def _init_pysaml2(self): """ Initialization of PySAML2. Part of __init__(). :return: """ old_path = sys.path cfgfile = self.config.pysaml2_config cfgdir = os.path.dirname(cfgfile) if cfgdir: # add directory part to sys.path, since pysaml2 'import's it's config sys.path = [cfgdir] + sys.path cfgfile = os.path.basename(self.config.pysaml2_config) _session_ttl = self.config.sso_session_lifetime * 60 if self.config.sso_session_mongo_uri: _SSOSessions = eduid_idp.cache.SSOSessionCacheMDB(self.config.sso_session_mongo_uri, self.logger, _session_ttl) else: _SSOSessions = eduid_idp.cache.SSOSessionCacheMem(self.logger, _session_ttl, threading.Lock()) _path = sys.path[0] self.logger.debug("Loading PySAML2 server using cfgfile {!r} and path {!r}".format(cfgfile, _path)) try: self.IDP = server.Server(cfgfile, cache = _SSOSessions) finally: # restore path sys.path = old_path _my_id = self.IDP.config.entityid self.AUTHN_BROKER = eduid_idp.assurance.init_AuthnBroker(_my_id) _login_state_ttl = (self.config.login_state_ttl + 1) * 60 self.IDP.ticket = SSOLoginDataCache(self.IDP, 'TicketCache', self.logger, _login_state_ttl, self.config, threading.Lock())
def get_auth_token(): samlServer = server.Server("idp_conf") nid = NameID(format=NAMEID_FORMAT_UNSPECIFIED, text="ganderson") authn_dict = { "decl": "authn_decl", "class_ref": UNSPECIFIED, "authn_instant": time.time(), } samlResp = samlServer.create_authn_response( identity={}, in_response_to="", userid="ganderson", destination= "https://uat.envestnet.com/openenv/api/auth/login?firm=edelman", sp_entity_id=None, sign_assertion=True, name_id=nid, authn=authn_dict, ) url = "https://uat.envestnet.com/openenv/api/auth/login?firm=edelman" headers = DEFAULT_HEADERS.copy() headers["Content-Type"] = "application/xml; charset=utf-8" resp = webServiceCall(url, headers, data=samlResp) return resp.headers["Token"]
def __init__(self): self.logger = logging.getLogger(__name__) self.AUTHN_BROKER = eduid_idp.assurance.init_AuthnBroker( 'unittest-idp.example.edu') datadir = pkg_resources.resource_filename(__name__, 'tests/data') config_file = os.path.join(datadir, 'test_SSO_conf.py') self.IDP = server.Server(config_file=config_file) self.config = {} self.IDP.metadata = FakeMetadata()
parser.add_argument('-s', dest='sign', action='store_true', help="sign the metadata") parser.add_argument('-m', dest='mako_root', default="./") parser.add_argument(dest="config") args = parser.parse_args() CONFIG = importlib.import_module(args.config) AUTHN_BROKER = AuthnBroker() AUTHN_BROKER.add(authn_context_class_ref(PASSWORD), username_password_authn, 10, CONFIG.BASE) AUTHN_BROKER.add(authn_context_class_ref(UNSPECIFIED), "", 0, CONFIG.BASE) IDP = server.Server(args.config, cache=Cache()) IDP.ticket = {} _rot = args.mako_root LOOKUP = TemplateLookup(directories=[_rot + 'templates', _rot + 'htdocs'], module_directory=_rot + 'modules', input_encoding='utf-8', output_encoding='utf-8') HOST = CONFIG.HOST PORT = CONFIG.PORT sign_alg = None digest_alg = None try: sign_alg = CONFIG.SIGN_ALG
if match is not None: try: environ['myapp.url_args'] = match.groups()[0] except IndexError: environ['myapp.url_args'] = path if logger: logger.info("callback: %s" % (callback,)) return callback(environ, start_response, user, logger) else: if logger: logger.info("-- No USER --") return not_authn(environ, start_response, logger) return not_found(environ, start_response, logger) # ---------------------------------------------------------------------------- from repoze.who.config import make_middleware_with_config APP_WITH_AUTH = make_middleware_with_config(application, {"here":"."}, './who.ini', log_file="repoze_who.log") # ---------------------------------------------------------------------------- if __name__ == '__main__': import sys from wsgiref.simple_server import make_server PORT = 8088 IDP = server.Server(sys.argv[1]) SRV = make_server('localhost', PORT, APP_WITH_AUTH) print "IdP listening on port: %s" % PORT SRV.serve_forever()
