Changed the config to an example file.
This commit is contained in:
Hans Hörberg
@@ -1,34 +0,0 @@
|
||||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
<ns0:EntityDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ns1="urn:oasis:names:tc:SAML:metadata:attribute" xmlns:ns2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ns4="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" xmlns:ns5="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" entityID="http://localhost:8087/LocalTestSPHans.xml"><ns0:Extensions><ns1:EntityAttributes><ns2:Attribute Name="http://macedir.org/entity-category"><ns2:AttributeValue xsi:type="xs:string">http://www.geant.net/uri/dataprotection-code-of-conduct/v1</ns2:AttributeValue><ns2:AttributeValue xsi:type="xs:string">http://www.swamid.se/category/research-and-education</ns2:AttributeValue><ns2:AttributeValue xsi:type="xs:string">http://www.swamid.se/category/hei-service</ns2:AttributeValue><ns2:AttributeValue xsi:type="xs:string">http://www.swamid.se/category/sfs-1993-1153</ns2:AttributeValue><ns2:AttributeValue xsi:type="xs:string">http://www.swamid.se/category/nren-service</ns2:AttributeValue><ns2:AttributeValue xsi:type="xs:string">http://www.swamid.se/category/eu-adequate-protection</ns2:AttributeValue></ns2:Attribute></ns1:EntityAttributes></ns0:Extensions><ns0:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><ns0:Extensions><ns4:DiscoveryResponse Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="http://localhost:8087/disco" index="1" /></ns0:Extensions><ns0:KeyDescriptor use="encryption"><ns5:KeyInfo><ns5:X509Data><ns5:X509Certificate>MIIC8jCCAlugAwIBAgIJAJHg2V5J31I8MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV
|
||||
BAYTAlNFMQ0wCwYDVQQHEwRVbWVhMRgwFgYDVQQKEw9VbWVhIFVuaXZlcnNpdHkx
|
||||
EDAOBgNVBAsTB0lUIFVuaXQxEDAOBgNVBAMTB1Rlc3QgU1AwHhcNMDkxMDI2MTMz
|
||||
MTE1WhcNMTAxMDI2MTMzMTE1WjBaMQswCQYDVQQGEwJTRTENMAsGA1UEBxMEVW1l
|
||||
YTEYMBYGA1UEChMPVW1lYSBVbml2ZXJzaXR5MRAwDgYDVQQLEwdJVCBVbml0MRAw
|
||||
DgYDVQQDEwdUZXN0IFNQMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkJWP7
|
||||
bwOxtH+E15VTaulNzVQ/0cSbM5G7abqeqSNSs0l0veHr6/ROgW96ZeQ57fzVy2MC
|
||||
FiQRw2fzBs0n7leEmDJyVVtBTavYlhAVXDNa3stgvh43qCfLx+clUlOvtnsoMiiR
|
||||
mo7qf0BoPKTj7c0uLKpDpEbAHQT4OF1HRYVxMwIDAQABo4G/MIG8MB0GA1UdDgQW
|
||||
BBQ7RgbMJFDGRBu9o3tDQDuSoBy7JjCBjAYDVR0jBIGEMIGBgBQ7RgbMJFDGRBu9
|
||||
o3tDQDuSoBy7JqFepFwwWjELMAkGA1UEBhMCU0UxDTALBgNVBAcTBFVtZWExGDAW
|
||||
BgNVBAoTD1VtZWEgVW5pdmVyc2l0eTEQMA4GA1UECxMHSVQgVW5pdDEQMA4GA1UE
|
||||
AxMHVGVzdCBTUIIJAJHg2V5J31I8MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF
|
||||
BQADgYEAMuRwwXRnsiyWzmRikpwinnhTmbooKm5TINPE7A7gSQ710RxioQePPhZO
|
||||
zkM27NnHTrCe2rBVg0EGz7QTd1JIwLPvgoj4VTi/fSha/tXrYUaqc9AqU1kWI4WN
|
||||
+vffBGQ09mo+6CffuFTZYeOhzP/2stAPwCTU4kxEoiy0KpZMANI=
|
||||
</ns5:X509Certificate></ns5:X509Data></ns5:KeyInfo></ns0:KeyDescriptor><ns0:KeyDescriptor use="signing"><ns5:KeyInfo><ns5:X509Data><ns5:X509Certificate>MIIC8jCCAlugAwIBAgIJAJHg2V5J31I8MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV
|
||||
BAYTAlNFMQ0wCwYDVQQHEwRVbWVhMRgwFgYDVQQKEw9VbWVhIFVuaXZlcnNpdHkx
|
||||
EDAOBgNVBAsTB0lUIFVuaXQxEDAOBgNVBAMTB1Rlc3QgU1AwHhcNMDkxMDI2MTMz
|
||||
MTE1WhcNMTAxMDI2MTMzMTE1WjBaMQswCQYDVQQGEwJTRTENMAsGA1UEBxMEVW1l
|
||||
YTEYMBYGA1UEChMPVW1lYSBVbml2ZXJzaXR5MRAwDgYDVQQLEwdJVCBVbml0MRAw
|
||||
DgYDVQQDEwdUZXN0IFNQMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkJWP7
|
||||
bwOxtH+E15VTaulNzVQ/0cSbM5G7abqeqSNSs0l0veHr6/ROgW96ZeQ57fzVy2MC
|
||||
FiQRw2fzBs0n7leEmDJyVVtBTavYlhAVXDNa3stgvh43qCfLx+clUlOvtnsoMiiR
|
||||
mo7qf0BoPKTj7c0uLKpDpEbAHQT4OF1HRYVxMwIDAQABo4G/MIG8MB0GA1UdDgQW
|
||||
BBQ7RgbMJFDGRBu9o3tDQDuSoBy7JjCBjAYDVR0jBIGEMIGBgBQ7RgbMJFDGRBu9
|
||||
o3tDQDuSoBy7JqFepFwwWjELMAkGA1UEBhMCU0UxDTALBgNVBAcTBFVtZWExGDAW
|
||||
BgNVBAoTD1VtZWEgVW5pdmVyc2l0eTEQMA4GA1UECxMHSVQgVW5pdDEQMA4GA1UE
|
||||
AxMHVGVzdCBTUIIJAJHg2V5J31I8MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF
|
||||
BQADgYEAMuRwwXRnsiyWzmRikpwinnhTmbooKm5TINPE7A7gSQ710RxioQePPhZO
|
||||
zkM27NnHTrCe2rBVg0EGz7QTd1JIwLPvgoj4VTi/fSha/tXrYUaqc9AqU1kWI4WN
|
||||
+vffBGQ09mo+6CffuFTZYeOhzP/2stAPwCTU4kxEoiy0KpZMANI=
|
||||
</ns5:X509Certificate></ns5:X509Data></ns5:KeyInfo></ns0:KeyDescriptor><ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://localhost:8087/slo" /><ns0:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:8087" index="1" /></ns0:SPSSODescriptor><ns0:Organization><ns0:OrganizationName xml:lang="en">Lokal test SP Hans</ns0:OrganizationName><ns0:OrganizationDisplayName xml:lang="se">Lokal test SP Hans</ns0:OrganizationDisplayName><ns0:OrganizationDisplayName xml:lang="en">Lokal test SP Hans</ns0:OrganizationDisplayName><ns0:OrganizationURL xml:lang="en">http://130.239.200.146:8087</ns0:OrganizationURL></ns0:Organization></ns0:EntityDescriptor>
|
||||
51
example/sp-repoze/sp_conf.example
Normal file
51
example/sp-repoze/sp_conf.example
Normal file
@@ -0,0 +1,51 @@
|
||||
from saml2 import BINDING_HTTP_REDIRECT
|
||||
from saml2.saml import NAME_FORMAT_URI
|
||||
|
||||
BASE= "http://localhost:8087"
|
||||
#BASE= "http://lingon.catalogix.se:8087"
|
||||
|
||||
CONFIG = {
|
||||
"entityid": "%s/sp.xml" % BASE,
|
||||
"description": "My SP",
|
||||
"service": {
|
||||
"sp": {
|
||||
"name": "Rolands SP",
|
||||
"endpoints": {
|
||||
"assertion_consumer_service": [BASE],
|
||||
"single_logout_service": [(BASE + "/slo",
|
||||
BINDING_HTTP_REDIRECT)],
|
||||
},
|
||||
"required_attributes": ["surname", "givenname",
|
||||
"edupersonaffiliation"],
|
||||
"optional_attributes": ["title"],
|
||||
}
|
||||
},
|
||||
"debug": 1,
|
||||
"key_file": "pki/mykey.pem",
|
||||
"cert_file": "pki/mycert.pem",
|
||||
"attribute_map_dir": "./attributemaps",
|
||||
"metadata": {"local": ["../idp2/idp.xml"]},
|
||||
# -- below used by make_metadata --
|
||||
"organization": {
|
||||
"name": "Exempel AB",
|
||||
"display_name": [("Exempel AB", "se"), ("Example Co.", "en")],
|
||||
"url": "http://www.example.com/roland",
|
||||
},
|
||||
