def __init__(self, config_file, entityid=None, debug=False): self.urls = [] self.cache = {} self.debug = debug sp_conf = config_factory("sp", config_file) idp_conf = config_factory("idp", config_file) self.config = { "SP": sp_conf, "IDP": idp_conf } sys.path.insert(0, os.path.dirname(config_file)) conf = importlib.import_module(os.path.basename(config_file)) self.attribute_module = conf.ATTRIBUTE_MODULE # If entityID is set it means this is a proxy in front of one IdP. if entityid: self.entity_id = entityid self.sp_args = {} else: self.entity_id = None self.sp_args = {"discosrv": conf.DISCO_SRV} sp = SamlSP(None, None, self.config["SP"], self.cache, **self.sp_args) self.urls.extend(sp.register_endpoints()) idp = SamlIDP(None, None, self.config["IDP"], self.cache, None) self.urls.extend(idp.register_endpoints())
def __init__(self, config_file, entityid=None, debug=False): self.urls = [] self.cache = {} self.debug = debug sp_conf = config_factory("sp", config_file) idp_conf = config_factory("idp", config_file) self.config = {"SP": sp_conf, "IDP": idp_conf} sys.path.insert(0, os.path.dirname(config_file)) conf = importlib.import_module(os.path.basename(config_file)) self.attribute_module = conf.ATTRIBUTE_MODULE # If entityID is set it means this is a proxy in front of one IdP. if entityid: self.entity_id = entityid self.sp_args = {} else: self.entity_id = None self.sp_args = {"discosrv": conf.DISCO_SRV} sp = SamlSP(None, None, self.config["SP"], self.cache, **self.sp_args) self.urls.extend(sp.register_endpoints()) idp = SamlIDP(None, None, self.config["IDP"], self.cache, None) self.urls.extend(idp.register_endpoints())
def load_config(self, config_file, stype="idp"): """ Load the server configuration :param config_file: The name of the configuration file :param stype: The type of Server ("idp"/"aa") """ self.conf = config_factory(stype, config_file) if stype == "aa": return try: # subject information is stored in a database # default database is a shelve database which is OK in some setups dbspec = self.conf.getattr("subject_data", "idp") idb = None if isinstance(dbspec, basestring): idb = shelve.open(dbspec, writeback=True) else: # database spec is a a 2-tuple (type, address) print >> sys.stderr, "DBSPEC: %s" % dbspec (typ, addr) = dbspec if typ == "shelve": idb = shelve.open(addr, writeback=True) elif typ == "memcached": idb = memcache.Client(addr) elif typ == "dict": # in-memory dictionary idb = addr if idb is not None: self.ident = Identifier(idb, self.conf.virtual_organization) else: raise Exception("Couldn't open identity database: %s" % (dbspec,)) except AttributeError: self.ident = None
def setup_class(self): server = Server("idp_conf") name_id = server.ident.transient_nameid( "urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.do_response( "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id {"eduPersonEntitlement": "Jeter"}, name_id=name_id) self._sign_resp_ = server.do_response( "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id {"eduPersonEntitlement": "Jeter"}, name_id=name_id, sign=True) self._resp_authn = server.do_response( "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id {"eduPersonEntitlement": "Jeter"}, name_id=name_id, authn=(saml.AUTHN_PASSWORD, "http://www.example.com/login")) self.conf = config_factory("sp", "server_conf") self.ar = authn_response(self.conf, "http://lingon.catalogix.se:8087/")
def setup_class(self): server = Server("idp_conf") name_id = server.ident.transient_nameid( "urn:mace:example.com:saml:roland:sp","id12") self._resp_ = server.do_response( "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id {"eduPersonEntitlement":"Jeter"}, name_id = name_id ) self._sign_resp_ = server.do_response( "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id {"eduPersonEntitlement":"Jeter"}, name_id = name_id, sign=True ) self._resp_authn = server.do_response( "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id {"eduPersonEntitlement":"Jeter"}, name_id = name_id, authn=(saml.AUTHN_PASSWORD, "http://www.example.com/login") ) self.conf = config_factory("sp", "server_conf") self.ar = authn_response(self.conf, "http://lingon.catalogix.se:8087/")
