diff options
| author | Leif Johansson <leifj@sunet.se> | 2012-04-02 15:30:37 +0200 |
|---|---|---|
| committer | Leif Johansson <leifj@sunet.se> | 2012-04-02 15:30:37 +0200 |
| commit | f939426fc32edb41be77c28d94c020a8fbc6c1bd (patch) | |
| tree | 7bbe63080376cc24044c47b76595baa2621ff7fd /coip | |
| parent | dac8ce9528f7c1077f29c4fc7feb369f8aa459e9 (diff) | |
basic AA using pysaml2
Diffstat (limited to 'coip')
| -rw-r--r-- | coip/apps/saml2/__init__.py | 0 | ||||
| -rw-r--r-- | coip/apps/saml2/conf.py | 42 | ||||
| -rw-r--r-- | coip/apps/saml2/urls.py | 11 | ||||
| -rw-r--r-- | coip/apps/saml2/views.py | 61 | ||||
| -rw-r--r-- | coip/settings.py | 6 | ||||
| -rw-r--r-- | coip/urls.py | 3 |
6 files changed, 121 insertions, 2 deletions
diff --git a/coip/apps/saml2/__init__.py b/coip/apps/saml2/__init__.py new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/coip/apps/saml2/__init__.py diff --git a/coip/apps/saml2/conf.py b/coip/apps/saml2/conf.py new file mode 100644 index 0000000..4dc70d9 --- /dev/null +++ b/coip/apps/saml2/conf.py @@ -0,0 +1,42 @@ +''' +Created on Apr 2, 2012 + +@author: leifj +''' + +from saml2 import BINDING_SOAP +from saml2.saml import NAME_FORMAT_URI +from coip.settings import PREFIX_URL, SAML_CERT, SAML_KEY, BASE_DIR, METADATA + +CONFIG={ + "entityid" : "%s/saml2/entity" % PREFIX_URL, + "description": "COIP", + "service": { + "aa": { + "name" : "COIP", + "endpoints" : { + "attribute_service" : [("%s/aq" % PREFIX_URL, BINDING_SOAP)], + }, + "policy": { + "default": { + "lifetime": {"minutes":15}, + "attribute_restrictions": None, # means all I have + "name_form": NAME_FORMAT_URI + }, + }, + "subject_data": ("dict", {}), + } + }, + "debug" : 1, + "key_file" : SAML_KEY, + "cert_file" : SAML_CERT, + "attribute_map_dir" : "%s/saml2/attributemaps" % BASE_DIR, + "metadata" : { + "local": ["%s/saml2/metadata/sp.xml" % BASE_DIR], + }, + "organization": { + "display_name": "COIP", + "name": "COIP", + "url": PREFIX_URL, + }, +}
\ No newline at end of file diff --git a/coip/apps/saml2/urls.py b/coip/apps/saml2/urls.py new file mode 100644 index 0000000..1654c66 --- /dev/null +++ b/coip/apps/saml2/urls.py @@ -0,0 +1,11 @@ +''' +Created on Nov 7, 2011 + +@author: leifj +''' +from django.conf.urls.defaults import patterns, url, include + +urlpatterns = patterns('coip.apps.saml2.views', + url(r'^aq$',view='aq'), + url(r'^metadata$',view='metadata') +)
\ No newline at end of file diff --git a/coip/apps/saml2/views.py b/coip/apps/saml2/views.py new file mode 100644 index 0000000..497e219 --- /dev/null +++ b/coip/apps/saml2/views.py @@ -0,0 +1,61 @@ +''' +Created on Apr 2, 2012 + +@author: leifj +''' + +import re +from saml2 import server +from saml2 import saml +from saml2 import soap +import logging +from django.contrib.auth.models import User +from django.http import HttpResponse, HttpResponseBadRequest +from saml2.config import Config +from saml2.metadata import entity_descriptor +from coip.apps.saml2 import conf + +aa = server.Server("coip.apps.saml2.conf", log=logging, debug=1, stype="aa") + +def _aa_reply(aa, aq, user, sp_entityid): + consumer_url = aa.metadata.consumer_url(aq.issuer.text) + in_response_to = aq.id + name_id = aq.subject.name_id + + logging.info("name_id: %s" % name_id) + return aa.do_aa_response(in_response_to, + consumer_url, + sp_entityid, + identity=user, + name_id=name_id, + issuer=aa.conf.entityid) + +def metadata(request): + cnf = Config().load(conf.CONFIG, metadata_construction=True) + ed = entity_descriptor(cnf, 0) + return HttpResponse(content=ed,content_type="text/xml") + +def aq(request): + if request.method == 'POST': + global aa + request_xml = soap.parse_soap_enveloped_saml_attribute_query(request.raw_post_data) + logging.debug(request_xml) + (subject, attribute, aq) = aa.parse_attribute_query(request_xml,False) + sp_entityid = aq.issuer.text + + claims = {} + try: + logging.debug("Subject: %s" % subject.text) + user = User.objects.get(username=subject.text) + p = user.get_profile() + claims = {'uid': user.username,'displayName': p.display_name} + except Exception,exc: + logging.debug(exc) + pass + + aa_response = _aa_reply(aa, aq, claims, sp_entityid) + xml = soap.make_soap_enveloped_saml_thingy(aa_response) + logging.debug(xml) + return HttpResponse(content=xml, content_type="application/soap+xml") + else: + return HttpResponseBadRequest("<html><head><title>No</title></head><body><h1>Bad Request</h1><p>Go sell crazy someplace else, we're all stocked up here!</p></body></html>")
\ No newline at end of file diff --git a/coip/settings.py b/coip/settings.py index 7442f62..4f584b0 100644 --- a/coip/settings.py +++ b/coip/settings.py @@ -56,6 +56,9 @@ AUTH_PROFILE_MODULE = 'userprofile.UserProfile' # to load the internationalization machinery. USE_I18N = True +SAML_KEY = "/etc/ssl/private/ssl-cert-snakeoil.key" +SAML_CERT = "/etc/ssl/certs/ssl-cert-snakeoil.pem" + MEDIA_ROOT = "%s/site-media" % BASE_DIR ADMIN_MEDIA_ROOT = "%s/admin-media" % BASE_DIR MEDIA_URL = '/site-media/' @@ -116,7 +119,8 @@ INSTALLED_APPS = ( 'coip.apps.link', 'actstream', 'coip.apps.opensocial', - 'coip.apps.activitystreams' + 'coip.apps.activitystreams', + 'coip.apps.saml2' ) OAUTH_REALM_KEY_NAME = 'http://coip-test.sunet.se' diff --git a/coip/urls.py b/coip/urls.py index c2645de..353427f 100644 --- a/coip/urls.py +++ b/coip/urls.py @@ -72,5 +72,6 @@ urlpatterns = patterns('', (r'^api/activitystreams/', include('coip.apps.activitystreams.urls')), (r'^api/opensocial/', include('coip.apps.opensocial.urls')), (r'^api/hello/?', 'coip.apps.name.views.hello'), - (r'^oauth2/', include('django_oauth2_lite.urls')) + (r'^oauth2/', include('django_oauth2_lite.urls')), + (r'^saml2/', include('coip.apps.saml2.urls')) ) |