0001-Model-Data-migrations-of-LibertyServiceProvider-to-L.patch
| src/authentic2/idp/saml/backend.py | ||
|---|---|---|
| 19 | 19 |
self.logger = logging.getLogger(__name__) |
| 20 | 20 | |
| 21 | 21 |
def service_list(self, request): |
| 22 |
q = models.LibertyServiceProvider.objects.filter(enabled = True) \
|
|
| 22 |
q = models.LibertyProvider.objects.filter(enabled = True) \ |
|
| 23 | 23 |
.select_related() |
| 24 | 24 |
ls = [] |
| 25 | 25 |
sessions = models.LibertySession.objects.filter( |
| ... | ... | |
| 36 | 36 |
sp_options_policy__idp_initiated_sso=True)) |
| 37 | 37 |
queries.append(q.filter(sp_options_policy__enabled=True, |
| 38 | 38 |
sp_options_policy__accept_slo=True, |
| 39 |
liberty_provider__entity_id__in=sessions_eids))
|
|
| 39 |
entity_id__in=sessions_eids)) |
|
| 40 | 40 |
if default_policy and default_policy.idp_initiated_sso: |
| 41 | 41 |
queries.append(q.filter(sp_options_policy__isnull=True)) |
| 42 | 42 |
if default_policy and default_policy.accept_slo: |
| src/authentic2/idp/saml/saml2_endpoints.py | ||
|---|---|---|
| 48 | 48 |
LibertySession, LibertyFederation, |
| 49 | 49 |
nameid2kwargs, saml2_urn_to_nidformat, |
| 50 | 50 |
nidformat_to_saml2_urn, save_key_values, get_and_delete_key_values, |
| 51 |
LibertyProvider, LibertyServiceProvider, SAMLAttribute, NAME_ID_FORMATS)
|
|
| 51 |
LibertyProvider, SAMLAttribute, NAME_ID_FORMATS) |
|
| 52 | 52 |
from authentic2.saml.common import redirect_next, asynchronous_bindings, \ |
| 53 | 53 |
soap_bindings, load_provider, get_saml2_request_message, \ |
| 54 | 54 |
error_page, set_saml2_response_responder_status_code, \ |
| ... | ... | |
| 382 | 382 |
kwargs['name_id_qualifier'] = AUTHENTIC_SAME_ID_SENTINEL |
| 383 | 383 |
if kwargs.get('name_id_sp_name_qualifier') == login.remoteProviderId:
|
| 384 | 384 |
kwargs['name_id_sp_name_qualifier'] = AUTHENTIC_SAME_ID_SENTINEL |
| 385 |
service_provider = LibertyServiceProvider.objects \
|
|
| 386 |
.get(liberty_provider__entity_id=login.remoteProviderId)
|
|
| 385 |
service_provider = LibertyProvider.objects \ |
|
| 386 |
.get(entity_id=login.remoteProviderId) |
|
| 387 | 387 |
federation, new = LibertyFederation.objects.get_or_create( |
| 388 | 388 |
sp=service_provider, |
| 389 | 389 |
user=request.user, **kwargs) |
| src/authentic2/saml/admin.py | ||
|---|---|---|
| 13 | 13 |
except ImportError: |
| 14 | 14 |
from django.contrib.contenttypes.generic import GenericTabularInline |
| 15 | 15 | |
| 16 |
from authentic2.saml.models import (LibertyProvider, LibertyServiceProvider,
|
|
| 17 |
SPOptionsIdPPolicy, LibertyFederation,
|
|
| 18 |
KeyValue, LibertySession, SAMLAttribute)
|
|
| 16 |
from authentic2.saml.models import (LibertyProvider, SPOptionsIdPPolicy,
|
|
| 17 |
LibertyFederation, KeyValue,
|
|
| 18 |
LibertySession, SAMLAttribute) |
|
| 19 | 19 | |
| 20 | 20 |
from authentic2.decorators import to_iter |
| 21 | 21 |
from authentic2.attributes_ng.engine import get_attribute_names |
| ... | ... | |
| 24 | 24 | |
| 25 | 25 |
logger = logging.getLogger(__name__) |
| 26 | 26 | |
| 27 |
class LibertyServiceProviderInline(admin.StackedInline): |
|