def __init__(self, entity_type, config=None, config_file="", virtual_organization=""): self.entity_type = entity_type self.users = None if config: self.config = config elif config_file: self.config = config_factory(entity_type, config_file) else: raise SAMLError("Missing configuration") for item in ["cert_file", "key_file", "ca_certs"]: _val = getattr(self.config, item, None) if not _val: continue if _val.startswith("http"): r = requests.request("GET", _val) if r.status_code == 200: _, filename = make_temp(r.text, ".pem", False) setattr(self.config, item, filename) else: raise Exception( "Could not fetch certificate from %s" % _val) try: self.signkey = RSA.importKey( open(self.config.getattr("key_file", ""), 'r').read(), passphrase=self.config.key_file_passphrase) except (KeyError, TypeError): self.signkey = None HTTPBase.__init__(self, self.config.verify_ssl_cert, self.config.ca_certs, self.config.key_file, self.config.cert_file) if self.config.vorg: for vo in self.config.vorg.values(): vo.sp = self self.metadata = self.config.metadata self.config.setup_logger() self.debug = self.config.debug self.sec = security_context(self.config) if virtual_organization: if isinstance(virtual_organization, basestring): self.vorg = self.config.vorg[virtual_organization] elif isinstance(virtual_organization, VirtualOrg): self.vorg = virtual_organization else: self.vorg = None self.artifact = {} if self.metadata: self.sourceid = self.metadata.construct_source_id() else: self.sourceid = {}
def setup_class(self): server = Server("idp_conf") name_id = server.ident.transient_nameid( "urn:mace:example.com:saml:roland:sp","id12") policy = server.conf.getattr("policy", "idp") self._resp_ = server.create_response( "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id IDENTITY, name_id = name_id, policy=policy) self._sign_resp_ = server.create_response( "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id IDENTITY, name_id = name_id, sign_assertion=True, policy=policy) self._resp_authn = server.create_response( "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id IDENTITY, name_id = name_id, authn=(saml.AUTHN_PASSWORD, "http://www.example.com/login"), policy=policy) self.conf = config_factory("sp", "server_conf") self.conf.only_use_keys_in_metadata = False self.ar = authn_response(self.conf, "http://lingon.catalogix.se:8087/")
def make_plugin(rememberer_name=None, # plugin for remember cache= "", # cache # Which virtual organization to support virtual_organization="", saml_conf="", wayf="", sid_store="", identity_cache="", discovery="", ): if saml_conf is "": raise ValueError( 'must include saml_conf in configuration') if rememberer_name is None: raise ValueError( 'must include rememberer_name in configuration') if identity_cache == "memcached": identity_cache = mcache.Cache(['127.0.0.1:11211'], debug=0) conf = config_factory("sp", saml_conf) scl = Saml2Client(config=conf, identity_cache=identity_cache, virtual_organization=virtual_organization) plugin = SAML2Plugin(rememberer_name, conf, scl, wayf, cache, sid_store, discovery) return plugin
def setup_class(self): with closing(Server(dotname("idp_conf"))) as server: name_id = server.ident.transient_nameid( "urn:mace:example.com:saml:roland:sp","id12") self._resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, authn=AUTHN) self._sign_resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, authn=AUTHN) self._resp_authn = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, authn=AUTHN) self.conf = config_factory("sp", dotname("server_conf")) self.conf.only_use_keys_in_metadata = False self.ar = authn_response(self.conf, "http://lingon.catalogix.se:8087/")
