def test_sp_type_false(self):
fil = "sp_mdext_conf.py"
cnf = Config().load_file(fil, metadata_construction=True)
cnf.setattr('sp', 'sp_type_in_metadata', False)
ed = entity_descriptor(cnf)
assert all(e.tag is not SPType.c_tag for e in ed.extensions.extension_elements)
def __init__(self, cargs, kwargs):
self.nspair = {"xs": "http://www.w3.org/2001/XMLSchema"}
_cnf = kwargs['conf']
res = read_multi_conf(_cnf, True)
eds = []
for key, cnf in res.items():
eds.append(entity_descriptor(cnf))
valid_for = 0
"""
Setting things to None here that are now unused, but might be useful someday
"""
conf = Config()
conf.key_file = None
conf.cert_file = None
conf.debug = 1
conf.xmlsec_binary = None
args_name = None
args_id = None
args_sign = None
secc = security_context(conf)
desc, xmldoc = entities_descriptor(eds, valid_for, args_name, args_id,
args_sign, secc)
valid_instance(desc)
self.desc = desc
self.xmldoc = xmldoc
def test_sp_attr_policy2(self):
# create a pysaml SP
self.sp_conf = SPConfig()
_sp_conf = copy.deepcopy(SAML_SP_CONFIG)
_sp_conf['service']['sp']['required_attributes'] = [
'email', 'givenName', 'eduPersonPrincipalName', 'sn', 'telexNumber'
]
self.sp_conf.load(_sp_conf)
# put sp metadata into IDP md store
sp_metadata = entity_descriptor(self.sp_conf)
with open(IDP_SP_METADATA_PATH + '/sp.xml', 'wb') as fd:
fd.write(sp_metadata.to_string())
sp_client = Saml2Client(self.sp_conf)
session_id, result = sp_client.prepare_for_authenticate(
entityid=idp_eid, relay_state='/', binding=BINDING_HTTP_POST)
url, data = extract_saml_authn_data(result)
response = self.client.post(url, data, follow=True)
# login again to update existing user on db
login_response = self.client.post(login_url,
data=self.login_data,
follow=True)
# is there a SAML response?
saml_resp = re.findall(samlresponse_form_regexp,
login_response.content.decode())
def metadata(request, config_loader_path=None, valid_for=None):
"""Returns an XML with the SAML 2.0 metadata for this
SP as configured in the settings.py file.
"""
conf = get_config(config_loader_path, request)
metadata = entity_descriptor(conf)
return HttpResponse(content=str(metadata), content_type="text/xml; charset=utf8")
def test_entity_attributes(self):
fil = "sp_mdext_conf.py"
cnf = Config().load_file(fil, metadata_construction=True)
ed = entity_descriptor(cnf)
entity_attributes = next(
e
for e in ed.extensions.extension_elements
if e.tag == 'EntityAttributes'
)
attributes = [
parse_str_as(Attribute, e.to_string())
for e in entity_attributes.children
]
assert all(
a.name in [
"urn:oasis:names:tc:SAML:profiles:subject-id:req",
"somename",
]
for a in attributes
)
import saml2.attribute_converter
attrc = saml2.attribute_converter.ac_factory()
import saml2.mdstore
mds = saml2.mdstore.MetadataStore(attrc, cnf)
mds.load("inline", ed.to_string())
entityid = ed.entity_id
entity_attributes = mds.entity_attributes(entityid)
assert entity_attributes == {
'urn:oasis:names:tc:SAML:profiles:subject-id:req': ['any'],
'somename': ['x', 'y', 'z'],
}
def get_metadata(self):
"""Returns SAML Identity Provider Metadata"""
edesc = entity_descriptor(self._config, 24)
if self._config.key_file:
edesc = sign_entity_descriptor(edesc, 24, None, security_context(self._config))
response = make_response(str(edesc))
response.headers['Content-type'] = 'text/xml; charset=utf-8'
return response
def metadata(request):
"""Returns an XML with the SAML 2.0 metadata for this
SP as configured in the settings.py file.
"""
conf = get_saml2_config(
request.registry.settings.get('saml2.settings_module'))
metadata = entity_descriptor(conf)
return Response(body=str(metadata), content_type="text/xml; charset=utf8")
def metadata(request):
""" Returns an XML with the SAML 2.0 metadata for this Idp.
