def init_app(self, app):
"""Init app using factories pattern."""
CERTIFICATE = certificate_from_file(CERTIFICATE_FILE)
PRIVATE_KEY = private_key_from_file(PRIVATE_KEY_FILE)
app.config['SAML2_IDENTITY_PROVIDERS'] = [
{
'CLASS': 'flask_saml2.sp.idphandler.IdPHandler',
'OPTIONS': {
'display_name': 'mkplay',
'entity_id': app.config['ENTITY_ID'],
'sso_url': app.config['SSO_URL'],
'slo_url': app.config['SLO_URL'],
'certificate': app.config['CERTIFICATE']
},
},
]
app.config['SAML2_SP'] = {
'certificate': CERTIFICATE,
'private_key': PRIVATE_KEY,
}
SAML2_IDENTITY_PROVIDERS = [
{
'CLASS': 'backend.saml.KeycloakIdPHandler',
'OPTIONS': {
'display_name':
'Keycloak IdP',
'entity_id':
f'https://sso.{EDAP_DOMAIN}/auth/realms/master',
'sso_url':
f'https://sso.{EDAP_DOMAIN}/auth/realms/master/protocol/saml',
'slo_url':
f'https://sso.{EDAP_DOMAIN}/auth/realms/master/protocol/saml',
},
},
]
try:
SAML2_SP = {
'certificate':
certificate_from_file(const.SAML_CERT_ROOT /
const.SAML_CHOICES["sp-cert"]),
'private_key':
private_key_from_file(const.SAML_CERT_ROOT /
const.SAML_CHOICES["sp-key"]),
}
SAML2_IDENTITY_PROVIDERS[0]['OPTIONS'][
'certificate'] = certificate_from_file(const.SAML_CERT_ROOT /
const.SAML_CHOICES["idp-cert"])
except Exception as e:
print(f"Error configuring SAML: {e}", file=sys.stderr)
pass # Files probably don't exist
"""
Tests for the SalesForce Service Provider handler.
"""
import base64
from lxml import etree
from flask_saml2.signing import RsaSha1Signer, Sha1Digester, get_signature_xml
from flask_saml2.utils import certificate_from_file, private_key_from_file
from . import base
# Normally, the Salesforce private key would only be known by Salesforce. As we
# are generating and signing a request as if it was from Salesforce, we need
# the private key.
SALESFORCE_CERTIFICATE = certificate_from_file(base.KEY_DIR /
'salesforce-certificate.pem')
SALESFORCE_PRIVATE_KEY = private_key_from_file(base.KEY_DIR /
'salesforce-private-key.pem')
RELAY_STATE = '/home/home.jsp'
SALESFORCE_ACS = 'https://login.salesforce.com'
class TestSalesForceSPHandler(base.BaseSPHandlerTests):
@classmethod
def setup_class(cls):
request_id = '_ABC123_some_assertion_id'
request_xml = etree.fromstring(
'<samlp:AuthnRequest '
'xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" '
'AssertionConsumerServiceURL="https://login.salesforce.com" '
def test_loading_certificate():
cert_from_file = certificate_from_file(CERTIFICATE_FILE)
cert_from_string = certificate_from_string(X509_CERTIFICATE_DATA)
assert cert_from_file.digest('sha1') == cert_from_string.digest('sha1')
@attr.s
class SamlView:
html = attr.ib()
html_soup = attr.ib()
saml = attr.ib()
saml_soup = attr.ib()
form_action = attr.ib()
KEY_DIR = Path(__file__).parent.parent / 'keys' / 'sample'
CERTIFICATE_FILE = KEY_DIR / 'idp-certificate.pem'
PRIVATE_KEY_FILE = KEY_DIR / 'idp-private-key.pem'
CERTIFICATE = certificate_from_file(CERTIFICATE_FILE)
PRIVATE_KEY = private_key_from_file(PRIVATE_KEY_FILE)
class IdentityProvider(IdentityProvider):
def __init__(self, service_providers, users=None, **kwargs):
super().__init__(**kwargs)
self.service_providers = service_providers
self.users = {}
if users is not None:
for user in users:
self.add_user(user)
def get_idp_config(self):
return {
'issuer': 'Test IdP',
def get_logout_return_url(self):
return url_for('index', _external=True)
def get_default_login_return_url(self):
return url_for('index', _external=True)
sp = ExampleServiceProvider()
app = Flask(__name__)
app.debug = True
app.secret_key = 'not a secret'
app.config['SERVER_NAME'] = '[NODE PUBLIC IP]:9000'
app.config['SAML2_SP'] = {
'certificate': certificate_from_file('keys/sp_cert.pem'),
'private_key': private_key_from_file('keys/sp_key.pem'),
}
app.config['SAML2_IDENTITY_PROVIDERS'] = [
{
'CLASS': 'flask_saml2.sp.idphandler.IdPHandler',
'OPTIONS': {
'display_name': 'py-saml-poc',
'entity_id': '[SAML v2 Entity Id]',
'sso_url': '[SAML v2 Login URL]',
'slo_url': '[SAML v2 Logout URL]',
'certificate': certificate_from_file('keys/idp_cert.pem'),
},
},
]
import urllib.parse
from pathlib import Path
import attr
import flask
from flask import Flask, abort, redirect
import flask_saml2.idp
import flask_saml2.sp
from flask_saml2.utils import certificate_from_file, private_key_from_file
KEY_DIR = Path(__file__).parent.parent / 'keys' / 'sample'
IDP_CERTIFICATE = certificate_from_file(KEY_DIR / 'idp-certificate.pem')
IDP_PRIVATE_KEY = private_key_from_file(KEY_DIR / 'idp-private-key.pem')
SP_CERTIFICATE = certificate_from_file(KEY_DIR / 'sp-certificate.pem')
SP_PRIVATE_KEY = private_key_from_file(KEY_DIR / 'sp-private-key.pem')
@attr.s
class User:
username = attr.ib()
email = attr.ib()
class ServiceProvider(flask_saml2.sp.ServiceProvider):
def __init__(self, identity_providers, **kwargs):
super().__init__(**kwargs)
self.identity_providers = identity_providers
def get_sp_config(self):
