def create_endpoint(self): # First the RP _config = copy.deepcopy(RP_CONFIG) _config['behaviour'] = {'federation_types_supported': ['explicit']} entity = FederationRP(config=_config) self.rp_federation_entity = entity.client_get( "service_context").federation_entity # The test data collector self.rp_federation_entity.collector = DummyCollector( trusted_roots=ANCHOR, httpd=HTTPC, root_dir=os.path.join(BASE_PATH, 'base_data')) # The RP has/supports 3 services self.service = { 'discovery': FedProviderInfoDiscovery(entity.client_get), 'registration': Registration(entity.client_get), 'authorization': FedAuthorization(entity.client_get, conf={"request_object_expires_in": 300}), } # and now for the OP _config = copy.copy(OP_CONF) _config['add_on'] = { "automatic_registration": { "function": "fedservice.op.add_on.automatic_registration.add_support", "kwargs": { "new_id": False, # default False 'client_registration_authn_methods_supported': { "ar": ['request_object'] }, 'where': ['authorization'] } } } server = FederationServer(_config) self.registration_endpoint = server.server_get("endpoint", "registration") self.authorization_endpoint = server.server_get( "endpoint", "authorization") self.provider_endpoint = server.server_get("endpoint", "provider_config") federation_entity = server.server_get( "endpoint_context").federation_entity federation_entity.collector = DummyCollector(httpd=Publisher(ROOT_DIR), trusted_roots=ANCHOR, root_dir=ROOT_DIR)
def create_endpoint(self): # First the RP _config = copy.deepcopy(RP_CONFIG) _config['behaviour'] = {'federation_types_supported': ['explicit']} entity = FederationRP(config=_config) self.rp_federation_entity = entity.client_get( "service_context").federation_entity # The test data collector self.rp_federation_entity.collector = DummyCollector( trusted_roots=ANCHOR, httpd=HTTPC, root_dir=os.path.join(BASE_PATH, 'base_data')) entity._service = { 'discovery': FedProviderInfoDiscovery(entity.client_get), 'registration': Registration(entity.client_get), 'authorization': FedAuthorization(entity.client_get, conf={"request_object_expires_in": 300}), } self.rp = entity # and now for the OP _config = copy.copy(OP_CONF) server = FederationServer(_config) self.registration_endpoint = server.server_get("endpoint", "registration") self.authorization_endpoint = server.server_get( "endpoint", "authorization") self.provider_endpoint = server.server_get("endpoint", "provider_config") federation_entity = server.server_get( "endpoint_context").federation_entity federation_entity.collector = DummyCollector(httpd=Publisher(ROOT_DIR), trusted_roots=ANCHOR, root_dir=ROOT_DIR)
def create_endpoint(self): # First the RP entity = FederationRP(config=RP_CONFIG) _fe = entity.client_get("service_context").federation_entity # The test data collector _fe.collector = DummyCollector(trusted_roots=ANCHOR, httpd=HTTPC, root_dir=os.path.join( BASE_PATH, 'base_data')) # The RP has/supports 3 services self.service = { 'discovery': FedProviderInfoDiscovery(entity.client_get), 'registration': Registration(entity.client_get), 'authorization': FedAuthorization(entity.client_get), } # and now for the OP server = FederationServer(OP_CONF, httpc=HTTPC) self.registration_endpoint = server.server_get("endpoint", "registration") self.authorization_endpoint = server.server_get( "endpoint", "authorization") self.provider_endpoint = server.server_get("endpoint", "provider_config") # === Federation stuff ======= federation_entity = server.server_get( "endpoint_context").federation_entity federation_entity.collector = DummyCollector(httpd=Publisher(ROOT_DIR), trusted_roots=ANCHOR, root_dir=ROOT_DIR)
