From 78770ad6f5bd18dbdd17d73d95373ed737d14d9e Mon Sep 17 00:00:00 2001 From: Roland Hedberg Date: Sat, 19 Mar 2011 12:47:02 +0100 Subject: [PATCH] Configurations using the new format --- tests/aa_conf.py | 45 +++++++++++++ .../to.py | 5 +- tests/idp_conf.py | 55 +++++++++++++++ tests/idp_slo_redirect_conf.py | 50 ++++++++++++++ tests/idp_soap_conf.py | 54 +++++++++++++++ tests/idp_sp_conf.py | 67 +++++++++++++++++++ tests/restrictive_idp_conf.py | 42 ++++++++++++ tests/server2_conf.py | 46 +++++++++++++ tests/server3_conf.py | 46 +++++++++++++ tests/server_conf.py | 44 ++++++++++++ tests/sp_1_conf.py | 45 +++++++++++++ tests/sp_slo_redirect_conf.py | 54 +++++++++++++++ 12 files changed, 551 insertions(+), 2 deletions(-) create mode 100644 tests/aa_conf.py create mode 100644 tests/idp_conf.py create mode 100644 tests/idp_slo_redirect_conf.py create mode 100644 tests/idp_soap_conf.py create mode 100644 tests/idp_sp_conf.py create mode 100644 tests/restrictive_idp_conf.py create mode 100644 tests/server2_conf.py create mode 100644 tests/server3_conf.py create mode 100644 tests/server_conf.py create mode 100644 tests/sp_1_conf.py create mode 100644 tests/sp_slo_redirect_conf.py diff --git a/tests/aa_conf.py b/tests/aa_conf.py new file mode 100644 index 0000000..2d2e308 --- /dev/null +++ b/tests/aa_conf.py @@ -0,0 +1,45 @@ + +from saml2 import BINDING_SOAP, BINDING_HTTP_REDIRECT, NAME_FORMAT_URI +BASE = "http://localhost:8089/" + +CONFIG={ + "service":{ + "aa":{ + "endpoints" : { + "attribute_service" : [(BASE + "as", BINDING_HTTP_REDIRECT)], + "single_logout_service": [(BASE+"slo", BINDING_SOAP)] + }, + "release_policy": { + "default": { + "lifetime": {"minutes":15}, + "attribute_restrictions": None, # means all I have + "name_form": NAME_FORMAT_URI, + }, + }, + "subject_data": "aa.db", + } + }, + "entityid" : BASE+ "aa", + "name" : "Rolands AA", + "debug" : 1, + "key_file" : "test.key", + "cert_file" : "test.pem", + "xmlsec_binary" : "/usr/local/bin/xmlsec1", + "metadata": { + "local": ["metadata.xml", "vo_metadata.xml"], + }, + "attribute_map_dir" : "attributemaps", + "organization": { + "name": "Exempel AB", + "display_name": [("Exempel AB","se"),("Example Co.","en")], + "url":"http://www.example.com/roland", + }, + "contact_person": [{ + "given_name":"John", + "sur_name": "Smith", + "email_address": ["john.smith@example.com"], + "contact_type": "technical", + }, + ], +} + diff --git a/tests/attributemaps/urn:oasis:names:tc:SAML:2.0:attrname-format:uri/to.py b/tests/attributemaps/urn:oasis:names:tc:SAML:2.0:attrname-format:uri/to.py index 9343e2b..07009ef 100644 --- a/tests/attributemaps/urn:oasis:names:tc:SAML:2.0:attrname-format:uri/to.py +++ b/tests/attributemaps/urn:oasis:names:tc:SAML:2.0:attrname-format:uri/to.py @@ -51,6 +51,7 @@ 'generationQualifier': 'urn:oid:2.5.4.44', 'eduPersonAffiliation': 'urn:oid:1.3.6.1.4.1.5923.1.1.1.1', 'eduPersonPrincipalName': 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6', + 'edupersonprincipalname': 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6', 'localityName': 'urn:oid:2.5.4.7', 'owner': 'urn:oid:2.5.4.32', 