diff options
author | Rob Crittenden <rcritten@redhat.com> | 2015-03-19 15:15:26 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2015-03-23 18:00:15 -0400 |
commit | 217cabe5a2b0950b9ac4090568aa8986d51f4fc5 (patch) | |
tree | e8dc27cb25ba009234f96a0b4689119f55ae6c46 /ipsilon/providers/saml2idp.py | |
parent | 2ab0852570e3e18dfd7d959ae7c3bd62ea33dcca (diff) | |
download | ipsilon-217cabe5a2b0950b9ac4090568aa8986d51f4fc5.tar.gz ipsilon-217cabe5a2b0950b9ac4090568aa8986d51f4fc5.tar.xz ipsilon-217cabe5a2b0950b9ac4090568aa8986d51f4fc5.zip |
Implement urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
This also makes persistent the default NameID format when generating
metadata.
https://fedorahosted.org/ipsilon/ticket/27
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'ipsilon/providers/saml2idp.py')
-rw-r--r-- | ipsilon/providers/saml2idp.py | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/ipsilon/providers/saml2idp.py b/ipsilon/providers/saml2idp.py index 96a7d11..5d8aa03 100644 --- a/ipsilon/providers/saml2idp.py +++ b/ipsilon/providers/saml2idp.py @@ -33,6 +33,7 @@ from datetime import timedelta import lasso import os import time +import uuid class Redirect(AuthenticateRequest): @@ -194,6 +195,10 @@ Provides SAML 2.0 authentication infrastructure. """ 'idp key file', 'The IdP Certificate Key genearated at install time.', 'certificate.key'), + pconfig.String( + 'idp nameid salt', + 'The salt used for persistent Name IDs.', + None), pconfig.Condition( 'allow self registration', 'Allow authenticated users to register applications.', @@ -253,6 +258,10 @@ Provides SAML 2.0 authentication infrastructure. """ self.get_config_value('idp key file')) @property + def idp_nameid_salt(self): + return self.get_config_value('idp nameid salt') + + @property def default_allowed_nameids(self): return self.get_config_value('default allowed nameids') @@ -324,10 +333,10 @@ class IdpMetadataGenerator(object): self.meta.add_service(metadata.SAML2_SERVICE_MAP['logout-redirect'], '%s/saml2/SLO/Redirect' % url) self.meta.add_allowed_name_format( - lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT) - self.meta.add_allowed_name_format( lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT) self.meta.add_allowed_name_format( + lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT) + self.meta.add_allowed_name_format( lasso.SAML2_NAME_IDENTIFIER_FORMAT_EMAIL) def output(self, path=None): @@ -379,7 +388,8 @@ class Installer(ProviderInstaller): config = {'idp storage path': path, 'idp metadata file': 'metadata.xml', 'idp certificate file': cert.cert, - 'idp key file': cert.key} + 'idp key file': cert.key, + 'idp nameid salt': uuid.uuid4().hex} po.save_plugin_config(config) # Update global config to add login plugin |