openstack/deb-python-pysaml2
Code Issues Proposed changes

Merge pull request #124 from rhoerbe/master

Browse Source 
added AT government attribute map; + some cosmetics
This commit is contained in:
Roland Hedberg
2014-07-04 08:37:04 +02:00
parent 041aa27dcd 456045dd1f
commit 652e49e034
4 changed files with 55 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
doc/examples/idp.rst
View File

@@ -3,6 +3,18 @@
An extremly simple example of a SAML2 identity provider. An extremly simple example of a SAML2 identity provider.
======================================================== ========================================================
There are 2 example IDPs in the project's example directory:
* idp2 has a static definition of users:
* user attributes are defined in idp_user.py
* the password is defined in the PASSWD dict in idp.py
* idp2_repoze is using repoze.who middleware to perform authentication and attribute retrieval
Configuration
-------------
Entity configuration is described in "Configuration of pysaml2 entities"
Server parameters like host and port and various command line parameters are
defined in the main part of idp.py
Setup: Setup:
****** ******

7
example/idp2/idp.py
View File

@@ -49,7 +49,7 @@ from idp_user import EXTRA
from mako.lookup import TemplateLookup from mako.lookup import TemplateLookup
logger = logging.getLogger("saml2.idp") logger = logging.getLogger("saml2.idp")
logger.setLevel(logging.WARNING)
class Cache(object): class Cache(object):
def __init__(self): def __init__(self):
@@ -73,11 +73,6 @@ def _expiration(timeout, tformat="%a, %d-%b-%Y %H:%M:%S GMT"):
return time_util.in_a_while(minutes=timeout, format=tformat) return time_util.in_a_while(minutes=timeout, format=tformat)
def get_eptid(idp, req_info, session):
return idp.eptid.get(idp.config.entityid,
req_info.sender(), session["permanent_id"],
session["authn_auth"])
# ----------------------------------------------------------------------------- # -----------------------------------------------------------------------------

