diff options
| author | Leif Johansson <leifj@sunet.se> | 2012-04-02 15:30:37 +0200 |
|---|---|---|
| committer | Leif Johansson <leifj@sunet.se> | 2012-04-02 15:30:37 +0200 |
| commit | f939426fc32edb41be77c28d94c020a8fbc6c1bd (patch) | |
| tree | 7bbe63080376cc24044c47b76595baa2621ff7fd | |
| parent | dac8ce9528f7c1077f29c4fc7feb369f8aa459e9 (diff) | |
basic AA using pysaml2
| -rw-r--r-- | asgard/settings.d/10-apps.conf | 4 | ||||
| -rw-r--r-- | asgard/settings.d/20-saml.conf | 5 | ||||
| -rw-r--r-- | asgard/venv.conf | 2 | ||||
| -rw-r--r-- | coip/apps/saml2/__init__.py | 0 | ||||
| -rw-r--r-- | coip/apps/saml2/conf.py | 42 | ||||
| -rw-r--r-- | coip/apps/saml2/urls.py | 11 | ||||
| -rw-r--r-- | coip/apps/saml2/views.py | 61 | ||||
| -rw-r--r-- | coip/settings.py | 6 | ||||
| -rw-r--r-- | coip/urls.py | 3 | ||||
| -rw-r--r-- | saml2/attributemaps/basic.py | 326 | ||||
| -rw-r--r-- | saml2/attributemaps/saml_uri.py | 199 | ||||
| -rw-r--r-- | saml2/attributemaps/shibboleth_uri.py | 190 | ||||
| -rw-r--r-- | saml2/metadata/sp.xml | 79 |
13 files changed, 925 insertions, 3 deletions
diff --git a/asgard/settings.d/10-apps.conf b/asgard/settings.d/10-apps.conf index 7095a27..a5a05f5 100644 --- a/asgard/settings.d/10-apps.conf +++ b/asgard/settings.d/10-apps.conf @@ -1,3 +1,4 @@ + INSTALLED_APPS += [ 'coip.extensions', 'coip.apps.name', @@ -7,5 +8,6 @@ INSTALLED_APPS += [ 'coip.apps.link', 'actstream', 'coip.apps.opensocial', - 'coip.apps.activitystreams' + 'coip.apps.activitystreams', + 'coip.apps.saml2' ] diff --git a/asgard/settings.d/20-saml.conf b/asgard/settings.d/20-saml.conf new file mode 100644 index 0000000..302ca5a --- /dev/null +++ b/asgard/settings.d/20-saml.conf @@ -0,0 +1,5 @@ + +METADATA = 'http://md.swamid.se/md/swamid-1.0.xml' +AUTH_PROFILE_MODULE = 'userprofile.UserProfile' +SAML_KEY = "/etc/ssl/private/ssl-cert-snakeoil.key" +SAML_CERT = "/etc/ssl/certs/ssl-cert-snakeoil.pem"
\ No newline at end of file diff --git a/asgard/venv.conf b/asgard/venv.conf index 1d23b1d..f0df25e 100644 --- a/asgard/venv.conf +++ b/asgard/venv.conf @@ -6,6 +6,7 @@ django-celery==2.3.3 django-extensions==0.5 django-form-utils==0.2.0 git+git://github.com/leifj/django-oauth2-lite.git +https://launchpad.net/pysaml2/main/0.4.2/+download/pysaml2-0.4.2.tar.gz django-tagging==0.3.1 httplib2==0.6.0 importlib==1.0.2 @@ -23,3 +24,4 @@ wadllib==1.1.4 wsgiref==0.1.2 PIL==1.1.7 django-activity-stream==0.3.9 +python-memcached diff --git a/coip/apps/saml2/__init__.py b/coip/apps/saml2/__init__.py new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/coip/apps/saml2/__init__.py diff --git a/coip/apps/saml2/conf.py b/coip/apps/saml2/conf.py new file mode 100644 index 0000000..4dc70d9 --- /dev/null +++ b/coip/apps/saml2/conf.py @@ -0,0 +1,42 @@ +''' +Created on Apr 2, 2012 + +@author: leifj +''' + +from saml2 import BINDING_SOAP +from saml2.saml import NAME_FORMAT_URI +from coip.settings import PREFIX_URL, SAML_CERT, SAML_KEY, BASE_DIR, METADATA + +CONFIG={ + "entityid" : "%s/saml2/entity" % PREFIX_URL, + "description": "COIP", + "service": { + "aa": { + "name" : "COIP", + "endpoints" : { + "attribute_service" : [("%s/aq" % PREFIX_URL, BINDING_SOAP)], + }, + "policy": { + "default": { + "lifetime": {"minutes":15}, + "attribute_restrictions": None, # means all I have + "name_form": NAME_FORMAT_URI + }, + }, + "subject_data": ("dict", {}), + } + }, + "debug" : 1, + "key_file" : SAML_KEY, + "cert_file" : SAML_CERT, + "attribute_map_dir" : "%s/saml2/attributemaps" % BASE_DIR, + "metadata" : { + "local": ["%s/saml2/metadata/sp.xml" % BASE_DIR], + }, + "organization": { + "display_name": "COIP", + "name": "COIP", + "url": PREFIX_URL, + }, +}
\ No newline at end of file diff --git a/coip/apps/saml2/urls.py b/coip/apps/saml2/urls.py new file mode 100644 index 0000000..1654c66 --- /dev/null +++ b/coip/apps/saml2/urls.py @@ -0,0 +1,11 @@ +''' +Created on Nov 7, 2011 + +@author: leifj +''' +from django.conf.urls.defaults import patterns, url, include + +urlpatterns = patterns('coip.apps.saml2.views', + url(r'^aq$',view='aq'), + url(r'^metadata$',view='metadata') +)
\ No newline at end of file diff --git a/coip/apps/saml2/views.py b/coip/apps/saml2/views.py new file mode 100644 index 0000000..497e219 --- /dev/null +++ b/coip/apps/saml2/views.py @@ -0,0 +1,61 @@ +''' +Created on Apr 2, 2012 + +@author: leifj +''' + +import re +from saml2 import server +from saml2 import saml +from saml2 import soap +import logging +from django.contrib.auth.models import User +from django.http import HttpResponse, HttpResponseBadRequest +from saml2.config import Config +from saml2.metadata import entity_descriptor +from coip.apps.saml2 import conf + +aa = server.Server("coip.apps.saml2.conf", log=logging, debug=1, stype="aa") + +def _aa_reply(aa, aq, user, sp_entityid): + consumer_url = aa.metadata.consumer_url(aq.issuer.text) + in_response_to = aq.id + name_id = aq.subject.name_id + + logging.info("name_id: %s" % name_id) + return aa.do_aa_response(in_response_to, + consumer_url, + sp_entityid, + identity=user, + name_id=name_id, + issuer=aa.conf.entityid) + +def metadata(request): + cnf = Config().load(conf.CONFIG, metadata_construction=True) + ed = entity_descriptor(cnf, 0) + return HttpResponse(content=ed,content_type="text/xml") + +def aq(request): + if request.method == 'POST': + global aa + request_xml = soap.parse_soap_enveloped_saml_attribute_query(request.raw_post_data) + logging.debug(request_xml) + (subject, attribute, aq) = aa.parse_attribute_query(request_xml,False) + sp_entityid = aq.issuer.text + + claims = {} + try: + logging.debug("Subject: %s" % subject.text) + user = User.objects.get(username=subject.text) + p = user.get_profile() + claims = {'uid': user.username,'displayName': p.display_name} + except Exception,exc: + logging.debug(exc) + pass + + aa_response = _aa_reply(aa, aq, claims, sp_entityid) + xml = soap.make_soap_enveloped_saml_thingy(aa_response) + logging.debug(xml) + return HttpResponse(content=xml, content_type="application/soap+xml") + else: + return HttpResponseBadRequest("<html><head><title>No</title></head><body><h1>Bad Request</h1><p>Go sell crazy someplace else, we're all stocked up here!</p></body></html>")
