diff options
| author | Roland Hedberg <roland.hedberg@adm.umu.se> | 2013-05-05 21:02:30 +0200 |
|---|---|---|
| committer | Roland Hedberg <roland.hedberg@adm.umu.se> | 2013-05-05 21:02:30 +0200 |
| commit | 4951a6089c9095a561d144994f530dae544cfed3 (patch) | |
| tree | 32223f5fa346ebf81ca54cdd6cd83f6d6432904d | |
| parent | c96237ce9f4ac51451c6cebdab9a9aa524bd607a (diff) | |
| download | pysaml2-4951a6089c9095a561d144994f530dae544cfed3.tar.gz | |
Added support for entity categories - some fixes.
| -rw-r--r-- | example/idp2/idp_user.py | 37 | ||||
| -rw-r--r-- | src/saml2/assertion.py | 18 | ||||
| -rw-r--r-- | src/saml2/config.py | 7 | ||||
| -rw-r--r-- | src/saml2/entity_category/swamid.py | 5 | ||||
| -rw-r--r-- | src/saml2/server.py | 7 | ||||
| -rw-r--r-- | tests/idp_conf.py | 43 | ||||
| -rw-r--r-- | tests/test_37_entity_categories.py | 17 |
7 files changed, 83 insertions, 51 deletions
diff --git a/example/idp2/idp_user.py b/example/idp2/idp_user.py index bd8c5acc..afb554be 100644 --- a/example/idp2/idp_user.py +++ b/example/idp2/idp_user.py @@ -2,24 +2,35 @@ USERS = { "roland": { "surname": "Hedberg", "givenName": "Roland", - "eduPersonAffiliation": "staff", - "uid": "rohe0002" + "eduPersonScopedAffiliation": "staff@example.com", + "eduPersonPrincipalName": "rohe@example.com", + "uid": "rohe", + "eduPersonTargetedID": "one!for!all", + "c": "SE", + "o": "Example Co.", + "ou": "IT", + "initials": "P", + "schacHomeOrganization": "example.com", + "email": "roland@example.com", + "displayName": "P. Roland Hedberg", + "labeledURL": "http://www.example.com/rohe My homepage", + "norEduPersonNIN": "SE197001012222" + }, + "babs": { + "surname": "Babs", + "givenName": "Ozzie", + "eduPersonAffiliation": "affiliate" + }, + "upper": { + "surname": "Jeter", + "givenName": "Derek", + "eduPersonAffiliation": "affiliate" }, - "babs": { - "surname": "Babs", - "givenName": "Ozzie", - "eduPersonAffiliation": "affiliate" - }, - "upper": { - "surname": "Jeter", - "givenName": "Derek", - "eduPersonAffiliation": "affiliate" - }, } EXTRA = { "roland": { - "eduPersonEntitlement" : "urn:mace:swamid.se:foo:bar", + "eduPersonEntitlement": "urn:mace:swamid.se:foo:bar", "schacGender": "male", "schacUserPresenceID": "skype:pepe.perez" } diff --git a/src/saml2/assertion.py b/src/saml2/assertion.py index dcfae4c2..4cd85c97 100644 --- a/src/saml2/assertion.py +++ b/src/saml2/assertion.py @@ -22,7 +22,6 @@ from saml2.saml import NAME_FORMAT_URI import xmlenc from saml2 import saml -from saml2 import entity_category from saml2.time_util import instant, in_a_while from saml2.attribute_converter import from_local @@ -285,17 +284,14 @@ class Policy(object): self._restrictions = restrictions.copy() - for _, spec in self._restrictions.items(): - if spec is None: - continue - + for who, spec in self._restrictions.items(): try: - _entcat = spec["entity_categories"] + items = spec["entity_categories"] except KeyError: pass else: ecs = [] - for cat in _entcat: + for cat in items: _mod = importlib.import_module( "saml2.entity_category.%s" % cat) ecs.append(_mod.RELEASE) @@ -305,18 +301,18 @@ class Policy(object): restr = spec["attribute_restrictions"] except KeyError: continue - + if restr is None: continue - + for key, values in restr.items(): if not values: spec["attribute_restrictions"][key] = None continue - + spec["attribute_restrictions"][key] = \ [re.compile(value) for value in values] - + return self._restrictions def get_nameid_format(self, sp_entity_id): diff --git a/src/saml2/config.py b/src/saml2/config.py index fb0f440d..9d35a0ac 100644 --- a/src/saml2/config.py +++ b/src/saml2/config.py @@ -224,6 +224,13 @@ class Config(object): except KeyError: pass + # for srv, spec in cnf["service"].items(): + # try: + # self.setattr(srv, "policy", + # Policy(cnf["service"][srv]["policy"])) + # except KeyError: + # pass + try: try: acs = ac_factory(cnf["attribute_map_dir"]) diff --git a/src/saml2/entity_category/swamid.py b/src/saml2/entity_category/swamid.py index 899086f7..96832024 100644 --- a/src/saml2/entity_category/swamid.py +++ b/src/saml2/entity_category/swamid.py @@ -5,9 +5,11 @@ NAME = ["givenName", "surname", "initials", "displayName"] STATIC_ORG_INFO = ["c", "o", "ou"] OTHER = ["eduPersonPrincipalName", "eduPersonScopedAffiliation", "email"] +# These give you access to information RESEARCH_AND_EDUCATION = "http://www.swamid.se/category/research-and-education" SFS_1993_1153 = "http://www.swamid.se/category/sfs-1993-1153" +# presently these don't EU = "http://www.swamid.se/category/eu-adequate-protection" NREN = "http://www.swamid.se/category/nren-service" HEI = "http://www.swamid.se/category/hei-service" @@ -16,5 +18,4 @@ RELEASE = { "": ["eduPersonTargetedID"], SFS_1993_1153: ["norEduPersonNIN"], RESEARCH_AND_EDUCATION: NAME + STATIC_ORG_INFO + OTHER, -} - +}
