settings working
This commit is contained in:
@@ -67,154 +67,10 @@ AUTHENTICATION_BACKENDS = [
|
||||
'django_saml2_pro_auth.auth.Backend'
|
||||
]
|
||||
|
||||
|
||||
SAML_ROUTE = 'sso/saml/'
|
||||
SAML_REDIRECT = '/'
|
||||
SAML_USERS_MAP = [{
|
||||
"RuG": {
|
||||
"email": dict(key="urn:mace:dir:attribute-def:mail", index=0),
|
||||
"username": dict(key="urn:mace:dir:attribute-def:uid", index=0),
|
||||
"first_name": dict(key="urn:mace:dir:attribute-def:gn", index=0),
|
||||
"last_name": dict(key="urn:mace:dir:attribute-def:sn", index=0),
|
||||
}
|
||||
}]
|
||||
SAML_USERS_MAP = []
|
||||
|
||||
PRIVATE_KEY = """MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMqvdxxy/z9IXuxB
|
||||
hHWdJ4XYji21XWybsFYPB2LxKoTB0919oCSj8WsW2aeSUW6DsdLki1tHnqwhTO2D
|
||||
5YKyK0PLnF5UZQ6dTrJ7ybgzePAYPhETV+5rdTL9AwW4/wwkHfctidQK3/8ISCgW
|
||||
2hEWgaQuqPXZxJPShybKzL1q1WLPAgMBAAECgYBZIAMOXXrjxt0GomCunyZL8sfC
|
||||
TagBJAzMKtuipE2ABwM0uBL9SaHU5z1aNDrej8ZX5+tnffzFz/bV0lPPvqzK4CRm
|
||||
KRNdYLcqXjlNPmaKvWDEJs6Fh6bZOycOENZEREjkfaVlvsAS7QJfHBuZIv+v+n9o
|
||||
SE2YzOeCs76fdjjQMQJBAPQcsYEX11S1eAUtyoQKqf8v3CezNcM1BI2h7e3c52FS
|
||||
rBrNJSYBKkBTL9Nm9+2K9LBV8nvhLsI2MVqiK2udk10CQQDUjk/pDWBS6olsgLby
|
||||
5IlT4qWi1GLlXV07hAwD4I6Xk0SefZ3s8CgUUwaGnn2/5uZomeCirpCNVmqmyXuD
|
||||
vLgbAkEAhVJae6faue/2YdW1glIUsEOiWKhe14NQPk5PFRcN47B0QJsEC/Kc8c69
|
||||
ExdslvbKVrhKG/BLSlSwtdBWKItCHQJAQCIIXmsYyyvU9xYHHVZzUQorq+ulQ0te
|
||||
XBzFe03/+CAJLkD8q4bysN80Mt4TVxmWH61+J9e/6cVPPK/CQsdoTQJBANo+44+3
|
||||
j3n0K2eq9vDuttHbPB83APXMmjroEnuQF+sv5IK2VQENznoou/GqoflPUZXnzBxc
|
||||
dFx3FLksqaZr5IM="""
|
||||
|
||||
X509 = """MIIDYDCCAsmgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBzDELMAkGA1UEBhMCbmwx
|
||||
EjAQBgNVBAgMCUdyb25pbmdlbjEgMB4GA1UECgwXVW5pdmVyc2l0eSBvZiBHcm9u
|
||||
aW5nZW4xKTAnBgNVBAMMIGNvc21vLnNlcnZpY2UucnVnLm5sL3J1Zy13ZWJzaXRl
|
||||
MRIwEAYDVQQHDAlHcm9uaW5nZW4xKDAmBgNVBAsMH1Jlc2VhcmNoIGFuZCBJbm5v
|
||||
dmF0aW9uIFN1cHBvcnQxHjAcBgkqhkiG9w0BCQEWD3Jpc0BsaXN0LnJ1Zy5ubDAe
|
||||
Fw0xNzExMTQwODM4NTVaFw0yNzExMTIwODM4NTVaMIHMMQswCQYDVQQGEwJubDES
|
||||
MBAGA1UECAwJR3JvbmluZ2VuMSAwHgYDVQQKDBdVbml2ZXJzaXR5IG9mIEdyb25p
|
||||
bmdlbjEpMCcGA1UEAwwgY29zbW8uc2VydmljZS5ydWcubmwvcnVnLXdlYnNpdGUx
|
||||
EjAQBgNVBAcMCUdyb25pbmdlbjEoMCYGA1UECwwfUmVzZWFyY2ggYW5kIElubm92
|
||||
YXRpb24gU3VwcG9ydDEeMBwGCSqGSIb3DQEJARYPcmlzQGxpc3QucnVnLm5sMIGf
|
||||
MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKr3cccv8/SF7sQYR1nSeF2I4ttV1s