\ No newline at end of file diff --git a/coip/settings.py b/coip/settings.py index 7442f62..4f584b0 100644 --- a/coip/settings.py +++ b/coip/settings.py @@ -56,6 +56,9 @@ AUTH_PROFILE_MODULE = 'userprofile.UserProfile' # to load the internationalization machinery. USE_I18N = True +SAML_KEY = "/etc/ssl/private/ssl-cert-snakeoil.key" +SAML_CERT = "/etc/ssl/certs/ssl-cert-snakeoil.pem" + MEDIA_ROOT = "%s/site-media" % BASE_DIR ADMIN_MEDIA_ROOT = "%s/admin-media" % BASE_DIR MEDIA_URL = '/site-media/' @@ -116,7 +119,8 @@ INSTALLED_APPS = ( 'coip.apps.link', 'actstream', 'coip.apps.opensocial', - 'coip.apps.activitystreams' + 'coip.apps.activitystreams', + 'coip.apps.saml2' ) OAUTH_REALM_KEY_NAME = 'http://coip-test.sunet.se' diff --git a/coip/urls.py b/coip/urls.py index c2645de..353427f 100644 --- a/coip/urls.py +++ b/coip/urls.py @@ -72,5 +72,6 @@ urlpatterns = patterns('', (r'^api/activitystreams/', include('coip.apps.activitystreams.urls')), (r'^api/opensocial/', include('coip.apps.opensocial.urls')), (r'^api/hello/?', 'coip.apps.name.views.hello'), - (r'^oauth2/', include('django_oauth2_lite.urls')) + (r'^oauth2/', include('django_oauth2_lite.urls')), + (r'^saml2/', include('coip.apps.saml2.urls')) ) diff --git a/saml2/attributemaps/basic.py b/saml2/attributemaps/basic.py new file mode 100644 index 0000000..9311d54 --- /dev/null +++ b/saml2/attributemaps/basic.py @@ -0,0 +1,326 @@ + +MAP = { + "identifier": "urn:oasis:names:tc:SAML:2.0:attrname-format:basic", + "fro": { + 'urn:mace:dir:attribute-def:aRecord': 'aRecord', + 'urn:mace:dir:attribute-def:aliasedEntryName': 'aliasedEntryName', + 'urn:mace:dir:attribute-def:aliasedObjectName': 'aliasedObjectName', + 'urn:mace:dir:attribute-def:associatedDomain': 'associatedDomain', + 'urn:mace:dir:attribute-def:associatedName': 'associatedName', + 'urn:mace:dir:attribute-def:audio': 'audio', + 'urn:mace:dir:attribute-def:authorityRevocationList': 'authorityRevocationList', + 'urn:mace:dir:attribute-def:buildingName': 'buildingName', + 'urn:mace:dir:attribute-def:businessCategory': 'businessCategory', + 'urn:mace:dir:attribute-def:c': 'c', + 'urn:mace:dir:attribute-def:cACertificate': 'cACertificate', + 'urn:mace:dir:attribute-def:cNAMERecord': 'cNAMERecord', + 'urn:mace:dir:attribute-def:carLicense': 'carLicense', + 'urn:mace:dir:attribute-def:certificateRevocationList': 'certificateRevocationList', + 'urn:mace:dir:attribute-def:cn': 'cn', + 'urn:mace:dir:attribute-def:co': 'co', + 'urn:mace:dir:attribute-def:commonName': 'commonName', + 'urn:mace:dir:attribute-def:countryName': 'countryName', + 'urn:mace:dir:attribute-def:crossCertificatePair': 'crossCertificatePair', + 'urn:mace:dir:attribute-def:dITRedirect': 'dITRedirect', + 'urn:mace:dir:attribute-def:dSAQuality': 'dSAQuality', + 'urn:mace:dir:attribute-def:dc': 'dc', + 'urn:mace:dir:attribute-def:deltaRevocationList': 'deltaRevocationList', + 'urn:mace:dir:attribute-def:departmentNumber': 'departmentNumber', + 'urn:mace:dir:attribute-def:description': 'description', + 'urn:mace:dir:attribute-def:destinationIndicator': 'destinationIndicator', + 'urn:mace:dir:attribute-def:displayName': 'displayName', + 'urn:mace:dir:attribute-def:distinguishedName': 'distinguishedName', + 'urn:mace:dir:attribute-def:dmdName': 'dmdName', + 'urn:mace:dir:attribute-def:dnQualifier': 'dnQualifier', + 'urn:mace:dir:attribute-def:documentAuthor': 'documentAuthor', + 'urn:mace:dir:attribute-def:documentIdentifier': 'documentIdentifier', + 'urn:mace:dir:attribute-def:documentLocation': 'documentLocation', + 'urn:mace:dir:attribute-def:documentPublisher': 'documentPublisher', + 'urn:mace:dir:attribute-def:documentTitle': 'documentTitle', + 'urn:mace:dir:attribute-def:documentVersion': 'documentVersion', + 'urn:mace:dir:attribute-def:domainComponent': 'domainComponent', + 'urn:mace:dir:attribute-def:drink': 'drink', + 'urn:mace:dir:attribute-def:eduOrgHomePageURI': 'eduOrgHomePageURI', + 'urn:mace:dir:attribute-def:eduOrgIdentityAuthNPolicyURI': 'eduOrgIdentityAuthNPolicyURI', + 'urn:mace:dir:attribute-def:eduOrgLegalName': 'eduOrgLegalName', + 'urn:mace:dir:attribute-def:eduOrgSuperiorURI': 'eduOrgSuperiorURI', + 'urn:mace:dir:attribute-def:eduOrgWhitePagesURI': 'eduOrgWhitePagesURI', + 'urn:mace:dir:attribute-def:eduPersonAffiliation': 'eduPersonAffiliation', + 'urn:mace:dir:attribute-def:eduPersonEntitlement': 'eduPersonEntitlement', + 'urn:mace:dir:attribute-def:eduPersonNickname': 'eduPersonNickname', + 'urn:mace:dir:attribute-def:eduPersonOrgDN': 'eduPersonOrgDN', + 'urn:mace:dir:attribute-def:eduPersonOrgUnitDN': 'eduPersonOrgUnitDN', + 'urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation': 'eduPersonPrimaryAffiliation', + 'urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN': 'eduPersonPrimaryOrgUnitDN', + 'urn:mace:dir:attribute-def:eduPersonPrincipalName': 'eduPersonPrincipalName', + 'urn:mace:dir:attribute-def:eduPersonScopedAffiliation': 'eduPersonScopedAffiliation', + 'urn:mace:dir:attribute-def:eduPersonTargetedID': 'eduPersonTargetedID', + 'urn:mace:dir:attribute-def:email': 'email', + 'urn:mace:dir:attribute-def:emailAddress': 'emailAddress', + 'urn:mace:dir:attribute-def:employeeNumber': 'employeeNumber', + 'urn:mace:dir:attribute-def:employeeType': 'employeeType', + 'urn:mace:dir:attribute-def:enhancedSearchGuide': 'enhancedSearchGuide', + 'urn:mace:dir:attribute-def:facsimileTelephoneNumber': 'facsimileTelephoneNumber', + 'urn:mace:dir:attribute-def:favouriteDrink': 'favouriteDrink', + 'urn:mace:dir:attribute-def:fax': 'fax', + 'urn:mace:dir:attribute-def:federationFeideSchemaVersion': 'federationFeideSchemaVersion', + 'urn:mace:dir:attribute-def:friendlyCountryName': 'friendlyCountryName', + 'urn:mace:dir:attribute-def:generationQualifier': 'generationQualifier', + 'urn:mace:dir:attribute-def:givenName': 'givenName', + 'urn:mace:dir:attribute-def:gn': 'gn', + 'urn:mace:dir:attribute-def:homePhone': 'homePhone', + 'urn:mace:dir:attribute-def:homePostalAddress': 'homePostalAddress', + 