diff --git a/rugwebsite/__init__.py b/rugwebsite/__init__.py index bfeb9d6..0bf4170 100644 --- a/rugwebsite/__init__.py +++ b/rugwebsite/__init__.py @@ -1 +1 @@ -__version__ = '0.1.13' \ No newline at end of file +__version__ = '0.1.14' \ No newline at end of file diff --git a/rugwebsite/__pycache__/urls.cpython-35.pyc b/rugwebsite/__pycache__/urls.cpython-35.pyc index 862f2c2..e7f3361 100644 Binary files a/rugwebsite/__pycache__/urls.cpython-35.pyc and b/rugwebsite/__pycache__/urls.cpython-35.pyc differ diff --git a/rugwebsite/settings/default.py b/rugwebsite/settings/default.py index 9867a43..6d916b0 100755 --- a/rugwebsite/settings/default.py +++ b/rugwebsite/settings/default.py @@ -70,7 +70,6 @@ AUTHENTICATION_BACKENDS = [ ] -SAML_PROVIDER_METADATA_URL = 'https://tst-idp.id.rug.nl/nidp/saml2/metadata' SAML_ROUTE = 'sso/saml/' SAML_REDIRECT = '/' SAML_USERS_MAP = [{ @@ -82,8 +81,7 @@ SAML_USERS_MAP = [{ } }] -PRIVATE_KEY = """-----BEGIN PRIVATE KEY----- -MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMqvdxxy/z9IXuxB +PRIVATE_KEY = """MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMqvdxxy/z9IXuxB hHWdJ4XYji21XWybsFYPB2LxKoTB0919oCSj8WsW2aeSUW6DsdLki1tHnqwhTO2D 5YKyK0PLnF5UZQ6dTrJ7ybgzePAYPhETV+5rdTL9AwW4/wwkHfctidQK3/8ISCgW 2hEWgaQuqPXZxJPShybKzL1q1WLPAgMBAAECgYBZIAMOXXrjxt0GomCunyZL8sfC @@ -96,11 +94,9 @@ vLgbAkEAhVJae6faue/2YdW1glIUsEOiWKhe14NQPk5PFRcN47B0QJsEC/Kc8c69 ExdslvbKVrhKG/BLSlSwtdBWKItCHQJAQCIIXmsYyyvU9xYHHVZzUQorq+ulQ0te XBzFe03/+CAJLkD8q4bysN80Mt4TVxmWH61+J9e/6cVPPK/CQsdoTQJBANo+44+3 j3n0K2eq9vDuttHbPB83APXMmjroEnuQF+sv5IK2VQENznoou/GqoflPUZXnzBxc -dFx3FLksqaZr5IM= ------END PRIVATE KEY-----""" +dFx3FLksqaZr5IM=""" -X509 = """-----BEGIN CERTIFICATE----- -MIIDYDCCAsmgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBzDELMAkGA1UEBhMCbmwx +X509 = """MIIDYDCCAsmgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBzDELMAkGA1UEBhMCbmwx EjAQBgNVBAgMCUdyb25pbmdlbjEgMB4GA1UECgwXVW5pdmVyc2l0eSBvZiBHcm9u aW5nZW4xKTAnBgNVBAMMIGNvc21vLnNlcnZpY2UucnVnLm5sL3J1Zy13ZWJzaXRl MRIwEAYDVQQHDAlHcm9uaW5nZW4xKDAmBgNVBAsMH1Jlc2VhcmNoIGFuZCBJbm5v @@ -118,11 +114,9 @@ ePcwHwYDVR0jBBgwFoAUZeo8RVZu3DThn3/zFG0F9GY3ePcwDAYDVR0TBAUwAwEB /zANBgkqhkiG9w0BAQ0FAAOBgQA05TKxrECfo9riTAkSSJlr4mCO3rcRdeFy6r7w 84oASZdRsqyZDngQdR9QnMpIxuEt9jwoTe/5le6wq67hZtTKewZc/IhcZvbqxTmi UWSCBCsT1tlzm8plg2B8mqS+Sp/b8ouRVaDrHbjXciL+831LmhRy1FJwEYKGwCZE -i1/B4Q== ------END CERTIFICATE-----""" +i1/B4Q==""" -CSR = """-----BEGIN CERTIFICATE REQUEST----- -MIICDTCCAXYCAQAwgcwxCzAJBgNVBAYTAm5sMRIwEAYDVQQIDAlHcm9uaW5nZW4x +CSR = """MIICDTCCAXYCAQAwgcwxCzAJBgNVBAYTAm5sMRIwEAYDVQQIDAlHcm9uaW5nZW4x IDAeBgNVBAoMF1VuaXZlcnNpdHkgb2YgR3JvbmluZ2VuMSkwJwYDVQQDDCBjb3Nt by5zZXJ2aWNlLnJ1Zy5ubC9ydWctd2Vic2l0ZTESMBAGA1UEBwwJR3JvbmluZ2Vu MSgwJgYDVQQLDB9SZXNlYXJjaCBhbmQgSW5ub3ZhdGlvbiBTdXBwb3J0MR4wHAYJ @@ -133,10 +127,12 @@ AwW4/wwkHfctidQK3/8ISCgW2hEWgaQuqPXZxJPShybKzL1q1WLPAgMBAAGgADAN BgkqhkiG9w0BAQ0FAAOBgQBClx4glTL7szKmUUFwgRa0LVpZh8b0TknJC3+6TLXo I/4Ws3VSl/lTx1LU1ZR0JGvTF6WnrxpuXpyknZ3zRP7Ud5wYjIo7Moqcfr0Fsbpc hv4a9zOzY7uuYesrOS5Bzr83BR0rvztlGbPAWnV2KpIODTLoEFTCHo+Ksprpvl18 -Zw== ------END CERTIFICATE REQUEST-----""" +Zw==""" + +SAML_PROVIDER_METADATA_URL = 'https://tst-idp.id.rug.nl/nidp/saml2/metadata' import sys +from onelogin.saml2.xml_utils import OneLogin_Saml2_XML if sys.version_info[0] == 2: import urllib # python 2 else: @@ -144,7 +140,17 @@ else: import urllib.request as urllib # python 3 with urllib.urlopen(SAML_PROVIDER_METADATA_URL) as u: - RUG_PROVIDER_METADATA = u.read().decode('utf-8') + RUG_PROVIDER_METADATA = u.read() + RUG_PROVIDER_X509CERT = OneLogin_Saml2_XML.query( + OneLogin_Saml2_XML.to_etree(RUG_PROVIDER_METADATA), + '/md:EntityDescriptor/ds:Signature/ds:KeyInfo/ds:X509Data/ds:X509Certificate' + ) + + assert len(RUG_PROVIDER_X509CERT) > 0, "Excepted a X509 RUG Provider Certificate" + assert len(RUG_PROVIDER_X509CERT) == 1, "Excepted no more than 1 X509 RUG Provider Certificate" + RUG_PROVIDER_X509CERT = RUG_PROVIDER_X509CERT[0].text.strip() + + SAML_PROVIDERS = [{ "RuG": { @@ -176,7 +182,7 @@ SAML_PROVIDERS = [{ "url": "https://tst-idp.id.rug.nl/nidp/saml2/spslo", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" }, - "x509cert": RUG_PROVIDER_METADATA, + "x509cert": RUG_PROVIDER_X509CERT, }, "organization": { "en-US": { diff --git a/rugwebsite/urls.py b/rugwebsite/urls.py index 7f87ac0..5b05bd2 100755 --- a/rugwebsite/urls.py +++ b/rugwebsite/urls.py @@ -1,11 +1,9 @@ from django.conf.urls import include, url - -from django.contrib.auth.views import login -from rugwebsite.views import home import django_saml2_pro_auth.urls as saml_urls +from rugwebsite.views import home + urlpatterns = [ - url(r'^', include(saml_urls, namespace='saml')), - # url(r'^login', login, name='login'), - url(r'^$', home), + url(r'', include(saml_urls, namespace='saml')), + url(r'$', home), ]