def create_endpoint(self):
# First the RP
_config = copy.deepcopy(RP_CONFIG)
_config['behaviour'] = {'federation_types_supported': ['explicit']}
entity = FederationRP(config=_config)
self.rp_federation_entity = entity.client_get(
"service_context").federation_entity
# The test data collector
self.rp_federation_entity.collector = DummyCollector(
trusted_roots=ANCHOR,
httpd=HTTPC,
root_dir=os.path.join(BASE_PATH, 'base_data'))
# The RP has/supports 3 services
self.service = {
'discovery':
FedProviderInfoDiscovery(entity.client_get),
'registration':
Registration(entity.client_get),
'authorization':
FedAuthorization(entity.client_get,
conf={"request_object_expires_in": 300}),
}
# and now for the OP
_config = copy.copy(OP_CONF)
_config['add_on'] = {
"automatic_registration": {
"function":
"fedservice.op.add_on.automatic_registration.add_support",
"kwargs": {
"new_id": False, # default False
'client_registration_authn_methods_supported': {
"ar": ['request_object']
},
'where': ['authorization']
}
}
}
server = FederationServer(_config)
self.registration_endpoint = server.server_get("endpoint",
"registration")
self.authorization_endpoint = server.server_get(
"endpoint", "authorization")
self.provider_endpoint = server.server_get("endpoint",
"provider_config")
federation_entity = server.server_get(
"endpoint_context").federation_entity
federation_entity.collector = DummyCollector(httpd=Publisher(ROOT_DIR),
trusted_roots=ANCHOR,
root_dir=ROOT_DIR)
def create_endpoint(self):
# First the RP
_config = copy.deepcopy(RP_CONFIG)
_config['behaviour'] = {'federation_types_supported': ['explicit']}
entity = FederationRP(config=_config)
self.rp_federation_entity = entity.client_get(
"service_context").federation_entity
# The test data collector
self.rp_federation_entity.collector = DummyCollector(
trusted_roots=ANCHOR,
httpd=HTTPC,
root_dir=os.path.join(BASE_PATH, 'base_data'))
entity._service = {
'discovery':
FedProviderInfoDiscovery(entity.client_get),
'registration':
Registration(entity.client_get),
'authorization':
FedAuthorization(entity.client_get,
conf={"request_object_expires_in": 300}),
}
self.rp = entity
# and now for the OP
_config = copy.copy(OP_CONF)
server = FederationServer(_config)
self.registration_endpoint = server.server_get("endpoint",
"registration")
self.authorization_endpoint = server.server_get(
"endpoint", "authorization")
self.provider_endpoint = server.server_get("endpoint",
"provider_config")
federation_entity = server.server_get(
"endpoint_context").federation_entity
federation_entity.collector = DummyCollector(httpd=Publisher(ROOT_DIR),
trusted_roots=ANCHOR,
root_dir=ROOT_DIR)
def create_endpoint(self):
# First the RP
entity = FederationRP(config=RP_CONFIG)
_fe = entity.client_get("service_context").federation_entity
# The test data collector
_fe.collector = DummyCollector(trusted_roots=ANCHOR,
httpd=HTTPC,
root_dir=os.path.join(
BASE_PATH, 'base_data'))
# The RP has/supports 3 services
self.service = {
'discovery': FedProviderInfoDiscovery(entity.client_get),
'registration': Registration(entity.client_get),
'authorization': FedAuthorization(entity.client_get),
}
# and now for the OP
server = FederationServer(OP_CONF, httpc=HTTPC)
self.registration_endpoint = server.server_get("endpoint",
"registration")
self.authorization_endpoint = server.server_get(
"endpoint", "authorization")
self.provider_endpoint = server.server_get("endpoint",
"provider_config")
# === Federation stuff =======
federation_entity = server.server_get(
"endpoint_context").federation_entity
federation_entity.collector = DummyCollector(httpd=Publisher(ROOT_DIR),
trusted_roots=ANCHOR,