def setup_class(self): with closing(Server(dotname("idp_conf"))) as server: name_id = server.ident.transient_nameid( "urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, authn=AUTHN) self._sign_resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, sign_assertion=True, authn=AUTHN) self._resp_authn = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, authn=AUTHN) self.conf = config_factory("sp", dotname("server_conf")) self.conf.only_use_keys_in_metadata = False self.ar = authn_response(self.conf, "http://lingon.catalogix.se:8087/")
def make_plugin(remember_name=None, # plugin for remember cache="", # cache # Which virtual organization to support virtual_organization="", saml_conf="", wayf="", sid_store="", identity_cache="", discovery="", idp_query_param="" ): if saml_conf is "": raise ValueError( 'must include saml_conf in configuration') if remember_name is None: raise ValueError('must include remember_name in configuration') conf = config_factory("sp", saml_conf) scl = Saml2Client(config=conf, identity_cache=identity_cache, virtual_organization=virtual_organization) plugin = SAML2Plugin(remember_name, conf, scl, wayf, cache, sid_store, discovery, idp_query_param) return plugin
def __init__(self, config=None, identity_cache=None, state_cache=None, virtual_organization=None, config_file="", logger=None): """ :param config: A saml2.config.Config instance :param identity_cache: Where the class should store identity information :param state_cache: Where the class should keep state information :param virtual_organization: Which if any virtual organization this SP belongs to """ self.users = Population(identity_cache) # for server state storage if state_cache is None: self.state = {} # in memory storage else: self.state = state_cache if config: self.config = config elif config_file: self.config = config_factory("sp", config_file) else: raise Exception("Missing configuration") self.metadata = self.config.metadata if logger is None: self.logger = self.config.setup_logger() else: self.logger = logger # we copy the config.debug variable in an internal # field for convenience and because we may need to # change it during the tests self.debug = self.config.debug self.sec = security_context(self.config, log=self.logger, debug=self.debug) if virtual_organization: self.vorg = VirtualOrg(self, virtual_organization) else: self.vorg = None if "allow_unsolicited" in self.config: self.allow_unsolicited = self.config.allow_unsolicited else: self.allow_unsolicited = False if getattr(self.config, 'authn_requests_signed', 'false') == 'true': self.authn_requests_signed_default = True else: self.authn_requests_signed_default = False if getattr(self.config, 'logout_requests_signed', 'false') == 'true': self.logout_requests_signed_default = True else: self.logout_requests_signed_default = False
def __init__(self, entity_type, config=None, config_file="", virtual_organization=""): self.entity_type = entity_type self.users = None if config: self.config = config elif config_file: self.config = config_factory(entity_type, config_file) else: raise SAMLError("Missing configuration") for item in ["cert_file", "key_file", "ca_certs"]: _val = getattr(self.config, item, None) if not _val: continue if _val.startswith("http"): r = requests.request("GET", _val) if r.status_code == 200: _, filename = make_temp(r.text, ".pem", False) setattr(self.config, item, filename) else: raise Exception( "Could not fetch certificate from %s" % _val) try: self.signkey = RSA.importKey( open(self.config.getattr("key_file", ""), 'r').read()) except (KeyError, TypeError): self.signkey = None HTTPBase.__init__(self, self.config.verify_ssl_cert, self.config.ca_certs, self.config.key_file, self.config.cert_file) if self.config.vorg: for vo in self.config.vorg.values(): vo.sp = self self.metadata = self.config.metadata self.config.setup_logger() self.debug = self.config.debug self.sec = security_context(self.config) if virtual_organization: if isinstance(virtual_organization, six.string_types): self.vorg = self.config.vorg[virtual_organization] elif isinstance(virtual_organization, VirtualOrg): self.vorg = virtual_organization else: self.vorg = None self.artifact = {} if self.metadata: self.sourceid = self.metadata.construct_source_id() else: self.sourceid = {}
