100.1.37', + 'l': 'urn:oid:2.5.4.7', + 'stateOrProvinceName': 'urn:oid:2.5.4.8', + 'pkcs9email': 'urn:oid:1.2.840.113549.1.9.1', + 'givenName': 'urn:oid:2.5.4.42', + 'givenname': 'urn:oid:2.5.4.42', + 'x500UniqueIdentifier': 'urn:oid:2.5.4.45', + 'eduPersonNickname': 'urn:oid:1.3.6.1.4.1.5923.1.1.1.2', + 'houseIdentifier': 'urn:oid:2.5.4.51', + 'street': 'urn:oid:2.5.4.9', + 'supportedAlgorithms': 'urn:oid:2.5.4.52', + 'preferredLanguage': 'urn:oid:2.16.840.1.113730.3.1.39', + 'postalAddress': 'urn:oid:2.5.4.16', + 'email': 'urn:oid:1.2.840.113549.1.9.1', + 'eduPersonPrimaryOrgUnitDN': 'urn:oid:1.3.6.1.4.1.5923.1.1.1.8', + 'c': 'urn:oid:2.5.4.6', + 'teletexTerminalIdentifier': 'urn:oid:2.5.4.22', + 'o': 'urn:oid:2.5.4.10', + 'cACertificate': 'urn:oid:2.5.4.37', + 'telexNumber': 'urn:oid:2.5.4.21', + 'ou': 'urn:oid:2.5.4.11', + 'initials': 'urn:oid:2.5.4.43', + 'uid': '0.9.2342.19200300.100.1.1', + 'userid': '0.9.2342.19200300.100.1.1', + 'eduPersonOrgUnitDN': 'urn:oid:1.3.6.1.4.1.5923.1.1.1.4', + 'deltaRevocationList': 'urn:oid:2.5.4.53', + 'supportedApplicationContext': 'urn:oid:2.5.4.30', + 'eduPersonEntitlement': 'urn:oid:1.3.6.1.4.1.5923.1.1.1.7', + 'generationQualifier': 'urn:oid:2.5.4.44', + 'eduPersonAffiliation': 'urn:oid:1.3.6.1.4.1.5923.1.1.1.1', + 'edupersonaffiliation': 'urn:oid:1.3.6.1.4.1.5923.1.1.1.1', + 'eduPersonPrincipalName': 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6', + 'localityName': 'urn:oid:2.5.4.7', + 'owner': 'urn:oid:2.5.4.32', + 'searchGuide': 'urn:oid:2.5.4.14', + 'certificateRevocationList': 'urn:oid:2.5.4.39', + 'organizationalUnitName': 'urn:oid:2.5.4.11', + 'userCertificate': 'urn:oid:2.5.4.36', + 'preferredDeliveryMethod': 'urn:oid:2.5.4.28', + 'internationaliSDNNumber': 'urn:oid:2.5.4.25', + 'uniqueMember': 'urn:oid:2.5.4.50', + 'departmentNumber': 'urn:oid:2.16.840.1.113730.3.1.2', + 'enhancedSearchGuide': 'urn:oid:2.5.4.47', + 'userPKCS12': 'urn:oid:2.16.840.1.113730.3.1.216', + 'eduPersonTargetedID': 'urn:oid:1.3.6.1.4.1.5923.1.1.1.10', + 'x121Address': 'urn:oid:2.5.4.24', + 'destinationIndicator': 'urn:oid:2.5.4.27', + 'eduPersonPrimaryAffiliation': 'urn:oid:1.3.6.1.4.1.5923.1.1.1.5', + 'surname': 'urn:oid:2.5.4.4', + 'jpegPhoto': 'urn:oid:0.9.2342.19200300.100.1.60', + 'eduPersonScopedAffiliation': 'urn:oid:1.3.6.1.4.1.5923.1.1.1.9', + 'protocolInformation': 'urn:oid:2.5.4.48', + 'knowledgeInformation': 'urn:oid:2.5.4.2', + 'employeeType': 'urn:oid:2.16.840.1.113730.3.1.4', + 'userSMIMECertificate': 'urn:oid:2.16.840.1.113730.3.1.40', + 'member': 'urn:oid:2.5.4.31', + 'streetAddress': 'urn:oid:2.5.4.9', + 'dmdName': 'urn:oid:2.5.4.54', + 'postalCode': 'urn:oid:2.5.4.17', + 'pseudonym': 'urn:oid:2.5.4.65', + 'dnQualifier': 'urn:oid:2.5.4.46', + 'crossCertificatePair': 'urn:oid:2.5.4.40', + 'eduPersonOrgDN': 'urn:oid:1.3.6.1.4.1.5923.1.1.1.3', + 'authorityRevocationList': 'urn:oid:2.5.4.38', + 