def init_oidc_op(app: Flask): _op_config = app.srv_config.op _fed_conf = _op_config.federation if 'httpc_params' not in _fed_conf: _fed_conf.httpc_params = get_http_params(_op_config.httpc_params) op = FederationServer(_op_config, cwd=dir_path) for endp in op.endpoint.values(): p = urlparse(endp.endpoint_path) _vpath = p.path.split('/') if _vpath[0] == '': endp.vpath = _vpath[1:] else: endp.vpath = _vpath return op
def create_endpoint(self): # First the RP _config = copy.deepcopy(RP_CONFIG) _config['behaviour'] = {'federation_types_supported': ['explicit']} entity = FederationRP(config=_config) self.rp_federation_entity = entity.client_get( "service_context").federation_entity # The test data collector self.rp_federation_entity.collector = DummyCollector( trusted_roots=ANCHOR, httpd=HTTPC, root_dir=os.path.join(BASE_PATH, 'base_data')) # The RP has/supports 3 services self.service = { 'discovery': FedProviderInfoDiscovery(entity.client_get), 'registration': Registration(entity.client_get), 'authorization': FedAuthorization(entity.client_get, conf={"request_object_expires_in": 300}), } # and now for the OP _config = copy.copy(OP_CONF) _config['add_on'] = { "automatic_registration": { "function": "fedservice.op.add_on.automatic_registration.add_support", "kwargs": { "new_id": False, # default False 'client_registration_authn_methods_supported': { "ar": ['request_object'] }, 'where': ['authorization'] } } } server = FederationServer(_config) self.registration_endpoint = server.server_get("endpoint", "registration") self.authorization_endpoint = server.server_get( "endpoint", "authorization") self.provider_endpoint = server.server_get("endpoint", "provider_config") federation_entity = server.server_get( "endpoint_context").federation_entity federation_entity.collector = DummyCollector(httpd=Publisher(ROOT_DIR), trusted_roots=ANCHOR, root_dir=ROOT_DIR)
def create_endpoint(self): # First the RP _config = copy.deepcopy(RP_CONFIG) _config['behaviour'] = {'federation_types_supported': ['explicit']} entity = FederationRP(config=_config) self.rp_federation_entity = entity.client_get( "service_context").federation_entity # The test data collector self.rp_federation_entity.collector = DummyCollector( trusted_roots=ANCHOR, httpd=HTTPC, root_dir=os.path.join(BASE_PATH, 'base_data')) entity._service = { 'discovery': FedProviderInfoDiscovery(entity.client_get), 'registration': Registration(entity.client_get), 'authorization': FedAuthorization(entity.client_get, conf={"request_object_expires_in": 300}), } self.rp = entity # and now for the OP _config = copy.copy(OP_CONF) server = FederationServer(_config) self.registration_endpoint = server.server_get("endpoint", "registration") self.authorization_endpoint = server.server_get( "endpoint", "authorization") self.provider_endpoint = server.server_get("endpoint", "provider_config") federation_entity = server.server_get( "endpoint_context").federation_entity federation_entity.collector = DummyCollector(httpd=Publisher(ROOT_DIR), trusted_roots=ANCHOR, root_dir=ROOT_DIR)
def create_endpoint(self): # First the RP entity = FederationRP(config=RP_CONFIG) _fe = entity.client_get("service_context").federation_entity # The test data collector _fe.collector = DummyCollector(trusted_roots=ANCHOR, httpd=HTTPC, root_dir=os.path.join( BASE_PATH, 'base_data')) # The RP has/supports 3 services self.service = { 'discovery': FedProviderInfoDiscovery(entity.client_get), 'registration': Registration(entity.client_get), 'authorization': FedAuthorization(entity.client_get), } # and now for the OP server = FederationServer(OP_CONF, httpc=HTTPC) self.registration_endpoint = server.server_get("endpoint", "registration") self.authorization_endpoint = server.server_get( "endpoint", "authorization") self.provider_endpoint = server.server_get("endpoint", "provider_config") # === Federation stuff ======= federation_entity = server.server_get( "endpoint_context").federation_entity federation_entity.collector = DummyCollector(httpd=Publisher(ROOT_DIR), trusted_roots=ANCHOR, root_dir=ROOT_DIR)