The metadata is constructed on-the-fly based on the config dict in the django settings.
"""
conf = IdPConfig()
conf.load(copy.deepcopy(settings.SAML_IDP_CONFIG))
metadata = entity_descriptor(conf)
return HttpResponse(content=text_type(metadata).encode('utf-8'), content_type="text/xml; charset=utf8")
def metadata(request, config_loader_path=None, valid_for=None):
"""Returns an XML with the SAML 2.0 metadata for this
SP as configured in the settings.py file.
"""
conf = get_config(config_loader_path, request)
metadata = entity_descriptor(conf)
return HttpResponse(content=str(metadata),
content_type="text/xml; charset=utf8")
def build_metadata() -> Response:
"""Build saml metadata."""
conf = Saml2Config()
conf.load(app.config["SAML_CONFIG"])
metadata = entity_descriptor(conf)
response = make_response(str(metadata).encode("utf-8"))
response.headers["content-type"] = "text/xml; charset=utf-8"
return response
def metadata():
"""
Returns an XML with the SAML 2.0 metadata for this
SP as configured in the saml2_settings.py file.
"""
metadata = entity_descriptor(current_app.saml2_config)
response = make_response(metadata.to_string(), 200)
response.headers['Content-Type'] = "text/xml; charset=utf8"
return response
def metadata(cls) -> str:
conf = IdPConfig()
try:
conf.load(cls.construct_metadata())
metadata = entity_descriptor(conf)
except:
pass
return str(metadata)
def metadata(cls) -> str:
""" Get the IDP metadata as a string. """
conf = IdPConfig()
try:
conf.load(cls.construct_metadata())
metadata = entity_descriptor(conf)
except Exception as e:
raise ImproperlyConfigured(_('Could not instantiate IDP metadata based on the SAML_IDP_CONFIG settings and configured ServiceProviders: {}').format(str(e)))
return str(metadata)
def metadata():
"""
Returns an XML with the SAML 2.0 metadata for this
SP as configured in the saml2_settings.py file.
"""
metadata = entity_descriptor(current_app.saml2_config)
response = make_response(metadata.to_string(), 200)
response.headers['Content-Type'] = "text/xml; charset=utf8"
return response
def test_requested_attribute_name_format():
cnf = SPConfig().load(sp_conf, metadata_construction=True)
ed = entity_descriptor(cnf)
assert len(ed.spsso_descriptor.attribute_consuming_service) == 1
acs = ed.spsso_descriptor.attribute_consuming_service[0]
assert len(acs.requested_attribute) == 4
for req_attr in acs.requested_attribute:
assert req_attr.name_format == NAME_FORMAT_URI
sp2 = copy.copy(sp_conf)
sp2["service"]["sp"]["requested_attribute_name_format"] = NAME_FORMAT_BASIC
cnf2 = SPConfig().load(sp2, metadata_construction=True)
ed = entity_descriptor(cnf2)
acs = ed.spsso_descriptor.attribute_consuming_service[0]
assert len(acs.requested_attribute) == 4
for req_attr in acs.requested_attribute:
assert req_attr.name_format == NAME_FORMAT_BASIC
def test_requested_attribute_name_format():
cnf = SPConfig().load(sp_conf, metadata_construction=True)
ed = entity_descriptor(cnf)
assert len(ed.spsso_descriptor.attribute_consuming_service) == 1
acs = ed.spsso_descriptor.attribute_consuming_service[0]
assert len(acs.requested_attribute) == 4
for req_attr in acs.requested_attribute:
assert req_attr.name_format == NAME_FORMAT_URI
sp2 = copy.copy(sp_conf)
sp2["service"]["sp"]["requested_attribute_name_format"] = NAME_FORMAT_BASIC
cnf2 = SPConfig().load(sp2, metadata_construction=True)
ed = entity_descriptor(cnf2)
acs = ed.spsso_descriptor.attribute_consuming_service[0]
assert len(acs.requested_attribute) == 4
for req_attr in acs.requested_attribute:
assert req_attr.name_format == NAME_FORMAT_BASIC
def get(self, request, *args, **kwargs):
conf = self.get_sp_config(request)
if not conf:
return HttpResponse(
content='<msg>unknown service id</msg>'.encode('utf-8'),
content_type="text/xml; charset=utf-8",
status=404)
metadata = entity_descriptor(conf)
return HttpResponse(content=str(metadata).encode('utf-8'),
content_type="text/xml; charset=utf-8")
def test_sp_type_true(self):
fil = "sp_mdext_conf.py"
cnf = Config().load_file(fil, metadata_construction=True)
