import os BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) SECRET_KEY = '_njkeh9n!4**hk@8e#e9mwa$#%7i5!bvl$2m**+v0l=g*nzm%b' DEBUG = True ALLOWED_HOSTS = [] LOGIN_REDIRECT_URL = '/' INSTALLED_APPS = ( 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'bootstrap4', 'rugwebsite', ) MIDDLEWARE_CLASSES = ( 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django.middleware.security.SecurityMiddleware', ) ROOT_URLCONF = 'rugwebsite.urls' TEMPLATES = [ { 'BACKEND': 'django.template.backends.django.DjangoTemplates', 'DIRS': [], 'APP_DIRS': True, 'OPTIONS': { 'context_processors': [ 'django.template.context_processors.debug', 'django.template.context_processors.request', 'django.contrib.auth.context_processors.auth', 'django.contrib.messages.context_processors.messages', ], }, }, ] DATABASES = { 'default': { 'ENGINE': 'django.db.backends.sqlite3', 'NAME': os.path.join(BASE_DIR, '..', 'db.sqlite3'), } } LANGUAGE_CODE = 'en-us' TIME_ZONE = 'Europe/Amsterdam' USE_I18N = True USE_L10N = True USE_TZ = True STATIC_URL = '/static/' STATIC_ROOT = os.path.join(BASE_DIR, 'static') LOGOUT_URL = '/logout/' LOGIN_URL = '/login/' AUTHENTICATION_BACKENDS = [ 'django_saml2_pro_auth.auth.Backend' ] SAML_PROVIDER_METADATA_URL = 'https://tst-idp.id.rug.nl/nidp/saml2/metadata' SAML_ROUTE = 'sso/saml/' SAML_REDIRECT = '/' SAML_USERS_MAP = [{ "RuG" : { "email": dict(key="Email", index=0), "name": dict(key="Username", index=0) } }] PRIVATE_KEY = """-----BEGIN PRIVATE KEY----- MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMqvdxxy/z9IXuxB hHWdJ4XYji21XWybsFYPB2LxKoTB0919oCSj8WsW2aeSUW6DsdLki1tHnqwhTO2D 5YKyK0PLnF5UZQ6dTrJ7ybgzePAYPhETV+5rdTL9AwW4/wwkHfctidQK3/8ISCgW 2hEWgaQuqPXZxJPShybKzL1q1WLPAgMBAAECgYBZIAMOXXrjxt0GomCunyZL8sfC TagBJAzMKtuipE2ABwM0uBL9SaHU5z1aNDrej8ZX5+tnffzFz/bV0lPPvqzK4CRm KRNdYLcqXjlNPmaKvWDEJs6Fh6bZOycOENZEREjkfaVlvsAS7QJfHBuZIv+v+n9o SE2YzOeCs76fdjjQMQJBAPQcsYEX11S1eAUtyoQKqf8v3CezNcM1BI2h7e3c52FS rBrNJSYBKkBTL9Nm9+2K9LBV8nvhLsI2MVqiK2udk10CQQDUjk/pDWBS6olsgLby 5IlT4qWi1GLlXV07hAwD4I6Xk0SefZ3s8CgUUwaGnn2/5uZomeCirpCNVmqmyXuD vLgbAkEAhVJae6faue/2YdW1glIUsEOiWKhe14NQPk5PFRcN47B0QJsEC/Kc8c69 ExdslvbKVrhKG/BLSlSwtdBWKItCHQJAQCIIXmsYyyvU9xYHHVZzUQorq+ulQ0te XBzFe03/+CAJLkD8q4bysN80Mt4TVxmWH61+J9e/6cVPPK/CQsdoTQJBANo+44+3 j3n0K2eq9vDuttHbPB83APXMmjroEnuQF+sv5IK2VQENznoou/GqoflPUZXnzBxc dFx3FLksqaZr5IM= -----END PRIVATE KEY-----""" X509 = """-----BEGIN CERTIFICATE----- MIIDYDCCAsmgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBzDELMAkGA1UEBhMCbmwx EjAQBgNVBAgMCUdyb25pbmdlbjEgMB4GA1UECgwXVW5pdmVyc2l0eSBvZiBHcm9u aW5nZW4xKTAnBgNVBAMMIGNvc21vLnNlcnZpY2UucnVnLm5sL3J1Zy13ZWJzaXRl MRIwEAYDVQQHDAlHcm9uaW5nZW4xKDAmBgNVBAsMH1Jlc2VhcmNoIGFuZCBJbm5v dmF0aW9uIFN1cHBvcnQxHjAcBgkqhkiG9w0BCQEWD3Jpc0BsaXN0LnJ1Zy5ubDAe Fw0xNzExMTQwODM4NTVaFw0yNzExMTIwODM4NTVaMIHMMQswCQYDVQQGEwJubDES MBAGA1UECAwJR3JvbmluZ2VuMSAwHgYDVQQKDBdVbml2ZXJzaXR5IG9mIEdyb25p bmdlbjEpMCcGA1UEAwwgY29zbW8uc2VydmljZS5ydWcubmwvcnVnLXdlYnNpdGUx EjAQBgNVBAcMCUdyb25pbmdlbjEoMCYGA1UECwwfUmVzZWFyY2ggYW5kIElubm92 YXRpb24gU3VwcG9ydDEeMBwGCSqGSIb3DQEJARYPcmlzQGxpc3QucnVnLm5sMIGf MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKr3cccv8/SF7sQYR1nSeF2I4ttV1s m7BWDwdi8SqEwdPdfaAko/FrFtmnklFug7HS5ItbR56sIUztg+WCsitDy5xeVGUO nU6ye8m4M3jwGD4RE1fua3Uy/QMFuP8MJB33LYnUCt//CEgoFtoRFoGkLqj12cST 