41
src/saml2/attributemaps/saml_uri.py
View File

@@ -1,5 +1,8 @@
EDUCOURSE_OID = 'urn:oid:1.3.6.1.4.1.5923.1.6.1.' EDUCOURSE_OID = 'urn:oid:1.3.6.1.4.1.5923.1.6.1.'
EDUPERSON_OID = 'urn:oid:1.3.6.1.4.1.5923.1.1.1.' EDUPERSON_OID = 'urn:oid:1.3.6.1.4.1.5923.1.1.1.'
LDAPGVAT_OID = 'urn:oid:1.2.40.0.10.2.1.1.' # ldap.gv.at definitions as specified in http://www.ref.gv.at/AG-IZ-PVP2-Version-2-1-0-2.2754.0.html
LDAPGVAT_UCL_DIR_PILOT = UCL_DIR_PILOT
LDAPGVAT_X500ATTR_OID = X500ATTR_OID
NETSCAPE_LDAP = 'urn:oid:2.16.840.1.113730.3.1.' NETSCAPE_LDAP = 'urn:oid:2.16.840.1.113730.3.1.'
NOREDUPERSON_OID = 'urn:oid:1.3.6.1.4.1.2428.90.1.' NOREDUPERSON_OID = 'urn:oid:1.3.6.1.4.1.2428.90.1.'
PKCS_9 = 'urn:oid:1.2.840.113549.1.9.1.' PKCS_9 = 'urn:oid:1.2.840.113549.1.9.1.'
@@ -26,6 +29,25 @@ MAP = {
EDUPERSON_OID+'9': 'eduPersonScopedAffiliation', EDUPERSON_OID+'9': 'eduPersonScopedAffiliation',
EDUPERSON_OID+'10': 'eduPersonTargetedID', EDUPERSON_OID+'10': 'eduPersonTargetedID',
EDUPERSON_OID+'11': 'eduPersonAssurance', EDUPERSON_OID+'11': 'eduPersonAssurance',
LDAPGVAT_OID+'1': 'PVP-GID',
LDAPGVAT_OID+'149': 'PVP-BPK',
LDAPGVAT_OID+'153': 'PVP-OU-OKZ',
LDAPGVAT_OID+'261.10': 'PVP-VERSION',
LDAPGVAT_OID+'261.20': 'PVP-PRINCIPAL-NAME',
LDAPGVAT_OID+'261.24': 'PVP-PARTICIPANT-OKZ',
LDAPGVAT_OID+'261.30': 'PVP-ROLES',
LDAPGVAT_OID+'261.40': 'PVP-INVOICE-RECPT-ID',
LDAPGVAT_OID+'261.50': 'PVP-COST-CENTER-ID',
LDAPGVAT_OID+'261.60': 'PVP-CHARGE-CODE',
LDAPGVAT_OID+'3': 'PVP-OU-GV-OU-ID',
LDAPGVAT_OID+'33': 'PVP-FUNCTION',
LDAPGVAT_OID+'55': 'PVP-BIRTHDATE',
LDAPGVAT_OID+'71': 'PVP-PARTICIPANT-ID',
LDAPGVAT_UCL_DIR_PILOT+'1': 'PVP-USERID',
LDAPGVAT_UCL_DIR_PILOT+'3': 'PVP-MAIL',
LDAPGVAT_X500ATTR_OID+'11': 'PVP-OU',
LDAPGVAT_X500ATTR_OID+'20': 'PVP-TEL',
LDAPGVAT_X500ATTR_OID+'42': 'PVP-GIVENNAME',
NETSCAPE_LDAP+'1': 'carLicense', NETSCAPE_LDAP+'1': 'carLicense',
NETSCAPE_LDAP+'2': 'departmentNumber', NETSCAPE_LDAP+'2': 'departmentNumber',
NETSCAPE_LDAP+'3': 'employeeNumber', NETSCAPE_LDAP+'3': 'employeeNumber',
@@ -197,6 +219,25 @@ MAP = {
'presentationAddress': X500ATTR_OID+'29', 'presentationAddress': X500ATTR_OID+'29',
'protocolInformation': X500ATTR_OID+'48', 'protocolInformation': X500ATTR_OID+'48',
'pseudonym': X500ATTR_OID+'65', 'pseudonym': X500ATTR_OID+'65',
'PVP-USERID': LDAPGVAT_UCL_DIR_PILOT+'1',
'PVP-MAIL': LDAPGVAT_UCL_DIR_PILOT+'3',
'PVP-GID': LDAPGVAT_OID+'1',
'PVP-BPK': LDAPGVAT_OID+'149',
'PVP-OU-OKZ': LDAPGVAT_OID+'153',
'PVP-VERSION': LDAPGVAT_OID+'261.10',
'PVP-PRINCIPAL-NAME': LDAPGVAT_OID+'261.20',
'PVP-PARTICIPANT-OKZ': LDAPGVAT_OID+'261.24',
'PVP-ROLES': LDAPGVAT_OID+'261.30',
'PVP-INVOICE-RECPT-ID': LDAPGVAT_OID+'261.40',
'PVP-COST-CENTER-ID': LDAPGVAT_OID+'261.50',
'PVP-CHARGE-CODE': LDAPGVAT_OID+'261.60',
'PVP-OU-GV-OU-ID': LDAPGVAT_OID+'3',
'PVP-FUNCTION': LDAPGVAT_OID+'33',
'PVP-BIRTHDATE': LDAPGVAT_OID+'55',
'PVP-PARTICIPANT-ID': LDAPGVAT_OID+'71',
'PVP-OU': LDAPGVAT_X500ATTR_OID+'11',
'PVP-TEL': LDAPGVAT_X500ATTR_OID+'20',
'PVP-GIVENNAME': LDAPGVAT_X500ATTR_OID+'42',
'registeredAddress': X500ATTR_OID+'26', 'registeredAddress': X500ATTR_OID+'26',
'roleOccupant': X500ATTR_OID+'33', 'roleOccupant': X500ATTR_OID+'33',
'schacCountryOfCitizenship': SCHAC+'5', 'schacCountryOfCitizenship': SCHAC+'5',

2
src/saml2/mdstore.py
View File

@@ -197,7 +197,7 @@ class MetaData(object):
try: try:
if not valid(self.entities_descr.valid_until): if not valid(self.entities_descr.valid_until):
raise ToOld( raise ToOld(
"Metadata not valid anymore, it's after %s" % ( "Metadata not valid anymore, it's only valid until %s" % (
self.entities_descr.valid_until,)) self.entities_descr.valid_until,))
except AttributeError: except AttributeError:
pass pass