def metadata(self):
# TODO: generate from some custom logic
metadata = create_metadata_string(
__file__,
self.server.config,
)
return Response(metadata, mimetype='text/xml')
def __init__(self, args, template_lookup, sphandler, ISSUER):
idpconfig = importlib.import_module(args.idpconfig)
self.copy_sp_cert = idpconfig.COPYSPCERT
self.copy_sp_key = idpconfig.COPYSPKEY
self.passwd = idpconfig.PASSWD
self.cas_server = idpconfig.CAS_SERVER
self.yubikey_db = idpconfig.YUBIKEY_DB
self.yubikey_server = idpconfig.YUBIKEY_SERVER
self.service_url = ISSUER + "/" + self.IDP_VERIFY_URL
self.template_lookup = template_lookup
self.idp_server = self.setup_saml2_server(args.idpconfig, idpconfig,
idpconfig.SYM_KEY)
self.authn_broker = self.setup_authn_broker(ISSUER, sphandler,
idpconfig.AUTHORIZATION)
self.auth_cookie = None
self.non_authn_urls = [
(r'%s?(.*)$' % self.IDP_VERIFY_URL, self.do_verify),
(r'sso/ecp$', (SSO, "ecp")),
]
self.sphandler = sphandler
self.idp_metadata = create_metadata_string(args.idpconfig + ".py",
self.idp_server.config,
args.valid, args.cert,
args.keyfile, args.id_idp,
args.name_idp, args.sign)
def metadata(r):
acs_url = get_current_domain(r) + get_reverse([acs, 'acs', 'django_saml2_auth:acs'])
saml_settings = _get_saml_client_settings(acs_url)
spConfig = Saml2Config()
spConfig.load(saml_settings)
spConfig.allow_unknown_attributes = True
metadata_string = create_metadata_string(None, config=spConfig, valid=settings.SAML2_AUTH.get('CERTIFICATES', {}).get('VALID_THROUGH', None)*24)
return HttpResponse(metadata_string, content_type='text/xml')
def test_signed_metadata_proper_str_bytes_handling():
sp_conf_2 = sp_conf.copy()
sp_conf_2['key_file'] = full_path("test.key")
sp_conf_2['cert_file'] = full_path("inc-md-cert.pem")
# requires xmlsec binaries per https://pysaml2.readthedocs.io/en/latest/examples/sp.html
sp_conf_2['xmlsec_binary'] = sigver.get_xmlsec_binary(["/opt/local/bin"])
cnf = SPConfig().load(sp_conf_2, metadata_construction=True)
# This will raise TypeError if string/bytes handling is not correct
sp_metadata = create_metadata_string('', config=cnf, sign=True)
def __init__(self, config):
"""
Creates a response containing the metadata generated from the SP config.
:type config: dict[str, Any]
:param config: The SP config
"""
metadata_string = create_metadata_string(None, config, 4, None, None, None, None,
None).decode("utf-8")
resp = {"content": "text/xml"}
super(MetadataResponse, self).__init__(message=metadata_string, **resp)
def metadata(environ, start_response, _args):
path = _args.path
if path is None or len(path) == 0:
path = os.path.dirname(os.path.abspath(__file__))
if path[-1] != "/":
path += "/"
metadata = create_metadata_string(path + "sp_conf.py", None, _args.valid,
_args.cert, _args.keyfile, _args.id,
_args.name, _args.sign)
start_response('200 OK', [('Content-Type', "text/xml")])
return metadata
def __init__(self, config):
"""
Creates a response containing the metadata generated from the SP config.