def __init__(self, config=None, identity_cache=None, state_cache=None, virtual_organization=None, config_file=""): """ :param config: A saml2.config.Config instance :param identity_cache: Where the class should store identity information :param state_cache: Where the class should keep state information :param virtual_organization: Which if any virtual organization this SP belongs to """ self.users = Population(identity_cache) # for server state storage if state_cache is None: self.state = {} # in memory storage else: self.state = state_cache if config: self.config = config elif config_file: self.config = config_factory("sp", config_file) else: raise Exception("Missing configuration") self.metadata = self.config.metadata self.config.setup_logger() # we copy the config.debug variable in an internal # field for convenience and because we may need to # change it during the tests self.debug = self.config.debug self.sec = security_context(self.config) if virtual_organization: self.vorg = VirtualOrg(self, virtual_organization) else: self.vorg = None if "allow_unsolicited" in self.config: self.allow_unsolicited = self.config.allow_unsolicited else: self.allow_unsolicited = False if getattr(self.config, 'authn_requests_signed', 'false') == 'true': self.authn_requests_signed_default = True else: self.authn_requests_signed_default = False if getattr(self.config, 'logout_requests_signed', 'false') == 'true': self.logout_requests_signed_default = True else: self.logout_requests_signed_default = False
def __init__(self, config=None, identity_cache=None, state_cache=None, virtual_organization="",config_file=""): """ :param config: A saml2.config.Config instance :param identity_cache: Where the class should store identity information :param state_cache: Where the class should keep state information :param virtual_organization: A specific virtual organization """ self.users = Population(identity_cache) # for server state storage if state_cache is None: self.state = {} # in memory storage else: self.state = state_cache if config: self.config = config elif config_file: self.config = config_factory("sp", config_file) else: raise Exception("Missing configuration") if self.config.vorg: for vo in self.config.vorg.values(): vo.sp = self self.metadata = self.config.metadata self.config.setup_logger() # we copy the config.debug variable in an internal # field for convenience and because we may need to # change it during the tests self.debug = self.config.debug self.sec = security_context(self.config) if virtual_organization: if isinstance(virtual_organization, basestring): self.vorg = self.config.vorg[virtual_organization] elif isinstance(virtual_organization, VirtualOrg): self.vorg = virtual_organization else: self.vorg = {} for foo in ["allow_unsolicited", "authn_requests_signed", "logout_requests_signed"]: if self.config.getattr("sp", foo) == 'true': setattr(self, foo, True) else: setattr(self, foo, False) # extra randomness self.seed = rndstr(32) self.logout_requests_signed_default = True self.allow_unsolicited = self.config.getattr("allow_unsolicited", "sp")
def __init__(self, config_module, config=None): """ :type config_module: str :type config: {dict} :param config_module: Path to a file containing the SP SAML configuration. :param config: SP SAML configuration. """ if config is None: config = config_factory('sp', config_module) Saml2Client.__init__(self, config)
