else: raise Exception("Unsupported userinfo source") try: OAS.cookie_ttl = config.COOKIETTL except AttributeError: pass try: OAS.cookie_name = config.COOKIENAME except AttributeError: pass #print URLS if args.debug: OAS.debug = True # All endpoints the OpenID Connect Provider should answer on add_endpoints(ENDPOINTS) OAS.endpoints = ENDPOINTS if args.port == 80: OAS.baseurl = config.baseurl else: if config.baseurl.endswith("/"): config.baseurl = config.baseurl[:-1] OAS.baseurl = "%s:%d" % (config.baseurl, args.port) if not OAS.baseurl.endswith("/"): OAS.baseurl += "/"
# provider.keyjar is an interesting parameter, # currently it uses default values, but # if you have time, it worth investigating. for authnIndexedEndPointWrapper in authnBroker: authnIndexedEndPointWrapper.srv = provider # TODO: this is a point to consider: what if user data in a database? if config.USERINFO == "SIMPLE": provider.userinfo = UserInfo(config.USERDB) provider.cookie_ttl = config.COOKIETTL provider.cookie_name = config.COOKIENAME if args.debug: provider.debug = True try: # JWK: JSON Web Key # JWKS: is a dictionary of JWK # __________ NOTE __________ # JWKS contains private key information. # # keyjar_init configures cryptographic key # based on the provided configuration "keys". jwks = keyjar_init( provider, # server/client instance config.keys, # key configuration kid_template="op%d" ) # template by which to build the kids (key ID parameter) except Exception as err:
# provider.keyjar is an interesting parameter, # currently it uses default values, but # if you have time, it worth investigating. for authnIndexedEndPointWrapper in authnBroker: authnIndexedEndPointWrapper.srv = provider # TODO: this is a point to consider: what if user data in a database? if config.USERINFO == "SIMPLE": provider.userinfo = UserInfo(config.USERDB) provider.cookie_ttl = config.COOKIETTL provider.cookie_name = config.COOKIENAME if args.debug: provider.debug = True try: # JWK: JSON Web Key # JWKS: is a dictionary of JWK # __________ NOTE __________ # JWKS contains private key information. # # keyjar_init configures cryptographic key # based on the provided configuration "keys". jwks = keyjar_init( provider, # server/client instance config.keys, # key configuration kid_template="op%d") # template by which to build the kids (key ID parameter) except Exception as err: # LOGGER.error("Key setup failed: %s" % err)