diff options
| author | Leif Johansson <leifj@sunet.se> | 2012-04-05 13:03:02 +0200 |
|---|---|---|
| committer | Leif Johansson <leifj@sunet.se> | 2012-04-05 13:03:02 +0200 |
| commit | 675b5f5e111061e4bdad37d8724d77cd25a02575 (patch) | |
| tree | 85df3d2404ef23ec3591362fd0f8bff8194b8ef8 | |
| parent | 22bd40bdb993f7174a18b1b6326578b443885d1a (diff) | |
djangosaml2
| -rw-r--r-- | asgard/settings.d/20-saml.conf | 70 | ||||
| -rw-r--r-- | coip/apps/saml2/urls.py | 3 | ||||
| -rw-r--r-- | coip/apps/saml2/views.py | 7 | ||||
| -rw-r--r-- | coip/utils.py | 11 |
4 files changed, 82 insertions, 9 deletions
diff --git a/asgard/settings.d/20-saml.conf b/asgard/settings.d/20-saml.conf index 302ca5a..6dceaf8 100644 --- a/asgard/settings.d/20-saml.conf +++ b/asgard/settings.d/20-saml.conf @@ -1,5 +1,71 @@ +from django.conf import settings +from coip.utils import get_full_request + METADATA = 'http://md.swamid.se/md/swamid-1.0.xml' AUTH_PROFILE_MODULE = 'userprofile.UserProfile' -SAML_KEY = "/etc/ssl/private/ssl-cert-snakeoil.key" -SAML_CERT = "/etc/ssl/certs/ssl-cert-snakeoil.pem"
\ No newline at end of file +#SAML_KEY = "/etc/ssl/private/ssl-cert-snakeoil.key" +#SAML_CERT = "/etc/ssl/certs/ssl-cert-snakeoil.pem" + +LOGIN_URL = '/saml2/login/' +SESSION_EXPIRE_AT_BROWSER_CLOSE = True + +def asgard_sp_config(request): + return { + # your entity id, usually your subdomain plus the url to the metadata view + 'entityid': 'https://coip.app.nordu.net/saml2/metadata', + # directory with attribute mapping + "attribute_map_dir" : "%s/saml2/attributemaps" % settings.BASE_DIR, + # this block states what services we provide + 'service': { + # we are just a lonely SP + 'sp' : { + 'name': 'COIP', + 'endpoints': { + # url and binding to the assertion consumer service view + # do not change the binding osettingsr service name + 'assertion_consumer_service': [ + ('https://coip.app.nordu.net/saml2/acs/', + saml2.BINDING_HTTP_POST), + ], + # url and binding to the single logout service view + # do not change the binding or service name + 'single_logout_service': [ + ('https://coip.app.nordu.net/saml2/ls/', + saml2.BINDING_HTTP_REDIRECT), + ], + }, + # attributes that this project need to identify a user + 'required_attributes': ['eduPersonPrincipalName','displayName'], + # attributes that may be useful to have but not required + 'optional_attributes': ['eduPersonAffiliation'], + } + }, + + # where the remote metadata is stored + 'metadata': { 'local': ['/tmp/swamid-idp.xml'] }, + + # set to 1 to output debugging information + 'debug': 1, + + # certificate + "key_file" : "%s/%s.key" % (settings.SSL_KEY_DIR,host), + "cert_file" : "%s/%s.crt" % (settings.SSL_CRT_DIR,host), + # own metadata settings + 'contact_person': [ + {'given_name': 'Leif', + 'sur_name': 'Johansson', + 'company': 'NORDUnet', + 'email_address': 'leifj@nordu.net', + 'contact_type': 'technical'}, + ], + # you can set multilanguage information here + 'organization': { + 'name': [('NORDUNet', 'en')], + 'display_name': [('NORDUnet A/S', 'en')], + 'url': [('http://www.nordu.net', 'en')], + }, + 'valid_for': 24, # how long is our metadata valid +} + +SAML_CONFIG_GENERATOR = asgard_sp_config
\ No newline at end of file diff --git a/coip/apps/saml2/urls.py b/coip/apps/saml2/urls.py index 1654c66..3965a6d 100644 --- a/coip/apps/saml2/urls.py +++ b/coip/apps/saml2/urls.py @@ -7,5 +7,6 @@ from django.conf.urls.defaults import patterns, url, include urlpatterns = patterns('coip.apps.saml2.views', url(r'^aq$',view='aq'), - url(r'^metadata$',view='metadata') + url(r'^metadata$',view='metadata'), + url(r'^.+',include('djangosaml2.urls')) )
\ No newline at end of file diff --git a/coip/apps/saml2/views.py b/coip/apps/saml2/views.py index f109094..1055644 100644 --- a/coip/apps/saml2/views.py +++ b/coip/apps/saml2/views.py @@ -15,12 +15,7 @@ from saml2.saml import NAME_FORMAT_URI from django.conf import settings from django.views.decorators.csrf import csrf_exempt from saml2.request import AttributeQuery - -def get_full_path(request,path=None): - if path == None: - path = request.path - full_path = ('http', ('', 's')[request.is_secure()], '://', request.META['HTTP_HOST'], path) - return ''.join(full_path) +from coip.utils import get_full_path def _config(request): host = request.get_host().replace(":","-") diff --git a/coip/utils.py b/coip/utils.py new file mode 100644 index 0000000..f340721 --- /dev/null +++ b/coip/utils.py @@ -0,0 +1,11 @@ +''' +Created on Apr 5, 2012 + +@author: leifj +''' + +def get_full_path(request,path=None): + if path == None: + path = request.path + full_path = ('http', ('', 's')[request.is_secure()], '://', request.META['HTTP_HOST'], path) + return ''.join(full_path)
\ No newline at end of file |