Révision 8533fdab
Ajouté par Jérôme Schneider il y a plus de 9 ans
| mandaye/auth/saml2.py | ||
|---|---|---|
| 12 | 12 |
from mandaye.exceptions import MandayeSamlException, ImproperlyConfigured |
| 13 | 13 |
from mandaye.response import _302, _401 |
| 14 | 14 |
from mandaye.log import logger |
| 15 |
from mandaye.http import HTTPResponse, HTTPHeader, HTTPRequest |
|
| 16 |
from mandaye.server import get_response |
|
| 15 |
from mandaye.http import HTTPResponse, HTTPHeader |
|
| 17 | 16 |
|
| 18 | 17 |
""" |
| 19 | 18 |
Mandaye saml2 authentification support |
| ... | ... | |
| 29 | 28 |
* saml2_authnresp_binding: only post is supported for now |
| 30 | 29 |
* saml2_authnreq_http_method: only http_redirect at the moment |
| 31 | 30 |
* saml2_name_identifier_format: only persistent at the moment |
| 31 |
* metadata_url: saml end point of the metadata |
|
| 32 |
* single_sign_on_post_url: saml end point of single sign on post |
|
| 33 |
* single_logout_url: saml end point of logout |
|
| 34 |
* single_logout_return_url: saml end point of the single logout return |
|
| 32 | 35 |
""" |
| 33 | 36 |
|
| 37 |
# XXX: remove this for the 1.0. Keep it only for compability reasons. |
|
| 34 | 38 |
END_POINTS_PATH = {
|
| 35 | 39 |
'metadata': '/mandaye/metadata', |
| 36 | 40 |
'single_sign_on_post': '/mandaye/singleSignOnPost', |
| ... | ... | |
| 48 | 52 |
mapper: mapper's module like mandaye.mappers.linuxfr |
| 49 | 53 |
""" |
| 50 | 54 |
self.env = env |
| 55 |
self.END_POINTS_PATH = {
|
|
| 56 |
'metadata': self.env['mandaye.config'].get('metadata_url', '/mandaye/metadata'),
|
|
| 57 |
'single_sign_on_post': self.env['mandaye.config'].get('single_sign_on_post_url', '/mandaye/singleSignOnPost'),
|
|
| 58 |
'single_logout': self.env['mandaye.config'].get('single_logout_url', '/mandaye/singleLogout'),
|
|
| 59 |
'single_logout_return': self.env['mandaye.config'].get('single_logout_return_url', '/mandaye/singleLogoutReturn'),
|
|
| 60 |
} |
|
| 51 | 61 |
for param in ('saml2_idp_metadata',
|
| 52 | 62 |
'saml2_signature_public_key', |
| 53 | 63 |
'saml2_signature_private_key'): |
| ... | ... | |
| 75 | 85 |
self.metadata_map = ( |
| 76 | 86 |
('AssertionConsumerService',
|
| 77 | 87 |
lasso.SAML2_METADATA_BINDING_POST , |
| 78 |
END_POINTS_PATH['single_sign_on_post'] |
|
| 88 |
self.END_POINTS_PATH['single_sign_on_post']
|
|
| 79 | 89 |
), |
| 80 | 90 |
('SingleLogoutService',
|
| 81 | 91 |
lasso.SAML2_METADATA_BINDING_REDIRECT, |
| 82 |
END_POINTS_PATH['single_logout'], |
|
| 83 |
END_POINTS_PATH['single_logout_return']), |
|
| 92 |
self.END_POINTS_PATH['single_logout'],
|
|
| 93 |
self.END_POINTS_PATH['single_logout_return']),
|
|
| 84 | 94 |
) |
| 85 | 95 |
self.metadata_options = { 'key': public_key }
|
| 86 | 96 |
super(SAML2Auth, self).__init__(env, mapper) |
| ... | ... | |
| 102 | 112 |
default_mapping = super(SAML2Auth, self).get_default_mapping() |
| 103 | 113 |
default_mapping.extend([ |
| 104 | 114 |
{
|
| 105 |
'path': r'%s$' % END_POINTS_PATH['metadata'], |
|
| 115 |
'path': r'%s$' % self.END_POINTS_PATH['metadata'],
|
|
| 106 | 116 |
'method': 'GET', |
| 107 | 117 |
'response': {'filter': self.metadata,}
|
| 108 | 118 |
}, |
| 109 | 119 |
{
|
| 110 |
'path': r'%s$' % END_POINTS_PATH['single_sign_on_post'], |
|
| 120 |
'path': r'%s$' % self.END_POINTS_PATH['single_sign_on_post'],
|
|
| 111 | 121 |
'method': 'POST', |
| 112 | 122 |
'response': {'auth': 'single_sign_on_post'}
|
| 113 | 123 |
}, |
| 114 | 124 |
{
|
| 115 |
'path': r'%s$' % END_POINTS_PATH['single_logout'], |
|
| 125 |
'path': r'%s$' % self.END_POINTS_PATH['single_logout'],
|
|
| 116 | 126 |
'method': 'GET', |
| 117 | 127 |
'response': {'auth': 'single_logout',}
|
| 118 | 128 |
}, |
| 119 | 129 |
{
|
| 120 |
'path': r'%s$' % END_POINTS_PATH['single_logout_return'], |
|
| 130 |
'path': r'%s$' % self.END_POINTS_PATH['single_logout_return'],
|
|
| 121 | 131 |
'method': 'GET', |
| 122 | 132 |
'response': {'auth': 'single_logout_return',}
|
| 123 | 133 |
}, |
| ... | ... | |
| 174 | 184 |
|
| 175 | 185 |
def _get_metadata(self, env): |
| 176 | 186 |
url_prefix = env['mandaye.scheme'] + '://' + env['HTTP_HOST'] |
| 177 |
metadata_path = END_POINTS_PATH['metadata'] |
|
| 187 |
metadata_path = self.END_POINTS_PATH['metadata']
|
|
| 178 | 188 |
single_sign_on_post_path = \ |
| 179 |
END_POINTS_PATH['single_sign_on_post'] |
|
| 189 |
self.END_POINTS_PATH['single_sign_on_post']
|
|
| 180 | 190 |
metagen = saml2utils.Saml2Metadata(url_prefix + metadata_path, |
| 181 | 191 |
url_prefix = url_prefix) |
| 182 | 192 |
metagen.add_sp_descriptor(self.metadata_map, self.metadata_options) |
Formats disponibles : Unified diff
saml2: render saml END POINTS settable in vhost configuration(s)