'urn:mace:dir:attribute-def:homeTelephoneNumber': 'homeTelephoneNumber', + 'urn:mace:dir:attribute-def:host': 'host', + 'urn:mace:dir:attribute-def:houseIdentifier': 'houseIdentifier', + 'urn:mace:dir:attribute-def:info': 'info', + 'urn:mace:dir:attribute-def:initials': 'initials', + 'urn:mace:dir:attribute-def:internationaliSDNNumber': 'internationaliSDNNumber', + 'urn:mace:dir:attribute-def:janetMailbox': 'janetMailbox', + 'urn:mace:dir:attribute-def:jpegPhoto': 'jpegPhoto', + 'urn:mace:dir:attribute-def:knowledgeInformation': 'knowledgeInformation', + 'urn:mace:dir:attribute-def:l': 'l', + 'urn:mace:dir:attribute-def:labeledURI': 'labeledURI', + 'urn:mace:dir:attribute-def:localityName': 'localityName', + 'urn:mace:dir:attribute-def:mDRecord': 'mDRecord', + 'urn:mace:dir:attribute-def:mXRecord': 'mXRecord', + 'urn:mace:dir:attribute-def:mail': 'mail', + 'urn:mace:dir:attribute-def:mailPreferenceOption': 'mailPreferenceOption', + 'urn:mace:dir:attribute-def:manager': 'manager', + 'urn:mace:dir:attribute-def:member': 'member', + 'urn:mace:dir:attribute-def:mobile': 'mobile', + 'urn:mace:dir:attribute-def:mobileTelephoneNumber': 'mobileTelephoneNumber', + 'urn:mace:dir:attribute-def:nSRecord': 'nSRecord', + 'urn:mace:dir:attribute-def:name': 'name', + 'urn:mace:dir:attribute-def:norEduOrgAcronym': 'norEduOrgAcronym', + 'urn:mace:dir:attribute-def:norEduOrgNIN': 'norEduOrgNIN', + 'urn:mace:dir:attribute-def:norEduOrgSchemaVersion': 'norEduOrgSchemaVersion', + 'urn:mace:dir:attribute-def:norEduOrgUniqueIdentifier': 'norEduOrgUniqueIdentifier', + 'urn:mace:dir:attribute-def:norEduOrgUniqueNumber': 'norEduOrgUniqueNumber', + 'urn:mace:dir:attribute-def:norEduOrgUnitUniqueIdentifier': 'norEduOrgUnitUniqueIdentifier', + 'urn:mace:dir:attribute-def:norEduOrgUnitUniqueNumber': 'norEduOrgUnitUniqueNumber', + 'urn:mace:dir:attribute-def:norEduPersonBirthDate': 'norEduPersonBirthDate', + 'urn:mace:dir:attribute-def:norEduPersonLIN': 'norEduPersonLIN', + 'urn:mace:dir:attribute-def:norEduPersonNIN': 'norEduPersonNIN', + 'urn:mace:dir:attribute-def:o': 'o', + 'urn:mace:dir:attribute-def:objectClass': 'objectClass', + 'urn:mace:dir:attribute-def:organizationName': 'organizationName', + 'urn:mace:dir:attribute-def:organizationalStatus': 'organizationalStatus', + 'urn:mace:dir:attribute-def:organizationalUnitName': 'organizationalUnitName', + 'urn:mace:dir:attribute-def:otherMailbox': 'otherMailbox', + 'urn:mace:dir:attribute-def:ou': 'ou', + 'urn:mace:dir:attribute-def:owner': 'owner', + 'urn:mace:dir:attribute-def:pager': 'pager', + 'urn:mace:dir:attribute-def:pagerTelephoneNumber': 'pagerTelephoneNumber', + 'urn:mace:dir:attribute-def:personalSignature': 'personalSignature', + 'urn:mace:dir:attribute-def:personalTitle': 'personalTitle', + 'urn:mace:dir:attribute-def:photo': 'photo', + 'urn:mace:dir:attribute-def:physicalDeliveryOfficeName': 'physicalDeliveryOfficeName', + 'urn:mace:dir:attribute-def:pkcs9email': 'pkcs9email', + 'urn:mace:dir:attribute-def:postOfficeBox': 'postOfficeBox', + 'urn:mace:dir:attribute-def:postalAddress': 'postalAddress', + 'urn:mace:dir:attribute-def:postalCode': 'postalCode', + 'urn:mace:dir:attribute-def:preferredDeliveryMethod': 'preferredDeliveryMethod', + 'urn:mace:dir:attribute-def:preferredLanguage': 'preferredLanguage', + 'urn:mace:dir:attribute-def:presentationAddress': 'presentationAddress', + 'urn:mace:dir:attribute-def:protocolInformation': 'protocolInformation', + 'urn:mace:dir:attribute-def:pseudonym': 'pseudonym', + 'urn:mace:dir:attribute-def:registeredAddress': 'registeredAddress', + 'urn:mace:dir:attribute-def:rfc822Mailbox': 'rfc822Mailbox', + 'urn:mace:dir:attribute-def:roleOccupant': 'roleOccupant', + 'urn:mace:dir:attribute-def:roomNumber': 'roomNumber', + 'urn:mace:dir:attribute-def:sOARecord': 'sOARecord', + 'urn:mace:dir:attribute-def:searchGuide': 'searchGuide', + 'urn:mace:dir:attribute-def:secretary': 'secretary', + 'urn:mace:dir:attribute-def:seeAlso': 'seeAlso', + 'urn:mace:dir:attribute-def:serialNumber': 'serialNumber', + 'urn:mace:dir:attribute-def:singleLevelQuality': 'singleLevelQuality', + 'urn:mace:dir:attribute-def:sn': 'sn', + 'urn:mace:dir:attribute-def:st': 'st', + 'urn:mace:dir:attribute-def:stateOrProvinceName': 'stateOrProvinceName', + 'urn:mace:dir:attribute-def:street': 'street', + 'urn:mace:dir:attribute-def:streetAddress': 'streetAddress', + 'urn:mace:dir:attribute-def:subtreeMaximumQuality': 'subtreeMaximumQuality', + 'urn:mace:dir:attribute-def:subtreeMinimumQuality': 'subtreeMinimumQuality', + 'urn:mace:dir:attribute-def:supportedAlgorithms': 'supportedAlgorithms', + 'urn:mace:dir:attribute-def:supportedApplicationContext': 'supportedApplicationContext', + 'urn:mace:dir:attribute-def:surname': 'surname', + 'urn:mace:dir:attribute-def:telephoneNumber': 'telephoneNumber', + 'urn:mace:dir:attribute-def:teletexTerminalIdentifier': 'teletexTerminalIdentifier', + 'urn:mace:dir:attribute-def:telexNumber': 'telexNumber', + 'urn:mace:dir:attribute-def:textEncodedORAddress': 'textEncodedORAddress', + 'urn:mace:dir:attribute-def:title': 'title', + 'urn:mace:dir:attribute-def:uid': 'uid', + 'urn:mace:dir:attribute-def:uniqueIdentifier': 'uniqueIdentifier', + 'urn:mace:dir:attribute-def:uniqueMember': 'uniqueMember', + 'urn:mace:dir:attribute-def:userCertificate': 'userCertificate', + 'urn:mace:dir:attribute-def:userClass': 'userClass', + 'urn:mace:dir:attribute-def:userPKCS12': 'userPKCS12', + 'urn:mace:dir:attribute-def:userPassword': 'userPassword', + 'urn:mace:dir:attribute-def:userSMIMECertificate': 'userSMIMECertificate', + 'urn:mace:dir:attribute-def:userid': 'userid', + 'urn:mace:dir:attribute-def:x121Address': 'x121Address', + 'urn:mace:dir:attribute-def:x500UniqueIdentifier': 'x500UniqueIdentifier', + }, + "to": { + 'aRecord': 'urn:mace:dir:attribute-def:aRecord', + 'aliasedEntryName': 'urn:mace:dir:attribute-def:aliasedEntryName', + 'aliasedObjectName': 'urn:mace:dir:attribute-def:aliasedObjectName', + 'associatedDomain': 'urn:mace:dir:attribute-def:associatedDomain', + 'associatedName': 'urn:mace:dir:attribute-def:associatedName', + 'audio': 