def do_spsso_descriptor(conf, cert=None, enc_cert=None): spsso = md.SPSSODescriptor() spsso.protocol_support_enumeration = samlp.NAMESPACE exts = conf.getattr("extensions", "sp") if exts: if spsso.extensions is None: spsso.extensions = md.Extensions() for key, val in exts.items(): _ext = do_extensions(key, val) if _ext: for _e in _ext: spsso.extensions.add_extension_element(_e) endps = conf.getattr("endpoints", "sp") if endps: for (endpoint, instlist) in do_endpoints(endps, ENDPOINTS["sp"]).items(): setattr(spsso, endpoint, instlist) ext = do_endpoints(endps, ENDPOINT_EXT["sp"]) if ext: if spsso.extensions is None: spsso.extensions = md.Extensions() for vals in ext.values(): for val in vals: spsso.extensions.add_extension_element(val) ui_info = conf.getattr("ui_info", "sp") if ui_info: if spsso.extensions is None: spsso.extensions = md.Extensions() spsso.extensions.add_extension_element(do_uiinfo(ui_info)) if cert or enc_cert: metadata_key_usage = conf.metadata_key_usage spsso.key_descriptor = do_key_descriptor(cert=cert, enc_cert=enc_cert, use=metadata_key_usage) for key in ["want_assertions_signed", "authn_requests_signed"]: try: val = conf.getattr(key, "sp") if val is None: setattr(spsso, key, DEFAULT[key]) # default ?! else: strval = "{0:>s}".format(str(val)) setattr(spsso, key, strval.lower()) except KeyError: setattr(spsso, key, DEFAULTS[key]) do_attribute_consuming_service(conf, spsso) _do_nameid_format(spsso, conf, "sp") return spsso
def do_idpsso_descriptor(conf, cert=None, enc_cert=None): idpsso = md.IDPSSODescriptor() idpsso.protocol_support_enumeration = samlp.NAMESPACE endps = conf.getattr("endpoints", "idp") if endps: for (endpoint, instlist) in do_endpoints(endps, ENDPOINTS["idp"]).items(): setattr(idpsso, endpoint, instlist) _do_nameid_format(idpsso, conf, "idp") scopes = conf.getattr("scope", "idp") if scopes: if idpsso.extensions is None: idpsso.extensions = md.Extensions() for scope in scopes: mdscope = shibmd.Scope() mdscope.text = scope # unless scope contains '*'/'+'/'?' assume non regexp ? mdscope.regexp = "false" idpsso.extensions.add_extension_element(mdscope) ui_info = conf.getattr("ui_info", "idp") if ui_info: if idpsso.extensions is None: idpsso.extensions = md.Extensions() idpsso.extensions.add_extension_element(do_uiinfo(ui_info)) if cert or enc_cert: idpsso.key_descriptor = do_key_descriptor(cert, enc_cert, use=conf.metadata_key_usage) for key in ["want_authn_requests_signed"]: # "want_authn_requests_only_with_valid_cert"]: try: val = conf.getattr(key, "idp") if val is None: setattr(idpsso, key, DEFAULT[key]) else: setattr(idpsso, key, ("%s" % val).lower()) except KeyError: setattr(idpsso, key, DEFAULTS[key]) return idpsso
def entity_descriptor(confd): mycert = None enc_cert = None if confd.cert_file is not None: mycert = [] mycert.append("".join(open(confd.cert_file).readlines()[1:-1])) if confd.additional_cert_files is not None: for _cert_file in confd.additional_cert_files: mycert.append("".join(open(_cert_file).readlines()[1:-1])) if confd.encryption_keypairs is not None: enc_cert = [] for _encryption in confd.encryption_keypairs: enc_cert.append("".join( open(_encryption["cert_file"]).readlines()[1:-1])) entd = md.EntityDescriptor() entd.entity_id = confd.entityid if confd.valid_for: entd.valid_until = in_a_while(hours=int(confd.valid_for)) if confd.organization is not None: entd.organization = do_organization_info(confd.organization) if confd.contact_person is not None: entd.contact_person = do_contact_person_info(confd.contact_person) if confd.entity_category: entd.extensions = md.Extensions() ava = [AttributeValue(text=c) for c in confd.entity_category] attr = Attribute(attribute_value=ava, name="http://macedir.org/entity-category") item = mdattr.EntityAttributes(attribute=attr) entd.extensions.add_extension_element(item) serves = confd.serves if not serves: raise SAMLError( 'No service type ("sp","idp","aa") provided in the configuration') if "sp" in serves: confd.context = "sp" entd.spsso_descriptor = do_spsso_descriptor(confd, mycert, enc_cert) if "idp" in serves: confd.context = "idp" entd.idpsso_descriptor = do_idpsso_descriptor(confd, mycert, enc_cert) if "aa" in serves: confd.context = "aa" entd.attribute_authority_descriptor = do_aa_descriptor( confd, mycert, enc_cert) if "pdp" in serves: confd.context = "pdp" entd.pdp_descriptor = do_pdp_descriptor(confd, mycert, enc_cert) if "aq" in serves: confd.context = "aq" entd.authn_authority_descriptor = do_aq_descriptor( confd, mycert, enc_cert) return entd
def do_idp_sso_descriptor(conf, cert=None): idpsso = md.IDPSSODescriptor() idpsso.protocol_support_enumeration = samlp.NAMESPACE if conf.endpoints: for (endpoint, instlist) in do_endpoints(conf.endpoints, ENDPOINTS["idp"]).items(): setattr(idpsso, endpoint, instlist) if conf.scope: if idpsso.extensions is None: idpsso.extensions = md.Extensions() for scope in conf.scope: mdscope = shibmd.Scope() mdscope.text = scope # unless scope contains '*'/'+'/'?' assume non regexp ? mdscope.regexp = "false" idpsso.extensions.add_extension_element(mdscope) if conf.ui_info: if idpsso.extensions is None: idpsso.extensions = md.Extensions() idpsso.extensions.add_extension_element(do_uiinfo(conf)) if cert: idpsso.key_descriptor = do_key_descriptor(cert) for key in ["want_authn_requests_signed"]: try: val = getattr(conf, key) if val is None: setattr(idpsso, key, DEFAULT["want_authn_requests_signed"]) else: setattr(idpsso, key, "%s" % val) except KeyError: setattr(idpsso, key, DEFAULTS[key]) return idpsso
def entity_desc(loc, key_descriptor=None, eid=None, id=None, scope=None): sso = SingleSignOnService(binding=BINDING_HTTP_REDIRECT, location=loc) idp = IDPSSODescriptor(single_sign_on_service=sso, key_descriptor=key_descriptor, want_authn_requests_signed="false", protocol_support_enumeration=samlp.NAMESPACE) ei = EntityDescriptor(idpsso_descriptor=idp, entity_id=eid, id=id) if scope: ei.extensions = md.Extensions() ei.extensions.extension_elements.append(scope) return ei
def metadata(request, config_loader_path=None, valid_for=None): """Returns an XML with the SAML 2.0 metadata for this SP as configured in the settings.py file. """ conf = get_config(config_loader_path, request) metadata = entity_descriptor(conf) if conf.extensions: if metadata.extensions is None: metadata.extensions = md.Extensions() for key, val in conf.extensions.items(): _ext = do_extensions(key, val) if _ext: for _e in _ext: metadata.extensions.add_extension_element(_e) return HttpResponse( content=text_type(metadata).encode('utf-8'), content_type="text/xml; charset=utf8", )
def do_spsso_descriptor(conf, cert=None): spsso = md.SPSSODescriptor() spsso.protocol_support_enumeration = samlp.NAMESPACE endps = conf.getattr("endpoints", "sp") if endps: for (endpoint, instlist) in do_endpoints(endps, ENDPOINTS["sp"]).items(): setattr(spsso, endpoint, instlist) ext = do_endpoints(endps, ENDPOINT_EXT["sp"]) if ext: if spsso.extensions is None: spsso.extensions = md.Extensions() for vals in ext.values(): for val in vals: spsso.extensions.add_extension_element(val) if cert: spsso.key_descriptor = do_key_descriptor(cert, "both") for key in ["want_assertions_signed", "authn_requests_signed"]: try: val = conf.getattr(key, "sp") if val is None: setattr(spsso, key, DEFAULT[key]) # default ?! else: strval = "{0:>s}".format(val) setattr(spsso, key, strval.lower()) except KeyError: setattr(spsso, key, DEFAULTS[key]) requested_attributes = [] acs = conf.attribute_converters req = conf.getattr("required_attributes", "sp") if req: requested_attributes.extend( do_requested_attribute(req, acs, is_required="true")) _do_nameid_format(spsso, conf, "sp") opt = conf.getattr("optional_attributes", "sp") if opt: requested_attributes.extend(do_requested_attribute(opt, acs)) if requested_attributes: # endpoints that might publish requested attributes if spsso.attribute_consuming_service: for acs in spsso.attribute_consuming_service: if not acs.requested_attribute: acs.requested_attribute = requested_attributes # spsso.attribute_consuming_service = [md.AttributeConsumingService( # requested_attribute=requested_attributes, # service_name= [md.ServiceName(lang="en",text=conf.name)], # index="1", # )] # try: # if conf.description: # try: # (text, lang) = conf.description # except ValueError: # text = conf.description # lang = "en" # spsso.attribute_consuming_service[0].service_description = [ # md.ServiceDescription(text=text, # lang=lang)] # except KeyError: # pass return spsso
