diff options
-rwxr-xr-x | example/idp2/idp.py | 4 | ||||
-rw-r--r-- | example/idp2/idp_user.py | 43 | ||||
-rw-r--r-- | src/saml2/server.py | 3 |
3 files changed, 45 insertions, 5 deletions
diff --git a/example/idp2/idp.py b/example/idp2/idp.py index 39edf3f7..56701041 100755 --- a/example/idp2/idp.py +++ b/example/idp2/idp.py @@ -484,7 +484,9 @@ def do_authentication(environ, start_response, authn_context, key, # ----------------------------------------------------------------------------- -PASSWD = {"haho0032": "qwerty", +PASSWD = { + "daev0001": "qwerty", + "haho0032": "qwerty", "roland": "dianakra", "babs": "howes", "upper": "crust"} diff --git a/example/idp2/idp_user.py b/example/idp2/idp_user.py index aa60c7da..ee64624c 100644 --- a/example/idp2/idp_user.py +++ b/example/idp2/idp_user.py @@ -1,8 +1,45 @@ -USERS = { +#from dirg_util.dict import LDAPDict +#ldap_settings = { +# "ldapuri": "ldaps://ldap.test.umu.se", +# "base": "dc=umu, dc=se", +# "filter_pattern": "(uid=%s)", +# "user": "", +# "passwd": "", +# "attr": [ +# "eduPersonScopedAffiliation", +# "eduPersonAffiliation", +# "eduPersonPrincipalName", +# "givenName", +# "sn", +# "mail", +# "uid", +# "o", +# "c", +# "labeledURI", +# "ou", +# "displayName", +# "norEduPersonLIN" +# ], +# "keymap": { +# "mail": "email", +# "labeledURI": "labeledURL", +# }, +# "static_values": { +# "eduPersonTargetedID": "one!for!all", +# }, +# "exact_match": True, +# "firstonly_len1": True, +# "timeout": 15, +#} +#Uncomment to use a LDAP directory instead. +#USERS = LDAPDict(**ldap_settings) + +USERS_ = { "haho0032": { "sn": "Hoerberg", - "givenName": "Hans", - "eduPersonScopedAffiliation": "staff@example.com", + "givenName": "Hasse", + "eduPersonAffiliation": "student", + "eduPersonScopedAffiliation": "student@example.com", "eduPersonPrincipalName": "haho@example.com", "uid": "haho", "eduPersonTargetedID": "one!for!all", diff --git a/src/saml2/server.py b/src/saml2/server.py index b9f20ed0..fa789d27 100644 --- a/src/saml2/server.py +++ b/src/saml2/server.py @@ -479,7 +479,8 @@ class Server(Entity): if not verify_encrypt_cert(encrypt_cert): raise CertificateError("Invalid certificate for encryption!") else: - raise CertificateError("No certificate for encryption!") + raise CertificateError("No SPCertEncType certificate for encryption contained in authentication " + "request.") else: encrypt_assertion = False |