def __init__(self, onts, attrc, data=None, cert=None, **kwargs): super(MetaDataStream, self).__init__(onts, attrc, **kwargs) if not data: raise SAMLError('No metadata specified.') self.data = data self.cert = cert def get_metadata_content(self): return self.data def load(self): _txt = self.get_metadata_content() return self.parse_and_check_signature(_txt) IDP = server.Server("./idp_conf.py", cache=Cache()) IDP.ticket = {} from app.models import CbServer def load_metadata(id, md): mw = MetaDataStream(IDP.metadata.onts, IDP.metadata.attrc, data=md) mw.load() IDP.metadata.metadata[id] = mw def load_all_metadata(): for server in CbServer.query.all(): load_metadata(server.id, server.saml_sp_config)
def setup_server_env(proxy_conf, conf_mod, key): global server_env global logger #noinspection PyUnboundLocalVariable server_env = dict([(k, v) for k, v in proxy_conf.__dict__.items() if not k.startswith("__")]) server_env["sessions"] = {} server_env["eptid"] = eptid.Eptid(proxy_conf.EPTID_DB, proxy_conf.SECRET) _idp = server.Server(conf_mod) args = {"metad": _idp.metadata, "dkeys": {"rsa": [key]}} server_env["consumer_info"] = utils.ConsumerInfo(proxy_conf.CONSUMER_INFO, **args) server_env["service"] = proxy_conf.SERVICE # add the service endpoints part = urlparse.urlparse(_idp.config.entityid) base = "%s://%s/" % (part.scheme, part.netloc) server_env["SCHEME"] = part.scheme try: (host, port) = part.netloc.split(":") port = int(port) except ValueError: # no port specification host = part.netloc if part.scheme == "http": port = 80 elif part.scheme == "https": port = 443 else: raise ValueError("Unsupported scheme") server_env["HOST"] = host server_env["PORT"] = port endpoints = {"single_sign_on_service": [], "single_logout_service": []} for _dict in proxy_conf.SERVICE.values(): _sso = _dict["saml_endpoint"] endpoints["single_sign_on_service"].append("%s%s" % (base, _sso)) endpoints["single_logout_service"].append( ("%s%s/logout" % (base, _sso), BINDING_HTTP_REDIRECT)) _idp.config.setattr("idp", "endpoints", endpoints) server_env["idp"] = _idp server_env["template_lookup"] = LOOKUP server_env["sid_generator"] = session_nr() server_env["base_url"] = base server_env["STATIC_DIR"] = proxy_conf.STATIC_DIR server_env["SIGN"] = proxy_conf.SIGN #print SERVER_ENV if proxy_conf.CACHE == "memory": server_env["CACHE"] = cache.Cache(server_env["SERVER_NAME"], server_env["SECRET"]) elif proxy_conf.CACHE.startswith("file:"): server_env["CACHE"] = cache.Cache(server_env["SERVER_NAME"], server_env["SECRET"], filename=proxy_conf.CACHE[5:]) logger = setup_logger(_idp.config) if proxy_conf.DEBUG: logger.setLevel(logging.DEBUG) logger.debug("SERVER_ENV: %s" % server_env) return _idp
ROOT = './' LOOKUP = TemplateLookup(directories=[ROOT + 'templates', ROOT + 'htdocs'], module_directory=ROOT + 'modules', input_encoding='utf-8', output_encoding='utf-8') # ---------------------------------------------------------------------------- if __name__ == '__main__': import sys import socket from idp_user import USERS from idp_user import EXTRA from wsgiref.simple_server import make_server PORT = 8088 AUTHN_BROKER = AuthnBroker() AUTHN_BROKER.add(authn_context_class_ref(PASSWORD), username_password_authn, 10, "http://%s" % socket.gethostname()) AUTHN_BROKER.add(authn_context_class_ref(UNSPECIFIED), "", 0, "http://%s" % socket.gethostname()) IDP = server.Server(sys.argv[1], cache=Cache()) IDP.ticket = {} SRV = make_server('', PORT, application) print "IdP listening on port: %s" % PORT SRV.serve_forever()
def setup_saml2_server(self, config, idpconfig, symkey): idp = server.Server(config, cache=Cache(idpconfig.CACHE_1, idpconfig.CACHE_2), symkey=symkey) idp.ticket = {} return idp