def get_saml_client(domain):
"""Get SAML2 client."""
acs_url = domain + reverse('djangosaml2:acs')
saml_settings = {
'metadata': {
'remote': [{
'url': settings.SAML2_AUTH['METADATA_AUTO_CONF_URL']
}]
},
'service': {
'sp': {
'endpoints': {
'assertion_consumer_service': [
(acs_url, BINDING_HTTP_REDIRECT),
(acs_url, BINDING_HTTP_POST)
],
},
'allow_unsolicited': True,
'authn_requests_signed': True,
'logout_requests_signed': True,
'want_assertions_signed': True,
'want_response_signed': True,
},
},
}
sp_config = Config()
sp_config.load(saml_settings)
sp_config.allow_unknown_attributes = True
saml_client = Saml2Client(config=sp_config)
return saml_client
def dispatch(self, request, helper):
if self.metadata_url is None:
metadata_url = helper.fetch_state('metadata_url')
else:
metadata_url = self.metadata_url
request_id = helper.fetch_state('request_id')
settings = {
'entityid':
request.build_absolute_uri('/organizations/%s/' %
helper.organization.slug),
'metadata': {
'remote': [{
'url': metadata_url,
}],
},
'service': {
'sp': {
'endpoints': {
'assertion_consumer_service':
[(request.build_absolute_uri(
reverse('sentry-auth-sso')), BINDING_HTTP_POST)],
},
'allow_unsolicited': False,
'authn_requests_signed': False,
'logout_requests_signed': True,
'want_assertions_signed': False,
'want_response_signed': True,
},
},
}
config = Config()
config.load(settings)
client = Saml2Client(config)
response = client.parse_authn_request_response(
request.POST['SAMLResponse'],
BINDING_HTTP_POST,
outstanding={request_id: True})
extra = {
key.lower(): value
for key, value in response.get_identity().items()
}
user_info = response.get_subject()
email = user_info.text
username, domain = email.rsplit('@', 1)
if not email:
return helper.error('no email')
helper.bind_state('email', email)
helper.bind_state('name', extra.get('name', username))
return helper.next_step()
def test_load_local():
# string representation of XML idp definition
idp_metadata = open(full_path("metadata.xml")).read()
saml_config = Config()
config_dict = {"metadata": {"inline": [idp_metadata]}}
cfg = saml_config.load(config_dict)
assert cfg
def _make_metadata(config_dict, option):
"""
Creates metadata from the given idp config
:type config_dict: dict[str, Any]
:type option: vopaas.metadata_creation.make_vopaas_metadata.MetadataOption
:rtype: str
:param config_dict: config
:param option: metadata creation settings
:return: A xml string
"""
eds = []
cnf = Config()
cnf.load(copy.deepcopy(config_dict), metadata_construction=True)
if option.valid:
cnf.valid_for = option.valid
eds.append(entity_descriptor(cnf))
conf = Config()
conf.key_file = option.keyfile
conf.cert_file = option.cert
conf.debug = 1
conf.xmlsec_binary = option.xmlsec
secc = security_context(conf)
if option.id:
desc, xmldoc = entities_descriptor(eds, option.valid, option.name, option.id,
option.sign, secc)
valid_instance(desc)
print(desc.to_string(NSPAIR))
else:
for eid in eds:
if option.sign:
assert conf.key_file
assert conf.cert_file
eid, xmldoc = sign_entity_descriptor(eid, option.id, secc)
else:
xmldoc = None
valid_instance(eid)
xmldoc = metadata_tostring_fix(eid, NSPAIR, xmldoc).decode()
return xmldoc
def _make_metadata(config_dict, option):
"""
Creates metadata from the given idp config
:type config_dict: dict[str, Any]
:type option: vopaas.metadata_creation.make_vopaas_metadata.MetadataOption
:rtype: str
:param config_dict: config
:param option: metadata creation settings
:return: A xml string
"""
eds = []
cnf = Config()
cnf.load(copy.deepcopy(config_dict), metadata_construction=True)
if option.valid:
