summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xipsilon/providers/saml2/provider.py20
-rwxr-xr-xipsilon/providers/saml2idp.py4
-rw-r--r--ipsilon/tools/__init__.py0
-rwxr-xr-xipsilon/tools/certs.py (renamed from ipsilon/providers/saml2/certs.py)0
-rwxr-xr-xipsilon/tools/saml2metadata.py (renamed from ipsilon/providers/saml2/metadata.py)20
-rwxr-xr-xsetup.py3
6 files changed, 24 insertions, 23 deletions
diff --git a/ipsilon/providers/saml2/provider.py b/ipsilon/providers/saml2/provider.py
index 73ff005..7d47363 100755
--- a/ipsilon/providers/saml2/provider.py
+++ b/ipsilon/providers/saml2/provider.py
@@ -18,23 +18,11 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from ipsilon.providers.common import ProviderException
+from ipsilon.tools.saml2metadata import SAML2_NAMEID_MAP
import cherrypy
import lasso
-NAMEID_MAP = {
- 'email': lasso.SAML2_NAME_IDENTIFIER_FORMAT_EMAIL,
- 'encrypted': lasso.SAML2_NAME_IDENTIFIER_FORMAT_ENCRYPTED,
- 'entity': lasso.SAML2_NAME_IDENTIFIER_FORMAT_ENTITY,
- 'kerberos': lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS,
- 'persistent': lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT,
- 'transient': lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT,
- 'unspecified': lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED,
- 'windows': lasso.SAML2_NAME_IDENTIFIER_FORMAT_WINDOWS,
- 'x509': lasso.SAML2_NAME_IDENTIFIER_FORMAT_X509,
-}
-
-
class InvalidProviderId(ProviderException):
def __init__(self, code):
@@ -129,14 +117,14 @@ class ServiceProvider(object):
def get_valid_nameid(self, nip):
self._debug('Requested NameId [%s]' % (nip.format,))
if nip.format is None:
- return NAMEID_MAP[self.default_nameid]
+ return SAML2_NAMEID_MAP[self.default_nameid]
elif nip.format == lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED:
- return NAMEID_MAP[self.default_nameid]
+ return SAML2_NAMEID_MAP[self.default_nameid]
else:
allowed = self.allowed_nameids
self._debug('Allowed NameIds %s' % (repr(allowed)))
for nameid in allowed:
- if nip.format == NAMEID_MAP[nameid]:
+ if nip.format == SAML2_NAMEID_MAP[nameid]:
return nip.format
raise NameIdNotAllowed(nip.format)
diff --git a/ipsilon/providers/saml2idp.py b/ipsilon/providers/saml2idp.py
index 1922c53..87cc7f6 100755
--- a/ipsilon/providers/saml2idp.py
+++ b/ipsilon/providers/saml2idp.py
@@ -21,9 +21,9 @@ from ipsilon.providers.common import ProviderBase, ProviderPageBase
from ipsilon.providers.common import FACILITY
from ipsilon.providers.saml2.auth import AuthenticateRequest
from ipsilon.providers.saml2.admin import AdminPage
-from ipsilon.providers.saml2.certs import Certificate
from ipsilon.providers.saml2.provider import IdentityProvider
-from ipsilon.providers.saml2 import metadata
+from ipsilon.tools.certs import Certificate
+from ipsilon.tools import saml2metadata as metadata
from ipsilon.util.user import UserSession
from ipsilon.util.plugin import PluginObject
import cherrypy
diff --git a/ipsilon/tools/__init__.py b/ipsilon/tools/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/ipsilon/tools/__init__.py
diff --git a/ipsilon/providers/saml2/certs.py b/ipsilon/tools/certs.py
index dc08e08..dc08e08 100755
--- a/ipsilon/providers/saml2/certs.py
+++ b/ipsilon/tools/certs.py
diff --git a/ipsilon/providers/saml2/metadata.py b/ipsilon/tools/saml2metadata.py
index 0effd4c..fc2e02c 100755
--- a/ipsilon/providers/saml2/metadata.py
+++ b/ipsilon/tools/saml2metadata.py
@@ -17,11 +17,24 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-from ipsilon.providers.saml2.certs import Certificate
+from ipsilon.tools.certs import Certificate
from lxml import etree
import lasso
+SAML2_NAMEID_MAP = {
+ 'email': lasso.SAML2_NAME_IDENTIFIER_FORMAT_EMAIL,
+ 'encrypted': lasso.SAML2_NAME_IDENTIFIER_FORMAT_ENCRYPTED,
+ 'entity': lasso.SAML2_NAME_IDENTIFIER_FORMAT_ENTITY,
+ 'kerberos': lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS,
+ 'persistent': lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT,
+ 'transient': lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT,
+ 'unspecified': lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED,
+ 'windows': lasso.SAML2_NAME_IDENTIFIER_FORMAT_WINDOWS,
+ 'x509': lasso.SAML2_NAME_IDENTIFIER_FORMAT_X509,
+}
+
+
EDESC = '{%s}EntityDescriptor' % lasso.SAML2_METADATA_HREF
NSMAP = {
'md': lasso.SAML2_METADATA_HREF,
@@ -105,7 +118,6 @@ class Metadata(object):
if __name__ == '__main__':
- from ipsilon.providers.saml2.provider import NAMEID_MAP
import tempfile
import shutil
import os
@@ -126,8 +138,8 @@ if __name__ == '__main__':
'https://ipsilon.example.com/idp/saml2/POST')
idp.add_service(SSO_SERVICE, lasso.SAML2_METADATA_BINDING_REDIRECT,
'https://ipsilon.example.com/idp/saml2/Redirect')
- for k in NAMEID_MAP:
- idp.add_allowed_name_format(NAMEID_MAP[k])
+ for k in SAML2_NAMEID_MAP:
+ idp.add_allowed_name_format(SAML2_NAMEID_MAP[k])
md_file = os.path.join(tmpdir, 'metadata.xml')
idp.output(md_file)
with open(md_file) as fd:
diff --git a/setup.py b/setup.py
index 846698b..3de7faa 100755
--- a/setup.py
+++ b/setup.py
@@ -27,7 +27,8 @@ setup(
version = '0.1',
license = 'GPLv3+',
packages = ['ipsilon', 'ipsilon.admin', 'ipsilon.login', 'ipsilon.util',
- 'ipsilon.providers', 'ipsilon.providers.saml2'],
+ 'ipsilon.providers', 'ipsilon.providers.saml2',
+ 'ipsilon.tools'],
data_files = [('share/man/man7', ["man/ipsilon.7"]),
('share/doc/ipsilon', ['COPYING']),
('share/doc/ipsilon/examples', ['examples/ipsilon.conf',