'urn:mace:dir:attribute-def:audio', + 'authorityRevocationList': 'urn:mace:dir:attribute-def:authorityRevocationList', + 'buildingName': 'urn:mace:dir:attribute-def:buildingName', + 'businessCategory': 'urn:mace:dir:attribute-def:businessCategory', + 'c': 'urn:mace:dir:attribute-def:c', + 'cACertificate': 'urn:mace:dir:attribute-def:cACertificate', + 'cNAMERecord': 'urn:mace:dir:attribute-def:cNAMERecord', + 'carLicense': 'urn:mace:dir:attribute-def:carLicense', + 'certificateRevocationList': 'urn:mace:dir:attribute-def:certificateRevocationList', + 'cn': 'urn:mace:dir:attribute-def:cn', + 'co': 'urn:mace:dir:attribute-def:co', + 'commonName': 'urn:mace:dir:attribute-def:commonName', + 'countryName': 'urn:mace:dir:attribute-def:countryName', + 'crossCertificatePair': 'urn:mace:dir:attribute-def:crossCertificatePair', + 'dITRedirect': 'urn:mace:dir:attribute-def:dITRedirect', + 'dSAQuality': 'urn:mace:dir:attribute-def:dSAQuality', + 'dc': 'urn:mace:dir:attribute-def:dc', + 'deltaRevocationList': 'urn:mace:dir:attribute-def:deltaRevocationList', + 'departmentNumber': 'urn:mace:dir:attribute-def:departmentNumber', + 'description': 'urn:mace:dir:attribute-def:description', + 'destinationIndicator': 'urn:mace:dir:attribute-def:destinationIndicator', + 'displayName': 'urn:mace:dir:attribute-def:displayName', + 'distinguishedName': 'urn:mace:dir:attribute-def:distinguishedName', + 'dmdName': 'urn:mace:dir:attribute-def:dmdName', + 'dnQualifier': 'urn:mace:dir:attribute-def:dnQualifier', + 'documentAuthor': 'urn:mace:dir:attribute-def:documentAuthor', + 'documentIdentifier': 'urn:mace:dir:attribute-def:documentIdentifier', + 'documentLocation': 'urn:mace:dir:attribute-def:documentLocation', + 'documentPublisher': 'urn:mace:dir:attribute-def:documentPublisher', + 'documentTitle': 'urn:mace:dir:attribute-def:documentTitle', + 'documentVersion': 'urn:mace:dir:attribute-def:documentVersion', + 'domainComponent': 'urn:mace:dir:attribute-def:domainComponent', + 'drink': 'urn:mace:dir:attribute-def:drink', + 'eduOrgHomePageURI': 'urn:mace:dir:attribute-def:eduOrgHomePageURI', + 'eduOrgIdentityAuthNPolicyURI': 'urn:mace:dir:attribute-def:eduOrgIdentityAuthNPolicyURI', + 'eduOrgLegalName': 'urn:mace:dir:attribute-def:eduOrgLegalName', + 'eduOrgSuperiorURI': 'urn:mace:dir:attribute-def:eduOrgSuperiorURI', + 'eduOrgWhitePagesURI': 'urn:mace:dir:attribute-def:eduOrgWhitePagesURI', + 'eduPersonAffiliation': 'urn:mace:dir:attribute-def:eduPersonAffiliation', + 'eduPersonEntitlement': 'urn:mace:dir:attribute-def:eduPersonEntitlement', + 'eduPersonNickname': 'urn:mace:dir:attribute-def:eduPersonNickname', + 'eduPersonOrgDN': 'urn:mace:dir:attribute-def:eduPersonOrgDN', + 'eduPersonOrgUnitDN': 'urn:mace:dir:attribute-def:eduPersonOrgUnitDN', + 'eduPersonPrimaryAffiliation': 'urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation', + 'eduPersonPrimaryOrgUnitDN': 'urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN', + 'eduPersonPrincipalName': 'urn:mace:dir:attribute-def:eduPersonPrincipalName', + 'eduPersonScopedAffiliation': 'urn:mace:dir:attribute-def:eduPersonScopedAffiliation', + 'eduPersonTargetedID': 'urn:mace:dir:attribute-def:eduPersonTargetedID', + 'email': 'urn:mace:dir:attribute-def:email', + 'emailAddress': 'urn:mace:dir:attribute-def:emailAddress', + 'employeeNumber': 'urn:mace:dir:attribute-def:employeeNumber', + 'employeeType': 'urn:mace:dir:attribute-def:employeeType', + 'enhancedSearchGuide': 'urn:mace:dir:attribute-def:enhancedSearchGuide', + 'facsimileTelephoneNumber': 'urn:mace:dir:attribute-def:facsimileTelephoneNumber', + 'favouriteDrink': 'urn:mace:dir:attribute-def:favouriteDrink', + 'fax': 'urn:mace:dir:attribute-def:fax', + 'federationFeideSchemaVersion': 'urn:mace:dir:attribute-def:federationFeideSchemaVersion', + 'friendlyCountryName': 'urn:mace:dir:attribute-def:friendlyCountryName', + 'generationQualifier': 'urn:mace:dir:attribute-def:generationQualifier', + 'givenName': 'urn:mace:dir:attribute-def:givenName', + 'gn': 'urn:mace:dir:attribute-def:gn', + 'homePhone': 'urn:mace:dir:attribute-def:homePhone', + 'homePostalAddress': 'urn:mace:dir:attribute-def:homePostalAddress', + 'homeTelephoneNumber': 'urn:mace:dir:attribute-def:homeTelephoneNumber', + 'host': 'urn:mace:dir:attribute-def:host', + 'houseIdentifier': 'urn:mace:dir:attribute-def:houseIdentifier', + 'info': 'urn:mace:dir:attribute-def:info', + 'initials': 'urn:mace:dir:attribute-def:initials', + 'internationaliSDNNumber': 'urn:mace:dir:attribute-def:internationaliSDNNumber', + 'janetMailbox': 'urn:mace:dir:attribute-def:janetMailbox', + 'jpegPhoto': 'urn:mace:dir:attribute-def:jpegPhoto', + 'knowledgeInformation': 'urn:mace:dir:attribute-def:knowledgeInformation', + 'l': 'urn:mace:dir:attribute-def:l', + 'labeledURI': 'urn:mace:dir:attribute-def:labeledURI', + 'localityName': 'urn:mace:dir:attribute-def:localityName', + 'mDRecord': 'urn:mace:dir:attribute-def:mDRecord', + 'mXRecord': 'urn:mace:dir:attribute-def:mXRecord', + 'mail': 'urn:mace:dir:attribute-def:mail', + 'mailPreferenceOption': 'urn:mace:dir:attribute-def:mailPreferenceOption', + 'manager': 'urn:mace:dir:attribute-def:manager', + 'member': 'urn:mace:dir:attribute-def:member', + 'mobile': 'urn:mace:dir:attribute-def:mobile', + 'mobileTelephoneNumber': 'urn:mace:dir:attribute-def:mobileTelephoneNumber', + 'nSRecord': 'urn:mace:dir:attribute-def:nSRecord', + 'name': 'urn:mace:dir:attribute-def:name', + 'norEduOrgAcronym': 'urn:mace:dir:attribute-def:norEduOrgAcronym', + 'norEduOrgNIN': 'urn:mace:dir:attribute-def:norEduOrgNIN', + 'norEduOrgSchemaVersion': 'urn:mace:dir:attribute-def:norEduOrgSchemaVersion', + 'norEduOrgUniqueIdentifier': 'urn:mace:dir:attribute-def:norEduOrgUniqueIdentifier', + 'norEduOrgUniqueNumber': 'urn:mace:dir:attribute-def:norEduOrgUniqueNumber', + 'norEduOrgUnitUniqueIdentifier': 'urn:mace:dir:attribute-def:norEduOrgUnitUniqueIdentifier', + 'norEduOrgUnitUniqueNumber': 'urn:mace:dir:attribute-def:norEduOrgUnitUniqueNumber', + 'norEduPersonBirthDate': 'urn:mace:dir:attribute-def:norEduPersonBirthDate', + 'norEduPersonLIN': 