def get_saml_client(domain): """Get SAML2 client.""" acs_url = domain + reverse('djangosaml2:acs') saml_settings = { 'metadata': { 'remote': [{ 'url': settings.SAML2_AUTH['METADATA_AUTO_CONF_URL'] }] }, 'service': { 'sp': { 'endpoints': { 'assertion_consumer_service': [ (acs_url, BINDING_HTTP_REDIRECT), (acs_url, BINDING_HTTP_POST) ], }, 'allow_unsolicited': True, 'authn_requests_signed': True, 'logout_requests_signed': True, 'want_assertions_signed': True, 'want_response_signed': True, }, }, } sp_config = Config() sp_config.load(saml_settings) sp_config.allow_unknown_attributes = True saml_client = Saml2Client(config=sp_config) return saml_client
def dispatch(self, request, helper): if self.metadata_url is None: metadata_url = helper.fetch_state('metadata_url') else: metadata_url = self.metadata_url request_id = helper.fetch_state('request_id') settings = { 'entityid': request.build_absolute_uri('/organizations/%s/' % helper.organization.slug), 'metadata': { 'remote': [{ 'url': metadata_url, }], }, 'service': { 'sp': { 'endpoints': { 'assertion_consumer_service': [(request.build_absolute_uri( reverse('sentry-auth-sso')), BINDING_HTTP_POST)], }, 'allow_unsolicited': False, 'authn_requests_signed': False, 'logout_requests_signed': True, 'want_assertions_signed': False, 'want_response_signed': True, }, }, } config = Config() config.load(settings) client = Saml2Client(config) response = client.parse_authn_request_response( request.POST['SAMLResponse'], BINDING_HTTP_POST, outstanding={request_id: True}) extra = { key.lower(): value for key, value in response.get_identity().items() } user_info = response.get_subject() email = user_info.text username, domain = email.rsplit('@', 1) if not email: return helper.error('no email') helper.bind_state('email', email) helper.bind_state('name', extra.get('name', username)) return helper.next_step()
def test_load_local(): # string representation of XML idp definition idp_metadata = open(full_path("metadata.xml")).read() saml_config = Config() config_dict = {"metadata": {"inline": [idp_metadata]}} cfg = saml_config.load(config_dict) assert cfg
def _make_metadata(config_dict, option): """ Creates metadata from the given idp config :type config_dict: dict[str, Any] :type option: vopaas.metadata_creation.make_vopaas_metadata.MetadataOption :rtype: str :param config_dict: config :param option: metadata creation settings :return: A xml string """ eds = [] cnf = Config() cnf.load(copy.deepcopy(config_dict), metadata_construction=True) if option.valid: cnf.valid_for = option.valid eds.append(entity_descriptor(cnf)) conf = Config() conf.key_file = option.keyfile conf.cert_file = option.cert conf.debug = 1 conf.xmlsec_binary = option.xmlsec secc = security_context(conf) if option.id: desc, xmldoc = entities_descriptor(eds, option.valid, option.name, option.id, option.sign, secc) valid_instance(desc) print(desc.to_string(NSPAIR)) else: for eid in eds: if option.sign: assert conf.key_file assert conf.cert_file eid, xmldoc = sign_entity_descriptor(eid, option.id, secc) else: xmldoc = None valid_instance(eid) xmldoc = metadata_tostring_fix(eid, NSPAIR, xmldoc).decode() return xmldoc
def _make_metadata(config_dict, option): """ Creates metadata from the given idp config :type config_dict: dict[str, Any] :type option: vopaas.metadata_creation.make_vopaas_metadata.MetadataOption :rtype: str :param config_dict: config :param option: metadata creation settings :return: A xml string """ eds = [] cnf = Config() cnf.load(copy.deepcopy(config_dict), metadata_construction=True) if option.valid: cnf.valid_for = option.valid eds.append(entity_descriptor(cnf)) conf = Config() conf.key_file = option.keyfile conf.cert_file = option.cert conf.debug = 1 conf.xmlsec_binary = option.xmlsec secc = security_context(conf) if option.id: desc, xmldoc = entities_descriptor(eds, option.valid, option.name, option.id, option.sign, secc) valid_instance(desc) print(desc.to_string(NSPAIR)) else: for eid in eds: if option.sign: assert conf.key_file assert conf.cert_file eid, xmldoc = sign_entity_descriptor(eid, option.id, secc) else: xmldoc = None valid_instance(eid) xmldoc = metadata_tostring_fix(eid, NSPAIR, xmldoc).decode() return xmldoc
def _saml2_config(self): if hasattr(self, '_v_cached_config') and self._v_cached_config: return self._v_cached_config config = Config() conf=sp_config.copy() metadata_file = self.config['metadata_file'] if not metadata_file: path = os.path.dirname(__file__) metadata_file = os.path.join(path, 'metadata.xml') conf['metadata']['local'] = [metadata_file] config.load(conf) config['entityid'] = self.config['portal_url'] config['service']['sp']['name'] = self.config['portal_name'] config['service']['sp']['url'] = self.config['portal_url'] required_attributes = [] for attribute in self.config['required_attributes'].split('\r\n'): name = attributes.get(attribute, None) if name: required_attributes.append(name) elif attribute in attributes.values(): required_attributes.append(attribute) optional_attributes = [] for attribute in self.config['optional_attributes'].split('\r\n'): name = attributes.get(attribute, None) if name: optional_attributes.append(name) elif attribute in attributes.values(): optional_attributes.append(attribute) config['service']['sp']['required_attributes'] = required_attributes config['service']['sp']['optional_attributes'] = optional_attributes config['service']['sp']['privacy_notice'] = self.config['privacy_notice'] config['key_file'] = self.config['key_file'] config['cert_file'] = self.config['cert_file'] config['xmlsec_binary'] = self.config['xmlsec_binary'] # Get Idps from the metadata config['service']['sp']['idp'] = {} for location in config['metadata'].locations(): name = config['metadata'].name(location) config['service']['sp']['idp'][name] = location self._v_cached_config = config return self._v_cached_config
def test_load_local(): # string representation of XML idp definition idp_metadata = open(full_path("metadata.xml")).read() saml_config = Config() config_dict = { "metadata": {"inline": [idp_metadata]} } cfg = saml_config.load(config_dict) assert cfg
def dispatch(self, request, helper): if self.metadata_url is None: metadata_url = helper.fetch_state('metadata_url') else: metadata_url = self.metadata_url org = self.get_active_organization(request) settings = { 'entityid': request.build_absolute_uri('/organizations/%s/' % org.slug), 'metadata': { 'remote': [{ 'url': metadata_url, }], }, 'service': { 'sp': { 'endpoints': { 'assertion_consumer_service': [(request.build_absolute_uri( reverse('sentry-auth-sso')), BINDING_HTTP_POST)], }, 'allow_unsolicited': False, 'authn_requests_signed': False, 'logout_requests_signed': True, 'want_assertions_signed': False, 'want_response_signed': True, }, }, } config = Config() config.load(settings) client = Saml2Client(config) request_id, headers = client.prepare_for_authenticate() helper.bind_state('request_id', request_id) for key, value in headers['headers']: if key is 'Location': # helper.incr_step() helper.request.session['auth']['idx'] += 1 helper.request.session.modified = True return self.redirect(value)