def create_endpoint(self): # First the RP service_context = ServiceContext( config={ 'behaviour': { 'federation_types_supported': ['explicit'] }, 'issuer': "https://op.ntnu.no", 'keys': { 'key_defs': KEYSPEC } }) # the federation part of the RP self.rp_federation_entity = FederationEntity( entity_id=ENTITY_ID, trusted_roots=ANCHOR, authority_hints=['https://ntnu.no'], entity_type='openid_relying_party', opponent_entity_type='openid_provider') self.rp_federation_entity.collector = DummyCollector( trusted_roots=ANCHOR, root_dir=ROOT_DIR) self.rp_federation_entity.keyjar.import_jwks(read_info( os.path.join(ROOT_DIR, 'foodle.uninett.no'), 'foodle.uninett.no', 'jwks'), issuer_id=ENTITY_ID) # add the federation part to the service context service_context.federation_entity = self.rp_federation_entity # The RP has/supports 3 services self.service = { 'discovery': FedProviderInfoDiscovery(service_context), 'registration': Registration(service_context), 'authorization': FedAuthorization(service_context), } # and now for the OP op_entity_id = "https://op.ntnu.no" conf = { "issuer": op_entity_id, "password": "******", "token_expires_in": 600, "grant_expires_in": 300, "refresh_token_expires_in": 86400, "verify_ssl": False, "endpoint": { 'provider_info': { 'path': '.well-known/openid-federation', 'class': provider_config.ProviderConfiguration, 'kwargs': { 'client_authn_method': None } }, 'registration': { 'path': 'fed_registration', 'class': registration.Registration, 'kwargs': { 'client_authn_method': None } }, 'authorization': { 'path': 'authorization', 'class': authorization.Authorization, 'kwargs': { "response_modes_supported": ['query', 'fragment', 'form_post'], "claims_parameter_supported": True, "request_parameter_supported": True, "request_uri_parameter_supported": True, "client_authn_method": ['request_param'] } } }, "keys": { "private_path": "own/jwks.json", "uri_path": "static/jwks.json", "key_defs": KEYSPEC }, "authentication": { "anon": { 'acr': UNSPECIFIED, "class": NoAuthn, "kwargs": { "user": "******" } } }, 'template_dir': 'template' } endpoint_context = EndpointContext(conf) self.registration_endpoint = endpoint_context.endpoint["registration"] self.authorization_endpoint = endpoint_context.endpoint[ "authorization"] self.provider_endpoint = endpoint_context.endpoint["provider_config"] # === Federation stuff ======= federation_entity = FederationEntity( op_entity_id, trusted_roots=ANCHOR, authority_hints=['https://ntnu.no'], entity_type='openid_relying_party', httpd=Publisher(ROOT_DIR), opponent_entity_type='openid_relying_party') federation_entity.keyjar.import_jwks(read_info( os.path.join(ROOT_DIR, 'op.ntnu.no'), 'op.ntnu.no', 'jwks'), issuer_id=op_entity_id) federation_entity.collector = DummyCollector(httpd=Publisher(ROOT_DIR), trusted_roots=ANCHOR, root_dir=ROOT_DIR) self.registration_endpoint.endpoint_context.federation_entity = federation_entity
def create_setup(self): # First the RP service_context = ServiceContext( config={ 'behaviour': { 'federation_types_supported': ['automatic'] }, 'issuer': "https://op.ntnu.no", 'keys': { 'key_defs': KEYSPEC } }) self.rp_federation_entity = FederationEntity( entity_id=RP_ENTITY_ID, trusted_roots=ANCHOR, authority_hints=['https://ntnu.no'], entity_type='openid_relying_party', opponent_entity_type='openid_provider') self.rp_federation_entity.keyjar.import_jwks(read_info( os.path.join(ROOT_DIR, 'foodle.uninett.no'), 'foodle.uninett.no', 'jwks'), issuer_id=RP_ENTITY_ID) self.rp_federation_entity.collector = DummyCollector( trusted_roots=ANCHOR, root_dir=ROOT_DIR) # add the federation part to the