ed = entity_descriptor(cnf)
assert ed.spsso_descriptor.extensions
assert len(ed.spsso_descriptor.extensions.extension_elements) == 3
assert ed.extensions
assert len(ed.extensions.extension_elements) > 1
assert any(e.tag is SPType.c_tag for e in ed.extensions.extension_elements)
def _metadata_endpoint(self, context):
"""
Endpoint for retrieving the backend metadata
:type context: satosa.context.Context
:rtype: satosa.response.Response
:param context: The current context
:return: response with metadata
"""
logger.debug("Sending metadata response")
conf = self.sp.config
metadata = entity_descriptor(conf)
# creare gli attribute_consuming_service
cnt = 0
for (attribute_consuming_service
) in metadata.spsso_descriptor.attribute_consuming_service:
attribute_consuming_service.index = str(cnt)
cnt += 1
cnt = 0
for (assertion_consumer_service
) in metadata.spsso_descriptor.assertion_consumer_service:
assertion_consumer_service.is_default = "true" if not cnt else ""
assertion_consumer_service.index = str(cnt)
cnt += 1
# nameformat patch... tutto questo non rispecchia gli standard OASIS
for reqattr in metadata.spsso_descriptor.attribute_consuming_service[
0].requested_attribute:
reqattr.name_format = None
reqattr.friendly_name = None
# attribute consuming service service name patch
service_name = metadata.spsso_descriptor.attribute_consuming_service[
0].service_name[0]
service_name.lang = "it"
service_name.text = metadata.entity_id
# remove extension disco and uuinfo (spid-testenv2)
# metadata.spsso_descriptor.extensions = []
# load ContactPerson Extensions
self._metadata_contact_person(metadata, conf)
# metadata signature
secc = security_context(conf)
#
sign_dig_algs = self.get_kwargs_sign_dig_algs()
eid, xmldoc = sign_entity_descriptor(metadata, None, secc,
**sign_dig_algs)
valid_instance(eid)
return Response(text_type(xmldoc).encode("utf-8"),
content="text/xml; charset=utf8")
def test_entity_description():
#confd = eval(open("../tests/server.config").read())
confd = SPConfig().load_file("server_conf")
print confd.attribute_converters
entd = metadata.entity_descriptor(confd)
assert entd is not None
print entd.keyswv()
assert _eq(entd.keyswv(), ['valid_until', 'entity_id', 'contact_person',
'spsso_descriptor', 'organization'])
print entd
assert entd.entity_id == "urn:mace:example.com:saml:roland:sp"
def test_entity_description():
#confd = eval(open("../tests/server.config").read())
confd = SPConfig().load_file("server_conf")
print confd.attribute_converters
entd = metadata.entity_descriptor(confd, 1)
assert entd is not None
print entd.keyswv()
assert _eq(entd.keyswv(), [
'valid_until', 'entity_id', 'contact_person', 'spsso_descriptor',
'organization'
])
print entd
assert entd.entity_id == "urn:mace:example.com:saml:roland:sp"
def run():
'''配置IdP,生成证书、元数据文件'''
if not os.path.exists(BASEDIR+'/djangosaml2idp/certificates/mycert.pem') or not \
os.path.exists(BASEDIR+'/djangosaml2idp/certificates/mykey.pem'):
create_self_signed_cert()
conf = IdPConfig() # pylint: disable=invalid-name
conf.load(copy.deepcopy(idpsettings.SAML_IDP_CONFIG))
meta_data = entity_descriptor(conf) # pylint: disable=invalid-name
content = text_type(meta_data).encode('utf-8')
with open(BASEDIR + '/djangosaml2idp/saml2_config/idp_metadata.xml',
'wb') as f:
f.write(content)
def _add_sp_md(self):
self._superuser_login()
# put md store through admin UI
create_url = reverse('admin:uniauth_saml2_idp_metadatastore_add')
data = dict(name='sptest',
type='local',
url=idp_md_path,
kwargs='{}',
is_active=1)
response = self.client.post(create_url, data, follow=True)
assert 'was added successfully' in response.content.decode()
# put sp metadata into IDP md store
sp_metadata = entity_descriptor(self.sp_conf)
with open(IDP_SP_METADATA_PATH + '/sp.xml', 'wb') as fd:
fd.write(sp_metadata.to_string())
def metadata(request, config_loader_path=None, valid_for=None):
"""Returns an XML with the SAML 2.0 metadata for this
SP as configured in the settings.py file.
