def __init__(self, config=None, identity_cache=None, state_cache=None,
virtual_organization="", config_file=""):
"""
:param config: A saml2.config.Config instance
:param identity_cache: Where the class should store identity information
:param state_cache: Where the class should keep state information
:param virtual_organization: A specific virtual organization
"""
Entity.__init__(self, "sp", config, config_file, virtual_organization)
self.users = Population(identity_cache)
self.lock = threading.Lock()
# for server state storage
if state_cache is None:
self.state = {} # in memory storage
else:
self.state = state_cache
self.logout_requests_signed = False
self.allow_unsolicited = False
self.authn_requests_signed = False
self.want_assertions_signed = False
self.want_response_signed = False
for attribute in ["allow_unsolicited", "authn_requests_signed",
"logout_requests_signed", "want_assertions_signed",
"want_response_signed"]:
v = self.config.getattr(attribute, "sp")
if v is True or v == 'true':
setattr(self, attribute, True)
self.artifact2response = {}
def __init__(self,
config=None,
identity_cache=None,
state_cache=None,
virtual_organization="",
config_file="",
msg_cb=None):
"""
:param config: A saml2.config.Config instance
:param identity_cache: Where the class should store identity information
:param state_cache: Where the class should keep state information
:param virtual_organization: A specific virtual organization
"""
Entity.__init__(self,
"sp",
config,
config_file,
virtual_organization,
msg_cb=msg_cb)
self.users = Population(identity_cache)
self.lock = threading.Lock()
# for server state storage
if state_cache is None:
self.state = {} # in memory storage
else:
self.state = state_cache
attribute_defaults = {
"logout_requests_signed": False,
"allow_unsolicited": False,
"authn_requests_signed": False,
"want_assertions_signed": False,
"want_response_signed": True,
"want_assertions_or_response_signed": False
}
for attr, val_default in attribute_defaults.items():
val_config = self.config.getattr(attr, "sp")
if val_config is None:
val = val_default
else:
val = val_config
if val == 'true':
val = True
setattr(self, attr, val)
if self.entity_type == "sp" and not any([
self.want_assertions_signed,
self.want_response_signed,
self.want_assertions_or_response_signed,
]):
logger.warning(
"The SAML service provider accepts unsigned SAML Responses "
"and Assertions. This configuration is insecure.")
self.artifact2response = {}
def __init__(self,
user,
passwd,
sp="",
idp=None,
metadata_file=None,
xmlsec_binary=None,
verbose=0,
ca_certs="",
disable_ssl_certificate_validation=True,
key_file=None,
cert_file=None,
config=None):
"""
:param user: user name
:param passwd: user password
:param sp: The SP URL
:param idp: The IdP PAOS endpoint
:param metadata_file: Where the metadata file is if used
:param xmlsec_binary: Where the xmlsec1 binary can be found (*)
:param verbose: Chatty or not
:param ca_certs: is the path of a file containing root CA certificates
for SSL server certificate validation (*)
:param disable_ssl_certificate_validation: If
disable_ssl_certificate_validation is true, SSL cert validation
will not be performed (*)
:param key_file: Private key filename (*)
:param cert_file: Certificate filename (*)
:param config: Config() instance, overrides all the parameters marked
with an asterisk (*) above
"""
if not config:
config = Config()
config.disable_ssl_certificate_validation = \
disable_ssl_certificate_validation
config.key_file = key_file
config.cert_file = cert_file
config.ca_certs = ca_certs
config.xmlsec_binary = xmlsec_binary
Entity.__init__(self, "sp", config)
self._idp = idp
self._sp = sp
self.user = user
self.passwd = passwd
self._verbose = verbose
if metadata_file:
self._metadata = MetadataStore([saml, samlp], None, config)
self._metadata.load("local", metadata_file)
logger.debug("Loaded metadata from '%s'" % metadata_file)
else:
self._metadata = None
self.metadata = self._metadata
self.cookie_handler = None
self.done_ecp = False
self.cookie_jar = cookielib.LWPCookieJar()
def __init__(self, config=None, identity_cache=None, state_cache=None,
virtual_organization="", config_file=""):
"""
:param config: A saml2.config.Config instance
:param identity_cache: Where the class should store identity information
:param state_cache: Where the class should keep state information
:param virtual_organization: A specific virtual organization
"""
Entity.__init__(self, "sp", config, config_file, virtual_organization)
self.users = Population(identity_cache)
self.lock = threading.Lock()
# for server state storage
if state_cache is None:
self.state = {} # in memory storage
else:
self.state = state_cache
self.logout_requests_signed = False
self.allow_unsolicited = False
self.authn_requests_signed = False
self.want_assertions_signed = False
self.want_response_signed = False
for foo in ["allow_unsolicited", "authn_requests_signed",
"logout_requests_signed", "want_assertions_signed",
"want_response_signed"]:
v = self.config.getattr(foo, "sp")
if v is True or v == 'true':
setattr(self, foo, True)
self.artifact2response = {}
def __init__(self, config=None, identity_cache=None, state_cache=None,
virtual_organization="", config_file=""):
"""
:param config: A saml2.config.Config instance
:param identity_cache: Where the class should store identity information
:param state_cache: Where the class should keep state information
:param virtual_organization: A specific virtual organization
"""