'norEduOrgUnitUniqueNumber': 'urn:oid:1.3.6.1.4.1.2428.90.1.2', @@ -95,6 +96,6 @@ 'presentationAddress': 'urn:oid:2.5.4.29', 'sn': 'urn:oid:2.5.4.4', 'domainComponent': 'urn:oid:0.9.2342.19200300.100.1.25', - 'labeledURI': 'urn:oud:1.3.6.1.4.1.250.1.57', - 'uid': 'urn:oud:0.9.2342.19200300.100.1.1' + 'labeledURI': 'urn:oid:1.3.6.1.4.1.250.1.57', + 'uid': 'urn:oid:0.9.2342.19200300.100.1.1' } diff --git a/tests/idp_conf.py b/tests/idp_conf.py new file mode 100644 index 0000000..14b948f --- /dev/null +++ b/tests/idp_conf.py @@ -0,0 +1,55 @@ +from saml2 import BINDING_SOAP, BINDING_HTTP_REDIRECT, BINDING_HTTP_POST +from saml2.saml import NAMEID_FORMAT_PERSISTENT +from saml2.saml import NAME_FORMAT_URI + +CONFIG = { + "entityid" : "urn:mace:example.com:saml:roland:idp", + "name" : "Rolands IdP", + "service": { + "idp": { + "endpoints" : { + "single_sign_on_service" : [ + ("http://localhost:8088/sso", BINDING_HTTP_REDIRECT)], + "single_logout_service": [ + ("http://localhost:8088/slo", BINDING_SOAP), + ("http://localhost:8088/slop",BINDING_HTTP_POST)] + }, + "policy": { + "default": { + "lifetime": {"minutes":15}, + "attribute_restrictions": None, # means all I have + "name_form": NAME_FORMAT_URI, + }, + "urn:mace:example.com:saml:roland:sp": { + "lifetime": {"minutes": 5}, + "nameid_format": NAMEID_FORMAT_PERSISTENT, + # "attribute_restrictions":{ + # "givenName": None, + # "surName": None, + # } + } + }, + "subject_data": "subject_data.db", + }, + }, + "debug" : 1, + "key_file" : "test.key", + "cert_file" : "test.pem", + "xmlsec_binary" : "/usr/local/bin/xmlsec1", + "metadata": { + "local": ["metadata.xml", "vo_metadata.xml"], + }, + "attribute_map_dir" : "attributemaps", + "organization": { + "name": "Exempel AB", + "display_name": [("Exempel AB","se"),("Example Co.","en")], + "url":"http://www.example.com/roland", + }, + "contact_person": [{ + "given_name":"John", + "sur_name": "Smith", + "email_address": ["john.smith@example.com"], + "contact_type": "technical", + }, + ], +} \ No newline at end of file diff --git a/tests/idp_slo_redirect_conf.py b/tests/idp_slo_redirect_conf.py new file mode 100644 index 0000000..1762c1e --- /dev/null +++ b/tests/idp_slo_redirect_conf.py @@ -0,0 +1,50 @@ +from saml2 import BINDING_HTTP_REDIRECT +from saml2.saml import NAMEID_FORMAT_PERSISTENT +from saml2.saml import NAME_FORMAT_URI + +CONFIG = { + "entityid" : "urn:mace:example.com:saml:roland:idp", + "name" : "Rolands IdP", + "service": { + "idp": { + "endpoints" : { + "single_sign_on_service" : [ + ("http://localhost:8088/sso", BINDING_HTTP_REDIRECT)], + "single_logout_service": [ + ("http://localhost:8088/slo", BINDING_HTTP_REDIRECT)] + }, + "policy": { + "default": { + "lifetime": {"minutes":15}, + "attribute_restrictions": None, # means all I have + "name_form": NAME_FORMAT_URI + }, + "urn:mace:example.com:saml:roland:sp": { + "lifetime": {"minutes": 5}, + "nameid_format": NAMEID_FORMAT_PERSISTENT, + } + }, + "subject_data": "subject_data.db", + } + }, + "debug" : 