Révision 8533fdab
Ajouté par Jérôme Schneider il y a plus de 9 ans
mandaye/auth/saml2.py | ||
---|---|---|
12 | 12 |
from mandaye.exceptions import MandayeSamlException, ImproperlyConfigured |
13 | 13 |
from mandaye.response import _302, _401 |
14 | 14 |
from mandaye.log import logger |
15 |
from mandaye.http import HTTPResponse, HTTPHeader, HTTPRequest |
|
16 |
from mandaye.server import get_response |
|
15 |
from mandaye.http import HTTPResponse, HTTPHeader |
|
17 | 16 |
|
18 | 17 |
""" |
19 | 18 |
Mandaye saml2 authentification support |
... | ... | |
29 | 28 |
* saml2_authnresp_binding: only post is supported for now |
30 | 29 |
* saml2_authnreq_http_method: only http_redirect at the moment |
31 | 30 |
* saml2_name_identifier_format: only persistent at the moment |
31 |
* metadata_url: saml end point of the metadata |
|
32 |
* single_sign_on_post_url: saml end point of single sign on post |
|
33 |
* single_logout_url: saml end point of logout |
|
34 |
* single_logout_return_url: saml end point of the single logout return |
|
32 | 35 |
""" |
33 | 36 |
|
37 |
# XXX: remove this for the 1.0. Keep it only for compability reasons. |
|
34 | 38 |
END_POINTS_PATH = { |
35 | 39 |
'metadata': '/mandaye/metadata', |
36 | 40 |
'single_sign_on_post': '/mandaye/singleSignOnPost', |
... | ... | |
48 | 52 |
mapper: mapper's module like mandaye.mappers.linuxfr |
49 | 53 |
""" |
50 | 54 |
self.env = env |
55 |
self.END_POINTS_PATH = { |
|
56 |
'metadata': self.env['mandaye.config'].get('metadata_url', '/mandaye/metadata'), |
|
57 |
'single_sign_on_post': self.env['mandaye.config'].get('single_sign_on_post_url', '/mandaye/singleSignOnPost'), |
|
58 |
'single_logout': self.env['mandaye.config'].get('single_logout_url', '/mandaye/singleLogout'), |
|
59 |
'single_logout_return': self.env['mandaye.config'].get('single_logout_return_url', '/mandaye/singleLogoutReturn'), |
|
60 |
} |
|
51 | 61 |
for param in ('saml2_idp_metadata', |
52 | 62 |
'saml2_signature_public_key', |
53 | 63 |
'saml2_signature_private_key'): |
... | ... | |
75 | 85 |
self.metadata_map = ( |
76 | 86 |
('AssertionConsumerService', |
77 | 87 |
lasso.SAML2_METADATA_BINDING_POST , |
78 |
END_POINTS_PATH['single_sign_on_post'] |
|
88 |
self.END_POINTS_PATH['single_sign_on_post']
|
|
79 | 89 |
), |
80 | 90 |
('SingleLogoutService', |
81 | 91 |
lasso.SAML2_METADATA_BINDING_REDIRECT, |
82 |
END_POINTS_PATH['single_logout'], |
|
83 |
END_POINTS_PATH['single_logout_return']), |
|
92 |
self.END_POINTS_PATH['single_logout'],
|
|
93 |
self.END_POINTS_PATH['single_logout_return']),
|
|
84 | 94 |
) |
85 | 95 |
self.metadata_options = { 'key': public_key } |
86 | 96 |
super(SAML2Auth, self).__init__(env, mapper) |
... | ... | |
102 | 112 |
default_mapping = super(SAML2Auth, self).get_default_mapping() |
103 | 113 |
default_mapping.extend([ |
104 | 114 |
{ |
105 |
'path': r'%s$' % END_POINTS_PATH['metadata'], |
|
115 |
'path': r'%s$' % self.END_POINTS_PATH['metadata'],
|
|
106 | 116 |
'method': 'GET', |
107 | 117 |
'response': {'filter': self.metadata,} |
108 | 118 |
}, |
109 | 119 |
{ |
110 |
'path': r'%s$' % END_POINTS_PATH['single_sign_on_post'], |
|
120 |
'path': r'%s$' % self.END_POINTS_PATH['single_sign_on_post'],
|
|
111 | 121 |
'method': 'POST', |
112 | 122 |
'response': {'auth': 'single_sign_on_post'} |
113 | 123 |
}, |
114 | 124 |
{ |
115 |
'path': r'%s$' % END_POINTS_PATH['single_logout'], |
|
125 |
'path': r'%s$' % self.END_POINTS_PATH['single_logout'],
|
|
116 | 126 |
'method': 'GET', |
117 | 127 |
'response': {'auth': 'single_logout',} |
118 | 128 |
}, |
119 | 129 |
{ |
120 |
'path': r'%s$' % END_POINTS_PATH['single_logout_return'], |
|
130 |
'path': r'%s$' % self.END_POINTS_PATH['single_logout_return'],
|
|
121 | 131 |
'method': 'GET', |
122 | 132 |
'response': {'auth': 'single_logout_return',} |
123 | 133 |
}, |
... | ... | |
174 | 184 |
|
175 | 185 |
def _get_metadata(self, env): |
176 | 186 |
url_prefix = env['mandaye.scheme'] + '://' + env['HTTP_HOST'] |
177 |
metadata_path = END_POINTS_PATH['metadata'] |
|
187 |
metadata_path = self.END_POINTS_PATH['metadata']
|
|
178 | 188 |
single_sign_on_post_path = \ |
179 |
END_POINTS_PATH['single_sign_on_post'] |
|
189 |
self.END_POINTS_PATH['single_sign_on_post']
|
|
180 | 190 |
metagen = saml2utils.Saml2Metadata(url_prefix + metadata_path, |
181 | 191 |
url_prefix = url_prefix) |
182 | 192 |
metagen.add_sp_descriptor(self.metadata_map, self.metadata_options) |
Formats disponibles : Unified diff
saml2: render saml END POINTS settable in vhost configuration(s)