'displayName': 'urn:oid:2.16.840.1.113730.3.1.241', + 'businessCategory': 'urn:oid:2.5.4.15', + 'serialNumber': 'urn:oid:2.5.4.5', + 'st': 'urn:oid:2.5.4.8', + 'carLicense': 'urn:oid:2.16.840.1.113730.3.1.1', + 'presentationAddress': 'urn:oid:2.5.4.29', + 'sn': 'urn:oid:2.5.4.4', + 'domainComponent': 'urn:oid:0.9.2342.19200300.100.1.25', + # noredu + 'norEduOrgUniqueNumber': 'urn:oid:1.3.6.1.4.1.2428.90.1.1', + 'norEduPersonBirthDate': 'urn:oid:1.3.6.1.4.1.2428.90.1.3', + 'norEduPersonLIN': 'urn:oid:1.3.6.1.4.1.2428.90.1.4', + 'norEduOrgUniqueIdentifier': 'urn:oid:1.3.6.1.4.1.2428.90.1.7', + 'federationFeideSchemaVersion': 'urn:oid:1.3.6.1.4.1.2428.90.1.9', + 'norEduOrgUnitUniqueIdentifier': 'urn:oid:1.3.6.1.4.1.2428.90.1.8', + 'norEduOrgUnitUniqueNumber': 'urn:oid:1.3.6.1.4.1.2428.90.1.2', + 'norEduPersonNIN': 'urn:oid:1.3.6.1.4.1.2428.90.1.5', + 'norEduOrgAcronym': 'urn:oid:1.3.6.1.4.1.2428.90.1.6', + # schac + 'schacPersonalUniqueID': 'urn:oid:1.3.6.1.4.1.25178.1.2.15', + 'schacUUID': 'urn:oid:1.3.6.1.4.1.25178.1.2.16', + 'schacCountryOfResidence': 'urn:oid:1.3.6.1.4.1.25178.1.2.11', + 'schacPersonalPosition': 'urn:oid:1.3.6.1.4.1.25178.1.2.13', + 'schacHomeOrganization': 'urn:oid:1.3.6.1.4.1.25178.1.2.9', + 'schacExpiryDate': 'urn:oid:1.3.6.1.4.1.25178.1.2.17', + 'schacCountryOfCitizenship': 'urn:oid:1.3.6.1.4.1.25178.1.2.5', + 'schacPersonalUniqueCode': 'urn:oid:1.3.6.1.4.1.25178.1.2.14', + 'schacUserStatus': 'urn:oid:1.3.6.1.4.1.25178.1.2.19', + 'schacDateOfBirth': 'urn:oid:1.3.6.1.4.1.25178.1.2.3', + 'schacSn2': 'urn:oid:1.3.6.1.4.1.25178.1.2.7', + 'schacSn1': 'urn:oid:1.3.6.1.4.1.25178.1.2.6', + 'schacGender': 'urn:oid:1.3.6.1.4.1.25178.1.2.2', + 'schacMotherTongue': 'urn:oid:1.3.6.1.4.1.25178.1.2.1', + 'schacHomeOrganizationType': 'urn:oid:1.3.6.1.4.1.25178.1.2.10', + 'schacUserPresenceID': 'urn:oid:1.3.6.1.4.1.25178.1.2.12', + 'schacPersonalTitle': 'urn:oid:1.3.6.1.4.1.25178.1.2.8', + 'schacPlaceOfBirth': 'urn:oid:1.3.6.1.4.1.25178.1.2.4', + 'schacUserPrivateAttribute': 'urn:oid:1.3.6.1.4.1.25178.1.2.18', + # umuse + 'umuSePersonExpertise': 'urn:oid:1.2.752.17.6.1.10', + 'umuSePersonnelLIN': 'urn:oid:1.2.752.17.6.1.41', + 'umuSeFormalName': 'urn:oid:1.2.752.17.6.1.27', + 'umuSeCourseInstAccId': 'urn:oid:1.2.752.17.6.1.39', + 'umuSeParentLIN': 'urn:oid:1.2.752.17.6.1.21', + 'umuSeCourseDN': 'urn:oid:1.2.752.17.6.1.37', + 'umuSeCareOf': 'urn:oid:1.2.752.17.6.1.46', + 'umuSeOrgUnitChild': 'urn:oid:1.2.752.17.6.1.16', + 'umuSeCourseId': 'urn:oid:1.2.752.17.6.1.34', + 'umuSePersonCardSIS': 'urn:oid:1.2.752.17.6.1.3', + 'umuSeValidTo': 'urn:oid:1.2.752.17.6.1.31', + 'umuSePrimaryMail': 'urn:oid:1.2.752.17.6.1.49', + 'umuSePersonEmploymentFrom': 'urn:oid:1.2.752.17.6.1.23', + 'umuSePersonResearch': 'urn:oid:1.2.752.17.6.1.9', + 'umuSePersonCampus': 'urn:oid:1.2.752.17.6.1.4', + 'umuSeCourseRegId': 'urn:oid:1.2.752.17.6.1.45', + 