def create_endpoint(self): conf = { "issuer": ENTITY_ID, "password": "******", "token_expires_in": 600, "grant_expires_in": 300, "refresh_token_expires_in": 86400, "verify_ssl": False, "claims_interface": { "class": "oidcop.session.claims.ClaimsInterface", "kwargs": {} }, 'keys': { 'key_defs': KEYSPEC, "private_path": "own/jwks.json", "uri_path": "static/jwks.json" }, "endpoint": { "provider_config": { "path": ".well-known/openid-configuration", "class": ProviderConfiguration, "kwargs": {}, } }, "authentication": { "anon": { 'acr': UNSPECIFIED, "class": NoAuthn, "kwargs": { "user": "******" } } }, 'template_dir': 'template', "federation": { "entity_id": ENTITY_ID, 'keys': { 'key_defs': KEYSPEC }, "endpoint": { "fetch": { "path": "fetch", "class": Fetch, "kwargs": { "client_authn_method": None }, } }, "trusted_roots": ANCHOR, "authority_hints": ['https://feide.no'], "entity_type": 'openid_relying_party', "opponent_entity_type": 'openid_provider' } } server = FederationServer(conf) self.endpoint = server.server_get('endpoint', 'provider_config') server.endpoint_context.federation_entity.collector = DummyCollector( httpd=Publisher(os.path.join(BASE_PATH, 'data')), trusted_roots=ANCHOR, root_dir=ROOT_DIR)
def create_endpoint(self): try: shutil.rmtree('storage') except FileNotFoundError: pass conf = { "issuer": ENTITY_ID, "password": "******", "claims_interface": {"class": "oidcop.session.claims.ClaimsInterface", "kwargs": {}}, "verify_ssl": False, "endpoint": { "provider_config": { "path": ".well-known/openid-configuration", "class": ProviderConfiguration, "kwargs": {"client_authn_method": None}, }, }, "token_handler_args": { "jwks_def": { "private_path": "private/token_jwks.json", "read_only": False, "key_defs": [ {"type": "oct", "bytes": "24", "use": ["enc"], "kid": "code"}, {"type": "oct", "bytes": "24", "use": ["enc"], "kid": "token"}, {"type": "oct", "bytes": "24", "use": ["enc"], "kid": "refresh"} ], }, "code": {"kwargs": {"lifetime": 600}}, "token": {"kwargs": {"lifetime": 3600}}, "refresh": {"kwargs": {"lifetime": 3600}}, }, "keys": { 'key_defs': KEYSPEC, "private_path": full_path("own/jwks.json"), "uri_path": full_path("static/jwks.json") }, "authentication": { "anon": { 'acr': UNSPECIFIED, "class": NoAuthn, "kwargs": {"user": "******"} } }, 'template_dir': 'template', 'federation': { 'entity_id': ENTITY_ID, 'signing_keys': { 'private_path': full_path('private/fed_keys.json'), 'key_defs': KEYSPEC, 'public_path': full_path('static/fed_keys.json'), 'read_only': False }, "endpoint": { "fetch": { "path": "fetch", "class": Fetch, "kwargs": {"client_authn_method": None}, } }, 'priority': [], 'entity_type': 'openid_provider', 'opponent_entity_type': 'openid_relying_party', 'registration_type': 'explicit' } } conf['federation']['trusted_roots'] = full_path('trusted_roots.json') conf['federation']['authority_hints'] = full_path('authority_hints.json') server = FederationServer(conf) self.endpoint = server.server_get("endpoint", "provider_config")