"""
conf = get_config(config_loader_path, request)
valid_for = valid_for or get_custom_setting("SAML_VALID_FOR", 24)
metadata = entity_descriptor(conf, valid_for)
saml_token = request.GET.get("saml_token")
if saml_token:
# inject the saml token to the sp urls
for descriptor in metadata.spsso_descriptor.assertion_consumer_service:
descriptor.location += "?saml_token=%s" % saml_token
for descriptor in metadata.spsso_descriptor.single_logout_service:
descriptor.location += "?saml_token=%s" % saml_token
return HttpResponse(content=str(metadata), content_type="text/xml; charset=utf8")
def italian_sp_metadata(conf, md_type: str = "spid"):
metadata = entity_descriptor(conf)
# this will renumber acs starting from 0 and set index=0 as is_default
cnt = 0
for (attribute_consuming_service
) in metadata.spsso_descriptor.attribute_consuming_service:
attribute_consuming_service.index = str(cnt)
cnt += 1
cnt = 0
for (assertion_consumer_service
) in metadata.spsso_descriptor.assertion_consumer_service:
assertion_consumer_service.is_default = "true" if not cnt else ""
assertion_consumer_service.index = str(cnt)
cnt += 1
# nameformat patch
for reqattr in metadata.spsso_descriptor.attribute_consuming_service[
0].requested_attribute:
reqattr.name_format = (
None # "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
)
reqattr.friendly_name = None
metadata.extensions = None
# attribute consuming service service name patch
service_name = metadata.spsso_descriptor.attribute_consuming_service[
0].service_name[0]
service_name.lang = "it"
service_name.text = conf._sp_name
if md_type == 'spid':
spid_contacts_29_v3(metadata)
elif md_type == 'cie':
cie_contacts(metadata)
# metadata signature
secc = security_context(conf)
sign_dig_algs = dict(sign_alg=conf._sp_signing_algorithm,
digest_alg=conf._sp_digest_algorithm)
eid, xmldoc = sign_entity_descriptor(metadata, None, secc, **sign_dig_algs)
return xmldoc
def metadata_spid(request, config_loader_path=None, valid_for=None):
"""Returns an XML with the SAML 2.0 metadata for this
SP as configured in the settings.py file.
"""
conf = get_config(config_loader_path, request)
metadata = entity_descriptor(conf)
# this will renumber acs starting from 0 and set index=0 as is_default
cnt = 0
for attribute_consuming_service in metadata.spsso_descriptor.attribute_consuming_service:
attribute_consuming_service.index = str(cnt)
cnt += 1
cnt = 0
for assertion_consumer_service in metadata.spsso_descriptor.assertion_consumer_service:
assertion_consumer_service.is_default = 'true' if not cnt else ''
assertion_consumer_service.index = str(cnt)
cnt += 1
# nameformat patch... tutto questo non rispecchia gli standard OASIS
for reqattr in metadata.spsso_descriptor.attribute_consuming_service[0].requested_attribute:
reqattr.name_format = None #"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
# reqattr.is_required = None
reqattr.friendly_name = None
# remove unecessary encryption and digest algs
supported_algs = ['http://www.w3.org/2009/xmldsig11#dsa-sha256',
'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256']
new_list = []
for alg in metadata.extensions.extension_elements:
# if alg.namespace != 'urn:oasis:names:tc:SAML:metadata:algsupport': continue
if alg.attributes.get('Algorithm') in supported_algs:
new_list.append(alg)
metadata.extensions.extension_elements = new_list
# ... Piuttosto non devo specificare gli algoritmi di firma/criptazione...
metadata.extensions = None
# attribute consuming service service name patch
service_name = metadata.spsso_descriptor.attribute_consuming_service[0].service_name[0]
service_name.lang = 'it'
service_name.text = conf._sp_name
return HttpResponse(content=text_type(metadata).encode('utf-8'),
content_type="text/xml; charset=utf8")
def _make_metadata(config_dict, option):
"""
Creates metadata from the given idp config
:type config_dict: dict[str, Any]
:type option: vopaas.metadata_creation.make_vopaas_metadata.MetadataOption
:rtype: str
:param config_dict: config
:param option: metadata creation settings
:return: A xml string
"""
eds = []
cnf = Config()
cnf.load(copy.deepcopy(config_dict), metadata_construction=True)
if option.valid:
cnf.valid_for = option.valid
eds.append(entity_descriptor(cnf))
conf = Config()
conf.key_file = option.keyfile
conf.cert_file = option.cert
conf.debug = 1
conf.xmlsec_binary = option.xmlsec
secc = security_context(conf)
if option.id:
desc, xmldoc = entities_descriptor(eds, option.valid, option.name, option.id,
option.sign, secc)
valid_instance(desc)
print(desc.to_string(NSPAIR))
else:
for eid in eds:
if option.sign:
assert conf.key_file
assert conf.cert_file
eid, xmldoc = sign_entity_descriptor(eid, option.id, secc)
else:
xmldoc = None
valid_instance(eid)
xmldoc = metadata_tostring_fix(eid, NSPAIR, xmldoc).decode()
return xmldoc
def create_metadata_string(configfile,
config=None,
valid=None,
cert=None,
keyfile=None,
mid=None,
name=None,
sign=None):
"""
TODO: REMOVE THIS FUNCTION AFTER pysaml2 library is updated. to fix the above metadata_tostring_fix function
"""
valid_for = 0
nspair = {"xs": "http://www.w3.org/2001/XMLSchema"}
# paths = [".", "/opt/local/bin"]
if valid:
valid_for = int(valid) # Hours
eds = []
if config is None:
if configfile.endswith(".py"):
configfile = configfile[:-3]
config = Config().load_file(configfile, metadata_construction=True)
eds.append(entity_descriptor(config))
conf = Config()
conf.key_file = config.key_file or keyfile
conf.cert_file = config.cert_file or cert
conf.debug = 1
conf.xmlsec_binary = config.xmlsec_binary
secc = security_context(conf)
if mid:
eid, xmldoc = entities_descriptor(eds, valid_for, name, mid, sign,
secc)
else:
eid = eds[0]
if sign:
eid, xmldoc = sign_entity_descriptor(eid, mid, secc)
else:
xmldoc = None
valid_instance(eid)
return metadata_tostring_fix(eid, nspair, xmldoc)
def _make_metadata(config_dict, option):
"""
Creates metadata from the given idp config
:type config_dict: dict[str, Any]
:type option: vopaas.metadata_creation.make_vopaas_metadata.MetadataOption
:rtype: str
:param config_dict: config
:param option: metadata creation settings
:return: A xml string
"""
eds = []
cnf = Config()
cnf.load(copy.deepcopy(config_dict), metadata_construction=True)
if option.valid:
cnf.valid_for = option.valid
eds.append(entity_descriptor(cnf))
conf = Config()
conf.key_file = option.keyfile
conf.cert_file = option.cert
conf.debug = 1
conf.xmlsec_binary = option.xmlsec
secc = security_context(conf)
if option.id:
desc, xmldoc = entities_descriptor(eds, option.valid, option.name, option.id, option.sign, secc)
valid_instance(desc)
print(desc.to_string(NSPAIR))
else:
for eid in eds:
if option.sign:
assert conf.key_file
assert conf.cert_file
eid, xmldoc = sign_entity_descriptor(eid, option.id, secc)
else:
xmldoc = None
valid_instance(eid)
xmldoc = metadata_tostring_fix(eid, NSPAIR, xmldoc).decode()
return xmldoc
def write_metadata(sp_configs):
"""
Generate SAML XML metadata from the pysaml2 JSON format.
:param base: base url of the svs node
:return: dictionary with the config for the two SP's
"""
for _, config in sp_configs.iteritems():
cnf = Config().load(config, metadata_construction=True)
eid = entity_descriptor(cnf)
valid_instance(eid)
nspair = {"xs": "http://www.w3.org/2001/XMLSchema"}
xmldoc = metadata_tostring_fix(eid, nspair, None)
entity_id = config["entityid"]
path = urlparse.urlparse(entity_id).path
filename = os.path.basename(path)
with open(filename, "w") as output_file:
output_file.write(xmldoc)
def metadata(request, config_loader_path=None, valid_for=None):
"""Returns an XML with the SAML 2.0 metadata for this
SP as configured in the settings.py file.
