def configure(self, opts, changes):
if opts['saml2'] != 'yes':
return
# Check storage path is present or create it
path = os.path.join(opts['data_dir'], 'saml2')
if not os.path.exists(path):
os.makedirs(path, 0o700)
# Use the same cert for signing and ecnryption for now
cert = Certificate(path)
cert.generate('idp', opts['hostname'])
# Generate Idp Metadata
proto = 'https'
if opts['secure'].lower() == 'no':
proto = 'http'
url = '%s://%s%s' % (proto, opts['hostname'], opts['instanceurl'])
validity = int(opts['saml2_metadata_validity'])
meta = IdpMetadataGenerator(url, cert, timedelta(validity))
if 'gssapi' in opts and opts['gssapi'] == 'yes':
meta.meta.add_allowed_name_format(
lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS)
meta.output(os.path.join(path, 'metadata.xml'))
# Add configuration data to database
po = PluginObject(*self.pargs)
po.name = 'saml2'
po.wipe_data()
po.wipe_config_values()
config = {
'idp storage path': path,
'idp metadata file': 'metadata.xml',
'idp certificate file': cert.cert,
'idp key file': cert.key,
'idp nameid salt': uuid.uuid4().hex,
'idp metadata validity': opts['saml2_metadata_validity'],
'session database url': opts['saml2_session_dburl']
or opts['database_url'] % {
'datadir': opts['data_dir'],
'dbname': 'saml2.sessions.db'
}
}
po.save_plugin_config(config)
# Update global config to add login plugin
po.is_enabled = True
po.save_enabled_state()
# Fixup permissions so only the ipsilon user can read these files
files.fix_user_dirs(path, opts['system_user'])
def configure(self, opts, changes):
if opts['saml2'] != 'yes':
return
# Check storage path is present or create it
path = os.path.join(opts['data_dir'], 'saml2')
if not os.path.exists(path):
os.makedirs(path, 0700)
# Use the same cert for signing and ecnryption for now
cert = Certificate(path)
cert.generate('idp', opts['hostname'])
# Generate Idp Metadata
proto = 'https'
if opts['secure'].lower() == 'no':
proto = 'http'
url = '%s://%s/%s' % (proto, opts['hostname'], opts['instance'])
validity = int(opts['saml2_metadata_validity'])
meta = IdpMetadataGenerator(url, cert,
timedelta(validity))
if 'gssapi' in opts and opts['gssapi'] == 'yes':
meta.meta.add_allowed_name_format(
lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS)
meta.output(os.path.join(path, 'metadata.xml'))
# Add configuration data to database
po = PluginObject(*self.pargs)
po.name = 'saml2'
po.wipe_data()
po.wipe_config_values()
config = {'idp storage path': path,
'idp metadata file': 'metadata.xml',
'idp certificate file': cert.cert,
'idp key file': cert.key,
'idp nameid salt': uuid.uuid4().hex,
'idp metadata validity': opts['saml2_metadata_validity'],
'session database url': opts['saml2_session_dburl'] or
opts['database_url'] % {
'datadir': opts['data_dir'],
'dbname': 'saml2.sessions.db'}}
po.save_plugin_config(config)
# Update global config to add login plugin
po.is_enabled = True
po.save_enabled_state()
# Fixup permissions so only the ipsilon user can read these files
files.fix_user_dirs(path, opts['system_user'])
def configure(self, opts, changes):
if opts['persona'] != 'yes':
return
# Check storage path is present or create it
path = os.path.join(opts['data_dir'], 'persona')
if not os.path.exists(path):
os.makedirs(path, 0o700)
keyfile = os.path.join(path, 'persona.key')
exponent = 0x10001
key = M2Crypto.RSA.gen_key(2048, exponent)
key.save_key(keyfile, cipher=None)
key_n = 0
for c in key.n[4:]:
key_n = (key_n*256) + ord(c)
wellknown = dict()
wellknown['authentication'] = ('%s/persona/SignIn/'
% opts['instanceurl'])
wellknown['provisioning'] = '%s/persona/' % opts['instanceurl']
wellknown['public-key'] = {'algorithm': 'RS',
'e': str(exponent),
'n': str(key_n)}
with open(os.path.join(opts['wellknown_dir'], 'browserid'), 'w') as f:
f.write(json.dumps(wellknown))
# Add configuration data to database
po = PluginObject(*self.pargs)
po.name = 'persona'
po.wipe_data()
po.wipe_config_values()
config = {'issuer domain': opts['hostname'],
'idp key file': keyfile,
'allowed domains': opts['hostname']}
po.save_plugin_config(config)
# Update global config to add login plugin
po.is_enabled = True
po.save_enabled_state()
# Fixup permissions so only the ipsilon user can read these files
files.fix_user_dirs(path, opts['system_user'])
def configure(self, opts, changes):
if opts['persona'] != 'yes':
return
# Check storage path is present or create it
path = os.path.join(opts['data_dir'], 'persona')
if not os.path.exists(path):
os.makedirs(path, 0700)
keyfile = os.path.join(path, 'persona.key')
exponent = 0x10001
key = M2Crypto.RSA.gen_key(2048, exponent)
key.save_key(keyfile, cipher=None)
key_n = 0
for c in key.n[4:]:
key_n = (key_n*256) + ord(c)
wellknown = dict()
wellknown['authentication'] = '/%s/persona/SignIn/' % opts['instance']
wellknown['provisioning'] = '/%s/persona/' % opts['instance']
wellknown['public-key'] = {'algorithm': 'RS',
'e': str(exponent),
'n': str(key_n)}
with open(os.path.join(opts['wellknown_dir'], 'browserid'), 'w') as f:
f.write(json.dumps(wellknown))
# Add configuration data to database
po = PluginObject(*self.pargs)
po.name = 'persona'
po.wipe_data()
po.wipe_config_values()
config = {'issuer domain': opts['hostname'],
'idp key file': keyfile,
'allowed domains': opts['hostname']}
po.save_plugin_config(config)
# Update global config to add login plugin
po.is_enabled = True
po.save_enabled_state()
# Fixup permissions so only the ipsilon user can read these files
files.fix_user_dirs(path, opts['system_user'])