root_dir=ROOT_DIR)
def create_endpoint(self):
# First the RP
service_context = ServiceContext(
config={
'behaviour': {
'federation_types_supported': ['explicit']
},
'issuer': "https://op.ntnu.no",
'keys': {
'key_defs': KEYSPEC
}
})
# the federation part of the RP
self.rp_federation_entity = FederationEntity(
entity_id=ENTITY_ID,
trusted_roots=ANCHOR,
authority_hints=['https://ntnu.no'],
entity_type='openid_relying_party',
opponent_entity_type='openid_provider')
self.rp_federation_entity.collector = DummyCollector(
trusted_roots=ANCHOR, root_dir=ROOT_DIR)
self.rp_federation_entity.keyjar.import_jwks(read_info(
os.path.join(ROOT_DIR, 'foodle.uninett.no'), 'foodle.uninett.no',
'jwks'),
issuer_id=ENTITY_ID)
# add the federation part to the service context
service_context.federation_entity = self.rp_federation_entity
# The RP has/supports 3 services
self.service = {
'discovery': FedProviderInfoDiscovery(service_context),
'registration': Registration(service_context),
'authorization': FedAuthorization(service_context),
}
# and now for the OP
op_entity_id = "https://op.ntnu.no"
conf = {
"issuer": op_entity_id,
"password": "******",
"token_expires_in": 600,
"grant_expires_in": 300,
"refresh_token_expires_in": 86400,
"verify_ssl": False,
"endpoint": {
'provider_info': {
'path': '.well-known/openid-federation',
'class': provider_config.ProviderConfiguration,
'kwargs': {
'client_authn_method': None
}
},
'registration': {
'path': 'fed_registration',
'class': registration.Registration,
'kwargs': {
'client_authn_method': None
}
},
'authorization': {
'path': 'authorization',
'class': authorization.Authorization,
'kwargs': {
"response_modes_supported":
['query', 'fragment', 'form_post'],
"claims_parameter_supported":
True,
"request_parameter_supported":
True,
"request_uri_parameter_supported":
True,
"client_authn_method": ['request_param']
}
}
},
"keys": {
"private_path": "own/jwks.json",
"uri_path": "static/jwks.json",
"key_defs": KEYSPEC
},
"authentication": {
"anon": {
'acr': UNSPECIFIED,
"class": NoAuthn,
"kwargs": {
"user": "******"
}
}
},
'template_dir': 'template'
}
endpoint_context = EndpointContext(conf)
self.registration_endpoint = endpoint_context.endpoint["registration"]
self.authorization_endpoint = endpoint_context.endpoint[
"authorization"]
self.provider_endpoint = endpoint_context.endpoint["provider_config"]
# === Federation stuff =======
federation_entity = FederationEntity(
op_entity_id,
trusted_roots=ANCHOR,
authority_hints=['https://ntnu.no'],
entity_type='openid_relying_party',
httpd=Publisher(ROOT_DIR),
opponent_entity_type='openid_relying_party')
federation_entity.keyjar.import_jwks(read_info(
os.path.join(ROOT_DIR, 'op.ntnu.no'), 'op.ntnu.no', 'jwks'),
issuer_id=op_entity_id)
federation_entity.collector = DummyCollector(httpd=Publisher(ROOT_DIR),
trusted_roots=ANCHOR,
root_dir=ROOT_DIR)
self.registration_endpoint.endpoint_context.federation_entity = federation_entity
def create_setup(self):
# First the RP
service_context = ServiceContext(
config={
'behaviour': {
'federation_types_supported': ['automatic']
},
'issuer': "https://op.ntnu.no",
'keys': {
'key_defs': KEYSPEC
}
})
self.rp_federation_entity = FederationEntity(
entity_id=RP_ENTITY_ID,
trusted_roots=ANCHOR,
authority_hints=['https://ntnu.no'],
entity_type='openid_relying_party',
opponent_entity_type='openid_provider')
self.rp_federation_entity.keyjar.import_jwks(read_info(
os.path.join(ROOT_DIR, 'foodle.uninett.no'), 'foodle.uninett.no',
'jwks'),
issuer_id=RP_ENTITY_ID)
self.rp_federation_entity.collector = DummyCollector(
trusted_roots=ANCHOR, root_dir=ROOT_DIR)