Entity.__init__(self, "sp", config, config_file, virtual_organization)
self.users = Population(identity_cache)
# for server state storage
if state_cache is None:
self.state = {} # in memory storage
else:
self.state = state_cache
for foo in ["allow_unsolicited", "authn_requests_signed",
"logout_requests_signed"]:
if self.config.getattr(foo, "sp") == 'true':
setattr(self, foo, True)
else:
setattr(self, foo, False)
self.artifact2response = {}
def __init__(self, config_file="", config=None, _cache="", stype="idp"):
Entity.__init__(self, stype, config, config_file)
self.init_config(stype)
self._cache = _cache
self.ticket = {}
self.authn = {}
self.assertion = {}
self.user2uid = {}
self.uid2user = {}
self.session_db = SessionStorage()
def __init__(self, config=None, identity_cache=None, state_cache=None,
virtual_organization="", config_file="", msg_cb=None):
"""
:param config: A saml2.config.Config instance
:param identity_cache: Where the class should store identity information
:param state_cache: Where the class should keep state information
:param virtual_organization: A specific virtual organization
"""
Entity.__init__(self, "sp", config, config_file, virtual_organization,
msg_cb=msg_cb)
self.users = Population(identity_cache)
self.lock = threading.Lock()
# for server state storage
if state_cache is None:
self.state = {} # in memory storage
else:
self.state = state_cache
attribute_defaults = {
"logout_requests_signed": False,
"allow_unsolicited": False,
"authn_requests_signed": False,
"want_assertions_signed": False,
"want_response_signed": True,
"want_assertions_or_response_signed" : False
}
for attr, val_default in attribute_defaults.items():
val_config = self.config.getattr(attr, "sp")
if val_config is None:
val = val_default
else:
val = val_config
if val == 'true':
val = True
setattr(self, attr, val)
if self.entity_type == "sp" and not any(
[
self.want_assertions_signed,
self.want_response_signed,
self.want_assertions_or_response_signed,
]
):
logger.warning(
"The SAML service provider accepts unsigned SAML Responses "
"and Assertions. This configuration is insecure."
)
self.artifact2response = {}
def __init__(self, config_file="", config=None, cache=None, stype="idp",
symkey=""):
Entity.__init__(self, stype, config, config_file)
self.init_config(stype)
self.cache = cache
self.ticket = {}
#
self.session_db = self.choose_session_storage()
# Needed for
self.symkey = symkey
self.seed = rndstr()
self.iv = os.urandom(16)
self.eptid = None
def __init__(self, config_file="", config=None, cache=None, stype="idp",
symkey=""):
Entity.__init__(self, stype, config, config_file)
self.eptid = None
self.init_config(stype)
self.cache = cache
self.ticket = {}
#
self.session_db = self.choose_session_storage()
# Needed for
self.symkey = symkey
self.seed = rndbytes()
self.iv = os.urandom(16)
def __init__(self, user, passwd, sp="", idp=None, metadata_file=None,
xmlsec_binary=None, verbose=0, ca_certs="",
disable_ssl_certificate_validation=True, key_file=None,
cert_file=None, config=None):
"""
:param user: user name
:param passwd: user password
:param sp: The SP URL
:param idp: The IdP PAOS endpoint
:param metadata_file: Where the metadata file is if used
:param xmlsec_binary: Where the xmlsec1 binary can be found (*)
:param verbose: Chatty or not
:param ca_certs: is the path of a file containing root CA certificates
for SSL server certificate validation (*)
:param disable_ssl_certificate_validation: If
disable_ssl_certificate_validation is true, SSL cert validation
will not be performed (*)
:param key_file: Private key filename (*)
:param cert_file: Certificate filename (*)
:param config: Config() instance, overrides all the parameters marked
with an asterisk (*) above
"""
if not config:
config = Config()
config.disable_ssl_certificate_validation = \
disable_ssl_certificate_validation
config.key_file = key_file
config.cert_file = cert_file
config.ca_certs = ca_certs
config.xmlsec_binary = xmlsec_binary
Entity.__init__(self, "sp", config)
self._idp = idp
self._sp = sp
self.user = user
self.passwd = passwd
self._verbose = verbose
if metadata_file:
self._metadata = MetadataStore([saml, samlp], None, config)
self._metadata.load("local", metadata_file)
logger.debug("Loaded metadata from '%s'" % metadata_file)
else:
self._metadata = None
self.metadata = self._metadata
self.cookie_handler = None
self.done_ecp = False
self.cookie_jar = cookielib.LWPCookieJar()
def __init__(self, config_file="", config=None, cache=None, stype="idp",
symkey="", msg_cb=None):
Entity.__init__(self, stype, config, config_file, msg_cb=msg_cb)
self.eptid = None
self.init_config(stype)
self.cache = cache
self.ticket = {}
#
self.session_db = self.choose_session_storage()
# Needed for
self.symkey = symkey
self.seed = rndstr()
self.iv = os.urandom(16)
self.lock = threading.Lock()
def __init__(self, config_file="", config=None, cache=None, stype="idp",
symkey="", msg_cb=None):
Entity.__init__(self, stype, config, config_file, msg_cb=msg_cb)
self.eptid = None
self.init_config(stype)
self.cache = cache
self.ticket = {}
self.session_db = self.choose_session_storage()
if symkey:
self.symkey = symkey.encode()
else:
self.symkey = saml2.cryptography.symmetric.Default.generate_key()
self.seed = rndstr()
self.lock = threading.Lock()
def __init__(self, config=None, config_file=""):
Entity.__init__(self, "disco", config, config_file)
def __init__(self, config=None, config_file=""):
if config or config_file:
Entity.__init__(self, "disco", config, config_file)
