def configure(self, opts, changes): if opts['saml2'] != 'yes': return # Check storage path is present or create it path = os.path.join(opts['data_dir'], 'saml2') if not os.path.exists(path): os.makedirs(path, 0o700) # Use the same cert for signing and ecnryption for now cert = Certificate(path) cert.generate('idp', opts['hostname']) # Generate Idp Metadata proto = 'https' if opts['secure'].lower() == 'no': proto = 'http' url = '%s://%s%s' % (proto, opts['hostname'], opts['instanceurl']) validity = int(opts['saml2_metadata_validity']) meta = IdpMetadataGenerator(url, cert, timedelta(validity)) if 'gssapi' in opts and opts['gssapi'] == 'yes': meta.meta.add_allowed_name_format( lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS) meta.output(os.path.join(path, 'metadata.xml')) # Add configuration data to database po = PluginObject(*self.pargs) po.name = 'saml2' po.wipe_data() po.wipe_config_values() config = { 'idp storage path': path, 'idp metadata file': 'metadata.xml', 'idp certificate file': cert.cert, 'idp key file': cert.key, 'idp nameid salt': uuid.uuid4().hex, 'idp metadata validity': opts['saml2_metadata_validity'], 'session database url': opts['saml2_session_dburl'] or opts['database_url'] % { 'datadir': opts['data_dir'], 'dbname': 'saml2.sessions.db' } } po.save_plugin_config(config) # Update global config to add login plugin po.is_enabled = True po.save_enabled_state() # Fixup permissions so only the ipsilon user can read these files files.fix_user_dirs(path, opts['system_user'])
def configure(self, opts, changes): if opts['saml2'] != 'yes': return # Check storage path is present or create it path = os.path.join(opts['data_dir'], 'saml2') if not os.path.exists(path): os.makedirs(path, 0700) # Use the same cert for signing and ecnryption for now cert = Certificate(path) cert.generate('idp', opts['hostname']) # Generate Idp Metadata proto = 'https' if opts['secure'].lower() == 'no': proto = 'http' url = '%s://%s/%s' % (proto, opts['hostname'], opts['instance']) validity = int(opts['saml2_metadata_validity']) meta = IdpMetadataGenerator(url, cert, timedelta(validity)) if 'gssapi' in opts and opts['gssapi'] == 'yes': meta.meta.add_allowed_name_format( lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS) meta.output(os.path.join(path, 'metadata.xml')) # Add configuration data to database po = PluginObject(*self.pargs) po.name = 'saml2' po.wipe_data() po.wipe_config_values() config = {'idp storage path': path, 'idp metadata file': 'metadata.xml', 'idp certificate file': cert.cert, 'idp key file': cert.key, 'idp nameid salt': uuid.uuid4().hex, 'idp metadata validity': opts['saml2_metadata_validity'], 'session database url': opts['saml2_session_dburl'] or opts['database_url'] % { 'datadir': opts['data_dir'], 'dbname': 'saml2.sessions.db'}} po.save_plugin_config(config) # Update global config to add login plugin po.is_enabled = True po.save_enabled_state() # Fixup permissions so only the ipsilon user can read these files files.fix_user_dirs(path, opts['system_user'])
def configure(self, opts, changes): if opts['persona'] != 'yes': return # Check storage path is present or create it path = os.path.join(opts['data_dir'], 'persona') if not os.path.exists(path): os.makedirs(path, 0o700) keyfile = os.path.join(path, 'persona.key') exponent = 0x10001 key = M2Crypto.RSA.gen_key(2048, exponent) key.save_key(keyfile, cipher=None) key_n = 0 for c in key.n[4:]: key_n = (key_n*256) + ord(c) wellknown = dict() wellknown['authentication'] = ('%s/persona/SignIn/' % opts['instanceurl']) wellknown['provisioning'] = '%s/persona/' % opts['instanceurl'] wellknown['public-key'] = {'algorithm': 'RS', 'e': str(exponent), 'n': str(key_n)} with open(os.path.join(opts['wellknown_dir'], 'browserid'), 'w') as f: f.write(json.dumps(wellknown)) # Add configuration data to database po = PluginObject(*self.pargs) po.name = 'persona' po.wipe_data() po.wipe_config_values() config = {'issuer domain': opts['hostname'], 'idp key file': keyfile, 'allowed domains': opts['hostname']} po.save_plugin_config(config) # Update global config to add login plugin po.is_enabled = True po.save_enabled_state() # Fixup permissions so only the ipsilon user can read these files files.fix_user_dirs(path, opts['system_user'])
def configure(self, opts, changes): if opts['persona'] != 'yes': return # Check storage path is present or create it path = os.path.join(opts['data_dir'], 'persona') if not os.path.exists(path): os.makedirs(path, 0700) keyfile = os.path.join(path, 'persona.key') exponent = 0x10001 key = M2Crypto.RSA.gen_key(2048, exponent) key.save_key(keyfile, cipher=None) key_n = 0 for c in key.n[4:]: key_n = (key_n*256) + ord(c) wellknown = dict() wellknown['authentication'] = '/%s/persona/SignIn/' % opts['instance'] wellknown['provisioning'] = '/%s/persona/' % opts['instance'] wellknown['public-key'] = {'algorithm': 'RS', 'e': str(exponent), 'n': str(key_n)} with open(os.path.join(opts['wellknown_dir'], 'browserid'), 'w') as f: f.write(json.dumps(wellknown)) # Add configuration data to database po = PluginObject(*self.pargs) po.name = 'persona' po.wipe_data() po.wipe_config_values() config = {'issuer domain': opts['hostname'], 'idp key file': keyfile, 'allowed domains': opts['hostname']} po.save_plugin_config(config) # Update global config to add login plugin po.is_enabled = True po.save_enabled_state() # Fixup permissions so only the ipsilon user can read these files files.fix_user_dirs(path, opts['system_user'])