# add the federation part to the service context
service_context.federation_entity = self.rp_federation_entity
# The RP has/supports 2 services
self.service = {
'discovery': FedProviderInfoDiscovery(service_context),
'registration': RPRegistration(service_context),
'authorization': FedAuthorization(service_context),
}
# and now for the OP
op_entity_id = "https://op.ntnu.no"
conf = {
"issuer": op_entity_id,
"password": "******",
"token_handler_args": {
"jwks_def": {
"private_path":
"private/token_jwks.json",
"read_only":
False,
"key_defs": [
{
"type": "oct",
"bytes": 24,
"use": ["enc"],
"kid": "code"
},
{
"type": "oct",
"bytes": 24,
"use": ["enc"],
"kid": "refresh"
},
],
},
"code": {
"lifetime": 600
},
"token": {
"class": "oidcendpoint.jwt_token.JWTToken",
"kwargs": {
"lifetime":
3600,
"add_claims": [
"email",
"email_verified",
"phone_number",
"phone_number_verified",
],
"add_claim_by_scope":
True,
"aud": ["https://example.org/appl"]
},
},
"refresh": {
"lifetime": 86400
},
},
"verify_ssl": False,
"capabilities": CAPABILITIES,
"keys": {
"uri_path": "static/jwks.json",
"key_defs": KEYSPEC
},
"id_token": {
"class": IDToken,
"kwargs": {
"default_claims": {
"email": {
"essential": True
},
"email_verified": {
"essential": True
},
}
},
},
"endpoint": {
"provider_config": {
"path": ".well-known/openid-configuration",
"class": ProviderConfiguration,
"kwargs": {},
},
"registration": {
"path": "registration",
"class": OPRegistration,
"kwargs": {},
},
"authorization": {
"path": "authorization",
"class": Authorization,
"kwargs": {
"response_types_supported":
[" ".join(x) for x in RESPONSE_TYPES_SUPPORTED],
"response_modes_supported":
["query", "fragment", "form_post"],
"claims_parameter_supported":
True,
"request_parameter_supported":
True,
"request_uri_parameter_supported":
True,
},
},
"pushed_authorization": {
"path": "pushed_authorization",
"class": PushedAuthorization,
"kwargs": {
"client_authn_method": [
"client_secret_post",
"client_secret_basic",
"client_secret_jwt",
"private_key_jwt",
]
},
},
},
"authentication": {
"anon": {
"acr": "http://www.swamid.se/policy/assurance/al1",
"class": "oidcendpoint.user_authn.user.NoAuthn",
"kwargs": {
"user": "******"
},
}
},
"template_dir": "template",
"cookie_dealer": {
"class": CookieDealer,
"kwargs": {
"sign_key":
"ghsNKDDLshZTPn974nOsIGhedULrsqnsGoBFBLwUKuJhE2ch",
"default_values": {
"name": "oidcop",
"domain": "127.0.0.1",
"path": "/",
"max_age": 3600,
},
},
},
'add_on': {
"automatic_registration": {
"function":
"fedservice.op.add_on.automatic_registration.add_support",
"kwargs": {
"new_id": False, # default False
"where": ["pushed_authorization"]
}
}
}
}
endpoint_context = EndpointContext(conf)
_clients = yaml.safe_load(io.StringIO(client_yaml))
# endpoint_context.cdb = _clients["oidc_clients"]
endpoint_context.keyjar.import_jwks(
endpoint_context.keyjar.export_jwks(True, ""), conf["issuer"])
self.pushed_authorization_endpoint = endpoint_context.endpoint[
"pushed_authorization"]
self.authorization_endpoint = endpoint_context.endpoint[
"authorization"]
self.registration_endpoint = endpoint_context.endpoint["registration"]
federation_entity = FederationEntity(
op_entity_id,
trusted_roots=ANCHOR,
authority_hints=['https://ntnu.no'],
entity_type='openid_relying_party',
httpd=Publisher(ROOT_DIR),
opponent_entity_type='openid_relying_party')
federation_entity.keyjar.import_jwks(read_info(
os.path.join(ROOT_DIR, 'op.ntnu.no'), 'op.ntnu.no', 'jwks'),
issuer_id=op_entity_id)
federation_entity.collector = DummyCollector(httpd=Publisher(ROOT_DIR),
trusted_roots=ANCHOR,
root_dir=ROOT_DIR)
self.authorization_endpoint.endpoint_context.federation_entity = federation_entity
