diff options
| author | Simo Sorce <simo@redhat.com> | 2015-01-19 17:02:41 -0500 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2015-01-29 10:58:06 -0500 |
| commit | 963a764f9c310d8cf068dbec7f8dfe8ee666abaa (patch) | |
| tree | fede363db0282d54de93322225306e1fa35a4c9c | |
| parent | c9634b76395ec44f36cddc883a523f90d9360971 (diff) | |
| download | ipsilon-963a764f9c310d8cf068dbec7f8dfe8ee666abaa.tar.gz ipsilon-963a764f9c310d8cf068dbec7f8dfe8ee666abaa.tar.xz ipsilon-963a764f9c310d8cf068dbec7f8dfe8ee666abaa.zip | |
Add Metadata Generator helper class
Signed-off-by: Simo Sorce <simo@redhat.com>
| -rw-r--r-- | ipsilon/providers/saml2idp.py | 40 |
1 files changed, 24 insertions, 16 deletions
diff --git a/ipsilon/providers/saml2idp.py b/ipsilon/providers/saml2idp.py index 4afe7d3..298a205 100644 --- a/ipsilon/providers/saml2idp.py +++ b/ipsilon/providers/saml2idp.py @@ -242,6 +242,27 @@ Provides SAML 2.0 authentication infrastructure. """ self.admin.add_sps() +class IdpMetadataGenerator(object): + + def __init__(self, url, idp_cert): + self.meta = metadata.Metadata(metadata.IDP_ROLE) + self.meta.set_entity_id('%s/saml2/metadata' % url) + self.meta.add_certs(idp_cert, idp_cert) + self.meta.add_service(metadata.SAML2_SERVICE_MAP['sso-post'], + '%s/saml2/SSO/POST' % url) + self.meta.add_service(metadata.SAML2_SERVICE_MAP['sso-redirect'], + '%s/saml2/SSO/Redirect' % url) + self.meta.add_allowed_name_format( + lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT) + self.meta.add_allowed_name_format( + lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT) + self.meta.add_allowed_name_format( + lasso.SAML2_NAME_IDENTIFIER_FORMAT_EMAIL) + + def output(self, path=None): + return self.meta.output(path) + + class Installer(object): def __init__(self, *pargs): @@ -270,23 +291,10 @@ class Installer(object): proto = 'https' if opts['secure'].lower() == 'no': proto = 'http' - url = '%s://%s/%s/saml2' % (proto, opts['hostname'], opts['instance']) - meta = metadata.Metadata(metadata.IDP_ROLE) - meta.set_entity_id(url + '/metadata') - meta.add_certs(cert, cert) - meta.add_service(metadata.SAML2_SERVICE_MAP['sso-post'], - url + '/SSO/POST') - meta.add_service(metadata.SAML2_SERVICE_MAP['sso-redirect'], - url + '/SSO/Redirect') - - meta.add_allowed_name_format( - lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT) - meta.add_allowed_name_format( - lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT) - meta.add_allowed_name_format( - lasso.SAML2_NAME_IDENTIFIER_FORMAT_EMAIL) + url = '%s://%s/%s' % (proto, opts['hostname'], opts['instance']) + meta = IdpMetadataGenerator(url, cert) if 'krb' in opts and opts['krb'] == 'yes': - meta.add_allowed_name_format( + meta.meta.add_allowed_name_format( lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS) meta.output(os.path.join(path, 'metadata.xml')) |