'urn:mace:dir:attribute-def:norEduPersonLIN', + 'norEduPersonNIN': 'urn:mace:dir:attribute-def:norEduPersonNIN', + 'o': 'urn:mace:dir:attribute-def:o', + 'objectClass': 'urn:mace:dir:attribute-def:objectClass', + 'organizationName': 'urn:mace:dir:attribute-def:organizationName', + 'organizationalStatus': 'urn:mace:dir:attribute-def:organizationalStatus', + 'organizationalUnitName': 'urn:mace:dir:attribute-def:organizationalUnitName', + 'otherMailbox': 'urn:mace:dir:attribute-def:otherMailbox', + 'ou': 'urn:mace:dir:attribute-def:ou', + 'owner': 'urn:mace:dir:attribute-def:owner', + 'pager': 'urn:mace:dir:attribute-def:pager', + 'pagerTelephoneNumber': 'urn:mace:dir:attribute-def:pagerTelephoneNumber', + 'personalSignature': 'urn:mace:dir:attribute-def:personalSignature', + 'personalTitle': 'urn:mace:dir:attribute-def:personalTitle', + 'photo': 'urn:mace:dir:attribute-def:photo', + 'physicalDeliveryOfficeName': 'urn:mace:dir:attribute-def:physicalDeliveryOfficeName', + 'pkcs9email': 'urn:mace:dir:attribute-def:pkcs9email', + 'postOfficeBox': 'urn:mace:dir:attribute-def:postOfficeBox', + 'postalAddress': 'urn:mace:dir:attribute-def:postalAddress', + 'postalCode': 'urn:mace:dir:attribute-def:postalCode', + 'preferredDeliveryMethod': 'urn:mace:dir:attribute-def:preferredDeliveryMethod', + 'preferredLanguage': 'urn:mace:dir:attribute-def:preferredLanguage', + 'presentationAddress': 'urn:mace:dir:attribute-def:presentationAddress', + 'protocolInformation': 'urn:mace:dir:attribute-def:protocolInformation', + 'pseudonym': 'urn:mace:dir:attribute-def:pseudonym', + 'registeredAddress': 'urn:mace:dir:attribute-def:registeredAddress', + 'rfc822Mailbox': 'urn:mace:dir:attribute-def:rfc822Mailbox', + 'roleOccupant': 'urn:mace:dir:attribute-def:roleOccupant', + 'roomNumber': 'urn:mace:dir:attribute-def:roomNumber', + 'sOARecord': 'urn:mace:dir:attribute-def:sOARecord', + 'searchGuide': 'urn:mace:dir:attribute-def:searchGuide', + 'secretary': 'urn:mace:dir:attribute-def:secretary', + 'seeAlso': 'urn:mace:dir:attribute-def:seeAlso', + 'serialNumber': 'urn:mace:dir:attribute-def:serialNumber', + 'singleLevelQuality': 'urn:mace:dir:attribute-def:singleLevelQuality', + 'sn': 'urn:mace:dir:attribute-def:sn', + 'st': 'urn:mace:dir:attribute-def:st', + 'stateOrProvinceName': 'urn:mace:dir:attribute-def:stateOrProvinceName', + 'street': 'urn:mace:dir:attribute-def:street', + 'streetAddress': 'urn:mace:dir:attribute-def:streetAddress', + 'subtreeMaximumQuality': 'urn:mace:dir:attribute-def:subtreeMaximumQuality', + 'subtreeMinimumQuality': 'urn:mace:dir:attribute-def:subtreeMinimumQuality', + 'supportedAlgorithms': 'urn:mace:dir:attribute-def:supportedAlgorithms', + 'supportedApplicationContext': 'urn:mace:dir:attribute-def:supportedApplicationContext', + 'surname': 'urn:mace:dir:attribute-def:surname', + 'telephoneNumber': 'urn:mace:dir:attribute-def:telephoneNumber', + 'teletexTerminalIdentifier': 'urn:mace:dir:attribute-def:teletexTerminalIdentifier', + 'telexNumber': 'urn:mace:dir:attribute-def:telexNumber', + 'textEncodedORAddress': 'urn:mace:dir:attribute-def:textEncodedORAddress', + 'title': 'urn:mace:dir:attribute-def:title', + 'uid': 'urn:mace:dir:attribute-def:uid', + 'uniqueIdentifier': 'urn:mace:dir:attribute-def:uniqueIdentifier', + 'uniqueMember': 'urn:mace:dir:attribute-def:uniqueMember', + 'userCertificate': 'urn:mace:dir:attribute-def:userCertificate', + 'userClass': 'urn:mace:dir:attribute-def:userClass', + 'userPKCS12': 'urn:mace:dir:attribute-def:userPKCS12', + 'userPassword': 'urn:mace:dir:attribute-def:userPassword', + 'userSMIMECertificate': 'urn:mace:dir:attribute-def:userSMIMECertificate', + 'userid': 'urn:mace:dir:attribute-def:userid', + 'x121Address': 'urn:mace:dir:attribute-def:x121Address', + 'x500UniqueIdentifier': 'urn:mace:dir:attribute-def:x500UniqueIdentifier', + } +}
\ No newline at end of file diff --git a/saml2/attributemaps/saml_uri.py b/saml2/attributemaps/saml_uri.py new file mode 100644 index 0000000..1c9d373 --- /dev/null +++ b/saml2/attributemaps/saml_uri.py @@ -0,0 +1,199 @@ +__author__ = 'rolandh' + +EDUPERSON_OID = "urn:oid:1.3.6.1.4.1.5923.1.1.1." +X500ATTR_OID = "urn:oid:2.5.4." +NOREDUPERSON_OID = "urn:oid:1.3.6.1.4.1.2428.90.1." +NETSCAPE_LDAP = "urn:oid:2.16.840.1.113730.3.1." +UCL_DIR_PILOT = 'urn:oid:0.9.2342.19200300.100.1.' +PKCS_9 = "urn:oid:1.2.840.113549.1.9.1." +UMICH = "urn:oid:1.3.6.1.4.1.250.1.57." + +MAP = { + "identifier": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", + "fro": { + EDUPERSON_OID+'2': 'eduPersonNickname', + EDUPERSON_OID+'9': 'eduPersonScopedAffiliation', + EDUPERSON_OID+'11': 'eduPersonAssurance', + EDUPERSON_OID+'10': 'eduPersonTargetedID', + EDUPERSON_OID+'4': 'eduPersonOrgUnitDN', + NOREDUPERSON_OID+'6': 'norEduOrgAcronym', + NOREDUPERSON_OID+'7': 'norEduOrgUniqueIdentifier', + NOREDUPERSON_OID+'4': 'norEduPersonLIN', + EDUPERSON_OID+'1': 'eduPersonAffiliation', + NOREDUPERSON_OID+'2': 'norEduOrgUnitUniqueNumber', + NETSCAPE_LDAP+'40': 'userSMIMECertificate', + NOREDUPERSON_OID+'1': 'norEduOrgUniqueNumber', + NETSCAPE_LDAP+'241': 'displayName', + UCL_DIR_PILOT+'37': 'associatedDomain', + EDUPERSON_OID+'6': 'eduPersonPrincipalName', + NOREDUPERSON_OID+'8': 'norEduOrgUnitUniqueIdentifier', + NOREDUPERSON_OID+'9': 'federationFeideSchemaVersion', + X500ATTR_OID+'53': 'deltaRevocationList', + X500ATTR_OID+'52': 'supportedAlgorithms', + X500ATTR_OID+'51': 'houseIdentifier', + X500ATTR_OID+'50': 'uniqueMember', + X500ATTR_OID+'19': 'physicalDeliveryOfficeName', + X500ATTR_OID+'18': 'postOfficeBox', + X500ATTR_OID+'17': 'postalCode', + X500ATTR_OID+'16': 'postalAddress', + X500ATTR_OID+'15': 'businessCategory', + X500ATTR_OID+'14': 'searchGuide', + EDUPERSON_OID+'5': 'eduPersonPrimaryAffiliation', + X500ATTR_OID+'12': 'title', + X500ATTR_OID+'11': 'ou', + X500ATTR_OID+'10': 'o', + X500ATTR_OID+'37': 'cACertificate', + X500ATTR_OID+'36': 'userCertificate', + X500ATTR_OID+'31': 'member', + X500ATTR_OID+'30': 'supportedApplicationContext', + X500ATTR_OID+'33': 'roleOccupant', + X500ATTR_OID+'32': 'owner', + NETSCAPE_LDAP+'1': 'carLicense', + PKCS_9+'1': 