| 28 |
model = LibertyServiceProvider |
|
| 27 |
#class LibertyServiceProviderInline(admin.StackedInline):
|
|
| 28 |
# model = LibertyServiceProvider
|
|
| 29 | 29 | |
| 30 | 30 |
class TextAndFileWidget(forms.widgets.MultiWidget): |
| 31 | 31 |
def __init__(self, attrs=None): |
| ... | ... | |
| 150 | 150 |
(_('Metadata files'), {
|
| 151 | 151 |
'fields': ('metadata_url', 'metadata', 'public_key', 'ssl_certificate', 'ca_cert_chain')
|
| 152 | 152 |
}), |
| 153 |
(_('SAML service provider'), {
|
|
| 154 |
'fields': ('enabled', 'enable_following_sp_options_policy', 'sp_options_policy',
|
|
| 155 |
'users_can_manage_federations') |
|
| 156 |
}), |
|
| 153 | 157 |
) |
| 154 | 158 |
inlines = [ |
| 155 |
LibertyServiceProviderInline, |
|
| 159 |
#LibertyServiceProviderInline,
|
|
| 156 | 160 |
SAMLAttributeInlineAdmin, |
| 157 | 161 |
] |
| 158 | 162 |
actions = [ update_metadata ] |
| 159 | 163 |
prepopulated_fields = {'slug': ('name',)}
|
| 160 | 164 |
list_filter = ( |
| 161 |
'service_provider__sp_options_policy',
|
|
| 162 |
'service_provider__enabled',
|
|
| 165 |
'sp_options_policy', |
|
| 166 |
'enabled', |
|
| 163 | 167 |
) |
| 164 | 168 | |
| 165 | 169 |
def get_urls(self): |
| src/authentic2/saml/common.py | ||
|---|---|---|
| 15 | 15 |
from django.core.exceptions import ValidationError |
| 16 | 16 | |
| 17 | 17 |
from authentic2.saml.models import (LibertyFederation, LibertyProvider, |
| 18 |
LibertyServiceProvider, SPOptionsIdPPolicy)
|
|
| 18 |
SPOptionsIdPPolicy) |
|
| 19 | 19 |
from authentic2.saml import models |
| 20 | 20 |
from authentic2.saml import saml2utils |
| 21 | 21 | |
| ... | ... | |
| 338 | 338 |
return None |
| 339 | 339 |
p.save() |
| 340 | 340 |
logger.debug('%s saved', p)
|
| 341 |
s = LibertyServiceProvider(liberty_provider=p, enabled=True) |
|
| 342 |
s.save() |
|
| 343 | 341 |
return p |
| 344 | 342 | |
| 345 | 343 | |
| ... | ... | |
| 368 | 366 |
return False |
| 369 | 367 |
else: |
| 370 | 368 |
return False |
| 371 |
try: |
|
| 372 |
service_provider = liberty_provider.service_provider |
|
| 373 |
except LibertyServiceProvider.DoesNotExist: |
|
| 374 |
return False |
|
| 375 |
if not service_provider.enabled: |
|
| 369 |
|
|
| 370 |
if not liberty_provider.enabled: |
|
| 376 | 371 |
return False |
| 377 | 372 |
if server: |
| 378 | 373 |
server.addProviderFromBuffer(lasso.PROVIDER_ROLE_SP, |
| ... | ... | |
| 566 | 561 |
policy = get_sp_options_policy_all() |
| 567 | 562 |
if policy: |
| 568 | 563 |
return policy |
| 569 |
if provider.service_provider.enable_following_sp_options_policy:
|
|
| 570 |
policy = provider.service_provider.sp_options_policy
|
|
| 564 |
if provider.enable_following_sp_options_policy: |
|
| 565 |
policy = provider.sp_options_policy |
|
| 571 | 566 |
if policy and policy.enabled: |
| 572 |
return provider.service_provider.sp_options_policy
|
|
| 567 |
return provider.sp_options_policy |
|
| 573 | 568 |
return get_sp_options_policy_default() |
| 574 | 569 | |
| 575 | 570 | |
| src/authentic2/saml/forms.py | ||
|---|---|---|
| 6 | 6 |
from django.core.exceptions import ValidationError |
| 7 | 7 |
