diff options
| author | Simo Sorce <simo@redhat.com> | 2014-04-09 15:21:55 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2014-04-11 17:25:54 -0400 |
| commit | 11242b8a3cab8d1594644cf22285e94639cca158 (patch) | |
| tree | 38dc56263728863b22b5af1b39a1cfbc3a3bbb28 /ipsilon/tools | |
| parent | c3a2716985604564d46bc5367cf0be5e45d7f14a (diff) | |
| download | ipsilon-11242b8a3cab8d1594644cf22285e94639cca158.tar.gz ipsilon-11242b8a3cab8d1594644cf22285e94639cca158.tar.xz ipsilon-11242b8a3cab8d1594644cf22285e94639cca158.zip | |
Simplify metadata add_service signature
Add a map that takes care of the lower level lasso-related details
Signed-off-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'ipsilon/tools')
| -rwxr-xr-x | ipsilon/tools/saml2metadata.py | 28 |
1 files changed, 17 insertions, 11 deletions
diff --git a/ipsilon/tools/saml2metadata.py b/ipsilon/tools/saml2metadata.py index fc2e02c..b86e727 100755 --- a/ipsilon/tools/saml2metadata.py +++ b/ipsilon/tools/saml2metadata.py @@ -34,6 +34,16 @@ SAML2_NAMEID_MAP = { 'x509': lasso.SAML2_NAME_IDENTIFIER_FORMAT_X509, } +SAML2_SERVICE_MAP = { + 'sso-post': ('SingleSignOnService', + lasso.SAML2_METADATA_BINDING_POST), + 'sso-redirect': ('SingleSignOnService', + lasso.SAML2_METADATA_BINDING_REDIRECT), + 'logout-redirect': ('SingleLogoutService', + lasso.SAML2_METADATA_BINDING_REDIRECT), + 'response-post': ('AssertionConsumerService', + lasso.SAML2_METADATA_BINDING_POST) +} EDESC = '{%s}EntityDescriptor' % lasso.SAML2_METADATA_HREF NSMAP = { @@ -47,10 +57,6 @@ SPDESC = 'SPSSODescriptor' IDP_ROLE = 'idp' SP_ROLE = 'sp' -SSO_SERVICE = 'SingleSignOnService' -LOGOUT_SERVICE = 'SingleLogoutService' -ASSERTION_SERVICE = 'AssertionConsumerService' - def mdElement(_parent, _tag, **kwargs): tag = '{%s}%s' % (lasso.SAML2_METADATA_HREF, _tag) @@ -101,9 +107,9 @@ class Metadata(object): if enccert: self.add_cert(enccert.get_cert(), 'encryption') - def add_service(self, svctype, binding, location): - svc = mdElement(self.role, svctype) - svc.set('Binding', binding) + def add_service(self, service, location): + svc = mdElement(self.role, service[0]) + svc.set('Binding', service[1]) svc.set('Location', location) def add_allowed_name_format(self, name_format): @@ -134,9 +140,9 @@ if __name__ == '__main__': idp.set_entity_id('https://ipsilon.example.com/idp/metadata') idp.set_role(IDP_ROLE) idp.add_certs(sign_cert, enc_cert) - idp.add_service(SSO_SERVICE, lasso.SAML2_METADATA_BINDING_POST, + idp.add_service(SAML2_SERVICE_MAP['sso-post'], 'https://ipsilon.example.com/idp/saml2/POST') - idp.add_service(SSO_SERVICE, lasso.SAML2_METADATA_BINDING_REDIRECT, + idp.add_service(SAML2_SERVICE_MAP['sso-redirect'], 'https://ipsilon.example.com/idp/saml2/Redirect') for k in SAML2_NAMEID_MAP: idp.add_allowed_name_format(SAML2_NAMEID_MAP[k]) @@ -155,9 +161,9 @@ if __name__ == '__main__': sp.set_entity_id('https://ipsilon.example.com/samlsp/metadata') sp.set_role(SP_ROLE) sp.add_certs(sign_cert) - sp.add_service(LOGOUT_SERVICE, lasso.SAML2_METADATA_BINDING_REDIRECT, + sp.add_service(SAML2_SERVICE_MAP['logout-redirect'], 'https://ipsilon.example.com/samlsp/logout') - sp.add_service(ASSERTION_SERVICE, lasso.SAML2_METADATA_BINDING_POST, + sp.add_service(SAML2_SERVICE_MAP['response-post'], 'https://ipsilon.example.com/samlsp/postResponse') md_file = os.path.join(tmpdir, 'metadata.xml') sp.output(md_file) |