'email', + NETSCAPE_LDAP+'3': 'employeeNumber', + NETSCAPE_LDAP+'2': 'departmentNumber', + X500ATTR_OID+'39': 'certificateRevocationList', + X500ATTR_OID+'38': 'authorityRevocationList', + NETSCAPE_LDAP+'216': 'userPKCS12', + EDUPERSON_OID+'8': 'eduPersonPrimaryOrgUnitDN', + X500ATTR_OID+'9': 'street', + X500ATTR_OID+'8': 'st', + NETSCAPE_LDAP+'39': 'preferredLanguage', + EDUPERSON_OID+'7': 'eduPersonEntitlement', + X500ATTR_OID+'2': 'knowledgeInformation', + X500ATTR_OID+'7': 'l', + X500ATTR_OID+'6': 'c', + X500ATTR_OID+'5': 'serialNumber', + X500ATTR_OID+'4': 'sn', + UCL_DIR_PILOT+'60': 'jpegPhoto', + X500ATTR_OID+'65': 'pseudonym', + NOREDUPERSON_OID+'5': 'norEduPersonNIN', + UCL_DIR_PILOT+'3': 'mail', + UCL_DIR_PILOT+'25': 'dc', + X500ATTR_OID+'40': 'crossCertificatePair', + X500ATTR_OID+'42': 'givenName', + X500ATTR_OID+'43': 'initials', + X500ATTR_OID+'44': 'generationQualifier', + X500ATTR_OID+'45': 'x500UniqueIdentifier', + X500ATTR_OID+'46': 'dnQualifier', + X500ATTR_OID+'47': 'enhancedSearchGuide', + X500ATTR_OID+'48': 'protocolInformation', + X500ATTR_OID+'54': 'dmdName', + NETSCAPE_LDAP+'4': 'employeeType', + X500ATTR_OID+'22': 'teletexTerminalIdentifier', + X500ATTR_OID+'23': 'facsimileTelephoneNumber', + X500ATTR_OID+'20': 'telephoneNumber', + X500ATTR_OID+'21': 'telexNumber', + X500ATTR_OID+'26': 'registeredAddress', + X500ATTR_OID+'27': 'destinationIndicator', + X500ATTR_OID+'24': 'x121Address', + X500ATTR_OID+'25': 'internationaliSDNNumber', + X500ATTR_OID+'28': 'preferredDeliveryMethod', + X500ATTR_OID+'29': 'presentationAddress', + EDUPERSON_OID+'3': 'eduPersonOrgDN', + NOREDUPERSON_OID+'3': 'norEduPersonBirthDate', + UMICH+'57': 'labeledURI', + UCL_DIR_PILOT+'1': 'uid', + }, + "to": { + 'roleOccupant': X500ATTR_OID+'33', + 'gn': X500ATTR_OID+'42', + 'norEduPersonNIN': NOREDUPERSON_OID+'5', + 'title': X500ATTR_OID+'12', + 'facsimileTelephoneNumber': X500ATTR_OID+'23', + 'mail': UCL_DIR_PILOT+'3', + 'postOfficeBox': X500ATTR_OID+'18', + 'fax': X500ATTR_OID+'23', + 'telephoneNumber': X500ATTR_OID+'20', + 'norEduPersonBirthDate': NOREDUPERSON_OID+'3', + 'rfc822Mailbox': UCL_DIR_PILOT+'3', + 'dc': UCL_DIR_PILOT+'25', + 'countryName': X500ATTR_OID+'6', + 'emailAddress': PKCS_9+'1', + 'employeeNumber': NETSCAPE_LDAP+'3', + 'organizationName': X500ATTR_OID+'10', + 'eduPersonAssurance': EDUPERSON_OID+'11', + 'norEduOrgAcronym': NOREDUPERSON_OID+'6', + 'registeredAddress': X500ATTR_OID+'26', + 'physicalDeliveryOfficeName': X500ATTR_OID+'19', + 'associatedDomain': UCL_DIR_PILOT+'37', + 'l': X500ATTR_OID+'7', + 'stateOrProvinceName': X500ATTR_OID+'8', + 'federationFeideSchemaVersion': NOREDUPERSON_OID+'9', + 'pkcs9email': PKCS_9+'1', + 'givenName': X500ATTR_OID+'42', + 'givenname': X500ATTR_OID+'42', + 'x500UniqueIdentifier': X500ATTR_OID+'45', + 'eduPersonNickname': EDUPERSON_OID+'2', + 'houseIdentifier': X500ATTR_OID+'51', + 'street': X500ATTR_OID+'9', + 'supportedAlgorithms': X500ATTR_OID+'52', + 'preferredLanguage': NETSCAPE_LDAP+'39', + 'postalAddress': X500ATTR_OID+'16', + 'email': PKCS_9+'1', + 'norEduOrgUnitUniqueIdentifier': NOREDUPERSON_OID+'8', + 'eduPersonPrimaryOrgUnitDN': EDUPERSON_OID+'8', + 'c': X500ATTR_OID+'6', + 'teletexTerminalIdentifier': X500ATTR_OID+'22', + 'o': X500ATTR_OID+'10', + 'cACertificate': X500ATTR_OID+'37', + 'telexNumber': X500ATTR_OID+'21', + 'ou': X500ATTR_OID+'11', + 'initials': X500ATTR_OID+'43', + 'eduPersonOrgUnitDN': EDUPERSON_OID+'4', + 'deltaRevocationList': X500ATTR_OID+'53', + 'norEduPersonLIN': NOREDUPERSON_OID+'4', + 'supportedApplicationContext': X500ATTR_OID+'30', + 'eduPersonEntitlement': EDUPERSON_OID+'7', + 'generationQualifier': X500ATTR_OID+'44', + 'eduPersonAffiliation': EDUPERSON_OID+'1', + 'eduPersonPrincipalName': EDUPERSON_OID+'6', + 'edupersonprincipalname': EDUPERSON_OID+'6', + 'localityName': X500ATTR_OID+'7', + 'owner': X500ATTR_OID+'32', + 'norEduOrgUnitUniqueNumber': NOREDUPERSON_OID+'2', + 'searchGuide': X500ATTR_OID+'14', + 'certificateRevocationList': X500ATTR_OID+'39', + 'organizationalUnitName': X500ATTR_OID+'11', + 'userCertificate': X500ATTR_OID+'36', + 'preferredDeliveryMethod': X500ATTR_OID+'28', + 'internationaliSDNNumber': X500ATTR_OID+'25', + 'uniqueMember': X500ATTR_OID+'50', + 'departmentNumber': NETSCAPE_LDAP+'2', + 'enhancedSearchGuide': X500ATTR_OID+'47', + 'userPKCS12': NETSCAPE_LDAP+'216', + 'eduPersonTargetedID': EDUPERSON_OID+'10', + 'norEduOrgUniqueNumber': NOREDUPERSON_OID+'1', + 'x121Address': X500ATTR_OID+'24', + 'destinationIndicator': X500ATTR_OID+'27', + 'eduPersonPrimaryAffiliation': EDUPERSON_OID+'5', + 'surname': X500ATTR_OID+'4', + 'jpegPhoto': UCL_DIR_PILOT+'60', + 'eduPersonScopedAffiliation': EDUPERSON_OID+'9', + 'edupersonscopedaffiliation': EDUPERSON_OID+'9', + 'protocolInformation': X500ATTR_OID+'48', + 'knowledgeInformation': X500ATTR_OID+'2', + 'employeeType': NETSCAPE_LDAP+'4', + 'userSMIMECertificate': NETSCAPE_LDAP+'40', + 'member': X500ATTR_OID+'31', + 'streetAddress': X500ATTR_OID+'9', + 'dmdName': X500ATTR_OID+'54', + 'postalCode': X500ATTR_OID+'17', + 'pseudonym': X500ATTR_OID+'65', + 'dnQualifier': X500ATTR_OID+'46', + 'crossCertificatePair': X500ATTR_OID+'40', + 'eduPersonOrgDN': EDUPERSON_OID+'3', + 'authorityRevocationList': X500ATTR_OID+'38', + 'displayName': NETSCAPE_LDAP+'241', + 'businessCategory': X500ATTR_OID+'15', + 'serialNumber': X500ATTR_OID+'5', + 'norEduOrgUniqueIdentifier': NOREDUPERSON_OID+'7', + 'st': X500ATTR_OID+'8', + 'carLicense': NETSCAPE_LDAP+'1', + 'presentationAddress': X500ATTR_OID+'29', + 'sn': X500ATTR_OID+'4', + 'domainComponent': UCL_DIR_PILOT+'25', + 'labeledURI': UMICH+'57', + 'uid': UCL_DIR_PILOT+'1' + } +}