from django.utils.translation import ugettext_lazy as _ |
| 8 | 8 | |
| 9 |
from .models import LibertyProvider, LibertyServiceProvider
|
|
| 9 |
from .models import LibertyProvider |
|
| 10 | 10 | |
| 11 | 11 |
from authentic2.a2_rbac.utils import get_default_ou |
| 12 | 12 | |
| ... | ... | |
| 26 | 26 |
url = cleaned_data.get('url')
|
| 27 | 27 |
ou = cleaned_data.get('ou')
|
| 28 | 28 |
self.instance = None |
| 29 |
self.childs = [] |
|
| 30 | 29 |
if name and slug and url: |
| 31 | 30 |
try: |
| 32 | 31 |
content = urllib2.urlopen(url).read().decode('utf-8')
|
| ... | ... | |
| 40 | 39 |
slug=slug, metadata=content, metadata_url=url, ou=ou) |
| 41 | 40 |
liberty_provider.full_clean(exclude= |
| 42 | 41 |
('entity_id', 'protocol_conformance'))
|
| 43 |
self.childs.append(LibertyServiceProvider( |
|
| 44 |
liberty_provider=liberty_provider, |
|
| 45 |
enabled=True)) |
|
| 46 | 42 |
except ValidationError, e: |
| 47 | 43 |
raise |
| 48 | 44 |
except Exception, e: |
| 45 |
raise |
|
| 49 | 46 |
raise ValidationError('unsupported error: %s' % e)
|
| 50 | 47 |
self.instance = liberty_provider |
| 51 | 48 |
return cleaned_data |
| 52 | 49 | |
| 53 | 50 |
def save(self): |
| 54 |
if not self.instance is None: |
|
| 55 |
self.instance.save() |
|
| 56 |
for child in self.childs: |
|
| 57 |
child.liberty_provider = self.instance |
|
| 58 |
child.save() |
|
| 51 |
self.instance.save() |
|
| 59 | 52 |
return self.instance |
| src/authentic2/saml/management/commands/sync-metadata.py | ||
|---|---|---|
| 177 | 177 |
provider.save() |
| 178 | 178 |
options['count'] = options.get('count', 0) + 1
|
| 179 | 179 |
if sp: |
| 180 |
service_provider, created = LibertyServiceProvider.objects.get_or_create( |
|
| 181 |
liberty_provider=provider, |
|
| 182 |
defaults={'enabled': not options['create-disabled']})
|
|
| 183 |
if sp_policy: |
|
| 184 |
service_provider.sp_options_policy = sp_policy |
|
| 185 |
service_provider.save() |
|
| 186 | 180 |
pks = [] |
| 187 | 181 |
if options['load_attribute_consuming_service']: |
| 188 | 182 |
load_acs(tree, provider, pks, verbosity) |
| ... | ... | |
| 211 | 205 |
SAMLAttribute.objects.for_generic_object(provider).exclude(pk__in=pks).delete() |
| 212 | 206 | |
| 213 | 207 |
class Command(BaseCommand): |
| 214 |
'''Load SAMLv2 metadata file into the LibertyProvider, LibertyServiceProvider
|
|
| 208 |
'''Load SAMLv2 metadata file into the LibertyProvider, |
|
| 215 | 209 |
and LibertyIdentityProvider files''' |
| 216 | 210 |
can_import_django_settings = True |
| 217 | 211 |
output_transaction = True |
| src/authentic2/saml/migrations/0017_auto_20151208_1537.py | ||
|---|---|---|
| 1 |
# -*- coding: utf-8 -*- |
|
| 2 |
from __future__ import unicode_literals |
|
| 3 | ||
| 4 |
from django.db import models, migrations |
|
| 5 |
import django.db.models.deletion |
|
| 6 | ||
| 7 | ||
| 8 |
class Migration(migrations.Migration): |
|
| 9 | ||
| 10 |
dependencies = [ |
|
| 11 |
('saml', '0016_auto_20150915_2041'),
|
|
| 12 |
] |
|
| 13 | ||
| 14 |
operations = [ |
|
| 15 |
migrations.AddField( |
|
| 16 |
model_name='libertyprovider', |
|
| 17 |
name='enable_following_sp_options_policy', |