:type config: dict[str, Any]
:param config: The SP config
"""
metadata_string = create_metadata_string(None, config, 4, None, None,
None, None,
None).decode("utf-8")
resp = {"content": "text/xml"}
super(MetadataResponse, self).__init__(message=metadata_string, **resp)
def metadata(environ, start_response, _args):
path = _args.path
if path is None or len(path) == 0:
path = os.path.dirname(os.path.abspath(__file__))
if path[-1] != "/":
path += "/"
metadata = create_metadata_string(path + "sp_conf.py", None,
_args.valid, _args.cert,
_args.keyfile,
_args.id, _args.name, _args.sign)
start_response('200 OK', [('Content-Type', "text/xml")])
return metadata
def _metadata_endpoint(self, context):
"""
Endpoint for retrieving the backend metadata
:type context: satosa.context.Context
:rtype: satosa.response.Response
:param context: The current context
:return: response with metadata
"""
satosa_logging(logger, logging.DEBUG, "Sending metadata response", context.state)
metadata_string = create_metadata_string(None, self.idp.config, 4, None, None, None, None,
None).decode("utf-8")
return Response(metadata_string, content="text/xml")
def _metadata_endpoint(self, context):
"""
Endpoint for retrieving the backend metadata
:type context: satosa.context.Context
:rtype: satosa.response.Response
:param context: The current context
:return: response with metadata
"""
satosa_logging(logger, logging.DEBUG, "Sending metadata response", context.state)
metadata_string = create_metadata_string(None, self.idp.config, 4, None, None, None, None,
None).decode("utf-8")
return Response(metadata_string, content="text/xml")
def metadata(environ, start_response):
try:
path = args.path
if path is None or len(path) == 0:
path = os.path.dirname(os.path.abspath( __file__ ))
if path[-1] != "/":
path += "/"
metadata = create_metadata_string(path+args.config, IDP.config,
args.valid, args.cert, args.keyfile,
args.id, args.name, args.sign)
start_response('200 OK', [('Content-Type', "text/xml")])
return metadata
except Exception as ex:
logger.error("An error occured while creating metadata:" + ex.message)
return not_found(environ, start_response)
def _metadata_endpoint(self, context):
"""
Endpoint for retrieving the backend metadata
:type context: satosa.context.Context
:rtype: satosa.response.Response
:param context: The current context
:return: response with metadata
"""
msg = "Sending metadata response"
logline = lu.LOG_FMT.format(id=lu.get_session_id(context.state), message=msg)
logger.debug(logline)
metadata_string = create_metadata_string(None, self.idp.config, 4, None, None, None, None,
None).decode("utf-8")
return Response(metadata_string, content="text/xml")
def metadata(environ, start_response):
try:
path = args.path
if path is None or len(path) == 0:
path = os.path.dirname(os.path.abspath(__file__))
if path[-1] != "/":
path += "/"
metadata = create_metadata_string(path + args.config, IDP.config,
args.valid, args.cert, args.keyfile,
args.id, args.name, args.sign)
start_response('200 OK', [('Content-Type', "text/xml")])
return metadata
except Exception as ex:
logger.error("An error occured while creating metadata:" + ex.message)
return not_found(environ, start_response)
def __init__(self, sp_logger, args):
"""
Constructor for the SpHandler.
:param sp_logger: A logger.
"""
#Metadata for the SP
self.sp_metadata = create_metadata_string(args.spconf + ".py", None,
args.valid, args.cert,
args.keyfile, args.id_sp,
args.name_sp, args.sign)
#Log class. (see import logging)
self.logger = sp_logger
#Configurations for the SP handler. (pyOpSamlProxy.client.sp.conf)
self.sp_conf = importlib.import_module(
args.spconf) #pyOpSamlProxy.client.sp.conf
#Name of the configuration file. See above.
self.sp_conf_name = self.sp_conf.WORKING_DIR + args.spconf
#SP configuration object. (See project pysaml2; saml2.client.Saml2Client)
self.sp = Saml2Client(config_file="%s" % self.sp_conf_name)
#Extra arguments for the pyOpSamlProxy.client.sp.util.SSO object.
self.args = {}
#URL to SAML discovery server.
self.args["discosrv"] = self.sp_conf.DISCOSRV
#URL to SAML WAYF server.
self.args["wayf"] = self.sp_conf.WAYF
#URL to op server authorization when the SP have been authenticated.
