184 |
184 |
providers
|
185 |
185 |
'''
|
186 |
186 |
name = models.CharField(_('name'), max_length=200, unique=True)
|
187 |
|
enabled = models.BooleanField(verbose_name = _('Enabled'))
|
188 |
|
no_nameid_policy = models.BooleanField(
|
|
187 |
enabled = models.BooleanField(verbose_name = _('Enabled'), default=False)
|
|
188 |
no_nameid_policy = models.BooleanField(default=False,
|
189 |
189 |
verbose_name = _("Do not send a nameId Policy"))
|
190 |
190 |
requested_name_id_format = models.CharField(
|
191 |
191 |
verbose_name = _("Requested NameID format"),
|
192 |
192 |
max_length = 200,
|
193 |
193 |
default = DEFAULT_NAME_ID_FORMAT,
|
194 |
194 |
choices = NAME_ID_FORMATS_CHOICES)
|
195 |
|
transient_is_persistent = models.BooleanField(
|
|
195 |
transient_is_persistent = models.BooleanField(default=False,
|
196 |
196 |
verbose_name = \
|
197 |
197 |
_("This IdP sends a transient NameID but you want a persistent behaviour for your SP"))
|
198 |
198 |
persistent_identifier_attribute = models.CharField(_('Persistent '
|
199 |
199 |
'identifier attribute'), max_length=200, null=True, blank=True)
|
200 |
|
allow_create = models.BooleanField(
|
|
200 |
allow_create = models.BooleanField(default=False,
|
201 |
201 |
verbose_name = _("Allow IdP to create an identity"))
|
202 |
|
enable_binding_for_sso_response = models.BooleanField(
|
|
202 |
enable_binding_for_sso_response = models.BooleanField(default=False,
|
203 |
203 |
verbose_name = _('Binding for Authnresponse \
|
204 |
204 |
(taken from metadata by the IdP if not enabled)'))
|
205 |
205 |
binding_for_sso_response = models.CharField(
|
206 |
206 |
verbose_name = _("Binding for the SSO responses"),
|
207 |
207 |
max_length = 200, choices = BINDING_SSO_IDP,
|
208 |
208 |
default = lasso.SAML2_METADATA_BINDING_ARTIFACT)
|
209 |
|
enable_http_method_for_slo_request = models.BooleanField(
|
|
209 |
enable_http_method_for_slo_request = models.BooleanField(default=False,
|
210 |
210 |
verbose_name = _('HTTP method for single logout request \
|
211 |
211 |
(taken from metadata if not enabled)'))
|
212 |
212 |
http_method_for_slo_request = models.IntegerField(
|
213 |
213 |
verbose_name = _("HTTP binding for the SLO requests"),
|
214 |
214 |
max_length = 200, choices = HTTP_METHOD,
|
215 |
215 |
default = lasso.HTTP_METHOD_REDIRECT)
|
216 |
|
enable_http_method_for_defederation_request = models.BooleanField(
|
|
216 |
enable_http_method_for_defederation_request = models.BooleanField(default=False,
|
217 |
217 |
verbose_name = \
|
218 |
218 |
_('HTTP method for federation termination request \
|
219 |
219 |
(taken from metadata if not enabled)'))
|
... | ... | |
221 |
221 |
verbose_name = _("HTTP method for the defederation requests"),
|
222 |
222 |
max_length = 200, choices = HTTP_METHOD,
|
223 |
223 |
default = lasso.HTTP_METHOD_SOAP)
|
224 |
|
force_user_consent = models.BooleanField(\
|
|
224 |
force_user_consent = models.BooleanField(
|
225 |
225 |
verbose_name = \
|
226 |
226 |
_("Require the user consent be given at account linking"),
|
227 |
227 |
default=False)
|
228 |
|
want_force_authn_request = models.BooleanField(
|
|
228 |
want_force_authn_request = models.BooleanField(default=False,
|
229 |
229 |
verbose_name = _("Force authentication"))
|
230 |
|
want_is_passive_authn_request = models.BooleanField(
|
|
230 |
want_is_passive_authn_request = models.BooleanField(default=False,
|
231 |
231 |
verbose_name = _("Passive authentication"))
|
232 |
|
want_authn_request_signed = models.BooleanField(
|
|
232 |
want_authn_request_signed = models.BooleanField(default=False,
|
233 |
233 |
verbose_name = _("Want AuthnRequest signed"))
|
234 |
234 |
handle_persistent = models.CharField(
|
235 |
235 |
max_length=200,
|
... | ... | |
272 |
272 |
Used to define SAML2 parameters employed with service providers.
