p253591/rug-website
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

certificate fix

Browse Source
This commit is contained in:
H.T. Kruitbosch 2017-11-24 17:19:15 +01:00
parent 1f37cdf14c
commit 6a1b92680b
4 changed files with 26 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
rugwebsite/__init__.py
View File

@ -1 +1 @@
__version__ = '0.1.13' __version__ = '0.1.14'

BIN
rugwebsite/__pycache__/urls.cpython-35.pyc
View File

Binary file not shown.

36
rugwebsite/settings/default.py
View File

@ -70,7 +70,6 @@ AUTHENTICATION_BACKENDS = [
] ]
SAML_PROVIDER_METADATA_URL = 'https://tst-idp.id.rug.nl/nidp/saml2/metadata'
SAML_ROUTE = 'sso/saml/' SAML_ROUTE = 'sso/saml/'
SAML_REDIRECT = '/' SAML_REDIRECT = '/'
SAML_USERS_MAP = [{ SAML_USERS_MAP = [{
@ -82,8 +81,7 @@ SAML_USERS_MAP = [{
} }
}] }]
PRIVATE_KEY = """-----BEGIN PRIVATE KEY----- PRIVATE_KEY = """MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMqvdxxy/z9IXuxB
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMqvdxxy/z9IXuxB
hHWdJ4XYji21XWybsFYPB2LxKoTB0919oCSj8WsW2aeSUW6DsdLki1tHnqwhTO2D hHWdJ4XYji21XWybsFYPB2LxKoTB0919oCSj8WsW2aeSUW6DsdLki1tHnqwhTO2D
5YKyK0PLnF5UZQ6dTrJ7ybgzePAYPhETV+5rdTL9AwW4/wwkHfctidQK3/8ISCgW 5YKyK0PLnF5UZQ6dTrJ7ybgzePAYPhETV+5rdTL9AwW4/wwkHfctidQK3/8ISCgW
2hEWgaQuqPXZxJPShybKzL1q1WLPAgMBAAECgYBZIAMOXXrjxt0GomCunyZL8sfC 2hEWgaQuqPXZxJPShybKzL1q1WLPAgMBAAECgYBZIAMOXXrjxt0GomCunyZL8sfC
@ -96,11 +94,9 @@ vLgbAkEAhVJae6faue/2YdW1glIUsEOiWKhe14NQPk5PFRcN47B0QJsEC/Kc8c69
ExdslvbKVrhKG/BLSlSwtdBWKItCHQJAQCIIXmsYyyvU9xYHHVZzUQorq+ulQ0te ExdslvbKVrhKG/BLSlSwtdBWKItCHQJAQCIIXmsYyyvU9xYHHVZzUQorq+ulQ0te
XBzFe03/+CAJLkD8q4bysN80Mt4TVxmWH61+J9e/6cVPPK/CQsdoTQJBANo+44+3 XBzFe03/+CAJLkD8q4bysN80Mt4TVxmWH61+J9e/6cVPPK/CQsdoTQJBANo+44+3
j3n0K2eq9vDuttHbPB83APXMmjroEnuQF+sv5IK2VQENznoou/GqoflPUZXnzBxc j3n0K2eq9vDuttHbPB83APXMmjroEnuQF+sv5IK2VQENznoou/GqoflPUZXnzBxc
dFx3FLksqaZr5IM= dFx3FLksqaZr5IM="""
-----END PRIVATE KEY-----"""
X509 = """-----BEGIN CERTIFICATE----- X509 = """MIIDYDCCAsmgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBzDELMAkGA1UEBhMCbmwx
MIIDYDCCAsmgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBzDELMAkGA1UEBhMCbmwx
EjAQBgNVBAgMCUdyb25pbmdlbjEgMB4GA1UECgwXVW5pdmVyc2l0eSBvZiBHcm9u EjAQBgNVBAgMCUdyb25pbmdlbjEgMB4GA1UECgwXVW5pdmVyc2l0eSBvZiBHcm9u
aW5nZW4xKTAnBgNVBAMMIGNvc21vLnNlcnZpY2UucnVnLm5sL3J1Zy13ZWJzaXRl aW5nZW4xKTAnBgNVBAMMIGNvc21vLnNlcnZpY2UucnVnLm5sL3J1Zy13ZWJzaXRl
MRIwEAYDVQQHDAlHcm9uaW5nZW4xKDAmBgNVBAsMH1Jlc2VhcmNoIGFuZCBJbm5v MRIwEAYDVQQHDAlHcm9uaW5nZW4xKDAmBgNVBAsMH1Jlc2VhcmNoIGFuZCBJbm5v
@ -118,11 +114,9 @@ ePcwHwYDVR0jBBgwFoAUZeo8RVZu3DThn3/zFG0F9GY3ePcwDAYDVR0TBAUwAwEB
/zANBgkqhkiG9w0BAQ0FAAOBgQA05TKxrECfo9riTAkSSJlr4mCO3rcRdeFy6r7w /zANBgkqhkiG9w0BAQ0FAAOBgQA05TKxrECfo9riTAkSSJlr4mCO3rcRdeFy6r7w
84oASZdRsqyZDngQdR9QnMpIxuEt9jwoTe/5le6wq67hZtTKewZc/IhcZvbqxTmi 84oASZdRsqyZDngQdR9QnMpIxuEt9jwoTe/5le6wq67hZtTKewZc/IhcZvbqxTmi
UWSCBCsT1tlzm8plg2B8mqS+Sp/b8ouRVaDrHbjXciL+831LmhRy1FJwEYKGwCZE UWSCBCsT1tlzm8plg2B8mqS+Sp/b8ouRVaDrHbjXciL+831LmhRy1FJwEYKGwCZE
i1/B4Q== i1/B4Q=="""