|
||||
m7BWDwdi8SqEwdPdfaAko/FrFtmnklFug7HS5ItbR56sIUztg+WCsitDy5xeVGUO
|
||||
nU6ye8m4M3jwGD4RE1fua3Uy/QMFuP8MJB33LYnUCt//CEgoFtoRFoGkLqj12cST
|
||||
0ocmysy9atVizwIDAQABo1AwTjAdBgNVHQ4EFgQUZeo8RVZu3DThn3/zFG0F9GY3
|
||||
ePcwHwYDVR0jBBgwFoAUZeo8RVZu3DThn3/zFG0F9GY3ePcwDAYDVR0TBAUwAwEB
|
||||
/zANBgkqhkiG9w0BAQ0FAAOBgQA05TKxrECfo9riTAkSSJlr4mCO3rcRdeFy6r7w
|
||||
84oASZdRsqyZDngQdR9QnMpIxuEt9jwoTe/5le6wq67hZtTKewZc/IhcZvbqxTmi
|
||||
UWSCBCsT1tlzm8plg2B8mqS+Sp/b8ouRVaDrHbjXciL+831LmhRy1FJwEYKGwCZE
|
||||
i1/B4Q=="""
|
||||
|
||||
CSR = """MIICDTCCAXYCAQAwgcwxCzAJBgNVBAYTAm5sMRIwEAYDVQQIDAlHcm9uaW5nZW4x
|
||||
IDAeBgNVBAoMF1VuaXZlcnNpdHkgb2YgR3JvbmluZ2VuMSkwJwYDVQQDDCBjb3Nt
|
||||
by5zZXJ2aWNlLnJ1Zy5ubC9ydWctd2Vic2l0ZTESMBAGA1UEBwwJR3JvbmluZ2Vu
|
||||
MSgwJgYDVQQLDB9SZXNlYXJjaCBhbmQgSW5ub3ZhdGlvbiBTdXBwb3J0MR4wHAYJ
|
||||
KoZIhvcNAQkBFg9yaXNAbGlzdC5ydWcubmwwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
|
||||
MIGJAoGBAMqvdxxy/z9IXuxBhHWdJ4XYji21XWybsFYPB2LxKoTB0919oCSj8WsW
|
||||
2aeSUW6DsdLki1tHnqwhTO2D5YKyK0PLnF5UZQ6dTrJ7ybgzePAYPhETV+5rdTL9
|
||||
AwW4/wwkHfctidQK3/8ISCgW2hEWgaQuqPXZxJPShybKzL1q1WLPAgMBAAGgADAN
|
||||
BgkqhkiG9w0BAQ0FAAOBgQBClx4glTL7szKmUUFwgRa0LVpZh8b0TknJC3+6TLXo
|
||||
I/4Ws3VSl/lTx1LU1ZR0JGvTF6WnrxpuXpyknZ3zRP7Ud5wYjIo7Moqcfr0Fsbpc
|
||||
hv4a9zOzY7uuYesrOS5Bzr83BR0rvztlGbPAWnV2KpIODTLoEFTCHo+Ksprpvl18
|
||||
Zw=="""
|
||||
|
||||
SAML_PROVIDER_METADATA_URL = 'https://tst-idp.id.rug.nl/nidp/saml2/metadata'
|
||||
|
||||
import sys
|
||||
from onelogin.saml2.xml_utils import OneLogin_Saml2_XML
|
||||
if sys.version_info[0] == 2:
|
||||
import urllib # python 2
|
||||
else:
|
||||
assert sys.version_info[0] == 3
|
||||
import urllib.request as urllib # python 3
|
||||
|
||||
with urllib.urlopen(SAML_PROVIDER_METADATA_URL) as u:
|
||||
RUG_PROVIDER_METADATA = u.read()
|
||||
RUG_PROVIDER_X509CERT = OneLogin_Saml2_XML.query(
|
||||
OneLogin_Saml2_XML.to_etree(RUG_PROVIDER_METADATA),
|
||||
'/md:EntityDescriptor/ds:Signature/ds:KeyInfo/ds:X509Data/ds:X509Certificate'
|
||||
)
|
||||
|
||||
assert len(RUG_PROVIDER_X509CERT) > 0, "Excepted a X509 RUG Provider Certificate"
|
||||
assert len(RUG_PROVIDER_X509CERT) == 1, "Excepted no more than 1 X509 RUG Provider Certificate"
|
||||
RUG_PROVIDER_X509CERT = RUG_PROVIDER_X509CERT[0].text.strip()
|
||||
|
||||
|
||||
|
||||
SAML_PROVIDERS = [{
|
||||
"RuG": {
|
||||
"strict": True,
|
||||
"debug": True,
|
||||
"custom_base_path": "",
|
||||
"sp": {
|
||||
"entityId": "https://cosmo.service.rug.nl/rug-website/saml2/metadata",
|
||||
# "entityId": "https://cosmo.service.rug.nl/rugwebsite/saml/metadata?provider=RuG",
|
||||
"assertionConsumerService": {
|
||||
"url": "https://cosmo.service.rug.nl/rugwebsite/sso/saml/?provider=RuG&acs",
|
||||
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
|
||||
},
|
||||
"singleLogoutService": {
|
||||
"url": "https://cosmo.service.rug.nl/rugwebsite/sso/saml/?provider=RuG",
|
||||
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
|
||||
},
|
||||
"NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
|
||||
"x509cert": X509,
|
||||
"privateKey": PRIVATE_KEY,
|
||||
},
|
||||
"idp": {
|
||||
"entityId": "https://tst-idp.id.rug.nl/nidp/saml2/metadata",
|
||||
"singleSignOnService": {
|
||||
"url": "https://tst-idp.id.rug.nl/nidp/saml2/sso",
|
||||
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
|
||||
},
|
||||
"singleLogoutService": {
|
||||
"url": "https://tst-idp.id.rug.nl/nidp/saml2/spslo",
|
||||
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
|
||||
},
|
||||
"x509cert": RUG_PROVIDER_X509CERT,
|
||||
},
|
||||
"organization": {
|
||||
"en-US": {
|
||||
"name": "University of Groningen",
|
||||
"displayname": "University of Groningen",
|
||||
"url": "https://cosmo.service.rug.nl/rugwebsite/"
|
||||
}
|
||||
},
|
||||
"contact_person": {
|
||||
"technical": {
|
||||
"given_name": "Research and Innovation Support",
|
||||
"email_address": "ris@list.rug.nl"
|
||||
},
|
||||
"support": {
|
||||
"given_name": "Research and Innovation Support",
|
||||
"email_address": "ris@list.rug.nl"
|
||||
}
|
||||
},
|
||||
"security": {
|
||||
"requestedAuthnContext": False,
|
||||
"name_id_encrypted": False,
|
||||
"authn_requests_signed": True,
|
||||
"logout_requests_signed": False,
|
||||
"logout_response_signed": False,
|
||||
"sign_metadata": False,
|
||||
"want_messages_signed": False,
|
||||
"want_assertions_signed": True,
|
||||
"want_name_id": True,
|
||||
"want_name_id_encrypted": False,
|
||||
"want_assertions_encrypted": True,
|
||||
"signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
|
||||
"digest_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
|
||||
}
|
||||
}
|
||||
}]
|
||||
SAML_PROVIDERS = []
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user