183 |
183 |
providers
|
184 |
184 |
'''
|
185 |
185 |
name = models.CharField(_('name'), max_length=200, unique=True)
|
186 |
|
enabled = models.BooleanField(verbose_name = _('Enabled'))
|
187 |
|
no_nameid_policy = models.BooleanField(
|
|
186 |
enabled = models.BooleanField(verbose_name = _('Enabled'), default=False)
|
|
187 |
no_nameid_policy = models.BooleanField(default=False,
|
188 |
188 |
verbose_name = _("Do not send a nameId Policy"))
|
189 |
189 |
requested_name_id_format = models.CharField(
|
190 |
190 |
verbose_name = _("Requested NameID format"),
|
191 |
191 |
max_length = 200,
|
192 |
192 |
default = DEFAULT_NAME_ID_FORMAT,
|
193 |
193 |
choices = NAME_ID_FORMATS_CHOICES)
|
194 |
|
transient_is_persistent = models.BooleanField(
|
|
194 |
transient_is_persistent = models.BooleanField(default=False,
|
195 |
195 |
verbose_name = \
|
196 |
196 |
_("This IdP sends a transient NameID but you want a persistent behaviour for your SP"))
|
197 |
197 |
persistent_identifier_attribute = models.CharField(_('Persistent '
|
198 |
198 |
'identifier attribute'), max_length=200, null=True, blank=True)
|
199 |
|
allow_create = models.BooleanField(
|
|
199 |
allow_create = models.BooleanField(default=False,
|
200 |
200 |
verbose_name = _("Allow IdP to create an identity"))
|
201 |
|
enable_binding_for_sso_response = models.BooleanField(
|
|
201 |
enable_binding_for_sso_response = models.BooleanField(default=False,
|
202 |
202 |
verbose_name = _('Binding for Authnresponse \
|
203 |
203 |
(taken from metadata by the IdP if not enabled)'))
|
204 |
204 |
binding_for_sso_response = models.CharField(
|
205 |
205 |
verbose_name = _("Binding for the SSO responses"),
|
206 |
206 |
max_length = 200, choices = BINDING_SSO_IDP,
|
207 |
207 |
default = lasso.SAML2_METADATA_BINDING_ARTIFACT)
|
208 |
|
enable_http_method_for_slo_request = models.BooleanField(
|
|
208 |
enable_http_method_for_slo_request = models.BooleanField(default=False,
|
209 |
209 |
verbose_name = _('HTTP method for single logout request \
|
210 |
210 |
(taken from metadata if not enabled)'))
|
211 |
211 |
http_method_for_slo_request = models.IntegerField(
|
212 |
212 |
verbose_name = _("HTTP binding for the SLO requests"),
|
213 |
213 |
max_length = 200, choices = HTTP_METHOD,
|
214 |
214 |
default = lasso.HTTP_METHOD_REDIRECT)
|
215 |
|
enable_http_method_for_defederation_request = models.BooleanField(
|
|
215 |
enable_http_method_for_defederation_request = models.BooleanField(default=False,
|
216 |
216 |
verbose_name = \
|
217 |
217 |
_('HTTP method for federation termination request \
|
218 |
218 |
(taken from metadata if not enabled)'))
|
... | ... | |
220 |
220 |
verbose_name = _("HTTP method for the defederation requests"),
|
221 |
221 |
max_length = 200, choices = HTTP_METHOD,
|
222 |
222 |
default = lasso.HTTP_METHOD_SOAP)
|
223 |
|
force_user_consent = models.BooleanField(\
|
|
223 |
force_user_consent = models.BooleanField(
|
224 |
224 |
verbose_name = \
|
225 |
225 |
_("Require the user consent be given at account linking"),
|
226 |
226 |
default=False)
|
227 |
|
want_force_authn_request = models.BooleanField(
|
|
227 |
want_force_authn_request = models.BooleanField(default=False,
|
228 |
228 |
verbose_name = _("Force authentication"))
|
229 |
|
want_is_passive_authn_request = models.BooleanField(
|
|
229 |
want_is_passive_authn_request = models.BooleanField(default=False,
|
230 |
230 |
verbose_name = _("Passive authentication"))
|
231 |
|
want_authn_request_signed = models.BooleanField(
|
|
231 |
want_authn_request_signed = models.BooleanField(default=False,
|
232 |
232 |
verbose_name = _("Want AuthnRequest signed"))
|
233 |
233 |
handle_persistent = models.CharField(
|
234 |
234 |
max_length=200,
|
... | ... | |
271 |
271 |
Used to define SAML2 parameters employed with service providers.