|
| 18 |
field=models.BooleanField(default=False, verbose_name='The following options policy will apply except if a policy for all service provider is defined.'), |
|
| 19 |
preserve_default=True, |
|
| 20 |
), |
|
| 21 |
migrations.AddField( |
|
| 22 |
model_name='libertyprovider', |
|
| 23 |
name='enabled', |
|
| 24 |
field=models.BooleanField(default=False, db_index=True, verbose_name='Enabled'), |
|
| 25 |
preserve_default=True, |
|
| 26 |
), |
|
| 27 |
migrations.AddField( |
|
| 28 |
model_name='libertyprovider', |
|
| 29 |
name='sp_options_policy', |
|
| 30 |
field=models.ForeignKey(related_name='sp_options_policy', on_delete=django.db.models.deletion.SET_NULL, verbose_name='service provider options policy', blank=True, to='saml.SPOptionsIdPPolicy', null=True), |
|
| 31 |
preserve_default=True, |
|
| 32 |
), |
|
| 33 |
migrations.AddField( |
|
| 34 |
model_name='libertyprovider', |
|
| 35 |
name='users_can_manage_federations', |
|
| 36 |
field=models.BooleanField(default=True, db_index=True, verbose_name='users can manage federation'), |
|
| 37 |
preserve_default=True, |
|
| 38 |
), |
|
| 39 |
migrations.AlterField( |
|
| 40 |
model_name='libertyserviceprovider', |
|
| 41 |
name='sp_options_policy', |
|
| 42 |
field=models.ForeignKey(related_name='old_isp_options_policy', on_delete=django.db.models.deletion.SET_NULL, verbose_name='service provider options policy', blank=True, to='saml.SPOptionsIdPPolicy', null=True), |
|
| 43 |
preserve_default=True, |
|
| 44 |
), |
|
| 45 |
] |
|
| src/authentic2/saml/migrations/0018_auto_20151208_1542.py | ||
|---|---|---|
| 1 |
# -*- coding: utf-8 -*- |
|
| 2 |
from __future__ import unicode_literals |
|
| 3 | ||
| 4 |
from django.db import models, migrations |
|
| 5 | ||
| 6 |
def liberty_service_provider_data_to_liberty_provider(apps, schema_editor): |
|
| 7 |
LibertyProvider = apps.get_model('saml','LibertyProvider')
|
|
| 8 |
LibertyServiceProvider = apps.get_model('saml','LibertyServiceProvider')
|
|
| 9 | ||
| 10 |
for lsp in LibertyServiceProvider.objects.all(): |
|
| 11 |
lp = lsp.liberty_provider |
|
| 12 | ||
| 13 |
lp.enabled = lsp.enabled |
|
| 14 |
lp.enable_following_sp_options_policy = lsp.enable_following_sp_options_policy |
|
| 15 |
lp.sp_options_policy = lsp.sp_options_policy |
|
| 16 |
lp.users_can_manage_federations = lsp.users_can_manage_federations |
|
| 17 |
lp.save() |
|
| 18 | ||
| 19 | ||
| 20 |
class Migration(migrations.Migration): |
|
| 21 | ||
| 22 |
dependencies = [ |
|
| 23 |
('saml', '0017_auto_20151208_1537'),
|
|
| 24 |
] |
|
| 25 | ||
| 26 |
operations = [ |
|
| 27 |
migrations.RunPython(liberty_service_provider_data_to_liberty_provider), |
|
| 28 |
] |
|
| src/authentic2/saml/migrations/0019_libertyfederation_nsp.py | ||
|---|---|---|
| 1 |
# -*- coding: utf-8 -*- |
|
| 2 |
from __future__ import unicode_literals |
|
| 3 | ||
| 4 |
from django.db import models, migrations |
|
| 5 | ||
| 6 | ||
| 7 |
class Migration(migrations.Migration): |
|
| 8 | ||
| 9 |
dependencies = [ |
|
| 10 |
('saml', '0018_auto_20151208_1542'),
|
|
| 11 |
] |
|
| 12 | ||
| 13 |
operations = [ |
|
| 14 |
