def do_idpsso_descriptor(conf, cert=None, enc_cert=None):
idpsso = md.IDPSSODescriptor()
idpsso.protocol_support_enumeration = samlp.NAMESPACE
endps = conf.getattr("endpoints", "idp")
if endps:
for (endpoint, instlist) in do_endpoints(endps,
ENDPOINTS["idp"]).items():
setattr(idpsso, endpoint, instlist)
_do_nameid_format(idpsso, conf, "idp")
scopes = conf.getattr("scope", "idp")
if scopes:
if idpsso.extensions is None:
idpsso.extensions = md.Extensions()
for scope in scopes:
mdscope = shibmd.Scope()
mdscope.text = scope
# unless scope contains '*'/'+'/'?' assume non regexp ?
mdscope.regexp = "false"
idpsso.extensions.add_extension_element(mdscope)
ui_info = conf.getattr("ui_info", "idp")
if ui_info:
if idpsso.extensions is None:
idpsso.extensions = md.Extensions()
idpsso.extensions.add_extension_element(do_uiinfo(ui_info))
if cert or enc_cert:
idpsso.key_descriptor = do_key_descriptor(cert,
enc_cert,
use=conf.metadata_key_usage)
for key in ["want_authn_requests_signed"]:
# "want_authn_requests_only_with_valid_cert"]:
try:
val = conf.getattr(key, "idp")
if val is None:
setattr(idpsso, key, DEFAULT[key])
else:
setattr(idpsso, key, ("%s" % val).lower())
except KeyError:
setattr(idpsso, key, DEFAULTS[key])
return idpsso
def entities_desc(service, ename, base, cert_file=None, validity="", cache="",
social=None, scopebase="social2saml.org"):
ed = []
if cert_file:
_cert = read_cert_from_file(cert_file, "pem")
key_descriptor = do_key_descriptor(_cert)
else:
key_descriptor = None
for name, desc in service.items():
if social is None or name in social:
scope = shibmd.Scope(text="%s.%s" % (name, scopebase))
loc = "%s/%s" % (base, desc["saml_endpoint"])
eid = "%s/%s" % (base, desc["entity_id"])
ed.append(entity_desc(loc, key_descriptor, eid, scope=scope))
return EntitiesDescriptor(name=ename, entity_descriptor=ed,
valid_until = in_a_while(hours=validity),
cache_duration=cache)