\ No newline at end of file diff --git a/saml2/attributemaps/shibboleth_uri.py b/saml2/attributemaps/shibboleth_uri.py new file mode 100644 index 0000000..d26bf00 --- /dev/null +++ b/saml2/attributemaps/shibboleth_uri.py @@ -0,0 +1,190 @@ +EDUPERSON_OID = "urn:oid:1.3.6.1.4.1.5923.1.1.1." +X500ATTR = "urn:oid:2.5.4." +NOREDUPERSON_OID = "urn:oid:1.3.6.1.4.1.2428.90.1." +NETSCAPE_LDAP = "urn:oid:2.16.840.1.113730.3.1." +UCL_DIR_PILOT = "urn:oid:0.9.2342.19200300.100.1." +PKCS_9 = "urn:oid:1.2.840.113549.1.9." +UMICH = "urn:oid:1.3.6.1.4.1.250.1.57." + +MAP = { + "identifier": "urn:mace:shibboleth:1.0:attributeNamespace:uri", + "fro": { + EDUPERSON_OID+'2': 'eduPersonNickname', + EDUPERSON_OID+'9': 'eduPersonScopedAffiliation', + EDUPERSON_OID+'11': 'eduPersonAssurance', + EDUPERSON_OID+'10': 'eduPersonTargetedID', + EDUPERSON_OID+'4': 'eduPersonOrgUnitDN', + NOREDUPERSON_OID+'6': 'norEduOrgAcronym', + NOREDUPERSON_OID+'7': 'norEduOrgUniqueIdentifier', + NOREDUPERSON_OID+'4': 'norEduPersonLIN', + EDUPERSON_OID+'1': 'eduPersonAffiliation', + NOREDUPERSON_OID+'2': 'norEduOrgUnitUniqueNumber', + NETSCAPE_LDAP+'40': 'userSMIMECertificate', + NOREDUPERSON_OID+'1': 'norEduOrgUniqueNumber', + NETSCAPE_LDAP+'241': 'displayName', + UCL_DIR_PILOT+'37': 'associatedDomain', + EDUPERSON_OID+'6': 'eduPersonPrincipalName', + NOREDUPERSON_OID+'8': 'norEduOrgUnitUniqueIdentifier', + NOREDUPERSON_OID+'9': 'federationFeideSchemaVersion', + X500ATTR+'53': 'deltaRevocationList', + X500ATTR+'52': 'supportedAlgorithms', + X500ATTR+'51': 'houseIdentifier', + X500ATTR+'50': 'uniqueMember', + X500ATTR+'19': 'physicalDeliveryOfficeName', + X500ATTR+'18': 'postOfficeBox', + X500ATTR+'17': 'postalCode', + X500ATTR+'16': 'postalAddress', + X500ATTR+'15': 'businessCategory', + X500ATTR+'14': 'searchGuide', + EDUPERSON_OID+'5': 'eduPersonPrimaryAffiliation', + X500ATTR+'12': 'title', + X500ATTR+'11': 'ou', + X500ATTR+'10': 'o', + X500ATTR+'37': 'cACertificate', + X500ATTR+'36': 'userCertificate', + X500ATTR+'31': 'member', + X500ATTR+'30': 'supportedApplicationContext', + X500ATTR+'33': 'roleOccupant', + X500ATTR+'32': 'owner', + NETSCAPE_LDAP+'1': 'carLicense', + PKCS_9+'1': 'email', + NETSCAPE_LDAP+'3': 'employeeNumber', + NETSCAPE_LDAP+'2': 'departmentNumber', + X500ATTR+'39': 'certificateRevocationList', + X500ATTR+'38': 'authorityRevocationList', + NETSCAPE_LDAP+'216': 'userPKCS12', + EDUPERSON_OID+'8': 'eduPersonPrimaryOrgUnitDN', + X500ATTR+'9': 'street', + X500ATTR+'8': 'st', + NETSCAPE_LDAP+'39': 'preferredLanguage', + EDUPERSON_OID+'7': 'eduPersonEntitlement', + X500ATTR+'2': 'knowledgeInformation', + X500ATTR+'7': 'l', + X500ATTR+'6': 'c', + X500ATTR+'5': 'serialNumber', + X500ATTR+'4': 'sn', + UCL_DIR_PILOT+'60': 'jpegPhoto', + X500ATTR+'65': 'pseudonym', + NOREDUPERSON_OID+'5': 'norEduPersonNIN', + UCL_DIR_PILOT+'3': 'mail', + UCL_DIR_PILOT+'25': 'dc', + X500ATTR+'40': 'crossCertificatePair', + X500ATTR+'42': 'givenName', + X500ATTR+'43': 'initials', + X500ATTR+'44': 'generationQualifier', + X500ATTR+'45': 'x500UniqueIdentifier', + X500ATTR+'46': 'dnQualifier', + X500ATTR+'47': 'enhancedSearchGuide', + X500ATTR+'48': 'protocolInformation', + X500ATTR+'54': 'dmdName', + NETSCAPE_LDAP+'4': 'employeeType', + X500ATTR+'22': 'teletexTerminalIdentifier', + X500ATTR+'23': 'facsimileTelephoneNumber', + X500ATTR+'20': 'telephoneNumber', + X500ATTR+'21': 'telexNumber', + X500ATTR+'26': 'registeredAddress', + X500ATTR+'27': 'destinationIndicator', + X500ATTR+'24': 'x121Address', + X500ATTR+'25': 'internationaliSDNNumber', + X500ATTR+'28': 'preferredDeliveryMethod', + X500ATTR+'29': 'presentationAddress', + EDUPERSON_OID+'3': 'eduPersonOrgDN', + NOREDUPERSON_OID+'3': 'norEduPersonBirthDate', + }, + "to":{ + 'roleOccupant': X500ATTR+'33', + 'gn': X500ATTR+'42', + 'norEduPersonNIN': NOREDUPERSON_OID+'5', + 'title': X500ATTR+'12', + 'facsimileTelephoneNumber': X500ATTR+'23', + 'mail': UCL_DIR_PILOT+'3', + 'postOfficeBox': X500ATTR+'18', + 'fax': X500ATTR+'23', + 'telephoneNumber': X500ATTR+'20', + 'norEduPersonBirthDate': NOREDUPERSON_OID+'3', + 'rfc822Mailbox': UCL_DIR_PILOT+'3', + 'dc': UCL_DIR_PILOT+'25', + 'countryName': X500ATTR+'6', + 'emailAddress': PKCS_9+'1', + 'employeeNumber': NETSCAPE_LDAP+'3', + 'organizationName': X500ATTR+'10', + 'eduPersonAssurance': EDUPERSON_OID+'11', + 'norEduOrgAcronym': NOREDUPERSON_OID+'6', + 'registeredAddress': X500ATTR+'26', + 'physicalDeliveryOfficeName': X500ATTR+'19', + 'associatedDomain': UCL_DIR_PILOT+'37', + 'l': X500ATTR+'7', + 'stateOrProvinceName': X500ATTR+'8', + 'federationFeideSchemaVersion': NOREDUPERSON_OID+'9', + 'pkcs9email': PKCS_9+'1', + 'givenName': X500ATTR+'42', + 'x500UniqueIdentifier': X500ATTR+'45', + 'eduPersonNickname': EDUPERSON_OID+'2', + 'houseIdentifier': X500ATTR+'51', + 'street': X500ATTR+'9', + 'supportedAlgorithms': X500ATTR+'52', + 'preferredLanguage': NETSCAPE_LDAP+'39', + 'postalAddress': X500ATTR+'16', + 'email': PKCS_9+'1', + 'norEduOrgUnitUniqueIdentifier': NOREDUPERSON_OID+'8', + 'eduPersonPrimaryOrgUnitDN': EDUPERSON_OID+'8', + 'c': X500ATTR+'6', + 'teletexTerminalIdentifier': X500ATTR+'22', + 'o': X500ATTR+'10', + 'cACertificate': X500ATTR+'37', + 'telexNumber': X500ATTR+'21', + 'ou': X500ATTR+'11', + 'initials': X500ATTR+'43', + 'eduPersonOrgUnitDN': EDUPERSON_OID+'4', + 'deltaRevocationList': X500ATTR+'53', + 'norEduPersonLIN': NOREDUPERSON_OID+'4', + 'supportedApplicationContext': X500ATTR+'30', + 'eduPersonEntitlement': EDUPERSON_OID+'7', + 'generationQualifier': X500ATTR+'44', + 'eduPersonAffiliation': EDUPERSON_OID+'1', + 'eduPersonPrincipalName': EDUPERSON_OID+'6', + 'localityName': X500ATTR+'7', + 'owner': X500ATTR+'32', + 'norEduOrgUnitUniqueNumber': NOREDUPERSON_OID+'2', + 'searchGuide': X500ATTR+'14', + 'certificateRevocationList': X500ATTR+'39', + 'organizationalUnitName': X500ATTR+'11', + 'userCertificate': X500ATTR+'36', + 'preferredDeliveryMethod': X500ATTR+'28', + 'internationaliSDNNumber': X500ATTR+'25', + 'uniqueMember': X500ATTR+'50', + 'departmentNumber': NETSCAPE_LDAP+'2', + 'enhancedSearchGuide': X500ATTR+'47', + 'userPKCS12': NETSCAPE_LDAP+'216', + 'eduPersonTargetedID': EDUPERSON_OID+'10', + 'norEduOrgUniqueNumber': NOREDUPERSON_OID+'1', + 'x121Address': X500ATTR+'24', + 'destinationIndicator': X500ATTR+'27', + 'eduPersonPrimaryAffiliation': EDUPERSON_OID+'5', + 'surname': X500ATTR+'4', + 'jpegPhoto': UCL_DIR_PILOT+'60', + 'eduPersonScopedAffiliation': EDUPERSON_OID+'9', + 'protocolInformation': X500ATTR+'48', + 'knowledgeInformation': X500ATTR+'2', + 'employeeType': NETSCAPE_LDAP+'4', + 'userSMIMECertificate': NETSCAPE_LDAP+'40', + 'member': X500ATTR+'31', + 'streetAddress': X500ATTR+'9', + 'dmdName': X500ATTR+'54', + 'postalCode': X500ATTR+'17', + 'pseudonym': X500ATTR+'65', + 'dnQualifier': X500ATTR+'46', + 'crossCertificatePair': X500ATTR+'40', + 'eduPersonOrgDN': EDUPERSON_OID+'3', + 'authorityRevocationList': X500ATTR+'38', + 'displayName': NETSCAPE_LDAP+'241', + 'businessCategory': X500ATTR+'15', + 'serialNumber': X500ATTR+'5', + 'norEduOrgUniqueIdentifier': NOREDUPERSON_OID+'7', + 'st': X500ATTR+'8', + 'carLicense': NETSCAPE_LDAP+'1', + 'presentationAddress': X500ATTR+'29', + 'sn': X500ATTR+'4', + 'domainComponent': UCL_DIR_PILOT+'25', + } +}