\ No newline at end of file diff --git a/src/saml2/server.py b/src/saml2/server.py index 77f17a9a..f28f0be2 100644 --- a/src/saml2/server.py +++ b/src/saml2/server.py @@ -328,10 +328,12 @@ class Server(Entity): :param kwargs: To catch extra keyword arguments :return: A response instance """ + + policy = self.config.getattr("policy", "aa") + if not name_id and userid: try: - name_id = self.ident.construct_nameid(userid, - self.config.policy, + name_id = self.ident.construct_nameid(userid, policy, sp_entity_id) logger.warning("Unspecified NameID format") except Exception: @@ -342,7 +344,6 @@ class Server(Entity): if identity: _issuer = self._issuer(issuer) ast = Assertion(identity) - policy = self.config.getattr("policy", "aa") if policy: ast.apply_policy(sp_entity_id, policy, self.metadata) else: diff --git a/tests/idp_conf.py b/tests/idp_conf.py index a0e3a867..a60d6e95 100644 --- a/tests/idp_conf.py +++ b/tests/idp_conf.py @@ -7,21 +7,21 @@ from pathutils import full_path, xmlsec_path BASE = "http://localhost:8088" CONFIG = { - "entityid" : "urn:mace:example.com:saml:roland:idp", - "name" : "Rolands IdP", + "entityid": "urn:mace:example.com:saml:roland:idp", + "name": "Rolands IdP", "service": { "idp": { - "endpoints" : { - "single_sign_on_service" : [ - ("%s/sso" % BASE, BINDING_HTTP_REDIRECT)], + "endpoints": { + "single_sign_on_service": [ + ("%s/sso" % BASE, BINDING_HTTP_REDIRECT)], "single_logout_service": [ - ("%s/slo" % BASE, BINDING_SOAP), - ("%s/slop" % BASE,BINDING_HTTP_POST)] + ("%s/slo" % BASE, BINDING_SOAP), + ("%s/slop" % BASE, BINDING_HTTP_POST)] }, "policy": { "default": { - "lifetime": {"minutes":15}, - "attribute_restrictions": None, # means all I have + "lifetime": {"minutes": 15}, + "attribute_restrictions": None, # means all I have "name_form": NAME_FORMAT_URI, }, "urn:mace:example.com:saml:roland:sp": { @@ -38,25 +38,26 @@ CONFIG = { #"name_qualifier": "" }, }, - "debug" : 1, - "key_file" : full_path("test.key"), - "cert_file" : full_path("test.pem"), - "xmlsec_binary" : xmlsec_path, + "debug": 1, + "key_file": full_path("test.key"), + "cert_file": full_path("test.pem"), + "xmlsec_binary": xmlsec_path, "metadata": { "local": [full_path("metadata_sp_1.xml"), full_path("vo_metadata.xml")], }, - "attribute_map_dir" : full_path("attributemaps"), + "attribute_map_dir": full_path("attributemaps"), "organization": { "name": "Exempel AB", - "display_name": [("Exempel AB","se"),("Example Co.","en")], - "url":"http://www.example.com/roland", + "display_name": [("Exempel AB", "se"), ("Example Co.", "en")], + "url": "http://www.example.com/roland", }, - "contact_person": [{ - "given_name":"John", - "sur_name": "Smith", - "email_address": ["john.smith@example.com"], - "contact_type": "technical", + "contact_person": [ + { + "given_name": "John", + "sur_name": "Smith", + "email_address": ["john.smith@example.com"], + "contact_type": "technical", }, ], } diff --git a/tests/test_37_entity_categories.py b/tests/test_37_entity_categories.py index 739725eb..09c03249 100644 --- a/tests/test_37_entity_categories.py +++ b/tests/test_37_entity_categories.py @@ -10,6 +10,7 @@ from saml2.extension import mdattr from saml2.extension import ui from pathutils import full_path from saml2.mdstore import MetadataStore +from saml2.server import Server import xmldsig import xmlenc @@ -101,5 +102,19 @@ def test_filter_ava3(): assert _eq(ava.keys(), ['eduPersonTargetedID', "norEduPersonNIN"]) +def test_idp_policy_filter(): + idp = Server("idp_conf_ec") + + ava = {"givenName": ["Derek"], "surname": ["Jeter"], + "email": ["derek@nyy.mlb.com"], "c": ["USA"], + "eduPersonTargetedID": "foo!bar!xyz", + "norEduPersonNIN": "19800101134"} + + policy = idp.config.getattr("policy", "idp") + policy.filter(ava, "urn:mace:example.com:saml:roland:sp", idp.metadata) + + print ava + assert ava.keys() == ["eduPersonTargetedID"] # because no entity category + if __name__ == "__main__": - test_filter_ava2()
\ No newline at end of file + test_idp_policy_filter()
\ No newline at end of file |