migrations.AddField( |
|
| 15 |
model_name='libertyfederation', |
|
| 16 |
name='nsp', |
|
| 17 |
field=models.ForeignKey(blank=True, to='saml.LibertyProvider', null=True), |
|
| 18 |
preserve_default=True, |
|
| 19 |
), |
|
| 20 |
] |
|
| src/authentic2/saml/migrations/0020_auto_20151221_1108.py | ||
|---|---|---|
| 1 |
# -*- coding: utf-8 -*- |
|
| 2 |
from __future__ import unicode_literals |
|
| 3 | ||
| 4 |
from django.db import models, migrations |
|
| 5 | ||
| 6 | ||
| 7 |
def liberty_federation_sp_to_nsp(apps, schema_editor): |
|
| 8 |
LibertyFederation = apps.get_model('saml','LibertyFederation')
|
|
| 9 |
for liberty_federation in LibertyFederation.objects.all(): |
|
| 10 |
liberty_federation.nsp = liberty_federation.sp |
|
| 11 |
liberty_federation.save() |
|
| 12 | ||
| 13 | ||
| 14 |
class Migration(migrations.Migration): |
|
| 15 | ||
| 16 |
dependencies = [ |
|
| 17 |
('saml', '0019_libertyfederation_nsp'),
|
|
| 18 |
] |
|
| 19 | ||
| 20 |
operations = [ |
|
| 21 |
] |
|
| src/authentic2/saml/migrations/0021_auto_20151221_1149.py | ||
|---|---|---|
| 1 |
# -*- coding: utf-8 -*- |
|
| 2 |
from __future__ import unicode_literals |
|
| 3 | ||
| 4 |
from django.db import models, migrations |
|
| 5 | ||
| 6 | ||
| 7 |
class Migration(migrations.Migration): |
|
| 8 | ||
| 9 |
dependencies = [ |
|
| 10 |
('saml', '0020_auto_20151221_1108'),
|
|
| 11 |
] |
|
| 12 | ||
| 13 |
operations = [ |
|
| 14 |
migrations.RemoveField( |
|
| 15 |
model_name='libertyserviceprovider', |
|
| 16 |
name='liberty_provider', |
|
| 17 |
), |
|
| 18 |
migrations.RemoveField( |
|
| 19 |
model_name='libertyserviceprovider', |
|
| 20 |
name='sp_options_policy', |
|
| 21 |
), |
|
| 22 |
migrations.RemoveField( |
|
| 23 |
model_name='libertyfederation', |
|
| 24 |
name='nsp', |
|
| 25 |
), |
|
| 26 |
migrations.AlterField( |
|
| 27 |
model_name='libertyfederation', |
|
| 28 |
name='sp', |
|
| 29 |
field=models.ForeignKey(blank=True, to='saml.LibertyProvider', null=True), |
|
| 30 |
preserve_default=True, |
|
| 31 |
), |
|
| 32 |
migrations.DeleteModel( |
|
| 33 |
name='LibertyServiceProvider', |
|
| 34 |
), |
|
| 35 |
] |
|
| src/authentic2/saml/models.py | ||
|---|---|---|
| 319 | 319 |
ssl_certificate = models.TextField(blank=True) |
| 320 | 320 |
ca_cert_chain = models.TextField(blank=True) |
| 321 | 321 |
federation_source = models.CharField(max_length=64, blank=True, null=True) |
| 322 |
enabled = models.BooleanField(verbose_name = _('Enabled'),
|
|
| 323 |
default=False, db_index=True) |
|
| 324 |
enable_following_sp_options_policy = models.BooleanField(verbose_name = \ |
|
| 325 |
_('The following options policy will apply except if a policy for all service provider is defined.'),
|
|
| 326 |
default=False) |
|
| 327 |
sp_options_policy = models.ForeignKey(SPOptionsIdPPolicy, |
|
| 328 |
related_name="sp_options_policy", |
|
| 329 |
verbose_name=_('service provider options policy'), blank=True,
|
|
| 330 |
null=True, |
|
| 331 |
on_delete=models.SET_NULL) |
|
| 332 |
users_can_manage_federations = models.BooleanField( |
|
| 333 |
verbose_name=_('users can manage federation'),
|
|
