diff options
author | Simo Sorce <simo@redhat.com> | 2014-04-03 15:42:35 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2014-04-04 12:58:24 -0400 |
commit | ed5ed179806c921036cf811e1890408aac072bef (patch) | |
tree | bd7e18f61678a5fb6ff3de5641324b3f80b12f65 /ipsilon/providers/saml2 | |
parent | c67d1a3583a6eda8c626c6d1d9cb42547d7a5b68 (diff) | |
download | ipsilon-ed5ed179806c921036cf811e1890408aac072bef.tar.gz ipsilon-ed5ed179806c921036cf811e1890408aac072bef.tar.xz ipsilon-ed5ed179806c921036cf811e1890408aac072bef.zip |
Add Service and Identity Provider abstraction
This commit adds:
- helper functions to create new providers
- separate IdentityProvider class to represent the IDP.
Database changes:
The saml2 plugin database now contain the metadata file contents and does not
rely anymore on on-disk data.
Signed-off-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'ipsilon/providers/saml2')
-rwxr-xr-x | ipsilon/providers/saml2/auth.py | 2 | ||||
-rwxr-xr-x | ipsilon/providers/saml2/provider.py | 59 |
2 files changed, 60 insertions, 1 deletions
diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py index ff81af6..bac73a5 100755 --- a/ipsilon/providers/saml2/auth.py +++ b/ipsilon/providers/saml2/auth.py @@ -59,7 +59,7 @@ class AuthenticateRequest(ProviderPageBase): def _parse_request(self, message): - login = lasso.Login(self.cfg.idp) + login = self.cfg.idp.get_login_handler() try: login.processAuthnRequestMsg(message) diff --git a/ipsilon/providers/saml2/provider.py b/ipsilon/providers/saml2/provider.py index d3ed5da..6339450 100755 --- a/ipsilon/providers/saml2/provider.py +++ b/ipsilon/providers/saml2/provider.py @@ -109,3 +109,62 @@ class ServiceProvider(object): if 'strip domain' in self._properties: return username.split('@', 1)[0] return username + + +class ServiceProviderCreator(object): + + def __init__(self, config): + self.cfg = config + + def create_from_buffer(self, name, metabuf): + '''Test and add data''' + + test = lasso.Server() + test.addProviderFromBuffer(lasso.PROVIDER_ROLE_SP, metabuf) + newsps = test.get_providers() + if len(newsps) != 1: + raise InvalidProviderId("Metadata must contain one Provider") + + spid = newsps.keys()[0] + data = self.cfg.get_data(name='id', value=spid) + if len(data) != 0: + raise InvalidProviderId("Provider Already Exists") + datum = {'id': spid, 'name': name, 'type': 'SP', 'metadata': metabuf} + self.cfg.new_datum(datum) + + data = self.cfg.get_data(name='id', value=spid) + if len(data) != 1: + raise InvalidProviderId("Internal Error") + idval = data.keys()[0] + data = self.cfg.get_data(idval=idval) + sp = data[idval] + self.cfg.idp.add_provider(sp) + + return ServiceProvider(self.cfg, spid) + + +class IdentityProvider(object): + def __init__(self, config): + self.server = lasso.Server(config.idp_metadata_file, + config.idp_key_file, + None, + config.idp_certificate_file) + self.server.role = lasso.PROVIDER_ROLE_IDP + + def add_provider(self, sp): + self.server.addProviderFromBuffer(lasso.PROVIDER_ROLE_SP, + sp['metadata']) + self._debug('Added SP %s' % sp['name']) + + def get_login_handler(self, dump=None): + if dump: + return lasso.Login.newFromDump(self.server, dump) + else: + return lasso.Login(self.server) + + def get_providers(self): + return self.server.get_providers() + + def _debug(self, fact): + if cherrypy.config.get('debug', False): + cherrypy.log(fact) |