#TODO have to be changed when Saml to Saml is implemented.
self.authorization_url = "%s/authorization" % self.sp_conf.ISSUER
#Handles the SAML authentication for an op server.
self.authnmethod = SPAuthnMethodHandler(None,
self.sp_conf.SPVERIFYBASE,
self.authorization_url)
#Handles SAML authentication for an IdP server.
# Setup performed by pyOpSamlProxy.provider.idp.handler.handler.
self.sp_authentication = None
#Handles the user info response with Saml attributes.
self.userinfo = UserInfoSpHandler(self.sp_conf.OPENID2SAMLMAP, self)
#The handler for the op server. Must be set after creation
#This must be the instance of the class pyOpSamlProxy.provider.op.handler.OpHandler.
self.ophandler = None
#Contains the user cache for the SpHandler, like collected IdP attributes.
#Dictionary where userid is key and value is an instance of the class
#pyOpSamlProxy.client.sp.handler.SpHandlerCache
self.sphandlercache = self.sp_conf.CACHE
self.certificate_cache_name = "CERTIFICATE_CACHE"
self.certificate_cookie_name = sid()
self.certificate_cookie_seed = sid()
def __init__(self, sp_logger, args):
"""
Constructor for the SpHandler.
:param sp_logger: A logger.
"""
#Metadata for the SP
self.sp_metadata = create_metadata_string(args.spconf + ".py", None, args.valid, args.cert, args.keyfile,
args.id_sp, args.name_sp, args.sign)
#Log class. (see import logging)
self.logger = sp_logger
#Configurations for the SP handler. (pyOpSamlProxy.client.sp.conf)
self.sp_conf = importlib.import_module(args.spconf) #pyOpSamlProxy.client.sp.conf
#Name of the configuration file. See above.
self.sp_conf_name = self.sp_conf.WORKING_DIR + args.spconf
#SP configuration object. (See project pysaml2; saml2.client.Saml2Client)
self.sp = Saml2Client(config_file="%s" % self.sp_conf_name)
#Extra arguments for the pyOpSamlProxy.client.sp.util.SSO object.
self.args = {}
#URL to SAML discovery server.
self.args["discosrv"] = self.sp_conf.DISCOSRV
#URL to SAML WAYF server.
self.args["wayf"] = self.sp_conf.WAYF
#URL to op server authorization when the SP have been authenticated.
#TODO have to be changed when Saml to Saml is implemented.
self.authorization_url = "%s/authorization" % self.sp_conf.ISSUER
#Handles the SAML authentication for an op server.
self.authnmethod = SPAuthnMethodHandler(None, self.sp_conf.SPVERIFYBASE, self.authorization_url)
#Handles SAML authentication for an IdP server.
# Setup performed by pyOpSamlProxy.provider.idp.handler.handler.
self.sp_authentication = None
#Handles the user info response with Saml attributes.
self.userinfo = UserInfoSpHandler(self.sp_conf.OPENID2SAMLMAP, self)
#The handler for the op server. Must be set after creation
#This must be the instance of the class pyOpSamlProxy.provider.op.handler.OpHandler.
self.ophandler = None
#Contains the user cache for the SpHandler, like collected IdP attributes.