| 334 |
default=True, |
|
| 335 |
blank=True, |
|
| 336 |
db_index=True) |
|
| 322 | 337 | |
| 323 | 338 |
attributes = GenericRelation(SAMLAttribute) |
| 324 | 339 | |
| ... | ... | |
| 379 | 394 |
except ObjectDoesNotExist: |
| 380 | 395 |
raise RuntimeError('Default %s is missing' % model)
|
| 381 | 396 | |
| 382 |
# TODO: The IdP must look to the preferred binding order for sso in the SP metadata (AssertionConsumerService) |
|
| 383 |
# expect if the protocol for response is defined in the request (ProtocolBinding attribute) |
|
| 384 |
class LibertyServiceProvider(models.Model): |
|
| 385 |
liberty_provider = models.OneToOneField(LibertyProvider, |
|
| 386 |
primary_key = True, related_name = 'service_provider') |
|
| 387 |
enabled = models.BooleanField(verbose_name = _('Enabled'),
|
|
| 388 |
default=False, db_index=True) |
|
| 389 |
enable_following_sp_options_policy = models.BooleanField(verbose_name = \ |
|
| 390 |
_('The following options policy will apply except if a policy for all service provider is defined.'),
|
|
| 391 |
default=False) |
|
| 392 |
sp_options_policy = models.ForeignKey(SPOptionsIdPPolicy, |
|
| 393 |
related_name="sp_options_policy", |
|
| 394 |
verbose_name=_('service provider options policy'), blank=True,
|
|
| 395 |
null=True, |
|
| 396 |
on_delete=models.SET_NULL) |
|
| 397 |
users_can_manage_federations = models.BooleanField( |
|
| 398 |
verbose_name=_('users can manage federation'),
|
|
| 399 |
default=True, |
|
| 400 |
blank=True, |
|
| 401 |
db_index=True) |
|
| 402 | ||
| 403 |
objects = managers.GetByLibertyProviderManager() |
|
| 404 | ||
| 405 |
def natural_key(self): |
|
| 406 |
return (self.liberty_provider.slug,) |
|
| 407 | ||
| 408 |
def __unicode__(self): |
|
| 409 |
return unicode(self.liberty_provider) |
|
| 410 | ||
| 411 |
class Meta: |
|
| 412 |
verbose_name = _('SAML service provider')
|
|
| 413 |
verbose_name_plural = _('SAML service providers')
|
|
| 414 | ||
| 415 | 397 | |
| 416 | 398 |
LIBERTY_SESSION_DUMP_KIND_SP = 0 |
| 417 | 399 |
LIBERTY_SESSION_DUMP_KIND_IDP = 1 |
| ... | ... | |
| 462 | 444 |
it IdP or SP""" |
| 463 | 445 |
user = models.ForeignKey(settings.AUTH_USER_MODEL, null=True, blank=True, |
| 464 | 446 |
on_delete=models.SET_NULL) |
| 465 |
sp = models.ForeignKey('LibertyServiceProvider', null=True, blank=True)
|
|
| 447 |
sp = models.ForeignKey('LibertyProvider', null=True, blank=True)
|
|
| 466 | 448 |
name_id_format = models.CharField(max_length = 100, |
| 467 | 449 |
verbose_name = "NameIDFormat", blank=True, null=True) |
| 468 | 450 |
name_id_content = models.CharField(max_length = 100, |
| tests/test_idp_saml2.py | ||
|---|---|---|
| 98 | 98 |
metadata=sp_meta) |
| 99 | 99 |
self.liberty_provider.clean() |
| 100 | 100 |
self.liberty_provider.save() |
| 101 |
self.liberty_service_provider = saml_models.LibertyServiceProvider \ |
|
| 102 |
.objects.create( |
|
| 103 |
liberty_provider=self.liberty_provider, |
|
| 104 |
enabled=True) |
|
| 105 | 101 |
self.default_sp_options_idp_policy = saml_models.SPOptionsIdPPolicy \ |
| 106 | 102 |
.objects.create( |
| 107 | 103 |
name='Default', |
| 108 |
- |
|