Exemple #1
0
    def test(self):
        ac = AuthnBroker()
        issuer = "https://example.com/op"
        CAS_SERVER = ""
        SERVICE_URL = ""

        LDAP = {
            "uri": "ldaps://ldap.umu.se",
            "base": "dc=umu, dc=se",
            "filter_pattern": "(uid=%s)",
            "user": "",
            "passwd": "",
            "attr": ["eduPersonScopedAffiliation", "eduPersonAffiliation"],
        }

        LDAP_EXTRAVALIDATION = {
            "verify_attr": "eduPersonAffiliation",
            "verify_attr_valid": ["employee", "staff", "student"],
        }
        LDAP_EXTRAVALIDATION.update(LDAP)

        ac.add(
            PASSWORD,
            UsernamePasswordMako(None, "login.mako", LOOKUP, PASSWD,
                                 "%s/authorization" % issuer),
            10,
            "http://%s" % socket.gethostname(),
        )

        try:
            ac.add(
                PASSWORD,
                CasAuthnMethod(
                    None,
                    CAS_SERVER,
                    SERVICE_URL,
                    "%s/authorization" % issuer,
                    UserLDAPMemberValidation(**LDAP_EXTRAVALIDATION),
                ),
                20,
                "http://%s" % socket.gethostname(),
            )
        except Exception:
            assert len(ac) == 1
        else:
            assert len(ac) == 2

            res = ac.pick(PASSWORD)

            assert res
            # list of two 2-tuples
            assert len(res) == 2
            assert res[0][0].__class__.__name__ == "CasAuthnMethod"
            assert res[1][0].__class__.__name__ == "UsernamePasswordMako"
Exemple #2
0
def ldap_validation(config):
    from oic.utils.authn.ldap_member import UserLDAPMemberValidation

    config["args"].update(config["conf"])
    return UserLDAPMemberValidation(**config["args"])
Exemple #3
0
    config = importlib.import_module(args.config)
    config.issuer = config.issuer % args.port
    config.SERVICE_URL = config.SERVICE_URL % args.port

    ac = AuthnBroker()

    for authkey, value in config.AUTHORIZATION.items():
        authn = None
        if "CAS" == authkey:
            from oic.utils.authn.user_cas import CasAuthnMethod
            from oic.utils.authn.ldap_member import UserLDAPMemberValidation
            config.LDAP_EXTRAVALIDATION.update(config.LDAP)
            authn = CasAuthnMethod(
                None, config.CAS_SERVER, config.SERVICE_URL,
                "%s/authorization" % config.issuer,
                UserLDAPMemberValidation(**config.LDAP_EXTRAVALIDATION))
        if "UserPassword" == authkey:
            from oic.utils.authn.user import UsernamePasswordMako
            authn = UsernamePasswordMako(None, "login.mako", LOOKUP, PASSWD,
                                         "%s/authorization" % config.issuer)
        if authn is not None:
            ac.add(config.AUTHORIZATION[authkey]["ACR"], authn,
                   config.AUTHORIZATION[authkey]["WEIGHT"],
                   config.AUTHORIZATION[authkey]["URL"])

    # dealing with authorization
    authz = AuthzHandling()
    # authz = UserInfoConsent()
    # User info database
    if args.insecure:
        kwargs = {"verify_ssl": False}