|
272 |
272 |
'''
|
273 |
273 |
name = models.CharField(_('name'), max_length=80, unique=True)
|
274 |
|
enabled = models.BooleanField(verbose_name = _('Enabled'))
|
|
274 |
enabled = models.BooleanField(verbose_name = _('Enabled'), default=False)
|
275 |
275 |
prefered_assertion_consumer_binding = models.CharField(
|
276 |
276 |
verbose_name = _("Prefered assertion consumer binding"),
|
277 |
277 |
default = 'meta',
|
278 |
278 |
max_length = 4, choices = ASSERTION_CONSUMER_PROFILES)
|
279 |
|
encrypt_nameid = models.BooleanField(verbose_name = _("Encrypt NameID"))
|
280 |
|
encrypt_assertion = models.BooleanField(
|
|
279 |
encrypt_nameid = models.BooleanField(verbose_name = _("Encrypt NameID"), default=False)
|
|
280 |
encrypt_assertion = models.BooleanField(default=False,
|
281 |
281 |
verbose_name = _("Encrypt Assertion"))
|
282 |
|
authn_request_signed = models.BooleanField(
|
|
282 |
authn_request_signed = models.BooleanField(default=False,
|
283 |
283 |
verbose_name = _("Authentication request signed"))
|
284 |
|
idp_initiated_sso = models.BooleanField(
|
|
284 |
idp_initiated_sso = models.BooleanField(default=False,
|
285 |
285 |
verbose_name = _("Allow IdP initiated SSO"))
|
286 |
286 |
# XXX: format in the metadata file, should be suffixed with a star to mark
|
287 |
287 |
# them as special
|
... | ... | |
446 |
446 |
|
447 |
447 |
class AuthorizationSPPolicy(models.Model):
|
448 |
448 |
name = models.CharField(_('name'), max_length=80, unique=True)
|
449 |
|
enabled = models.BooleanField(verbose_name = _('Enabled'))
|
|
449 |
enabled = models.BooleanField(verbose_name = _('Enabled'), default=False)
|
450 |
450 |
attribute_map = models.ForeignKey(AuthorizationAttributeMap,
|
451 |
451 |
related_name = "authorization_attributes",
|
452 |
452 |
blank = True, null = True)
|
... | ... | |
532 |
532 |
class LibertyServiceProvider(models.Model):
|
533 |
533 |
liberty_provider = models.OneToOneField(LibertyProvider,
|
534 |
534 |
primary_key = True, related_name = 'service_provider')
|
535 |
|
enabled = models.BooleanField(verbose_name = _('Enabled'))
|
536 |
|
enable_following_sp_options_policy = models.BooleanField(verbose_name = \
|
|
535 |
enabled = models.BooleanField(verbose_name = _('Enabled'), default=False)
|
|
536 |
enable_following_sp_options_policy = models.BooleanField(default=False, verbose_name = \
|
537 |
537 |
_('The following options policy will apply except if a policy for all service provider is defined.'))
|
538 |
538 |
sp_options_policy = models.ForeignKey(SPOptionsIdPPolicy, related_name = "sp_options_policy", verbose_name = _('service provider options policy'), blank=True, null=True)
|
539 |
539 |
policy = models.ForeignKey(LibertyProviderPolicy,
|
540 |
540 |
verbose_name=_("Protocol policy"), null=True, default=1)
|
541 |
|
enable_following_attribute_policy = models.BooleanField(verbose_name = \
|
|
541 |
enable_following_attribute_policy = models.BooleanField(default=False, verbose_name = \
|
542 |
542 |
_('The following attribute policy will apply except if a policy for all service provider is defined.'))
|
543 |
543 |
attribute_policy = models.ForeignKey('idp.AttributePolicy',
|
544 |
544 |
related_name = "attribute_policy",
|
... | ... | |
571 |
571 |
class LibertyIdentityProvider(models.Model):
|
572 |
572 |
liberty_provider = models.OneToOneField(LibertyProvider,
|
573 |
573 |
primary_key = True, related_name = 'identity_provider')
|
574 |
|
enabled = models.BooleanField(verbose_name = _('Enabled'))
|
575 |
|
enable_following_idp_options_policy = models.BooleanField(verbose_name = \
|
|
574 |
enabled = models.BooleanField(verbose_name = _('Enabled'), default=False)
|
|
575 |
enable_following_idp_options_policy = models.BooleanField(default=False, verbose_name = \
|
576 |
576 |
_('The following options policy will apply except if a policy for all '
|
577 |
577 |
'identity provider is defined.'))
|
578 |
578 |
idp_options_policy = models.ForeignKey(IdPOptionsSPPolicy,
|
579 |
579 |
related_name="idp_options_policy",
|
580 |
580 |
verbose_name=_('identity provider options policy'), blank=True,
|
581 |
581 |
null=True)
|
582 |
|
enable_following_authorization_policy = models.BooleanField(verbose_name = \
|
|
582 |
enable_following_authorization_policy = models.BooleanField(default=False, verbose_name = \
|
583 |
583 |
_('The following authorization policy will apply except if a policy for'
|
584 |
584 |
' all identity provider is defined.'))
|
585 |
585 |
authorization_policy = models.ForeignKey(AuthorizationSPPolicy,
|
586 |
|
-
|