def allowed_attributes(self):
if 'allowed_attributes' in self._properties:
attr_map = pconfig.ComplexList('temp', 'temp', None)
attr_map.import_value(str(self._properties['allowed_attributes']))
return attr_map.get_value()
else:
return None
def allowed_attributes(self, attr_map):
if isinstance(attr_map, pconfig.ComplexList):
value = attr_map.export_value()
else:
temp = pconfig.ComplexList('temp', 'temp', None)
temp.set_value(attr_map)
value = temp.export_value()
self._staging['allowed_attributes'] = value
def __init__(self, *pargs):
super(IdpProvider, self).__init__('openidc', 'OpenID Connect',
'openidc', *pargs)
self.mapping = InfoMapping()
self.keyset = None
self.admin = None
self.page = None
self.datastore = None
self.server = None
self.basepath = None
self.extensions = LoadExtensions()
self.description = """
Provides OpenID Connect authentication infrastructure. """
self.new_config(
self.name,
pconfig.String('database url',
'Database URL for OpenID Connect storage',
'openidc.sqlite'),
pconfig.String(
'static database url',
'Database URL for OpenID Connect static client configuration',
'openidc.static.sqlite'),
pconfig.Choice('enabled extensions',
'Choose the extensions to enable',
self.extensions.available().keys()),
pconfig.String('endpoint url',
'The Absolute URL of the OpenID Connect provider',
'http://localhost:8080/openidc/'),
pconfig.String(
'documentation url',
'The Absolute URL of the OpenID Connect documentation',
'https://ipsilonproject.org/doc/openidc/'),
pconfig.String('policy url',
'The Absolute URL of the OpenID Connect policy',
'http://www.example.com/'),
pconfig.String(
'tos url',
'The Absolute URL of the OpenID Connect terms of service',
'http://www.example.com/'),
pconfig.String('idp key file',
'The file where the OpenIDC keyset is stored.',
'openidc.key'),
pconfig.String('idp sig key id', 'The key to use for signing.',
''),
pconfig.String('idp subject salt',
'The salt used for pairwise subjects.', None),
pconfig.Condition(
'allow dynamic client registration',
'Allow Dynamic Client registrations for Relying Parties',
True),
pconfig.MappingList('default attribute mapping',
'Defines how to map attributes', [['*', '*']]),
pconfig.ComplexList(
'default allowed attributes',
'Defines a list of allowed attributes, applied after mapping',
['*']),
)
def load_config(self):
self.new_config(
self.provider_id,
pconfig.String(
'Name',
'A nickname used to easily identify the Service Provider.'
' Only alphanumeric characters [A-Z,a-z,0-9] and spaces are'
' accepted.', self.name),
pconfig.String('Metadata',
"Service Provider's metadata",
self.metadata,
multiline=True),
pconfig.String('Description',
'A description of the SP to show on the Portal.',
self.description),
pconfig.String('Service Provider link',
'A link to the Service Provider for the Portal.',
self.splink),
pconfig.Condition('Visible in Portal',
'This SP is visible in the Portal.',
self.visible),
pconfig.Image(
'Image File',
'Image to display for this SP in the Portal. Scale to '
'100x200 for best results.', self.imagefile),
pconfig.Pick('Default NameID',
'Default NameID used by Service Providers.',
SAML2_NAMEID_MAP.keys(), self.default_nameid),
pconfig.Choice('Allowed NameIDs',
'Allowed NameIDs for this Service Provider.',
SAML2_NAMEID_MAP.keys(), self.allowed_nameids),
pconfig.String('User Owner',
'The user that owns this Service Provider',
self.owner),
pconfig.MappingList(
'Attribute Mapping',
'Defines how to map attributes before returning them to'
' the SP. Setting this overrides the global values.',
self.attribute_mappings),
pconfig.ComplexList(
'Allowed Attributes',
'Defines a list of allowed attributes, applied after mapping.'
' Setting this overrides the global values.',
self.allowed_attributes),
)
def __init__(self, *pargs):
super(IdpProvider, self).__init__('openid', 'OpenID', 'openid', *pargs)
self.mapping = InfoMapping()
self.page = None
self.datastore = None
self.server = None
self.basepath = None
self.extensions = LoadExtensions()
self.description = """
Provides OpenID 2.0 authentication infrastructure. """
self.new_config(
self.name,
pconfig.String('database url',
'Database URL for OpenID temp storage',
'openid.sqlite'),
pconfig.String(
'default email domain',
'Used for users missing the email property.' +
' (Leave empty to disable)', ''),
pconfig.String('endpoint url',
'The Absolute URL of the OpenID provider',
'http://localhost:8080/openid/'),
pconfig.Template(
'identity url template',
'The templated URL where identities are exposed.',
'http://localhost:8080/openid/id/%(username)s'),
pconfig.List('trusted roots', 'List of trusted relying parties.'),
pconfig.List('untrusted roots',
'List of untrusted relying parties.'),
pconfig.Choice('enabled extensions',
'Choose the extensions to enable',
self.extensions.available().keys()),
pconfig.MappingList(
'default attribute mapping',
'Defines how to map attributes before calling extensions',
[['*', '*']]),
pconfig.ComplexList(
'default allowed attributes',
'Defines a list of allowed attributes, applied after mapping',
['*']),
)
def __init__(self, *pargs):
super(IdpProvider, self).__init__('saml2', 'SAML 2.0', 'saml2', *pargs)
self.admin = None
self.rest = None
self.page = None
self.idp = None
self.sessionfactory = None
self.description = """
Provides SAML 2.0 authentication infrastructure. """
self.new_config(
self.name,
pconfig.String('idp storage path',
'Path to data storage accessible by the IdP.',
'/var/lib/ipsilon/saml2'),
pconfig.String('idp metadata file',
'The IdP Metadata file generated at install time.',
'metadata.xml'),
pconfig.String(
'idp metadata validity',
'The IdP Metadata validity period (in days) to use when '
'generating new metadata.', METADATA_DEFAULT_VALIDITY_PERIOD),
pconfig.String(
'idp certificate file',
'The IdP PEM Certificate generated at install time.',
'certificate.pem'),
pconfig.String(
'idp key file',
'The IdP Certificate Key generated at install time.',
'certificate.key'),
pconfig.String('idp nameid salt',
'The salt used for persistent Name IDs.', None),
pconfig.Condition(
'allow self registration',
'Allow authenticated users to register applications.', True),
pconfig.Choice('default allowed nameids',
'Default Allowed NameIDs for Service Providers.',
metadata.SAML2_NAMEID_MAP.keys(), [
'unspecified', 'persistent', 'transient',
'email', 'kerberos', 'x509'
]),
pconfig.Pick('default nameid',
'Default NameID used by Service Providers.',
metadata.SAML2_NAMEID_MAP.keys(), 'unspecified'),
pconfig.String('default email domain',
'Used for users missing the email property.',
'example.com'),
pconfig.MappingList(
'default attribute mapping',
'Defines how to map attributes before returning them to SPs',
[['*', '*']]),
pconfig.ComplexList(
'default allowed attributes',
'Defines a list of allowed attributes, applied after mapping',
['*']),
pconfig.String('session database url',
'Database URL for SAML2 sessions',
'saml2.sessions.db.sqlite'),
)
if cherrypy.config.get('debug', False):
import logging
import sys
logger = logging.getLogger('lasso')
lh = logging.StreamHandler(sys.stderr)
logger.addHandler(lh)
logger.setLevel(logging.DEBUG)