def create_endpoint(self):
# First the RP
entity = Entity(
config={
'behaviour': {
'federation_types_supported': ['explicit']
},
'issuer': "https://op.ntnu.no",
'keys': {
'key_defs': KEYSPEC
},
"httpc_param": {
'verify': False,
"timeout": 2
},
})
# the federation part of the RP
self.rp_federation_entity = FederationEntity(
entity_id=ENTITY_ID,
trusted_roots=ANCHOR,
authority_hints=['https://ntnu.no'],
entity_type='openid_relying_party',
opponent_entity_type='openid_provider')
self.rp_federation_entity.collector = DummyCollector(
trusted_roots=ANCHOR, root_dir=ROOT_DIR)
self.rp_federation_entity.keyjar.import_jwks(read_info(
os.path.join(ROOT_DIR, 'foodle.uninett.no'), 'foodle.uninett.no',
'jwks'),
issuer_id=ENTITY_ID)
# add the federation part to the service context
entity.client_get(
"service_context").federation_entity = self.rp_federation_entity
# The RP has/supports 3 services
self.service = {
'discovery':
FedProviderInfoDiscovery(entity.client_get),
'registration':
Registration(entity.client_get),
'authorization':
FedAuthorization(entity.client_get,
conf={"request_object_expires_in": 300}),
}
# and now for the OP
op_entity_id = "https://op.ntnu.no"
conf = {
"issuer": op_entity_id,
"httpc_param": {
'verify': False,
"timeout": 2
},
"password": "******",
"token_expires_in": 600,
"grant_expires_in": 300,
"refresh_token_expires_in": 86400,
"verify_ssl": False,
"cookie_handler": {
"class": CookieHandler,
"kwargs": {
"keys": {
"key_defs": COOKIE_KEYDEFS
},
"name": {
"session": "oidc_op",
"register": "oidc_op_reg",
"session_management": "oidc_op_sman"
}
},
},
"endpoint": {
'provider_info': {
'path': '.well-known/openid-federation',
'class': provider_config.ProviderConfiguration,
'kwargs': {
'client_authn_method': None
}
},
'registration': {
'path': 'fed_registration',
'class': registration.Registration,
'kwargs': {
'client_authn_method': None
}
},
'authorization': {
'path': 'authorization',
'class': authorization.Authorization,
'kwargs': {
"response_modes_supported":
['query', 'fragment', 'form_post'],
"claims_parameter_supported":
True,
"request_parameter_supported":
True,
"request_uri_parameter_supported":
True,
"client_authn_method": ['request_param']
}
}
},
"keys": {
"private_path": "own/jwks.json",
"uri_path": "static/jwks.json",
"key_defs": KEYSPEC
},
"authentication": {
"anon": {
'acr': UNSPECIFIED,
"class": NoAuthn,
"kwargs": {
"user": "******"
}
}
},
'template_dir': 'template',
"claims_interface": {
"class": "oidcop.session.claims.ClaimsInterface",
"kwargs": {}
},
'add_on': {
"automatic_registration": {
"function":
"fedservice.op.add_on.automatic_registration.add_support",
"kwargs": {
"new_id": False, # default False
'client_registration_authn_methods_supported': {
"ar": ['request_object']
},
'where': ['authorization']
}
}
}
}
server = Server(conf)
self.registration_endpoint = server.server_get("endpoint",
"registration")
self.authorization_endpoint = server.server_get(
"endpoint", "authorization")
self.provider_endpoint = server.server_get("endpoint",
"provider_config")
# === Federation stuff =======
federation_entity = FederationEntity(
op_entity_id,
trusted_roots=ANCHOR,
authority_hints=['https://ntnu.no'],
entity_type='openid_relying_party',
httpd=Publisher(ROOT_DIR),
opponent_entity_type='openid_relying_party')
federation_entity.keyjar.import_jwks(read_info(
os.path.join(ROOT_DIR, 'op.ntnu.no'), 'op.ntnu.no', 'jwks'),
issuer_id=op_entity_id)
federation_entity.collector = DummyCollector(httpd=Publisher(ROOT_DIR),
trusted_roots=ANCHOR,
root_dir=ROOT_DIR)
self.registration_endpoint.server_get(
"endpoint_context").federation_entity = federation_entity