From 675b5f5e111061e4bdad37d8724d77cd25a02575 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Thu, 5 Apr 2012 13:03:02 +0200
Subject: djangosaml2

---
 asgard/settings.d/20-saml.conf | 70 ++++++++++++++++++++++++++++++++++++++++--
 coip/apps/saml2/urls.py        |  3 +-
 coip/apps/saml2/views.py       |  7 +----
 coip/utils.py                  | 11 +++++++
 4 files changed, 82 insertions(+), 9 deletions(-)
 create mode 100644 coip/utils.py

diff --git a/asgard/settings.d/20-saml.conf b/asgard/settings.d/20-saml.conf
index 302ca5a..6dceaf8 100644
--- a/asgard/settings.d/20-saml.conf
+++ b/asgard/settings.d/20-saml.conf
@@ -1,5 +1,71 @@
 
+from django.conf import settings
+from coip.utils import get_full_request
+
 METADATA = 'http://md.swamid.se/md/swamid-1.0.xml'
 AUTH_PROFILE_MODULE = 'userprofile.UserProfile'
-SAML_KEY = "/etc/ssl/private/ssl-cert-snakeoil.key"
-SAML_CERT = "/etc/ssl/certs/ssl-cert-snakeoil.pem"
\ No newline at end of file
+#SAML_KEY = "/etc/ssl/private/ssl-cert-snakeoil.key"
+#SAML_CERT = "/etc/ssl/certs/ssl-cert-snakeoil.pem"
+
+LOGIN_URL = '/saml2/login/'
+SESSION_EXPIRE_AT_BROWSER_CLOSE = True
+
+def asgard_sp_config(request):
+ return {
+  # your entity id, usually your subdomain plus the url to the metadata view
+  'entityid': 'https://coip.app.nordu.net/saml2/metadata',
+  # directory with attribute mapping
+  "attribute_map_dir" : "%s/saml2/attributemaps" % settings.BASE_DIR,
+  # this block states what services we provide
+  'service': {
+      # we are just a lonely SP
+      'sp' : {
+          'name': 'COIP',
+          'endpoints': {
+              # url and binding to the assertion consumer service view
+              # do not change the binding osettingsr service name
+              'assertion_consumer_service': [
+                  ('https://coip.app.nordu.net/saml2/acs/',
+                   saml2.BINDING_HTTP_POST),
+                  ],
+              # url and binding to the single logout service view
+              # do not change the binding or service name
+              'single_logout_service': [
+                  ('https://coip.app.nordu.net/saml2/ls/',
+                   saml2.BINDING_HTTP_REDIRECT),
+                  ],
+              },
+           # attributes that this project need to identify a user
+          'required_attributes': ['eduPersonPrincipalName','displayName'],
+           # attributes that may be useful to have but not required
+          'optional_attributes': ['eduPersonAffiliation'],
+      }
+   },
+
+  # where the remote metadata is stored
+  'metadata': { 'local': ['/tmp/swamid-idp.xml'] },
+
+  # set to 1 to output debugging information
+  'debug': 1,
+
+  # certificate
+  "key_file" : "%s/%s.key" % (settings.SSL_KEY_DIR,host),
+  "cert_file" : "%s/%s.crt" % (settings.SSL_CRT_DIR,host),
+  # own metadata settings
+  'contact_person': [
+      {'given_name': 'Leif',
+       'sur_name': 'Johansson',
+       'company': 'NORDUnet',
+       'email_address': 'leifj@nordu.net',
+       'contact_type': 'technical'},
+      ],
+  # you can set multilanguage information here
+  'organization': {
+      'name': [('NORDUNet', 'en')],
+      'display_name': [('NORDUnet A/S', 'en')],
+      'url': [('http://www.nordu.net', 'en')],
+      },
+  'valid_for': 24,  # how long is our metadata valid
+}
+         
+SAML_CONFIG_GENERATOR = asgard_sp_config
\ No newline at end of file
diff --git a/coip/apps/saml2/urls.py b/coip/apps/saml2/urls.py
index 1654c66..3965a6d 100644
--- a/coip/apps/saml2/urls.py
+++ b/coip/apps/saml2/urls.py
@@ -7,5 +7,6 @@ from django.conf.urls.defaults import patterns, url, include
 
 urlpatterns = patterns('coip.apps.saml2.views',
     url(r'^aq$',view='aq'),
-    url(r'^metadata$',view='metadata')
+    url(r'^metadata$',view='metadata'),
+    url(r'^.+',include('djangosaml2.urls'))
 )
\ No newline at end of file
diff --git a/coip/apps/saml2/views.py b/coip/apps/saml2/views.py
index f109094..1055644 100644
--- a/coip/apps/saml2/views.py
+++ b/coip/apps/saml2/views.py
@@ -15,12 +15,7 @@ from saml2.saml import NAME_FORMAT_URI
 from django.conf import settings
 from django.views.decorators.csrf import csrf_exempt
 from saml2.request import AttributeQuery
-
-def get_full_path(request,path=None):
-    if path == None:
-        path = request.path
-    full_path = ('http', ('', 's')[request.is_secure()], '://', request.META['HTTP_HOST'], path)
-    return ''.join(full_path)
+from coip.utils import get_full_path
 
 def _config(request):
     host = request.get_host().replace(":","-")
diff --git a/coip/utils.py b/coip/utils.py
new file mode 100644
index 0000000..f340721
--- /dev/null
+++ b/coip/utils.py
@@ -0,0 +1,11 @@
+'''
+Created on Apr 5, 2012
+
+@author: leifj
+'''
+
+def get_full_path(request,path=None):
+    if path == None:
+        path = request.path
+    full_path = ('http', ('', 's')[request.is_secure()], '://', request.META['HTTP_HOST'], path)
+    return ''.join(full_path)
\ No newline at end of file
-- 
cgit v1.1