Пример #1
0
    def provider_features(self, pcr_class=ASConfigurationResponse,
                          provider_config=None):
        """
        Specifies what the server capabilities are.

        :param pcr_class:
        :return: ProviderConfigurationResponse instance
        """

        _provider_info = pcr_class(**CAPABILITIES)

        _scopes = list(SCOPE2CLAIMS.keys())
        _provider_info["scopes_supported"] = _scopes

        sign_algs = list(jws.SIGNER_ALGS.keys())
        # Remove 'none' for token_endpoint_auth_signing_alg_values_supported
        # since it is not allowed
        sign_algs = sign_algs[:]
        sign_algs.remove('none')
        _provider_info[
            "token_endpoint_auth_signing_alg_values_supported"] = sign_algs

        if provider_config:
            _provider_info.update(provider_config)

        return _provider_info
Пример #2
0
    def provider_features(self, pcr_class=ProviderConfigurationResponse):
        """
        Specifies what the server capabilities are.

        :param pcr_class:
        :return: ProviderConfigurationResponse instance
        """

        _provider_info = pcr_class(**CAPABILITIES)

        _claims = []
        for _cl in SCOPE2CLAIMS.values():
            _claims.extend(_cl)
        _provider_info["claims_supported"] = list(set(_claims))

        _scopes = list(SCOPE2CLAIMS.keys())
        _scopes.append("openid")
        _provider_info["scopes_supported"] = _scopes

        sign_algs = list(jws.SIGNER_ALGS.keys())
        for typ in ["userinfo", "id_token", "request_object"]:
            _provider_info["%s_signing_alg_values_supported" % typ] = sign_algs

        # Remove 'none' for token_endpoint_auth_signing_alg_values_supported
        # since it is not allowed
        sign_algs = sign_algs[:]
        sign_algs.remove("none")
        _provider_info["token_endpoint_auth_signing_alg_values_supported"] = sign_algs

        algs = jwe.SUPPORTED["alg"]
        for typ in ["userinfo", "id_token", "request_object"]:
            _provider_info["%s_encryption_alg_values_supported" % typ] = algs

        encs = jwe.SUPPORTED["enc"]
        for typ in ["userinfo", "id_token", "request_object"]:
            _provider_info["%s_encryption_enc_values_supported" % typ] = encs

        # acr_values
        if self.authn_broker:
            acr_values = self.authn_broker.getAcrValuesString()
            if acr_values is not None:
                _provider_info["acr_values_supported"] = acr_values

        return _provider_info
Пример #3
0
    def create_providerinfo(self, pcr_class=ProviderConfigurationResponse):
        _response = pcr_class(
            issuer=self.baseurl,
            token_endpoint_auth_methods_supported=[
                "client_secret_post", "client_secret_basic",
                "client_secret_jwt", "private_key_jwt"],
            scopes_supported=["openid"],
            response_types_supported=["code", "token", "id_token",
                                      "code token", "code id_token",
                                      "token id_token",
                                      "code token id_token"],
            subject_types_supported=["public", "pairwise"],
            grant_types_supported=[
                "authorization_code", "implicit",
                "urn:ietf:params:oauth:grant-type:jwt-bearer"],
            claim_types_supported=["normal", "aggregated", "distributed"],
            claims_supported=SCOPE2CLAIMS.keys(),
            claims_parameter_supported="true",
            request_parameter_supported="true",
            request_uri_parameter_supported="true",
        )

        sign_algs = jws.SIGNER_ALGS.keys()

        for typ in ["userinfo", "id_token", "request_object",
                    "token_endpoint_auth"]:
            _response["%s_signing_alg_values_supported" % typ] = sign_algs

        algs = jwe.SUPPORTED["alg"]
        for typ in ["userinfo", "id_token", "request_object"]:
            _response["%s_encryption_alg_values_supported" % typ] = algs

        encs = jwe.SUPPORTED["enc"]
        for typ in ["userinfo", "id_token", "request_object"]:
            _response["%s_encryption_enc_values_supported" % typ] = encs

        if not self.baseurl.endswith("/"):
            self.baseurl += "/"

        #keys = self.keyjar.keys_by_owner(owner=".")
        if self.jwks_uri and self.keyjar:
            _response["jwks_uri"] = self.jwks_uri

        #acr_values
        if self.authn_broker:
            acr_values = self.authn_broker.getAcrValuesString()
            if acr_values is not None:
                _response["acr_values_supported"] = acr_values

        for endp in self.endp:
            #_log_info("# %s, %s" % (endp, endp.name))
            _response[endp(None).name] = "%s%s" % (self.baseurl, endp.etype)

        return _response
Пример #4
0
from oic.oic.message import SCOPE2CLAIMS

ISSUER = "https://server.example.com"