'umuSePersonEmploymentType': 'urn:oid:1.2.752.17.6.1.12', + 'umuSeAffiliatedToLIN': 'urn:oid:1.2.752.17.6.1.29', + 'umuSeOrgUnitType': 'urn:oid:1.2.752.17.6.1.17', + 'umuSeSMSNumber': 'urn:oid:1.2.752.17.6.1.7', + 'umuSePersonEmploymentExtent': 'urn:oid:1.2.752.17.6.1.19', + 'umuSeOrgUnitNumber': 'urn:oid:1.2.752.17.6.1.26', + 'umuSePersonPrimaryCampus': 'urn:oid:1.2.752.17.6.1.5', + 'umuSeID': 'urn:oid:1.2.752.17.6.1.28', + 'umuSeCourseInstId': 'urn:oid:1.2.752.17.6.1.35', + 'umuSeCourseInstRegId': 'urn:oid:1.2.752.17.6.1.40', + 'umuSeMemberLIN': 'urn:oid:1.2.752.17.6.1.33', + 'umuSePersonEmploymentStatusCode': 'urn:oid:1.2.752.17.6.1.14', + 'umuSeCourseSemester': 'urn:oid:1.2.752.17.6.1.36', + 'umuSeCourseOrgUnitDN': 'urn:oid:1.2.752.17.6.1.38', + 'umuSePersonEmploymentTo': 'urn:oid:1.2.752.17.6.1.24', + 'umuSeValidFrom': 'urn:oid:1.2.752.17.6.1.32', + 'umuSePersonHomeMobile': 'urn:oid:1.2.752.17.6.1.6', + 'umuSePersonEmploymentStatus': 'urn:oid:1.2.752.17.6.1.13', + 'umuSePersonInstantMessage': 'urn:oid:1.2.752.17.6.1.8', + 'umuSePersonSpokenName': 'urn:oid:1.2.752.17.6.1.18', + 'umuSeOrgType': 'urn:oid:1.2.752.17.6.1.42', + 'passportIssuingCountry': 'urn:oid:1.2.752.17.6.1.44', + 'umuSeChildLIN': 'urn:oid:1.2.752.17.6.1.22', + 'umuSeAlternateTelephoneNumber': 'urn:oid:1.2.752.17.6.1.47', + 'umuSeLIN': 'urn:oid:1.2.752.17.6.1.20', + 'umuSePersonEmploymentPost': 'urn:oid:1.2.752.17.6.1.25', + 'passportNumber': 'urn:oid:1.2.752.17.6.1.43', + 'umuSePersonAlternateContact': 'urn:oid:1.2.752.17.6.1.11', + 'umuSeAccountNumber': 'urn:oid:1.2.752.17.6.1.30', + 'umuSeLabeledDN': 'urn:oid:1.2.752.17.6.1.48', + 'umuSePersonPrivacy': 'urn:oid:1.2.752.17.6.1.1', + 'umuSePersonCardNr': 'urn:oid:1.2.752.17.6.1.2', +} diff --git a/example/idp/README b/example/idp/README new file mode 100644 index 0000000..92486a7 --- /dev/null +++ b/example/idp/README @@ -0,0 +1,8 @@ +Passwords in clear text: + +roland:one +ozzie:two +derek:three +ryan:four +ischiro:five + diff --git a/example/idp/idp.conf b/example/idp/idp.conf index 04aaa90..74ac699 100644 --- a/example/idp/idp.conf +++ b/example/idp/idp.conf @@ -1,12 +1,34 @@ { - "entityid" : "urn:mace:example.com:saml:roland:idp", - "service": ["idp"], - "my_name" : "Rolands IdP", + "entityid" : "urn:mace:umu.se:saml:roland:idp", + "service": { + "idp": { + "name" : "Rolands IdP", + "url": "http://localhost:8088/sso", + "policy": { + "default": { + "lifetime": {"minutes":15}, + "attribute_restrictions": None, # means all I have + "name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri" + }, + "urn:mace:umu.se:saml:roland:sp": { + "lifetime": {"minutes": 5}, + } + } + } + }, "debug" : 1, "key_file" : "./mykey.pem", "cert_file" : "./mycert.pem", - "xmlsec_binary" : "/opt/local/bin/xmlsec1", + "xmlsec_binary" : "/usr/local/bin/xmlsec1", "metadata" : { - "local": ["metadata.xml"], - } + "local": ["../sp_metadata.xml"], + }, + "organization": { + "display_name": "Rolands