def _init_pysaml2(self):
"""
Initialization of PySAML2. Part of __init__().
:return:
"""
old_path = sys.path
cfgfile = self.config.pysaml2_config
cfgdir = os.path.dirname(cfgfile)
if cfgdir:
# add directory part to sys.path, since pysaml2 'import's it's config
sys.path = [cfgdir] + sys.path
cfgfile = os.path.basename(self.config.pysaml2_config)
_session_ttl = self.config.sso_session_lifetime * 60
if self.config.sso_session_mongo_uri:
_SSOSessions = eduid_idp.cache.SSOSessionCacheMDB(self.config.sso_session_mongo_uri,
self.logger, _session_ttl)
else:
_SSOSessions = eduid_idp.cache.SSOSessionCacheMem(self.logger, _session_ttl, threading.Lock())
_path = sys.path[0]
self.logger.debug("Loading PySAML2 server using cfgfile {!r} and path {!r}".format(cfgfile, _path))
try:
self.IDP = server.Server(cfgfile, cache = _SSOSessions)
finally:
# restore path
sys.path = old_path
_my_id = self.IDP.config.entityid
self.AUTHN_BROKER = eduid_idp.assurance.init_AuthnBroker(_my_id)
_login_state_ttl = (self.config.login_state_ttl + 1) * 60
self.IDP.ticket = SSOLoginDataCache(self.IDP, 'TicketCache', self.logger, _login_state_ttl,
self.config, threading.Lock())
def get_auth_token():
samlServer = server.Server("idp_conf")
nid = NameID(format=NAMEID_FORMAT_UNSPECIFIED, text="ganderson")
authn_dict = {
"decl": "authn_decl",
"class_ref": UNSPECIFIED,
"authn_instant": time.time(),
}
samlResp = samlServer.create_authn_response(
identity={},
in_response_to="",
userid="ganderson",
destination=
"https://uat.envestnet.com/openenv/api/auth/login?firm=edelman",
sp_entity_id=None,
sign_assertion=True,
name_id=nid,
authn=authn_dict,
)
url = "https://uat.envestnet.com/openenv/api/auth/login?firm=edelman"
headers = DEFAULT_HEADERS.copy()
headers["Content-Type"] = "application/xml; charset=utf-8"
resp = webServiceCall(url, headers, data=samlResp)
return resp.headers["Token"]
def __init__(self):
self.logger = logging.getLogger(__name__)
self.AUTHN_BROKER = eduid_idp.assurance.init_AuthnBroker(
'unittest-idp.example.edu')
datadir = pkg_resources.resource_filename(__name__, 'tests/data')
config_file = os.path.join(datadir, 'test_SSO_conf.py')
self.IDP = server.Server(config_file=config_file)
self.config = {}
self.IDP.metadata = FakeMetadata()
parser.add_argument('-s',
dest='sign',
action='store_true',
help="sign the metadata")
parser.add_argument('-m', dest='mako_root', default="./")
parser.add_argument(dest="config")
args = parser.parse_args()
CONFIG = importlib.import_module(args.config)
AUTHN_BROKER = AuthnBroker()
AUTHN_BROKER.add(authn_context_class_ref(PASSWORD),
username_password_authn, 10, CONFIG.BASE)
AUTHN_BROKER.add(authn_context_class_ref(UNSPECIFIED), "", 0, CONFIG.BASE)
IDP = server.Server(args.config, cache=Cache())
IDP.ticket = {}
_rot = args.mako_root
LOOKUP = TemplateLookup(directories=[_rot + 'templates', _rot + 'htdocs'],
module_directory=_rot + 'modules',
input_encoding='utf-8',
output_encoding='utf-8')
HOST = CONFIG.HOST
PORT = CONFIG.PORT
sign_alg = None
digest_alg = None
try:
sign_alg = CONFIG.SIGN_ALG
if match is not None:
try:
environ['myapp.url_args'] = match.groups()[0]
except IndexError:
environ['myapp.url_args'] = path
if logger: logger.info("callback: %s" % (callback,))
return callback(environ, start_response, user, logger)
else:
if logger: logger.info("-- No USER --")
return not_authn(environ, start_response, logger)
return not_found(environ, start_response, logger)
# ----------------------------------------------------------------------------
from repoze.who.config import make_middleware_with_config
APP_WITH_AUTH = make_middleware_with_config(application, {"here":"."},
'./who.ini', log_file="repoze_who.log")
# ----------------------------------------------------------------------------
if __name__ == '__main__':
import sys
from wsgiref.simple_server import make_server
PORT = 8088
IDP = server.Server(sys.argv[1])
SRV = make_server('localhost', PORT, APP_WITH_AUTH)
print "IdP listening on port: %s" % PORT
SRV.serve_forever()
def __init__(self, onts, attrc, data=None, cert=None, **kwargs):
super(MetaDataStream, self).__init__(onts, attrc, **kwargs)
if not data:
raise SAMLError('No metadata specified.')