ENDPOINTS = ["authorization_endpoint", "token_endpoint",
             "userinfo_endpoint", "refresh_session_endpoint",
             #"check_session_endpoint",
             "end_session_endpoint", "registration_endpoint"]

info = {
    "issuer":
        "%s" % ISSUER,
    "token_endpoint_auth_types_supported":
        ["client_secret_basic", "private_key_jwt"],
    "jwk_url":
        "https://server.example.com/jwk.json",
    "scopes_supported": SCOPE2CLAIMS.keys(),
    "response_types_supported":
        ["code", "token", "id_token", "code token", "code id_token",
         "token id_token", "code token id_token"],
    "acrs_supported": ["1","2"],
    "user_id_types_supported": ["public", "pairwise"],
    "userinfo_algs_supported": SIGNER_ALGS.keys(),
    "id_token_algs_supported": SIGNER_ALGS.keys(),
    "request_object_algs_supported": SIGNER_ALGS.keys()
}

for end in ENDPOINTS:
    info[end] = "%s/%s" % (ISSUER, end)

print json.dumps(info)
Пример #5
0
    def providerinfo_endpoint(self, handle="", **kwargs):
        _log_debug = logger.debug
        _log_info = logger.info

        _log_info("@providerinfo_endpoint")
        try:
            _response = ProviderConfigurationResponse(
                issuer=self.baseurl,
                token_endpoint_auth_methods_supported=[
                    "client_secret_post", "client_secret_basic",
                    "client_secret_jwt", "private_key_jwt"],
                scopes_supported=["openid"],
                response_types_supported=["code", "token", "id_token",
                                          "code token", "code id_token",
                                          "token id_token",
                                          "code token id_token"],
                subject_types_supported=["public", "pairwise"],
                grant_types_supported=[
                    "authorization_code", "implicit",
                    "urn:ietf:params:oauth:grant-type:jwt-bearer"],
                claim_types_supported=["normal", "aggregated", "distributed"],
                claims_supported=SCOPE2CLAIMS.keys(),
                claims_parameter_supported="true",
                request_parameter_supported="true",
                request_uri_parameter_supported="true",
                #request_object_algs_supported=["HS256"]
            )

            sign_algs = jws.SIGNER_ALGS.keys()

            for typ in ["userinfo", "id_token", "request_object",
                        "token_endpoint_auth"]:
                _response["%s_signing_alg_values_supported" % typ] = sign_algs

            algs = jwe.SUPPORTED["alg"]
            for typ in ["userinfo", "id_token", "request_object"]:
                _response["%s_encryption_alg_values_supported" % typ] = algs

            encs = jwe.SUPPORTED["enc"]
            for typ in ["userinfo", "id_token", "request_object"]:
                _response["%s_encryption_enc_values_supported" % typ] = encs

            if not self.baseurl.endswith("/"):
                self.baseurl += "/"

            #keys = self.keyjar.keys_by_owner(owner=".")
            if self.jwks_uri:
                _response["jwks_uri"] = self.jwks_uri

            #_log_info("endpoints: %s" % self.endpoints)
            for endp in self.endpoints:
                #_log_info("# %s, %s" % (endp, endp.name))
                _response[endp.name] = "%s%s" % (self.baseurl, endp.etype)

            _log_info("provider_info_response: %s" % (_response.to_dict(),))

            headers = [("Cache-Control", "no-store"), ("x-ffo", "bar")]
            if handle:
                (key, timestamp) = handle
                if key.startswith(STR) and key.endswith(STR):
                    cookie = self.cookie_func(key, self.cookie_name, "pinfo",
                                              self.sso_ttl)
                    headers.append(cookie)

            resp = Response(_response.to_json(), content="application/json",
                            headers=headers)
        except Exception, err:
            message = traceback.format_exception(*sys.exc_info())
            logger.error(message)
            resp = Response(message, content="html/text")
Пример #6
0
    "userinfo_endpoint",
    "refresh_session_endpoint",
    #"check_session_endpoint",
    "end_session_endpoint",
    "registration_endpoint"
]

info = {
    "issuer":
    "%s" % ISSUER,
    "token_endpoint_auth_types_supported":
    ["client_secret_basic", "private_key_jwt"],
    "jwk_url":
    "https://server.example.com/jwk.json",
    "scopes_supported":
    SCOPE2CLAIMS.keys(),
    "response_types_supported": [
        "code", "token", "id_token", "code token", "code id_token",
        "token id_token", "code token id_token"
    ],
    "acrs_supported": ["1", "2"],
    "user_id_types_supported": ["public", "pairwise"],
    "userinfo_algs_supported":
    SIGNER_ALGS.keys(),
    "id_token_algs_supported":
    SIGNER_ALGS.keys(),
    "request_object_algs_supported":
    SIGNER_ALGS.keys()
}

for end in ENDPOINTS: