def test_loading_private_key(): pk_from_file = private_key_from_file(PRIVATE_KEY_FILE) pk_from_string = private_key_from_string(X509_PRIVATE_KEY_DATA) signer_from_file = RsaSha1Signer(pk_from_file) signer_from_string = RsaSha1Signer(pk_from_string) # It does not seem possible to compare PKey instances for equality, but the # same key should sign the same data to the same value, and different keys # will sign the same data to different values data = b'Hello, world!' assert signer_from_file(data) == signer_from_string(data)
def init_app(self, app): """Init app using factories pattern.""" CERTIFICATE = certificate_from_file(CERTIFICATE_FILE) PRIVATE_KEY = private_key_from_file(PRIVATE_KEY_FILE) app.config['SAML2_IDENTITY_PROVIDERS'] = [ { 'CLASS': 'flask_saml2.sp.idphandler.IdPHandler', 'OPTIONS': { 'display_name': 'mkplay', 'entity_id': app.config['ENTITY_ID'], 'sso_url': app.config['SSO_URL'], 'slo_url': app.config['SLO_URL'], 'certificate': app.config['CERTIFICATE'] }, }, ] app.config['SAML2_SP'] = { 'certificate': CERTIFICATE, 'private_key': PRIVATE_KEY, }
SAML2_IDENTITY_PROVIDERS = [ { 'CLASS': 'backend.saml.KeycloakIdPHandler', 'OPTIONS': { 'display_name': 'Keycloak IdP', 'entity_id': f'https://sso.{EDAP_DOMAIN}/auth/realms/master', 'sso_url': f'https://sso.{EDAP_DOMAIN}/auth/realms/master/protocol/saml', 'slo_url': f'https://sso.{EDAP_DOMAIN}/auth/realms/master/protocol/saml', }, }, ] try: SAML2_SP = { 'certificate': certificate_from_file(const.SAML_CERT_ROOT / const.SAML_CHOICES["sp-cert"]), 'private_key': private_key_from_file(const.SAML_CERT_ROOT / const.SAML_CHOICES["sp-key"]), } SAML2_IDENTITY_PROVIDERS[0]['OPTIONS'][ 'certificate'] = certificate_from_file(const.SAML_CERT_ROOT / const.SAML_CHOICES["idp-cert"]) except Exception as e: print(f"Error configuring SAML: {e}", file=sys.stderr) pass # Files probably don't exist
""" import base64 from lxml import etree from flask_saml2.signing import RsaSha1Signer, Sha1Digester, get_signature_xml from flask_saml2.utils import certificate_from_file, private_key_from_file from . import base # Normally, the Salesforce private key would only be known by Salesforce. As we # are generating and signing a request as if it was from Salesforce, we need # the private key. SALESFORCE_CERTIFICATE = certificate_from_file(base.KEY_DIR / 'salesforce-certificate.pem') SALESFORCE_PRIVATE_KEY = private_key_from_file(base.KEY_DIR / 'salesforce-private-key.pem') RELAY_STATE = '/home/home.jsp' SALESFORCE_ACS = 'https://login.salesforce.com' class TestSalesForceSPHandler(base.BaseSPHandlerTests): @classmethod def setup_class(cls): request_id = '_ABC123_some_assertion_id' request_xml = etree.fromstring( '<samlp:AuthnRequest ' 'xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ' 'AssertionConsumerServiceURL="https://login.salesforce.com" ' 'Destination="http://127.0.0.1:8000/+saml" ' 'ID="' + request_id + '" '
@attr.s class SamlView: html = attr.ib() html_soup = attr.ib() saml = attr.ib() saml_soup = attr.ib() form_action = attr.ib() KEY_DIR = Path(__file__).parent.parent / 'keys' / 'sample' CERTIFICATE_FILE = KEY_DIR / 'idp-certificate.pem' PRIVATE_KEY_FILE = KEY_DIR / 'idp-private-key.pem' CERTIFICATE = certificate_from_file(CERTIFICATE_FILE) PRIVATE_KEY = private_key_from_file(PRIVATE_KEY_FILE) class IdentityProvider(IdentityProvider): def __init__(self, service_providers, users=None, **kwargs): super().__init__(**kwargs) self.service_providers = service_providers self.users = {} if users is not None: for user in users: self.add_user(user) def get_idp_config(self): return { 'issuer': 'Test IdP', 'autosubmit': True,
return url_for('index', _external=True) def get_default_login_return_url(self): return url_for('index', _external=True) sp = ExampleServiceProvider() app = Flask(__name__) app.debug = True app.secret_key = 'not a secret' app.config['SERVER_NAME'] = '[NODE PUBLIC IP]:9000' app.config['SAML2_SP'] = { 'certificate': certificate_from_file('keys/sp_cert.pem'), 'private_key': private_key_from_file('keys/sp_key.pem'), } app.config['SAML2_IDENTITY_PROVIDERS'] = [ { 'CLASS': 'flask_saml2.sp.idphandler.IdPHandler', 'OPTIONS': { 'display_name': 'py-saml-poc', 'entity_id': '[SAML v2 Entity Id]', 'sso_url': '[SAML v2 Login URL]', 'slo_url': '[SAML v2 Logout URL]', 'certificate': certificate_from_file('keys/idp_cert.pem'), }, }, ]
import urllib.parse from pathlib import Path import attr import flask from flask import Flask, abort, redirect import flask_saml2.idp import flask_saml2.sp from flask_saml2.utils import certificate_from_file, private_key_from_file KEY_DIR = Path(__file__).parent.parent / 'keys' / 'sample' IDP_CERTIFICATE = certificate_from_file(KEY_DIR / 'idp-certificate.pem') IDP_PRIVATE_KEY = private_key_from_file(KEY_DIR / 'idp-private-key.pem') SP_CERTIFICATE = certificate_from_file(KEY_DIR / 'sp-certificate.pem') SP_PRIVATE_KEY = private_key_from_file(KEY_DIR / 'sp-private-key.pem') @attr.s class User: username = attr.ib() email = attr.ib() class ServiceProvider(flask_saml2.sp.ServiceProvider): def __init__(self, identity_providers, **kwargs): super().__init__(**kwargs) self.identity_providers = identity_providers def get_sp_config(self):