"""
conf = get_config(config_loader_path, request)
metadata = entity_descriptor(conf)
if conf.extensions:
if metadata.extensions is None:
metadata.extensions = md.Extensions()
for key, val in conf.extensions.items():
_ext = do_extensions(key, val)
if _ext:
for _e in _ext:
metadata.extensions.add_extension_element(_e)
return HttpResponse(
content=text_type(metadata).encode('utf-8'),
content_type="text/xml; charset=utf8",
)
def gen_xml(self, filename, entity_id, acs, sls): # pylint: disable=no-self-use
'''将SAMLAPP配置写入指定路径xml文件
'''
conf = SPConfig()
endpointconfig = {
"entityid": entity_id,
'entity_category': [COC],
"description": "extra SP setup",
"service": {
"sp": {
"want_response_signed": False,
"authn_requests_signed": True,
"logout_requests_signed": True,
"endpoints": {
"assertion_consumer_service":
[(acs, BINDING_HTTP_POST)],
"single_logout_service": [
(sls, BINDING_HTTP_REDIRECT),
(sls.replace('redirect',
'post'), BINDING_HTTP_POST),
],
}
},
},
"key_file": BASEDIR +
"/djangosaml2idp/certificates/mykey.pem", # 随便放一个私钥,并不知道SP私钥
"cert_file":
BASEDIR + '/djangosaml2idp/saml2_config/sp_cert/%s.pem' % filename,
"xmlsec_binary": xmlsec_path,
"metadata": {
"local":
[BASEDIR + '/djangosaml2idp/saml2_config/idp_metadata.xml']
},
"name_form": NAME_FORMAT_URI,
}
conf.load(copy.deepcopy(endpointconfig))
meta_data = entity_descriptor(conf)
content = text_type(meta_data).encode('utf-8')
with open(BASEDIR + '/djangosaml2idp/saml2_config/%s.xml' % filename,
'wb+') as f:
f.write(content)
def _parse_metadata_dict_to_inline(metadata):
"""Convert any metadata included as dict to PySAML2's `inline` type.
Currently PySAML supports remote, local files, and string IdP metadata to
be included in the SP config dict as XML. It is also possible to pull your
IdP metadata from local JSON files (the format of the JSON is nearly
unparsable for any normal human).
This function adds the ability to include the IdP metadata directly in the
SP config as a dict of IdP attributes by hacking around this PySAML2
limitation and converting the dict into XML via PySAML2's IdPConfig class.
Note: In the process of trying to find an alternative which will allow us
to NOT be hacking around PySAML so rudely in order to load IdP metadata
from a Python dict. https://github.com/rohe/pysaml2/issues/172
Args:
metadata (dict): The IdP metadata this SP is configured for.
Returns:
(dict) config where any metadata `inline_dict` data has been
converted to `inline` XML.
"""
if metadata.get('inline_dict', None):
metadata['inline'] = metadata.get('inline', [])
for _idp in metadata.get('inline_dict'):
idp_config = IdPConfig()
idp_config.load(_idp)
entity_desc = entity_descriptor(idp_config)
# Hack for supporting multiple certificates.
if _idp.get('certs'):
# `certs` config directive overrides `cert_file`.
entity_desc.idpsso_descriptor.key_descriptor = \
_parse_key_descriptors(_idp['certs'])
idp_metadata_str = str(entity_desc)
LOGGER.debug("IdP XML Metadata for %s: %s", _idp['entityid'],
idp_metadata_str)
metadata['inline'].append(idp_metadata_str)
del metadata['inline_dict']
return metadata
def _parse_metadata_dict_to_inline(metadata):
"""Convert any metadata included as dict to PySAML2's `inline` type.
Currently PySAML supports remote, local files, and string IdP metadata to
be included in the SP config dict as XML. It is also possible to pull your
IdP metadata from local JSON files (the format of the JSON is nearly
unparsable for any normal human).
This function adds the ability to include the IdP metadata directly in the
SP config as a dict of IdP attributes by hacking around this PySAML2
limitation and converting the dict into XML via PySAML2's IdPConfig class.
Note: In the process of trying to find an alternative which will allow us
to NOT be hacking around PySAML so rudely in order to load IdP metadata
from a Python dict. https://github.com/rohe/pysaml2/issues/172
Args:
metadata (dict): The IdP metadata this SP is configured for.
