def openid_conf(self): endpoint = {} for point, path in ENDPOINT.items(): endpoint[point] = "%s%s" % (self.host, path) signing_algs = list(jws.SIGNER_ALGS.keys()) resp = ProviderConfigurationResponse( issuer=self.name, scopes_supported=["openid", "profile", "email", "address"], identifiers_supported=["public", "PPID"], flows_supported=[ "code", "token", "code token", "id_token", "code id_token", "token id_token" ], subject_types_supported=["pairwise", "public"], response_types_supported=[ "code", "token", "id_token", "code token", "code id_token", "token id_token", "code token id_token" ], jwks_uri="http://example.com/oidc/jwks", id_token_signing_alg_values_supported=signing_algs, grant_types_supported=["authorization_code", "implicit"], **endpoint) response = Response() response.headers = {"content-type": "application/json"} response.text = resp.to_json() return response
def openid_conf(self): endpoint = {} for point, path in ENDPOINT.items(): endpoint[point] = "%s%s" % (self.host, path) signing_algs = list(jws.SIGNER_ALGS.keys()) resp = ProviderConfigurationResponse( issuer=self.name, scopes_supported=["openid", "profile", "email", "address"], identifiers_supported=["public", "PPID"], flows_supported=["code", "token", "code token", "id_token", "code id_token", "token id_token"], subject_types_supported=["pairwise", "public"], response_types_supported=["code", "token", "id_token", "code token", "code id_token", "token id_token", "code token id_token"], jwks_uri="http://example.com/oidc/jwks", id_token_signing_alg_values_supported=signing_algs, grant_types_supported=["authorization_code", "implicit"], **endpoint) response = Response() response.headers = {"content-type": "application/json"} response.text = resp.to_json() return response
def providerinfo_endpoint(self, environ, start_response, **kwargs): logger.info("@providerinfo_endpoint") try: _response = ProviderConfigurationResponse( issuer=self.baseurl, token_endpoint_auth_types_supported=[ "client_secret_post", "client_secret_basic", "client_secret_jwt"], scopes_supported=["openid"], response_types_supported=["code", "token", "id_token", "code token", "code id_token", "token id_token", "code token id_token"], user_id_types_supported=["public"], #request_object_algs_supported=["HS256"] ) if not self.baseurl.endswith("/"): self.baseurl += "/" #keys = self.keystore.keys_by_owner(owner=".") #for cert in self.cert: # _response["x509_url"] = "%s%s" % (self.baseurl, cert) if self.jwk: _response["jwk_url"] = self.jwk #logger.info("endpoints: %s" % self.endpoints) for endp in self.endpoints: #logger.info("# %s, %s" % (endp, endp.name)) _response[endp.name] = "%s%s" % (self.baseurl, endp.type) #if self.test_mode: #print sys.stderr >> "providerinfo_endpoint.handle: %s" % # kwargs["handle"] logger.info("provider_info_response: %s" % (_response.to_dict(),)) headers=[("Cache-Control", "no-store"), ("x-ffo", "bar")] if "handle" in kwargs: (key, timestamp) = kwargs["handle"] if key.startswith(STR) and key.endswith(STR): cookie = self.cookie_func(self.cookie_name, key, self.seed, self.cookie_ttl) headers.append(cookie) resp = Response(_response.to_json(), content="application/json", headers=headers) except Exception, err: message = traceback.format_exception(*sys.exc_info()) logger.error(message) resp = Response(message, content="html/text")
def _provider_config(self, context): """ Construct the provider configuration information (served at /.well-known/openid-configuration). :type context: satosa.context.Context :rtype: oic.utils.http_util.Response :param context: the current context :return: HTTP response to the client """ http_resp = self.provider.providerinfo_endpoint() if not isinstance(http_resp, Response): return http_resp provider_config = ProviderConfigurationResponse().deserialize(http_resp.message, "json") del provider_config["token_endpoint_auth_methods_supported"] del provider_config["require_request_uri_registration"] http_resp.message = provider_config.to_json() return http_resp
def _provider_config(self, context): """ Construct the provider configuration information (served at /.well-known/openid-configuration). :type context: satosa.context.Context :rtype: oic.utils.http_util.Response :param context: the current context :return: HTTP response to the client """ http_resp = self.provider.providerinfo_endpoint() if not isinstance(http_resp, Response): return http_resp provider_config = ProviderConfigurationResponse().deserialize( http_resp.message, "json") del provider_config["token_endpoint_auth_methods_supported"] del provider_config["require_request_uri_registration"] http_resp.message = provider_config.to_json() return http_resp
def providerinfo_endpoint(self, handle="", **kwargs): _log_debug = logger.debug _log_info = logger.info _log_info("@providerinfo_endpoint") try: _response = ProviderConfigurationResponse( issuer=self.baseurl, token_endpoint_auth_methods_supported=[ "client_secret_post", "client_secret_basic", "client_secret_jwt", "private_key_jwt"], scopes_supported=["openid"], response_types_supported=["code", "token", "id_token", "code token", "code id_token", "token id_token", "code token id_token"], subject_types_supported=["public", "pairwise"], grant_types_supported=[ "authorization_code", "implicit", "urn:ietf:params:oauth:grant-type:jwt-bearer"], claim_types_supported=["normal", "aggregated", "distributed"], claims_supported=SCOPE2CLAIMS.keys(), claims_parameter_supported="true", request_parameter_supported="true", request_uri_parameter_supported="true", #request_object_algs_supported=["HS256"] ) sign_algs = jws.SIGNER_ALGS.keys() for typ in ["userinfo", "id_token", "request_object", "token_endpoint_auth"]: _response["%s_signing_alg_values_supported" % typ] = sign_algs algs = jwe.SUPPORTED["alg"] for typ in ["userinfo", "id_token", "request_object"]: _response["%s_encryption_alg_values_supported" % typ] = algs encs = jwe.SUPPORTED["enc"] for typ in ["userinfo", "id_token", "request_object"]: _response["%s_encryption_enc_values_supported" % typ] = encs if not self.baseurl.endswith("/"): self.baseurl += "/" #keys = self.keyjar.keys_by_owner(owner=".") if self.jwks_uri: _response["jwks_uri"] = self.jwks_uri #_log_info("endpoints: %s" % self.endpoints) for endp in self.endpoints: #_log_info("# %s, %s" % (endp, endp.name)) _response[endp.name] = "%s%s" % (self.baseurl, endp.etype) _log_info("provider_info_response: %s" % (_response.to_dict(),)) headers = [("Cache-Control", "no-store"), ("x-ffo", "bar")] if handle: (key, timestamp) = handle if key.startswith(STR) and key.endswith(STR): cookie = self.cookie_func(key, self.cookie_name, "pinfo", self.sso_ttl) headers.append(cookie) resp = Response(_response.to_json(), content="application/json", headers=headers) except Exception, err: message = traceback.format_exception(*sys.exc_info()) logger.error(message) resp = Response(message, content="html/text")