\ No newline at end of file diff --git a/saml2/metadata/sp.xml b/saml2/metadata/sp.xml new file mode 100644 index 0000000..5a95535 --- /dev/null +++ b/saml2/metadata/sp.xml @@ -0,0 +1,79 @@ + +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_476c5c253129e9cbfe7c2baf07a86231" entityID="https://sp-test.swamid.se/shibboleth"> + + <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:1.0:protocol"> + <md:Extensions> + <DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://sp-test.swamid.se/Shibboleth.sso/DS" index="1"/> + <DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://sp-test.swamid.se/Shibboleth.sso/DS/ds.swamid.se" index="2"/> + <DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://sp-test.swamid.se/Shibboleth.sso/DS/ds.sunet.se" index="3"/> + <DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://sp-test.swamid.se/Shibboleth.sso/DS/test-ds.nordu.net" index="4"/> + <DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://sp-test.swamid.se/Shibboleth.sso/DS/kalmar2" index="5"/> + </md:Extensions> + <md:KeyDescriptor use="signing"> + <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <ds:KeyName>sp-test.swamid.se</ds:KeyName> + <ds:X509Data> + <ds:X509SubjectName>CN=sp-test.swamid.se</ds:X509SubjectName> + <ds:X509Certificate>MIIC+jCCAeKgAwIBAgIJAO0UNmz1orzrMA0GCSqGSIb3DQEBBQUAMBwxGjAYBgNV +BAMTEXNwLXRlc3Quc3dhbWlkLnNlMB4XDTA5MTAyNzE0NTkzOFoXDTE5MTAyNTE0 +NTkzOFowHDEaMBgGA1UEAxMRc3AtdGVzdC5zd2FtaWQuc2UwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQC9292zBRgCYnJeviTmWQ9gDjqjtQwnvzTpZMVa +o2gmEb8NQOPwGqDAZ8kHhhjsqXd37VjOcQc5KyfxdKnwS8zzb0GFqTyVXtJ1wjZb +WPkOgRw1c0u7RuRgzn/vWMDLIRtymm2stX2hu1E2qctQ2zSEhiNrWdMNNArh/IKP ++MNT1a1w5QR3fbv7/Q+7T3VF2vyzFMo44FDId9kApN3/TSnJRaQ0tQQBgnZtrIAk +vjR6B/R9qowuwK/0QIifM1KrVT9OYHA0GP708IAdEzzuzLU5vyJuAzDhBNirPtFv +QcAKI8RfYBiwdJ29QkMAWHlNW3oP8KpUJzJ3r3KOcIHMwfSbAgMBAAGjPzA9MBwG +A1UdEQQVMBOCEXNwLXRlc3Quc3dhbWlkLnNlMB0GA1UdDgQWBBS0j9yIqP5DvTEl +YHt7Ugh3BTVX/TANBgkqhkiG9w0BAQUFAAOCAQEANL4WmGSMJws0XzNxcodD3TVV +yvLOLmFy8cNhB7cmz3rqoZebUqN9yWaCmZjCOMQ8Ghw++ITk/Ol0uXuCf7vKvXpW +7AEPL12mGVfH82PhyxYnY9BZNpfAsGWpM1Nvfz7AOkngD/G8Ws2+Bf4xS4PVHzgm +yEth2XQtHlSquOj2abA/wjguZvN0PGFUJl+ZxXxZ5mkyFmjQ+wnvF1BUlMD7qBF8 +WUA9TiYEiXgsASTgW/F038f4VNecqrBpJHU4TILmEtioGEFVLipU8huAzbcBCPYb +0z3axBqiW0bRmgvql97lV3HRRkwGKLV1T8oiau31qQU2zzBt6jC2AQgXWjjvSg== +</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:KeyDescriptor use="encryption"> + <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <ds:KeyName>sp-test.swamid.se</ds:KeyName> + <ds:X509Data> + <ds:X509SubjectName>CN=sp-test.swamid.se</ds:X509SubjectName> + <ds:X509Certificate>MIIC+jCCAeKgAwIBAgIJAO0UNmz1orzrMA0GCSqGSIb3DQEBBQUAMBwxGjAYBgNV +BAMTEXNwLXRlc3Quc3dhbWlkLnNlMB4XDTA5MTAyNzE0NTkzOFoXDTE5MTAyNTE0 +NTkzOFowHDEaMBgGA1UEAxMRc3AtdGVzdC5zd2FtaWQuc2UwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQC9292zBRgCYnJeviTmWQ9gDjqjtQwnvzTpZMVa +o2gmEb8NQOPwGqDAZ8kHhhjsqXd37VjOcQc5KyfxdKnwS8zzb0GFqTyVXtJ1wjZb +WPkOgRw1c0u7RuRgzn/vWMDLIRtymm2stX2hu1E2qctQ2zSEhiNrWdMNNArh/IKP ++MNT1a1w5QR3fbv7/Q+7T3VF2vyzFMo44FDId9kApN3/TSnJRaQ0tQQBgnZtrIAk +vjR6B/R9qowuwK/0QIifM1KrVT9OYHA0GP708IAdEzzuzLU5vyJuAzDhBNirPtFv +QcAKI8RfYBiwdJ29QkMAWHlNW3oP8KpUJzJ3r3KOcIHMwfSbAgMBAAGjPzA9MBwG +A1UdEQQVMBOCEXNwLXRlc3Quc3dhbWlkLnNlMB0GA1UdDgQWBBS0j9yIqP5DvTEl +YHt7Ugh3BTVX/TANBgkqhkiG9w0BAQUFAAOCAQEANL4WmGSMJws0XzNxcodD3TVV +yvLOLmFy8cNhB7cmz3rqoZebUqN9yWaCmZjCOMQ8Ghw++ITk/Ol0uXuCf7vKvXpW +7AEPL12mGVfH82PhyxYnY9BZNpfAsGWpM1Nvfz7AOkngD/G8Ws2+Bf4xS4PVHzgm +yEth2XQtHlSquOj2abA/wjguZvN0PGFUJl+ZxXxZ5mkyFmjQ+wnvF1BUlMD7qBF8 +WUA9TiYEiXgsASTgW/F038f4VNecqrBpJHU4TILmEtioGEFVLipU8huAzbcBCPYb +0z3axBqiW0bRmgvql97lV3HRRkwGKLV1T8oiau31qQU2zzBt6jC2AQgXWjjvSg== +</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://sp-test.swamid.se/Shibboleth.sso/Artifact/SOAP" index="1"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://sp-test.swamid.se/Shibboleth.sso/SLO/SOAP"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://sp-test.swamid.se/Shibboleth.sso/SLO/Redirect"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://sp-test.swamid.se/Shibboleth.sso/SLO/POST"/> + <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://sp-test.swamid.se/Shibboleth.sso/SLO/Artifact"/> + <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://sp-test.swamid.se/Shibboleth.sso/NIM/SOAP"/> + <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://sp-test.swamid.se/Shibboleth.sso/NIM/Redirect"/> + <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://sp-test.swamid.se/Shibboleth.sso/NIM/POST"/> + <md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://sp-test.swamid.se/Shibboleth.sso/NIM/Artifact"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://sp-test.swamid.se/Shibboleth.sso/SAML2/POST" index="1"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://sp-test.swamid.se/Shibboleth.sso/SAML2/POST-SimpleSign" index="2"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://sp-test.swamid.se/Shibboleth.sso/SAML2/Artifact" index="3"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://sp-test.swamid.se/Shibboleth.sso/SAML2/ECP" index="4"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://sp-test.swamid.se/Shibboleth.sso/SAML/POST" index="5"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://sp-test.swamid.se/Shibboleth.sso/SAML/Artifact" index="6"/> + </md:SPSSODescriptor> + +</md:EntityDescriptor>
\ No newline at end of file |