Identiteter", + "name": "Rolands Identiteter", + }, + # This database holds the map between a subjects local identifier and + # the identifier returned to a SP + "subject_data": "./idp.subject.db", + "attribute_map_dir" : "../attributemaps", } \ No newline at end of file diff --git a/example/idp/idp.app.py b/example/idp/idp.py similarity index 76% rename from example/idp/idp.app.py rename to example/idp/idp.py index 28729c5..2e0c642 100755 --- a/example/idp/idp.app.py +++ b/example/idp/idp.py @@ -2,25 +2,8 @@ import re import base64 -from cgi import escape, parse_qs -import urllib -#import urlparse - +from cgi import parse_qs from saml2 import server -from saml2.utils import make_instance, sid, decode_base64_and_inflate -from saml2 import samlp, saml -from saml2.time_util import in_a_while, instant - -def authn_response(identity, in_response_to, destination, spid): - global idp - resp = idp.do_response( - destination, # consumer_url - in_response_to, # in_response_to - spid, # sp_entity_id - identity # identity as dictionary - ) - - return ("%s" % resp).split("\n") # ----------------------------------------------------------------------------- def dict_to_table(ava, lev=0, width=1): @@ -35,11 +18,11 @@ def dict_to_table(ava, lev=0, width=1): except AttributeError: txt.append("%s\n" % valarr) elif isinstance(valarr, list): - i = 0 - n = len(valarr) + index = 0 + num = len(valarr) for val in valarr: - if i == 0: - txt.append("%s\n" % (len(valarr),prop)) + if index == 0: + txt.append("%s\n" % (len(valarr), prop)) else: txt.append("\n") if isinstance(val, dict): @@ -51,10 +34,10 @@ def dict_to_table(ava, lev=0, width=1): txt.append("%s\n" % val.encode("utf8")) except AttributeError: txt.append("%s\n" % val) - if n > 1: + if num > 1: txt.append("\n") - n -= 1 - i += 1 + num -= 1 + index += 1 elif isinstance(valarr, dict): txt.append("%s\n" % prop) txt.append("\n") @@ -73,38 +56,49 @@ FORM_SPEC = """
def sso(environ, start_response, user, logger): """ Supposted to return a POST """ #edict = dict_to_table(environ) - logger and logger.info("Environ keys: %s" % environ.keys()) + #logger and logger.info("Environ keys: %s" % environ.keys()) + logger.info("--- In SSO ---") if "QUERY_STRING" in environ: logger and logger.info("Query string: %s" % environ["QUERY_STRING"]) query = parse_qs(environ["QUERY_STRING"]) elif "s2repoze.qinfo" in environ: query = environ["s2repoze.qinfo"] + # base 64 encoded request - (consumer, identifier, policies, - spid) = idp.parse_authn_request(query["SAMLRequest"][0]) - spentityid = query["spentityid"][0] - try: - relayState = query["RelayState"][0] - except (KeyError, AttributeError): - relayState = "/" - start_response('200 OK', [('Content-Type', 'text/html')]) + req_info = IDP.parse_authn_request(query["SAMLRequest"][0]) + logger.info("parsed