def outgoing(response, instance): """ An authentication response has been received and now an authentication response from this server should be constructed. :param response: The Authentication response :param instance: SP instance that received the authentication response :return: response """ _idp = SamlIDP(instance.environ, instance.start_response, CONFIG["SP"], CACHE, outgoing) _state = instance.sp.state[response.in_response_to] orig_authn_req, relay_state = instance.sp.state[_state] # The Subject NameID subject = response.get_subject() # Diverse arguments needed to construct the response resp_args = _idp.idp.response_args(orig_authn_req) # Slightly awkward, should be done better _authn_info = response.authn_info()[0] _authn = {"class_ref": _authn_info[0], "authn_auth": _authn_info[1][0]} # This is where any possible modification of the assertion is made # Will signed the response by default resp = _idp.construct_authn_response( response.ava, name_id=subject, authn=_authn, resp_args=resp_args, relay_state=relay_state, sign_response=True) return resp
def outgoing(response, instance): """ An authentication response has been received and now an authentication response from this server should be constructed. :param response: The Authentication response :param instance: SP instance that received the authentication response :return: response """ _idp = SamlIDP(instance.environ, instance.start_response, CONFIG["SP"], CACHE, outgoing) _state = instance.sp.state[response.in_response_to] orig_authn_req, relay_state = instance.sp.state[_state] # The Subject NameID subject = response.get_subject() # Diverse arguments needed to construct the response resp_args = _idp.idp.response_args(orig_authn_req) # Slightly awkward, should be done better _authn_info = response.authn_info()[0] _authn = {"class_ref": _authn_info[0], "authn_auth": _authn_info[1][0]} # This is where any possible modification of the assertion is made # Will signed the response by default resp = _idp.construct_authn_response(response.ava, name_id=subject, authn=_authn, resp_args=resp_args, relay_state=relay_state, sign_response=True) return resp
def run(spec, environ, start_response): """ Picks entity and method to run by that entity. :param spec: a tuple (entity_type, response_type, binding) :param environ: WSGI environ :param start_response: WSGI start_response :return: """ if isinstance(spec, tuple): if spec[0] == "SP": inst = SamlSP(environ, start_response, CONFIG["SP"], CACHE, outgoing, **SP_ARGS) else: inst = SamlIDP(environ, start_response, CONFIG["IDP"], CACHE, incomming) func = getattr(inst, spec[1]) return func(*spec[2:]) else: return spec()
CONFIG["SP"].metadata = mds CONFIG["IDP"].metadata = mds # If entityID is set it means this is a proxy in front of one IdP if args.entityid: EntityID = args.entityid SP_ARGS = {} else: EntityID = None SP_ARGS = {"discosrv": Config.DISCO_SRV} CACHE = {} sp = SamlSP(None, None, CONFIG["SP"], CACHE) URLS.extend(sp.register_endpoints()) idp = SamlIDP(None, None, CONFIG["IDP"], CACHE, None) URLS.extend(idp.register_endpoints()) # ============== Web server =============== SRV = wsgiserver.CherryPyWSGIServer((Config.HOST, Config.PORT), application) if Config.HTTPS: SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter( Config.SERVER_CERT, Config.SERVER_KEY, Config.CERT_CHAIN) LOGGER.info("Server starting") if Config.HTTPS: print "S2S listening on %s:%s using HTTPS" % (Config.HOST, Config.PORT) else: print "S2S listening on %s:%s" % (Config.HOST, Config.PORT)
CONFIG["SP"].metadata = mds CONFIG["IDP"].metadata = mds # If entityID is set it means this is a proxy in front of one IdP if args.entityid: EntityID = args.entityid SP_ARGS = {} else: EntityID = None SP_ARGS = {"discosrv": Config.DISCO_SRV} CACHE = {} sp = SamlSP(None, None, CONFIG["SP"], CACHE) URLS.extend(sp.register_endpoints()) idp = SamlIDP(None, None, CONFIG["IDP"], CACHE, None) URLS.extend(idp.register_endpoints()) # ============== Web server =============== SRV = wsgiserver.CherryPyWSGIServer((Config.HOST, Config.PORT), application) if Config.HTTPS: SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter( Config.SERVER_CERT, Config.SERVER_KEY, Config.CERT_CHAIN) LOGGER.info("Server starting") if Config.HTTPS: print "S2S listening on %s:%s using HTTPS" % (Config.HOST, Config.PORT) else: