From c3e309ca9aed29575108b31d46071d32a429e80d Mon Sep 17 00:00:00 2001 From: Giuseppe Date: Fri, 23 Jul 2021 14:49:17 +0200 Subject: [PATCH 01/11] feat: added djangosaml2 example sp for CI needs --- .github/release-drafter.yml | 54 +++ .github/workflows/python-app.yml | 57 +++ .github/workflows/release-drafter.yml | 17 + .gitignore | 1 + example/metadata/idp/spid-sp-test.xml | 1 + example/metadata/sp/djangosaml2_sp | 35 ++ example_sp/djangosaml2_sp/README.md | 19 + .../djangosaml2_sp/certificates/private.key | 28 ++ .../certificates/private_key.pem | 117 ++++++ .../djangosaml2_sp/certificates/public.cert | 19 + .../certificates/public_key.pem | 21 ++ .../custom_accounts/__init__.py | 1 + .../djangosaml2_sp/custom_accounts/admin.py | 46 +++ .../djangosaml2_sp/custom_accounts/apps.py | 7 + .../migrations/0001_initial.py | 48 +++ .../migrations/0002_auto_20190402_0836.py | 18 + .../migrations/0003_alter_user_options.py | 17 + .../custom_accounts/migrations/__init__.py} | 0 .../djangosaml2_sp/custom_accounts/models.py | 41 ++ .../custom_accounts/templatetags/__init__.py} | 0 .../custom_accounts/templatetags/has_group.py | 9 + .../djangosaml2_sp/custom_accounts/tests.py | 3 + .../djangosaml2_sp/custom_accounts/urls.py | 23 ++ .../djangosaml2_sp/custom_accounts/views.py | 16 + .../djangosaml2_sp/djangosaml2_sp/__init__.py | 0 .../djangosaml2_sp/djangosaml2_sp/settings.py | 126 +++++++ .../djangosaml2_sp/settingslocal.py | 63 ++++ .../djangosaml2_sp/sp_pysaml2_satosa.py | 219 +++++++++++ .../djangosaml2_sp/djangosaml2_sp/sqlite3.db | Bin 0 -> 208896 bytes .../djangosaml2_sp/djangosaml2_sp/urls.py | 32 ++ .../djangosaml2_sp/djangosaml2_sp/wsgi.py | 16 + example_sp/djangosaml2_sp/manage.py | 15 + example_sp/djangosaml2_sp/requirements.txt | 7 + example_sp/djangosaml2_sp/run.sh | 2 + .../djangosaml2_sp/saml2_sp/__init__.py | 0 .../saml2_config/attribute-maps/__init__.py | 0 .../saml2_config/attribute-maps/adfs_v1x.py | 20 + .../saml2_config/attribute-maps/adfs_v20.py | 47 +++ .../saml2_config/attribute-maps}/basic.py | 0 .../attribute-maps/django_saml_uri.py | 19 + .../saml2_config/attribute-maps/saml_uri.py | 354 ++++++++++++++++++ .../attribute-maps}/shibboleth_uri.py | 0 .../saml2_config/satosa-saml2spid.xml | 55 +++ example_sp/djangosaml2_sp/saml2_sp/urls.py | 9 + example_sp/djangosaml2_sp/saml2_sp/utils.py | 24 ++ example_sp/djangosaml2_sp/saml2_sp/views.py | 54 +++ .../djangosaml2_sp/tests/request_saml_auth.py | 175 +++++++++ example_sp/{ => pysaml2}/README.md | 0 example_sp/{ => pysaml2}/requirements.txt | 0 .../pysaml2/sp-repoze/attributemaps/basic.py | 326 ++++++++++++++++ .../sp-repoze/attributemaps/saml_uri.py | 0 .../sp-repoze/attributemaps/shibboleth_uri.py | 190 ++++++++++ example_sp/{ => pysaml2}/sp-repoze/sp.py | 0 example_sp/{ => pysaml2}/sp-repoze/sp_conf.py | 0 .../sp-repoze/sp_conf.py.example | 0 example_sp/{ => pysaml2}/sp-repoze/who.ini | 0 example_sp/pysaml2/sp-wsgi/metadata.xml | 0 .../{ => pysaml2}/sp-wsgi/service_conf.py | 0 .../sp-wsgi/service_conf.py.example | 0 example_sp/{ => pysaml2}/sp-wsgi/sp.py | 0 example_sp/pysaml2/sp-wsgi/sp.xml | 0 example_sp/{ => pysaml2}/sp-wsgi/sp_conf.py | 0 .../{ => pysaml2}/sp-wsgi/sp_conf.py.example | 0 example_sp/{ => pysaml2}/start.sh | 0 64 files changed, 2351 insertions(+) create mode 100644 .github/release-drafter.yml create mode 100644 .github/workflows/python-app.yml create mode 100644 .github/workflows/release-drafter.yml create mode 100644 example/metadata/idp/spid-sp-test.xml create mode 100644 example/metadata/sp/djangosaml2_sp create mode 100644 example_sp/djangosaml2_sp/README.md create mode 100644 example_sp/djangosaml2_sp/certificates/private.key create mode 100644 example_sp/djangosaml2_sp/certificates/private_key.pem create mode 100644 example_sp/djangosaml2_sp/certificates/public.cert create mode 100644 example_sp/djangosaml2_sp/certificates/public_key.pem create mode 100644 example_sp/djangosaml2_sp/custom_accounts/__init__.py create mode 100644 example_sp/djangosaml2_sp/custom_accounts/admin.py create mode 100644 example_sp/djangosaml2_sp/custom_accounts/apps.py create mode 100644 example_sp/djangosaml2_sp/custom_accounts/migrations/0001_initial.py create mode 100644 example_sp/djangosaml2_sp/custom_accounts/migrations/0002_auto_20190402_0836.py create mode 100644 example_sp/djangosaml2_sp/custom_accounts/migrations/0003_alter_user_options.py rename example_sp/{sp-wsgi/metadata.xml => djangosaml2_sp/custom_accounts/migrations/__init__.py} (100%) create mode 100644 example_sp/djangosaml2_sp/custom_accounts/models.py rename example_sp/{sp-wsgi/sp.xml => djangosaml2_sp/custom_accounts/templatetags/__init__.py} (100%) create mode 100644 example_sp/djangosaml2_sp/custom_accounts/templatetags/has_group.py create mode 100644 example_sp/djangosaml2_sp/custom_accounts/tests.py create mode 100644 example_sp/djangosaml2_sp/custom_accounts/urls.py create mode 100644 example_sp/djangosaml2_sp/custom_accounts/views.py create mode 100644 example_sp/djangosaml2_sp/djangosaml2_sp/__init__.py create mode 100644 example_sp/djangosaml2_sp/djangosaml2_sp/settings.py create mode 100644 example_sp/djangosaml2_sp/djangosaml2_sp/settingslocal.py create mode 100644 example_sp/djangosaml2_sp/djangosaml2_sp/sp_pysaml2_satosa.py create mode 100644 example_sp/djangosaml2_sp/djangosaml2_sp/sqlite3.db create mode 100644 example_sp/djangosaml2_sp/djangosaml2_sp/urls.py create mode 100644 example_sp/djangosaml2_sp/djangosaml2_sp/wsgi.py create mode 100755 example_sp/djangosaml2_sp/manage.py create mode 100644 example_sp/djangosaml2_sp/requirements.txt create mode 100755 example_sp/djangosaml2_sp/run.sh create mode 100644 example_sp/djangosaml2_sp/saml2_sp/__init__.py create mode 100644 example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/__init__.py create mode 100644 example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/adfs_v1x.py create mode 100644 example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/adfs_v20.py rename example_sp/{sp-repoze/attributemaps => djangosaml2_sp/saml2_sp/saml2_config/attribute-maps}/basic.py (100%) create mode 100644 example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/django_saml_uri.py create mode 100644 example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/saml_uri.py rename example_sp/{sp-repoze/attributemaps => djangosaml2_sp/saml2_sp/saml2_config/attribute-maps}/shibboleth_uri.py (100%) create mode 100644 example_sp/djangosaml2_sp/saml2_sp/saml2_config/satosa-saml2spid.xml create mode 100644 example_sp/djangosaml2_sp/saml2_sp/urls.py create mode 100644 example_sp/djangosaml2_sp/saml2_sp/utils.py create mode 100644 example_sp/djangosaml2_sp/saml2_sp/views.py create mode 100644 example_sp/djangosaml2_sp/tests/request_saml_auth.py rename example_sp/{ => pysaml2}/README.md (100%) rename example_sp/{ => pysaml2}/requirements.txt (100%) create mode 100644 example_sp/pysaml2/sp-repoze/attributemaps/basic.py rename example_sp/{ => pysaml2}/sp-repoze/attributemaps/saml_uri.py (100%) create mode 100644 example_sp/pysaml2/sp-repoze/attributemaps/shibboleth_uri.py rename example_sp/{ => pysaml2}/sp-repoze/sp.py (100%) rename example_sp/{ => pysaml2}/sp-repoze/sp_conf.py (100%) rename example_sp/{ => pysaml2}/sp-repoze/sp_conf.py.example (100%) rename example_sp/{ => pysaml2}/sp-repoze/who.ini (100%) create mode 100644 example_sp/pysaml2/sp-wsgi/metadata.xml rename example_sp/{ => pysaml2}/sp-wsgi/service_conf.py (100%) rename example_sp/{ => pysaml2}/sp-wsgi/service_conf.py.example (100%) rename example_sp/{ => pysaml2}/sp-wsgi/sp.py (100%) create mode 100644 example_sp/pysaml2/sp-wsgi/sp.xml rename example_sp/{ => pysaml2}/sp-wsgi/sp_conf.py (100%) rename example_sp/{ => pysaml2}/sp-wsgi/sp_conf.py.example (100%) rename example_sp/{ => pysaml2}/start.sh (100%) diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml new file mode 100644 index 00000000..affd63bb --- /dev/null +++ b/.github/release-drafter.yml @@ -0,0 +1,54 @@ +name-template: 'v$RESOLVED_VERSION' +tag-template: 'v$RESOLVED_VERSION' +categories: +- + title: 'Features' + labels: + - 'enhancement' + - 'feat' + - 'feature' +- + title: 'Bug Fixes' + labels: + - 'bug' + - 'bugfix' + - 'fix' +- + title: 'Maintenance' + labels: + - 'chore' + - 'style' +change-template: '- $TITLE @$AUTHOR (#$NUMBER)' +change-title-escapes: '\<*_&' # You can add # and @ to disable mentions, and add ` to disable code blocks. +version-resolver: + major: + labels: ['major'] + minor: + labels: ['minor'] + patch: + labels: ['patch'] + default: patch +exclude-labels: ['skip'] +autolabeler: +- + label: 'bug' + branch: + - '/bug\/.+/' + - '/bugfix\/.+/' + - '/fix\/.+/' +- + label: 'enhancement' + branch: + - '/dependabot\/.+/' + - '/enhancement\/.+/' + - '/feat\/.+/' + - '/feature\/.+/' +- + label: 'chore' + branch: + - '/chore\/.+/' + - '/style\/.+/' +template: | + ## Release notes + + $CHANGES diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml new file mode 100644 index 00000000..7ac6a9a6 --- /dev/null +++ b/.github/workflows/python-app.yml @@ -0,0 +1,57 @@ +# This workflow will install Python dependencies, run tests and lint with a single version of Python +# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions + +name: Satosa-Saml2Spid + +on: + push: + branches: [ master, dev ] + pull_request: + branches: [ master, dev ] + +jobs: + build: + + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + python-version: + - '3.7' + - '3.8' + - '3.9' + + steps: + - uses: actions/checkout@v2 + - name: Set up Python ${{ matrix.python-version }} + uses: actions/setup-python@v2 + with: + python-version: ${{ matrix.python-version }} + - name: Install dependencies + run: | + python -m pip install --upgrade pip + if [ -f requirements-dev.txt ]; then pip install -r requirements-dev.txt; fi + if [ -f requirements.txt ]; then pip install -r requirements.txt; fi + pip install -r example_sp/djangosaml2_sp/requirements.txt + pip install spid-sp-test + #- name: Lint with flake8 + #run: | + ## stop the build if there are Python syntax errors or undefined names + #flake8 oidc_provider --count --select=E9,F63,F7,F82 --show-source --statistics + ## exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide + #flake8 oidc_provider --max-line-length 120 --count --exit-zero --statistics + - name: Test with django + working-directory: ./oidc_provider/tests/example + run: | + cd example_sp/djangosaml2_sp/ + bash run.sh & + sleep 5 + cd ../../example/ + mkdir -p metadata/idp + mkdir -p metadata/sp + export SATOSA_APP=/usr/local/lib/$(python -c 'import sys; print(f"python{sys.version_info.major}.{sys.version_info.minor}")')/site-packages/satosa + uwsgi --wsgi-file ../wsgi.py --https 0.0.0.0:10000,./pki/cert.pem,./pki/privkey.pem --callable app -b 32768 & + sleep 5 + spid_sp_test --idp-metadata > metadata/idp/spid-sp-test.xml + spid_sp_test --metadata-url https://localhost:10000/spidSaml2/metadata --authn-url "http://localhost:8000/saml2/login/?idp=https://localhost:10000/Saml2IDP/metadata&next=/saml2/echo_attributes&idphint=https%253A%252F%252Flocalhost%253A8080" -ap spid_sp_test.plugins.authn_request.SatosaSaml2Spid --extra --debug ERROR -tr diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml new file mode 100644 index 00000000..0916e298 --- /dev/null +++ b/.github/workflows/release-drafter.yml @@ -0,0 +1,17 @@ +name: Release drafter + +on: + push: + branches: [master, dev] + pull_request: + types: [opened, reopened, synchronize] + +jobs: + update_release_draft: + name: Update draft release + runs-on: ubuntu-latest + steps: + - + uses: release-drafter/release-drafter@v5 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.gitignore b/.gitignore index 68400713..8fb404d4 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,4 @@ example/metadata/*.md *pyFF_example/garr *pyFF_example/entities example/pki/* +example_sp/djangosaml2_sp/sqlite3.db diff --git a/example/metadata/idp/spid-sp-test.xml b/example/metadata/idp/spid-sp-test.xml new file mode 100644 index 00000000..a498163c --- /dev/null +++ b/example/metadata/idp/spid-sp-test.xml @@ -0,0 +1 @@ +yqmXnkQV7s7mz2bcIb4fLiTM/wwLaRmTTjJHW6lkafc=BLLJrRnwcYU2dobAKG9DfzyDlHkI7uLH9agT9TOkgwCXqOrhDeN/lFRrqy4gt7oii5uGlnuTmqGUW5hNGUkb6pzETu3WbTVTl8UjvdmsQcNzYNtZPhr00dawgb52j2pPt8KsJKgA4iv8Fl8ALQwVKBlJ2w20d9iWVMJLh/7CHjgzA1TfuGsaKe9vEzqXKDKRDlK614lCAGu/v0kektWtVGECT038dnAuN+KbWqCkojc3nrnAjCm3/pPQ3POzlBdKhRpN55SE29eSd49gm4rDsp9CkRDYYx3IG44ihmBNVONg8zZSp3Jc24TQ/dmS1jDK+LyJvxh6YHhs0I6ejQ6VlA==MIIEGDCCAwCgAwIBAgIJAOrYj9oLEJCwMA0GCSqGSIb3DQEBCwUAMGUxCzAJBgNVBAYTAklUMQ4wDAYDVQQIEwVJdGFseTENMAsGA1UEBxMEUm9tZTENMAsGA1UEChMEQWdJRDESMBAGA1UECxMJQWdJRCBURVNUMRQwEgYDVQQDEwthZ2lkLmdvdi5pdDAeFw0xOTA0MTExMDAyMDhaFw0yNTAzMDgxMDAyMDhaMGUxCzAJBgNVBAYTAklUMQ4wDAYDVQQIEwVJdGFseTENMAsGA1UEBxMEUm9tZTENMAsGA1UEChMEQWdJRDESMBAGA1UECxMJQWdJRCBURVNUMRQwEgYDVQQDEwthZ2lkLmdvdi5pdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK8kJVo+ugRrbbv9xhXCuVrqi4B7/MQzQc62ocwlFFujJNd4m1mXkUHFbgvwhRkQqo2DAmFeHiwCkJT3K1eeXIFhNFFroEzGPzONyekLpjNvmYIs1CFvirGOj0bkEiGaKEs+/umzGjxIhy5JQlqXE96y1+Izp2QhJimDK0/KNij8I1bzxseP0Ygc4SFveKS+7QO+PrLzWklEWGMs4DM5Zc3VRK7g4LWPWZhKdImC1rnS+/lEmHSvHisdVp/DJtbSrZwSYTRvTTz5IZDSq4kAzrDfpj16h7b3t3nFGc8UoY2Ro4tRZ3ahJ2r3b79yK6C5phY7CAANuW3gDdhVjiBNYs0CAwEAAaOByjCBxzAdBgNVHQ4EFgQU3/7kV2tbdFtphbSA4LH7+w8SkcwwgZcGA1UdIwSBjzCBjIAU3/7kV2tbdFtphbSA4LH7+w8SkcyhaaRnMGUxCzAJBgNVBAYTAklUMQ4wDAYDVQQIEwVJdGFseTENMAsGA1UEBxMEUm9tZTENMAsGA1UEChMEQWdJRDESMBAGA1UECxMJQWdJRCBURVNUMRQwEgYDVQQDEwthZ2lkLmdvdi5pdIIJAOrYj9oLEJCwMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJNFqXg/V3aimJKUmUaqmQEEoSc3qvXFITvT5f5bKw9yk/NVhR6wndL+z/24h1OdRqs76blgH8k116qWNkkDtt0AlSjQOx5qvFYh1UviOjNdRI4WkYONSw+vuavcx+fB6O5JDHNmMhMySKTnmRqTkyhjrch7zaFIWUSV7hsBuxpqmrWDoLWdXbV3eFH3mINA5AoIY/m0bZtzZ7YNgiFWzxQgekpxd0vcTseMnCcXnsAlctdir0FoCZztxMuZjlBjwLTtM6Ry3/48LMM8Z+lw7NMciKLLTGQyU8XmKKSSOh0dGh5Lrlt5GxIIJkH81C0YimWebz8464QPL3RbLnTKg+c=MIIEGDCCAwCgAwIBAgIJAOrYj9oLEJCwMA0GCSqGSIb3DQEBCwUAMGUxCzAJBgNVBAYTAklUMQ4wDAYDVQQIEwVJdGFseTENMAsGA1UEBxMEUm9tZTENMAsGA1UEChMEQWdJRDESMBAGA1UECxMJQWdJRCBURVNUMRQwEgYDVQQDEwthZ2lkLmdvdi5pdDAeFw0xOTA0MTExMDAyMDhaFw0yNTAzMDgxMDAyMDhaMGUxCzAJBgNVBAYTAklUMQ4wDAYDVQQIEwVJdGFseTENMAsGA1UEBxMEUm9tZTENMAsGA1UEChMEQWdJRDESMBAGA1UECxMJQWdJRCBURVNUMRQwEgYDVQQDEwthZ2lkLmdvdi5pdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK8kJVo+ugRrbbv9xhXCuVrqi4B7/MQzQc62ocwlFFujJNd4m1mXkUHFbgvwhRkQqo2DAmFeHiwCkJT3K1eeXIFhNFFroEzGPzONyekLpjNvmYIs1CFvirGOj0bkEiGaKEs+/umzGjxIhy5JQlqXE96y1+Izp2QhJimDK0/KNij8I1bzxseP0Ygc4SFveKS+7QO+PrLzWklEWGMs4DM5Zc3VRK7g4LWPWZhKdImC1rnS+/lEmHSvHisdVp/DJtbSrZwSYTRvTTz5IZDSq4kAzrDfpj16h7b3t3nFGc8UoY2Ro4tRZ3ahJ2r3b79yK6C5phY7CAANuW3gDdhVjiBNYs0CAwEAAaOByjCBxzAdBgNVHQ4EFgQU3/7kV2tbdFtphbSA4LH7+w8SkcwwgZcGA1UdIwSBjzCBjIAU3/7kV2tbdFtphbSA4LH7+w8SkcyhaaRnMGUxCzAJBgNVBAYTAklUMQ4wDAYDVQQIEwVJdGFseTENMAsGA1UEBxMEUm9tZTENMAsGA1UEChMEQWdJRDESMBAGA1UECxMJQWdJRCBURVNUMRQwEgYDVQQDEwthZ2lkLmdvdi5pdIIJAOrYj9oLEJCwMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJNFqXg/V3aimJKUmUaqmQEEoSc3qvXFITvT5f5bKw9yk/NVhR6wndL+z/24h1OdRqs76blgH8k116qWNkkDtt0AlSjQOx5qvFYh1UviOjNdRI4WkYONSw+vuavcx+fB6O5JDHNmMhMySKTnmRqTkyhjrch7zaFIWUSV7hsBuxpqmrWDoLWdXbV3eFH3mINA5AoIY/m0bZtzZ7YNgiFWzxQgekpxd0vcTseMnCcXnsAlctdir0FoCZztxMuZjlBjwLTtM6Ry3/48LMM8Z+lw7NMciKLLTGQyU8XmKKSSOh0dGh5Lrlt5GxIIJkH81C0YimWebz8464QPL3RbLnTKg+c=urn:oasis:names:tc:SAML:2.0:nameid-format:transient \ No newline at end of file diff --git a/example/metadata/sp/djangosaml2_sp b/example/metadata/sp/djangosaml2_sp new file mode 100644 index 00000000..06f0e285 --- /dev/null +++ b/example/metadata/sp/djangosaml2_sp @@ -0,0 +1,35 @@ +MIIDETCCAfmgAwIBAgIUPw12Gkt4agBtLBntd7RzTWwLKAYwDQYJKoZIhvcNAQEL +BQAwGDEWMBQGA1UEAwwNc3AxLnVuaWNhbC5pdDAeFw0xOTAzMjAxNDMxMTVaFw0y +OTAzMTcxNDMxMTVaMBgxFjAUBgNVBAMMDXNwMS51bmljYWwuaXQwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj0BzOt58ECsSwT049bIhmD0p7q0Y+4L7c +jrvvJYcMT7HZE+tbO4M6upkXnP+3gvPpRccaEtwJoda3gYzvF35VMzp0fCW7OmXI +R8cJtySIfzkdmmO385Tbxlp1jRxZyQtc2nPzCKeV4xlQNEinQr94nI7tMFReDejj +XKwS5RABk8KQMo2M78xa9RQyxqDC1e0ioeVQRR2og99fF3u/WOJ/JB2aETTfvInr +FIyFA5XB0roBDyM44877nRKYeMBd4kVk+fs4yu6kZm7WOXHUXFLKRuXLeVxEbZYz +SSMjncsB1U35OAt+Ozkp+12qaqMAVdGKP+xso3zGAr/5AC6CuPnrAgMBAAGjUzBR +MB0GA1UdDgQWBBR6RRoajGB1UmdiMAKSmgpL3RD0mzAfBgNVHSMEGDAWgBR6RRoa +jGB1UmdiMAKSmgpL3RD0mzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA +A4IBAQBzRUa++T0EiR+Fq4iTpKIysigV+1CeMbS+u1JaPOnMXfWmboOOVDrHhnit +bpfxm+SpbafPTz40THtfw9EKvReMjNa4HQ4vFBMwZtmYZ4piGS5PferFDzYdZG1d +S/2vcCQA4Dya/R675XKEhBdWO8JfUOL1ImMoJBa5Z+ApU8OCk8hpiJUV0akpw7jA ++VO8+VR2T+SH+3h28KOrNdraWozZ99NKqB7GUFcaxouaOkPE7mi8JyAgLZMZvJae +QeJEUI9sfavSLmvBsfbusAeCjFYCVM9MM7uZNvK6gI0Dzppl+rN7vRWcBF+oYyiS +1EX9j2GqG1yWcdGvY60GJu5Er5id +MIIDETCCAfmgAwIBAgIUPw12Gkt4agBtLBntd7RzTWwLKAYwDQYJKoZIhvcNAQEL +BQAwGDEWMBQGA1UEAwwNc3AxLnVuaWNhbC5pdDAeFw0xOTAzMjAxNDMxMTVaFw0y +OTAzMTcxNDMxMTVaMBgxFjAUBgNVBAMMDXNwMS51bmljYWwuaXQwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj0BzOt58ECsSwT049bIhmD0p7q0Y+4L7c +jrvvJYcMT7HZE+tbO4M6upkXnP+3gvPpRccaEtwJoda3gYzvF35VMzp0fCW7OmXI +R8cJtySIfzkdmmO385Tbxlp1jRxZyQtc2nPzCKeV4xlQNEinQr94nI7tMFReDejj +XKwS5RABk8KQMo2M78xa9RQyxqDC1e0ioeVQRR2og99fF3u/WOJ/JB2aETTfvInr +FIyFA5XB0roBDyM44877nRKYeMBd4kVk+fs4yu6kZm7WOXHUXFLKRuXLeVxEbZYz +SSMjncsB1U35OAt+Ozkp+12qaqMAVdGKP+xso3zGAr/5AC6CuPnrAgMBAAGjUzBR +MB0GA1UdDgQWBBR6RRoajGB1UmdiMAKSmgpL3RD0mzAfBgNVHSMEGDAWgBR6RRoa +jGB1UmdiMAKSmgpL3RD0mzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA +A4IBAQBzRUa++T0EiR+Fq4iTpKIysigV+1CeMbS+u1JaPOnMXfWmboOOVDrHhnit +bpfxm+SpbafPTz40THtfw9EKvReMjNa4HQ4vFBMwZtmYZ4piGS5PferFDzYdZG1d +S/2vcCQA4Dya/R675XKEhBdWO8JfUOL1ImMoJBa5Z+ApU8OCk8hpiJUV0akpw7jA ++VO8+VR2T+SH+3h28KOrNdraWozZ99NKqB7GUFcaxouaOkPE7mi8JyAgLZMZvJae +QeJEUI9sfavSLmvBsfbusAeCjFYCVM9MM7uZNvK6gI0Dzppl+rN7vRWcBF+oYyiS +1EX9j2GqG1yWcdGvY60GJu5Er5id +urn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:2.0:nameid-format:transientUnicalUnicalUnicalUnicalhttp://www.unical.ithttp://www.unical.itUniversita della CalabriaGiuseppeDe Marcogiuseppe.demarco@unical.itUniversita della CalabriaGiuseppeDe Marcogiuseppe.demarco@unical.it \ No newline at end of file diff --git a/example_sp/djangosaml2_sp/README.md b/example_sp/djangosaml2_sp/README.md new file mode 100644 index 00000000..34e7c75f --- /dev/null +++ b/example_sp/djangosaml2_sp/README.md @@ -0,0 +1,19 @@ +### djangosaml2-sp (SP server) +```` +sudo apt install xmlsec1 python3-dev python3-pip libssl-dev +pip3 install virtualenv + +virtualenv -ppython3 env +source env/bin/activate + +cd djangosaml2_sp +# download idp metadata to sp, not needed if remote options is enabled +wget https://localhost:10000/Saml2IDP/metadata/ -O saml2_sp/saml2_config/satosa-saml2spid.xml --no-check-certificate + +cd ../../example/metadata/sp/ +# put sp metadata to satosa +wget http://localhost:8000/saml2/metadata -O metadata/sp/djangosaml2_sp + +# run the sp test +./manage.py runserver 0.0.0.0:8000 +```` diff --git a/example_sp/djangosaml2_sp/certificates/private.key b/example_sp/djangosaml2_sp/certificates/private.key new file mode 100644 index 00000000..06798425 --- /dev/null +++ b/example_sp/djangosaml2_sp/certificates/private.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCj0BzOt58ECsSw +T049bIhmD0p7q0Y+4L7cjrvvJYcMT7HZE+tbO4M6upkXnP+3gvPpRccaEtwJoda3 +gYzvF35VMzp0fCW7OmXIR8cJtySIfzkdmmO385Tbxlp1jRxZyQtc2nPzCKeV4xlQ +NEinQr94nI7tMFReDejjXKwS5RABk8KQMo2M78xa9RQyxqDC1e0ioeVQRR2og99f +F3u/WOJ/JB2aETTfvInrFIyFA5XB0roBDyM44877nRKYeMBd4kVk+fs4yu6kZm7W +OXHUXFLKRuXLeVxEbZYzSSMjncsB1U35OAt+Ozkp+12qaqMAVdGKP+xso3zGAr/5 +AC6CuPnrAgMBAAECggEASyECZUhPtMHfjWEB6CfjsrMmnOtjbykSQANya+7RLjNK +xN1e3tu/hurXlb3aheaYSQ9IjkvCAOTpngXbhjhHJ3o0QAJEJ8dTsPRCc9E7/yIi +JtKNE2uyhM1G5YzPSNpszKwf64G3ooWiMWeZPqTdPcrHvj6hIvXMLqJtBMlretz2 +yuK5CstZJg7uhBGfK+uqO0YvPc65nmN+v7EVHQCw7YbBAK+j3x4L4j2wU4DYU8+o +7gDs3wUZ0yccCjNqe2WnZEdnqUFJfBQS4hweoncJ0guaQHEt+cmU+9/RiDD8SM5l +v8qftREQuRNQicvNfUCCkfDqAQygqNAqdAFMFgufEQKBgQDQdniGevawT+/dtFe3 +qYfjnKZIEx5wSinKfh8TO8JeIhCA3gZikyMcNM1Yf0YdQayv8EmdqeTjXQnOMWR5 +AsuRvkEsI2Xd7CaUVyAMTPgol9sI5pbmG5eyKoVnlbZRj2uLLvnpASqlwKX45WX4 +JB/uFSHGFSQoLLfOiieSU0mBCQKBgQDJKxjmmTJR2dd2XS5dkyThi1y2v3AvY/JZ +miJ3tTgUWBr1QhAL19jQLSWqlonq9yrYXu0aG068Ze/QG1luo3UvL0Dp2xqVxYOv +NfQyI9HucsyDUZ6RWuUCueW/JgHxEEXQVKbZTaSoJBjqqIRWSv46/jBM36oJtlZ0 +vY4k1OAEUwKBgDjPUGE1uWyrHC9LKmx+4u2Aj0AtFap8S49Hd6iCLKICnoS//PV4 +K6VQLnXjmXP3pdv8m9M/rYTYogdzJnJj9J4vPwuMSgKEjK74X196ylYlrCdsz8q9 +0kVXmSt1fU4Uy7YOg0SgcMLjEVgXDAbnsVvsnlug/02DgkPjGo2h7PIhAoGAIrK0 +UNILw+J3L4tS/ADtU5neHAdZKlNq8dmMKGmxipDH1ZXXfrN0SjP/UzU0BLstQLTe +4KnlIsnSW2rcOiEnjUPxRmTsaPjwhcAgpqVXCHH0pJHnb9rltVqrLhU4MIRGBnET +dlfWFspjIdZ/PQMiZrqBSkEp6xLwRqKLaf7txNECgYAEDbnTCzavjgQghASm3s22 +k4Wukd408kKuCkHJY/fn8MiDBxu9Y/RtiTAa2J6cy8HQ5sgnx1HMPCsS6DyyBkoG +3MZI2q0RkMNGaSDwLVo61GPinVv0ylECMKHCKLxZsU9mmunzhMhIUra2nSn0zUpm +I+aV3a2hnizaY23PtO97Hw== +-----END PRIVATE KEY----- diff --git a/example_sp/djangosaml2_sp/certificates/private_key.pem b/example_sp/djangosaml2_sp/certificates/private_key.pem new file mode 100644 index 00000000..95fa69e3 --- /dev/null +++ b/example_sp/djangosaml2_sp/certificates/private_key.pem @@ -0,0 +1,117 @@ +RSA Private-Key: (2048 bit, 2 primes) +modulus: + 00:c1:25:69:dc:c8:60:5a:02:e2:03:35:2c:be:81: + f4:7d:d0:5a:93:33:31:69:7b:5c:61:b7:62:c1:df: + e1:d1:b6:d4:f1:f4:06:30:f7:9d:a5:50:58:90:10: + e9:bf:6b:74:2a:ea:d2:be:32:d9:01:91:15:18:b0: + 54:d3:d0:93:7e:cd:0c:00:08:b0:57:b6:4e:1d:2b: + 8b:2a:aa:58:0f:40:97:a7:ae:1a:51:5b:9b:b9:f8: + af:ff:06:76:3d:bd:1d:70:83:ea:38:3a:49:9d:87: + 72:55:a2:96:f1:26:32:45:e4:aa:9c:77:ab:a0:1d: + 1d:05:27:df:49:f2:ac:f6:a9:b4:9c:e9:6b:b2:30: + 66:04:b5:f1:25:86:81:ec:e1:05:f0:55:a3:b5:55: + a7:5e:b6:89:79:53:ca:af:23:bd:5a:fc:75:de:50: + 88:27:ad:97:6d:de:66:ef:64:9a:73:ee:21:e3:10: + 99:37:48:5e:af:20:80:8a:ae:a4:e8:84:95:a8:ae: + 52:bc:7a:f8:98:dc:4b:eb:63:8e:f2:3d:c0:f0:56: + f7:43:a9:e7:bf:ae:ab:1f:fe:2c:1c:69:5e:1d:82: + fa:b4:fa:56:a0:4a:2f:d3:15:bc:17:1c:bb:66:ca: + 2e:19:38:12:67:19:6e:b2:6b:74:ca:87:d3:b4:8e: + fa:d5 +publicExponent: 65537 (0x10001) +privateExponent: + 10:2c:81:e0:eb:26:a6:62:f7:6a:2d:59:c1:da:40: + 0f:09:13:8c:a0:0c:d3:38:71:53:fd:77:57:a4:d7: + d4:27:eb:4d:17:92:2d:27:8f:1b:f8:ce:71:c1:f8: + d0:fe:be:8b:99:7e:6c:4e:f5:bd:1b:d9:18:68:2b: + b2:51:15:08:d9:42:d7:fd:e2:46:76:0d:b4:83:a0: + f3:c1:af:fe:16:fa:9c:20:08:34:27:e7:b2:7b:10: + c1:da:58:ac:72:d9:b4:42:57:aa:bd:b6:cc:6a:3b: + 38:d0:94:b3:3c:ef:98:ca:bd:3e:bd:06:b2:31:bd: + ec:60:9a:62:26:e0:35:07:7b:9d:f4:af:00:f5:e8: + 2b:b1:39:78:7b:8b:74:6f:e0:ac:45:da:cc:29:78: + 99:64:55:25:04:e5:41:27:d5:68:bd:b6:df:c5:e4: + f4:9f:c4:23:2a:17:de:ce:a7:36:06:05:5f:56:f2: + a0:e6:19:18:ab:9a:35:3c:a1:36:0f:95:3b:9b:93: + d7:9f:62:b1:15:50:53:28:02:a8:cd:81:ef:24:73: + 81:9d:ff:90:3e:f8:3a:54:6a:5f:64:1b:e8:bc:52: + ed:80:5d:4c:87:df:c4:70:c6:40:48:f0:b4:02:bd: + e1:56:c4:f6:17:df:74:ee:45:ee:c4:5c:c9:e3:05: + 41 +prime1: + 00:f4:f1:c1:41:06:fa:49:96:64:01:7e:c9:39:61: + 39:78:5e:ff:49:9c:e7:5f:38:e4:c6:19:12:d5:c0: + 1b:3a:aa:64:c3:b2:17:5e:9a:f3:33:e5:1c:49:c1: + 52:9e:b2:a0:ba:25:70:d3:02:9c:7b:dd:95:60:59: + 37:8e:f3:e7:70:76:8b:c4:fc:8e:4a:fd:b1:ac:ec: + b5:d7:e3:ae:8e:4c:9c:70:f1:0c:06:fb:6f:8d:66: + 72:6f:90:c1:a9:a1:43:ee:92:fa:34:0f:be:c3:db: + d2:ae:95:d5:bd:54:0e:ec:34:b2:e7:6d:47:34:e1: + 3b:02:ae:63:2c:f1:bf:a8:d7 +prime2: + 00:c9:dd:26:11:c6:98:f3:4e:88:ec:f5:9e:7f:c6: + d5:96:b4:1c:8d:7f:f9:a0:d4:9c:18:06:39:03:94: + 1d:1a:2c:57:87:00:56:cb:c3:bc:f7:2d:09:fe:e9: + 19:e9:9f:d8:71:31:7b:1c:6a:bf:92:45:02:68:8c: + f2:ae:16:29:ae:00:d6:73:7a:5c:e5:8f:99:04:1a: + a6:ba:01:1d:ff:4c:1b:6d:68:ef:ec:0b:38:00:ed: + f2:83:a5:1a:1d:de:61:95:01:01:de:ca:84:e0:91: + bb:76:b1:14:f0:c7:ef:6a:01:69:42:42:5d:89:14: + 77:96:d1:c6:12:51:5f:68:33 +exponent1: + 00:dc:44:02:5b:2d:a1:29:47:7a:4a:f5:ee:92:10: + e2:13:62:aa:03:52:7b:a5:df:8d:aa:ae:a5:87:5e: + 27:9e:4b:d8:2d:3b:1b:54:d1:d6:5e:16:6b:a7:cf: + 97:32:6a:c3:aa:61:3c:e2:23:f9:00:52:34:9f:dd: + da:de:4c:6b:15:71:25:23:51:51:cc:11:f3:12:e4: + 12:6a:3f:ae:9a:fc:3d:ba:3a:a9:6c:25:f3:1c:9e: + c1:cd:9d:c8:e9:77:c1:94:ea:ca:e0:c2:3f:f3:f4: + db:b2:6f:bf:33:70:41:b3:1b:78:be:30:40:d6:46: + ac:40:2e:fd:b4:4e:f8:e1:25 +exponent2: + 60:f9:b8:dc:39:48:29:3a:c5:54:f0:fa:5f:f0:29: + 93:e8:9a:fe:ef:48:01:17:a2:95:78:07:d3:cc:47: + de:d7:06:85:78:88:3a:03:a2:b8:2c:0e:ed:43:16: + 8b:c1:9a:bd:66:43:fa:76:dd:e9:6a:f5:a9:3c:6d: + 29:6c:c4:41:2f:6d:d6:b4:26:04:b2:63:94:31:29: + 7f:9a:21:cb:0f:c8:ed:5a:c8:47:e1:6b:da:26:75: + a7:00:9d:f7:53:6a:15:a7:12:3a:f1:97:bc:3a:c6: + 90:52:a9:f8:b2:54:35:dc:cf:b0:61:29:86:3d:2a: + e6:6d:88:76:2c:59:65:39 +coefficient: + 3d:3b:72:b9:7c:53:94:82:e3:91:a8:df:a9:ff:ed: + 36:bd:18:e9:d3:d4:84:db:5b:8c:af:10:4f:ed:f2: + 40:03:40:75:0a:f9:16:58:47:ed:d5:b4:c0:8f:7a: + 57:b2:40:a8:ee:37:15:47:bd:8e:78:9f:40:11:a2: + be:ad:d9:54:aa:29:4c:e1:99:e3:92:71:a3:e3:1f: + ee:43:77:1d:b7:73:b1:97:e7:04:0a:55:e3:84:5f: + 96:03:09:6a:86:9e:6d:c1:cb:a1:03:ed:9d:2e:73: + 4e:b4:a2:45:df:64:c8:fd:c7:b8:3e:32:87:16:cd: + 5c:8f:b7:b3:66:b0:08:62 +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAwSVp3MhgWgLiAzUsvoH0fdBakzMxaXtcYbdiwd/h0bbU8fQG +MPedpVBYkBDpv2t0KurSvjLZAZEVGLBU09CTfs0MAAiwV7ZOHSuLKqpYD0CXp64a +UVubufiv/wZ2Pb0dcIPqODpJnYdyVaKW8SYyReSqnHeroB0dBSffSfKs9qm0nOlr +sjBmBLXxJYaB7OEF8FWjtVWnXraJeVPKryO9Wvx13lCIJ62Xbd5m72Sac+4h4xCZ +N0heryCAiq6k6ISVqK5SvHr4mNxL62OO8j3A8Fb3Q6nnv66rH/4sHGleHYL6tPpW +oEov0xW8Fxy7ZsouGTgSZxlusmt0yofTtI761QIDAQABAoIBABAsgeDrJqZi92ot +WcHaQA8JE4ygDNM4cVP9d1ek19Qn600Xki0njxv4znHB+ND+vouZfmxO9b0b2Rho +K7JRFQjZQtf94kZ2DbSDoPPBr/4W+pwgCDQn57J7EMHaWKxy2bRCV6q9tsxqOzjQ +lLM875jKvT69BrIxvexgmmIm4DUHe530rwD16CuxOXh7i3Rv4KxF2swpeJlkVSUE +5UEn1Wi9tt/F5PSfxCMqF97OpzYGBV9W8qDmGRirmjU8oTYPlTubk9efYrEVUFMo +AqjNge8kc4Gd/5A++DpUal9kG+i8Uu2AXUyH38RwxkBI8LQCveFWxPYX33TuRe7E +XMnjBUECgYEA9PHBQQb6SZZkAX7JOWE5eF7/SZznXzjkxhkS1cAbOqpkw7IXXprz +M+UcScFSnrKguiVw0wKce92VYFk3jvPncHaLxPyOSv2xrOy11+OujkyccPEMBvtv +jWZyb5DBqaFD7pL6NA++w9vSrpXVvVQO7DSy521HNOE7Aq5jLPG/qNcCgYEAyd0m +EcaY806I7PWef8bVlrQcjX/5oNScGAY5A5QdGixXhwBWy8O89y0J/ukZ6Z/YcTF7 +HGq/kkUCaIzyrhYprgDWc3pc5Y+ZBBqmugEd/0wbbWjv7As4AO3yg6UaHd5hlQEB +3sqE4JG7drEU8MfvagFpQkJdiRR3ltHGElFfaDMCgYEA3EQCWy2hKUd6SvXukhDi +E2KqA1J7pd+Nqq6lh14nnkvYLTsbVNHWXhZrp8+XMmrDqmE84iP5AFI0n93a3kxr +FXElI1FRzBHzEuQSaj+umvw9ujqpbCXzHJ7BzZ3I6XfBlOrK4MI/8/Tbsm+/M3BB +sxt4vjBA1kasQC79tE744SUCgYBg+bjcOUgpOsVU8Ppf8CmT6Jr+70gBF6KVeAfT +zEfe1waFeIg6A6K4LA7tQxaLwZq9ZkP6dt3pavWpPG0pbMRBL23WtCYEsmOUMSl/ +miHLD8jtWshH4WvaJnWnAJ33U2oVpxI68Ze8OsaQUqn4slQ13M+wYSmGPSrmbYh2 +LFllOQKBgD07crl8U5SC45Go36n/7Ta9GOnT1ITbW4yvEE/t8kADQHUK+RZYR+3V +tMCPeleyQKjuNxVHvY54n0ARor6t2VSqKUzhmeOScaPjH+5Ddx23c7GX5wQKVeOE +X5YDCWqGnm3By6ED7Z0uc060okXfZMj9x7g+MocWzVyPt7NmsAhi +-----END RSA PRIVATE KEY----- diff --git a/example_sp/djangosaml2_sp/certificates/public.cert b/example_sp/djangosaml2_sp/certificates/public.cert new file mode 100644 index 00000000..b592324f --- /dev/null +++ b/example_sp/djangosaml2_sp/certificates/public.cert @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDETCCAfmgAwIBAgIUPw12Gkt4agBtLBntd7RzTWwLKAYwDQYJKoZIhvcNAQEL +BQAwGDEWMBQGA1UEAwwNc3AxLnVuaWNhbC5pdDAeFw0xOTAzMjAxNDMxMTVaFw0y +OTAzMTcxNDMxMTVaMBgxFjAUBgNVBAMMDXNwMS51bmljYWwuaXQwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj0BzOt58ECsSwT049bIhmD0p7q0Y+4L7c +jrvvJYcMT7HZE+tbO4M6upkXnP+3gvPpRccaEtwJoda3gYzvF35VMzp0fCW7OmXI +R8cJtySIfzkdmmO385Tbxlp1jRxZyQtc2nPzCKeV4xlQNEinQr94nI7tMFReDejj +XKwS5RABk8KQMo2M78xa9RQyxqDC1e0ioeVQRR2og99fF3u/WOJ/JB2aETTfvInr +FIyFA5XB0roBDyM44877nRKYeMBd4kVk+fs4yu6kZm7WOXHUXFLKRuXLeVxEbZYz +SSMjncsB1U35OAt+Ozkp+12qaqMAVdGKP+xso3zGAr/5AC6CuPnrAgMBAAGjUzBR +MB0GA1UdDgQWBBR6RRoajGB1UmdiMAKSmgpL3RD0mzAfBgNVHSMEGDAWgBR6RRoa +jGB1UmdiMAKSmgpL3RD0mzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA +A4IBAQBzRUa++T0EiR+Fq4iTpKIysigV+1CeMbS+u1JaPOnMXfWmboOOVDrHhnit +bpfxm+SpbafPTz40THtfw9EKvReMjNa4HQ4vFBMwZtmYZ4piGS5PferFDzYdZG1d +S/2vcCQA4Dya/R675XKEhBdWO8JfUOL1ImMoJBa5Z+ApU8OCk8hpiJUV0akpw7jA ++VO8+VR2T+SH+3h28KOrNdraWozZ99NKqB7GUFcaxouaOkPE7mi8JyAgLZMZvJae +QeJEUI9sfavSLmvBsfbusAeCjFYCVM9MM7uZNvK6gI0Dzppl+rN7vRWcBF+oYyiS +1EX9j2GqG1yWcdGvY60GJu5Er5id +-----END CERTIFICATE----- diff --git a/example_sp/djangosaml2_sp/certificates/public_key.pem b/example_sp/djangosaml2_sp/certificates/public_key.pem new file mode 100644 index 00000000..b9af2108 --- /dev/null +++ b/example_sp/djangosaml2_sp/certificates/public_key.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDgTCCAmmgAwIBAgIQMRnLuhd2NBn9BfrOZOWO6TANBgkqhkiG9w0BAQsFADAY +MRYwFAYDVQQDDA10ZXN0dW5pY2FsLml0MB4XDTE5MDMxMjEwMDQyOFoXDTIyMDIy +NDEwMDQyOFowHDEaMBgGA1UEAwwRc3AxLnRlc3R1bmljYWwuaXQwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBJWncyGBaAuIDNSy+gfR90FqTMzFpe1xh +t2LB3+HRttTx9AYw952lUFiQEOm/a3Qq6tK+MtkBkRUYsFTT0JN+zQwACLBXtk4d +K4sqqlgPQJenrhpRW5u5+K//BnY9vR1wg+o4Okmdh3JVopbxJjJF5Kqcd6ugHR0F +J99J8qz2qbSc6WuyMGYEtfElhoHs4QXwVaO1Vadetol5U8qvI71a/HXeUIgnrZdt +3mbvZJpz7iHjEJk3SF6vIICKrqTohJWorlK8eviY3EvrY47yPcDwVvdDqee/rqsf +/iwcaV4dgvq0+lagSi/TFbwXHLtmyi4ZOBJnGW6ya3TKh9O0jvrVAgMBAAGjgcIw +gb8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU9H7yL25sJZBEUINeNscO/xXS9lgwUwYD +VR0jBEwwSoAUqcIxI8gIhmtOS0y7Tfy9rPnS5vqhHKQaMBgxFjAUBgNVBAMMDXRl +c3R1bmljYWwuaXSCFCQ40u+Ci6K5V0nHPvu5Hr+GnSSvMBMGA1UdJQQMMAoGCCsG +AQUFBwMBMAsGA1UdDwQEAwIFoDAcBgNVHREEFTATghFzcDEudGVzdHVuaWNhbC5p +dDANBgkqhkiG9w0BAQsFAAOCAQEAFrG52wjUDaZuJ7qYS4XXaaJI8Dyj5E9MdxP9 +53XAdS/RYZ1oMbt96Dg9eFHERh4Y+NfOptJDjd04Qk013xbPk33iz3GRAzQEzvfb +rU+Calx+EadszUitr3aLpOMFWBkJQjvS7o8OXLmcnWOTndd+z1bEsSuzssb9BdVs +qhWVSruMJmkqBd3P9F62QJYpY70D+3nw/E8IHzT70AhJ3tEs22wASw1c1xdvdqdL +05diuf0Rkw3eaXnPROlRHqZlASPWsa01XG1uV6lR9+qrEDvOt+xwaBTmErw1q7Po +HQhTvIXadhvWqRFS1bZ1L2qfQLNqLtWJCOGq6Dyhw8nLTDyHJg== +-----END CERTIFICATE----- diff --git a/example_sp/djangosaml2_sp/custom_accounts/__init__.py b/example_sp/djangosaml2_sp/custom_accounts/__init__.py new file mode 100644 index 00000000..577d775b --- /dev/null +++ b/example_sp/djangosaml2_sp/custom_accounts/__init__.py @@ -0,0 +1 @@ +default_app_config = 'custom_accounts.apps.Custom_AccountsConfig' diff --git a/example_sp/djangosaml2_sp/custom_accounts/admin.py b/example_sp/djangosaml2_sp/custom_accounts/admin.py new file mode 100644 index 00000000..5dcc228b --- /dev/null +++ b/example_sp/djangosaml2_sp/custom_accounts/admin.py @@ -0,0 +1,46 @@ +from django.contrib import admin +from django.utils.translation import ugettext, ugettext_lazy as _ +from django.contrib.auth.admin import UserAdmin + +from .models import User + +@admin.register(User) +class CustomUserAdmin(UserAdmin): + ordering = ('username',) + readonly_fields = ('date_joined', 'last_login',) + list_display = ('username', 'matricola', 'email', + 'is_active', 'is_staff', 'is_superuser', ) + list_editable = ('is_active', 'is_staff', 'is_superuser',) + fieldsets = ( + (None, {'fields': (('username', 'is_active', + 'is_staff', 'is_superuser'), + ('password'), + ) + } + ), + (_('Angrafica'), {'fields': (( 'first_name', 'last_name'), + ( 'matricola', 'email'), + ('codice_fiscale',), + ('gender', 'location', 'birth_date'), + ) + } + ), + (_('Permissions'), {'fields': ('groups', 'user_permissions'), + 'classes':('collapse',) + } + ), + (_('Date accessi'), {'fields': (('date_joined', + 'last_login'), + ) + } + ), + ) + add_fieldsets = ( + (None, { + 'classes': ('wide',), + 'fields': ('username', 'password1', 'password2'), + }), + ) + +admin.site.unregister(User) +admin.site.register(User, CustomUserAdmin) diff --git a/example_sp/djangosaml2_sp/custom_accounts/apps.py b/example_sp/djangosaml2_sp/custom_accounts/apps.py new file mode 100644 index 00000000..ac3e0c26 --- /dev/null +++ b/example_sp/djangosaml2_sp/custom_accounts/apps.py @@ -0,0 +1,7 @@ +from django.apps import AppConfig +from django.utils.translation import ugettext_lazy as _ + + +class Custom_AccountsConfig(AppConfig): + name = 'custom_accounts' + verbose_name = _("Autenticazione e Autorizzazione Utenti") diff --git a/example_sp/djangosaml2_sp/custom_accounts/migrations/0001_initial.py b/example_sp/djangosaml2_sp/custom_accounts/migrations/0001_initial.py new file mode 100644 index 00000000..5e21e561 --- /dev/null +++ b/example_sp/djangosaml2_sp/custom_accounts/migrations/0001_initial.py @@ -0,0 +1,48 @@ +# Generated by Django 2.1.7 on 2019-03-12 15:32 + +import django.contrib.auth.models +from django.db import migrations, models +import django.utils.timezone + + +class Migration(migrations.Migration): + + initial = True + + dependencies = [ + ('auth', '0009_alter_user_last_name_max_length'), + ] + + operations = [ + migrations.CreateModel( + name='User', + fields=[ + ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('password', models.CharField(max_length=128, verbose_name='password')), + ('last_login', models.DateTimeField(blank=True, null=True, verbose_name='last login')), + ('is_superuser', models.BooleanField(default=False, help_text='Designates that this user has all permissions without explicitly assigning them.', verbose_name='superuser status')), + ('is_staff', models.BooleanField(default=False, help_text='Designates whether the user can log into this admin site.', verbose_name='staff status')), + ('date_joined', models.DateTimeField(default=django.utils.timezone.now, verbose_name='date joined')), + ('username', models.CharField(max_length=254, unique=True, verbose_name='Username')), + ('is_active', models.BooleanField(default=True, verbose_name='attivo')), + ('email', models.EmailField(blank=True, max_length=254, null=True, verbose_name='email address')), + ('matricola', models.CharField(blank=True, help_text='come rappresentata su CSA', max_length=254, null=True, verbose_name='Matricola')), + ('first_name', models.CharField(blank=True, max_length=30, null=True, verbose_name='Nome')), + ('last_name', models.CharField(blank=True, max_length=30, null=True, verbose_name='Cognome')), + ('codice_fiscale', models.CharField(blank=True, max_length=16, null=True, verbose_name='Codice Fiscale')), + ('gender', models.CharField(blank=True, choices=[('male', 'Maschio'), ('female', 'Femmina'), ('other', 'Altro')], max_length=12, null=True, verbose_name='Genere')), + ('location', models.CharField(blank=True, max_length=30, null=True, verbose_name='Luogo di nascita')), + ('birth_date', models.DateField(blank=True, null=True, verbose_name='Data di nascita')), + ('groups', models.ManyToManyField(blank=True, help_text='The groups this user belongs to. A user will get all permissions granted to each of their groups.', related_name='user_set', related_query_name='user', to='auth.Group', verbose_name='groups')), + ('user_permissions', models.ManyToManyField(blank=True, help_text='Specific permissions for this user.', related_name='user_set', related_query_name='user', to='auth.Permission', verbose_name='user permissions')), + ], + options={ + 'verbose_name_plural': 'Accounts', + 'ordering': ['username'], + 'permissions': (('can_view', 'Permesso in lettura'), ('can_view_his_own', 'Permesso in lettura esclusivamente dei propri inserimenti'), ('can_change', 'Permesso in modifica'), ('can_change_his_own', 'Permesso in modifica esclusivamente dei propri inserimenti'), ('can_delete', 'Permesso in cancellazione'), ('can_delete_his_own', 'Permesso in cancellazione esclusivamente dei propri inserimenti')), + }, + managers=[ + ('objects', django.contrib.auth.models.UserManager()), + ], + ), + ] diff --git a/example_sp/djangosaml2_sp/custom_accounts/migrations/0002_auto_20190402_0836.py b/example_sp/djangosaml2_sp/custom_accounts/migrations/0002_auto_20190402_0836.py new file mode 100644 index 00000000..8682563f --- /dev/null +++ b/example_sp/djangosaml2_sp/custom_accounts/migrations/0002_auto_20190402_0836.py @@ -0,0 +1,18 @@ +# Generated by Django 2.0.13 on 2019-04-02 08:36 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('custom_accounts', '0001_initial'), + ] + + operations = [ + migrations.RenameField( + model_name='user', + old_name='location', + new_name='place_of_birth', + ), + ] diff --git a/example_sp/djangosaml2_sp/custom_accounts/migrations/0003_alter_user_options.py b/example_sp/djangosaml2_sp/custom_accounts/migrations/0003_alter_user_options.py new file mode 100644 index 00000000..9264a0d4 --- /dev/null +++ b/example_sp/djangosaml2_sp/custom_accounts/migrations/0003_alter_user_options.py @@ -0,0 +1,17 @@ +# Generated by Django 3.2.5 on 2021-07-23 11:34 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('custom_accounts', '0002_auto_20190402_0836'), + ] + + operations = [ + migrations.AlterModelOptions( + name='user', + options={'ordering': ['username'], 'verbose_name_plural': 'Accounts'}, + ), + ] diff --git a/example_sp/sp-wsgi/metadata.xml b/example_sp/djangosaml2_sp/custom_accounts/migrations/__init__.py similarity index 100% rename from example_sp/sp-wsgi/metadata.xml rename to example_sp/djangosaml2_sp/custom_accounts/migrations/__init__.py diff --git a/example_sp/djangosaml2_sp/custom_accounts/models.py b/example_sp/djangosaml2_sp/custom_accounts/models.py new file mode 100644 index 00000000..4fba15d8 --- /dev/null +++ b/example_sp/djangosaml2_sp/custom_accounts/models.py @@ -0,0 +1,41 @@ +from django.conf import settings +from django.contrib.auth.models import AbstractUser +from django.contrib.contenttypes.models import ContentType +from django.db import models +from django.utils.translation import ugettext_lazy as _ + + +class User(AbstractUser): + GENDER= ( + ( 'male', _('Maschio')), + ( 'female', _('Femmina')), + ( 'other', _('Altro')), + ) + + # for NameID extreme lenghtness + USERNAME_FIELD = 'username' + username = models.CharField(_('Username'), max_length=254, + blank=False, null=False, unique=True) + is_active = models.BooleanField(_('attivo'), default=True) + email = models.EmailField(_('email address'), blank=True, null=True) + matricola = models.CharField(_('Matricola'), max_length=254, + blank=True, null=True, + help_text="come rappresentata su CSA") + first_name = models.CharField(_('Nome'), max_length=30, blank=True, null=True) + last_name = models.CharField(_('Cognome'), max_length=30, + blank=True, null=True) + codice_fiscale = models.CharField(_('Codice Fiscale'), max_length=16, + blank=True, null=True) + gender = models.CharField(_('Genere'), choices=GENDER, + max_length=12, blank=True, null=True) + place_of_birth = models.CharField(_('Luogo di nascita'), max_length=30, + blank=True, null=True) + birth_date = models.DateField(_('Data di nascita'), null=True, blank=True) + + class Meta: + ordering = ['username'] + verbose_name_plural = _("Accounts") + + def __str__(self): + return '{} - {} {}'.format(self.matricola, + self.first_name, self.last_name) diff --git a/example_sp/sp-wsgi/sp.xml b/example_sp/djangosaml2_sp/custom_accounts/templatetags/__init__.py similarity index 100% rename from example_sp/sp-wsgi/sp.xml rename to example_sp/djangosaml2_sp/custom_accounts/templatetags/__init__.py diff --git a/example_sp/djangosaml2_sp/custom_accounts/templatetags/has_group.py b/example_sp/djangosaml2_sp/custom_accounts/templatetags/has_group.py new file mode 100644 index 00000000..aa402dab --- /dev/null +++ b/example_sp/djangosaml2_sp/custom_accounts/templatetags/has_group.py @@ -0,0 +1,9 @@ +from django import template +from django.contrib.auth.models import Group + +register = template.Library() + +@register.filter(name='has_group') +def has_group(user, group_name): + group = Group.objects.get(name=group_name) + return group in user.groups.all() diff --git a/example_sp/djangosaml2_sp/custom_accounts/tests.py b/example_sp/djangosaml2_sp/custom_accounts/tests.py new file mode 100644 index 00000000..7ce503c2 --- /dev/null +++ b/example_sp/djangosaml2_sp/custom_accounts/tests.py @@ -0,0 +1,3 @@ +from django.test import TestCase + +# Create your tests here. diff --git a/example_sp/djangosaml2_sp/custom_accounts/urls.py b/example_sp/djangosaml2_sp/custom_accounts/urls.py new file mode 100644 index 00000000..bf7b4d3a --- /dev/null +++ b/example_sp/djangosaml2_sp/custom_accounts/urls.py @@ -0,0 +1,23 @@ +"""URL Configuration + +The `urlpatterns` list routes URLs to views. For more information please see: + https://docs.djangoproject.com/en/1.10/topics/http/urls/ +Examples: +Function views + 1. Add an import: from my_app import views + 2. Add a URL to urlpatterns: url(r'^$', views.home, name='home') +Class-based views + 1. Add an import: from other_app.views import Home + 2. Add a URL to urlpatterns: url(r'^$', Home.as_view(), name='home') +Including another URLconf + 1. Import the include() function: from django.conf.urls import url, include + 2. Add a URL to urlpatterns: url(r'^blog/', include('blog.urls')) +""" +from django.urls import path +from .views import * + +app_name="custom_accounts" +urlpatterns = [ + # path(r'^login/$', Login, name='login'), + # path('logout', Logout, name='logout'), +] diff --git a/example_sp/djangosaml2_sp/custom_accounts/views.py b/example_sp/djangosaml2_sp/custom_accounts/views.py new file mode 100644 index 00000000..aec8cb80 --- /dev/null +++ b/example_sp/djangosaml2_sp/custom_accounts/views.py @@ -0,0 +1,16 @@ +from django.http import HttpResponse, Http404, HttpResponseRedirect, HttpResponseNotFound + +from django.shortcuts import render +from django.contrib.auth.decorators import login_required +from django.shortcuts import get_object_or_404 +from .models import * +from .forms import * + +from django.utils.translation import ugettext_lazy as _ +from django.core.exceptions import ValidationError + +from django.template import RequestContext +from django.core.urlresolvers import reverse +from .functions import Form_save, Form_update + +from django.contrib.auth import authenticate, login, logout diff --git a/example_sp/djangosaml2_sp/djangosaml2_sp/__init__.py b/example_sp/djangosaml2_sp/djangosaml2_sp/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/example_sp/djangosaml2_sp/djangosaml2_sp/settings.py b/example_sp/djangosaml2_sp/djangosaml2_sp/settings.py new file mode 100644 index 00000000..c7f016f7 --- /dev/null +++ b/example_sp/djangosaml2_sp/djangosaml2_sp/settings.py @@ -0,0 +1,126 @@ +""" +Django settings for djangosaml2_sp project. + +Generated by 'django-admin startproject' using Django 2.0.5. + +For more information on this file, see +https://docs.djangoproject.com/en/2.0/topics/settings/ + +For the full list of settings and their values, see +https://docs.djangoproject.com/en/2.0/ref/settings/ +""" + +import os + +from . settingslocal import * + +# Build paths inside the project like this: os.path.join(BASE_DIR, ...) +BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) + +MIDDLEWARE = [ + 'django.middleware.security.SecurityMiddleware', + 'django.contrib.sessions.middleware.SessionMiddleware', + 'django.middleware.common.CommonMiddleware', + 'django.middleware.csrf.CsrfViewMiddleware', + 'django.contrib.auth.middleware.AuthenticationMiddleware', + 'django.contrib.messages.middleware.MessageMiddleware', + 'django.middleware.clickjacking.XFrameOptionsMiddleware', + + # SAML session with SameSite = None + 'djangosaml2.middleware.SamlSessionMiddleware' +] + +SAML_SESSION_COOKIE_NAME = 'saml_session' + +ROOT_URLCONF = 'djangosaml2_sp.urls' + +TEMPLATES = [ + { + 'BACKEND': 'django.template.backends.django.DjangoTemplates', + 'DIRS': [], + 'APP_DIRS': True, + 'OPTIONS': { + 'context_processors': [ + 'django.template.context_processors.debug', + 'django.template.context_processors.request', + 'django.contrib.auth.context_processors.auth', + 'django.contrib.messages.context_processors.messages', + ], + }, + }, +] + +WSGI_APPLICATION = 'djangosaml2_sp.wsgi.application' + +# Database +# https://docs.djangoproject.com/en/2.0/ref/settings/#databases + +DATABASES = { + 'default': { + 'ENGINE': 'django.db.backends.sqlite3', + 'NAME': 'sqlite3.db', + } +} + +DEFAULT_AUTO_FIELD = 'django.db.models.AutoField' + +# Password validation +# https://docs.djangoproject.com/en/2.0/ref/settings/#auth-password-validators + +AUTH_PASSWORD_VALIDATORS = [ + { + 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', + }, + { + 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', + }, + { + 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', + }, + { + 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', + }, +] + + +# Internationalization +# https://docs.djangoproject.com/en/2.0/topics/i18n/ + +LANGUAGE_CODE = 'en-us' + +TIME_ZONE = 'UTC' + +USE_I18N = True + +USE_L10N = True + +USE_TZ = True + + +# Static files (CSS, JavaScript, Images) +# https://docs.djangoproject.com/en/2.0/howto/static-files/ + +STATIC_URL = '/static/' + +# +SESSION_EXPIRE_AT_BROWSER_CLOSE = True +SESSION_COOKIE_AGE = 60 * 60 # an hour + +LOGIN_REDIRECT_URL = '/' +LOGOUT_REDIRECT_URL = '/' + + +if 'saml2_sp' in INSTALLED_APPS or \ + 'djangosaml2_spid' in INSTALLED_APPS: + + AUTHENTICATION_BACKENDS = ( + 'django.contrib.auth.backends.ModelBackend', + 'djangosaml2.backends.Saml2Backend', + ) + + +# SPID SP +if 'djangosaml2_spid' in INSTALLED_APPS: + from . spid_settingslocal import * +elif 'saml2_sp' in INSTALLED_APPS: + from . sp_pysaml2_satosa import * diff --git a/example_sp/djangosaml2_sp/djangosaml2_sp/settingslocal.py b/example_sp/djangosaml2_sp/djangosaml2_sp/settingslocal.py new file mode 100644 index 00000000..36ea9049 --- /dev/null +++ b/example_sp/djangosaml2_sp/djangosaml2_sp/settingslocal.py @@ -0,0 +1,63 @@ +# Quick-start development settings - unsuitable for production +# See https://docs.djangoproject.com/en/2.0/howto/deployment/checklist/ + +# SECURITY WARNING: keep the secret key used in production secret! +SECRET_KEY = 'btl-x0ja09$zqer3h^n^_ic!9h+1q0g!-wqzj&&zio@(@5p*no' + +# SECURITY WARNING: don't run with debug turned on in production! +DEBUG = True + +ALLOWED_HOSTS = ['*'] + +# Application definition + +INSTALLED_APPS = [ + # custom user model + 'custom_accounts', + + 'django.contrib.admin', + 'django.contrib.auth', + 'django.contrib.contenttypes', + 'django.contrib.sessions', + 'django.contrib.messages', + 'django.contrib.staticfiles', + + # SAML2 SP + 'djangosaml2', + 'saml2_sp', + 'djangosaml2_sp' +] + +AUTH_USER_MODEL = 'custom_accounts.User' + +LOGGING = { + 'version': 1, + 'disable_existing_loggers': False, + 'filters': { + 'require_debug_false': { + '()': 'django.utils.log.RequireDebugFalse' + } + }, + 'handlers': { + 'mail_admins': { + 'level': 'ERROR', + 'filters': ['require_debug_false'], + 'class': 'django.utils.log.AdminEmailHandler' + }, + 'console': { + 'level': 'DEBUG', + 'class': 'logging.StreamHandler', + }, + }, + 'loggers': { + 'django.request': { + 'handlers': ['mail_admins'], + 'level': 'ERROR', + 'propagate': True, + }, + 'djangosaml2': { + 'handlers': ['console'], + 'level': 'DEBUG', + }, + } +} diff --git a/example_sp/djangosaml2_sp/djangosaml2_sp/sp_pysaml2_satosa.py b/example_sp/djangosaml2_sp/djangosaml2_sp/sp_pysaml2_satosa.py new file mode 100644 index 00000000..7010dc6e --- /dev/null +++ b/example_sp/djangosaml2_sp/djangosaml2_sp/sp_pysaml2_satosa.py @@ -0,0 +1,219 @@ +import os +import saml2 +from saml2.entity_category import refeds, edugain +from saml2.saml import (NAMEID_FORMAT_PERSISTENT, + NAMEID_FORMAT_TRANSIENT, + NAMEID_FORMAT_UNSPECIFIED, + NAMEID_FORMAT_EMAILADDRESS) +from saml2.sigver import get_xmlsec_binary + +# Build paths inside the project like this: os.path.join(BASE_DIR, ...) +BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) + +BASE = 'http://localhost:8000' +BASE_URL = '{}/saml2'.format(BASE) + +LOGIN_URL = '/saml2/login/' +LOGOUT_URL = '/saml2/logout/' +LOGIN_REDIRECT_URL = '/saml2/echo_attributes' + +SAML2_DEFAULT_BINDING = saml2.BINDING_HTTP_POST +SAML_CONFIG = { + 'debug' : True, + 'xmlsec_binary': get_xmlsec_binary(['/opt/local/bin', + '/usr/bin/xmlsec1']), + 'entityid': '%s/metadata/' % BASE_URL, + + # 'entity_category': [edugain.COCO, # "http://www.geant.net/uri/dataprotection-code-of-conduct/v1" + # refeds.RESEARCH_AND_SCHOLARSHIP], + + 'attribute_map_dir': 'saml2_sp/saml2_config/attribute-maps/', + 'service': { + + + 'sp': { + 'name': '%s/metadata/' % BASE_URL, + + # that's for metadata + 'name_id_format': [ + # NAMEID_FORMAT_EMAILADDRESS, + NAMEID_FORMAT_PERSISTENT, + NAMEID_FORMAT_TRANSIENT + ], + # that's for authn request + 'name_id_policy_format': NAMEID_FORMAT_TRANSIENT, + + 'endpoints': { + 'assertion_consumer_service': [ + (f'{BASE_URL}/acs/', saml2.BINDING_HTTP_POST, 1), + ], + "single_logout_service": [ + (f"{BASE_URL}/ls/post/", saml2.BINDING_HTTP_POST), + (f"{BASE_URL}/ls/", saml2.BINDING_HTTP_REDIRECT), + ], + }, # end endpoints + + # these only works using pySAML2 patched with this + # https://github.com/IdentityPython/pysaml2/pull/597 + 'signing_algorithm': saml2.xmldsig.SIG_RSA_SHA256, + 'digest_algorithm': saml2.xmldsig.DIGEST_SHA256, + + # Mandates that the identity provider MUST authenticate the + # presenter directly rather than rely on a previous security context. + "force_authn": False, + #'name_id_format_allow_create': False, + + # attributes that this project need to identify a user + # 'required_attributes': ['email', 'givenName', + # 'eduPersonaPrincipalName', 'sn', + # 'displayName'], + #'required_attributes': ['email'], + + # attributes that may be useful to have but not required + # 'optional_attributes': ['eduPersonAffiliation'], + + 'want_response_signed': True, + 'authn_requests_signed': True, + 'logout_requests_signed': True, + # Indicates that Authentication Responses to this SP must + # be signed. If set to True, the SP will not consume + # any SAML Responses that are not signed. + 'want_assertions_signed': True, + + 'only_use_keys_in_metadata': True, + + # When set to true, the SP will consume unsolicited SAML + # Responses, i.e. SAML Responses for which it has not sent + # a respective SAML Authentication Request. + 'allow_unsolicited': False, + + # Permits to have attributes not configured in attribute-mappings + # otherwise...without OID will be rejected + 'allow_unknown_attributes': True, + + }, # end sp + + }, + + # many metadata, many idp... + 'metadata': { + 'local': [ + + os.path.join(os.path.join(os.path.join(BASE_DIR, 'saml2_sp'), + 'saml2_config')), + + # os.path.join(os.path.join(os.path.join(BASE_DIR, 'saml2_sp'), + # 'saml2_config'), 'satosa_metadata.xml'), + ], + # # + + "remote": [ + # { + # "url": "https://proxy.auth.unical.it/Saml2IDP/metadata", + #"cert": "/opt/satosa-saml2/pki/frontend.cert", + #"disable_ssl_certificate_validation": True, + # }, + # { + # "url": "https://auth.unical.it/idp/metadata/", + #"disable_ssl_certificate_validation": True, + # }, + # { + # "url": "https://idp.testunical.it/idp/shibboleth", + # "disable_ssl_certificate_validation": True, + # }, + # { + # "url": "http://idp1.testunical.it:9000/idp/metadata/", + # }, + # { + # "url": "http://idp1.testunical.it:9000/idp/aa/metadata/", + # }, + # { + # 'url': 'https://localhost:10000/Saml2IDP/metadata', + # only for test purpose ! + # "disable_ssl_certificate_validation": True, + # } + ], + + # "mdq": [{ + # "url": "https://ds.testunical.it", + # "cert": "certificates/others/ds.testunical.it.cert", + # "disable_ssl_certificate_validation": True, + # }] + + }, + # avoids exception: HTTPSConnectionPool(host='satosa.testunical.it', port=443): + # Max retries exceeded with url: /idp/shibboleth (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),)) + #'ca_certs' : "/opt/satosa-saml2/pki/http_certificates/ca.crt", + + # Signing + 'key_file': BASE_DIR + '/certificates/private.key', + 'cert_file': BASE_DIR + '/certificates/public.cert', + + # Encryption + 'encryption_keypairs': [{ + 'key_file': BASE_DIR + '/certificates/private.key', + 'cert_file': BASE_DIR + '/certificates/public.cert', + }], + + # own metadata settings + 'contact_person': [ + {'given_name': 'Giuseppe', + 'sur_name': 'De Marco', + 'company': 'Universita della Calabria', + 'email_address': 'giuseppe.demarco@unical.it', + 'contact_type': 'administrative'}, + {'given_name': 'Giuseppe', + 'sur_name': 'De Marco', + 'company': 'Universita della Calabria', + 'email_address': 'giuseppe.demarco@unical.it', + 'contact_type': 'technical'}, + ], + # you can set multilanguage information here + 'organization': { + 'name': [('Unical', 'it'), ('Unical', 'en')], + 'display_name': [('Unical', 'it'), ('Unical', 'en')], + 'url': [('http://www.unical.it', 'it'), ('http://www.unical.it', 'en')], + }, + + #'valid_for': 24 * 10, +} + +CONFIG = SAML_CONFIG + +# OR NAME_ID or MAIN_ATTRIBUTE (not together!) +SAML_USE_NAME_ID_AS_USERNAME = True +# SAML_DJANGO_USER_MAIN_ATTRIBUTE = 'email' +# SAML_DJANGO_USER_MAIN_ATTRIBUTE_LOOKUP = '__iexact' + +SAML_CREATE_UNKNOWN_USER = True + +# logout +SAML_LOGOUT_REQUEST_PREFERRED_BINDING = saml2.BINDING_HTTP_POST + +SAML_ATTRIBUTE_MAPPING = { + + # django related + # 'uid': ('username', ), + + # pure oid standard + 'email': ('email', ), + 'mail': ('email',), + + # oid pure + 'cn': ('first_name', ), + 'sn': ('last_name', ), + 'schacPersonalUniqueID': ('schacPersonalUniqueID',), + 'eduPersonPrincipalName': ('eduPersonPrincipalName',), + 'eduPersonEntitlement': ('eduPersonEntitlement',), + 'schacPersonalUniqueCode': ('schacPersonalUniqueCode',), + + # spid related + 'name': ('first_name', ), + 'familyName': ('last_name', ), + 'fiscalNumber': ('codice_fiscale',), + 'placeOfBirth': ('place_of_birth',), + 'dateOfBirth': ('birth_date',), + + # unical legacy fallback + 'codice_fiscale': ('codice_fiscale',), +} diff --git a/example_sp/djangosaml2_sp/djangosaml2_sp/sqlite3.db b/example_sp/djangosaml2_sp/djangosaml2_sp/sqlite3.db new file mode 100644 index 0000000000000000000000000000000000000000..cf143609816f903e06c7ad7122bcc720a886db63 GIT binary patch literal 208896 zcmeIbdu$`wnja>1OWo7cEpgtO`${@J;-gi?X0aZuaxR2= zP%74gq{MeEHcro8>@F6LlfZTsYa_N{=Y{M)&SK*P2sViA0K4%9Uc`x=*Z~40i>z(H zhLLsP09iZ8cZ!rmNmMtxTRpd@`)EdNvFg;RbAIRfJQUzFf@A`^wL{P ziNw;+Zfqi~vReBY+XW2w(&-0+)@zd+V!^<-0f6my*Ao{Q2Zg^2*w8 zt^M3udiDQa{f}37S3kJ*4{rS@w;H#;e)I3%{L?pgAQ}F_2w(&-0vG{|07d{KfDyn5 zyow0W@2)I;^x0Oo(d{^04RA}Hb>k-kS08zi+!)0=eWKE-eZk;=cb zvUK+cTXw(OYlpk0ZMXZa9(tDAHT%8xE=7TabfrlmoGA2EE4N?*3uB-`Q=MVPiKm zN4r6zwcm5+WkP0XGR2gVD@*Izmg$7e7Sw^>4chySR_}1UYdQ|pt_Q&E?gi%luI;v) zcB4BtD<(s5?A97&1vQ#xMV(}I*a+K$#snV7c5W6Fpp_z4A&bwBvv_Q4kVJ}M=*?Tu z8lTN+jmJJqWT0i}!c72BnF2^~Qvmy2Krt}8y+uGIQW+wX=HG;jYDXDmW-~&$EzlSQ zOOX`);0EOL^0gM1f03(1AzzARjFaj6>i~vReBk(u`K78XUn>eEY+(inB zm3Nn~-c2CYz>Es-6mm#|_I~2( z=ZWdXu(^L|B8^=4UC8hKb9t^`y-FXYomDGbdlQmgOa7Zn$-kTYjpScX{@LU|f-m?7 zBY+XW2w(&-0vG{|07d{KfDyn5U<5D%7=cSg;JxLKzL7X`Gn)Q;?VHP=eVUlH<mMazJ;9OB&Xx7$yYJsPqnJQ?3FQBOE%_&w z!216`CI6e`f0q0+@CE;11TX>^0gM1f03(1AzzARjFaj6>i~vReBXF4rynAhV>7#F) zk^jH3vb^-!r!z8tcjoWa<>jUK*O6;LEdRfA6~2CgzMjbcZ(mtnTL0*j{J)-9Ub_4K z9QhyF|36;+^`+!LPyVUoAi0+mlfRk#3(5Z@`9CE8M)C*A&yvZtKU({PwZFag*Vg{h z+P|~*^K0IkzP7#gGiz_J{=cjLX!U@(d44-g17kb#c#g7ocJ_x4KX)N zlYQfZ<;1|;UogShz1(~RRw?@umGvy3mjmt0PKE3u3+i@(1cXMQ!#=0w1KXMH*GdE)9cuaoO< zPp(fhJh}c>49QiL>&eCByUU61Ca%O;ADPM5;@4f7W_)yYb#ir@?a|d+ap|w1Oph+z zTwlIHCTz2{JI%puc6Zyu)|<)Y8=uTvzj2&yn&&j#8^`G;*RQ|7eB)mHTwKa&s%xvu zH$FPP3jP2$zLkjYBYXbxTgx{-O-x^pE?kW-Oy7epT)730-$2Davj4B#`t7CU57vHT z^`EXf@F)Jk2w(&-0vG{|07d{KfDyn5U<5D%FEav8J8*@jeaI&$lN2y z4T{<%(}+eA2m@0TedZ3k$#VBIY$~1RNYk`4T#8}|*2$zYEKu~NGERnJ_E;)yGAx&3 z8x0}@6p*w@q=A!;W%q2;+M^ht%X3)gQTFOdLFU86aGNA^KLt6X{}I#WQ4xs@DhQb& z365c`v}0#%JC#avsYZ%U6VzVXGR-v2W-@!}G(~bG#RB&uX<8he;vo5+naR+OW!t91 zJ^|(@p?T$`5~tAwQciM%AT~*MlStjqK)G0MQi&tFPL@Dzou;@HOZ=RX*7>9BR3i5 zKF4NAa@wp%1%d8Ju=g40i_qebADu~CR*EI}7>Y}CCJn9WkPf>?07)M~XBrg2a2Y5C zLpZ?NmrgkiyMc<9*|Uh}>6^&@zq0nbOKbla7yv&{_Tf+bgAu?8U<5D%7y*m`MgSv# z5x@vw1TX>^ftMM9kFNeGaiJ)@l3#wbns{CX%5t2`^J+h?#<@JN`r%3rYINgybqBEm z<*k>wS#jAg0vG{|07d{KfDyn5U<5D%7y*m`MgSv#5qMq%;`9GWZ7KOLlmAch50n2C z`2T-D`M)LqKCl7)Uh=<7{>|iXCI1Ux1^o5of0+D>$zMzU>Eyqa{H5fhi~vReBY+XW2w((WPXt!3CKA^^jz2$&Kff7&egl23 zd_DgBTKxH8{JD-kmp_O<-;Y1vi$C8*pI6_BKi`f&--Qo zcoTixKp$_QkL&2;8v0m4AIs?DD*Cu`_3DiqE6_g6$$x@ciA?@c@?RwXugRC!v)OR1 zF#;F?i~vReBY+XW2w(&-0vG{|07d{K@Jb-?Gao=TzVj}8+^0gM1f03(1Acx4g5^8YK_w76mz0gM1f03(1AzzARjFaj6> zi~vReBY+V&MgYtI$57xuFaj6>i~vReBY+XW2w(&-0vG{|07d{K@X8{9`2RnC^ADGj z|7Y^QP5zbSFD9Mjdu#t}?a!|rtbMrp&sTqE_1|9|tct4}xBl?f@7(%NZ~fve>sI#G z`prMM`JdnX<(qpq|JcnB;9>lO5x@vw1TX>^0gM1f03(1Acxe&1{qf3D;Tge^AV)ELtb+lL8I50O*Of4obH>Gbhc}@_D`joTsca&@eN4# z>D_Cly!1JiPzd0<-B*$3{d!vlBO6;$9esZpV4lYaaGB>m*ha$NHL!*;)OT;}-O?f2pS zXZMz;g*{F&E#@T6dy_QN@*Ss{mMs4M&37Tqx4yfKigcU+6(;`jy?5a5UHWQVicaG& zY@Tk|lS|)!8&ZCrzB(<>$qiKOX`xOoe*djW>S@VNZlKiD;+vQ*a_+__KRU_x!u+H+;vyta z(rLBk6d`Oo&Ap~=F820MucNoKCt1$E{U|H(8YH^+Cs3lef#$pwriEVraKV>utU!Jr z(MS2szH*w+H^0gM1f;I&8K+gF7|FTHP$_S;;~Y`5BnT;O{n zlE`#SCm8na40-S&N;FRQdjUJPy@Nxt(@V4Ib~FYlzH6ljhaL6Jb(H9^dB7eF*-^%K zeU3WpTLIM|n|`m?CWqsUfA9fHbl?s$UApZJ$xf8v2K}hfbh@pBz0PPaO%6JTt0+;E z*&hwU9z_f|D%By{4BI1yDRSg-!-m!CQfnyDh{zD^A=@6C(VmlLM^tDJ4%*%QM$mFN zlJak&L}8j~bocBG9l2?O+qXC-+;3a#DC#zY@X#iZU;DS8)DKWbq-h=WBkmyM49V0W zLy>{)du@tgM+fZ`cQ|?n1kDaZ$M;8_Zp-QS+JsN`-$jY6(A&#|eZtE0*+H5NGd*Iz;jr{xufcSgJ^CG# zX#c>mn^elPDW4m-sUhJXWV}wt8@AZCW2Q%MqeKzY8aBpmG;9wXZqOWeT#K-v4N}8_ zGj!ShTPRWB?T!2}YMYkjIAekinS;n}5i~vReBY+XW2w()h+6Z9z|Et}8xbzqSi~vReBY+XW2w(&-0vG{|07d{KfDu>( z0nGom2ue5&MgSv#5x@vw1TX>^0gM1f03(1AzzARjzS;<^Uj3D&TUYKbCBMD)ch;`0 z{@~{AH`yD%^v2)1{+F-)_t!qVa`))JrT<`lJ%3^O!|UssmiWnj&$NPu-S76=;jU@h z?S8A*jp+s^ADv@Pj_$>Y=D%ZU>DvEy(H(sKOGDs`e|`P>`u29>CqKHlsbemd`3*d| z_4c-u-;(ni@>X^yzj1qRSD2){z45)E)YX|X%^DJjqArM$SEug!n!^mTVOawwq`7q29i+3(hn|LHNTTWvXckPq; z{D>fG7g1Bez}Thsm~^VaSZC6`IUV{XF_*7z+&**n!dz}|RK#ujr?KE1zRkTaM89+MCn!Ej0^WaReu1yQAh^4BM-&nBh^Rr&KCNRq! z<#7AX7oWXzef{p;#7`3Ow0ov}XTBy+Pp@b0KGT$X7UuI4^6b>=c)*0#KGm3u&406X z-WZsNKwotDJ(3{q98dg^0yWp|-${dk$KYklezk&t9EBtxlm8d zFg9y*R3paeT;jDk9rj$J3v!%k>vNAFKu*epmXbS?$w3LJ;{D1vnLh#=m99LmwaRW(N!+-#ix(M`sjf(5D~URQ>;at47YPNy>;=Z zJD2tZl~b7Ro_fu~b%RcJDjOJo;;rlJ9GCb>`egi_E5!VUxG`rmo_q9}2IVA|CvJ33 zinZ_{JYD<85B50wlLr=i#~oOAerNHu=jBcLsQAY9^){V&^mFkbm^1V3nw`#WU|Nk} z7r5o%Go7*=+M%tu>(6;$d2YX-lko95PkQ^D$50C$m+3b2^|)9tpi9@UuhVqm3t$TX zDQ?b_b1to%?%i`zJX6;`Dc|u#e|8y|lzRT{I}fj1L(8Qe*Q9$8G-CqKgMI_33eSAK zda4FzZhj9fHs9|y4(>eC6W7;2|2*-9Ig3u%+&?sXKz!Jp*8Jqcl~eiNK6n3Fak*gW zd;G!(cLCC%*#KF}F?)?3@Gu^)sdte7|JzG{eQ9mH`YX47_tuR!fB(k6ym95)zqs~b z<-c6{_VPcw@~c!;C}m*kno zUdQZqhwVccLB~5&Ds!^;1YiQQ+e2)s&DQKF19b)51K!kbAC^g^oVdMVwcEigr08zX z+}k^UC+@W#beXwB7cxc}p4}2NC&k*B2rZKmn0Bu@fX(yS*Ed458JyIMVo?T@a))N` zuxYmg=m$sDp1r--JcK%*em{*m*5v6JkqhsFeABcWyL-*9Z3Z)YdNOsK0kGma2(Y7f zlhpAot9c086@g0uwTA@9oA3P98lf)*brJwe`X$7j@8+?b0rJ^7pqMz5TuG z>z{m*cofE+@#N0QUmu_DcqccWsk@y>!eNZJbLT9*Vile5|7B)Y0q@RW(#%0 ziOv-^_cohi8kU)w&Kk!FzBw)M>1pry_POUzO?t=4Q0pDmccDnt`9(S- zNbcHuk}!@r0sXl+VRQJoCiuJ3qPc+4c2%_Y%L9pPgWjt97WrK`r2|H|g>V<$yZriKsSFIyfJJz6>h9@)Q-HHtH@xrI<8HIt#u0YtK^Uvu}FJ${zK; zJ70YIO=#e6K|TNYGt~1GX1kiMF)jyn8{j>scp+}D=;m4HW89{;hZz&-o$e@?+jlP4aD394yYEb^_&5t=4EoG7&$NOcwcHC_ z-cE`b?*q=6LTA^}c+YwAz_dzFSVHe$|Noa$t$|C05x@vw1TX>^0gM1f03(1AzzARj zFaj8X%R~Un|Cfm-&I==e5x@vw1TX>^0gM1f03(1AzzARjFaj?p0$BckIok!73L}6K zzzARjFaj6>i~vReBY+XW2w(&-0+)#Zmj5pkO`I1-03(1AzzARjFaj6>i~vReBY+XW z2w((WP6V+0|8lkqE)_-qBY+XW2w(&-0vG{|07d{KfDyn5U<57`0WAMtCYm@ei~vRe zBY+XW2w(&-0vG{|07d{KfDyn5yqpMN`Tyl?7hEcg07d{KfDyn5U<5D%7y*m`MgSv# z5x@vsCIYJ{v$rlYN1PW%03(1AzzARjFaj6>i~vReBY+XW2w(&-0xuf^SpI+6S_GE| zBY+XW2w(&-0vG{|07d{KfDyn5U<5D%myZDU|G#`pagG=Pi~vReBY+XW2w(&-0vG{| z07d{KfDw4v5J2+(+M2kO{2R%?lKkJ3jU=D^N%FgE|2X-^+TU9H^|e2_7Q#*ZgAu?8 zU<5D%7y*m`MgSv#5x@vw1TX>^fl~;4e03{95fpKc;O-Hr4U*YpxJ{C|pQ31vAV0kD zHc8Pev3~Y8y-72hboxHQQ6xitaOyULGN;H*lDwaR+zI0S^S4QAlP2zSY=%j5@15Mv z+#|>hirysCn=E;sV$u}BzB}i3W|L&^vl*6PnRm|KCN`POCQICBD28R|x6j-r;U2X~ zQupZ$OOwo7=WjDp&g4--J2$ThkN(1ETO%Svu!n4WY({%dnjKN0JveB0_ZvaW;YiA_<^W?&D2!&VU1TyC9mDwp+(oyhT|Pd^~?gd zr`ILI4udA-8Q9}eH-27Gn~gwnwY-}%3whR-UDc$@%vQHM&f=EhQkQID? zwD9w)7z(-lk*1Ay>|(iD^HpBXxd#hBFY{ED;=C$BGIG6qAS;GjrAF;1KVRl{w#$1q z#rLdSdC%0Oz-mbyrw|})QjKwG^iXpNr??deM1BBR4uu*UGzxsrE{uYmFd)jZn62ct zhQju=y_#Ils7tO<;0e8!=?Wf6+93na^8>vucI>edRW%mcM2*n1PC-ETq&ZL1jrJ0x9a8=k9Y1G@!z(5Rf%u9zbt-SZ;>^{cQ%i83FG(BH%;a0Mz) zh+1`I51~UIP9fi{1l^G+`;;Inl<4Kzonp7C z*9~`)uh@rwtrFA;`r)8dEDvm2?34lm`l9MPYFx*G<*R*Y2f`|-fCEd!&$QIB<#l?x zCI%H$o>1-UH5Tx(Q%*sQDy`|WA>ZAptC3MJHKBbG{wYi2JwxsgM!g(ZVZLwCck5{gh~a$q&duBnxJP65hR z7n=3junAa_3VgRIuCEl!9V>)3EAU+zwP~%C(#GYUUWe;M7RndL$3d#)q=^PG$ z=vj0&F!Fq8gaN#ZCrpi-VAv7?b0e%4&$SJzH{eD#p}t#Cw#X@}eN%(EV4LkY+i2XA zfu)rL+t0dIQ5sv61oa6ZO$N2?v>v2uYD3hXO~4Q4oJ`*ixyYu1i}H-ybf-0G(|P5J z@u30=@UFo87M$t}s1LM6n5THJR)BG&aASkwp*$VvR{>xhV>chO>2pW8>)J?#zKZ6` z9Mo;{o=N|KdDeCHs51m?B8!5t$OATYo-`D3U=);8O|3$II)hoRYLc5c-#r668`O!t-%IxVTPbX*vt!;{l+u5MiuEmc?A(st=?Xm;? z$OHVKf2w=X{{TC_JMF`d&2M%Ls0AL{Q6=EowA`f^Gj9bXn$P>FU)8C=NAtfRlWnIc z#d9jmWs#lB_l>&iTJS9aCt8g;%V6ibX%cO#u3U8UGbJ$Yq2TG@lprkrg<5hyDc43w}ZJ9+7F z;pb(CmlQv$27yx31X?LLy5T#`g`cmB4`KE*ENY*!@~md7Zc0*}?!wP&(sqUC%VOxW z8Xqu<@A!(+$u0c6vQJ8KuwxM;rRwE}CN&zGc|%(GdD%HsT6}1=_@I_I@|G+Xg+k9; z_<5zQ35pb2Q8uh;BwNWlYE2m}{(i-0(LO}gl)1g?4}Un(Hp~-@ zzxedc72y|@tuW0rx_fqpj@&fC?OPlZ?zb&=6m^?HcxV%_Z-u>To)L2Skx(cHFxv*Y ztVE)$(}GqS3k3rZ7AP1SgzhP<9vQyyw6m-R`zqg1Mcz5I)e`IjINwl=orO`-oKQvc ztS@D4-{mFM9SK2@ee(0?Q97+3K=S``BDHk$U%m0G*BkK1!{-*E|KPcEc+|-cp4>De-;|*JE+cDE4Sek>1CWaMx9|R@G6CyDX3p`va zfpBCr^+*^Q9`A#2PK&Y=Rtf?sM2j!sdms$drvfBMBz=%}2DS8TEQ5}Q8$m+7_g7U%_v?^(MTd>`M4OHX?g11Eg zmXx67387F0p%ZX}4Kr*WeHgSvrC>A#*tj;v<#bR(hq+@`+bfszC^W$6A6 zMFyY%@j-ckgh&enOIGxRk>KTNu{HuF2v6xCSV6wtR7jWzSmW&2qQ%Ip#T(hcD5}-z zrk|e(`Xdm6VBR&0}`brplah#rQZKn2!7Bgza%$_lfXFxM&* zGNqtjbpY!ayK{oyL zHYf%`X>+WMm6-KrLiX%hbiUm*Te?BNCKwvXEAjrB_ zVbX^mo8PRW2o#sljxax{{!zIXpSNHw`}B*?--4}3xD_$2VPot@!}h@82F-EDwFnDj zz|?Ty3|+RbdtzXCpwf~{ga~RPY1lb&4mQg1Z;b3<1{!)z%^E1!(JF6rcp517c}B^Y`_T_e@Id z8%3e7OjMTJ$LY`K)dqEAtO6B1SkZDND5K7T;7{qY8|vN`l-(vo5MrUclvq$eWmg)3 z`VeMp(bt=0ZnAlc?J;LeCckJWSA;*QYz5xl$Pc5oX<3dlCg_kkh}WPw~iZvrF(+fXe&lVbWm9_I7 zr4hKiNgCUVT3tXypWXZ)jj~zG<8SxYU>p0V`ddwAe>4bt6fxkaREKCYY>ybG$dShl z8&+wK1uZSJir= z4f#|GovIVLEluH`qMN`Z6P1UcF{42fu~W4wi2R84#U!#$Gt@&Ggw;=;|W@mkX2LQMOtWe@1t>3 zX;P8YiZU8k2~h;ysp0seEG&Od(SBu6{^Us~-)1z~W|Ul(cL-^5O@yYVr_35Vl&#)`M)DpkLVPi(i0-!Tz42_4xqRWU0oLzLHe$3yl~J{Ch^v(qy`90IW_wv|q7BLRpONbDLC z4`s1g0sUqLmOkCnNkP*I!Sm^gmXE+jNgAL@7d0L1<@-=ZfidLLP|W!ZY-&IR&4PV> zAMBk5Y@1+fLF5cWAn+(_~ksZJQ+ZKT~Tt^$J0iJHNDybi{s-y=@CQ&CG=CtB)zBbBB||krF(vtwqH#37 z!e_UWLwgR;csLe6n`K$fXHegrr~`@t@<~8`9$+tj_V*y0E1na!5U!w};lbt$qJA^> z4FEp?X%B3`d!Po}16w+X&!uK1WI;?FB3pFFKxtdj7_{KXwun?_bd7Q~2Xl z`=h+}^8xsi!1{)KE85UIE?N&@52%g0&=+7Hc92?wuv=s2KHuK-XDW7 zO3Q?+Hd+&P?`*rp^EO(SbM3(nYDch3qjl(%pGL0D#_KY=zdh?$ghW?R+tpz$n)*eQ z0#T4-f3BJNsR-`{-;H?vf2Q}uYNF?`r@t~PYnThl0j$@t4@wECa6@+B@Z13Q0RubW zTm$(dfq#nC0{@BaVH5UAEu@Neie=KMBi|^{ftldX&~u z1*?@U*aT;aD)?H084<55;G6r^G=)B4T|uVyS5h{=jQR3F;ia5Tb(#%rNUN%<8*-Me z!I}$ZV7w3is`{Q^(tKH^)U1#*;OvA;N)+2Ql_6_UU|PiUCGydKMd!-}_u+NXm-4~T z3E7fD^dcGDT58k~Og?xYj$CYB_&!`KH!B(s9@9Yp_8?@GCX7&F4CG!V2XGc8&w#NT z^ul1P%9W9qHQYnGU2qUUdfyNX?y>@BrEJ>BWs&}PBvAS#>30Z9P|7=6&h=!Aa*Sd;@crxJK2 zyOnASG|G5giCs5e_`34qY>Ag4uONpm&CnFW4qQ)B__6|yVl`|x_-db(ecpAYPEH-| zW==^Q699nt|Ls>uhaRG{=x~k@&WBpi?@P_&Gt=NA?he4_4ri^)9lZr-1;IrgY%KHb za~|?_(!nkdCqHB#bnCGb<-{f)X29mrv!*WAlQY**XW|l%T(YB1eAc?+fh&BjgU*3^ zR)L2zt!h*WvdA`1gDuc6HAfb*n}R)lENl})aZE&l3jR~MHk>_ak1A@rSy$ups&Fn^ z1ovSU>}TMsl=*tZkRMIv5g%NDq2)UK!c%z-Qt)&x3yXV-L>pvv7_cj-aSbUH0JwsT3Nr z>w_O3_??Mx_Q?e&VK|oILH$8Sg75Ls3K1OC;n)Rbct#+~`{3gTC&l2zsSxEOBeqvv z_Sl=?|0Rz-81wC+7(8+8g*A%oDs28VW^sI`1bCBaVu%RE@-(SW@saCkA#i85_d64~ii z)bf<;W5yQ&`651t4-@PKu&)#x<@*x-Coe%6X`bz0={KqOdsajqnonnVD{f;Z;Y`m^ac$8jm8x3MCQLAIiXC+ORY7+18Rj}K< zUb-}N{{PC-?=3C;-nGAtd;z}VKfl{~2TnBod*PN9dV86$Pgt2gJ4lmZrbp~I9G2ee zHJC25M+-U87vPicxNBRhkERwp64xr~rum!nrx+!>i)(3-; zs2~q3R7qCL+jiu33}DAWo|z{nAs)w?*C{y!Id0TDp6bJ?9%TfcIOGDXbJK%|T2K>! zO$*rMBvWyFHP9CuAsc)2KmPqctrID)32R*xpTZz8YaM2-n=&0v*zhoG-6{6Rr(>;y zmFx50`0l$a!teihYY;XD-F`4&8iRP=5=2SQp>*OR^)K$_QHVXTTAA8n14EPlcO*-3c_#+AS!G{L_6vv)5!&H5- zW)&n8j;tGv&@DFdy{9-2>P9u%)eJi5Hh7+{!O?jEOj1v-|1+&V=V&PqEzM7nHx;;| z9MGw{o(_6bp!WfP55EjSkqeMtinhe%;6aLyLa7>_D)evG(L;Y=R%J3j(8zotk@ zp)SLjL`rHx4z7_?rsu<+{hZb@Zz`-nKrRvC73e8fpea?!Q*(!&q7!-b_*N(UpyCnr z(OJIJg{WR)nwyI#W)OuDoaa5oVH$z044p@MKF(Ei9%_~nCqAEt>~a^^DS#b3oR@s! zdxLyT#p8>GiZ4C{f54oi7-e87%*uJ7HbVToQ_7$zrBn-@`>Gd}p-@nU6Dp?1QVqQb z-qaT}Z!KsiJ9j?q6nE;EZz~fEB^rDNnVA32vsp1zDBw373ZV{s*x)A^2_&#L0&k`b zXSaQzR00Yz#3zXCXOYgLHNXJh!U{;6I_x-fpfjt)+{l+|D~rH}4CNA@(oPLKrn~Ta z=XH^~wn(778sRnXDc8JLeC;x@)b$)vSImEoxx(kgI9PDayO=Bd%U|ynr?q<;&KRVP zyyW#R2XQ8%{8O%X&*qm^0pBd}%NmJM8`ck?O?Vw~O=F7!?>?+5M$G`i zyE^#dft`8A4+8s!08t?F!<)h6v~NfympyFM-If(Obww#l0-VQF^N2G8pG$r1&shQU zJ#ekn6t^Su;sb3fG8nDQ0#9ef$*tX^(^_)xB^J)s!1%y7ill)yB#p4Pzr@UOQ& z{M0u@Cg7Bx769L)RB!khN(uK_m4aAAuhqH&^8dX>&$LQ?rR9h+K@O`jZ>j_btVBNM zmYLGVzvgF;A}8O=o3vCEL$+@fV80gf1qaWyc&k%e{w(vsa{S7s!H{&yz~AG^`PZ zs7yk^=D-+s;Z@Suy0V@tk5`r=FB!c-%PQ0PWp zm1?r8nq*nBARH`SS0-VuUUPXRlnVmz>$+XD(5b+A?7pQKa^tn*b_4l;3C|yMxpZal z*w4G5^N=bKk+T5&yM6G<1OH3BFU9*(lF>c)Ko22ut;dg?qDyNbzk~d^FgGMm=&$>} z)X$6?q4A&!KIRI=nkGbkwL{F&j`bagqg@hBur-LhkyYj3p+h?*Gcb6(uHb#Cu}we- z+s?pHJ2{niAmknoF@Q3WjrAQ^j}CftUG)iB>oQK>RUp<~(I!R$glxw84t$>7-;v8X zldqC+PK>VQol4DTQ`Nu?@w)PQuPb|X;)iDf?J}Dzcb`a8DVjs)|F7N@mu`w{e{S_R zm;T|>&mfJ!1wX%a!S%1gi~vReBY+Y3N+IwQ`@I$6mzAx( zLy{bGV-})nQo&wlWQJq^APC#d(ZFe%(9XWS8?9T{eJ2B5)04cM7I_)({iYsY?*!nujy-5T}{sMi4(1VogJw>DWF6dPY@x zsA^r-CVGWN&h045kTkTQ^JM;wDSMR68^B%5>VZS5Eq$oSN@S@{;VGVX8=fmkTDc%o zL$aoHBRH$EIDd)4*3`h!DvH~z;W*|EvI8i8R=@v^_83`N}7?ic!3dAn_T#L%}wdP z+SZA(AQyUpOqU|X?<~M1cLwFSFHz(sN#4(-D4HP9^!i-qBFAtha#+d1*+}wEkHasgi#!VtK+{7O!T_*`2@#he0Z)WDFp z7y&pt1S&rS-X#jSIY>B{3$ebS?Q%Mt{;8723*q9Jw859bTR%OUjK&~3pB#z&6USf{ zsLh6&FVIp!h5d(EwJ8_QX*}cEvose>3Q}YB?rpv}FZI^j{=7me(uqOyXbs{A)Xi?<}tM0Q( zu|rl~?Xz<)8($-EcJW>XxIkf_FoZoBBYOL=&)9-^BrfbVAbzN)j72I>fUHi58ZbuZ z_Cc=nBVFDCHfgjUR3U08-voJsfQS{80ech_Bj_?>vx}NAlw1B-&Ifsw21%IcY@5Yb zJJ#^aw#K}${pV$@F`B5#1)b1|PPvk2jf(0L5+#6q`3n0g<27av&MoZenh|qWRzenH zT?~N_Q|uTNI$JA^K_|$avHw%_CYj!3$@>(OrU(|v|K+w*l!ldNW?*X4P^huz=H`lr z^pjih{TjacjQIm0HXX>Z&C=+h7W300Ieh>u^KyUV;k**yEgB^$+isEgS z|jAI71fn%a`sRpvtwJ8h7g;S7RWN< z6@GPjt6uziJ=*c|XgtTUSW#R-Bjm;~wh7b^AaaUpYNM=Ckj6$`jCOKW4(@@?EYr6k zN{UVSftbslTl+3+53jd6ik1sfmMSp@sgAY4=_%x^eJ14m_<^w}e`)6p2|MKbV1Wgm zfGW)C#Eap!zNB?u_8<}vZBU9Q2C6b*l^{P-)K}ZL8}|=x3^A!gzyX~r?IZqo&^5!k zWTy|`2^$!;_NIJg0#WWtb)((z%6SRma@1twP|0m!J@a$z3n4~#ydRjmFZ@c)9~RNe zYKr6AL3!XPfn19O*7jd*K07>rEHHln=kUb;AACu`%YxZtxJ{C|pCT!mjqU$nL*1VG z6*al%+jBRW;e~tddN!~@Hv#tiqxCpKv2MT*3SudgC{gA^F;`;2SH}gLEde^%5$I4u zu&sk1$5vD+0OxbA%7Wc@1orhI*nGhbZ$s=R)idDy4~m~-gr(tS?boU(c2U5)l>(^> z^=#h^#lwd3YVX%x3oi0Yk>6miMmVe;_>=@^|INI!BM~a~O3QDd%IF$7vxx0y zV*@w&mn1b|1Tk9~yO#r|KeMXe@zrJ})fB#bvB38UyhfMM5SB zMpwZ*i!awy-`U3N%IkfG7jy#1W}(#lPPI{###(;FHhifd%VplcoI}rUBY1_@6`?40 z8;VFvE%(3-xow>wo2G)fFkkO=g`7D{lDS8a8x*n0WHwpiJ_AQ67#i9CvHU+z-zxe7 z=oy@v6FHJ7OF<3JKRNaNS6bhS<^Kikw+jD2)Z7QE7LaD0XKQt-Y?9e7-lySx8gO_q zCd8+6NSkn4L0jUhte7WFd5pOspV^n=722nP>u}c&0`UE)MuOU@D=OcT2rU1<-upBH zVp)QZQr!t;)qP+RZo5j2ssiPv)WC%^*RQZ&5Y{U{(T8^`|CdZY@I}SYoua`=bSJ8k zouU0|`w0e(0^hR>qhKctVm~gh1!8;U9RCp0%krvbbgdjO$%@L>6i2PqUv2*oEU!FC zUO6xSga3bKlVtC+8J1uf5dZJv7~U8965tr#z(;H}g%@&8ehc|?e3>!4W3CE8ZW9Zf zlW!Y=x>K!p#hbn7Fd8|vr zyv4wWFG_MQOPd9^XhcET$~zsI3SRB=@vp~xa0$LNq;C@pT?>tE3m7(PL3?ESy>12b z;bWU8obQndmR4n(ZWKG3k~dhTF10is>(a0;4aHe8Qc|8j5O`IPLbfLaz&WOIJ*-Q^ zHX7th184qrB*o|hr(Vs;Wpk#YkmhUWOM~qH@RNXFD*g+9U<5D%7y*m`MgSv#5x@vw z1TX>^0gM1f03-0qA%NolUAa$h~#0P zHas85{o{}%E(E-3*J(9^1D!`?lMy0&00JG-DY$!1T?~MLt*L9`AsqJfQE&~T&~dHM z8Q2uxgFv}`J>)%;Qu{_x=qvHH^7e81^Le#_=&gLev(W1V1?7B#wD6C_x68WQZw2 z0WUEWX$n~c=k>e7La~B?Nrf1dYrOQ(EJ&mil_?=_#1I09r)z1$@eT!?2L*0VuS>v- z6EvYY0(*QE-^7UwS@Lx`OR4#htNZ&yEyxZQj&D*I4{F7rZRAI^krT^SOA;!O!NSjL z!br+@9;!vRAW&cuJBycJA?ZfT?N(%WB+I;FtHuK*rveAmqUG1&jI$J4VXx`r%3{?I z>Z)1=K8gjO*QA_64GC4_HCqu|6-7L#6pg2N-jQlWNve`guBzCKS$B3Ix{0vx`_*7v zRoHBecdKS0@GOW%q!hD@KQD`{R4g-2$WU^=6B>RwS0j25`*^|n*Rw`Vkp>X4#V|ah zFZ+%nkXwt#s;ZZPL!w;PA^NhWNuErVTUEt5eDeFt+-z(K;NJyq9I4|J0yMT#jqz*D zryKjc$6UgxoiW!jid&8OuN&^f z{wE@SHLC=CposIcRGe^rPWX)B#Jw7G6%8zi_XKT0SOpb0L|Gz!rlpQ8uLJy{VgMY= z0q}?R^%@J@qISwDh*70AeKzE~J9V^Nl@L!XX@^V-_$EC=?f}PRIk3WfA2?`RkcVeS zoxrAmw^?I7qehZ81$=O@969xJzXD~{DJ2DQ-o_Pp*KBzzA@GoDByf?ET~jOd5RaTy z7n*h8i~~+2Qi1O_#r2h9xnqUEy;R`4GU7u8pK)!B_;2AlF^BUqK<5!=a0o=tqO*aK zhj?0H0Po@nQ{yHWwnX6NHNxtAeq6wfY(jmv&U1C4xswF$UEtjHv#tf_+AT_g`UHK% z$q5`Y(|RD@PT(;My3Nykoxw$Up5k$xSFRWzDxd)G3apXAslI^f-V$N0b#0_tVeDU9p3~VEh~)YiJ;=;$3kQiz;Scj$DkjzAx2fo zp0@qjGF1FPiTmy8xLPR`XA8KrpnoYTK`uoi;v{^0oyrpU;Q$tK-+s({%TlgWR&$-4 z9IU+D5$P(9Q;}b}fDc@fWgzuw8aw{CI$0N2k<1=zoA6 z-<|g1$L2RX2Gjx%?Wh6|h%_yC>BaDYF6c9Su5A$y;g`padX5+6g~iZ;m|HL}?-{_W zY{9%!Y94dV1uzB%uze>Sn4k0(v<=K%(AF?7N_#LSPV?J)AQs4e1hLmpjE*nIZ@5Mb z#Q;T4gxFegdn~F?jIYJ$5l^0gM1f03(1AzzARjzCs9m|2g9$U6P(&M7$mm==iao9_#6~;fekq z>*-0bA$a-(lUGkqUq`m4mmr4di;5R`x%zLg^=w5#F8}4~za!9pdu@nQ{zUz^Y8FaV z)ytY{QLW1mk+@NCx8?1hs{VVt<856S7Z7X@u7zUePWjr8zersc_X zz{W@REQ;w_g`l~E{EI>|I%ks)vJkV8^}r75T6r{YKpgaA+b}oBCVUPDupn_mumfg| z(CEOsX6?EW#5M;1kvTSTu*U;#Jv~&%^K8msw>q|UgUuCuq&Oey19o?aDGJx#p2~$h|w7x#|^6sXs#yoG2BzdtgH-CUN6HO4r}hE z+OlCS&ksfUOJB>03L0xqUdtayyflzQ=b_2#tfTBR4REEcJu3&+dEc#9vyTK*{|5LM j))HbG#~a1(;AO%oJAC#*MOGieye`{nbzJ+Y@^}9KM5}r| literal 0 HcmV?d00001 diff --git a/example_sp/djangosaml2_sp/djangosaml2_sp/urls.py b/example_sp/djangosaml2_sp/djangosaml2_sp/urls.py new file mode 100644 index 00000000..21a985e9 --- /dev/null +++ b/example_sp/djangosaml2_sp/djangosaml2_sp/urls.py @@ -0,0 +1,32 @@ +from djangosaml2 import views +from django.conf import settings +from django.contrib import admin +from django.contrib.auth.views import LogoutView +from django.urls import include, path + +urlpatterns = [ + path('admin/', admin.site.urls), +] + +if 'saml2_sp' in settings.INSTALLED_APPS: + import saml2_sp.urls + SAML2_URL_PREFIX = 'saml2' + + urlpatterns.extend([ + path('', include((saml2_sp.urls, 'sp',))), + path(f'{SAML2_URL_PREFIX}/login/', views.LoginView.as_view(), name='saml2_login'), + path(f'{SAML2_URL_PREFIX}/acs/', views.AssertionConsumerServiceView.as_view(), name='saml2_acs'), + path(f'{SAML2_URL_PREFIX}/logout/', views.LogoutInitView.as_view(), name='saml2_logout'), + path(f'{SAML2_URL_PREFIX}/ls/', views.LogoutView.as_view(), name='saml2_ls'), + path(f'{SAML2_URL_PREFIX}/ls/post/', views.LogoutView.as_view(), name='saml2_ls_post'), + path(f'{SAML2_URL_PREFIX}/metadata/', views.MetadataView.as_view(), name='saml2_metadata'), + path(f'{SAML2_URL_PREFIX}/echo_attributes', views.EchoAttributesView.as_view(), name='saml2_echo_attributes'), + path('logout/', LogoutView.as_view(), {'next_page': settings.LOGOUT_REDIRECT_URL}, name='logout') + ]) + +if 'djangosaml2_spid' in settings.INSTALLED_APPS: + import djangosaml2_spid.urls + + urlpatterns.extend([ + path('', include((djangosaml2_spid.urls, 'djangosaml2_spid',))) + ]) diff --git a/example_sp/djangosaml2_sp/djangosaml2_sp/wsgi.py b/example_sp/djangosaml2_sp/djangosaml2_sp/wsgi.py new file mode 100644 index 00000000..85af338b --- /dev/null +++ b/example_sp/djangosaml2_sp/djangosaml2_sp/wsgi.py @@ -0,0 +1,16 @@ +""" +WSGI config for djangosaml2_sp project. + +It exposes the WSGI callable as a module-level variable named ``application``. + +For more information on this file, see +https://docs.djangoproject.com/en/2.0/howto/deployment/wsgi/ +""" + +import os + +from django.core.wsgi import get_wsgi_application + +os.environ.setdefault("DJANGO_SETTINGS_MODULE", "djangosaml2_sp.settings") + +application = get_wsgi_application() diff --git a/example_sp/djangosaml2_sp/manage.py b/example_sp/djangosaml2_sp/manage.py new file mode 100755 index 00000000..c8be98c3 --- /dev/null +++ b/example_sp/djangosaml2_sp/manage.py @@ -0,0 +1,15 @@ +#!/usr/bin/env python +import os +import sys + +if __name__ == "__main__": + os.environ.setdefault("DJANGO_SETTINGS_MODULE", "djangosaml2_sp.settings") + try: + from django.core.management import execute_from_command_line + except ImportError as exc: + raise ImportError( + "Couldn't import Django. Are you sure it's installed and " + "available on your PYTHONPATH environment variable? Did you " + "forget to activate a virtual environment?" + ) from exc + execute_from_command_line(sys.argv) diff --git a/example_sp/djangosaml2_sp/requirements.txt b/example_sp/djangosaml2_sp/requirements.txt new file mode 100644 index 00000000..72317049 --- /dev/null +++ b/example_sp/djangosaml2_sp/requirements.txt @@ -0,0 +1,7 @@ +django>3.0<4.0 + +git+https://github.com/peppelinux/pysaml2.git@pplnx-7.0.1 +cffi + +# django saml2 SP +djangosaml2>=1.0.0 diff --git a/example_sp/djangosaml2_sp/run.sh b/example_sp/djangosaml2_sp/run.sh new file mode 100755 index 00000000..f84aac39 --- /dev/null +++ b/example_sp/djangosaml2_sp/run.sh @@ -0,0 +1,2 @@ +python -B ./manage.py migrate +python -B ./manage.py runserver 0.0.0.0:8000 diff --git a/example_sp/djangosaml2_sp/saml2_sp/__init__.py b/example_sp/djangosaml2_sp/saml2_sp/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/__init__.py b/example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/adfs_v1x.py b/example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/adfs_v1x.py new file mode 100644 index 00000000..b0b8d327 --- /dev/null +++ b/example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/adfs_v1x.py @@ -0,0 +1,20 @@ +# See http://technet.microsoft.com/en-us/library/cc733065(v=ws.10).aspx +# and http://technet.microsoft.com/en-us/library/ee913589(v=ws.10).aspx +# for information regarding the default claim types supported by +# Microsoft ADFS v1.x. + +MAP = { + "identifier": "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", + "fro": { + 'http://schemas.xmlsoap.org/claims/commonname': 'commonName', + 'http://schemas.xmlsoap.org/claims/emailaddress': 'emailAddress', + 'http://schemas.xmlsoap.org/claims/group': 'group', + 'http://schemas.xmlsoap.org/claims/upn': 'upn', + }, + "to": { + 'commonName': 'http://schemas.xmlsoap.org/claims/commonname', + 'emailAddress': 'http://schemas.xmlsoap.org/claims/emailaddress', + 'group': 'http://schemas.xmlsoap.org/claims/group', + 'upn': 'http://schemas.xmlsoap.org/claims/upn', + } +} diff --git a/example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/adfs_v20.py b/example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/adfs_v20.py new file mode 100644 index 00000000..f1d35efa --- /dev/null +++ b/example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/adfs_v20.py @@ -0,0 +1,47 @@ +# See http://technet.microsoft.com/en-us/library/ee913589(v=ws.10).aspx +# for information regarding the default claim types supported by +# Microsoft ADFS v2.0. + +MAP = { + "identifier": "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified", + "fro": { + 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress': 'emailAddress', + 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname': 'givenName', + 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name': 'name', + 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn': 'upn', + 'http://schemas.xmlsoap.org/claims/commonname': 'commonName', + 'http://schemas.xmlsoap.org/claims/group': 'group', + 'http://schemas.microsoft.com/ws/2008/06/identity/claims/role': 'role', + 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname': 'surname', + 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier': 'privatePersonalId', + 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier': 'nameId', + 'http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod': 'authenticationMethod', + 'http://schemas.xmlsoap.com/ws/2005/05/identity/claims/denyonlysid': 'denyOnlySid', + 'http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid': 'denyOnlyPrimarySid', + 'http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid': 'denyOnlyPrimaryGroupSid', + 'http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid': 'groupSid', + 'http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid': 'primaryGroupSid', + 'http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid': 'primarySid', + 'http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname': 'windowsAccountName', + }, + "to": { + 'emailAddress': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress', + 'givenName': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname', + 'name': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name', + 'upn': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn', + 'commonName': 'http://schemas.xmlsoap.org/claims/commonname', + 'group': 'http://schemas.xmlsoap.org/claims/group', + 'role': 'http://schemas.microsoft.com/ws/2008/06/identity/claims/role', + 'surname': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname', + 'privatePersonalId': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier', + 'nameId': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier', + 'authenticationMethod': 'http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod', + 'denyOnlySid': 'http://schemas.xmlsoap.com/ws/2005/05/identity/claims/denyonlysid', + 'denyOnlyPrimarySid': 'http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid', + 'denyOnlyPrimaryGroupSid': 'http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid', + 'groupSid': 'http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid', + 'primaryGroupSid': 'http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid', + 'primarySid': 'http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid', + 'windowsAccountName': 'http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname', + } +} diff --git a/example_sp/sp-repoze/attributemaps/basic.py b/example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/basic.py similarity index 100% rename from example_sp/sp-repoze/attributemaps/basic.py rename to example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/basic.py diff --git a/example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/django_saml_uri.py b/example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/django_saml_uri.py new file mode 100644 index 00000000..784228a7 --- /dev/null +++ b/example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/django_saml_uri.py @@ -0,0 +1,19 @@ +X500ATTR_OID = 'urn:oid:2.5.4.' +PKCS_9 = 'urn:oid:1.2.840.113549.1.9.1.' +UCL_DIR_PILOT = 'urn:oid:0.9.2342.19200300.100.1.' + +MAP = { + 'identifier': 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri', + 'fro': { + X500ATTR_OID+'3': 'first_name', # cn + X500ATTR_OID+'4': 'last_name', # sn + PKCS_9+'1': 'email', + UCL_DIR_PILOT+'1': 'uid', + }, + 'to': { + 'first_name': X500ATTR_OID+'3', + 'last_name': X500ATTR_OID+'4', + 'email' : PKCS_9+'1', + 'uid': UCL_DIR_PILOT+'1', + } +} diff --git a/example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/saml_uri.py b/example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/saml_uri.py new file mode 100644 index 00000000..40f7b778 --- /dev/null +++ b/example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/saml_uri.py @@ -0,0 +1,354 @@ +EDUCOURSE_OID = 'urn:oid:1.3.6.1.4.1.5923.1.6.1.' +EDUPERSON_OID = 'urn:oid:1.3.6.1.4.1.5923.1.1.1.' +EDUMEMBER1_OID = 'urn:oid:1.3.6.1.4.1.5923.1.5.1.' + +# ldap.gv.at definitions as specified in: +# http://www.ref.gv.at/AG-IZ-PVP2-Version-2-1-0-2.2754.0.html +LDAPGVAT_OID = 'urn:oid:1.2.40.0.10.2.1.1.' + +UCL_DIR_PILOT = 'urn:oid:0.9.2342.19200300.100.1.' +X500ATTR_OID = 'urn:oid:2.5.4.' +LDAPGVAT_UCL_DIR_PILOT = UCL_DIR_PILOT +LDAPGVAT_X500ATTR_OID = X500ATTR_OID +NETSCAPE_LDAP = 'urn:oid:2.16.840.1.113730.3.1.' +NOREDUPERSON_OID = 'urn:oid:1.3.6.1.4.1.2428.90.1.' +PKCS_9 = 'urn:oid:1.2.840.113549.1.9.1.' +SCHAC = 'urn:oid:1.3.6.1.4.1.25178.1.2.' +SIS = 'urn:oid:1.2.752.194.10.2.' +UMICH = 'urn:oid:1.3.6.1.4.1.250.1.57.' + +# openosi-0.82.schema http://www.openosi.org/osi/display/ldap/Home +OPENOSI_OID = 'urn:oid:1.3.6.1.4.1.27630.2.1.1.' + +EIDAS_NATURALPERSON = 'http://eidas.europa.eu/attributes/naturalperson/' +EIDAS_LEGALPERSON = 'http://eidas.europa.eu/attributes/legalperson/' + +MAP = { + 'identifier': 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri', + 'fro': { + EIDAS_LEGALPERSON+'LegalPersonIdentifier': 'LegalPersonIdentifier', + EIDAS_LEGALPERSON+'LegalAddress': 'LegalAddress', + EIDAS_LEGALPERSON+'LegalName': 'LegalName', + EIDAS_LEGALPERSON+'VATRegistration': 'VATRegistration', + EIDAS_LEGALPERSON+'TaxReference': 'TaxReference', + EIDAS_LEGALPERSON+'BusinessCodes': 'BusinessCodes', + EIDAS_LEGALPERSON+'LEI': 'LEI', + EIDAS_LEGALPERSON+'EORI': 'EORI', + EIDAS_LEGALPERSON+'SEED': 'SEED', + EIDAS_LEGALPERSON+'SIC': 'SIC', + EIDAS_LEGALPERSON+'D-2012-17-EUIdentifier': 'D-2012-17-EUIdentifier', + EIDAS_NATURALPERSON+'PersonIdentifier': 'PersonIdentifier', + EIDAS_NATURALPERSON+'CurrentFamilyName': 'FamilyName', + EIDAS_NATURALPERSON+'CurrentGivenName': 'FirstName', + EIDAS_NATURALPERSON+'DateOfBirth': 'DateOfBirth', + EIDAS_NATURALPERSON+'BirthName': 'BirthName', + EIDAS_NATURALPERSON+'PlaceOfBirth': 'PlaceOfBirth', + EIDAS_NATURALPERSON+'CurrentAddress': 'CurrentAddress', + EIDAS_NATURALPERSON+'Gender': 'Gender', + EDUCOURSE_OID+'1': 'eduCourseOffering', + EDUCOURSE_OID+'2': 'eduCourseMember', + EDUMEMBER1_OID+'1': 'isMemberOf', + EDUPERSON_OID+'1': 'eduPersonAffiliation', + EDUPERSON_OID+'2': 'eduPersonNickname', + EDUPERSON_OID+'3': 'eduPersonOrgDN', + EDUPERSON_OID+'4': 'eduPersonOrgUnitDN', + EDUPERSON_OID+'5': 'eduPersonPrimaryAffiliation', + EDUPERSON_OID+'6': 'eduPersonPrincipalName', + EDUPERSON_OID+'7': 'eduPersonEntitlement', + EDUPERSON_OID+'8': 'eduPersonPrimaryOrgUnitDN', + EDUPERSON_OID+'9': 'eduPersonScopedAffiliation', + EDUPERSON_OID+'10': 'eduPersonTargetedID', + EDUPERSON_OID+'11': 'eduPersonAssurance', + EDUPERSON_OID+'12': 'eduPersonPrincipalNamePrior', + EDUPERSON_OID+'13': 'eduPersonUniqueId', + EDUPERSON_OID+'16': 'eduPersonOrcid', + LDAPGVAT_OID+'1': 'PVP-GID', + LDAPGVAT_OID+'149': 'PVP-BPK', + LDAPGVAT_OID+'153': 'PVP-OU-OKZ', + LDAPGVAT_OID+'261.10': 'PVP-VERSION', + LDAPGVAT_OID+'261.20': 'PVP-PRINCIPAL-NAME', + LDAPGVAT_OID+'261.24': 'PVP-PARTICIPANT-OKZ', + LDAPGVAT_OID+'261.30': 'PVP-ROLES', + LDAPGVAT_OID+'261.40': 'PVP-INVOICE-RECPT-ID', + LDAPGVAT_OID+'261.50': 'PVP-COST-CENTER-ID', + LDAPGVAT_OID+'261.60': 'PVP-CHARGE-CODE', + LDAPGVAT_OID+'3': 'PVP-OU-GV-OU-ID', + LDAPGVAT_OID+'33': 'PVP-FUNCTION', + LDAPGVAT_OID+'55': 'PVP-BIRTHDATE', + LDAPGVAT_OID+'71': 'PVP-PARTICIPANT-ID', + LDAPGVAT_UCL_DIR_PILOT+'1': 'PVP-USERID', + LDAPGVAT_UCL_DIR_PILOT+'3': 'PVP-MAIL', + LDAPGVAT_X500ATTR_OID+'11': 'PVP-OU', + LDAPGVAT_X500ATTR_OID+'20': 'PVP-TEL', + LDAPGVAT_X500ATTR_OID+'42': 'PVP-GIVENNAME', + NETSCAPE_LDAP+'1': 'carLicense', + NETSCAPE_LDAP+'2': 'departmentNumber', + NETSCAPE_LDAP+'3': 'employeeNumber', + NETSCAPE_LDAP+'4': 'employeeType', + NETSCAPE_LDAP+'39': 'preferredLanguage', + NETSCAPE_LDAP+'40': 'userSMIMECertificate', + NETSCAPE_LDAP+'216': 'userPKCS12', + NETSCAPE_LDAP+'241': 'displayName', + NOREDUPERSON_OID+'1': 'norEduOrgUniqueNumber', + NOREDUPERSON_OID+'2': 'norEduOrgUnitUniqueNumber', + NOREDUPERSON_OID+'3': 'norEduPersonBirthDate', + NOREDUPERSON_OID+'4': 'norEduPersonLIN', + NOREDUPERSON_OID+'5': 'norEduPersonNIN', + NOREDUPERSON_OID+'6': 'norEduOrgAcronym', + NOREDUPERSON_OID+'7': 'norEduOrgUniqueIdentifier', + NOREDUPERSON_OID+'8': 'norEduOrgUnitUniqueIdentifier', + NOREDUPERSON_OID+'9': 'federationFeideSchemaVersion', + NOREDUPERSON_OID+'10': 'norEduPersonLegalName', + NOREDUPERSON_OID+'11': 'norEduOrgSchemaVersion', + NOREDUPERSON_OID+'12': 'norEduOrgNIN', + OPENOSI_OID+'17': 'osiHomeUrl', + OPENOSI_OID+'19': 'osiPreferredTZ', + OPENOSI_OID+'72': 'osiICardTimeLastUpdated', + OPENOSI_OID+'104': 'osiMiddleName', + OPENOSI_OID+'107': 'osiOtherEmail', + OPENOSI_OID+'109': 'osiOtherHomePhone', + OPENOSI_OID+'120': 'osiWorkURL', + PKCS_9+'1': 'email', + SCHAC+'1': 'schacMotherTongue', + SCHAC+'2': 'schacGender', + SCHAC+'3': 'schacDateOfBirth', + SCHAC+'4': 'schacPlaceOfBirth', + SCHAC+'5': 'schacCountryOfCitizenship', + SCHAC+'6': 'schacSn1', + SCHAC+'7': 'schacSn2', + SCHAC+'8': 'schacPersonalTitle', + SCHAC+'9': 'schacHomeOrganization', + SCHAC+'10': 'schacHomeOrganizationType', + SCHAC+'11': 'schacCountryOfResidence', + SCHAC+'12': 'schacUserPresenceID', + SCHAC+'13': 'schacPersonalPosition', + SCHAC+'14': 'schacPersonalUniqueCode', + SCHAC+'15': 'schacPersonalUniqueID', + SCHAC+'17': 'schacExpiryDate', + SCHAC+'18': 'schacUserPrivateAttribute', + SCHAC+'19': 'schacUserStatus', + SCHAC+'20': 'schacProjectMembership', + SCHAC+'21': 'schacProjectSpecificRole', + SIS+'1': 'sisLegalGuardianFor', + SIS+'2': 'sisSchoolGrade', + UCL_DIR_PILOT+'1': 'uid', + UCL_DIR_PILOT+'3': 'mail', + UCL_DIR_PILOT+'25': 'dc', + UCL_DIR_PILOT+'37': 'associatedDomain', + UCL_DIR_PILOT+'43': 'co', + UCL_DIR_PILOT+'60': 'jpegPhoto', + UMICH+'57': 'labeledURI', + X500ATTR_OID+'2': 'knowledgeInformation', + X500ATTR_OID+'3': 'cn', + X500ATTR_OID+'4': 'sn', + X500ATTR_OID+'5': 'serialNumber', + X500ATTR_OID+'6': 'c', + X500ATTR_OID+'7': 'l', + X500ATTR_OID+'8': 'st', + X500ATTR_OID+'9': 'street', + X500ATTR_OID+'10': 'o', + X500ATTR_OID+'11': 'ou', + X500ATTR_OID+'12': 'title', + X500ATTR_OID+'14': 'searchGuide', + X500ATTR_OID+'15': 'businessCategory', + X500ATTR_OID+'16': 'postalAddress', + X500ATTR_OID+'17': 'postalCode', + X500ATTR_OID+'18': 'postOfficeBox', + X500ATTR_OID+'19': 'physicalDeliveryOfficeName', + X500ATTR_OID+'20': 'telephoneNumber', + X500ATTR_OID+'21': 'telexNumber', + X500ATTR_OID+'22': 'teletexTerminalIdentifier', + X500ATTR_OID+'23': 'facsimileTelephoneNumber', + X500ATTR_OID+'24': 'x121Address', + X500ATTR_OID+'25': 'internationaliSDNNumber', + X500ATTR_OID+'26': 'registeredAddress', + X500ATTR_OID+'27': 'destinationIndicator', + X500ATTR_OID+'28': 'preferredDeliveryMethod', + X500ATTR_OID+'29': 'presentationAddress', + X500ATTR_OID+'30': 'supportedApplicationContext', + X500ATTR_OID+'31': 'member', + X500ATTR_OID+'32': 'owner', + X500ATTR_OID+'33': 'roleOccupant', + X500ATTR_OID+'36': 'userCertificate', + X500ATTR_OID+'37': 'cACertificate', + X500ATTR_OID+'38': 'authorityRevocationList', + X500ATTR_OID+'39': 'certificateRevocationList', + X500ATTR_OID+'40': 'crossCertificatePair', + X500ATTR_OID+'42': 'givenName', + X500ATTR_OID+'43': 'initials', + X500ATTR_OID+'44': 'generationQualifier', + X500ATTR_OID+'45': 'x500UniqueIdentifier', + X500ATTR_OID+'46': 'dnQualifier', + X500ATTR_OID+'47': 'enhancedSearchGuide', + X500ATTR_OID+'48': 'protocolInformation', + X500ATTR_OID+'50': 'uniqueMember', + X500ATTR_OID+'51': 'houseIdentifier', + X500ATTR_OID+'52': 'supportedAlgorithms', + X500ATTR_OID+'53': 'deltaRevocationList', + X500ATTR_OID+'54': 'dmdName', + X500ATTR_OID+'65': 'pseudonym', + }, + 'to': { + 'LegalPersonIdentifier': EIDAS_LEGALPERSON+'LegalPersonIdentifier', + 'LegalAddress': EIDAS_LEGALPERSON+'LegalAddress', + 'LegalName': EIDAS_LEGALPERSON+'LegalName', + 'VATRegistration': EIDAS_LEGALPERSON+'VATRegistration', + 'TaxReference': EIDAS_LEGALPERSON+'TaxReference', + 'BusinessCodes': EIDAS_LEGALPERSON+'BusinessCodes', + 'LEI': EIDAS_LEGALPERSON+'LEI', + 'EORI': EIDAS_LEGALPERSON+'EORI', + 'SEED': EIDAS_LEGALPERSON+'SEED', + 'SIC': EIDAS_LEGALPERSON+'SIC', + 'D-2012-17-EUIdentifier': EIDAS_LEGALPERSON+'D-2012-17-EUIdentifier', + 'PersonIdentifier': EIDAS_NATURALPERSON+'PersonIdentifier', + 'FamilyName': EIDAS_NATURALPERSON+'CurrentFamilyName', + 'FirstName': EIDAS_NATURALPERSON+'CurrentGivenName', + 'DateOfBirth': EIDAS_NATURALPERSON+'DateOfBirth', + 'BirthName': EIDAS_NATURALPERSON+'BirthName', + 'PlaceOfBirth': EIDAS_NATURALPERSON+'PlaceOfBirth', + 'CurrentAddress': EIDAS_NATURALPERSON+'CurrentAddress', + 'Gender': EIDAS_NATURALPERSON+'Gender', + 'associatedDomain': UCL_DIR_PILOT+'37', + 'authorityRevocationList': X500ATTR_OID+'38', + 'businessCategory': X500ATTR_OID+'15', + 'c': X500ATTR_OID+'6', + 'cACertificate': X500ATTR_OID+'37', + 'carLicense': NETSCAPE_LDAP+'1', + 'certificateRevocationList': X500ATTR_OID+'39', + 'cn': X500ATTR_OID+'3', + 'co': UCL_DIR_PILOT+'43', + 'crossCertificatePair': X500ATTR_OID+'40', + 'dc': UCL_DIR_PILOT+'25', + 'deltaRevocationList': X500ATTR_OID+'53', + 'departmentNumber': NETSCAPE_LDAP+'2', + 'destinationIndicator': X500ATTR_OID+'27', + 'displayName': NETSCAPE_LDAP+'241', + 'dmdName': X500ATTR_OID+'54', + 'dnQualifier': X500ATTR_OID+'46', + 'eduCourseMember': EDUCOURSE_OID+'2', + 'eduCourseOffering': EDUCOURSE_OID+'1', + 'eduPersonAffiliation': EDUPERSON_OID+'1', + 'eduPersonEntitlement': EDUPERSON_OID+'7', + 'eduPersonNickname': EDUPERSON_OID+'2', + 'eduPersonOrgDN': EDUPERSON_OID+'3', + 'eduPersonOrgUnitDN': EDUPERSON_OID+'4', + 'eduPersonPrimaryAffiliation': EDUPERSON_OID+'5', + 'eduPersonPrimaryOrgUnitDN': EDUPERSON_OID+'8', + 'eduPersonPrincipalName': EDUPERSON_OID+'6', + 'eduPersonPrincipalNamePrior': EDUPERSON_OID+'12', + 'eduPersonScopedAffiliation': EDUPERSON_OID+'9', + 'eduPersonTargetedID': EDUPERSON_OID+'10', + 'eduPersonAssurance': EDUPERSON_OID+'11', + 'eduPersonUniqueId': EDUPERSON_OID+'13', + 'eduPersonOrcid': EDUPERSON_OID+'16', + 'email': PKCS_9+'1', + 'employeeNumber': NETSCAPE_LDAP+'3', + 'employeeType': NETSCAPE_LDAP+'4', + 'enhancedSearchGuide': X500ATTR_OID+'47', + 'facsimileTelephoneNumber': X500ATTR_OID+'23', + 'federationFeideSchemaVersion': NOREDUPERSON_OID+'9', + 'generationQualifier': X500ATTR_OID+'44', + 'givenName': X500ATTR_OID+'42', + 'houseIdentifier': X500ATTR_OID+'51', + 'initials': X500ATTR_OID+'43', + 'internationaliSDNNumber': X500ATTR_OID+'25', + 'isMemberOf': EDUMEMBER1_OID+'1', + 'jpegPhoto': UCL_DIR_PILOT+'60', + 'knowledgeInformation': X500ATTR_OID+'2', + 'l': X500ATTR_OID+'7', + 'labeledURI': UMICH+'57', + 'mail': UCL_DIR_PILOT+'3', + 'member': X500ATTR_OID+'31', + 'norEduOrgAcronym': NOREDUPERSON_OID+'6', + 'norEduOrgNIN': NOREDUPERSON_OID+'12', + 'norEduOrgSchemaVersion': NOREDUPERSON_OID+'11', + 'norEduOrgUniqueIdentifier': NOREDUPERSON_OID+'7', + 'norEduOrgUniqueNumber': NOREDUPERSON_OID+'1', + 'norEduOrgUnitUniqueIdentifier': NOREDUPERSON_OID+'8', + 'norEduOrgUnitUniqueNumber': NOREDUPERSON_OID+'2', + 'norEduPersonBirthDate': NOREDUPERSON_OID+'3', + 'norEduPersonLIN': NOREDUPERSON_OID+'4', + 'norEduPersonLegalName': NOREDUPERSON_OID+'10', + 'norEduPersonNIN': NOREDUPERSON_OID+'5', + 'o': X500ATTR_OID+'10', + 'osiHomeUrl': OPENOSI_OID+'17', + 'osiPreferredTZ': OPENOSI_OID+'19', + 'osiICardTimeLastUpdated': OPENOSI_OID+'72', + 'osiMiddleName': OPENOSI_OID+'104', + 'osiOtherEmail': OPENOSI_OID+'107', + 'osiOtherHomePhone': OPENOSI_OID+'109', + 'osiWorkURL': OPENOSI_OID+'120', + 'ou': X500ATTR_OID+'11', + 'owner': X500ATTR_OID+'32', + 'physicalDeliveryOfficeName': X500ATTR_OID+'19', + 'postOfficeBox': X500ATTR_OID+'18', + 'postalAddress': X500ATTR_OID+'16', + 'postalCode': X500ATTR_OID+'17', + 'preferredDeliveryMethod': X500ATTR_OID+'28', + 'preferredLanguage': NETSCAPE_LDAP+'39', + 'presentationAddress': X500ATTR_OID+'29', + 'protocolInformation': X500ATTR_OID+'48', + 'pseudonym': X500ATTR_OID+'65', + 'PVP-USERID': LDAPGVAT_UCL_DIR_PILOT+'1', + 'PVP-MAIL': LDAPGVAT_UCL_DIR_PILOT+'3', + 'PVP-GID': LDAPGVAT_OID+'1', + 'PVP-BPK': LDAPGVAT_OID+'149', + 'PVP-OU-OKZ': LDAPGVAT_OID+'153', + 'PVP-VERSION': LDAPGVAT_OID+'261.10', + 'PVP-PRINCIPAL-NAME': LDAPGVAT_OID+'261.20', + 'PVP-PARTICIPANT-OKZ': LDAPGVAT_OID+'261.24', + 'PVP-ROLES': LDAPGVAT_OID+'261.30', + 'PVP-INVOICE-RECPT-ID': LDAPGVAT_OID+'261.40', + 'PVP-COST-CENTER-ID': LDAPGVAT_OID+'261.50', + 'PVP-CHARGE-CODE': LDAPGVAT_OID+'261.60', + 'PVP-OU-GV-OU-ID': LDAPGVAT_OID+'3', + 'PVP-FUNCTION': LDAPGVAT_OID+'33', + 'PVP-BIRTHDATE': LDAPGVAT_OID+'55', + 'PVP-PARTICIPANT-ID': LDAPGVAT_OID+'71', + 'PVP-OU': LDAPGVAT_X500ATTR_OID+'11', + 'PVP-TEL': LDAPGVAT_X500ATTR_OID+'20', + 'PVP-GIVENNAME': LDAPGVAT_X500ATTR_OID+'42', + 'registeredAddress': X500ATTR_OID+'26', + 'roleOccupant': X500ATTR_OID+'33', + 'schacCountryOfCitizenship': SCHAC+'5', + 'schacCountryOfResidence': SCHAC+'11', + 'schacDateOfBirth': SCHAC+'3', + 'schacExpiryDate': SCHAC+'17', + 'schacGender': SCHAC+'2', + 'schacHomeOrganization': SCHAC+'9', + 'schacHomeOrganizationType': SCHAC+'10', + 'schacMotherTongue': SCHAC+'1', + 'schacPersonalPosition': SCHAC+'13', + 'schacPersonalTitle': SCHAC+'8', + 'schacPersonalUniqueCode': SCHAC+'14', + 'schacPersonalUniqueID': SCHAC+'15', + 'schacPlaceOfBirth': SCHAC+'4', + 'schacProjectMembership': SCHAC+'20', + 'schacProjectSpecificRole': SCHAC+'21', + 'schacSn1': SCHAC+'6', + 'schacSn2': SCHAC+'7', + 'schacUserPresenceID': SCHAC+'12', + 'schacUserPrivateAttribute': SCHAC+'18', + 'schacUserStatus': SCHAC+'19', + 'searchGuide': X500ATTR_OID+'14', + 'serialNumber': X500ATTR_OID+'5', + 'sisLegalGuardianFor': SIS+'1', + 'sisSchoolGrade': SIS+'2', + 'sn': X500ATTR_OID+'4', + 'st': X500ATTR_OID+'8', + 'street': X500ATTR_OID+'9', + 'supportedAlgorithms': X500ATTR_OID+'52', + 'supportedApplicationContext': X500ATTR_OID+'30', + 'telephoneNumber': X500ATTR_OID+'20', + 'teletexTerminalIdentifier': X500ATTR_OID+'22', + 'telexNumber': X500ATTR_OID+'21', + 'title': X500ATTR_OID+'12', + 'uid': UCL_DIR_PILOT+'1', + 'uniqueMember': X500ATTR_OID+'50', + 'userCertificate': X500ATTR_OID+'36', + 'userPKCS12': NETSCAPE_LDAP+'216', + 'userSMIMECertificate': NETSCAPE_LDAP+'40', + 'x121Address': X500ATTR_OID+'24', + 'x500UniqueIdentifier': X500ATTR_OID+'45', + } +} diff --git a/example_sp/sp-repoze/attributemaps/shibboleth_uri.py b/example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/shibboleth_uri.py similarity index 100% rename from example_sp/sp-repoze/attributemaps/shibboleth_uri.py rename to example_sp/djangosaml2_sp/saml2_sp/saml2_config/attribute-maps/shibboleth_uri.py diff --git a/example_sp/djangosaml2_sp/saml2_sp/saml2_config/satosa-saml2spid.xml b/example_sp/djangosaml2_sp/saml2_sp/saml2_config/satosa-saml2spid.xml new file mode 100644 index 00000000..93cf71cc --- /dev/null +++ b/example_sp/djangosaml2_sp/saml2_sp/saml2_config/satosa-saml2spid.xml @@ -0,0 +1,55 @@ +Authentication ProxyAuthentication ProxyAuthentication Proxy IdP ITAuthentication Proxy IdP ENhttps://www.spid.gov.it/assets/img/spid-ico-circle-bb.svghttps://www.example.org/privacy/MIIE/TCCA2WgAwIBAgIUZYMkZC8ySXs72cH2yj4TGh/T7PgwDQYJKoZIhvcNAQEM +BQAwgasxGzAZBgNVBAMMElNQSUQgZXhhbXBsZSBwcm94eTELMAkGA1UEBhMCSVQx +DTALBgNVBAcMBFJvbWExFTATBgNVBGEMDFBBOklULWNfaDUwMTEbMBkGA1UECgwS +U1BJRCBleGFtcGxlIHByb3h5MRMwEQYDVQQFEwoxMjM0NTY3ODkwMScwJQYDVQRT +DB5odHRwczovL3NwaWQucHJveHkuZXhhbXBsZS5vcmcwHhcNMjEwNzEzMDkzMDE0 +WhcNNDEwNzA4MDkzMDE0WjCBqzEbMBkGA1UEAwwSU1BJRCBleGFtcGxlIHByb3h5 +MQswCQYDVQQGEwJJVDENMAsGA1UEBwwEUm9tYTEVMBMGA1UEYQwMUEE6SVQtY19o +NTAxMRswGQYDVQQKDBJTUElEIGV4YW1wbGUgcHJveHkxEzARBgNVBAUTCjEyMzQ1 +Njc4OTAxJzAlBgNVBFMMHmh0dHBzOi8vc3BpZC5wcm94eS5leGFtcGxlLm9yZzCC +AaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAMX1VVjDx0e9PIq+v1NeHQ8S +iT6hHJSkMsWYV+JLmLoGcxSV7iMFvBL3KQaokCFAAsl1k5f77PT3WFMFzmVO+0Eq +SRIM/+7m8IgXP2amBcxJWt5iglG73vVw1cSEovmlDkUR7jP88Q8OfK+RrR1qm7v8 +Nt/AFWGzQL95Ng3Ux7uJ8CwZSZaNdj+nJoEKDG0+c9pfPLcc/QgP7ZrINacUCpUe +EWcUvR+cJRZip9B15Kk2s+uUYvA9Gns4IpJGgmUXh6JCYwvm5/7l28uxmHzdT1hN +e1p1f5g5ofnZwFLJI+SCbVNq7q/f2NU8JpQTMCgeyPdnVV5nXxG6sDRDnQIsvnHt +g6AMUCHYVV+PZroMQtx5TRCeiiA1RRCPnsqhjfPAOOIQopjHIr6MMVvO5WFP+7zG +1u8tXc6/tl3fSKVuGnpDuXDn8Qj8exoh7A4olzv9PVFMqIRGLhYJ5bHRU1EuU/fA +RReNYjWU3XYHiQ95xLzHjRjxZkyxvdxb7KCWbyHaOwIDAQABoxcwFTATBgNVHSAE +DDAKMAgGBitMEAQCATANBgkqhkiG9w0BAQwFAAOCAYEAjT2bIsLUDMHlLW+aCjqw +fqm9p//cFPzt6jeeZ6MEyIQ9/UVKbucOhgW7zsdKyxFSbZzx27icTUUHuAZV2eiS +91AA7yhZB46pGfiYmPfbjZgN3EotllgphenDKJZzAZw9bjxASugvT/7faUGxQRQI +ThwoCvpZr9U1aBKBP+QdE+Ym88h+rLGPokkUEoOfIT+WptE8gUbqPZHAq4ObODiT +IZDVDflI2k/llS75e6TWBiZSGGdMMfkmDiBM9kW7sREW3HfUsYWx9SXEgtDZ3K8q +fmhQn6IYLZX10lbk4j5HJTe6PLH+XmYdwIADboAhPDNEFK0E276iiHF/wR6i5WxK +Bd1bAHLE451W8g3uAjkIhfIZg3i1r9uQXw4D8M1Gsb8OUDK182McqlVEP7HEsBno +dprUnm3AfbAUjQ0aFRM/DfdKMy+3lYe4A3gBgWbDdliCFlpUUd9MjsYqs/EphcQR +UNc2uhjHUl49I92V0VWTK4fB1hAXp4pCoAiVJBibMNML +MIIE/TCCA2WgAwIBAgIUZYMkZC8ySXs72cH2yj4TGh/T7PgwDQYJKoZIhvcNAQEM +BQAwgasxGzAZBgNVBAMMElNQSUQgZXhhbXBsZSBwcm94eTELMAkGA1UEBhMCSVQx +DTALBgNVBAcMBFJvbWExFTATBgNVBGEMDFBBOklULWNfaDUwMTEbMBkGA1UECgwS +U1BJRCBleGFtcGxlIHByb3h5MRMwEQYDVQQFEwoxMjM0NTY3ODkwMScwJQYDVQRT +DB5odHRwczovL3NwaWQucHJveHkuZXhhbXBsZS5vcmcwHhcNMjEwNzEzMDkzMDE0 +WhcNNDEwNzA4MDkzMDE0WjCBqzEbMBkGA1UEAwwSU1BJRCBleGFtcGxlIHByb3h5 +MQswCQYDVQQGEwJJVDENMAsGA1UEBwwEUm9tYTEVMBMGA1UEYQwMUEE6SVQtY19o +NTAxMRswGQYDVQQKDBJTUElEIGV4YW1wbGUgcHJveHkxEzARBgNVBAUTCjEyMzQ1 +Njc4OTAxJzAlBgNVBFMMHmh0dHBzOi8vc3BpZC5wcm94eS5leGFtcGxlLm9yZzCC +AaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAMX1VVjDx0e9PIq+v1NeHQ8S +iT6hHJSkMsWYV+JLmLoGcxSV7iMFvBL3KQaokCFAAsl1k5f77PT3WFMFzmVO+0Eq +SRIM/+7m8IgXP2amBcxJWt5iglG73vVw1cSEovmlDkUR7jP88Q8OfK+RrR1qm7v8 +Nt/AFWGzQL95Ng3Ux7uJ8CwZSZaNdj+nJoEKDG0+c9pfPLcc/QgP7ZrINacUCpUe +EWcUvR+cJRZip9B15Kk2s+uUYvA9Gns4IpJGgmUXh6JCYwvm5/7l28uxmHzdT1hN +e1p1f5g5ofnZwFLJI+SCbVNq7q/f2NU8JpQTMCgeyPdnVV5nXxG6sDRDnQIsvnHt +g6AMUCHYVV+PZroMQtx5TRCeiiA1RRCPnsqhjfPAOOIQopjHIr6MMVvO5WFP+7zG +1u8tXc6/tl3fSKVuGnpDuXDn8Qj8exoh7A4olzv9PVFMqIRGLhYJ5bHRU1EuU/fA +RReNYjWU3XYHiQ95xLzHjRjxZkyxvdxb7KCWbyHaOwIDAQABoxcwFTATBgNVHSAE +DDAKMAgGBitMEAQCATANBgkqhkiG9w0BAQwFAAOCAYEAjT2bIsLUDMHlLW+aCjqw +fqm9p//cFPzt6jeeZ6MEyIQ9/UVKbucOhgW7zsdKyxFSbZzx27icTUUHuAZV2eiS +91AA7yhZB46pGfiYmPfbjZgN3EotllgphenDKJZzAZw9bjxASugvT/7faUGxQRQI +ThwoCvpZr9U1aBKBP+QdE+Ym88h+rLGPokkUEoOfIT+WptE8gUbqPZHAq4ObODiT +IZDVDflI2k/llS75e6TWBiZSGGdMMfkmDiBM9kW7sREW3HfUsYWx9SXEgtDZ3K8q +fmhQn6IYLZX10lbk4j5HJTe6PLH+XmYdwIADboAhPDNEFK0E276iiHF/wR6i5WxK +Bd1bAHLE451W8g3uAjkIhfIZg3i1r9uQXw4D8M1Gsb8OUDK182McqlVEP7HEsBno +dprUnm3AfbAUjQ0aFRM/DfdKMy+3lYe4A3gBgWbDdliCFlpUUd9MjsYqs/EphcQR +UNc2uhjHUl49I92V0VWTK4fB1hAXp4pCoAiVJBibMNML +urn:oasis:names:tc:SAML:2.0:nameid-format:transientproxy.authSaml2 Authentication Proxyhttps://spid.proxy.example.orgTechnicalmailto:supporto.tecnico@example.orgSupportmailto:richieste.ict@example.org \ No newline at end of file diff --git a/example_sp/djangosaml2_sp/saml2_sp/urls.py b/example_sp/djangosaml2_sp/saml2_sp/urls.py new file mode 100644 index 00000000..d480b46d --- /dev/null +++ b/example_sp/djangosaml2_sp/saml2_sp/urls.py @@ -0,0 +1,9 @@ +from django.conf import settings +from django.contrib import admin +from django.urls import include, path + +from . import views + +urlpatterns = [ + path('', views.index), +] diff --git a/example_sp/djangosaml2_sp/saml2_sp/utils.py b/example_sp/djangosaml2_sp/saml2_sp/utils.py new file mode 100644 index 00000000..8137f648 --- /dev/null +++ b/example_sp/djangosaml2_sp/saml2_sp/utils.py @@ -0,0 +1,24 @@ +import base64 +import xml.dom.minidom +import zlib + +from xml.parsers.expat import ExpatError + + +def repr_saml(saml_str, b64=False): + """ Decode SAML from b64 and b64 deflated and + return a pretty printed representation + """ + try: + msg = base64.b64decode(saml_str).decode() if b64 else saml_str + dom = xml.dom.minidom.parseString(msg) + except (UnicodeDecodeError, ExpatError): + # in HTTP-REDIRECT the base64 must be inflated + msg = base64.b64decode(saml_str) + inflated = zlib.decompress(msg, -15) + dom = xml.dom.minidom.parseString(inflated.decode()) + return dom.toprettyxml() + + +def encode_http_redirect_saml(saml_envelope): + return base64.b64encode(zlib.compress(saml_envelope.encode())) diff --git a/example_sp/djangosaml2_sp/saml2_sp/views.py b/example_sp/djangosaml2_sp/saml2_sp/views.py new file mode 100644 index 00000000..a1826cf1 --- /dev/null +++ b/example_sp/djangosaml2_sp/saml2_sp/views.py @@ -0,0 +1,54 @@ +import base64 +import logging +import saml2 + +from django.conf import settings +from django.contrib.auth.models import User +from django.dispatch import receiver +from django.http import HttpResponse +from django.shortcuts import render +from django.template import TemplateDoesNotExist +from djangosaml2.conf import get_config +from djangosaml2.cache import IdentityCache, OutstandingQueriesCache +from djangosaml2.cache import StateCache +from djangosaml2.conf import get_config +from djangosaml2.overrides import Saml2Client +from djangosaml2.signals import post_authenticated, pre_user_save +from djangosaml2.utils import ( + available_idps, get_custom_setting, + get_idp_sso_supported_bindings, get_location +) +from saml2 import BINDING_HTTP_REDIRECT, BINDING_HTTP_POST +from saml2.authn_context import requested_authn_context +from saml2.metadata import entity_descriptor + +from .utils import repr_saml + + +logger = logging.getLogger('djangosaml2') + + +def index(request): + """ Barebone 'diagnostics' view, print user attributes if logged in + login/logout links. + """ + if request.user.is_authenticated: + out = "LOGGED IN: LOGOUT
".format(settings.LOGOUT_URL) + out += "".join(['%s: %s
' % (field.name, getattr(request.user, field.name)) + for field in request.user._meta.get_fields() + if field.concrete]) + return HttpResponse(out) + else: + return HttpResponse("LOGGED OUT: LOGIN".format(settings.LOGIN_URL)) + + +# TODO fix this in IdP side? +@receiver(pre_user_save, sender=User) +def custom_update_user(sender, instance, attributes, user_modified, **kargs): + """ Default behaviour does not play nice with booleans encoded in SAML as u'true'/u'false'. + This will convert those attributes to real booleans when saving. + """ + for k, v in attributes.items(): + u = set.intersection(set(v), set([u'true', u'false'])) + if u: + setattr(instance, k, u.pop() == u'true') + return True # I modified the user object diff --git a/example_sp/djangosaml2_sp/tests/request_saml_auth.py b/example_sp/djangosaml2_sp/tests/request_saml_auth.py new file mode 100644 index 00000000..2f09b59a --- /dev/null +++ b/example_sp/djangosaml2_sp/tests/request_saml_auth.py @@ -0,0 +1,175 @@ +import copy +import os +import sys + +sys.path.append(os.getcwd()) + +from djangosaml2_sp.sp_pysaml2_shibidp import (SAML_CONFIG, + BASE_URL, + BASE_DIR, + IDP_URL) + +from pprint import pprint + +from saml2.config import SPConfig +from saml2.response import AuthnResponse +from saml2 import BINDING_HTTP_REDIRECT, BINDING_HTTP_POST +from saml2.client import Saml2Client + + +# OutStanding Queries +# outstanding = {'id-R3qGBIK1FKbybkEOo': '/', 'id-vV5JVaBZCuC2LHP9Y': '/', 'id-TH9lfrLJL4KtNuEZJ': '/', 'id-KeYf8iMkonCWaqGrd': '/', 'id-S8lzm7lkEYIwokDVZ': '/', 'id-1naCBqIuGqm31mFnC': '/', 'id-D5bhbXLDxt6nS2QtZ': '/', 'id-UCjbQ7AS1nGG5wSN5': '/', 'id-EdrCM5hBIDix23Bf5': '/', 'id-p3yvaSmx6TJPZ0qK7': '/', 'id-DgwqMaGwOJYRxnzQe': '/'} + +outstanding = None +outstanding_certs = None +conv_info = None + +conf = SPConfig() + +conf.load(copy.deepcopy(SAML_CONFIG)) +client = Saml2Client(conf) + +# client arguments +selected_idp = None +came_from = '/' +# conf['sp']['authn_requests_signed'] determines if saml2.BINDING_HTTP_POST or saml2.BINDING_HTTP_REDIRECT +binding = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect' # saml2.BINDING_HTTP_REDIRECT +sign=False +sigalg=None +nsprefix = {'ds': 'http://www.w3.org/2000/09/xmldsig#', 'md': 'urn:oasis:names:tc:SAML:2.0:metadata', 'samlp': 'urn:oasis:names:tc:SAML:2.0:protocol', 'xenc': 'http://www.w3.org/2001/04/xmlenc#', 'saml': 'urn:oasis:names:tc:SAML:2.0:assertion'} + +# craft SAML Request +session_id, result = client.prepare_for_authenticate( + entityid=selected_idp, + relay_state=came_from, + binding=binding, + sign=sign, + sigalg=sigalg, + nsprefix=nsprefix + ) + +target = result.get('headers')[0][1] + +# browser init +import requests + +r = requests.Session() +# SAMLRequest is in target URL +sp_saml_request = r.get(target, verify=False) +if not sp_saml_request.ok: raise ('SP SAML Request Failed') + + +# fetch post ACTION url from form then POST +import re +action_post_regexp ='(?Paction)="(?P[a-zA-Z0-9\.\:\/\_\?\=]*)"' +s = re.search(action_post_regexp, sp_saml_request.text) +if not s: raise ('IDP Login POST doesn\'t returns correctly') + +post_target = target.split('?')[0]+'?'+s.groupdict()['value'].split('?')[1] + +payload = { +'j_username': 'mario', +'j_password': 'cimpa12', +'donotcache': 1, +'_shib_idp_revokeConsent': True, +'_eventId_proceed': '' +} + +# post target is in one of the but we already fetched it in the previous FORM. +# IDP supports all those defined in its Metadata +# +# +# +# + +idp_login_response = r.post(post_target, data=payload, verify=False) +if not idp_login_response.ok: raise ('IDP Login response Failed') + +# Response +# extract SAML2 authn response from IDP response +saml2_response_regexp ='name="(?PSAMLResponse)" value="(?P[a-zA-Z0-9\.\:\/\_\?\=\+\-]*)"' +sr = re.search(saml2_response_regexp, idp_login_response.text) +if not sr: + print(idp_login_response.text) + raise ('IDP Response doesn\'t contain a valid SAML value') + + +# Decode SAML2 base64 String +import base64 + +saml_auth_response_b64 = sr.groupdict().get('value') +saml_auth_response = base64.b64decode(saml_auth_response_b64) +xmlstr = saml_auth_response.decode('ascii') + +# Fancy SAML print +# from lxml import etree +# root = etree.XML(xmlstr.encode('ascii')) +# print(etree.tostring(root, pretty_print=True).decode('utf-8')) + +# pySAML2 parse authn response (sign and decrypt features included) + +kwargs = { + "outstanding_queries": outstanding, + "outstanding_certs": outstanding_certs, + "allow_unsolicited": conf._sp_allow_unsolicited, + "want_assertions_signed": conf._sp_want_assertions_signed, + "want_response_signed": conf._sp_want_response_signed, + "return_addrs": conf.endpoint("assertion_consumer_service", binding, "sp"), + "entity_id": conf.entityid, + "attribute_converters": conf.attribute_converters, + "allow_unknown_attributes": conf.allow_unknown_attributes, + 'conv_info': conv_info + } + +# xml unravel fails bacause of b64 inflate method +# pr = client.parse_authn_request_response(saml_auth_response_b64, + # binding, + # outstanding=outstanding, + # outstanding_certs=None, + # conv_info=None) + +authn_response = AuthnResponse(client.sec, **kwargs) + +# response.loads(xmlstr, False, origxml=origxml) +# authn_response.loads(xmlstr, False, origxml=xmlstr) + +# response.py -> AuthnResponse +# in response.loads -> ._loads -> +# authn_response.signature_check(xmldata, origdoc=origxml, must=self.require_signature, +# require_response_signature=self.require_response_signature, +# **args) + +# HERE err=18;msg=self signed certificate ! +#samlp_response = authn_response.signature_check(xmlstr, must=0, require_response_signature=0) + +# ea = samlp_response.encrypted_assertion[0] +# ea.encrypted_data.cipher_data.cipher_value.text + +# consulta python-xmlsec +# https://github.com/mehcode/python-xmlsec/issues/22 + +from lxml import etree +import xmlsec + +xmlsec.enable_debug_trace(True) +km = xmlsec.KeysManager() + +km.add_key(xmlsec.Key.from_file(conf.key_file, + xmlsec.KeyFormat.PEM)) +enc_ctx = xmlsec.EncryptionContext(km) + +# root = etree.parse("response.xml").getroot() +root = etree.XML(xmlstr.encode('ascii')) +node = root.xpath( + "//enc:EncryptedData", + namespaces={'enc': 'http://www.w3.org/2001/04/xmlenc#'}, +) +enc_data = node[0] + +print() +print(etree.tostring(enc_data)) +print() +decrypted = enc_ctx.decrypt(enc_data) + +print() +print(etree.tostring(decrypted)) diff --git a/example_sp/README.md b/example_sp/pysaml2/README.md similarity index 100% rename from example_sp/README.md rename to example_sp/pysaml2/README.md diff --git a/example_sp/requirements.txt b/example_sp/pysaml2/requirements.txt similarity index 100% rename from example_sp/requirements.txt rename to example_sp/pysaml2/requirements.txt diff --git a/example_sp/pysaml2/sp-repoze/attributemaps/basic.py b/example_sp/pysaml2/sp-repoze/attributemaps/basic.py new file mode 100644 index 00000000..9311d547 --- /dev/null +++ b/example_sp/pysaml2/sp-repoze/attributemaps/basic.py @@ -0,0 +1,326 @@ + +MAP = { + "identifier": "urn:oasis:names:tc:SAML:2.0:attrname-format:basic", + "fro": { + 'urn:mace:dir:attribute-def:aRecord': 'aRecord', + 'urn:mace:dir:attribute-def:aliasedEntryName': 'aliasedEntryName', + 'urn:mace:dir:attribute-def:aliasedObjectName': 'aliasedObjectName', + 'urn:mace:dir:attribute-def:associatedDomain': 'associatedDomain', + 'urn:mace:dir:attribute-def:associatedName': 'associatedName', + 'urn:mace:dir:attribute-def:audio': 'audio', + 'urn:mace:dir:attribute-def:authorityRevocationList': 'authorityRevocationList', + 'urn:mace:dir:attribute-def:buildingName': 'buildingName', + 'urn:mace:dir:attribute-def:businessCategory': 'businessCategory', + 'urn:mace:dir:attribute-def:c': 'c', + 'urn:mace:dir:attribute-def:cACertificate': 'cACertificate', + 'urn:mace:dir:attribute-def:cNAMERecord': 'cNAMERecord', + 'urn:mace:dir:attribute-def:carLicense': 'carLicense', + 'urn:mace:dir:attribute-def:certificateRevocationList': 'certificateRevocationList', + 'urn:mace:dir:attribute-def:cn': 'cn', + 'urn:mace:dir:attribute-def:co': 'co', + 'urn:mace:dir:attribute-def:commonName': 'commonName', + 'urn:mace:dir:attribute-def:countryName': 'countryName', + 'urn:mace:dir:attribute-def:crossCertificatePair': 'crossCertificatePair', + 'urn:mace:dir:attribute-def:dITRedirect': 'dITRedirect', + 'urn:mace:dir:attribute-def:dSAQuality': 'dSAQuality', + 'urn:mace:dir:attribute-def:dc': 'dc', + 'urn:mace:dir:attribute-def:deltaRevocationList': 'deltaRevocationList', + 'urn:mace:dir:attribute-def:departmentNumber': 'departmentNumber', + 'urn:mace:dir:attribute-def:description': 'description', + 'urn:mace:dir:attribute-def:destinationIndicator': 'destinationIndicator', + 'urn:mace:dir:attribute-def:displayName': 'displayName', + 'urn:mace:dir:attribute-def:distinguishedName': 'distinguishedName', + 'urn:mace:dir:attribute-def:dmdName': 'dmdName', + 'urn:mace:dir:attribute-def:dnQualifier': 'dnQualifier', + 'urn:mace:dir:attribute-def:documentAuthor': 'documentAuthor', + 'urn:mace:dir:attribute-def:documentIdentifier': 'documentIdentifier', + 'urn:mace:dir:attribute-def:documentLocation': 'documentLocation', + 'urn:mace:dir:attribute-def:documentPublisher': 'documentPublisher', + 'urn:mace:dir:attribute-def:documentTitle': 'documentTitle', + 'urn:mace:dir:attribute-def:documentVersion': 'documentVersion', + 'urn:mace:dir:attribute-def:domainComponent': 'domainComponent', + 'urn:mace:dir:attribute-def:drink': 'drink', + 'urn:mace:dir:attribute-def:eduOrgHomePageURI': 'eduOrgHomePageURI', + 'urn:mace:dir:attribute-def:eduOrgIdentityAuthNPolicyURI': 'eduOrgIdentityAuthNPolicyURI', + 'urn:mace:dir:attribute-def:eduOrgLegalName': 'eduOrgLegalName', + 'urn:mace:dir:attribute-def:eduOrgSuperiorURI': 'eduOrgSuperiorURI', + 'urn:mace:dir:attribute-def:eduOrgWhitePagesURI': 'eduOrgWhitePagesURI', + 'urn:mace:dir:attribute-def:eduPersonAffiliation': 'eduPersonAffiliation', + 'urn:mace:dir:attribute-def:eduPersonEntitlement': 'eduPersonEntitlement', + 'urn:mace:dir:attribute-def:eduPersonNickname': 'eduPersonNickname', + 'urn:mace:dir:attribute-def:eduPersonOrgDN': 'eduPersonOrgDN', + 'urn:mace:dir:attribute-def:eduPersonOrgUnitDN': 'eduPersonOrgUnitDN', + 'urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation': 'eduPersonPrimaryAffiliation', + 'urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN': 'eduPersonPrimaryOrgUnitDN', + 'urn:mace:dir:attribute-def:eduPersonPrincipalName': 'eduPersonPrincipalName', + 'urn:mace:dir:attribute-def:eduPersonScopedAffiliation': 'eduPersonScopedAffiliation', + 'urn:mace:dir:attribute-def:eduPersonTargetedID': 'eduPersonTargetedID', + 'urn:mace:dir:attribute-def:email': 'email', + 'urn:mace:dir:attribute-def:emailAddress': 'emailAddress', + 'urn:mace:dir:attribute-def:employeeNumber': 'employeeNumber', + 'urn:mace:dir:attribute-def:employeeType': 'employeeType', + 'urn:mace:dir:attribute-def:enhancedSearchGuide': 'enhancedSearchGuide', + 'urn:mace:dir:attribute-def:facsimileTelephoneNumber': 'facsimileTelephoneNumber', + 'urn:mace:dir:attribute-def:favouriteDrink': 'favouriteDrink', + 'urn:mace:dir:attribute-def:fax': 'fax', + 'urn:mace:dir:attribute-def:federationFeideSchemaVersion': 'federationFeideSchemaVersion', + 'urn:mace:dir:attribute-def:friendlyCountryName': 'friendlyCountryName', + 'urn:mace:dir:attribute-def:generationQualifier': 'generationQualifier', + 'urn:mace:dir:attribute-def:givenName': 'givenName', + 'urn:mace:dir:attribute-def:gn': 'gn', + 'urn:mace:dir:attribute-def:homePhone': 'homePhone', + 'urn:mace:dir:attribute-def:homePostalAddress': 'homePostalAddress', + 'urn:mace:dir:attribute-def:homeTelephoneNumber': 'homeTelephoneNumber', + 'urn:mace:dir:attribute-def:host': 'host', + 'urn:mace:dir:attribute-def:houseIdentifier': 'houseIdentifier', + 'urn:mace:dir:attribute-def:info': 'info', + 'urn:mace:dir:attribute-def:initials': 'initials', + 'urn:mace:dir:attribute-def:internationaliSDNNumber': 'internationaliSDNNumber', + 'urn:mace:dir:attribute-def:janetMailbox': 'janetMailbox', + 'urn:mace:dir:attribute-def:jpegPhoto': 'jpegPhoto', + 'urn:mace:dir:attribute-def:knowledgeInformation': 'knowledgeInformation', + 'urn:mace:dir:attribute-def:l': 'l', + 'urn:mace:dir:attribute-def:labeledURI': 'labeledURI', + 'urn:mace:dir:attribute-def:localityName': 'localityName', + 'urn:mace:dir:attribute-def:mDRecord': 'mDRecord', + 'urn:mace:dir:attribute-def:mXRecord': 'mXRecord', + 'urn:mace:dir:attribute-def:mail': 'mail', + 'urn:mace:dir:attribute-def:mailPreferenceOption': 'mailPreferenceOption', + 'urn:mace:dir:attribute-def:manager': 'manager', + 'urn:mace:dir:attribute-def:member': 'member', + 'urn:mace:dir:attribute-def:mobile': 'mobile', + 'urn:mace:dir:attribute-def:mobileTelephoneNumber': 'mobileTelephoneNumber', + 'urn:mace:dir:attribute-def:nSRecord': 'nSRecord', + 'urn:mace:dir:attribute-def:name': 'name', + 'urn:mace:dir:attribute-def:norEduOrgAcronym': 'norEduOrgAcronym', + 'urn:mace:dir:attribute-def:norEduOrgNIN': 'norEduOrgNIN', + 'urn:mace:dir:attribute-def:norEduOrgSchemaVersion': 'norEduOrgSchemaVersion', + 'urn:mace:dir:attribute-def:norEduOrgUniqueIdentifier': 'norEduOrgUniqueIdentifier', + 'urn:mace:dir:attribute-def:norEduOrgUniqueNumber': 'norEduOrgUniqueNumber', + 'urn:mace:dir:attribute-def:norEduOrgUnitUniqueIdentifier': 'norEduOrgUnitUniqueIdentifier', + 'urn:mace:dir:attribute-def:norEduOrgUnitUniqueNumber': 'norEduOrgUnitUniqueNumber', + 'urn:mace:dir:attribute-def:norEduPersonBirthDate': 'norEduPersonBirthDate', + 'urn:mace:dir:attribute-def:norEduPersonLIN': 'norEduPersonLIN', + 'urn:mace:dir:attribute-def:norEduPersonNIN': 'norEduPersonNIN', + 'urn:mace:dir:attribute-def:o': 'o', + 'urn:mace:dir:attribute-def:objectClass': 'objectClass', + 'urn:mace:dir:attribute-def:organizationName': 'organizationName', + 'urn:mace:dir:attribute-def:organizationalStatus': 'organizationalStatus', + 'urn:mace:dir:attribute-def:organizationalUnitName': 'organizationalUnitName', + 'urn:mace:dir:attribute-def:otherMailbox': 'otherMailbox', + 'urn:mace:dir:attribute-def:ou': 'ou', + 'urn:mace:dir:attribute-def:owner': 'owner', + 'urn:mace:dir:attribute-def:pager': 'pager', + 'urn:mace:dir:attribute-def:pagerTelephoneNumber': 'pagerTelephoneNumber', + 'urn:mace:dir:attribute-def:personalSignature': 'personalSignature', + 'urn:mace:dir:attribute-def:personalTitle': 'personalTitle', + 'urn:mace:dir:attribute-def:photo': 'photo', + 'urn:mace:dir:attribute-def:physicalDeliveryOfficeName': 'physicalDeliveryOfficeName', + 'urn:mace:dir:attribute-def:pkcs9email': 'pkcs9email', + 'urn:mace:dir:attribute-def:postOfficeBox': 'postOfficeBox', + 'urn:mace:dir:attribute-def:postalAddress': 'postalAddress', + 'urn:mace:dir:attribute-def:postalCode': 'postalCode', + 'urn:mace:dir:attribute-def:preferredDeliveryMethod': 'preferredDeliveryMethod', + 'urn:mace:dir:attribute-def:preferredLanguage': 'preferredLanguage', + 'urn:mace:dir:attribute-def:presentationAddress': 'presentationAddress', + 'urn:mace:dir:attribute-def:protocolInformation': 'protocolInformation', + 'urn:mace:dir:attribute-def:pseudonym': 'pseudonym', + 'urn:mace:dir:attribute-def:registeredAddress': 'registeredAddress', + 'urn:mace:dir:attribute-def:rfc822Mailbox': 'rfc822Mailbox', + 'urn:mace:dir:attribute-def:roleOccupant': 'roleOccupant', + 'urn:mace:dir:attribute-def:roomNumber': 'roomNumber', + 'urn:mace:dir:attribute-def:sOARecord': 'sOARecord', + 'urn:mace:dir:attribute-def:searchGuide': 'searchGuide', + 'urn:mace:dir:attribute-def:secretary': 'secretary', + 'urn:mace:dir:attribute-def:seeAlso': 'seeAlso', + 'urn:mace:dir:attribute-def:serialNumber': 'serialNumber', + 'urn:mace:dir:attribute-def:singleLevelQuality': 'singleLevelQuality', + 'urn:mace:dir:attribute-def:sn': 'sn', + 'urn:mace:dir:attribute-def:st': 'st', + 'urn:mace:dir:attribute-def:stateOrProvinceName': 'stateOrProvinceName', + 'urn:mace:dir:attribute-def:street': 'street', + 'urn:mace:dir:attribute-def:streetAddress': 'streetAddress', + 'urn:mace:dir:attribute-def:subtreeMaximumQuality': 'subtreeMaximumQuality', + 'urn:mace:dir:attribute-def:subtreeMinimumQuality': 'subtreeMinimumQuality', + 'urn:mace:dir:attribute-def:supportedAlgorithms': 'supportedAlgorithms', + 'urn:mace:dir:attribute-def:supportedApplicationContext': 'supportedApplicationContext', + 'urn:mace:dir:attribute-def:surname': 'surname', + 'urn:mace:dir:attribute-def:telephoneNumber': 'telephoneNumber', + 'urn:mace:dir:attribute-def:teletexTerminalIdentifier': 'teletexTerminalIdentifier', + 'urn:mace:dir:attribute-def:telexNumber': 'telexNumber', + 'urn:mace:dir:attribute-def:textEncodedORAddress': 'textEncodedORAddress', + 'urn:mace:dir:attribute-def:title': 'title', + 'urn:mace:dir:attribute-def:uid': 'uid', + 'urn:mace:dir:attribute-def:uniqueIdentifier': 'uniqueIdentifier', + 'urn:mace:dir:attribute-def:uniqueMember': 'uniqueMember', + 'urn:mace:dir:attribute-def:userCertificate': 'userCertificate', + 'urn:mace:dir:attribute-def:userClass': 'userClass', + 'urn:mace:dir:attribute-def:userPKCS12': 'userPKCS12', + 'urn:mace:dir:attribute-def:userPassword': 'userPassword', + 'urn:mace:dir:attribute-def:userSMIMECertificate': 'userSMIMECertificate', + 'urn:mace:dir:attribute-def:userid': 'userid', + 'urn:mace:dir:attribute-def:x121Address': 'x121Address', + 'urn:mace:dir:attribute-def:x500UniqueIdentifier': 'x500UniqueIdentifier', + }, + "to": { + 'aRecord': 'urn:mace:dir:attribute-def:aRecord', + 'aliasedEntryName': 'urn:mace:dir:attribute-def:aliasedEntryName', + 'aliasedObjectName': 'urn:mace:dir:attribute-def:aliasedObjectName', + 'associatedDomain': 'urn:mace:dir:attribute-def:associatedDomain', + 'associatedName': 'urn:mace:dir:attribute-def:associatedName', + 'audio': 'urn:mace:dir:attribute-def:audio', + 'authorityRevocationList': 'urn:mace:dir:attribute-def:authorityRevocationList', + 'buildingName': 'urn:mace:dir:attribute-def:buildingName', + 'businessCategory': 'urn:mace:dir:attribute-def:businessCategory', + 'c': 'urn:mace:dir:attribute-def:c', + 'cACertificate': 'urn:mace:dir:attribute-def:cACertificate', + 'cNAMERecord': 'urn:mace:dir:attribute-def:cNAMERecord', + 'carLicense': 'urn:mace:dir:attribute-def:carLicense', + 'certificateRevocationList': 'urn:mace:dir:attribute-def:certificateRevocationList', + 'cn': 'urn:mace:dir:attribute-def:cn', + 'co': 'urn:mace:dir:attribute-def:co', + 'commonName': 'urn:mace:dir:attribute-def:commonName', + 'countryName': 'urn:mace:dir:attribute-def:countryName', + 'crossCertificatePair': 'urn:mace:dir:attribute-def:crossCertificatePair', + 'dITRedirect': 'urn:mace:dir:attribute-def:dITRedirect', + 'dSAQuality': 'urn:mace:dir:attribute-def:dSAQuality', + 'dc': 'urn:mace:dir:attribute-def:dc', + 'deltaRevocationList': 'urn:mace:dir:attribute-def:deltaRevocationList', + 'departmentNumber': 'urn:mace:dir:attribute-def:departmentNumber', + 'description': 'urn:mace:dir:attribute-def:description', + 'destinationIndicator': 'urn:mace:dir:attribute-def:destinationIndicator', + 'displayName': 'urn:mace:dir:attribute-def:displayName', + 'distinguishedName': 'urn:mace:dir:attribute-def:distinguishedName', + 'dmdName': 'urn:mace:dir:attribute-def:dmdName', + 'dnQualifier': 'urn:mace:dir:attribute-def:dnQualifier', + 'documentAuthor': 'urn:mace:dir:attribute-def:documentAuthor', + 'documentIdentifier': 'urn:mace:dir:attribute-def:documentIdentifier', + 'documentLocation': 'urn:mace:dir:attribute-def:documentLocation', + 'documentPublisher': 'urn:mace:dir:attribute-def:documentPublisher', + 'documentTitle': 'urn:mace:dir:attribute-def:documentTitle', + 'documentVersion': 'urn:mace:dir:attribute-def:documentVersion', + 'domainComponent': 'urn:mace:dir:attribute-def:domainComponent', + 'drink': 'urn:mace:dir:attribute-def:drink', + 'eduOrgHomePageURI': 'urn:mace:dir:attribute-def:eduOrgHomePageURI', + 'eduOrgIdentityAuthNPolicyURI': 'urn:mace:dir:attribute-def:eduOrgIdentityAuthNPolicyURI', + 'eduOrgLegalName': 'urn:mace:dir:attribute-def:eduOrgLegalName', + 'eduOrgSuperiorURI': 'urn:mace:dir:attribute-def:eduOrgSuperiorURI', + 'eduOrgWhitePagesURI': 'urn:mace:dir:attribute-def:eduOrgWhitePagesURI', + 'eduPersonAffiliation': 'urn:mace:dir:attribute-def:eduPersonAffiliation', + 'eduPersonEntitlement': 'urn:mace:dir:attribute-def:eduPersonEntitlement', + 'eduPersonNickname': 'urn:mace:dir:attribute-def:eduPersonNickname', + 'eduPersonOrgDN': 'urn:mace:dir:attribute-def:eduPersonOrgDN', + 'eduPersonOrgUnitDN': 'urn:mace:dir:attribute-def:eduPersonOrgUnitDN', + 'eduPersonPrimaryAffiliation': 'urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation', + 'eduPersonPrimaryOrgUnitDN': 'urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN', + 'eduPersonPrincipalName': 'urn:mace:dir:attribute-def:eduPersonPrincipalName', + 'eduPersonScopedAffiliation': 'urn:mace:dir:attribute-def:eduPersonScopedAffiliation', + 'eduPersonTargetedID': 'urn:mace:dir:attribute-def:eduPersonTargetedID', + 'email': 'urn:mace:dir:attribute-def:email', + 'emailAddress': 'urn:mace:dir:attribute-def:emailAddress', + 'employeeNumber': 'urn:mace:dir:attribute-def:employeeNumber', + 'employeeType': 'urn:mace:dir:attribute-def:employeeType', + 'enhancedSearchGuide': 'urn:mace:dir:attribute-def:enhancedSearchGuide', + 'facsimileTelephoneNumber': 'urn:mace:dir:attribute-def:facsimileTelephoneNumber', + 'favouriteDrink': 'urn:mace:dir:attribute-def:favouriteDrink', + 'fax': 'urn:mace:dir:attribute-def:fax', + 'federationFeideSchemaVersion': 'urn:mace:dir:attribute-def:federationFeideSchemaVersion', + 'friendlyCountryName': 'urn:mace:dir:attribute-def:friendlyCountryName', + 'generationQualifier': 'urn:mace:dir:attribute-def:generationQualifier', + 'givenName': 'urn:mace:dir:attribute-def:givenName', + 'gn': 'urn:mace:dir:attribute-def:gn', + 'homePhone': 'urn:mace:dir:attribute-def:homePhone', + 'homePostalAddress': 'urn:mace:dir:attribute-def:homePostalAddress', + 'homeTelephoneNumber': 'urn:mace:dir:attribute-def:homeTelephoneNumber', + 'host': 'urn:mace:dir:attribute-def:host', + 'houseIdentifier': 'urn:mace:dir:attribute-def:houseIdentifier', + 'info': 'urn:mace:dir:attribute-def:info', + 'initials': 'urn:mace:dir:attribute-def:initials', + 'internationaliSDNNumber': 'urn:mace:dir:attribute-def:internationaliSDNNumber', + 'janetMailbox': 'urn:mace:dir:attribute-def:janetMailbox', + 'jpegPhoto': 'urn:mace:dir:attribute-def:jpegPhoto', + 'knowledgeInformation': 'urn:mace:dir:attribute-def:knowledgeInformation', + 'l': 'urn:mace:dir:attribute-def:l', + 'labeledURI': 'urn:mace:dir:attribute-def:labeledURI', + 'localityName': 'urn:mace:dir:attribute-def:localityName', + 'mDRecord': 'urn:mace:dir:attribute-def:mDRecord', + 'mXRecord': 'urn:mace:dir:attribute-def:mXRecord', + 'mail': 'urn:mace:dir:attribute-def:mail', + 'mailPreferenceOption': 'urn:mace:dir:attribute-def:mailPreferenceOption', + 'manager': 'urn:mace:dir:attribute-def:manager', + 'member': 'urn:mace:dir:attribute-def:member', + 'mobile': 'urn:mace:dir:attribute-def:mobile', + 'mobileTelephoneNumber': 'urn:mace:dir:attribute-def:mobileTelephoneNumber', + 'nSRecord': 'urn:mace:dir:attribute-def:nSRecord', + 'name': 'urn:mace:dir:attribute-def:name', + 'norEduOrgAcronym': 'urn:mace:dir:attribute-def:norEduOrgAcronym', + 'norEduOrgNIN': 'urn:mace:dir:attribute-def:norEduOrgNIN', + 'norEduOrgSchemaVersion': 'urn:mace:dir:attribute-def:norEduOrgSchemaVersion', + 'norEduOrgUniqueIdentifier': 'urn:mace:dir:attribute-def:norEduOrgUniqueIdentifier', + 'norEduOrgUniqueNumber': 'urn:mace:dir:attribute-def:norEduOrgUniqueNumber', + 'norEduOrgUnitUniqueIdentifier': 'urn:mace:dir:attribute-def:norEduOrgUnitUniqueIdentifier', + 'norEduOrgUnitUniqueNumber': 'urn:mace:dir:attribute-def:norEduOrgUnitUniqueNumber', + 'norEduPersonBirthDate': 'urn:mace:dir:attribute-def:norEduPersonBirthDate', + 'norEduPersonLIN': 'urn:mace:dir:attribute-def:norEduPersonLIN', + 'norEduPersonNIN': 'urn:mace:dir:attribute-def:norEduPersonNIN', + 'o': 'urn:mace:dir:attribute-def:o', + 'objectClass': 'urn:mace:dir:attribute-def:objectClass', + 'organizationName': 'urn:mace:dir:attribute-def:organizationName', + 'organizationalStatus': 'urn:mace:dir:attribute-def:organizationalStatus', + 'organizationalUnitName': 'urn:mace:dir:attribute-def:organizationalUnitName', + 'otherMailbox': 'urn:mace:dir:attribute-def:otherMailbox', + 'ou': 'urn:mace:dir:attribute-def:ou', + 'owner': 'urn:mace:dir:attribute-def:owner', + 'pager': 'urn:mace:dir:attribute-def:pager', + 'pagerTelephoneNumber': 'urn:mace:dir:attribute-def:pagerTelephoneNumber', + 'personalSignature': 'urn:mace:dir:attribute-def:personalSignature', + 'personalTitle': 'urn:mace:dir:attribute-def:personalTitle', + 'photo': 'urn:mace:dir:attribute-def:photo', + 'physicalDeliveryOfficeName': 'urn:mace:dir:attribute-def:physicalDeliveryOfficeName', + 'pkcs9email': 'urn:mace:dir:attribute-def:pkcs9email', + 'postOfficeBox': 'urn:mace:dir:attribute-def:postOfficeBox', + 'postalAddress': 'urn:mace:dir:attribute-def:postalAddress', + 'postalCode': 'urn:mace:dir:attribute-def:postalCode', + 'preferredDeliveryMethod': 'urn:mace:dir:attribute-def:preferredDeliveryMethod', + 'preferredLanguage': 'urn:mace:dir:attribute-def:preferredLanguage', + 'presentationAddress': 'urn:mace:dir:attribute-def:presentationAddress', + 'protocolInformation': 'urn:mace:dir:attribute-def:protocolInformation', + 'pseudonym': 'urn:mace:dir:attribute-def:pseudonym', + 'registeredAddress': 'urn:mace:dir:attribute-def:registeredAddress', + 'rfc822Mailbox': 'urn:mace:dir:attribute-def:rfc822Mailbox', + 'roleOccupant': 'urn:mace:dir:attribute-def:roleOccupant', + 'roomNumber': 'urn:mace:dir:attribute-def:roomNumber', + 'sOARecord': 'urn:mace:dir:attribute-def:sOARecord', + 'searchGuide': 'urn:mace:dir:attribute-def:searchGuide', + 'secretary': 'urn:mace:dir:attribute-def:secretary', + 'seeAlso': 'urn:mace:dir:attribute-def:seeAlso', + 'serialNumber': 'urn:mace:dir:attribute-def:serialNumber', + 'singleLevelQuality': 'urn:mace:dir:attribute-def:singleLevelQuality', + 'sn': 'urn:mace:dir:attribute-def:sn', + 'st': 'urn:mace:dir:attribute-def:st', + 'stateOrProvinceName': 'urn:mace:dir:attribute-def:stateOrProvinceName', + 'street': 'urn:mace:dir:attribute-def:street', + 'streetAddress': 'urn:mace:dir:attribute-def:streetAddress', + 'subtreeMaximumQuality': 'urn:mace:dir:attribute-def:subtreeMaximumQuality', + 'subtreeMinimumQuality': 'urn:mace:dir:attribute-def:subtreeMinimumQuality', + 'supportedAlgorithms': 'urn:mace:dir:attribute-def:supportedAlgorithms', + 'supportedApplicationContext': 'urn:mace:dir:attribute-def:supportedApplicationContext', + 'surname': 'urn:mace:dir:attribute-def:surname', + 'telephoneNumber': 'urn:mace:dir:attribute-def:telephoneNumber', + 'teletexTerminalIdentifier': 'urn:mace:dir:attribute-def:teletexTerminalIdentifier', + 'telexNumber': 'urn:mace:dir:attribute-def:telexNumber', + 'textEncodedORAddress': 'urn:mace:dir:attribute-def:textEncodedORAddress', + 'title': 'urn:mace:dir:attribute-def:title', + 'uid': 'urn:mace:dir:attribute-def:uid', + 'uniqueIdentifier': 'urn:mace:dir:attribute-def:uniqueIdentifier', + 'uniqueMember': 'urn:mace:dir:attribute-def:uniqueMember', + 'userCertificate': 'urn:mace:dir:attribute-def:userCertificate', + 'userClass': 'urn:mace:dir:attribute-def:userClass', + 'userPKCS12': 'urn:mace:dir:attribute-def:userPKCS12', + 'userPassword': 'urn:mace:dir:attribute-def:userPassword', + 'userSMIMECertificate': 'urn:mace:dir:attribute-def:userSMIMECertificate', + 'userid': 'urn:mace:dir:attribute-def:userid', + 'x121Address': 'urn:mace:dir:attribute-def:x121Address', + 'x500UniqueIdentifier': 'urn:mace:dir:attribute-def:x500UniqueIdentifier', + } +} \ No newline at end of file diff --git a/example_sp/sp-repoze/attributemaps/saml_uri.py b/example_sp/pysaml2/sp-repoze/attributemaps/saml_uri.py similarity index 100% rename from example_sp/sp-repoze/attributemaps/saml_uri.py rename to example_sp/pysaml2/sp-repoze/attributemaps/saml_uri.py diff --git a/example_sp/pysaml2/sp-repoze/attributemaps/shibboleth_uri.py b/example_sp/pysaml2/sp-repoze/attributemaps/shibboleth_uri.py new file mode 100644 index 00000000..d26bf006 --- /dev/null +++ b/example_sp/pysaml2/sp-repoze/attributemaps/shibboleth_uri.py @@ -0,0 +1,190 @@ +EDUPERSON_OID = "urn:oid:1.3.6.1.4.1.5923.1.1.1." +X500ATTR = "urn:oid:2.5.4." +NOREDUPERSON_OID = "urn:oid:1.3.6.1.4.1.2428.90.1." +NETSCAPE_LDAP = "urn:oid:2.16.840.1.113730.3.1." +UCL_DIR_PILOT = "urn:oid:0.9.2342.19200300.100.1." +PKCS_9 = "urn:oid:1.2.840.113549.1.9." +UMICH = "urn:oid:1.3.6.1.4.1.250.1.57." + +MAP = { + "identifier": "urn:mace:shibboleth:1.0:attributeNamespace:uri", + "fro": { + EDUPERSON_OID+'2': 'eduPersonNickname', + EDUPERSON_OID+'9': 'eduPersonScopedAffiliation', + EDUPERSON_OID+'11': 'eduPersonAssurance', + EDUPERSON_OID+'10': 'eduPersonTargetedID', + EDUPERSON_OID+'4': 'eduPersonOrgUnitDN', + NOREDUPERSON_OID+'6': 'norEduOrgAcronym', + NOREDUPERSON_OID+'7': 'norEduOrgUniqueIdentifier', + NOREDUPERSON_OID+'4': 'norEduPersonLIN', + EDUPERSON_OID+'1': 'eduPersonAffiliation', + NOREDUPERSON_OID+'2': 'norEduOrgUnitUniqueNumber', + NETSCAPE_LDAP+'40': 'userSMIMECertificate', + NOREDUPERSON_OID+'1': 'norEduOrgUniqueNumber', + NETSCAPE_LDAP+'241': 'displayName', + UCL_DIR_PILOT+'37': 'associatedDomain', + EDUPERSON_OID+'6': 'eduPersonPrincipalName', + NOREDUPERSON_OID+'8': 'norEduOrgUnitUniqueIdentifier', + NOREDUPERSON_OID+'9': 'federationFeideSchemaVersion', + X500ATTR+'53': 'deltaRevocationList', + X500ATTR+'52': 'supportedAlgorithms', + X500ATTR+'51': 'houseIdentifier', + X500ATTR+'50': 'uniqueMember', + X500ATTR+'19': 'physicalDeliveryOfficeName', + X500ATTR+'18': 'postOfficeBox', + X500ATTR+'17': 'postalCode', + X500ATTR+'16': 'postalAddress', + X500ATTR+'15': 'businessCategory', + X500ATTR+'14': 'searchGuide', + EDUPERSON_OID+'5': 'eduPersonPrimaryAffiliation', + X500ATTR+'12': 'title', + X500ATTR+'11': 'ou', + X500ATTR+'10': 'o', + X500ATTR+'37': 'cACertificate', + X500ATTR+'36': 'userCertificate', + X500ATTR+'31': 'member', + X500ATTR+'30': 'supportedApplicationContext', + X500ATTR+'33': 'roleOccupant', + X500ATTR+'32': 'owner', + NETSCAPE_LDAP+'1': 'carLicense', + PKCS_9+'1': 'email', + NETSCAPE_LDAP+'3': 'employeeNumber', + NETSCAPE_LDAP+'2': 'departmentNumber', + X500ATTR+'39': 'certificateRevocationList', + X500ATTR+'38': 'authorityRevocationList', + NETSCAPE_LDAP+'216': 'userPKCS12', + EDUPERSON_OID+'8': 'eduPersonPrimaryOrgUnitDN', + X500ATTR+'9': 'street', + X500ATTR+'8': 'st', + NETSCAPE_LDAP+'39': 'preferredLanguage', + EDUPERSON_OID+'7': 'eduPersonEntitlement', + X500ATTR+'2': 'knowledgeInformation', + X500ATTR+'7': 'l', + X500ATTR+'6': 'c', + X500ATTR+'5': 'serialNumber', + X500ATTR+'4': 'sn', + UCL_DIR_PILOT+'60': 'jpegPhoto', + X500ATTR+'65': 'pseudonym', + NOREDUPERSON_OID+'5': 'norEduPersonNIN', + UCL_DIR_PILOT+'3': 'mail', + UCL_DIR_PILOT+'25': 'dc', + X500ATTR+'40': 'crossCertificatePair', + X500ATTR+'42': 'givenName', + X500ATTR+'43': 'initials', + X500ATTR+'44': 'generationQualifier', + X500ATTR+'45': 'x500UniqueIdentifier', + X500ATTR+'46': 'dnQualifier', + X500ATTR+'47': 'enhancedSearchGuide', + X500ATTR+'48': 'protocolInformation', + X500ATTR+'54': 'dmdName', + NETSCAPE_LDAP+'4': 'employeeType', + X500ATTR+'22': 'teletexTerminalIdentifier', + X500ATTR+'23': 'facsimileTelephoneNumber', + X500ATTR+'20': 'telephoneNumber', + X500ATTR+'21': 'telexNumber', + X500ATTR+'26': 'registeredAddress', + X500ATTR+'27': 'destinationIndicator', + X500ATTR+'24': 'x121Address', + X500ATTR+'25': 'internationaliSDNNumber', + X500ATTR+'28': 'preferredDeliveryMethod', + X500ATTR+'29': 'presentationAddress', + EDUPERSON_OID+'3': 'eduPersonOrgDN', + NOREDUPERSON_OID+'3': 'norEduPersonBirthDate', + }, + "to":{ + 'roleOccupant': X500ATTR+'33', + 'gn': X500ATTR+'42', + 'norEduPersonNIN': NOREDUPERSON_OID+'5', + 'title': X500ATTR+'12', + 'facsimileTelephoneNumber': X500ATTR+'23', + 'mail': UCL_DIR_PILOT+'3', + 'postOfficeBox': X500ATTR+'18', + 'fax': X500ATTR+'23', + 'telephoneNumber': X500ATTR+'20', + 'norEduPersonBirthDate': NOREDUPERSON_OID+'3', + 'rfc822Mailbox': UCL_DIR_PILOT+'3', + 'dc': UCL_DIR_PILOT+'25', + 'countryName': X500ATTR+'6', + 'emailAddress': PKCS_9+'1', + 'employeeNumber': NETSCAPE_LDAP+'3', + 'organizationName': X500ATTR+'10', + 'eduPersonAssurance': EDUPERSON_OID+'11', + 'norEduOrgAcronym': NOREDUPERSON_OID+'6', + 'registeredAddress': X500ATTR+'26', + 'physicalDeliveryOfficeName': X500ATTR+'19', + 'associatedDomain': UCL_DIR_PILOT+'37', + 'l': X500ATTR+'7', + 'stateOrProvinceName': X500ATTR+'8', + 'federationFeideSchemaVersion': NOREDUPERSON_OID+'9', + 'pkcs9email': PKCS_9+'1', + 'givenName': X500ATTR+'42', + 'x500UniqueIdentifier': X500ATTR+'45', + 'eduPersonNickname': EDUPERSON_OID+'2', + 'houseIdentifier': X500ATTR+'51', + 'street': X500ATTR+'9', + 'supportedAlgorithms': X500ATTR+'52', + 'preferredLanguage': NETSCAPE_LDAP+'39', + 'postalAddress': X500ATTR+'16', + 'email': PKCS_9+'1', + 'norEduOrgUnitUniqueIdentifier': NOREDUPERSON_OID+'8', + 'eduPersonPrimaryOrgUnitDN': EDUPERSON_OID+'8', + 'c': X500ATTR+'6', + 'teletexTerminalIdentifier': X500ATTR+'22', + 'o': X500ATTR+'10', + 'cACertificate': X500ATTR+'37', + 'telexNumber': X500ATTR+'21', + 'ou': X500ATTR+'11', + 'initials': X500ATTR+'43', + 'eduPersonOrgUnitDN': EDUPERSON_OID+'4', + 'deltaRevocationList': X500ATTR+'53', + 'norEduPersonLIN': NOREDUPERSON_OID+'4', + 'supportedApplicationContext': X500ATTR+'30', + 'eduPersonEntitlement': EDUPERSON_OID+'7', + 'generationQualifier': X500ATTR+'44', + 'eduPersonAffiliation': EDUPERSON_OID+'1', + 'eduPersonPrincipalName': EDUPERSON_OID+'6', + 'localityName': X500ATTR+'7', + 'owner': X500ATTR+'32', + 'norEduOrgUnitUniqueNumber': NOREDUPERSON_OID+'2', + 'searchGuide': X500ATTR+'14', + 'certificateRevocationList': X500ATTR+'39', + 'organizationalUnitName': X500ATTR+'11', + 'userCertificate': X500ATTR+'36', + 'preferredDeliveryMethod': X500ATTR+'28', + 'internationaliSDNNumber': X500ATTR+'25', + 'uniqueMember': X500ATTR+'50', + 'departmentNumber': NETSCAPE_LDAP+'2', + 'enhancedSearchGuide': X500ATTR+'47', + 'userPKCS12': NETSCAPE_LDAP+'216', + 'eduPersonTargetedID': EDUPERSON_OID+'10', + 'norEduOrgUniqueNumber': NOREDUPERSON_OID+'1', + 'x121Address': X500ATTR+'24', + 'destinationIndicator': X500ATTR+'27', + 'eduPersonPrimaryAffiliation': EDUPERSON_OID+'5', + 'surname': X500ATTR+'4', + 'jpegPhoto': UCL_DIR_PILOT+'60', + 'eduPersonScopedAffiliation': EDUPERSON_OID+'9', + 'protocolInformation': X500ATTR+'48', + 'knowledgeInformation': X500ATTR+'2', + 'employeeType': NETSCAPE_LDAP+'4', + 'userSMIMECertificate': NETSCAPE_LDAP+'40', + 'member': X500ATTR+'31', + 'streetAddress': X500ATTR+'9', + 'dmdName': X500ATTR+'54', + 'postalCode': X500ATTR+'17', + 'pseudonym': X500ATTR+'65', + 'dnQualifier': X500ATTR+'46', + 'crossCertificatePair': X500ATTR+'40', + 'eduPersonOrgDN': EDUPERSON_OID+'3', + 'authorityRevocationList': X500ATTR+'38', + 'displayName': NETSCAPE_LDAP+'241', + 'businessCategory': X500ATTR+'15', + 'serialNumber': X500ATTR+'5', + 'norEduOrgUniqueIdentifier': NOREDUPERSON_OID+'7', + 'st': X500ATTR+'8', + 'carLicense': NETSCAPE_LDAP+'1', + 'presentationAddress': X500ATTR+'29', + 'sn': X500ATTR+'4', + 'domainComponent': UCL_DIR_PILOT+'25', + } +} \ No newline at end of file diff --git a/example_sp/sp-repoze/sp.py b/example_sp/pysaml2/sp-repoze/sp.py similarity index 100% rename from example_sp/sp-repoze/sp.py rename to example_sp/pysaml2/sp-repoze/sp.py diff --git a/example_sp/sp-repoze/sp_conf.py b/example_sp/pysaml2/sp-repoze/sp_conf.py similarity index 100% rename from example_sp/sp-repoze/sp_conf.py rename to example_sp/pysaml2/sp-repoze/sp_conf.py diff --git a/example_sp/sp-repoze/sp_conf.py.example b/example_sp/pysaml2/sp-repoze/sp_conf.py.example similarity index 100% rename from example_sp/sp-repoze/sp_conf.py.example rename to example_sp/pysaml2/sp-repoze/sp_conf.py.example diff --git a/example_sp/sp-repoze/who.ini b/example_sp/pysaml2/sp-repoze/who.ini similarity index 100% rename from example_sp/sp-repoze/who.ini rename to example_sp/pysaml2/sp-repoze/who.ini diff --git a/example_sp/pysaml2/sp-wsgi/metadata.xml b/example_sp/pysaml2/sp-wsgi/metadata.xml new file mode 100644 index 00000000..e69de29b diff --git a/example_sp/sp-wsgi/service_conf.py b/example_sp/pysaml2/sp-wsgi/service_conf.py similarity index 100% rename from example_sp/sp-wsgi/service_conf.py rename to example_sp/pysaml2/sp-wsgi/service_conf.py diff --git a/example_sp/sp-wsgi/service_conf.py.example b/example_sp/pysaml2/sp-wsgi/service_conf.py.example similarity index 100% rename from example_sp/sp-wsgi/service_conf.py.example rename to example_sp/pysaml2/sp-wsgi/service_conf.py.example diff --git a/example_sp/sp-wsgi/sp.py b/example_sp/pysaml2/sp-wsgi/sp.py similarity index 100% rename from example_sp/sp-wsgi/sp.py rename to example_sp/pysaml2/sp-wsgi/sp.py diff --git a/example_sp/pysaml2/sp-wsgi/sp.xml b/example_sp/pysaml2/sp-wsgi/sp.xml new file mode 100644 index 00000000..e69de29b diff --git a/example_sp/sp-wsgi/sp_conf.py b/example_sp/pysaml2/sp-wsgi/sp_conf.py similarity index 100% rename from example_sp/sp-wsgi/sp_conf.py rename to example_sp/pysaml2/sp-wsgi/sp_conf.py diff --git a/example_sp/sp-wsgi/sp_conf.py.example b/example_sp/pysaml2/sp-wsgi/sp_conf.py.example similarity index 100% rename from example_sp/sp-wsgi/sp_conf.py.example rename to example_sp/pysaml2/sp-wsgi/sp_conf.py.example diff --git a/example_sp/start.sh b/example_sp/pysaml2/start.sh similarity index 100% rename from example_sp/start.sh rename to example_sp/pysaml2/start.sh From b922bf9ac89bdd31e07075b3730b1e417ed6e42e Mon Sep 17 00:00:00 2001 From: Giuseppe Date: Fri, 23 Jul 2021 15:16:44 +0200 Subject: [PATCH 02/11] fix: pyop>=3.2.0 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 6456a12e..f3d487e1 100644 --- a/requirements.txt +++ b/requirements.txt @@ -28,7 +28,7 @@ pycparser==2.19 pycryptodomex==3.9.7 pyjwkest==1.4.2 pymongo==3.10.1 -pyop==3.0.1 +pyop>=3.2.0 pyOpenSSL==19.1.0 pyparsing==2.4.6 pystache==0.5.4 From 696fcee9be29e0afbdd678db27105ef6a6825906 Mon Sep 17 00:00:00 2001 From: Giuseppe Date: Fri, 23 Jul 2021 15:20:28 +0200 Subject: [PATCH 03/11] fix: gh actions --- .github/workflows/python-app.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml index 7ac6a9a6..ee04c38b 100644 --- a/.github/workflows/python-app.yml +++ b/.github/workflows/python-app.yml @@ -41,17 +41,20 @@ jobs: #flake8 oidc_provider --count --select=E9,F63,F7,F82 --show-source --statistics ## exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide #flake8 oidc_provider --max-line-length 120 --count --exit-zero --statistics - - name: Test with django - working-directory: ./oidc_provider/tests/example + - name: run djangosaml2 sp run: | cd example_sp/djangosaml2_sp/ bash run.sh & sleep 5 cd ../../example/ + - name: run satosa-saml2spid + run: | mkdir -p metadata/idp mkdir -p metadata/sp export SATOSA_APP=/usr/local/lib/$(python -c 'import sys; print(f"python{sys.version_info.major}.{sys.version_info.minor}")')/site-packages/satosa uwsgi --wsgi-file ../wsgi.py --https 0.0.0.0:10000,./pki/cert.pem,./pki/privkey.pem --callable app -b 32768 & sleep 5 + - name: spid-sp-test + run: | spid_sp_test --idp-metadata > metadata/idp/spid-sp-test.xml spid_sp_test --metadata-url https://localhost:10000/spidSaml2/metadata --authn-url "http://localhost:8000/saml2/login/?idp=https://localhost:10000/Saml2IDP/metadata&next=/saml2/echo_attributes&idphint=https%253A%252F%252Flocalhost%253A8080" -ap spid_sp_test.plugins.authn_request.SatosaSaml2Spid --extra --debug ERROR -tr From df8101bbdf9e31bd46d4c068e26248086f2b3f15 Mon Sep 17 00:00:00 2001 From: Giuseppe Date: Fri, 23 Jul 2021 15:26:32 +0200 Subject: [PATCH 04/11] chore: gh actions - added example pki files --- .github/workflows/python-app.yml | 4 ++ .gitignore | 1 - README.md | 2 +- example/pki/build_spid_certs.sh | 118 +++++++++++++++++++++++++++++++ example/pki/cert.pem | 29 ++++++++ example/pki/my.env | 8 +++ example/pki/oids.conf | 4 ++ example/pki/privkey.pem | 40 +++++++++++ 8 files changed, 204 insertions(+), 2 deletions(-) create mode 100644 example/pki/build_spid_certs.sh create mode 100644 example/pki/cert.pem create mode 100644 example/pki/my.env create mode 100644 example/pki/oids.conf create mode 100644 example/pki/privkey.pem diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml index ee04c38b..075b41f7 100644 --- a/.github/workflows/python-app.yml +++ b/.github/workflows/python-app.yml @@ -28,6 +28,10 @@ jobs: uses: actions/setup-python@v2 with: python-version: ${{ matrix.python-version }} + - name: Install system dependencies + run: | + apt update + apt install -y libffi-dev libssl-dev python3-pip xmlsec1 procps libpcre3 libpcre3-dev - name: Install dependencies run: | python -m pip install --upgrade pip diff --git a/.gitignore b/.gitignore index 8fb404d4..6fc3a3aa 100644 --- a/.gitignore +++ b/.gitignore @@ -12,5 +12,4 @@ example/metadata/*.md *pyFF_example/.whoosh *pyFF_example/garr *pyFF_example/entities -example/pki/* example_sp/djangosaml2_sp/sqlite3.db diff --git a/README.md b/README.md index e988ec97..74f727bf 100644 --- a/README.md +++ b/README.md @@ -107,7 +107,7 @@ source satosa.env/bin/activate ###### Dependencies ```` -sudo apt install -y libffi-dev libssl-dev xmlsec1 python3-pip xmlsec1 procps libpcre3 libpcre3-dev +sudo apt install -y libffi-dev libssl-dev python3-pip xmlsec1 procps libpcre3 libpcre3-dev git clone https://github.com/peppelinux/Satosa-Saml2Spid.git repository pip install -r repository/requirements.txt diff --git a/example/pki/build_spid_certs.sh b/example/pki/build_spid_certs.sh new file mode 100644 index 00000000..787e446f --- /dev/null +++ b/example/pki/build_spid_certs.sh @@ -0,0 +1,118 @@ +#!/bin/sh + +set -euo pipefail + +openssl_conf=$(mktemp) + +# check input parameters + +COMMON_NAME=${COMMON_NAME:=""} +if [ "X${COMMON_NAME}" == "X" ]; then + echo "[E] COMMON_NAME must be set" + exit 1 +fi + +LOCALITY_NAME=${LOCALITY_NAME:=""} +if [ "X${LOCALITY_NAME}" == "X" ]; then + echo "[E] LOCALITY_NAME must be set" + exit 1 +fi + +ORGANIZATION_IDENTIFIER=${ORGANIZATION_IDENTIFIER:=""} +if [ "X${ORGANIZATION_IDENTIFIER}" == "X" ]; then + echo "[E] ORGANIZATION_IDENTIFIER must be set" + exit 1 +fi + +if [ $(echo ${ORGANIZATION_IDENTIFIER} | grep -c '^PA:IT-') -ne 1 ]; then + echo "[E] ORGANIZATION_IDENTIFIER must be in the format of 'PA:IT-'" + exit 1 +fi + +ORGANIZATION_NAME=${ORGANIZATION_NAME:=""} +if [ "X${ORGANIZATION_NAME}" == "X" ]; then + echo "[E] ORGANIZATION_NAME must be set" + exit 1 +fi + +SERIAL_NUMBER=${SERIAL_NUMBER:=""} +if [ "X${SERIAL_NUMBER}" == "X" ]; then + echo "[E] SERIAL_NUMBER must be set" + exit 1 +fi + +URI=${URI:=""} +if [ "X${URI}" == "X" ]; then + echo "[E] URI must be set" + exit 1 +fi + +SPID_SECTOR=${SPID_SECTOR:=""} +if [ "X${SPID_SECTOR}" == "X" ]; then + echo "[E] SPID_SECTOR must be set" + exit 1 +fi + +case ${SPID_SECTOR} in + public) + POLICY_IDENTIFIER="spid-publicsector-SP" + ;; + private) + POLICY_IDENTIFIER="spid-privatesector-SP" + ;; + *) + echo "[E] SPID_SECTOR must be one of ['public', 'private']" + exit 1 + ;; +esac + +# generate configuration file + +cat > ${openssl_conf} < Date: Fri, 23 Jul 2021 15:27:28 +0200 Subject: [PATCH 05/11] chore: gh actions - added sudo to apt --- .github/workflows/python-app.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml index 075b41f7..e7903613 100644 --- a/.github/workflows/python-app.yml +++ b/.github/workflows/python-app.yml @@ -30,8 +30,8 @@ jobs: python-version: ${{ matrix.python-version }} - name: Install system dependencies run: | - apt update - apt install -y libffi-dev libssl-dev python3-pip xmlsec1 procps libpcre3 libpcre3-dev + sudo apt update + sudo apt install -y libffi-dev libssl-dev python3-pip xmlsec1 procps libpcre3 libpcre3-dev - name: Install dependencies run: | python -m pip install --upgrade pip From 88f97c7e47e16b5d62cdf349957ff5ed0671ebfb Mon Sep 17 00:00:00 2001 From: Giuseppe Date: Fri, 23 Jul 2021 15:30:42 +0200 Subject: [PATCH 06/11] chore: gh actions - added SATOSA_PATH --- .github/workflows/python-app.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml index e7903613..2fe52f97 100644 --- a/.github/workflows/python-app.yml +++ b/.github/workflows/python-app.yml @@ -56,7 +56,7 @@ jobs: mkdir -p metadata/idp mkdir -p metadata/sp export SATOSA_APP=/usr/local/lib/$(python -c 'import sys; print(f"python{sys.version_info.major}.{sys.version_info.minor}")')/site-packages/satosa - uwsgi --wsgi-file ../wsgi.py --https 0.0.0.0:10000,./pki/cert.pem,./pki/privkey.pem --callable app -b 32768 & + uwsgi --wsgi-file $SATOSA_APP/wsgi.py --https 0.0.0.0:10000,./pki/cert.pem,./pki/privkey.pem --callable app -b 32768 & sleep 5 - name: spid-sp-test run: | From 30e3f1fe0a1daae9d04a8199557904a8899a231a Mon Sep 17 00:00:00 2001 From: Giuseppe Date: Fri, 23 Jul 2021 15:41:53 +0200 Subject: [PATCH 07/11] fix: gh actions example project path --- .github/workflows/python-app.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml index 2fe52f97..128fb78a 100644 --- a/.github/workflows/python-app.yml +++ b/.github/workflows/python-app.yml @@ -50,9 +50,9 @@ jobs: cd example_sp/djangosaml2_sp/ bash run.sh & sleep 5 - cd ../../example/ - name: run satosa-saml2spid run: | + cd example mkdir -p metadata/idp mkdir -p metadata/sp export SATOSA_APP=/usr/local/lib/$(python -c 'import sys; print(f"python{sys.version_info.major}.{sys.version_info.minor}")')/site-packages/satosa From b90e891ea19c30979999da34713e40c27b996a09 Mon Sep 17 00:00:00 2001 From: Giuseppe Date: Fri, 23 Jul 2021 15:42:24 +0200 Subject: [PATCH 08/11] fix: gh actions example project path --- .github/workflows/python-app.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml index 128fb78a..0798f8ca 100644 --- a/.github/workflows/python-app.yml +++ b/.github/workflows/python-app.yml @@ -60,5 +60,6 @@ jobs: sleep 5 - name: spid-sp-test run: | + cd example spid_sp_test --idp-metadata > metadata/idp/spid-sp-test.xml spid_sp_test --metadata-url https://localhost:10000/spidSaml2/metadata --authn-url "http://localhost:8000/saml2/login/?idp=https://localhost:10000/Saml2IDP/metadata&next=/saml2/echo_attributes&idphint=https%253A%252F%252Flocalhost%253A8080" -ap spid_sp_test.plugins.authn_request.SatosaSaml2Spid --extra --debug ERROR -tr From 167c7c28312412d67f8e305ee53412e30d3566a3 Mon Sep 17 00:00:00 2001 From: Giuseppe Date: Fri, 23 Jul 2021 15:59:49 +0200 Subject: [PATCH 09/11] fix: gh actions spid-sp-test version and pip list debug command --- .github/workflows/python-app.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml index 0798f8ca..0ff99789 100644 --- a/.github/workflows/python-app.yml +++ b/.github/workflows/python-app.yml @@ -18,9 +18,9 @@ jobs: fail-fast: false matrix: python-version: - - '3.7' + #- '3.7' - '3.8' - - '3.9' + #- '3.9' steps: - uses: actions/checkout@v2 @@ -38,7 +38,8 @@ jobs: if [ -f requirements-dev.txt ]; then pip install -r requirements-dev.txt; fi if [ -f requirements.txt ]; then pip install -r requirements.txt; fi pip install -r example_sp/djangosaml2_sp/requirements.txt - pip install spid-sp-test + pip install spid-sp-test>=0.9.2 + pip list -v #- name: Lint with flake8 #run: | ## stop the build if there are Python syntax errors or undefined names From 643b625af0d4cdc5d4d29ad470bcd5e4bfc9e20a Mon Sep 17 00:00:00 2001 From: Giuseppe Date: Fri, 23 Jul 2021 16:09:36 +0200 Subject: [PATCH 10/11] chore: gh actions - SATOSA_PATH --- .github/workflows/python-app.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml index 0ff99789..33eb1c4e 100644 --- a/.github/workflows/python-app.yml +++ b/.github/workflows/python-app.yml @@ -56,8 +56,9 @@ jobs: cd example mkdir -p metadata/idp mkdir -p metadata/sp - export SATOSA_APP=/usr/local/lib/$(python -c 'import sys; print(f"python{sys.version_info.major}.{sys.version_info.minor}")')/site-packages/satosa - uwsgi --wsgi-file $SATOSA_APP/wsgi.py --https 0.0.0.0:10000,./pki/cert.pem,./pki/privkey.pem --callable app -b 32768 & + #export SATOSA_APP=/usr/local/lib/$(python -c 'import sys; print(f"python{sys.version_info.major}.{sys.version_info.minor}")')/site-packages/satosa + export SATOSA_APP=`python3 -c 'import sysconfig; print(sysconfig.get_paths()["purelib"])'` + uwsgi --wsgi-file $SATOSA_APP/satosa/wsgi.py --https 0.0.0.0:10000,./pki/cert.pem,./pki/privkey.pem --callable app -b 32768 & sleep 5 - name: spid-sp-test run: | From b64b9738fd1c74d2028d18b7633b3a6463550b8b Mon Sep 17 00:00:00 2001 From: Giuseppe Date: Fri, 23 Jul 2021 16:15:40 +0200 Subject: [PATCH 11/11] fix: gh action cleanup --- .github/workflows/python-app.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml index 33eb1c4e..6a89202f 100644 --- a/.github/workflows/python-app.yml +++ b/.github/workflows/python-app.yml @@ -18,9 +18,9 @@ jobs: fail-fast: false matrix: python-version: - #- '3.7' + - '3.7' - '3.8' - #- '3.9' + - '3.9' steps: - uses: actions/checkout@v2 @@ -56,7 +56,6 @@ jobs: cd example mkdir -p metadata/idp mkdir -p metadata/sp - #export SATOSA_APP=/usr/local/lib/$(python -c 'import sys; print(f"python{sys.version_info.major}.{sys.version_info.minor}")')/site-packages/satosa export SATOSA_APP=`python3 -c 'import sysconfig; print(sysconfig.get_paths()["purelib"])'` uwsgi --wsgi-file $SATOSA_APP/satosa/wsgi.py --https 0.0.0.0:10000,./pki/cert.pem,./pki/privkey.pem --callable app -b 32768 & sleep 5