service context service_context.federation_entity = self.rp_federation_entity # The RP has/supports 2 services self.service = { 'discovery': FedProviderInfoDiscovery(service_context), 'registration': RPRegistration(service_context), 'authorization': FedAuthorization(service_context), } # and now for the OP op_entity_id = "https://op.ntnu.no" conf = { "issuer": op_entity_id, "password": "******", "token_handler_args": { "jwks_def": { "private_path": "private/token_jwks.json", "read_only": False, "key_defs": [ { "type": "oct", "bytes": 24, "use": ["enc"], "kid": "code" }, { "type": "oct", "bytes": 24, "use": ["enc"], "kid": "refresh" }, ], }, "code": { "lifetime": 600 }, "token": { "class": "oidcendpoint.jwt_token.JWTToken", "kwargs": { "lifetime": 3600, "add_claims": [ "email", "email_verified", "phone_number", "phone_number_verified", ], "add_claim_by_scope": True, "aud": ["https://example.org/appl"] }, }, "refresh": { "lifetime": 86400 }, }, "verify_ssl": False, "capabilities": CAPABILITIES, "keys": { "uri_path": "static/jwks.json", "key_defs": KEYSPEC }, "id_token": { "class": IDToken, "kwargs": { "default_claims": { "email": { "essential": True }, "email_verified": { "essential": True }, } }, }, "endpoint": { "provider_config": { "path": ".well-known/openid-configuration", "class": ProviderConfiguration, "kwargs": {}, }, "registration": { "path": "registration", "class": OPRegistration, "kwargs": {}, }, "authorization": { "path": "authorization", "class": Authorization, "kwargs": { "response_types_supported": [" ".join(x) for x in RESPONSE_TYPES_SUPPORTED], "response_modes_supported": ["query", "fragment", "form_post"], "claims_parameter_supported": True, "request_parameter_supported": True, "request_uri_parameter_supported": True, }, }, "pushed_authorization": { "path": "pushed_authorization", "class": PushedAuthorization, "kwargs": { "client_authn_method": [ "client_secret_post", "client_secret_basic", "client_secret_jwt", "private_key_jwt", ] }, }, }, "authentication": { "anon": { "acr": "http://www.swamid.se/policy/assurance/al1", "class": "oidcendpoint.user_authn.user.NoAuthn", "kwargs": { "user": "******" }, } }, "template_dir": "template", "cookie_dealer": { "class": CookieDealer, "kwargs": { "sign_key": "ghsNKDDLshZTPn974nOsIGhedULrsqnsGoBFBLwUKuJhE2ch", "default_values": { "name": "oidcop", "domain": "127.0.0.1", "path": "/", "max_age": 3600, }, }, }, 'add_on': { "automatic_registration": { "function": "fedservice.op.add_on.automatic_registration.add_support", "kwargs": { "new_id": False, # default False "where": ["pushed_authorization"] } } } } endpoint_context = EndpointContext(conf) _clients = yaml.safe_load(io.StringIO(client_yaml)) # endpoint_context.cdb = _clients["oidc_clients"] endpoint_context.keyjar.import_jwks( endpoint_context.keyjar.export_jwks(True, ""), conf["issuer"]) self.pushed_authorization_endpoint = endpoint_context.endpoint[ "pushed_authorization"] self.authorization_endpoint = endpoint_context.endpoint[ "authorization"] self.registration_endpoint = endpoint_context.endpoint["registration"] federation_entity = FederationEntity( op_entity_id, trusted_roots=ANCHOR, authority_hints=['https://ntnu.no'], entity_type='openid_relying_party', httpd=Publisher(ROOT_DIR), opponent_entity_type='openid_relying_party') federation_entity.keyjar.import_jwks(read_info( os.path.join(ROOT_DIR, 'op.ntnu.no'), 'op.ntnu.no', 'jwks'), issuer_id=op_entity_id) federation_entity.collector = DummyCollector(httpd=Publisher(ROOT_DIR), trusted_roots=ANCHOR, root_dir=ROOT_DIR) self.authorization_endpoint.endpoint_context.federation_entity = federation_entity