-----END CERTIFICATE-----"""
CSR = """-----BEGIN CERTIFICATE REQUEST----- CSR = """MIICDTCCAXYCAQAwgcwxCzAJBgNVBAYTAm5sMRIwEAYDVQQIDAlHcm9uaW5nZW4x
MIICDTCCAXYCAQAwgcwxCzAJBgNVBAYTAm5sMRIwEAYDVQQIDAlHcm9uaW5nZW4x
IDAeBgNVBAoMF1VuaXZlcnNpdHkgb2YgR3JvbmluZ2VuMSkwJwYDVQQDDCBjb3Nt IDAeBgNVBAoMF1VuaXZlcnNpdHkgb2YgR3JvbmluZ2VuMSkwJwYDVQQDDCBjb3Nt
by5zZXJ2aWNlLnJ1Zy5ubC9ydWctd2Vic2l0ZTESMBAGA1UEBwwJR3JvbmluZ2Vu by5zZXJ2aWNlLnJ1Zy5ubC9ydWctd2Vic2l0ZTESMBAGA1UEBwwJR3JvbmluZ2Vu
MSgwJgYDVQQLDB9SZXNlYXJjaCBhbmQgSW5ub3ZhdGlvbiBTdXBwb3J0MR4wHAYJ MSgwJgYDVQQLDB9SZXNlYXJjaCBhbmQgSW5ub3ZhdGlvbiBTdXBwb3J0MR4wHAYJ
@ -133,10 +127,12 @@ AwW4/wwkHfctidQK3/8ISCgW2hEWgaQuqPXZxJPShybKzL1q1WLPAgMBAAGgADAN
BgkqhkiG9w0BAQ0FAAOBgQBClx4glTL7szKmUUFwgRa0LVpZh8b0TknJC3+6TLXo BgkqhkiG9w0BAQ0FAAOBgQBClx4glTL7szKmUUFwgRa0LVpZh8b0TknJC3+6TLXo
I/4Ws3VSl/lTx1LU1ZR0JGvTF6WnrxpuXpyknZ3zRP7Ud5wYjIo7Moqcfr0Fsbpc I/4Ws3VSl/lTx1LU1ZR0JGvTF6WnrxpuXpyknZ3zRP7Ud5wYjIo7Moqcfr0Fsbpc
hv4a9zOzY7uuYesrOS5Bzr83BR0rvztlGbPAWnV2KpIODTLoEFTCHo+Ksprpvl18 hv4a9zOzY7uuYesrOS5Bzr83BR0rvztlGbPAWnV2KpIODTLoEFTCHo+Ksprpvl18
Zw== Zw=="""
-----END CERTIFICATE REQUEST-----"""
SAML_PROVIDER_METADATA_URL = 'https://tst-idp.id.rug.nl/nidp/saml2/metadata'
import sys import sys
from onelogin.saml2.xml_utils import OneLogin_Saml2_XML
if sys.version_info[0] == 2: if sys.version_info[0] == 2:
import urllib # python 2 import urllib # python 2
else: else:
@ -144,7 +140,17 @@ else:
import urllib.request as urllib # python 3 import urllib.request as urllib # python 3
with urllib.urlopen(SAML_PROVIDER_METADATA_URL) as u: with urllib.urlopen(SAML_PROVIDER_METADATA_URL) as u:
RUG_PROVIDER_METADATA = u.read().decode('utf-8') RUG_PROVIDER_METADATA = u.read()
RUG_PROVIDER_X509CERT = OneLogin_Saml2_XML.query(
OneLogin_Saml2_XML.to_etree(RUG_PROVIDER_METADATA),
'/md:EntityDescriptor/ds:Signature/ds:KeyInfo/ds:X509Data/ds:X509Certificate'
)
assert len(RUG_PROVIDER_X509CERT) > 0, "Excepted a X509 RUG Provider Certificate"
assert len(RUG_PROVIDER_X509CERT) == 1, "Excepted no more than 1 X509 RUG Provider Certificate"
RUG_PROVIDER_X509CERT = RUG_PROVIDER_X509CERT[0].text.strip()
SAML_PROVIDERS = [{ SAML_PROVIDERS = [{
"RuG": { "RuG": {
@ -176,7 +182,7 @@ SAML_PROVIDERS = [{
"url": "https://tst-idp.id.rug.nl/nidp/saml2/spslo", "url": "https://tst-idp.id.rug.nl/nidp/saml2/spslo",
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
}, },
"x509cert": RUG_PROVIDER_METADATA, "x509cert": RUG_PROVIDER_X509CERT,
}, },
"organization": { "organization": {
"en-US": { "en-US": {

10
rugwebsite/urls.py
View File

@ -1,11 +1,9 @@
from django.conf.urls import include, url from django.conf.urls import include, url
from django.contrib.auth.views import login
from rugwebsite.views import home
import django_saml2_pro_auth.urls as saml_urls import django_saml2_pro_auth.urls as saml_urls
from rugwebsite.views import home
urlpatterns = [ urlpatterns = [
url(r'^', include(saml_urls, namespace='saml')), url(r'', include(saml_urls, namespace='saml')),
# url(r'^login', login, name='login'), url(r'$', home),
url(r'^$', home),
] ]