def test(): # The needed key is the private key, not for encryption but for decryption _key = import_rsa_key_from_file("mykey.pem") idp_conf = config_factory("idp", "idp_conf") generate_metadata = MetadataGeneration(idp_proxy_conf.SERVICE, _key, idp_conf, idp_conf.xmlsec_path) sps = idp_conf.metadata.service_providers() qs = { "entityId": sps[0], "secret": { "Google": { "key": "lingon", "secret": "aaaaa" }, "Facebook": { "key": "hallon", "secret": "bbbbb" }, "Twitter": { "key": "jordgubb", "secret": "ccccc" } } } res = generate_metadata.handle_metadata_save( { 'wsgi.url_scheme': "https", 'HTTP_HOST': "example.com" }, None, qs) s = res[0].index("<mdattr:EntityAttributes") e = res[0].index("</mdattr:EntityAttributes>") snippet = res[0][s:e + len("</mdattr:EntityAttributes>")] entity_attributes = mdattr.entity_attributes_from_string(snippet) entdescr = idp_conf.metadata.metadata["./sp/sp.xml"].entity_descr ext = element_to_extension_element(entity_attributes) entdescr.spsso_descriptor[0].extensions.extension_elements.append(ext) print entity_attributes qs = {secret.CONST_BODY: json.dumps({"xml": "%s" % entdescr})} generate_metadata.handle_metadata_verify_json( { 'wsgi.url_scheme': "https", 'HTTP_HOST': "example.com" }, None, qs)
def _get_test_response(self, path): conf = config_factory("idp", dotname("server_conf")) resp = authn_response( conf, "https://sp:443/.auth/saml/login", asynchop=False, allow_unsolicited=True, ) with open(path, "r") as fp: authn_response_xml = fp.read() resp.loads(authn_response_xml, False) return resp
def test(): # The needed key is the private key, not for encryption but for decryption _key = import_rsa_key_from_file("mykey.pem") idp_conf = config_factory("idp", "idp_conf") generate_metadata = MetadataGeneration( idp_proxy_conf.SERVICE, _key, idp_conf, idp_conf.xmlsec_path) sps = idp_conf.metadata.service_providers() qs = { "entityId": sps[0], "secret": { "Google": { "key": "lingon", "secret": "aaaaa"}, "Facebook": { "key": "hallon", "secret": "bbbbb"}, "Twitter": { "key": "jordgubb", "secret": "ccccc"} } } res = generate_metadata.handle_metadata_save({'wsgi.url_scheme': "https", 'HTTP_HOST': "example.com"}, None, qs) s = res[0].index("<mdattr:EntityAttributes") e = res[0].index("</mdattr:EntityAttributes>") snippet = res[0][s:e+len("</mdattr:EntityAttributes>")] entity_attributes = mdattr.entity_attributes_from_string(snippet) entdescr = idp_conf.metadata.metadata["./sp/sp.xml"].entity_descr ext = element_to_extension_element(entity_attributes) entdescr.spsso_descriptor[0].extensions.extension_elements.append(ext) print entity_attributes qs = {secret.CONST_BODY: json.dumps({"xml": "%s" % entdescr})} generate_metadata.handle_metadata_verify_json({'wsgi.url_scheme':"https", 'HTTP_HOST': "example.com"}, None, qs)
def chooseIdp(environ, start_response, startText): query = environ.get("QUERY_STRING") try: _idp_entity_id = dict(parse_qs(query))["IdPEntityId"][0] except KeyError: conf = config_factory("sp", "sp_conf") idps = conf.metadata.with_descriptor("idpsso") if len(idps) > 1: response = ["<H3>You have configured multiple IdP's for this SP.</H3><br />Please choose the IdP to use and click on login.<br /><br />"] response.insert(0,startText) response.append("<form><select name='IdPEntityId'>") for tmp_idp_entity_id in idps.keys(): response.append("<option value='"+tmp_idp_entity_id+"'>"+tmp_idp_entity_id+"</option>") response.append("</select><input type='submit' value='Login'/></form>") resp = Response(response) return resp(environ, start_response) return None
def test_signed_response_with_hmac_should_fail(self, mock_validate_on_or_after): conf = config_factory("sp", dotname("server_conf")) ar = authn_response(conf, return_addrs="https://example.org/acs/post") ar.issue_instant_ok = Mock(return_value=True) with open(SIGNED_RESPONSE_HMAC) as fp: xml_response = fp.read() ar.outstanding_queries = {"id-abc": "http://localhost:8088/sso"} ar.timeslack = 10000 # .loads checks the response signature with raises(SignatureError): ar.loads(xml_response, decode=False) assert ar.ava is None assert ar.name_id is None
