diff options
-rwxr-xr-x | ipsilon/providers/saml2/provider.py | 20 | ||||
-rwxr-xr-x | ipsilon/providers/saml2idp.py | 4 | ||||
-rw-r--r-- | ipsilon/tools/__init__.py | 0 | ||||
-rwxr-xr-x | ipsilon/tools/certs.py (renamed from ipsilon/providers/saml2/certs.py) | 0 | ||||
-rwxr-xr-x | ipsilon/tools/saml2metadata.py (renamed from ipsilon/providers/saml2/metadata.py) | 20 | ||||
-rwxr-xr-x | setup.py | 3 |
6 files changed, 24 insertions, 23 deletions
diff --git a/ipsilon/providers/saml2/provider.py b/ipsilon/providers/saml2/provider.py index 73ff005..7d47363 100755 --- a/ipsilon/providers/saml2/provider.py +++ b/ipsilon/providers/saml2/provider.py @@ -18,23 +18,11 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. from ipsilon.providers.common import ProviderException +from ipsilon.tools.saml2metadata import SAML2_NAMEID_MAP import cherrypy import lasso -NAMEID_MAP = { - 'email': lasso.SAML2_NAME_IDENTIFIER_FORMAT_EMAIL, - 'encrypted': lasso.SAML2_NAME_IDENTIFIER_FORMAT_ENCRYPTED, - 'entity': lasso.SAML2_NAME_IDENTIFIER_FORMAT_ENTITY, - 'kerberos': lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS, - 'persistent': lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT, - 'transient': lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT, - 'unspecified': lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED, - 'windows': lasso.SAML2_NAME_IDENTIFIER_FORMAT_WINDOWS, - 'x509': lasso.SAML2_NAME_IDENTIFIER_FORMAT_X509, -} - - class InvalidProviderId(ProviderException): def __init__(self, code): @@ -129,14 +117,14 @@ class ServiceProvider(object): def get_valid_nameid(self, nip): self._debug('Requested NameId [%s]' % (nip.format,)) if nip.format is None: - return NAMEID_MAP[self.default_nameid] + return SAML2_NAMEID_MAP[self.default_nameid] elif nip.format == lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED: - return NAMEID_MAP[self.default_nameid] + return SAML2_NAMEID_MAP[self.default_nameid] else: allowed = self.allowed_nameids self._debug('Allowed NameIds %s' % (repr(allowed))) for nameid in allowed: - if nip.format == NAMEID_MAP[nameid]: + if nip.format == SAML2_NAMEID_MAP[nameid]: return nip.format raise NameIdNotAllowed(nip.format) diff --git a/ipsilon/providers/saml2idp.py b/ipsilon/providers/saml2idp.py index 1922c53..87cc7f6 100755 --- a/ipsilon/providers/saml2idp.py +++ b/ipsilon/providers/saml2idp.py @@ -21,9 +21,9 @@ from ipsilon.providers.common import ProviderBase, ProviderPageBase from ipsilon.providers.common import FACILITY from ipsilon.providers.saml2.auth import AuthenticateRequest from ipsilon.providers.saml2.admin import AdminPage -from ipsilon.providers.saml2.certs import Certificate from ipsilon.providers.saml2.provider import IdentityProvider -from ipsilon.providers.saml2 import metadata +from ipsilon.tools.certs import Certificate +from ipsilon.tools import saml2metadata as metadata from ipsilon.util.user import UserSession from ipsilon.util.plugin import PluginObject import cherrypy diff --git a/ipsilon/tools/__init__.py b/ipsilon/tools/__init__.py new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/ipsilon/tools/__init__.py diff --git a/ipsilon/providers/saml2/certs.py b/ipsilon/tools/certs.py index dc08e08..dc08e08 100755 --- a/ipsilon/providers/saml2/certs.py +++ b/ipsilon/tools/certs.py diff --git a/ipsilon/providers/saml2/metadata.py b/ipsilon/tools/saml2metadata.py index 0effd4c..fc2e02c 100755 --- a/ipsilon/providers/saml2/metadata.py +++ b/ipsilon/tools/saml2metadata.py @@ -17,11 +17,24 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -from ipsilon.providers.saml2.certs import Certificate +from ipsilon.tools.certs import Certificate from lxml import etree import lasso +SAML2_NAMEID_MAP = { + 'email': lasso.SAML2_NAME_IDENTIFIER_FORMAT_EMAIL, + 'encrypted': lasso.SAML2_NAME_IDENTIFIER_FORMAT_ENCRYPTED, + 'entity': lasso.SAML2_NAME_IDENTIFIER_FORMAT_ENTITY, + 'kerberos': lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS, + 'persistent': lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT, + 'transient': lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT, + 'unspecified': lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED, + 'windows': lasso.SAML2_NAME_IDENTIFIER_FORMAT_WINDOWS, + 'x509': lasso.SAML2_NAME_IDENTIFIER_FORMAT_X509, +} + + EDESC = '{%s}EntityDescriptor' % lasso.SAML2_METADATA_HREF NSMAP = { 'md': lasso.SAML2_METADATA_HREF, @@ -105,7 +118,6 @@ class Metadata(object): if __name__ == '__main__': - from ipsilon.providers.saml2.provider import NAMEID_MAP import tempfile import shutil import os @@ -126,8 +138,8 @@ if __name__ == '__main__': 'https://ipsilon.example.com/idp/saml2/POST') idp.add_service(SSO_SERVICE, lasso.SAML2_METADATA_BINDING_REDIRECT, 'https://ipsilon.example.com/idp/saml2/Redirect') - for k in NAMEID_MAP: - idp.add_allowed_name_format(NAMEID_MAP[k]) + for k in SAML2_NAMEID_MAP: + idp.add_allowed_name_format(SAML2_NAMEID_MAP[k]) md_file = os.path.join(tmpdir, 'metadata.xml') idp.output(md_file) with open(md_file) as fd: @@ -27,7 +27,8 @@ setup( version = '0.1', license = 'GPLv3+', packages = ['ipsilon', 'ipsilon.admin', 'ipsilon.login', 'ipsilon.util', - 'ipsilon.providers', 'ipsilon.providers.saml2'], + 'ipsilon.providers', 'ipsilon.providers.saml2', + 'ipsilon.tools'], data_files = [('share/man/man7', ["man/ipsilon.7"]), ('share/doc/ipsilon', ['COPYING']), ('share/doc/ipsilon/examples', ['examples/ipsilon.conf', |