def create_endpoint(self): # First the RP entity = Entity( config={ 'behaviour': { 'federation_types_supported': ['explicit'] }, 'issuer': "https://op.ntnu.no", 'keys': { 'key_defs': KEYSPEC }, "httpc_param": { 'verify': False, "timeout": 2 }, }) # the federation part of the RP self.rp_federation_entity = FederationEntity( entity_id=ENTITY_ID, trusted_roots=ANCHOR, authority_hints=['https://ntnu.no'], entity_type='openid_relying_party', opponent_entity_type='openid_provider') self.rp_federation_entity.collector = DummyCollector( trusted_roots=ANCHOR, root_dir=ROOT_DIR) self.rp_federation_entity.keyjar.import_jwks(read_info( os.path.join(ROOT_DIR, 'foodle.uninett.no'), 'foodle.uninett.no', 'jwks'), issuer_id=ENTITY_ID) # add the federation part to the service context entity.client_get( "service_context").federation_entity = self.rp_federation_entity # The RP has/supports 3 services self.service = { 'discovery': FedProviderInfoDiscovery(entity.client_get), 'registration': Registration(entity.client_get), 'authorization': FedAuthorization(entity.client_get, conf={"request_object_expires_in": 300}), } # and now for the OP op_entity_id = "https://op.ntnu.no" conf = { "issuer": op_entity_id, "httpc_param": { 'verify': False, "timeout": 2 }, "password": "******", "token_expires_in": 600, "grant_expires_in": 300, "refresh_token_expires_in": 86400, "verify_ssl": False, "cookie_handler": { "class": CookieHandler, "kwargs": { "keys": { "key_defs": COOKIE_KEYDEFS }, "name": { "session": "oidc_op", "register": "oidc_op_reg", "session_management": "oidc_op_sman" } }, }, "endpoint": { 'provider_info': { 'path': '.well-known/openid-federation', 'class': provider_config.ProviderConfiguration, 'kwargs': { 'client_authn_method': None } }, 'registration': { 'path': 'fed_registration', 'class': registration.Registration, 'kwargs': { 'client_authn_method': None } }, 'authorization': { 'path': 'authorization', 'class': authorization.Authorization, 'kwargs': { "response_modes_supported": ['query', 'fragment', 'form_post'], "claims_parameter_supported": True, "request_parameter_supported": True, "request_uri_parameter_supported": True, "client_authn_method": ['request_param'] } } }, "keys": { "private_path": "own/jwks.json", "uri_path": "static/jwks.json", "key_defs": KEYSPEC }, "authentication": { "anon": { 'acr': UNSPECIFIED, "class": NoAuthn, "kwargs": { "user": "******" } } }, 'template_dir': 'template', "claims_interface": { "class": "oidcop.session.claims.ClaimsInterface", "kwargs": {} }, 'add_on': { "automatic_registration": { "function": "fedservice.op.add_on.automatic_registration.add_support", "kwargs": { "new_id": False, # default False 'client_registration_authn_methods_supported': { "ar": ['request_object'] }, 'where': ['authorization'] } } } } server = Server(conf) self.registration_endpoint = server.server_get("endpoint", "registration") self.authorization_endpoint = server.server_get( "endpoint", "authorization") self.provider_endpoint = server.server_get("endpoint", "provider_config") # === Federation stuff ======= federation_entity = FederationEntity( op_entity_id, trusted_roots=ANCHOR, authority_hints=['https://ntnu.no'], entity_type='openid_relying_party', httpd=Publisher(ROOT_DIR), opponent_entity_type='openid_relying_party') federation_entity.keyjar.import_jwks(read_info( os.path.join(ROOT_DIR, 'op.ntnu.no'), 'op.ntnu.no', 'jwks'), issuer_id=op_entity_id) federation_entity.collector = DummyCollector(httpd=Publisher(ROOT_DIR), trusted_roots=ANCHOR, root_dir=ROOT_DIR) self.registration_endpoint.server_get( "endpoint_context").federation_entity = federation_entity