"contact_person": [{
|
||||
"given_name":"John",
|
||||
"sur_name": "Smith",
|
||||
"email_address": ["john.smith@example.com"],
|
||||
"contact_type": "technical",
|
||||
},
|
||||
],
|
||||
#"xmlsec_binary":"/opt/local/bin/xmlsec1",
|
||||
"name_form": NAME_FORMAT_URI,
|
||||
"logger": {
|
||||
"rotating": {
|
||||
"filename": "sp.log",
|
||||
"maxBytes": 100000,
|
||||
"backupCount": 5,
|
||||
},
|
||||
"loglevel": "debug",
|
||||
}
|
||||
}
|
||||
@@ -1,139 +0,0 @@
|
||||
import uuid
|
||||
from saml2 import BINDING_HTTP_REDIRECT
|
||||
import saml2
|
||||
from saml2.cert import OpenSSLWrapper
|
||||
from saml2.extension.idpdisc import BINDING_DISCO
|
||||
from saml2.saml import NAME_FORMAT_URI
|
||||
#from saml2.sigver import CertHandlerExtra
|
||||
from saml2.entity_category.edugain import COC
|
||||
from saml2.entity_category.swamid import RESEARCH_AND_EDUCATION
|
||||
from saml2.entity_category.swamid import HEI
|
||||
from saml2.entity_category.swamid import SFS_1993_1153
|
||||
from saml2.entity_category.swamid import NREN
|
||||
from saml2.entity_category.swamid import EU
|
||||
|
||||
|
||||
#BASE= "http://130.239.200.146:8087"
|
||||
BASE= "http://localhost:8087"
|
||||
#BASE= "http://lingon.catalogix.se:8087"
|
||||
|
||||
"""
|
||||
class SpCertHandlerExtraClass(CertHandlerExtra):
|
||||
|
||||
def use_generate_cert_func(self):
|
||||
return True
|
||||
|
||||
def generate_cert(self, generate_cert_info, ca_cert_string, ca_key_string):
|
||||
print "Hello"
|
||||
return (ca_cert_string, ca_key_string)
|
||||
|
||||
def use_validate_cert_func(self):
|
||||
return False
|
||||
|
||||
def validate_cert(self, cert_str, ca_cert_string, ca_key_string):
|
||||
pass
|
||||
"""
|
||||
|
||||
def generate_cert():
|
||||
sn = uuid.uuid4().urn
|
||||
cert_info = {
|
||||
"cn": "localhost",
|
||||
"country_code": "se",
|
||||
"state": "ac",
|
||||
"city": "Umea",
|
||||
"organization": "ITS",
|
||||
"organization_unit": "DIRG"
|
||||
}
|
||||
osw = OpenSSLWrapper()
|
||||
ca_cert_str = osw.read_str_from_file("/Users/haho0032/Develop/root_cert/localhost.ca.crt")
|
||||
ca_key_str = osw.read_str_from_file("/Users/haho0032/Develop/root_cert/localhost.ca.key")
|
||||
#ca_cert_str = osw.read_str_from_file("/Users/haho0032/Develop/githubFork/pysaml2/example/sp-repoze/pki/localhost.ca.crt")
|
||||
#ca_key_str = osw.read_str_from_file("/Users/haho0032/Develop/githubFork/pysaml2/example/sp-repoze/pki/localhost.ca.key")
|
||||
req_cert_str, req_key_str = osw.create_certificate(cert_info, request=True, sn=sn, key_length=2048)
|
||||
cert_str = osw.create_cert_signed_certificate(ca_cert_str, ca_key_str, req_cert_str)
|
||||
return cert_str, req_key_str
|
||||
|
||||
CONFIG = {
|
||||
"entityid": "%s/LocalTestSPHans.xml" % BASE,
|
||||
"description": "Lokal test SP Hans",
|
||||
"entity_category": [COC, RESEARCH_AND_EDUCATION, HEI, SFS_1993_1153, NREN, EU],
|
||||
"generate_cert_func": generate_cert,
|
||||
#Information needed for generated cert (NO CERT) solution.