Returns:
(dict) config where any metadata `inline_dict` data has been
converted to `inline` XML.
"""
if metadata.get('inline_dict', None):
metadata['inline'] = metadata.get('inline', [])
for _idp in metadata.get('inline_dict'):
idp_config = IdPConfig()
idp_config.load(_idp)
entity_desc = entity_descriptor(idp_config)
# Hack for supporting multiple certificates.
if _idp.get('certs'):
# `certs` config directive overrides `cert_file`.
entity_desc.idpsso_descriptor.key_descriptor = \
_parse_key_descriptors(_idp['certs'])
idp_metadata_str = str(entity_desc)
LOGGER.debug("IdP XML Metadata for %s: %s",
_idp['entityid'], idp_metadata_str)
metadata['inline'].append(idp_metadata_str)
del metadata['inline_dict']
return metadata
def create_metadata_string(configfile,
config=None,
valid=None,
cert=None,
keyfile=None,
mid=None,
name=None,
sign=None):
valid_for = 0
nspair = {"xs": "http://www.w3.org/2001/XMLSchema"}
if valid:
valid_for = int(valid) # Hours
eds = []
if config is None:
if configfile.endswith(".py"):
configfile = configfile[:-3]
config = Config().load_file(configfile, metadata_construction=True)
eds.append(entity_descriptor(config))
conf = Config()
conf.key_file = config.key_file or keyfile
conf.cert_file = config.cert_file or cert
conf.debug = 1
conf.xmlsec_binary = config.xmlsec_binary
secc = security_context(conf)
if mid:
eid, xmldoc = entities_descriptor(eds, valid_for, name, mid, sign,
secc)
else:
eid = eds[0]
if sign:
eid, xmldoc = sign_entity_descriptor(eid, mid, secc)
else:
xmldoc = None
valid_instance(eid)
return metadata_tostring_fix(eid, nspair, xmldoc)
def __init__(self, config, attribute_map=None):
"""Initialize SAML Service Provider.
Args:
config (dict): Service Provider config info in dict form
attribute_map (dict): Mapping of attribute keys to user data
"""
self._config = SPConfig()
self._config.load(config)
if config['metadata'].get('config'):
# Hacked in a way to get the IdP metadata from a python dict
# rather than having to resort to loading XML from file or http.
idp_config = IdPConfig()
idp_config.load(config['metadata']['config'][0])
idp_entityid = config['metadata']['config'][0]['entityid']
idp_metadata_str = str(entity_descriptor(idp_config, 24))
LOGGER.debug('IdP XML Metadata for %s: %s' % (
idp_entityid, idp_metadata_str))
self._config.metadata.import_metadata(
idp_metadata_str, idp_entityid)
self.attribute_map = {}
if attribute_map is not None:
self.attribute_map = attribute_map
def spid_sp_metadata(conf):
metadata = entity_descriptor(conf)
# this will renumber acs starting from 0 and set index=0 as is_default
cnt = 0
for attribute_consuming_service in metadata.spsso_descriptor.attribute_consuming_service:
attribute_consuming_service.index = str(cnt)
cnt += 1
cnt = 0
for assertion_consumer_service in metadata.spsso_descriptor.assertion_consumer_service:
assertion_consumer_service.is_default = 'true' if not cnt else ''
assertion_consumer_service.index = str(cnt)
cnt += 1
# nameformat patch
for reqattr in metadata.spsso_descriptor.attribute_consuming_service[0].requested_attribute:
reqattr.name_format = None # "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
reqattr.friendly_name = None
metadata.extensions = None
# attribute consuming service service name patch
service_name = metadata.spsso_descriptor.attribute_consuming_service[0].service_name[0]
service_name.lang = 'it'
service_name.text = conf._sp_name
avviso_29_v3(metadata)
# metadata signature
secc = security_context(conf)
sign_dig_algs = dict(
sign_alg=conf._sp_signing_algorithm,
digest_alg=conf._sp_digest_algorithm
)
eid, xmldoc = sign_entity_descriptor(metadata, None, secc, **sign_dig_algs)
return xmldoc
def create_metadata(config):
