Ejemplo n.º 1
0
def init_oidc_op(app: Flask):
    _op_config = app.srv_config.op

    _fed_conf = _op_config.federation
    if 'httpc_params' not in _fed_conf:
        _fed_conf.httpc_params = get_http_params(_op_config.httpc_params)

    op = FederationServer(_op_config, cwd=dir_path)

    for endp in op.endpoint.values():
        p = urlparse(endp.endpoint_path)
        _vpath = p.path.split('/')
        if _vpath[0] == '':
            endp.vpath = _vpath[1:]
        else:
            endp.vpath = _vpath

    return op
Ejemplo n.º 2
0
    def create_endpoint(self):
        # First the RP
        _config = copy.deepcopy(RP_CONFIG)
        _config['behaviour'] = {'federation_types_supported': ['explicit']}
        entity = FederationRP(config=_config)
        self.rp_federation_entity = entity.client_get(
            "service_context").federation_entity
        # The test data collector
        self.rp_federation_entity.collector = DummyCollector(
            trusted_roots=ANCHOR,
            httpd=HTTPC,
            root_dir=os.path.join(BASE_PATH, 'base_data'))

        # The RP has/supports 3 services
        self.service = {
            'discovery':
            FedProviderInfoDiscovery(entity.client_get),
            'registration':
            Registration(entity.client_get),
            'authorization':
            FedAuthorization(entity.client_get,
                             conf={"request_object_expires_in": 300}),
        }

        # and now for the OP
        _config = copy.copy(OP_CONF)
        _config['add_on'] = {
            "automatic_registration": {
                "function":
                "fedservice.op.add_on.automatic_registration.add_support",
                "kwargs": {
                    "new_id": False,  # default False
                    'client_registration_authn_methods_supported': {
                        "ar": ['request_object']
                    },
                    'where': ['authorization']
                }
            }
        }
        server = FederationServer(_config)
        self.registration_endpoint = server.server_get("endpoint",
                                                       "registration")
        self.authorization_endpoint = server.server_get(
            "endpoint", "authorization")
        self.provider_endpoint = server.server_get("endpoint",
                                                   "provider_config")

        federation_entity = server.server_get(
            "endpoint_context").federation_entity
        federation_entity.collector = DummyCollector(httpd=Publisher(ROOT_DIR),
                                                     trusted_roots=ANCHOR,
                                                     root_dir=ROOT_DIR)
Ejemplo n.º 3
0
    def create_endpoint(self):
        # First the RP
        _config = copy.deepcopy(RP_CONFIG)
        _config['behaviour'] = {'federation_types_supported': ['explicit']}
        entity = FederationRP(config=_config)
        self.rp_federation_entity = entity.client_get(
            "service_context").federation_entity
        # The test data collector
        self.rp_federation_entity.collector = DummyCollector(
            trusted_roots=ANCHOR,
            httpd=HTTPC,
            root_dir=os.path.join(BASE_PATH, 'base_data'))

        entity._service = {
            'discovery':
            FedProviderInfoDiscovery(entity.client_get),
            'registration':
            Registration(entity.client_get),
            'authorization':
            FedAuthorization(entity.client_get,
                             conf={"request_object_expires_in": 300}),
        }
        self.rp = entity

        # and now for the OP
        _config = copy.copy(OP_CONF)

        server = FederationServer(_config)
        self.registration_endpoint = server.server_get("endpoint",
                                                       "registration")
        self.authorization_endpoint = server.server_get(
            "endpoint", "authorization")
        self.provider_endpoint = server.server_get("endpoint",
                                                   "provider_config")

        federation_entity = server.server_get(
            "endpoint_context").federation_entity
        federation_entity.collector = DummyCollector(httpd=Publisher(ROOT_DIR),
                                                     trusted_roots=ANCHOR,
                                                     root_dir=ROOT_DIR)
Ejemplo n.º 4
0
    def create_endpoint(self):
        # First the RP

        entity = FederationRP(config=RP_CONFIG)

        _fe = entity.client_get("service_context").federation_entity
        # The test data collector
        _fe.collector = DummyCollector(trusted_roots=ANCHOR,
                                       httpd=HTTPC,
                                       root_dir=os.path.join(
                                           BASE_PATH, 'base_data'))

        # The RP has/supports 3 services
        self.service = {
            'discovery': FedProviderInfoDiscovery(entity.client_get),
            'registration': Registration(entity.client_get),
            'authorization': FedAuthorization(entity.client_get),
        }

        # and now for the OP

        server = FederationServer(OP_CONF, httpc=HTTPC)

        self.registration_endpoint = server.server_get("endpoint",
                                                       "registration")
        self.authorization_endpoint = server.server_get(
            "endpoint", "authorization")
        self.provider_endpoint = server.server_get("endpoint",
                                                   "provider_config")