#Dictionary where userid is key and value is an instance of the class
#pyOpSamlProxy.client.sp.handler.SpHandlerCache
self.sphandlercache = self.sp_conf.CACHE
self.certificate_cache_name = "CERTIFICATE_CACHE"
self.certificate_cookie_name = sid()
self.certificate_cookie_seed = sid()
def __init__(self, args, template_lookup, sphandler, ISSUER):
idpconfig = importlib.import_module(args.idpconfig)
self.copy_sp_cert = idpconfig.COPYSPCERT
self.copy_sp_key = idpconfig.COPYSPKEY
self.passwd = idpconfig.PASSWD
self.cas_server = idpconfig.CAS_SERVER
self.yubikey_db = idpconfig.YUBIKEY_DB
self.yubikey_server = idpconfig.YUBIKEY_SERVER
self.service_url = ISSUER + "/" + self.IDP_VERIFY_URL
self.template_lookup = template_lookup
self.idp_server = self.setup_saml2_server(args.idpconfig, idpconfig, idpconfig.SYM_KEY)
self.authn_broker = self.setup_authn_broker(ISSUER, sphandler, idpconfig.AUTHORIZATION)
self.auth_cookie = None
self.non_authn_urls = [
(r'%s?(.*)$' % self.IDP_VERIFY_URL, self.do_verify),
(r'sso/ecp$', (SSO, "ecp")),
]
self.sphandler = sphandler
self.idp_metadata = create_metadata_string(args.idpconfig + ".py", self.idp_server.config, args.valid,
args.cert,
args.keyfile, args.id_idp, args.name_idp, args.sign)
def metadata(environ, start_response):
try:
path = _args.path
if path is None or len(path) == 0:
path = os.path.dirname(os.path.abspath(__file__))
if path[-1] != "/":
path += "/"
metadata = create_metadata_string(
path + "sp_conf.py",
None,
_args.valid,
_args.cert,
_args.keyfile,
_args.id,
_args.name,
_args.sign,
)
start_response("200 OK", [("Content-Type", "text/xml")])
return [metadata]
except Exception as ex:
logger.error("An error occured while creating metadata: %s", ex.message)
return not_found(environ, start_response)
def metadata(environ, start_response):
try:
path = _args.path
if path is None or len(path) == 0:
path = os.path.dirname(os.path.abspath(__file__))
if path[-1] != "/":
path += "/"
metadata = create_metadata_string(
path + "sp_conf.py",
None,
_args.valid,
_args.cert,
_args.keyfile,
_args.id,
_args.name,
_args.sign,
)
start_response("200 OK", [("Content-Type", "text/xml")])
return [metadata]
except Exception as ex:
logger.error("An error occured while creating metadata: %s", ex.message)
return not_found(environ, start_response)
def metadata(self):
metadata = create_metadata_string(
__file__,
self.server.config,
)
return Response(metadata, mimetype='text/xml')
def get_metadata(self, valid='4', cert=None, keyfile=None, mid=None, name=None, sign=None): """get the XML metadata of this service provider""" return create_metadata_string(self.configfile, None, valid='4', cert=None, keyfile=None, mid=None, name=None, sign=False)
import os
import saml2
from saml2.metadata import create_metadata_string
entity_id = 'https://sp-test.rackspace.com'
path = os.path.dirname(os.path.abspath(__file__))
metadata = create_metadata_string(path + "/sp_conf.py", None, 4,
path + "/pki/sp.crt", path + "/pki/sp.key",
entity_id, None, True)
print metadata
help="A file with a key to sign the metadata with")
parser.add_argument('-n', dest='name')
parser.add_argument('-s', dest='sign', action='store_true',
help="sign the metadata")
parser.add_argument('-sp', dest='sp_conf', default='sp_conf',
help="sp configuration file")
parser.add_argument(dest="config")
args = parser.parse_args()
global config
config = importlib.import_module(args.config)
sp_config = importlib.import_module(args.sp_conf)
global logger
logger = create_logger(config.LOG_FILE)
metadata = create_metadata_string("sp_conf.py", None, args.valid, args.cert, args.keyfile, args.id, args.name,
args.sign)
global sphandler
sphandler = SpHandler(logger, metadata, os.path.dirname(os.path.abspath( __file__ )), args.sp_conf+".py", sp_config)
global srv
srv = wsgiserver.CherryPyWSGIServer(('0.0.0.0', config.PORT), SessionMiddleware(application, config.SESSION_OPTS))
srv.stats['Enabled'] = True
if config.HTTPS:
srv.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(config.SERVER_CERT, config.SERVER_KEY, config.CERT_CHAIN)
srv.ssl_adapter.context = srv.ssl_adapter.get_context()
srv.ssl_adapter.context.set_options(SSL.OP_NO_SSLv3)
srv.ssl_adapter.context.set_cipher_list('EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA')
logger.info("Server starting")
def metadata(request):
xmldoc = create_metadata_string(None, config=sp_config())
return HttpResponse(xmldoc.decode("utf-8"), content_type='text/xml')