self.data = data
self.cert = cert
def get_metadata_content(self):
return self.data
def load(self):
_txt = self.get_metadata_content()
return self.parse_and_check_signature(_txt)
IDP = server.Server("./idp_conf.py", cache=Cache())
IDP.ticket = {}
from app.models import CbServer
def load_metadata(id, md):
mw = MetaDataStream(IDP.metadata.onts, IDP.metadata.attrc, data=md)
mw.load()
IDP.metadata.metadata[id] = mw
def load_all_metadata():
for server in CbServer.query.all():
load_metadata(server.id, server.saml_sp_config)
def setup_server_env(proxy_conf, conf_mod, key):
global server_env
global logger
#noinspection PyUnboundLocalVariable
server_env = dict([(k, v) for k, v in proxy_conf.__dict__.items()
if not k.startswith("__")])
server_env["sessions"] = {}
server_env["eptid"] = eptid.Eptid(proxy_conf.EPTID_DB, proxy_conf.SECRET)
_idp = server.Server(conf_mod)
args = {"metad": _idp.metadata, "dkeys": {"rsa": [key]}}
server_env["consumer_info"] = utils.ConsumerInfo(proxy_conf.CONSUMER_INFO,
**args)
server_env["service"] = proxy_conf.SERVICE
# add the service endpoints
part = urlparse.urlparse(_idp.config.entityid)
base = "%s://%s/" % (part.scheme, part.netloc)
server_env["SCHEME"] = part.scheme
try:
(host, port) = part.netloc.split(":")
port = int(port)
except ValueError: # no port specification
host = part.netloc
if part.scheme == "http":
port = 80
elif part.scheme == "https":
port = 443
else:
raise ValueError("Unsupported scheme")
server_env["HOST"] = host
server_env["PORT"] = port
endpoints = {"single_sign_on_service": [], "single_logout_service": []}
for _dict in proxy_conf.SERVICE.values():
_sso = _dict["saml_endpoint"]
endpoints["single_sign_on_service"].append("%s%s" % (base, _sso))
endpoints["single_logout_service"].append(
("%s%s/logout" % (base, _sso), BINDING_HTTP_REDIRECT))
_idp.config.setattr("idp", "endpoints", endpoints)
server_env["idp"] = _idp
server_env["template_lookup"] = LOOKUP
server_env["sid_generator"] = session_nr()
server_env["base_url"] = base
server_env["STATIC_DIR"] = proxy_conf.STATIC_DIR
server_env["SIGN"] = proxy_conf.SIGN
#print SERVER_ENV
if proxy_conf.CACHE == "memory":
server_env["CACHE"] = cache.Cache(server_env["SERVER_NAME"],
server_env["SECRET"])
elif proxy_conf.CACHE.startswith("file:"):
server_env["CACHE"] = cache.Cache(server_env["SERVER_NAME"],
server_env["SECRET"],
filename=proxy_conf.CACHE[5:])
logger = setup_logger(_idp.config)
if proxy_conf.DEBUG:
logger.setLevel(logging.DEBUG)
logger.debug("SERVER_ENV: %s" % server_env)
return _idp
ROOT = './'
LOOKUP = TemplateLookup(directories=[ROOT + 'templates', ROOT + 'htdocs'],
module_directory=ROOT + 'modules',
input_encoding='utf-8',
output_encoding='utf-8')
# ----------------------------------------------------------------------------
if __name__ == '__main__':
import sys
import socket
from idp_user import USERS
from idp_user import EXTRA
from wsgiref.simple_server import make_server
PORT = 8088
AUTHN_BROKER = AuthnBroker()
AUTHN_BROKER.add(authn_context_class_ref(PASSWORD),
username_password_authn, 10,
"http://%s" % socket.gethostname())
AUTHN_BROKER.add(authn_context_class_ref(UNSPECIFIED), "", 0,
"http://%s" % socket.gethostname())
IDP = server.Server(sys.argv[1], cache=Cache())
IDP.ticket = {}
SRV = make_server('', PORT, application)
print "IdP listening on port: %s" % PORT
SRV.serve_forever()
def setup_saml2_server(self, config, idpconfig, symkey):
idp = server.Server(config,
cache=Cache(idpconfig.CACHE_1, idpconfig.CACHE_2),
symkey=symkey)
idp.ticket = {}
return idp
