diff options
author | Steve Martinelli <stevemar@ca.ibm.com> | 2015-02-25 02:11:47 -0500 |
---|---|---|
committer | Steve Martinelli <stevemar@ca.ibm.com> | 2015-03-31 12:43:16 -0400 |
commit | a2fc6cf4f4cd718e8ca01d2b692193b69fc724ad (patch) | |
tree | 6fb7da7ce8312ef803fdd25e9fc5c5dde736b4f6 /keystoneclient/v3 | |
parent | f845d09b5a028a643ba8fccf984a5365aa4b3d4b (diff) | |
download | python-keystoneclient-a2fc6cf4f4cd718e8ca01d2b692193b69fc724ad.tar.gz |
Add support to create SAML assertion based on a token
A user should be able to exchange their token for a SAML assertion
that is valid on a service provider (the user should must provide
this data).
implements bp generate-saml-assertions
Change-Id: I5cb635929c7f6823ab1e4b1db5e48045be9e0737
Diffstat (limited to 'keystoneclient/v3')
-rw-r--r-- | keystoneclient/v3/contrib/federation/core.py | 2 | ||||
-rw-r--r-- | keystoneclient/v3/contrib/federation/saml.py | 56 |
2 files changed, 58 insertions, 0 deletions
diff --git a/keystoneclient/v3/contrib/federation/core.py b/keystoneclient/v3/contrib/federation/core.py index b807460..2e12cf6 100644 --- a/keystoneclient/v3/contrib/federation/core.py +++ b/keystoneclient/v3/contrib/federation/core.py @@ -15,6 +15,7 @@ from keystoneclient.v3.contrib.federation import identity_providers from keystoneclient.v3.contrib.federation import mappings from keystoneclient.v3.contrib.federation import projects from keystoneclient.v3.contrib.federation import protocols +from keystoneclient.v3.contrib.federation import saml from keystoneclient.v3.contrib.federation import service_providers @@ -26,4 +27,5 @@ class FederationManager(object): self.protocols = protocols.ProtocolManager(api) self.projects = projects.ProjectManager(api) self.domains = domains.DomainManager(api) + self.saml = saml.SamlManager(api) self.service_providers = service_providers.ServiceProviderManager(api) diff --git a/keystoneclient/v3/contrib/federation/saml.py b/keystoneclient/v3/contrib/federation/saml.py new file mode 100644 index 0000000..c3cd286 --- /dev/null +++ b/keystoneclient/v3/contrib/federation/saml.py @@ -0,0 +1,56 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from keystoneclient import base + + +SAML2_ENDPOINT = '/auth/OS-FEDERATION/saml2' + + +class SamlManager(base.Manager): + """Manager class for creating SAML assertions.""" + + def create_saml_assertion(self, service_provider, token_id): + """Create a SAML assertion from a token. + + Equivalent Identity API call: + POST /auth/OS-FEDERATION/saml2 + + :param service_provider: Service Provider resource. + :type service_provider: string + :param token_id: Token to transform to SAML assertion. + :type token_id: string + + :returns: SAML representation of token_id + :rtype: string + """ + + body = { + 'auth': { + 'identity': { + 'methods': ['token'], + 'token': { + 'id': token_id + } + }, + 'scope': { + 'service_provider': { + 'id': base.getid(service_provider) + } + } + } + } + + headers = {'Content-Type': 'application/json'} + resp, body = self.client.post(SAML2_ENDPOINT, json=body, + headers=headers) + return resp.text |