1, + "key_file" : "test.key", + "cert_file" : "test.pem", + "xmlsec_binary" : "/usr/local/bin/xmlsec1", + "metadata": { + "local": ["sp_slo_redirect.xml"], + }, + "attribute_map_dir" : "attributemaps", + "organization": { + "name": "Exempel AB", + "display_name": [("Exempel AB","se"),("Example Co.","en")], + "url":"http://www.example.com/roland", + }, + "contact_person": [{ + "given_name":"John", + "sur_name": "Smith", + "email_address": ["john.smith@example.com"], + "contact_type": "technical", + }, + ], +} \ No newline at end of file diff --git a/tests/idp_soap_conf.py b/tests/idp_soap_conf.py new file mode 100644 index 0000000..fd5772e --- /dev/null +++ b/tests/idp_soap_conf.py @@ -0,0 +1,54 @@ +from saml2 import BINDING_SOAP, BINDING_HTTP_REDIRECT +from saml2.saml import NAMEID_FORMAT_PERSISTENT +from saml2.saml import NAME_FORMAT_URI + +CONFIG={ + "entityid" : "urn:mace:example.com:saml:roland:idp", + "name" : "Rolands IdP", + "service": { + "idp": { + "endpoints" : { + "single_sign_on_service" : [ + ("http://localhost:8088/sso", BINDING_HTTP_REDIRECT)], + "single_logout_service": [ + ("http://localhost:8088/slo", BINDING_SOAP)] + }, + "policy": { + "default": { + "lifetime": {"minutes":15}, + "attribute_restrictions": None, # means all I have + "name_form": NAME_FORMAT_URI, + }, + "urn:mace:example.com:saml:roland:sp": { + "lifetime": {"minutes": 5}, + "nameid_format": NAMEID_FORMAT_PERSISTENT, + # "attribute_restrictions":{ + # "givenName": None, + # "surName": None, + # } + } + }, + "subject_data": "subject_data.db", + } + }, + "debug" : 1, + "key_file" : "test.key", + "cert_file" : "test.pem", + "xmlsec_binary" : "/usr/local/bin/xmlsec1", + "metadata": { + "local": ["metadata.xml", "vo_metadata.xml"], + }, + "attribute_map_dir" : "attributemaps", + "organization": { + "name": "Exempel AB", + "display_name": [("Exempel AB","se"),("Example Co.","en")], + "url":"http://www.example.com/roland", + }, + "contact_person": [{ + "given_name":"John", + "sur_name": "Smith", + "email_address": ["john.smith@example.com"], + "contact_type": "technical", + }, + ], +} \ No newline at end of file diff --git a/tests/idp_sp_conf.py b/tests/idp_sp_conf.py new file mode 100644 index 0000000..e36b8d7 --- /dev/null +++ b/tests/idp_sp_conf.py @@ -0,0 +1,67 @@ +__author__ = 'rolandh' + +from saml2 import BINDING_SOAP, BINDING_HTTP_REDIRECT, BINDING_HTTP_POST +from saml2.saml import NAMEID_FORMAT_PERSISTENT +from saml2.saml import NAME_FORMAT_URI + +BASE = "http://localhost:8088/" + +CONFIG = { + "entityid" : "urn:mace:example.com:saml:roland:idp", + "name" : "Rolands IdP", + "service": { + "idp": { + "endpoints" : { + "single_sign_on_service" : [ + (BASE+"sso", BINDING_HTTP_REDIRECT)], + "single_logout_service": [ + (BASE+"slo", BINDING_SOAP), + (BASE+"slop",BINDING_HTTP_POST)] + }, + "policy": { + "default": { + "lifetime": {"minutes":15}, + "attribute_restrictions": None, # means all I have + "name_form": NAME_FORMAT_URI, + }, + "urn:mace:example.com:saml:roland:sp": { + "lifetime": {"minutes": 5}, + "nameid_format": NAMEID_FORMAT_PERSISTENT, + # "attribute_restrictions":{ + # "givenName": None, + # "surName": None, + # } + } + }, + "subject_data": "subject_data.db", + }, + "sp": { + "endpoints":{ + "assertion_consumer_service": [(BASE, BINDING_HTTP_REDIRECT) + ], + }, + "required_attributes": ["surName", "givenName", "mail"], + "optional_attributes": ["title"], + } + }, + "debug" : 1, + "key_file" : "test.key", + "cert_file" : "test.pem", + "xmlsec_binary" : "/usr/local/bin/xmlsec1", + "metadata": { + "local": ["metadata.xml", "vo_metadata.xml"], + }, + "attribute_map_dir" : "attributemaps", + "organization": { + "name": "Exempel AB", + "display_name": [("Exempel AB","se"),("Example Co.","en")], + "url":"http://www.example.com/roland", + }, + "contact_person": [{ + "given_name":"John", + "sur_name": "Smith", + "email_address": ["john.smith@example.com"], + "contact_type": "technical", + }, + ], +} \ No newline at end of file diff --git a/tests/restrictive_idp_conf.py b/tests/restrictive_idp_conf.py new file mode 100644 index 0000000..8e1dc70 --- /dev/null +++ b/tests/restrictive_idp_conf.py @@ -0,0 +1,42 @@ +from saml2 import BINDING_SOAP, BINDING_HTTP_REDIRECT +from saml2.saml import NAME_FORMAT_URI + +BASE = "http://localhost:8089/" + +CONFIG = { + "entityid" : "urn:mace:example.com:saml:roland:idpr", + "name" : "Rolands restrictied IdP", + "service": { + "idp": { + "endpoints" : { + "single_sign_on_service" : [ + (BASE+"sso", BINDING_HTTP_REDIRECT)], + "attribute_service" : [ + (BASE+"aa", BINDING_SOAP)], + }, + "policy": { + "default": { + "lifetime": {"minutes":15}, + "name_form": NAME_FORMAT_URI + }, + "urn:mace:example.com:saml:roland:sp": { + "lifetime": {"minutes": 5}, + "attribute_restrictions":{ + "givenName": None, + "surName": None, + "mail": [".*@example.com"], + "eduPersonAffiliation": ["(employee|staff|faculty)"], + } + } + }, + "subject_data": "subject_data.db", + } + }, + "key_file" : "test.key", + "cert_file" : "test.pem", + "xmlsec_binary" : "/usr/local/bin/xmlsec1", + "metadata": { + "local": ["sp_0.metadata"], + }, + "attribute_map_dir" : "attributemaps", +} \ No newline at end of file diff --git a/tests/server2_conf.py b/tests/server2_conf.py new file mode 100644 index 0000000..c086170 --- /dev/null +++ b/tests/server2_conf.py @@ -0,0 +1,46 @@ +CONFIG = { + "entityid" : "urn:mace:example.com:saml:roland:sp", + "name" : "urn:mace:example.com:saml:roland:sp", + "description": "My own SP", + "service": { + "sp": { + "endpoints":{ + "assertion_consumer_service": ["http://lingon.catalogix.se:8087/"], + }, + "required_attributes": ["surName", "givenName", "mail"], + "optional_attributes": ["title"], + "idp":{ + "urn:mace:example.com:saml:roland:idp":None, + }, + "subject_data": "subject_data.db", + } + }, + "debug" : 1, + "key_file" : "test.key", + "cert_file" : "test.pem", + "xmlsec_binary" : "/usr/local/bin/xmlsec1", + "metadata": { + "local": ["idp_soap.xml", "vo_metadata.xml"], + }, + "virtual_organization" : { + "urn:mace:example.com:it:tek":{ + "nameid_format" : "urn:oid:1.3.6.1.4.1.1466.115.121.1.15-NameID", + "common_identifier": "umuselin", + } + }, + "accepted_time_diff": 60, + "attribute_map_dir" : "attributemaps", + "organization": { + "name": ("AB Exempel", "se"), + "display_name": ("AB