        # === Federation stuff =======
        federation_entity = server.server_get(
            "endpoint_context").federation_entity
        federation_entity.collector = DummyCollector(httpd=Publisher(ROOT_DIR),
                                                     trusted_roots=ANCHOR,
                                                     root_dir=ROOT_DIR)
Ejemplo n.º 5
0
    def create_endpoint(self):
        conf = {
            "issuer": ENTITY_ID,
            "password": "******",
            "token_expires_in": 600,
            "grant_expires_in": 300,
            "refresh_token_expires_in": 86400,
            "verify_ssl": False,
            "claims_interface": {
                "class": "oidcop.session.claims.ClaimsInterface",
                "kwargs": {}
            },
            'keys': {
                'key_defs': KEYSPEC,
                "private_path": "own/jwks.json",
                "uri_path": "static/jwks.json"
            },
            "endpoint": {
                "provider_config": {
                    "path": ".well-known/openid-configuration",
                    "class": ProviderConfiguration,
                    "kwargs": {},
                }
            },
            "authentication": {
                "anon": {
                    'acr': UNSPECIFIED,
                    "class": NoAuthn,
                    "kwargs": {
                        "user": "******"
                    }
                }
            },
            'template_dir': 'template',
            "federation": {
                "entity_id": ENTITY_ID,
                'keys': {
                    'key_defs': KEYSPEC
                },
                "endpoint": {
                    "fetch": {
                        "path": "fetch",
                        "class": Fetch,
                        "kwargs": {
                            "client_authn_method": None
                        },
                    }
                },
                "trusted_roots": ANCHOR,
                "authority_hints": ['https://feide.no'],
                "entity_type": 'openid_relying_party',
                "opponent_entity_type": 'openid_provider'
            }
        }
        server = FederationServer(conf)
        self.endpoint = server.server_get('endpoint', 'provider_config')

        server.endpoint_context.federation_entity.collector = DummyCollector(
            httpd=Publisher(os.path.join(BASE_PATH, 'data')),
            trusted_roots=ANCHOR,
            root_dir=ROOT_DIR)
Ejemplo n.º 6
0
    def create_endpoint(self):
        try:
            shutil.rmtree('storage')
        except FileNotFoundError:
            pass

        conf = {
            "issuer": ENTITY_ID,
            "password": "******",
            "claims_interface": {"class": "oidcop.session.claims.ClaimsInterface", "kwargs": {}},
            "verify_ssl": False,
            "endpoint": {
                "provider_config": {
                    "path": ".well-known/openid-configuration",
                    "class": ProviderConfiguration,
                    "kwargs": {"client_authn_method": None},
                },
            },
            "token_handler_args": {
                "jwks_def": {
                    "private_path": "private/token_jwks.json",
                    "read_only": False,
                    "key_defs": [
                        {"type": "oct", "bytes": "24", "use": ["enc"], "kid": "code"},
                        {"type": "oct", "bytes": "24", "use": ["enc"], "kid": "token"},
                        {"type": "oct", "bytes": "24", "use": ["enc"], "kid": "refresh"}
                    ],
                },
                "code": {"kwargs": {"lifetime": 600}},
                "token": {"kwargs": {"lifetime": 3600}},
                "refresh": {"kwargs": {"lifetime": 3600}},
            },
            "keys": {
                'key_defs': KEYSPEC,
                "private_path": full_path("own/jwks.json"),
                "uri_path": full_path("static/jwks.json")
            },
            "authentication": {
                "anon": {
                    'acr': UNSPECIFIED,
                    "class": NoAuthn,
                    "kwargs": {"user": "******"}
                }
            },
            'template_dir': 'template',
            'federation': {
                'entity_id': ENTITY_ID,
                'signing_keys': {
                    'private_path': full_path('private/fed_keys.json'),
                    'key_defs': KEYSPEC,
                    'public_path': full_path('static/fed_keys.json'),
                    'read_only': False
                },
                "endpoint": {
                    "fetch": {
                        "path": "fetch",
                        "class": Fetch,
                        "kwargs": {"client_authn_method": None},
                    }
                },
                'priority': [],
                'entity_type': 'openid_provider',
                'opponent_entity_type': 'openid_relying_party',
                'registration_type': 'explicit'
            }
        }
        conf['federation']['trusted_roots'] = full_path('trusted_roots.json')
        conf['federation']['authority_hints'] = full_path('authority_hints.json')

        server = FederationServer(conf)
        self.endpoint = server.server_get("endpoint", "provider_config")
    def create_setup(self):
        # First the RP
        config = {
            'behaviour': {
                'federation_types_supported': ['automatic']
            },
            'issuer': "https://op.ntnu.no",
            'keys': {'key_defs': KEYSPEC},
            "federation": {
                "endpoint": {
                    "fetch": {
                        "path": "fetch",
                        "class": Fetch,
                        "kwargs": {"client_authn_method": None},
                    }
                },
                'entity_id': RP_ENTITY_ID,
                "trusted_roots": ANCHOR,
                "authority_hints": ['https://ntnu.no'],
                "entity_type": 'openid_relying_party',
                "opponent_entity_type": 'openid_provider'
            }
        }

        self.entity = FederationRP(config=config)
        service_context = self.entity.get_service_context()

        service_context.federation_entity.collector = DummyCollector(
            trusted_roots=ANCHOR, root_dir=ROOT_DIR)

