def outgoing(response, instance):
"""
An authentication response has been received and now an authentication
response from this server should be constructed.
:param response: The Authentication response
:param instance: SP instance that received the authentication response
:return: response
"""
_idp = SamlIDP(instance.environ, instance.start_response,
CONFIG["SP"], CACHE, outgoing)
_state = instance.sp.state[response.in_response_to]
orig_authn_req, relay_state = instance.sp.state[_state]
# The Subject NameID
subject = response.get_subject()
# Diverse arguments needed to construct the response
resp_args = _idp.idp.response_args(orig_authn_req)
# Slightly awkward, should be done better
_authn_info = response.authn_info()[0]
_authn = {"class_ref": _authn_info[0], "authn_auth": _authn_info[1][0]}
# This is where any possible modification of the assertion is made
# Will signed the response by default
resp = _idp.construct_authn_response(
response.ava, name_id=subject, authn=_authn,
resp_args=resp_args, relay_state=relay_state, sign_response=True)
return resp
def outgoing(response, instance):
"""
An authentication response has been received and now an authentication
response from this server should be constructed.
:param response: The Authentication response
:param instance: SP instance that received the authentication response
:return: response
"""
_idp = SamlIDP(instance.environ, instance.start_response, CONFIG["SP"],
CACHE, outgoing)
_state = instance.sp.state[response.in_response_to]
orig_authn_req, relay_state = instance.sp.state[_state]
# The Subject NameID
subject = response.get_subject()
# Diverse arguments needed to construct the response
resp_args = _idp.idp.response_args(orig_authn_req)
# Slightly awkward, should be done better
_authn_info = response.authn_info()[0]
_authn = {"class_ref": _authn_info[0], "authn_auth": _authn_info[1][0]}
# This is where any possible modification of the assertion is made
# Will signed the response by default
resp = _idp.construct_authn_response(response.ava,
name_id=subject,
authn=_authn,
resp_args=resp_args,
relay_state=relay_state,
sign_response=True)
return resp
def run(spec, environ, start_response):
"""
Picks entity and method to run by that entity.
:param spec: a tuple (entity_type, response_type, binding)
:param environ: WSGI environ
:param start_response: WSGI start_response
:return:
"""
if isinstance(spec, tuple):
if spec[0] == "SP":
inst = SamlSP(environ, start_response, CONFIG["SP"], CACHE,
outgoing, **SP_ARGS)
else:
inst = SamlIDP(environ, start_response, CONFIG["IDP"], CACHE,
incomming)
func = getattr(inst, spec[1])
return func(*spec[2:])
else:
return spec()
CONFIG["SP"].metadata = mds
CONFIG["IDP"].metadata = mds
# If entityID is set it means this is a proxy in front of one IdP
if args.entityid:
EntityID = args.entityid
SP_ARGS = {}
else:
EntityID = None
SP_ARGS = {"discosrv": Config.DISCO_SRV}
CACHE = {}
sp = SamlSP(None, None, CONFIG["SP"], CACHE)
URLS.extend(sp.register_endpoints())
idp = SamlIDP(None, None, CONFIG["IDP"], CACHE, None)
URLS.extend(idp.register_endpoints())
# ============== Web server ===============
SRV = wsgiserver.CherryPyWSGIServer((Config.HOST, Config.PORT), application)
if Config.HTTPS:
SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(
Config.SERVER_CERT, Config.SERVER_KEY, Config.CERT_CHAIN)
LOGGER.info("Server starting")
if Config.HTTPS:
print "S2S listening on %s:%s using HTTPS" % (Config.HOST, Config.PORT)
else:
print "S2S listening on %s:%s" % (Config.HOST, Config.PORT)
CONFIG["SP"].metadata = mds
CONFIG["IDP"].metadata = mds
# If entityID is set it means this is a proxy in front of one IdP
if args.entityid:
EntityID = args.entityid
SP_ARGS = {}
else:
EntityID = None
SP_ARGS = {"discosrv": Config.DISCO_SRV}
CACHE = {}
sp = SamlSP(None, None, CONFIG["SP"], CACHE)
URLS.extend(sp.register_endpoints())
idp = SamlIDP(None, None, CONFIG["IDP"], CACHE, None)
URLS.extend(idp.register_endpoints())
# ============== Web server ===============
SRV = wsgiserver.CherryPyWSGIServer((Config.HOST, Config.PORT),
application)
if Config.HTTPS:
SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(
Config.SERVER_CERT, Config.SERVER_KEY, Config.CERT_CHAIN)
LOGGER.info("Server starting")
if Config.HTTPS:
print "S2S listening on %s:%s using HTTPS" % (Config.HOST, Config.PORT)
else:
