diff options
author | Roland Hedberg <roland.hedberg@adm.umu.se> | 2015-12-11 09:24:21 +0100 |
---|---|---|
committer | Roland Hedberg <roland.hedberg@adm.umu.se> | 2015-12-11 09:24:21 +0100 |
commit | 82d3b4da6ebd19f556d2f4d377236a05bb64cd75 (patch) | |
tree | 27604fb51f336698c9351e6c3c688677bcf031db /example | |
parent | 883b89efb07acf6e28eb177f9f582aad1e33ba58 (diff) | |
parent | e6151b52c357879476a4afc973383f8a73becd2e (diff) | |
download | pysaml2-82d3b4da6ebd19f556d2f4d377236a05bb64cd75.tar.gz |
Merge branch 'master' of github.com:rohe/pysaml2
Diffstat (limited to 'example')
-rw-r--r-- | example/idp2/idp_user.py | 18 | ||||
-rw-r--r-- | example/sp-wsgi/service_conf.py.example (renamed from example/sp-wsgi/service_conf.py) | 0 | ||||
-rwxr-xr-x | example/sp-wsgi/sp.py | 135 |
3 files changed, 81 insertions, 72 deletions
diff --git a/example/idp2/idp_user.py b/example/idp2/idp_user.py index 71e9bf96..e16e7069 100644 --- a/example/idp2/idp_user.py +++ b/example/idp2/idp_user.py @@ -1,5 +1,5 @@ -#from dirg_util.dict import LDAPDict -#ldap_settings = { +# from dirg_util.dict import LDAPDict +# ldap_settings = { # "ldapuri": "ldaps://ldap.test.umu.se", # "base": "dc=umu, dc=se", # "filter_pattern": "(uid=%s)", @@ -30,9 +30,9 @@ # "exact_match": True, # "firstonly_len1": True, # "timeout": 15, -#} -#Uncomment to use a LDAP directory instead. -#USERS = LDAPDict(**ldap_settings) +# } +# Uncomment to use a LDAP directory instead. +# USERS = LDAPDict(**ldap_settings) USERS = { "testuser": { @@ -54,7 +54,9 @@ USERS = { "email": "test@example.com", "displayName": "Test Testsson", "labeledURL": "http://www.example.com/test My homepage", - "norEduPersonNIN": "SE199012315555" + "norEduPersonNIN": "SE199012315555", + "postaladdress": "postaladdress", + "cn": "cn" }, "roland": { "sn": "Hedberg", @@ -67,7 +69,7 @@ USERS = { "o": "Example Co.", "ou": "IT", "initials": "P", - #"schacHomeOrganization": "example.com", + # "schacHomeOrganization": "example.com", "mail": "roland@example.com", "displayName": "P. Roland Hedberg", "labeledURL": "http://www.example.com/rohe My homepage", @@ -91,4 +93,4 @@ EXTRA = { "schacGender": "male", "schacUserPresenceID": "skype:pepe.perez" } -}
\ No newline at end of file +} diff --git a/example/sp-wsgi/service_conf.py b/example/sp-wsgi/service_conf.py.example index b2461f2e..b2461f2e 100644 --- a/example/sp-wsgi/service_conf.py +++ b/example/sp-wsgi/service_conf.py.example diff --git a/example/sp-wsgi/sp.py b/example/sp-wsgi/sp.py index 1792ab70..7a75fce4 100755 --- a/example/sp-wsgi/sp.py +++ b/example/sp-wsgi/sp.py @@ -1,51 +1,47 @@ #!/usr/bin/env python from __future__ import print_function -import logging -import re + import argparse +import importlib +import logging import os -try: - from future.backports.http.cookies import SimpleCookie -except: - from Cookie import SimpleCookie -import six - -from saml2.extension.pefim import SPCertEnc -from saml2.metadata import create_metadata_string -import service_conf +import re +import sys +import six +from six.moves.http_cookies import SimpleCookie from six.moves.urllib.parse import parse_qs -import sys +import saml2.xmldsig as ds +from saml2 import BINDING_HTTP_ARTIFACT +from saml2 import BINDING_HTTP_POST from saml2 import BINDING_HTTP_REDIRECT, element_to_extension_element from saml2 import BINDING_SOAP -from saml2 import time_util from saml2 import ecp -from saml2 import BINDING_HTTP_ARTIFACT -from saml2 import BINDING_HTTP_POST +from saml2 import time_util from saml2.client import Saml2Client from saml2.ecp_client import PAOS_HEADER_INFO -from saml2.httputil import geturl, make_cookie, parse_cookie -from saml2.httputil import get_post -from saml2.httputil import Response +from saml2.extension.pefim import SPCertEnc from saml2.httputil import BadRequest -from saml2.httputil import ServiceError -from saml2.httputil import SeeOther -from saml2.httputil import Unauthorized from saml2.httputil import NotFound -from saml2.httputil import Redirect from saml2.httputil import NotImplemented +from saml2.httputil import Redirect +from saml2.httputil import Response +from saml2.httputil import SeeOther +from saml2.httputil import ServiceError +from saml2.httputil import Unauthorized +from saml2.httputil import get_post +from saml2.httputil import geturl, make_cookie, parse_cookie +from saml2.metadata import create_metadata_string from saml2.response import StatusError from saml2.response import VerificationError from saml2.s_utils import UnknownPrincipal -from saml2.s_utils import decode_base64_and_inflate from saml2.s_utils import UnsupportedBinding -from saml2.s_utils import sid +from saml2.s_utils import decode_base64_and_inflate from saml2.s_utils import rndstr -#from srtest import exception_trace +from saml2.s_utils import sid +from saml2.saml import NAMEID_FORMAT_PERSISTENT from saml2.samlp import Extensions -from saml2 import xmldsig as ds -import saml2.xmldsig as ds logger = logging.getLogger("") hdlr = logging.FileHandler('spx.log') @@ -56,7 +52,6 @@ hdlr.setFormatter(base_formatter) logger.addHandler(hdlr) logger.setLevel(logging.INFO) - SP = None SEED = "" POLICY = None @@ -141,7 +136,7 @@ class ECPResponse(object): def __init__(self, content): self.content = content - #noinspection PyUnusedLocal + # noinspection PyUnusedLocal def __call__(self, environ, start_response): start_response('%s %s' % (self.code, self.title), [('Content-Type', "text/xml")]) @@ -172,7 +167,6 @@ class Cache(object): def get_user(self, environ): cookie = environ.get("HTTP_COOKIE", '') - cookie = cookie.decode("UTF-8") logger.debug("Cookie: %s", cookie) if cookie: cookie_obj = SimpleCookie(cookie) @@ -354,7 +348,7 @@ class ACS(Service): :param response: The SAML response, transport encoded :param binding: Which binding the query came in over """ - #tmp_outstanding_queries = dict(self.outstanding_queries) + # tmp_outstanding_queries = dict(self.outstanding_queries) if not response: logger.info("Missing Response") resp = Unauthorized('Unknown user') @@ -408,6 +402,7 @@ class ACS(Service): return res + # ----------------------------------------------------------------------------- # REQUESTERS # ----------------------------------------------------------------------------- @@ -557,7 +552,7 @@ class SSO(object): "single_sign_on_service", self.bindings, "idpsso", entity_id=entity_id) logger.debug("binding: %s, destination: %s", _binding, - destination) + destination) # Binding here is the response binding that is which binding the # IDP should use to return the response. acs = _cli.config.getattr("endpoints", "sp")[ @@ -568,19 +563,20 @@ class SSO(object): extensions = None cert = None if _cli.config.generate_cert_func is not None: - cert_str, req_key_str = _cli.config.generate_cert_func() - cert = { - "cert": cert_str, - "key": req_key_str - } - spcertenc = SPCertEnc(x509_data=ds.X509Data( - x509_certificate=ds.X509Certificate(text=cert_str))) - extensions = Extensions(extension_elements=[ - element_to_extension_element(spcertenc)]) + cert_str, req_key_str = _cli.config.generate_cert_func() + cert = { + "cert": cert_str, + "key": req_key_str + } + spcertenc = SPCertEnc(x509_data=ds.X509Data( + x509_certificate=ds.X509Certificate(text=cert_str))) + extensions = Extensions(extension_elements=[ + element_to_extension_element(spcertenc)]) req_id, req = _cli.create_authn_request(destination, binding=return_binding, - extensions=extensions) + extensions=extensions, + nameid_format=NAMEID_FORMAT_PERSISTENT) _rstate = rndstr() self.cache.relay_state[_rstate] = came_from ht_args = _cli.apply_binding(_binding, "%s" % req, destination, @@ -639,7 +635,7 @@ class SLO(Service): try: txt = decode_base64_and_inflate(message) is_logout_request = 'LogoutRequest' in txt.split('>', 1)[0] - except: # TODO: parse the XML correctly + except: # TODO: parse the XML correctly is_logout_request = False if is_logout_request: @@ -649,10 +645,11 @@ class SLO(Service): return finish_logout(self.environ, self.start_response) + # ---------------------------------------------------------------------------- -#noinspection PyUnusedLocal +# noinspection PyUnusedLocal def not_found(environ, start_response): """Called if no URL matches.""" resp = NotFound('Not Found') @@ -662,7 +659,7 @@ def not_found(environ, start_response): # ---------------------------------------------------------------------------- -#noinspection PyUnusedLocal +# noinspection PyUnusedLocal def main(environ, start_response, sp): user = CACHE.get_user(environ) @@ -690,10 +687,11 @@ def disco(environ, start_response, _sp): resp.headers.append(kaka) return resp(environ, start_response) + # ---------------------------------------------------------------------------- -#noinspection PyUnusedLocal +# noinspection PyUnusedLocal def logout(environ, start_response, sp): user = CACHE.get_user(environ) @@ -740,10 +738,11 @@ def finish_logout(environ, start_response): cookie = CACHE.delete_cookie(environ) resp = Response('You are now logged out of this service', headers=[ - cookie, + cookie, ]) return resp(environ, start_response) + # ---------------------------------------------------------------------------- # map urls to functions @@ -771,16 +770,17 @@ def add_urls(): urls.append(("%s/redirect$" % base, (SLO, "redirect", SP))) urls.append(("%s/redirect/(.*)$" % base, (SLO, "redirect", SP))) + # ---------------------------------------------------------------------------- def metadata(environ, start_response): try: path = _args.path if path is None or len(path) == 0: - path = os.path.dirname(os.path.abspath( __file__ )) + path = os.path.dirname(os.path.abspath(__file__)) if path[-1] != "/": path += "/" - metadata = create_metadata_string(path+"sp_conf.py", None, + metadata = create_metadata_string(path + "sp_conf.py", None, _args.valid, _args.cert, _args.keyfile, _args.id, _args.name, _args.sign) start_response('200 OK', [('Content-Type', "text/xml")]) @@ -789,6 +789,7 @@ def metadata(environ, start_response): logger.error("An error occured while creating metadata: %s", ex.message) return not_found(environ, start_response) + def application(environ, start_response): """ The main WSGI application. Dispatch the current request to @@ -827,27 +828,15 @@ def application(environ, start_response): resp = BadRequest("%s" % err) return resp(environ, start_response) except Exception as err: - #_err = exception_trace("RUN", err) - #logging.error(exception_trace("RUN", _err)) + # _err = exception_trace("RUN", err) + # logging.error(exception_trace("RUN", _err)) print(err, file=sys.stderr) resp = ServiceError("%s" % err) return resp(environ, start_response) -# ---------------------------------------------------------------------------- - -HOST = service_conf.HOST -PORT = service_conf.PORT -# ------- HTTPS ------- -# These should point to relevant files -SERVER_CERT = service_conf.SERVER_CERT -SERVER_KEY = service_conf.SERVER_KEY -# This is of course the certificate chain for the CA that signed -# your cert and all the way up to the top -CERT_CHAIN = service_conf.CERT_CHAIN if __name__ == '__main__': from cherrypy import wsgiserver - from cherrypy.wsgiserver import ssl_pyopenssl _parser = argparse.ArgumentParser() _parser.add_argument('-d', dest='debug', action='store_true', @@ -870,7 +859,8 @@ if __name__ == '__main__': _parser.add_argument('-n', dest='name') _parser.add_argument('-S', dest='sign', action='store_true', help="sign the metadata") - + _parser.add_argument('-C', dest='service_conf_module', + help="service config module") ARGS = {} _args = _parser.parse_args() @@ -886,6 +876,21 @@ if __name__ == '__main__': else: SEED = "SnabbtInspel" + if _args.service_conf_module: + service_conf = importlib.import_module(_args.service_conf_module) + else: + import service_conf + + HOST = service_conf.HOST + PORT = service_conf.PORT + # ------- HTTPS ------- + # These should point to relevant files + SERVER_CERT = service_conf.SERVER_CERT + SERVER_KEY = service_conf.SERVER_KEY + # This is of course the certificate chain for the CA that signed + # your cert and all the way up to the top + CERT_CHAIN = service_conf.CERT_CHAIN + SP = Saml2Client(config_file="%s" % CNFBASE) POLICY = service_conf.POLICY @@ -907,6 +912,8 @@ if __name__ == '__main__': _https = "" if service_conf.HTTPS: + from cherrypy.wsgiserver import ssl_pyopenssl + SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(SERVER_CERT, SERVER_KEY, CERT_CHAIN) _https = " using SSL/TLS" |