        # The RP has/supports 2 services
        self.discovery_service = FedProviderInfoDiscovery(self.entity.client_get)
        self.registration_service = RPRegistration(self.entity.client_get)
        # self.authorization_service = FedAuthorization(entity.client_get)

        # and now for the OP
        op_entity_id = "https://op.ntnu.no"
        op_conf = {
            "issuer": op_entity_id,
            "password": "******",
            "token_handler_args": {
                "jwks_def": {
                    "private_path": "private/token_jwks.json",
                    "read_only": False,
                    "key_defs": [
                        {"type": "oct", "bytes": 24, "use": ["enc"], "kid": "code"},
                        {"type": "oct", "bytes": 24, "use": ["enc"], "kid": "refresh"},
                    ],
                },
                "code": {"lifetime": 600},
                "token": {
                    "class": "oidcop.token.jwt_token.JWTToken",
                    "kwargs": {
                        "lifetime": 3600,
                        "add_claims": [
                            "email",
                            "email_verified",
                            "phone_number",
                            "phone_number_verified",
                        ],
                        "add_claim_by_scope": True,
                        "aud": ["https://example.org/appl"]
                    },
                },
                "refresh": {"lifetime": 86400},
            },
            "claims_interface": {"class": "oidcop.session.claims.ClaimsInterface", "kwargs": {}},
            "verify_ssl": False,
            "capabilities": CAPABILITIES,
            "keys": {"uri_path": "static/jwks.json", "key_defs": KEYSPEC},
            "id_token": {
                "class": IDToken,
                "kwargs": {
                    "default_claims": {
                        "email": {"essential": True},
                        "email_verified": {"essential": True},
                    }
                },
            },
            "endpoint": {
                "provider_config": {
                    "path": ".well-known/openid-configuration",
                    "class": ProviderConfiguration,
                    "kwargs": {},
                },
                "registration": {
                    "path": "registration",
                    "class": OPRegistration,
                    "kwargs": {},
                },
                "authorization": {
                    "path": "authorization",
                    "class": Authorization,
                    "kwargs": {
                        "response_types_supported": [
                            " ".join(x) for x in RESPONSE_TYPES_SUPPORTED
                        ],
                        "response_modes_supported": ["query", "fragment", "form_post"],
                        "claims_parameter_supported": True,
                        "request_parameter_supported": True,
                        "request_uri_parameter_supported": True,
                    },
                },
                "pushed_authorization": {
                    "path": "pushed_authorization",
                    "class": PushedAuthorization,
                    "kwargs": {
                        "client_authn_method": [
                            "client_secret_post",
                            "client_secret_basic",
                            "client_secret_jwt",
                            "private_key_jwt",
                        ]
                    },
                },
            },
            "authentication": {
                "anon": {
                    "acr": "http://www.swamid.se/policy/assurance/al1",
                    "class": "oidcop.user_authn.user.NoAuthn",
                    "kwargs": {"user": "******"},
                }
            },
            "template_dir": "template",
            "cookie_handler": {
                "class": CookieHandler,
                "kwargs": {
                    "keys": {"key_defs": COOKIE_KEYDEFS},
                    "name": {
                        "session": "oidc_op",
                        "register": "oidc_op_reg",
                        "session_management": "oidc_op_sman"
                    }
                },
            },
            'add_on': {
                "automatic_registration": {
                    "function":
                        "fedservice.op.add_on.automatic_registration.add_support",
                    "kwargs": {
                        "new_id": False,  # default False
                        "where": ["pushed_authorization"]
                    }
                }
            },
            "federation": {
                "endpoint": {
                    "fetch": {
                        "path": "fetch",
                        "class": Fetch,
                        "kwargs": {"client_authn_method": None},
                    }
                },
                "entity_id": op_entity_id,
                "trusted_roots": ANCHOR,
                "authority_hints": ['https://ntnu.no'],
                "entity_type": 'openid_relying_party',
                "opponent_entity_type": 'openid_relying_party'
            }
        }
        server = FederationServer(conf=op_conf)
        endpoint_context = server.get_endpoint_context()
        # _clients = yaml.safe_load(io.StringIO(client_yaml))
        # endpoint_context.cdb = _clients["oidc_clients"]
        # store keys under my own ID
        endpoint_context.keyjar.import_jwks(
            endpoint_context.keyjar.export_jwks(True, ""), op_conf["issuer"]
        )

        self.pushed_authorization_endpoint = server.server_get("endpoint", "pushed_authorization")
        self.authorization_endpoint = server.server_get("endpoint", "authorization")
        self.registration_endpoint = server.server_get("endpoint", "registration")

        endpoint_context.federation_entity.collector = DummyCollector(
            httpd=Publisher(ROOT_DIR),
            trusted_roots=ANCHOR,
            root_dir=ROOT_DIR)