Exempel", "se"), + "url": "http://www.example.org", + }, + "contact_person": [{ + "given_name": "Roland", + "sur_name": "Hedberg", + "telephone_number": "+46 70 100 0000", + "email_address": ["tech@example.com", "tech@example.org"], + "contact_type": "technical" + }, + ] +} \ No newline at end of file diff --git a/tests/server3_conf.py b/tests/server3_conf.py new file mode 100644 index 0000000..5d67508 --- /dev/null +++ b/tests/server3_conf.py @@ -0,0 +1,46 @@ +CONFIG = { + "entityid" : "urn:mace:example.com:saml:roland:sp", + "name" : "urn:mace:example.com:saml:roland:sp", + "description": "My own SP", + "service": { + "sp": { + "endpoints":{ + "assertion_consumer_service": ["http://lingon.catalogix.se:8087/"], + }, + "required_attributes": ["surName", "givenName", "mail"], + "optional_attributes": ["title"], + "idp":{ + "urn:mace:example.com:saml:roland:idp":None, + }, + "subject_data": "subject_data.db", + } + }, + "debug" : 1, + "key_file" : "test.key", + "cert_file" : "test.pem", + "xmlsec_binary" : "/usr/local/bin/xmlsec1", + "metadata": { + "local": ["idp_aa.xml", "vo_metadata.xml"], + }, + "virtual_organization" : { + "urn:mace:example.com:it:tek":{ + "nameid_format" : "urn:oid:1.3.6.1.4.1.1466.115.121.1.15-NameID", + "common_identifier": "umuselin", + } + }, + "accepted_time_diff": 60, + "attribute_map_dir" : "attributemaps", + "organization": { + "name": ("AB Exempel", "se"), + "display_name": ("AB Exempel", "se"), + "url": "http://www.example.org", + }, + "contact_person": [{ + "given_name": "Roland", + "sur_name": "Hedberg", + "telephone_number": "+46 70 100 0000", + "email_address": ["tech@example.com", "tech@example.org"], + "contact_type": "technical" + }, + ] +} \ No newline at end of file diff --git a/tests/server_conf.py b/tests/server_conf.py new file mode 100644 index 0000000..6936810 --- /dev/null +++ b/tests/server_conf.py @@ -0,0 +1,44 @@ +CONFIG={ + "entityid" : "urn:mace:example.com:saml:roland:sp", + "name" : "urn:mace:example.com:saml:roland:sp", + "description": "My own SP", + "service": { + "sp": { + "endpoints":{ + "assertion_consumer_service": ["http://lingon.catalogix.se:8087/"], + }, + "required_attributes": ["surName", "givenName", "mail"], + "optional_attributes": ["title"], + "idp": {"urn:mace:example.com:saml:roland:idp":None}, + } + }, + "debug" : 1, + "key_file" : "test.key", + "cert_file" : "test.pem", + "xmlsec_binary" : "/usr/local/bin/xmlsec1", + "metadata": { + "local": ["idp.xml", "vo_metadata.xml"], + }, + "virtual_organization" : { + "urn:mace:example.com:it:tek":{ + "nameid_format" : "urn:oid:1.3.6.1.4.1.1466.115.121.1.15-NameID", + "common_identifier": "umuselin", + } + }, + "subject_data": "subject_data.db", + "accepted_time_diff": 60, + "attribute_map_dir" : "attributemaps", + "organization": { + "name": ("AB Exempel", "se"), + "display_name": ("AB Exempel", "se"), + "url": "http://www.example.org", + }, + "contact_person": [{ + "given_name": "Roland", + "sur_name": "Hedberg", + "telephone_number": "+46 70 100 0000", + "email_address": ["tech@eample.com", "tech@example.org"], + "contact_type": "technical" + }, + ] +} \ No newline at end of file