return entity_descriptor(config)
def make_meta(self):
self.sp_configure(True)
print(entity_descriptor(self.sp_config))
# translate into hours
valid_for = int(args.valid) * 24
if args.xmlsec:
xmlsec = args.xmlsec
else:
xmlsec = get_xmlsec_binary(paths)
eds = []
for filespec in args.config:
bas, fil = os.path.split(filespec)
if bas != "":
sys.path.insert(0, bas)
if fil.endswith(".py"):
fil = fil[:-3]
cnf = Config().load_file(fil, metadata_construction=True)
eds.append(entity_descriptor(cnf))
secc = SecurityContext(xmlsec, args.keyfile, cert_file=args.cert)
if args.id:
desc = entities_descriptor(eds, valid_for, args.name, args.id,
args.sign, secc)
valid_instance(desc)
print desc.to_string(nspair)
else:
for eid in eds:
if args.sign:
desc = sign_entity_descriptor(eid, id, secc)
else:
desc = eid
valid_instance(desc)
print desc.to_string(nspair)
def saml_metadata():
ed = entity_descriptor(sec_config)
return metadata_tostring_fix(ed,
{"xs": "http://www.w3.org/2001/XMLSchema"},
None)
def saml_metadata():
ed = entity_descriptor(sec_config)
return metadata_tostring_fix(ed, {"xs": "http://www.w3.org/2001/XMLSchema"}, None)
def create_metadata_from_config_dict(config):
nspair = {"xs": "http://www.w3.org/2001/XMLSchema"}
conf = Config().load(config, metadata_construction=True)
return entity_descriptor(conf).to_string(nspair).decode("utf-8")
def create_metadata(config):
return entity_descriptor(config)
def get(self, request, *args, **kwargs):
saml2_config = self.get_saml2_config(request)
metadata = entity_descriptor(saml2_config)
return HttpResponse(str(metadata).encode("utf-8"),
content_type="text/xml; charset=utf8")
print >> sys.stderr, sys.argv[0].split("/")[-1] + ": " + str(err.msg)
print >> sys.stderr, "\t for help use --help"
return 2
if not xmlsec:
xmlsec = get_xmlsec_binary(path)
eds = []
for filespec in args:
bas, fil = os.path.split(filespec)
if bas != "":
sys.path.insert(0, bas)
if fil.endswith(".py"):
fil = fil[:-3]
cnf = Config().load_file(fil, metadata_construction=True)
eds.append(entity_descriptor(cnf, valid_for))
secc = SecurityContext(xmlsec, keyfile, cert_file=pubkeyfile)
if entitiesid:
desc = entities_descriptor(eds, valid_for, name, id, sign, secc)
valid_instance(desc)
print desc.to_string(nspair)
else:
for eid in eds:
if sign:
desc = sign_entity_descriptor(eid, valid_for, id, secc)
else:
desc = eid
valid_instance(desc)
print desc.to_string(nspair)
def entity_desc(self, sp_conf):
return entity_descriptor(SPConfig().load(sp_conf, metadata_construction=True))
def _create_entity_descriptor(entity_config):
cnf = Config().load(copy.deepcopy(entity_config), metadata_construction=True)
return entity_descriptor(cnf)
if args.valid:
# translate into hours
valid_for = int(args.valid) * 24
eds = []
for filespec in args.config:
bas, fil = os.path.split(filespec)
if bas != "":
sys.path.insert(0, bas)
if fil.endswith(".py"):
fil = fil[:-3]
cnf = Config().load_file(fil, metadata_construction=True)
if valid_for:
cnf.valid_for = valid_for
eds.append(entity_descriptor(cnf))
conf = Config()
conf.key_file = args.keyfile
conf.cert_file = args.cert
conf.debug = 1
conf.xmlsec_binary = args.xmlsec
secc = security_context(conf)
if args.id:
desc, xmldoc = entities_descriptor(eds, valid_for, args.name, args.id,
args.sign, secc)
valid_instance(desc)
xmldoc = metadata_tostring_fix(desc, nspair, xmldoc)
print(xmldoc.decode("utf-8"))
else:
from saml2.config import Config from saml2.metadata import entity_descriptor __author__ = 'roland' fil = "sp_mdext_conf.py" cnf = Config().load_file(fil, metadata_construction=True) ed = entity_descriptor(cnf) print(ed) assert ed.spsso_descriptor.extensions assert len(ed.spsso_descriptor.extensions.extension_elements) == 3