OK") + logger.info("%s" % req_info) + identity = dict(environ["repoze.who.identity"]["user"]) + logger.info("Identity: %s" % (identity,)) + userid = environ["repoze.who.identity"]['repoze.who.userid'] if REPOZE_ID_EQUIVALENT: - identity[REPOZE_ID_EQUIVALENT] = ( - environ["repoze.who.identity"]['repoze.who.userid']) - authn_resp = authn_response(identity, identifier, consumer, spid) + identity[REPOZE_ID_EQUIVALENT] = userid + try: + authn_resp = IDP.authn_response(identity, + req_info["id"], + req_info["consumer_url"], + req_info["sp_entity_id"], + req_info["request"].name_id_policy, + userid) + except Exception, excp: + logger and logger.error("Exception: %s" % (excp,)) + raise + logger and logger.info("AuthNResponse: %s" % authn_resp) + response = [] response.append("") response.append("SAML 2.0 POST") response.append("") - #login_url = location + '?spentityid=' + "lingon.catalogix.se" - response.append(FORM_SPEC % (consumer, + response.append(FORM_SPEC % (req_info["consumer_url"], base64.b64encode("".join(authn_resp)),"/")) response.append("""""") response.append("") + + start_response('200 OK', [('Content-Type', 'text/html')]) return response def whoami(environ, start_response, user, logger): @@ -129,11 +123,11 @@ def not_authn(environ, start_response, logger): logger and logger.info("query: %s" % query) start_response('401 Unauthorized', [('Content-Type', 'text/plain')]) return ['Unknown user'] - + # ---------------------------------------------------------------------------- # map urls to functions -urls = [ +URLS = [ (r'whoami$', whoami), (r'whoami/(.*)$', whoami), (r'sso$', sso), @@ -163,7 +157,7 @@ def application(environ, start_response): path = environ.get('PATH_INFO', '').lstrip('/') logger = environ.get('repoze.who.logger') logger and logger.info( " PATH: %s" % path) - for regex, callback in urls: + for regex, callback in URLS: if user: match = re.search(regex, path) if match is not None: @@ -171,6 +165,7 @@ def application(environ, start_response): environ['myapp.url_args'] = match.groups()[0] except IndexError: environ['myapp.url_args'] = path + logger and logger.info("callback: %s" % (callback,)) return callback(environ, start_response, user, logger) else: logger and logger.info("-- No USER --") @@ -181,8 +176,8 @@ def application(environ, start_response): from repoze.who.config import make_middleware_with_config -app_with_auth = make_middleware_with_config(application, {"here":"."}, - './who.ini', log_file="idpapp.log") +APP_WITH_AUTH = make_middleware_with_config(application, {"here":"."