def entity_descriptor(confd): mycert = None enc_cert = None if confd.cert_file is not None: mycert = [] mycert.append("".join(read_cert(confd.cert_file))) if confd.additional_cert_files is not None: for _cert_file in confd.additional_cert_files: mycert.append("".join(read_cert(_cert_file))) if confd.encryption_keypairs is not None: enc_cert = [] for _encryption in confd.encryption_keypairs: enc_cert.append("".join(read_cert(_encryption["cert_file"]))) entd = md.EntityDescriptor() entd.entity_id = confd.entityid if confd.valid_for: entd.valid_until = in_a_while(hours=int(confd.valid_for)) if confd.organization is not None: entd.organization = do_organization_info(confd.organization) if confd.contact_person is not None: entd.contact_person = do_contact_persons_info(confd.contact_person) if confd.assurance_certification: if not entd.extensions: entd.extensions = md.Extensions() ava = [AttributeValue(text=c) for c in confd.assurance_certification] attr = Attribute( attribute_value=ava, name="urn:oasis:names:tc:SAML:attribute:assurance-certification", ) _add_attr_to_entity_attributes(entd.extensions, attr) if confd.entity_category: if not entd.extensions: entd.extensions = md.Extensions() ava = [AttributeValue(text=c) for c in confd.entity_category] attr = Attribute( attribute_value=ava, name="http://macedir.org/entity-category" ) _add_attr_to_entity_attributes(entd.extensions, attr) if confd.entity_category_support: if not entd.extensions: entd.extensions = md.Extensions() ava = [AttributeValue(text=c) for c in confd.entity_category_support] attr = Attribute( attribute_value=ava, name="http://macedir.org/entity-category-support" ) _add_attr_to_entity_attributes(entd.extensions, attr) for item in algorithm_support_in_metadata(confd.xmlsec_binary): if not entd.extensions: entd.extensions = md.Extensions() entd.extensions.add_extension_element(item) conf_sp_type = confd.getattr('sp_type', 'sp') conf_sp_type_in_md = confd.getattr('sp_type_in_metadata', 'sp') if conf_sp_type and conf_sp_type_in_md is True: if not entd.extensions: entd.extensions = md.Extensions() item = sp_type.SPType(text=conf_sp_type) entd.extensions.add_extension_element(item) serves = confd.serves if not serves: raise SAMLError( 'No service type ("sp","idp","aa") provided in the configuration') if "sp" in serves: confd.context = "sp" entd.spsso_descriptor = do_spsso_descriptor(confd, mycert, enc_cert) if "idp" in serves: confd.context = "idp" entd.idpsso_descriptor = do_idpsso_descriptor(confd, mycert, enc_cert) if "aa" in serves: confd.context = "aa" entd.attribute_authority_descriptor = do_aa_descriptor(confd, mycert, enc_cert) if "pdp" in serves: confd.context = "pdp" entd.pdp_descriptor = do_pdp_descriptor(confd, mycert, enc_cert) if "aq" in serves: confd.context = "aq" entd.authn_authority_descriptor = do_aq_descriptor(confd, mycert, enc_cert) return entd
def do_spsso_descriptor(conf, cert=None): spsso = md.SPSSODescriptor() spsso.protocol_support_enumeration = samlp.NAMESPACE endps = conf.getattr("endpoints", "sp") if endps: for (endpoint, instlist) in do_endpoints(endps, ENDPOINTS["sp"]).items(): setattr(spsso, endpoint, instlist) if cert: spsso.key_descriptor = do_key_descriptor(cert) for key in ["want_assertions_signed", "authn_requests_signed"]: try: val = conf.getattr(key, "sp") if val is None: setattr(spsso, key, DEFAULT[key]) #default ?! else: strval = "{0:>s}".format(val) setattr(spsso, key, strval.lower()) except KeyError: setattr(spsso, key, DEFAULTS[key]) requested_attributes = [] acs = conf.attribute_converters req = conf.getattr("required_attributes", "sp") if req: requested_attributes.extend(do_requested_attribute(req, acs, is_required="true")) opt=conf.getattr("optional_attributes", "sp") if opt: requested_attributes.extend(do_requested_attribute(opt, acs)) if requested_attributes: spsso.attribute_consuming_service = [md.AttributeConsumingService( requested_attribute=requested_attributes, service_name= [md.ServiceName(lang="en",text=conf.name)], index="1", )] try: if conf.description: try: (text, lang) = conf.description except ValueError: text = conf.description lang = "en" spsso.attribute_consuming_service[0].service_description = [ md.ServiceDescription(text=text, lang=lang)] except KeyError: pass dresp = conf.getattr("discovery_response", "sp") if dresp: if spsso.extensions is None: spsso.extensions = md.Extensions() spsso.extensions.add_extension_element(do_idpdisc(dresp)) return spsso