0ocmysy9atVizwIDAQABo1AwTjAdBgNVHQ4EFgQUZeo8RVZu3DThn3/zFG0F9GY3 ePcwHwYDVR0jBBgwFoAUZeo8RVZu3DThn3/zFG0F9GY3ePcwDAYDVR0TBAUwAwEB /zANBgkqhkiG9w0BAQ0FAAOBgQA05TKxrECfo9riTAkSSJlr4mCO3rcRdeFy6r7w 84oASZdRsqyZDngQdR9QnMpIxuEt9jwoTe/5le6wq67hZtTKewZc/IhcZvbqxTmi UWSCBCsT1tlzm8plg2B8mqS+Sp/b8ouRVaDrHbjXciL+831LmhRy1FJwEYKGwCZE i1/B4Q== -----END CERTIFICATE-----""" CSR = """-----BEGIN CERTIFICATE REQUEST----- MIICDTCCAXYCAQAwgcwxCzAJBgNVBAYTAm5sMRIwEAYDVQQIDAlHcm9uaW5nZW4x IDAeBgNVBAoMF1VuaXZlcnNpdHkgb2YgR3JvbmluZ2VuMSkwJwYDVQQDDCBjb3Nt by5zZXJ2aWNlLnJ1Zy5ubC9ydWctd2Vic2l0ZTESMBAGA1UEBwwJR3JvbmluZ2Vu MSgwJgYDVQQLDB9SZXNlYXJjaCBhbmQgSW5ub3ZhdGlvbiBTdXBwb3J0MR4wHAYJ KoZIhvcNAQkBFg9yaXNAbGlzdC5ydWcubmwwgZ8wDQYJKoZIhvcNAQEBBQADgY0A MIGJAoGBAMqvdxxy/z9IXuxBhHWdJ4XYji21XWybsFYPB2LxKoTB0919oCSj8WsW 2aeSUW6DsdLki1tHnqwhTO2D5YKyK0PLnF5UZQ6dTrJ7ybgzePAYPhETV+5rdTL9 AwW4/wwkHfctidQK3/8ISCgW2hEWgaQuqPXZxJPShybKzL1q1WLPAgMBAAGgADAN BgkqhkiG9w0BAQ0FAAOBgQBClx4glTL7szKmUUFwgRa0LVpZh8b0TknJC3+6TLXo I/4Ws3VSl/lTx1LU1ZR0JGvTF6WnrxpuXpyknZ3zRP7Ud5wYjIo7Moqcfr0Fsbpc hv4a9zOzY7uuYesrOS5Bzr83BR0rvztlGbPAWnV2KpIODTLoEFTCHo+Ksprpvl18 Zw== -----END CERTIFICATE REQUEST-----""" import sys if sys.version_info[0] == 2: import urllib # python 2 else: assert sys.version_info[0] == 3 import urllib.request as urllib # python 3 with urllib.urlopen(SAML_PROVIDER_METADATA_URL) as u: RUG_PROVIDER_METADATA = u.read().decode('utf-8') SAML_PROVIDERS = [{ "RuG": { "strict": True, "debug": True, "custom_base_path": "", "sp": { "entityId": "https://cosmo.service.rug.nl/rug-website/saml2/metadata", # "entityId": "https://cosmo.service.rug.nl/rugwebsite/saml/metadata?provider=RuG", "assertionConsumerService": { "url": "https://cosmo.service.rug.nl/rugwebsite/sso/saml/?provider=RuG&acs", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" }, "singleLogoutService": { "url": "https://cosmo.service.rug.nl/rugwebsite/sso/saml/?provider=RuG", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" }, "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", "x509cert": X509, "privateKey": PRIVATE_KEY, }, "idp": { "entityId": "https://tst-idp.id.rug.nl/nidp/saml2/metadata", "singleSignOnService": { "url": "https://tst-idp.id.rug.nl/nidp/saml2/sso", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" }, "singleLogoutService": { "url": "https://tst-idp.id.rug.nl/nidp/saml2/spslo", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" }, "x509cert": RUG_PROVIDER_METADATA, }, "organization": { "en-US": { "name": "University of Groningen", "displayname": "University of Groningen", "url": "https://www.rug.nl/" } }, "contact_person": { "technical": { "given_name": "Research and Innovation Support", "email_address": "ris@list.rug.nl" }, "support": { "given_name": "Research and Innovation Support", "email_address": "ris@list.rug.nl" } }, "security": { "name_id_encrypted": False, "authn_requests_signed": True, "logout_requests_signed": False, "logout_response_signed": False, "sign_metadata": False, "want_messages_signed": False, "want_assertions_signed": True, "want_name_id": True, "want_name_id_encrypted": False, "want_assertions_encrypted": True, "signature_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1", "digest_algorithm": "http://www.w3.org/2000/09/xmldsig#rsa-sha1", } } }]