def __init__(self, entity_type, config=None, config_file="", virtual_organization=""): self.entity_type = entity_type self.users = None if config: self.config = config elif config_file: self.config = config_factory(entity_type, config_file) else: raise SAMLError("Missing configuration") HTTPBase.__init__(self, self.config.verify_ssl_cert, self.config.ca_certs, self.config.key_file, self.config.cert_file) if self.config.vorg: for vo in list(self.config.vorg.values()): vo.sp = self self.metadata = self.config.metadata self.config.setup_logger() self.debug = self.config.debug self.seed = rndbytes(32) self.sec = security_context(self.config) if virtual_organization: if isinstance(virtual_organization, str): self.vorg = self.config.vorg[virtual_organization] elif isinstance(virtual_organization, VirtualOrg): self.vorg = virtual_organization else: self.vorg = None self.artifact = {} if self.metadata: self.sourceid = self.metadata.construct_source_id() else: self.sourceid = {}
def test_signed_assertion_with_random_embedded_cert_should_be_ignored( self, mock_validate_on_or_after): """ if the embedded cert is not ignored then verification will fail """ conf = config_factory("sp", dotname("server_conf")) ar = authn_response( conf, return_addrs="https://51.15.251.81.xip.io/acs/post") ar.issue_instant_ok = Mock(return_value=True) with open(SIGNED_ASSERTION_RANDOM_EMBEDDED_CERT) as fp: xml_response = fp.read() ar.outstanding_queries = {"id-abc": "http://localhost:8088/sso"} ar.timeslack = 10000 # .loads does not check the assertion, only the response signature # use .verify to verify the contents of the response assert ar.loads(xml_response, decode=False) assert ar.verify()
def __init__(self, entity_type, config=None, config_file="", virtual_organization=""): self.entity_type = entity_type self.users = None if config: self.config = config elif config_file: self.config = config_factory(entity_type, config_file) else: raise SAMLError("Missing configuration") HTTPBase.__init__(self, self.config.verify_ssl_cert, self.config.ca_certs, self.config.key_file, self.config.cert_file) if self.config.vorg: for vo in self.config.vorg.values(): vo.sp = self self.metadata = self.config.metadata self.config.setup_logger() self.debug = self.config.debug self.seed = rndstr(32) self.sec = security_context(self.config) if virtual_organization: if isinstance(virtual_organization, basestring): self.vorg = self.config.vorg[virtual_organization] elif isinstance(virtual_organization, VirtualOrg): self.vorg = virtual_organization else: self.vorg = None self.artifact = {} if self.metadata: self.sourceid = self.metadata.construct_source_id() else: self.sourceid = {}
def register_endpoints(self): """ Given the configuration, return a set of URL to function mappings. """ url_map = [] sp_endpoints = self.sp.config.getattr("endpoints", "sp") for endp, binding in sp_endpoints["assertion_consumer_service"]: p = urlparse(endp) url_map.append(("^%s?(.*)$" % p.path[1:], ("SP", "authn_response", BINDING_MAP[binding]))) url_map.append(("^%s$" % p.path[1:], ("SP", "authn_response", BINDING_MAP[binding]))) if self.discosrv: for endp, binding in sp_endpoints["discovery_response"]: p = urlparse(endp) url_map.append(("^%s$" % p.path[1:], ("SP", "disco_response", BINDING_MAP[binding]))) return url_map if __name__ == "__main__": import sys from saml2.config import config_factory _config = config_factory("sp", sys.argv[1]) sp = SamlSP(None, None, _config) maps = sp.register_endpoints() print(maps)