cnf.valid_for = option.valid
eds.append(entity_descriptor(cnf))
conf = Config()
conf.key_file = option.keyfile
conf.cert_file = option.cert
conf.debug = 1
conf.xmlsec_binary = option.xmlsec
secc = security_context(conf)
if option.id:
desc, xmldoc = entities_descriptor(eds, option.valid, option.name, option.id, option.sign, secc)
valid_instance(desc)
print(desc.to_string(NSPAIR))
else:
for eid in eds:
if option.sign:
assert conf.key_file
assert conf.cert_file
eid, xmldoc = sign_entity_descriptor(eid, option.id, secc)
else:
xmldoc = None
valid_instance(eid)
xmldoc = metadata_tostring_fix(eid, NSPAIR, xmldoc).decode()
return xmldoc
def _saml2_config(self):
if hasattr(self, '_v_cached_config') and self._v_cached_config:
return self._v_cached_config
config = Config()
conf=sp_config.copy()
metadata_file = self.config['metadata_file']
if not metadata_file:
path = os.path.dirname(__file__)
metadata_file = os.path.join(path, 'metadata.xml')
conf['metadata']['local'] = [metadata_file]
config.load(conf)
config['entityid'] = self.config['portal_url']
config['service']['sp']['name'] = self.config['portal_name']
config['service']['sp']['url'] = self.config['portal_url']
required_attributes = []
for attribute in self.config['required_attributes'].split('\r\n'):
name = attributes.get(attribute, None)
if name:
required_attributes.append(name)
elif attribute in attributes.values():
required_attributes.append(attribute)
optional_attributes = []
for attribute in self.config['optional_attributes'].split('\r\n'):
name = attributes.get(attribute, None)
if name:
optional_attributes.append(name)
elif attribute in attributes.values():
optional_attributes.append(attribute)
config['service']['sp']['required_attributes'] = required_attributes
config['service']['sp']['optional_attributes'] = optional_attributes
config['service']['sp']['privacy_notice'] = self.config['privacy_notice']
config['key_file'] = self.config['key_file']
config['cert_file'] = self.config['cert_file']
config['xmlsec_binary'] = self.config['xmlsec_binary']
# Get Idps from the metadata
config['service']['sp']['idp'] = {}
for location in config['metadata'].locations():
name = config['metadata'].name(location)
config['service']['sp']['idp'][name] = location
self._v_cached_config = config
return self._v_cached_config
def test_load_local():
# string representation of XML idp definition
idp_metadata = open(full_path("metadata.xml")).read()
saml_config = Config()
config_dict = {
"metadata": {"inline": [idp_metadata]}
}
cfg = saml_config.load(config_dict)
assert cfg
def dispatch(self, request, helper):
if self.metadata_url is None:
metadata_url = helper.fetch_state('metadata_url')
else:
metadata_url = self.metadata_url
org = self.get_active_organization(request)
settings = {
'entityid':
request.build_absolute_uri('/organizations/%s/' % org.slug),
'metadata': {
'remote': [{
'url': metadata_url,
}],
},
'service': {
'sp': {
'endpoints': {
'assertion_consumer_service':
[(request.build_absolute_uri(
reverse('sentry-auth-sso')), BINDING_HTTP_POST)],
},
'allow_unsolicited': False,
'authn_requests_signed': False,
'logout_requests_signed': True,
'want_assertions_signed': False,
'want_response_signed': True,
},
},
}
config = Config()
config.load(settings)
client = Saml2Client(config)
request_id, headers = client.prepare_for_authenticate()
helper.bind_state('request_id', request_id)
for key, value in headers['headers']:
if key is 'Location':
# helper.incr_step()
helper.request.session['auth']['idx'] += 1
helper.request.session.modified = True
return self.redirect(value)
