| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Fix ipv6 validation for addresses that include the brackets,
such as [2001:8003:5555:9999:555a:5555:c77:d5c5]. See
https://tools.ietf.org/html/rfc4038#section-5.1 regarding the inclusion
of brackets in the address. The Shibboleth IdP sends ipv6 addresses
that include the brackets.
|
|\
| |
| | |
Remove python2 support
|
|/
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
|
|
|
|
| |
- Do not raise KeyError if entity-id is wrong
- Keep only the generator form; as more perfomant and generic
- Generalize internal searchers
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
|
|
| |
umbrellaID is the federated identity system for the users of the
(European) large neutron and photon facilities.
This commit adds the mapping for the EAAHash and EEAKey,
which are used for identifying users in the umbrellaID AAI.
|
|
|
|
|
|
|
| |
The return values are list of text values. By default return, all possible values. Users
need to specify their own preference and choose whether they need one or more values.
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|\
| |
| | |
Add Documentation for name_id_format_allow_create and metadata folder
|
| | |
|
|\ \
| | |
| | | |
Better pick binding by index
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Added a file for holding tests around authentication requests
and added a first test to test that the IdP code can pick the
correct location from SAML metadata using the
AssertionConsumerServiceIndex from an authentication request.
|
| | |
| | |
| | |
| | |
| | | |
Added a second HTTP-POST binding to the SAML metadata for test SP
so that it can be used for various tests.
|
| | |
| | |
| | |
| | |
| | | |
Formatted some of the SP SAML metadata used for tests so that
it can be read by a human.
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix logic in the pick_binding method for the class Entity that prevented
the method from properly returning binding and location tuples for
authentication requests with AssertionConsumerServiceIndex instead
of AssertionConsumerServiceURL. The logic error was assuming that
a getattr() call on a request without an AssertionConsumerServiceURL
would throw an AttributeError. It does not and instead returns None, so
the resulting path through the code would cause the "first" binding
and location tuple found in the SAML metadata to be returned instead
of the tuple corresponding to the AssertionConsumerServiceIndex.
|
|\ \
| | |
| | | |
Various typo fixes
|
|/ / |
|
|\ \
| | |
| | | |
Fix PKCS_9 url:oid prefix in attributemaps
|
| | |
| | |
| | |
| | | |
According to https://tools.ietf.org/html/rfc2985 the urn for emailAddress has to be `1.2.840.113549.1.9.1`.
In saml_uri.py this is not implemented correctly. The current version uses `PKCS_9+'1'` which equals to `1.2.840.113549.1.9.1.1`. This can be fixed by deleting the trailing '1.' from line 8. This should not cause any side-effects, because the variable `PKCS_9` in combination with `+'1'`.
|
| | |
| | |
| | |
| | |
| | |
| | | |
Fixes #609
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|\ \ \
| | | |
| | | | |
Fix simple typo: allowes -> allows
|
| |/ / |
|
|\ \ \
| |/ /
|/| | |
Fix simple typo: activites -> activities
|
|/ / |
|
|\ \
| | |
| | | |
Fix IdP example list
|
|/ / |
|
|/
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Following d257d3054f36b4f3dfaba8b7394a2e8bab0aaf2e the ForceAuthn attribute is
an xsd:boolean value which can be any of "false", "true", "0" or "1". We must
set force_authn when the value is "true" or "1".
We set the value into kwargs, which is then mirrored onto _args, which is
merged with args, which is finally given to the saml2.samlp.AuthnRequest class
to construct the object.
Previously, we set the value into args directly, which would be overwritten by
the call to _filter_args.
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|
|
|
|
|
| |
No need to generate an exception and stack trace.
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|\
| |
| | |
Allow NameQualifier and SPNameQualifier attributes to be set for ePTID
|
| |
| |
| |
| |
| |
| |
| | |
Use "text" instead of "value" as the key that denotes the text-value of the
NameID node.
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The attribute value for eduPersonTargetedID (ePTID) is a NameID
element. The SAML specification allows the NameID element to include
the two optional attributes 'NameQualifier' and 'SPNameQualifier'. This
patch enables specifying a dictionary as the internal or local attribute
value instead of a string. When the local attribute value is a
dictionary with keys 'value', 'NameQualifier', and 'SPNameQualifier'
then the resulting XML NameID element will include the 'NameQualifier'
and 'SPNameQualifier' attributes with values taken from the values
of the dictionary. The value for the NameID element is taken from the
value associated with tthe 'value' key.
|
|\ \
| | |
| | | |
Add py37 as a test target
|
| | |
| | |
| | |
| | | |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|/ /
| |
| |
| | |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|/
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
|\
| |
| | |
Fix parsing of assertions with Holder-of-Key profile
|