def __init__(self, config=None, identity_cache=None, state_cache=None, virtual_organization="", config_file=""): """ :param config: A saml2.config.Config instance :param identity_cache: Where the class should store identity information :param state_cache: Where the class should keep state information :param virtual_organization: A specific virtual organization """ self.users = Population(identity_cache) # for server state storage if state_cache is None: self.state = {} # in memory storage else: self.state = state_cache if config: self.config = config elif config_file: self.config = config_factory("sp", config_file) else: raise Exception("Missing configuration") HTTPBase.__init__(self, self.config.verify_ssl_cert, self.config.ca_certs, self.config.key_file, self.config.cert_file) if self.config.vorg: for vo in self.config.vorg.values(): vo.sp = self self.metadata = self.config.metadata self.config.setup_logger() # we copy the config.debug variable in an internal # field for convenience and because we may need to # change it during the tests self.debug = self.config.debug self.sec = security_context(self.config) if virtual_organization: if isinstance(virtual_organization, basestring): self.vorg = self.config.vorg[virtual_organization] elif isinstance(virtual_organization, VirtualOrg): self.vorg = virtual_organization else: self.vorg = None for foo in [ "allow_unsolicited", "authn_requests_signed", "logout_requests_signed" ]: if self.config.getattr("sp", foo) == 'true': setattr(self, foo, True) else: setattr(self, foo, False) # extra randomness self.seed = rndstr(32) self.logout_requests_signed_default = True self.allow_unsolicited = self.config.getattr("allow_unsolicited", "sp")
def setup_class(self): self.conf = config_factory("sp", dotname("server_conf")) self.ar = authn_response(self.conf, return_addrs="https://example.org/acs/post")
def __init__(self, args, base_dir): self.idp_server = None sys.path.insert(0, os.getcwd()) server_conf = importlib.import_module(args.server_config) e_alg = None if "e_alg" in args: e_alg = args.e_alg key = None if "key" in args: key = args.key h_alg = None if "h_alg" in args: h_alg = args.h_alg iv = None if "iv" in args: iv = args.iv self.tid_handler = TargetIdHandler(e_alg=e_alg, key=key, h_alg=h_alg, iv=iv) self.cache = {} self.urls = [(r'.+\.css$', WsgiApplication.css), ] self.sp_args = None self.base_dir = base_dir if os.path.isdir(self.base_dir + "/static"): self.static_dir = self.base_dir else: self.static_dir = "/opt/pefimproxy/" self.logger = WsgiApplication.create_logger(server_conf.LOG_FILE, self.base_dir) # read the configuration file config = importlib.import_module(args.config) # deal with metadata only once _metadata_conf = config.CONFIG["metadata"] _spc = config_factory("sp", args.config) mds = _spc.load_metadata(_metadata_conf) idp_conf, sp_confs = get_configurations(args.config, metadata_construction=False, metadata=mds, cache=self.cache) self.config = { "SP": sp_confs, "IDP": idp_conf} # If entityID is set it means this is a proxy in front of one IdP if args.entityid: self.entity_id = args.entityid self.sp_args = {} else: self.entity_id = None self.sp_args = {"discosrv": config.DISCO_SRV} sp = SamlSP(None, None, self.config["SP"], self.cache) self.urls.extend(sp.register_endpoints()) try: self.tid1_to_tid2 = server_conf.TID1_TO_TID2 except: self.tid1_to_tid2 = None try: self.tid2_to_tid1 = server_conf.TID2_TO_TID1 except: self.tid2_to_tid1 = None try: self.encmsg_to_iv = server_conf.ENCMSG_TO_IV except: self.encmsg_to_iv = None try: self.force_persistant_nameid = server_conf.FORCE_PRESISTENT_NAMEID except: self.force_persistant_nameid = False try: self.force_no_userid_subject_cacheing = server_conf.FORCE_NO_USERID_SUBJECT_CACHEING except: self.force_no_userid_subject_cacheing = False samlidp = self.create_SamlIDP(None, None, None) self.urls.extend(samlidp.register_endpoints()) self.issuer = server_conf.ISSUER
def __init__(self, config_module): Saml2Client.__init__(self, config_factory('sp', config_module))
parser = argparse.ArgumentParser() parser.add_argument('-d', dest='debug', action='store_true') parser.add_argument('-e', dest="entityid") parser.add_argument(dest="config") args = parser.parse_args() # read the configuration file sys.path.insert(0, ".") Config = importlib.import_module(args.config) # deal with metadata only once _metadata_conf = Config.CONFIG["metadata"] Config.CONFIG["metadata"] = {} CONFIG = { "SP": config_factory("sp", args.config), "IDP": config_factory("idp", args.config) } _spc = CONFIG["SP"] mds = _spc.load_metadata(_metadata_conf) CONFIG["SP"].metadata = mds CONFIG["IDP"].metadata = mds # If entityID is set it means this is a proxy in front of one IdP if args.entityid: EntityID = args.entityid SP_ARGS = {} else: EntityID = None