|
273 |
273 |
'''
|
274 |
274 |
name = models.CharField(_('name'), max_length=80, unique=True)
|
275 |
|
enabled = models.BooleanField(verbose_name = _('Enabled'))
|
|
275 |
enabled = models.BooleanField(verbose_name = _('Enabled'), default=False)
|
276 |
276 |
prefered_assertion_consumer_binding = models.CharField(
|
277 |
277 |
verbose_name = _("Prefered assertion consumer binding"),
|
278 |
278 |
default = 'meta',
|
279 |
279 |
max_length = 4, choices = ASSERTION_CONSUMER_PROFILES)
|
280 |
|
encrypt_nameid = models.BooleanField(verbose_name = _("Encrypt NameID"))
|
281 |
|
encrypt_assertion = models.BooleanField(
|
|
280 |
encrypt_nameid = models.BooleanField(verbose_name = _("Encrypt NameID"), default=False)
|
|
281 |
encrypt_assertion = models.BooleanField(default=False,
|
282 |
282 |
verbose_name = _("Encrypt Assertion"))
|
283 |
|
authn_request_signed = models.BooleanField(
|
|
283 |
authn_request_signed = models.BooleanField(default=False,
|
284 |
284 |
verbose_name = _("Authentication request signed"))
|
285 |
|
idp_initiated_sso = models.BooleanField(
|
|
285 |
idp_initiated_sso = models.BooleanField(default=False,
|
286 |
286 |
verbose_name = _("Allow IdP initiated SSO"))
|
287 |
287 |
# XXX: format in the metadata file, should be suffixed with a star to mark
|
288 |
288 |
# them as special
|
... | ... | |
447 |
447 |
|
448 |
448 |
class AuthorizationSPPolicy(models.Model):
|
449 |
449 |
name = models.CharField(_('name'), max_length=80, unique=True)
|
450 |
|
enabled = models.BooleanField(verbose_name = _('Enabled'))
|
|
450 |
enabled = models.BooleanField(verbose_name = _('Enabled'), default=False)
|
451 |
451 |
attribute_map = models.ForeignKey(AuthorizationAttributeMap,
|
452 |
452 |
related_name = "authorization_attributes",
|
453 |
453 |
blank = True, null = True)
|
... | ... | |
546 |
546 |
class LibertyServiceProvider(models.Model):
|
547 |
547 |
liberty_provider = models.OneToOneField(LibertyProvider,
|
548 |
548 |
primary_key = True, related_name = 'service_provider')
|
549 |
|
enabled = models.BooleanField(verbose_name = _('Enabled'))
|
550 |
|
enable_following_sp_options_policy = models.BooleanField(verbose_name = \
|
|
549 |
enabled = models.BooleanField(verbose_name = _('Enabled'), default=False)
|
|
550 |
enable_following_sp_options_policy = models.BooleanField(default=False, verbose_name = \
|
551 |
551 |
_('The following options policy will apply except if a policy for all service provider is defined.'))
|
552 |
552 |
sp_options_policy = models.ForeignKey(SPOptionsIdPPolicy, related_name = "sp_options_policy", verbose_name = _('service provider options policy'), blank=True, null=True)
|
553 |
553 |
policy = models.ForeignKey(LibertyProviderPolicy,
|
554 |
554 |
verbose_name=_("Protocol policy"), null=True, default=1)
|
555 |
|
enable_following_attribute_policy = models.BooleanField(verbose_name = \
|
|
555 |
enable_following_attribute_policy = models.BooleanField(default=False, verbose_name = \
|
556 |
556 |
_('The following attribute policy will apply except if a policy for all service provider is defined.'))
|
557 |
557 |
attribute_policy = models.ForeignKey('idp.AttributePolicy',
|
558 |
558 |
related_name = "attribute_policy",
|
... | ... | |
585 |
585 |
class LibertyIdentityProvider(models.Model):
|
586 |
586 |
liberty_provider = models.OneToOneField(LibertyProvider,
|
587 |
587 |
primary_key = True, related_name = 'identity_provider')
|
588 |
|
enabled = models.BooleanField(verbose_name = _('Enabled'))
|
589 |
|
enable_following_idp_options_policy = models.BooleanField(verbose_name = \
|
|
588 |
enabled = models.BooleanField(verbose_name = _('Enabled'), default=False)
|
|
589 |
enable_following_idp_options_policy = models.BooleanField(default=False, verbose_name = \
|
590 |
590 |
_('The following options policy will apply except if a policy for all '
|
591 |
591 |
'identity provider is defined.'))
|
592 |
592 |
idp_options_policy = models.ForeignKey(IdPOptionsSPPolicy,
|
593 |
593 |
related_name="idp_options_policy",
|
594 |
594 |
verbose_name=_('identity provider options policy'), blank=True,
|
595 |
595 |
null=True)
|
596 |
|
enable_following_authorization_policy = models.BooleanField(verbose_name = \
|
|
596 |
enable_following_authorization_policy = models.BooleanField(default=False, verbose_name = \
|
597 |
597 |
_('The following authorization policy will apply except if a policy for'
|
598 |
598 |
' all identity provider is defined.'))
|
599 |
599 |
authorization_policy = models.ForeignKey(AuthorizationSPPolicy,
|
600 |
|
-
|