def openid_conf(self):
endpoint = {}
for point, path in ENDPOINT.items():
endpoint[point] = "%s%s" % (self.host, path)
signing_algs = list(jws.SIGNER_ALGS.keys())
resp = ProviderConfigurationResponse(
issuer=self.name,
scopes_supported=["openid", "profile", "email", "address"],
identifiers_supported=["public", "PPID"],
flows_supported=[
"code", "token", "code token", "id_token", "code id_token",
"token id_token"
],
subject_types_supported=["pairwise", "public"],
response_types_supported=[
"code", "token", "id_token", "code token", "code id_token",
"token id_token", "code token id_token"
],
jwks_uri="http://example.com/oidc/jwks",
id_token_signing_alg_values_supported=signing_algs,
grant_types_supported=["authorization_code", "implicit"],
**endpoint)
response = Response()
response.headers = {"content-type": "application/json"}
response.text = resp.to_json()
return response
def openid_conf(self):
endpoint = {}
for point, path in ENDPOINT.items():
endpoint[point] = "%s%s" % (self.host, path)
signing_algs = list(jws.SIGNER_ALGS.keys())
resp = ProviderConfigurationResponse(
issuer=self.name,
scopes_supported=["openid", "profile", "email", "address"],
identifiers_supported=["public", "PPID"],
flows_supported=["code", "token", "code token", "id_token",
"code id_token", "token id_token"],
subject_types_supported=["pairwise", "public"],
response_types_supported=["code", "token", "id_token",
"code token", "code id_token",
"token id_token", "code token id_token"],
jwks_uri="http://example.com/oidc/jwks",
id_token_signing_alg_values_supported=signing_algs,
grant_types_supported=["authorization_code", "implicit"],
**endpoint)
response = Response()
response.headers = {"content-type": "application/json"}
response.text = resp.to_json()
return response
def providerinfo_endpoint(self, environ, start_response, **kwargs):
logger.info("@providerinfo_endpoint")
try:
_response = ProviderConfigurationResponse(
issuer=self.baseurl,
token_endpoint_auth_types_supported=[
"client_secret_post",
"client_secret_basic",
"client_secret_jwt"],
scopes_supported=["openid"],
response_types_supported=["code", "token",
"id_token", "code token",
"code id_token",
"token id_token",
"code token id_token"],
user_id_types_supported=["public"],
#request_object_algs_supported=["HS256"]
)
if not self.baseurl.endswith("/"):
self.baseurl += "/"
#keys = self.keystore.keys_by_owner(owner=".")
#for cert in self.cert:
# _response["x509_url"] = "%s%s" % (self.baseurl, cert)
if self.jwk:
_response["jwk_url"] = self.jwk
#logger.info("endpoints: %s" % self.endpoints)
for endp in self.endpoints:
#logger.info("# %s, %s" % (endp, endp.name))
_response[endp.name] = "%s%s" % (self.baseurl, endp.type)
#if self.test_mode:
#print sys.stderr >> "providerinfo_endpoint.handle: %s" %
# kwargs["handle"]
logger.info("provider_info_response: %s" % (_response.to_dict(),))
headers=[("Cache-Control", "no-store"), ("x-ffo", "bar")]
if "handle" in kwargs:
(key, timestamp) = kwargs["handle"]
if key.startswith(STR) and key.endswith(STR):
cookie = self.cookie_func(self.cookie_name, key, self.seed,
self.cookie_ttl)
headers.append(cookie)
resp = Response(_response.to_json(), content="application/json",
headers=headers)
except Exception, err:
message = traceback.format_exception(*sys.exc_info())
logger.error(message)
resp = Response(message, content="html/text")
def _provider_config(self, context):
"""
Construct the provider configuration information (served at /.well-known/openid-configuration).
:type context: satosa.context.Context
:rtype: oic.utils.http_util.Response
:param context: the current context
:return: HTTP response to the client
"""
http_resp = self.provider.providerinfo_endpoint()
if not isinstance(http_resp, Response):
return http_resp
provider_config = ProviderConfigurationResponse().deserialize(http_resp.message, "json")
del provider_config["token_endpoint_auth_methods_supported"]
del provider_config["require_request_uri_registration"]
http_resp.message = provider_config.to_json()
return http_resp
def _provider_config(self, context):
"""
Construct the provider configuration information (served at /.well-known/openid-configuration).
:type context: satosa.context.Context
:rtype: oic.utils.http_util.Response
:param context: the current context
:return: HTTP response to the client
"""
http_resp = self.provider.providerinfo_endpoint()
if not isinstance(http_resp, Response):
return http_resp
provider_config = ProviderConfigurationResponse().deserialize(
http_resp.message, "json")
del provider_config["token_endpoint_auth_methods_supported"]
del provider_config["require_request_uri_registration"]
http_resp.message = provider_config.to_json()
return http_resp
def providerinfo_endpoint(self, handle="", **kwargs):
_log_debug = logger.debug
_log_info = logger.info
_log_info("@providerinfo_endpoint")
try:
_response = ProviderConfigurationResponse(
issuer=self.baseurl,
token_endpoint_auth_methods_supported=[
"client_secret_post", "client_secret_basic",
"client_secret_jwt", "private_key_jwt"],
scopes_supported=["openid"],
response_types_supported=["code", "token", "id_token",
"code token", "code id_token",
"token id_token",
"code token id_token"],
subject_types_supported=["public", "pairwise"],
grant_types_supported=[
"authorization_code", "implicit",
"urn:ietf:params:oauth:grant-type:jwt-bearer"],
claim_types_supported=["normal", "aggregated", "distributed"],
claims_supported=SCOPE2CLAIMS.keys(),
claims_parameter_supported="true",
request_parameter_supported="true",
request_uri_parameter_supported="true",
#request_object_algs_supported=["HS256"]
)
sign_algs = jws.SIGNER_ALGS.keys()
for typ in ["userinfo", "id_token", "request_object",
"token_endpoint_auth"]:
_response["%s_signing_alg_values_supported" % typ] = sign_algs
algs = jwe.SUPPORTED["alg"]
for typ in ["userinfo", "id_token", "request_object"]:
_response["%s_encryption_alg_values_supported" % typ] = algs
encs = jwe.SUPPORTED["enc"]
for typ in ["userinfo", "id_token", "request_object"]:
_response["%s_encryption_enc_values_supported" % typ] = encs
if not self.baseurl.endswith("/"):
self.baseurl += "/"
#keys = self.keyjar.keys_by_owner(owner=".")
if self.jwks_uri:
_response["jwks_uri"] = self.jwks_uri
#_log_info("endpoints: %s" % self.endpoints)
for endp in self.endpoints:
#_log_info("# %s, %s" % (endp, endp.name))
_response[endp.name] = "%s%s" % (self.baseurl, endp.etype)
_log_info("provider_info_response: %s" % (_response.to_dict(),))
headers = [("Cache-Control", "no-store"), ("x-ffo", "bar")]
if handle:
(key, timestamp) = handle
if key.startswith(STR) and key.endswith(STR):
cookie = self.cookie_func(key, self.cookie_name, "pinfo",
self.sso_ttl)
headers.append(cookie)
resp = Response(_response.to_json(), content="application/json",
headers=headers)
except Exception, err:
message = traceback.format_exception(*sys.exc_info())
logger.error(message)
resp = Response(message, content="html/text")