}, + './who.ini', log_file="who.log") # ---------------------------------------------------------------------------- @@ -193,9 +188,9 @@ if __name__ == '__main__': LOG_FILENAME = "./idp.log" PORT = 8088 - logging.basicConfig(filename=LOG_FILENAME,level=logging.DEBUG) + logging.basicConfig(filename=LOG_FILENAME, level=logging.DEBUG) - idp = server.Server(sys.argv[1], logging) - srv = make_server('localhost', PORT, app_with_auth) - print "listening on port: %s" % PORT - srv.serve_forever() \ No newline at end of file + IDP = server.Server(sys.argv[1], log=logging, debug=1) + SRV = make_server('localhost', PORT, APP_WITH_AUTH) + print "IdP listening on port: %s" % PORT + SRV.serve_forever() \ No newline at end of file diff --git a/example/idp/idp_user.ini b/example/idp/idp_user.ini new file mode 100644 index 0000000..f8cb558 --- /dev/null +++ b/example/idp/idp_user.ini @@ -0,0 +1,25 @@ +[roland] +surname=Hedberg +givenName=Roland +eduPersonAffiliation=staff +uid=rohe0002 + +[ozzie] +surname=Guillen +givenName=Ozzie +eduPersonAffiliation=affiliate + +[derek] +surname=Jeter +givenName=Derek +eduPersonAffiliation=affiliate + +[ichiro] +surname=Suzuki +givenName=Ischiro +eduPersonAffiliation=affiliate + +[ryan] +surname=Howard +givenName=Ryan +eduPersonAffiliation=affiliate diff --git a/example/idp/metadata.xml b/example/idp/metadata.xml deleted file mode 100644 index 1766c0a..0000000 --- a/example/idp/metadata.xml +++ /dev/null @@ -1,34 +0,0 @@ - -MIIC8jCCAlugAwIBAgIJAJHg2V5J31I8MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV -BAYTAlNFMQ0wCwYDVQQHEwRVbWVhMRgwFgYDVQQKEw9VbWVhIFVuaXZlcnNpdHkx -EDAOBgNVBAsTB0lUIFVuaXQxEDAOBgNVBAMTB1Rlc3QgU1AwHhcNMDkxMDI2MTMz -MTE1WhcNMTAxMDI2MTMzMTE1WjBaMQswCQYDVQQGEwJTRTENMAsGA1UEBxMEVW1l -YTEYMBYGA1UEChMPVW1lYSBVbml2ZXJzaXR5MRAwDgYDVQQLEwdJVCBVbml0MRAw -DgYDVQQDEwdUZXN0IFNQMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkJWP7 -bwOxtH+E15VTaulNzVQ/0cSbM5G7abqeqSNSs0l0veHr6/ROgW96ZeQ57fzVy2MC -FiQRw2fzBs0n7leEmDJyVVtBTavYlhAVXDNa3stgvh43qCfLx+clUlOvtnsoMiiR -mo7qf0BoPKTj7c0uLKpDpEbAHQT4OF1HRYVxMwIDAQABo4G/MIG8MB0GA1UdDgQW -BBQ7RgbMJFDGRBu9o3tDQDuSoBy7JjCBjAYDVR0jBIGEMIGBgBQ7RgbMJFDGRBu9 -o3tDQDuSoBy7JqFepFwwWjELMAkGA1UEBhMCU0UxDTALBgNVBAcTBFVtZWExGDAW -BgNVBAoTD1VtZWEgVW5pdmVyc2l0eTEQMA4GA1UECxMHSVQgVW5pdDEQMA4GA1UE -AxMHVGVzdCBTUIIJAJHg2V5J31I8MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF -BQADgYEAMuRwwXRnsiyWzmRikpwinnhTmbooKm5TINPE7A7gSQ710RxioQePPhZO -zkM27NnHTrCe2rBVg0EGz7QTd1JIwLPvgoj4VTi/fSha/tXrYUaqc9AqU1kWI4WN -+vffBGQ09mo+6CffuFTZYeOhzP/2stAPwCTU4kxEoiy0KpZMANI= -http://www.umu.se/Umea UniversityRolandHedbergroland.hedberg@adm.umu.seMIIC8jCCAlugAwIBAgIJAJHg2V5J31I8MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV -BAYTAlNFMQ0wCwYDVQQHEwRVbWVhMRgwFgYDVQQKEw9VbWVhIFVuaXZlcnNpdHkx -EDAOBgNVBAsTB0lUIFVuaXQxEDAOBgNVBAMTB1Rlc3QgU1AwHhcNMDkxMDI2MTMz -MTE1WhcNMTAxMDI2MTMzMTE1WjBaMQswCQYDVQQGEwJTRTENMAsGA1UEBxMEVW1l -YTEYMBYGA1UEChMPVW1lYSBVbml2ZXJzaXR5MRAwDgYDVQQLEwdJVCBVbml0MRAw -DgYDVQQDEwdUZXN0IFNQMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkJWP7 -bwOxtH+E15VTaulNzVQ/0cSbM5G7abqeqSNSs0l0veHr6/ROgW96ZeQ57fzVy2MC -FiQRw2fzBs0n7leEmDJyVVtBTavYlhAVXDNa3stgvh43qCfLx+clUlOvtnsoMiiR -mo7qf0BoPKTj7c0uLKpDpEbAHQT4OF1HRYVxMwIDAQABo4G/MIG8MB0GA1UdDgQW -BBQ7RgbMJFDGRBu9o3tDQDuSoBy7JjCBjAYDVR0jBIGEMIGBgBQ7RgbMJFDGRBu9 -o3tDQDuSoBy7JqFepFwwWjELMAkGA1UEBhMCU0UxDTALBgNVBAcTBFVtZWExGDAW -BgNVBAoTD1VtZWEgVW5pdmVyc2l0eTEQMA4GA1UECxMHSVQgVW5pdDEQMA4GA1UE -AxMHVGVzdCBTUIIJAJHg2V5J31I8MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF -BQADgYEAMuRwwXRnsiyWzmRikpwinnhTmbooKm5TINPE7A7gSQ710RxioQePPhZO -zkM27NnHTrCe2rBVg0EGz7QTd1JIwLPvgoj4VTi/fSha/tXrYUaqc9AqU1kWI4WN -+vffBGQ09mo+6CffuFTZYeOhzP/2stAPwCTU4kxEoiy0KpZMANI= -http://www.umu.se/Umea UniversityRolandHedbergroland.hedberg@adm.umu.se diff --git a/example/idp/passwd b/example/idp/passwd new file mode 100644 index 0000000..d86ffbc --- /dev/null +++ b/example/idp/passwd @@ -0,0 +1,5 @@ +roland:0Gwsj0fYeNAIk +ozzie:wT390u9XwBFaU +derek:efNb53YcncbRI +ryan:YlIhvZ6Rdt6fA +ischiro:wgMhJvmkQgMGs diff --git a/example/idp/who.ini b/example/idp/who.ini index 7ae28e7..75817f9 100644 --- a/example/idp/who.ini +++ b/example/idp/who.ini @@ -9,9 +9,11 @@ rememberer_name = auth_tkt # identification use = repoze.who.plugins.auth_tkt:make_plugin secret = cassiopeja -cookie_name = kustrask +cookie_name = pysaml2idp secure = False -include_ip = False +include_ip = True +timeout=3600 +reissue_time = 3000 [plugin:basicauth] # identification and challenge @@ -26,7 +28,7 @@ check_fn = repoze.who.plugins.htpasswd:crypt_check [plugin:ini] use = s2repoze.plugins.ini:make_plugin -ini_file = %(here)s/user.ini +ini_file = %(here)s/idp_user.ini [general] request_classifier = repoze.who.classifiers:default_request_classifier diff --git a/example/run.sh b/example/run.sh new file mode 100755 index 0000000..b76b903 --- /dev/null +++ b/example/run.sh @@ -0,0 +1,17 @@ +#!/bin/sh + +# run.sh +# pysaml2 +# +# Created by Roland Hedberg on 3/25/10. +# Copyright 2010 UmeƄ Universitet. All rights reserved. + +cd sp +../../tools/make_metadata.py sp.conf > ../sp_metadata.xml +./sp.py sp.conf & + +cd ../idp +./idp.py idp.conf & + +cd .. + diff --git a/example/sp/sp.conf b/example/sp/sp.conf new file mode 100644 index 0000000..e93d354 --- /dev/null +++ b/example/sp/sp.conf @@ -0,0 +1,36 @@ +{ + "entityid" : "urn:mace:umu.se:saml:roland:sp", + "service": { + "sp":{ + "name" : "Rolands SP", + "url" : "http://localhost:8087/", + "required_attributes": ["surname", "givenname", "edupersonaffiliation"], + #"optional_attributes": ["title"], + "idp": { + "" : "http://localhost:8088/sso", + }, + } + }, + "debug" : 1, + "key_file" : "./mykey.pem", + "cert_file" : "./mycert.pem", + "xmlsec_binary" : "/user/local/bin/xmlsec1", + "attribute_map_dir" : "../attributemaps", + # -- Not really necessary since there is only one IdP -- + #"metadata" : { + # "local": ["../metadata.xml"], + #}, + # -- below used by make_metadata -- + "organization": { + "name": "Rolands AB", + "display_name": [("Rolands AB","se"),("Rolands Co.","en")], + "url":"http://www.example.com/roland", + }, + "contact": [{ + "given_name":"John", + "sur_name": "Smith", + "email_address": "john.smith@example.com", + "contact_type": "technical", + }], + "name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri" +} \ No newline at end of file diff --git a/example/sp/application.py b/example/sp/sp.py similarity index 93% rename from example/sp/application.py rename to example/sp/sp.py index 5986f8b..34664ce 100755 --- a/example/sp/application.py +++ b/example/sp/sp.py @@ -50,7 +50,8 @@ def dict_to_table(ava, width=1): def whoami(environ, start_response, user, logger): start_response('200 OK', [('Content-Type', 'text/html')]) identity = environ["repoze.who.identity"]["user"] - response = dict_to_table(identity) + response = ["

Your identity are supposed to be

"] + response.extend(dict_to_table(identity)) return response[:] def not_found(environ, start_response): @@ -110,11 +111,13 @@ def application(environ, start_response): from repoze.who.config import make_middleware_with_config app_with_auth = make_middleware_with_config(application, {"here":"."}, - './who.ini', log_file="repo.log") + './who.ini', log_file="who.log") # ---------------------------------------------------------------------------- +PORT = 8087 if __name__ == '__main__': from wsgiref.simple_server import make_server - srv = make_server('localhost', 8087, app_with_auth) + srv = make_server('localhost', PORT, app_with_auth) + print "SP listening on port: %s" % PORT srv.serve_forever() \ No newline at end of file diff --git a/example/sp/sp_conf.py b/example/sp/sp_conf.py deleted file mode 100644 index 4922cd1..0000000 --- a/example/sp/sp_conf.py +++ /dev/null @@ -1,29 +0,0 @@ -{ - "entityid" : "urn:mace:umu.se:saml:roland:sp", - "service": { - "sp":{ - "name" : "Rolands SP", - "url" : "http://localhost:8087/", - "required_attributes": ["surName", "givenName", "mail"], - "optional_attributes": ["title"], - "idp": { - "" : "https://example.com/saml2/idp/SSOService.php", - }, - } - }, - "debug" : 1, - "key_file" : "./mykey.pem", - "cert_file" : "./mycert.pem", - "xmlsec_binary" : "/opt/local/bin/xmlsec1", - "organization": { - "name": "Example Co.", - "display_name": "Example Company", - "url":"http://www.example.com/", - }, - "contact": [{ - "given_name":"John", - "sur_name": "Smith", - "email_address": "john.smith@example.com", - "contact_type": "technical", - }] -} \ No newline at end of file diff --git a/example/sp/who.ini b/example/sp/who.ini index 938d10c..fe52405 100644 --- a/example/sp/who.ini +++ b/example/sp/who.ini @@ -13,10 +13,9 @@ reissue_time = 3000 # - rememberer_name : name of the plugin for remembering (delegate) [plugin:saml2auth] use = s2repoze.plugins.sp:make_plugin -saml_conf = sp_conf.py +saml_conf = sp.conf rememberer_name = auth_tkt debug = 1 -path_logout = .*/logout.* [general] request_classifier = s2repoze.plugins.challenge_decider:my_request_classifier