Example for LDAP, new error message and added a test user.

2014-05-08 16:37:01 +02:00
parent ab301ad938
commit e80fd8ee4b
3 changed files with 45 additions and 5 deletions
--- a/example/idp2/idp.py
+++ b/example/idp2/idp.py
@@ -484,7 +484,9 @@ def do_authentication(environ, start_response, authn_context, key,

 # -----------------------------------------------------------------------------

-PASSWD = {"haho0032": "qwerty",
+PASSWD = {
+          "daev0001": "qwerty",
+          "haho0032": "qwerty",
          "roland": "dianakra",
          "babs": "howes",
          "upper": "crust"}
--- a/example/idp2/idp_user.py
+++ b/example/idp2/idp_user.py
@@ -1,8 +1,45 @@
-USERS = {
+#from dirg_util.dict import LDAPDict
+#ldap_settings = {
+#    "ldapuri": "ldaps://ldap.test.umu.se",
+#    "base": "dc=umu, dc=se",
+#    "filter_pattern": "(uid=%s)",
+#    "user": "",
+#    "passwd": "",
+#    "attr": [
+#        "eduPersonScopedAffiliation",
+#        "eduPersonAffiliation",
+#        "eduPersonPrincipalName",
+#        "givenName",
+#        "sn",
+#        "mail",
+#        "uid",
+#        "o",
+#        "c",
+#        "labeledURI",
+#        "ou",
+#        "displayName",
+#        "norEduPersonLIN"
+#    ],
+#    "keymap": {
+#        "mail": "email",
+#        "labeledURI": "labeledURL",
+#    },
+#    "static_values": {
+#        "eduPersonTargetedID": "one!for!all",
+#    },
+#    "exact_match": True,
+#    "firstonly_len1": True,
+#    "timeout": 15,
+#}
+#Uncomment to use a LDAP directory instead.
+#USERS = LDAPDict(**ldap_settings)
+
+USERS_ = {
    "haho0032": {
        "sn": "Hoerberg",
-        "givenName": "Hans",
-        "eduPersonScopedAffiliation": "staff@example.com",
+        "givenName": "Hasse",
+        "eduPersonAffiliation": "student",
+        "eduPersonScopedAffiliation": "student@example.com",
        "eduPersonPrincipalName": "haho@example.com",
        "uid": "haho",
        "eduPersonTargetedID": "one!for!all",
--- a/src/saml2/server.py
+++ b/src/saml2/server.py
@@ -479,7 +479,8 @@ class Server(Entity):
                    if not verify_encrypt_cert(encrypt_cert):
                        raise CertificateError("Invalid certificate for encryption!")
            else:
-                raise CertificateError("No certificate for encryption!")
+                raise CertificateError("No SPCertEncType certificate for encryption contained in authentication "
+                                       "request.")
        else:
            encrypt_assertion = False