diff --git a/tests/sp_1_conf.py b/tests/sp_1_conf.py new file mode 100644 index 0000000..6b9a4c5 --- /dev/null +++ b/tests/sp_1_conf.py @@ -0,0 +1,45 @@ +CONFIG = { + "entityid" : "urn:mace:example.com:saml:roland:sp", + "name" : "urn:mace:example.com:saml:roland:sp", + "description": "My own SP", + "service": { + "sp": { + "endpoints":{ + "assertion_consumer_service": ["http://lingon.catalogix.se:8087/"], + }, + "required_attributes": ["surName", "givenName", "mail"], + "optional_attributes": ["title"], + "idp": ["urn:mace:example.com:saml:roland:idp"], + } + }, + "debug" : 1, + "key_file" : "test.key", + "cert_file" : "test.pem", + "xmlsec_binary" : "/usr/local/bin/xmlsec1", + "metadata": { + "local": ["idp.xml", "vo_metadata.xml"], + }, + "virtual_organization" : { + "urn:mace:example.com:it:tek":{ + "nameid_format" : "urn:oid:1.3.6.1.4.1.1466.115.121.1.15-NameID", + "common_identifier": "umuselin", + } + }, + "subject_data": "subject_data.db", + "accepted_time_diff": 60, + "attribute_map_dir" : "attributemaps", + "organization": { + "name": ("AB Exempel", "se"), + "display_name": ("AB Exempel", "se"), + "url": "http://www.example.org", + }, + "contact_person": [{ + "given_name": "Roland", + "sur_name": "Hedberg", + "telephone_number": "+46 70 100 0000", + "email_address": ["tech@eample.com", "tech@example.org"], + "contact_type": "technical" + }, + ], + "secret": "0123456789", +} \ No newline at end of file diff --git a/tests/sp_slo_redirect_conf.py b/tests/sp_slo_redirect_conf.py new file mode 100644 index 0000000..a8a872b --- /dev/null +++ b/tests/sp_slo_redirect_conf.py @@ -0,0 +1,54 @@ +from saml2 import BINDING_HTTP_REDIRECT +from saml2.saml import NAMEID_FORMAT_PERSISTENT +from saml2.saml import NAME_FORMAT_URI + +HOME = "http://lingon.catalogix.se:8087/" +CONFIG = { + "entityid" : "urn:mace:example.com:saml:roland:sp", + "name" : "urn:mace:example.com:saml:roland:sp", + "description": "My own SP", + "service": { + "sp": { + "endpoints":{ + "assertion_consumer_service": [ + (HOME, BINDING_HTTP_REDIRECT)], + "single_logout_service" : [ + (HOME+"slo",BINDING_HTTP_REDIRECT)], + }, + "required_attributes": ["surName", "givenName", "mail"], + "optional_attributes": ["title"], + "idp":{ + "urn:mace:example.com:saml:roland:idp":None, + }, + "subject_data": "subject_data.db", + } + }, + "debug" : 1, + "key_file" : "test.key", + "cert_file" : "test.pem", + "xmlsec_binary" : "/usr/local/bin/xmlsec1", + "metadata": { + "local": ["idp_slo_redirect.xml"], + }, + "virtual_organization" : { + "urn:mace:example.com:it:tek":{ + "nameid_format" : "urn:oid:1.3.6.1.4.1.1466.115.121.1.15-NameID", + "common_identifier": "umuselin", + } + }, + "accepted_time_diff": 60, + "attribute_map_dir" : "attributemaps", + "organization": { + "name": ("AB Exempel", "se"), + "display_name": ("AB Exempel", "se"), + "url": "http://www.example.org", + }, + "contact_person": [{ + "given_name": "Roland", + "sur_name": "Hedberg", + "telephone_number": "+46 70 100 0000", + "email_address": ["tech@eample.com", "tech@example.org"], + "contact_type": "technical" + }, + ] +} \ No newline at end of file