def create_setup(self): # First the RP config = { 'behaviour': { 'federation_types_supported': ['automatic'] }, 'issuer': "https://op.ntnu.no", 'keys': {'key_defs': KEYSPEC}, "federation": { "endpoint": { "fetch": { "path": "fetch", "class": Fetch, "kwargs": {"client_authn_method": None}, } }, 'entity_id': RP_ENTITY_ID, "trusted_roots": ANCHOR, "authority_hints": ['https://ntnu.no'], "entity_type": 'openid_relying_party', "opponent_entity_type": 'openid_provider' } } self.entity = FederationRP(config=config) service_context = self.entity.get_service_context() service_context.federation_entity.collector = DummyCollector( trusted_roots=ANCHOR, root_dir=ROOT_DIR) # The RP has/supports 2 services self.discovery_service = FedProviderInfoDiscovery(self.entity.client_get) self.registration_service = RPRegistration(self.entity.client_get) # self.authorization_service = FedAuthorization(entity.client_get) # and now for the OP op_entity_id = "https://op.ntnu.no" op_conf = { "issuer": op_entity_id, "password": "******", "token_handler_args": { "jwks_def": { "private_path": "private/token_jwks.json", "read_only": False, "key_defs": [ {"type": "oct", "bytes": 24, "use": ["enc"], "kid": "code"}, {"type": "oct", "bytes": 24, "use": ["enc"], "kid": "refresh"}, ], }, "code": {"lifetime": 600}, "token": { "class": "oidcop.token.jwt_token.JWTToken", "kwargs": { "lifetime": 3600, "add_claims": [ "email", "email_verified", "phone_number", "phone_number_verified", ], "add_claim_by_scope": True, "aud": ["https://example.org/appl"] }, }, "refresh": {"lifetime": 86400}, }, "claims_interface": {"class": "oidcop.session.claims.ClaimsInterface", "kwargs": {}}, "verify_ssl": False, "capabilities": CAPABILITIES, "keys": {"uri_path": "static/jwks.json", "key_defs": KEYSPEC}, "id_token": { "class": IDToken, "kwargs": { "default_claims": { "email": {"essential": True}, "email_verified": {"essential": True}, } }, }, "endpoint": { "provider_config": { "path": ".well-known/openid-configuration", "class": ProviderConfiguration, "kwargs": {}, }, "registration": { "path": "registration", "class": OPRegistration, "kwargs": {}, }, "authorization": { "path": "authorization", "class": Authorization, "kwargs": { "response_types_supported": [ " ".join(x) for x in RESPONSE_TYPES_SUPPORTED ], "response_modes_supported": ["query", "fragment", "form_post"], "claims_parameter_supported": True, "request_parameter_supported": True, "request_uri_parameter_supported": True, }, }, "pushed_authorization": { "path": "pushed_authorization", "class": PushedAuthorization, "kwargs": { "client_authn_method": [ "client_secret_post", "client_secret_basic", "client_secret_jwt", "private_key_jwt", ] }, }, }, "authentication": { "anon": { "acr": "http://www.swamid.se/policy/assurance/al1", "class": "oidcop.user_authn.user.NoAuthn", "kwargs": {"user": "******"}, } }, "template_dir": "template", "cookie_handler": { "class": CookieHandler, "kwargs": { "keys": {"key_defs": COOKIE_KEYDEFS}, "name": { "session": "oidc_op", "register": "oidc_op_reg", "session_management": "oidc_op_sman" } }, }, 'add_on': { "automatic_registration": { "function": "fedservice.op.add_on.automatic_registration.add_support", "kwargs": { "new_id": False, # default False "where": ["pushed_authorization"] } } }, "federation": { "endpoint": { "fetch": { "path": "fetch", "class": Fetch, "kwargs": {"client_authn_method": None}, } }, "entity_id": op_entity_id, "trusted_roots": ANCHOR, "authority_hints": ['https://ntnu.no'], "entity_type": 'openid_relying_party', "opponent_entity_type": 'openid_relying_party' } } server = FederationServer(conf=op_conf) endpoint_context = server.get_endpoint_context() # _clients = yaml.safe_load(io.StringIO(client_yaml)) # endpoint_context.cdb = _clients["oidc_clients"] # store keys under my own ID endpoint_context.keyjar.import_jwks( endpoint_context.keyjar.export_jwks(True, ""), op_conf["issuer"] ) self.pushed_authorization_endpoint = server.server_get("endpoint", "pushed_authorization") self.authorization_endpoint = server.server_get("endpoint", "authorization") self.registration_endpoint = server.server_get("endpoint", "registration") endpoint_context.federation_entity.collector = DummyCollector( httpd=Publisher(ROOT_DIR), trusted_roots=ANCHOR, root_dir=ROOT_DIR)