def setup_class(self): self.conf = config_factory("sp", dotname("server_conf")) self.ar = authn_response(self.conf, "http://lingon.catalogix.se:8087/")
def register_endpoints(self): """ Given the configuration, return a set of URL to function mappings. """ url_map = [] for endp, binding in self.sp.config.getattr( "endpoints", "sp")["assertion_consumer_service"]: p = urlparse(endp) url_map.append(("^%s?(.*)$" % p.path[1:], ("SP", "authn_response", BINDING_MAP[binding]))) url_map.append(("^%s$" % p.path[1:], ("SP", "authn_response", BINDING_MAP[binding]))) for endp, binding in self.sp.config.getattr( "endpoints", "sp")["discovery_response"]: p = urlparse(endp) url_map.append(("^%s\?(.*)$" % p.path[1:], ("SP", "disco_response", BINDING_MAP[binding]))) return url_map if __name__ == "__main__": import sys from saml2.config import config_factory _config = config_factory("sp", sys.argv[1]) sp = SamlSP(None, None, _config) maps = sp.register_endpoints() print maps
parser = argparse.ArgumentParser() parser.add_argument('-d', dest='debug', action='store_true') parser.add_argument('-e', dest="entityid") parser.add_argument(dest="config") args = parser.parse_args() # read the configuration file sys.path.insert(0, ".") Config = importlib.import_module(args.config) # deal with metadata only once _metadata_conf = Config.CONFIG["metadata"] Config.CONFIG["metadata"] = {} CONFIG = { "SP": config_factory("sp", args.config), "IDP": config_factory("idp", args.config)} _spc = CONFIG["SP"] mds = _spc.load_metadata(_metadata_conf) CONFIG["SP"].metadata = mds CONFIG["IDP"].metadata = mds # If entityID is set it means this is a proxy in front of one IdP if args.entityid: EntityID = args.entityid SP_ARGS = {} else: EntityID = None SP_ARGS = {"discosrv": Config.DISCO_SRV}
def __init__( self, config=None, debug=0, identity_cache=None, state_cache=None, virtual_organization=None, config_file="", logger=None, ): """ :param config: A saml2.config.Config instance :param debug: Whether debugging should be done even if the configuration says otherwise :param identity_cache: Where the class should store identity information :param state_cache: Where the class should keep state information :param virtual_organization: Which if any virtual organization this SP belongs to """ self.users = Population(identity_cache) # for server state storage if state_cache is None: self.state = {} # in memory storage else: self.state = state_cache self.sec = None if config: self.config = config elif config_file: self.config = config_factory("sp", config_file) else: raise Exception("Missing configuration") self.metadata = self.config.metadata if logger is None: self.logger = self.config.setup_logger() else: self.logger = logger if not debug and self.config: self.debug = self.config.debug else: self.debug = debug self.sec = security_context(self.config, log=self.logger, debug=self.debug) if virtual_organization: self.vorg = VirtualOrg(self, virtual_organization) else: self.vorg = None if "allow_unsolicited" in self.config: self.allow_unsolicited = self.config.allow_unsolicited else: self.allow_unsolicited = False if "verify_signatures" in self.config: self.verify_signatures = self.config.verify_signatures else: self.verify_signatures = True if getattr(self.config, "authn_requests_signed", "false") == "true": self.authn_requests_signed_default = True else: self.authn_requests_signed_default = False if getattr(self.config, "logout_requests_signed", "false") == "true": self.logout_requests_signed_default = True else: self.logout_requests_signed_default = False