openstack/deb-python-pysaml2
Code Issues Proposed changes

Merge pull request #117 from HaToHo/master

Browse Source 
Some minor changes and a fix to make the raspberry install scripts work better.
This commit is contained in:
Roland Hedberg
2014-05-13 10:19:20 +02:00
parent fabb33be35 25eabadd68
commit a6ef5141a9
6 changed files with 60 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
example/idp2/idp.py
View File

@@ -1,4 +1,5 @@
#!/usr/bin/env python #!/usr/bin/env python
import importlib
import argparse import argparse
import base64 import base64
import re import re
@@ -484,7 +485,9 @@ def do_authentication(environ, start_response, authn_context, key,
# ----------------------------------------------------------------------------- # -----------------------------------------------------------------------------
PASSWD = {"haho0032": "qwerty", PASSWD = {
"daev0001": "qwerty",
"haho0032": "qwerty",
"roland": "dianakra", "roland": "dianakra",
"babs": "howes", "babs": "howes",
"upper": "crust"} "upper": "crust"}
@@ -981,7 +984,7 @@ AUTHN_BROKER.add(authn_context_class_ref(PASSWORD),
"http://%s" % socket.gethostname()) "http://%s" % socket.gethostname())
AUTHN_BROKER.add(authn_context_class_ref(UNSPECIFIED), AUTHN_BROKER.add(authn_context_class_ref(UNSPECIFIED),
"", 0, "http://%s" % socket.gethostname()) "", 0, "http://%s" % socket.gethostname())
CONFIG = importlib.import_module(args.config)
IDP = server.Server(args.config, cache=Cache()) IDP = server.Server(args.config, cache=Cache())
IDP.ticket = {} IDP.ticket = {}
@@ -1011,8 +1014,8 @@ if __name__ == '__main__':
module_directory=_rot + 'modules', module_directory=_rot + 'modules',
input_encoding='utf-8', output_encoding='utf-8') input_encoding='utf-8', output_encoding='utf-8')
HOST = '127.0.0.1' HOST = CONFIG.HOST
PORT = 8088 PORT = CONFIG.PORT
SRV = make_server(HOST, PORT, application) SRV = make_server(HOST, PORT, application)
print "IdP listening on %s:%s" % (HOST, PORT) print "IdP listening on %s:%s" % (HOST, PORT)

7
example/idp2/idp_conf.py.example
View File

@@ -25,9 +25,10 @@ BASEDIR = os.path.abspath(os.path.dirname(__file__))
def full_path(local_file): def full_path(local_file):
return os.path.join(BASEDIR, local_file) return os.path.join(BASEDIR, local_file)
#BASE = "http://lingon.ladok.umu.se:8088" HOST = 'localhost'
#BASE = "http://lingon.catalogix.se:8088" PORT = 8088
BASE = "http://localhost:8088"
BASE = "http://%s:%s" % (HOST, PORT)
CONFIG = { CONFIG = {
"entityid": "%s/idp.xml" % BASE, "entityid": "%s/idp.xml" % BASE,

43
example/idp2/idp_user.py
View File

@@ -1,10 +1,47 @@
#from dirg_util.dict import LDAPDict
#ldap_settings = {
# "ldapuri": "ldaps://ldap.test.umu.se",
# "base": "dc=umu, dc=se",
# "filter_pattern": "(uid=%s)",
# "user": "",
# "passwd": "",
# "attr": [
# "eduPersonScopedAffiliation",
# "eduPersonAffiliation",
# "eduPersonPrincipalName",
# "givenName",
# "sn",
# "mail",
# "uid",
# "o",
# "c",
# "labeledURI",
# "ou",
# "displayName",
# "norEduPersonLIN"
# ],
# "keymap": {
# "mail": "email",
# "labeledURI": "labeledURL",
# },
# "static_values": {
# "eduPersonTargetedID": "one!for!all",
# },
# "exact_match": True,
# "firstonly_len1": True,
# "timeout": 15,
#}
#Uncomment to use a LDAP directory instead.
#USERS = LDAPDict(**ldap_settings)
USERS = { USERS = {
"haho0032": { "haho0032": {
"sn": "Hoerberg", "sn": "Hoerberg",
"givenName": "Hans", "givenName": "Hasse",
"eduPersonScopedAffiliation": "staff@example.com", "eduPersonAffiliation": "student",
"eduPersonScopedAffiliation": "student@example.com",
"eduPersonPrincipalName": "haho@example.com", "eduPersonPrincipalName": "haho@example.com",
"uid": "haho", "uid": "haho0032",
"eduPersonTargetedID": "one!for!all", "eduPersonTargetedID": "one!for!all",
"c": "SE", "c": "SE",
"o": "Example Co.", "o": "Example Co.",

6
example/sp-repoze/sp.py
View File

@@ -2,7 +2,7 @@
from Cookie import SimpleCookie from Cookie import SimpleCookie
import logging import logging
import os import os
import sp_conf
from sp_conf import CONFIG from sp_conf import CONFIG
import re import re
import subprocess import subprocess
@@ -268,8 +268,8 @@ app_with_auth = make_middleware_with_config(application, {"here": "."},
log_file="repoze_who.log") log_file="repoze_who.log")
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------
HOST = '127.0.0.1' HOST = sp_conf.HOST
PORT = 8087 PORT = sp_conf.PORT
# allow uwsgi or gunicorn mount # allow uwsgi or gunicorn mount
# by moving some initialization out of __name__ == '__main__' section. # by moving some initialization out of __name__ == '__main__' section.

6
example/sp-repoze/sp_conf.example
View File

@@ -1,8 +1,10 @@
from saml2 import BINDING_HTTP_REDIRECT from saml2 import BINDING_HTTP_REDIRECT
from saml2.saml import NAME_FORMAT_URI from saml2.saml import NAME_FORMAT_URI
BASE= "http://localhost:8087" HOST = 'localhost'
#BASE= "http://lingon.catalogix.se:8087" PORT = 8087
BASE = "http://%s:%s" % (HOST, PORT)
CONFIG = { CONFIG = {
"entityid": "%s/sp.xml" % BASE, "entityid": "%s/sp.xml" % BASE,

3
src/saml2/server.py
View File

@@ -479,7 +479,8 @@ class Server(Entity):
if not verify_encrypt_cert(encrypt_cert): if not verify_encrypt_cert(encrypt_cert):
raise CertificateError("Invalid certificate for encryption!") raise CertificateError("Invalid certificate for encryption!")
else: else:
raise CertificateError("No certificate for encryption!") raise CertificateError("No SPCertEncType certificate for encryption contained in authentication "
"request.")
else: else:
encrypt_assertion = False encrypt_assertion = False