|
||||
#"only_use_keys_in_metadata": False,
|
||||
#"cert_handler_extra_class": None,#MyCertGeneration(),
|
||||
#"generate_cert_info": {
|
||||
# "cn": "localhost",
|
||||
# "country_code": "se",
|
||||
# "state": "ac",
|
||||
# "city": "Umea",
|
||||
# "organization": "ITS Umea University",
|
||||
# "organization_unit": "DIRG"
|
||||
#},
|
||||
#"tmp_key_file": "pki/tmp_mykey.pem",
|
||||
#"tmp_cert_file": "pki/tmp_mycert.pem",
|
||||
#"validate_certificate": True,
|
||||
#############################################################
|
||||
"service": {
|
||||
"sp": {
|
||||
#Information needed for generated cert (NO CERT) solution.
|
||||
"authn_requests_signed": "true", #Will sign the request!
|
||||
"want_assertions_signed": "false", #Demands that the assertion is signed.
|
||||
"want_response_signed": "true",
|
||||
"allow_unsolicited": "true", #Allows the message not to be ment for this sp.
|
||||
#############################################################
|
||||
"name": "LocalTestSPHans",
|
||||
"endpoints": {
|
||||
"assertion_consumer_service": [BASE],
|
||||
"single_logout_service": [(BASE + "/slo",
|
||||
BINDING_HTTP_REDIRECT)],
|
||||
"discovery_response": [
|
||||
("%s/disco" % BASE, BINDING_DISCO)
|
||||
]
|
||||
},
|
||||
"required_attributes": ["surname", "givenname",
|
||||
"edupersonaffiliation"],
|
||||
"optional_attributes": ["title"],
|
||||
}
|
||||
},
|
||||
"debug": 1,
|
||||
#Information needed for generated cert (NO CERT) solution.
|
||||
"key_file": "pki/mykey.pem",
|
||||
"cert_file": "pki/mycert.pem",
|
||||
#############################################################
|
||||
"attribute_map_dir": "./attributemaps",
|
||||
"metadata": {
|
||||
#"local": ["../idp2/idp_nocert.xml"],
|
||||
#"local": ["/Users/haho0032/Develop/svn/trunk/pyOpSamlProxy/idp_nocert.xml"],
|
||||
|
||||
#Information needed for generated cert (NO CERT) solution.
|
||||
#"local": ["/Users/haho0032/Develop/github/IdProxy/idp_nocert.xml"],
|
||||
"local": ["/Users/haho0032/Develop/github/IdProxy/idp.xml"],
|
||||
#"local": ["../idp2/idp.xml"],
|
||||
#############################################################
|
||||
|
||||
#"local": ["/Users/haho0032/Develop/github/IdProxy/idp.xml"],
|
||||
# #"remote": [{"url": "http://130.239.201.5/role/idp.xml", "cert": None}],
|
||||
|
||||
},
|
||||
|
||||
|
||||
# -- below used by make_metadata --
|
||||
"organization": {
|
||||
"name": "Lokal test SP Hans",
|
||||
"display_name": [("Lokal test SP Hans", "se"), ("Lokal test SP Hans", "en")],
|
||||
"url": "http://130.239.200.146:8087",
|
||||
},
|
||||
"contact_person": [
|
||||
],
|
||||
"xmlsec_binary": '/usr/local/bin/xmlsec1',
|
||||
"name_form": NAME_FORMAT_URI,
|
||||
"logger": {
|
||||
"rotating": {
|
||||
"filename": "sp.log",
|
||||
"maxBytes": 100000,
|
||||
"backupCount": 5,
|
||||
},
|
||||
"loglevel": "debug",
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user