basic AA using pysaml2

author: Leif Johansson <leifj@sunet.se> 2012-04-02 15:30:37 +0200
committer: Leif Johansson <leifj@sunet.se> 2012-04-02 15:30:37 +0200
commit: f939426fc32edb41be77c28d94c020a8fbc6c1bd (patch)
tree: 7bbe63080376cc24044c47b76595baa2621ff7fd /coip/apps/saml2
parent: dac8ce9528f7c1077f29c4fc7feb369f8aa459e9 (diff)
4 files changed, 114 insertions, 0 deletions
diff --git a/coip/apps/saml2/__init__.py b/coip/apps/saml2/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/coip/apps/saml2/__init__.py
diff --git a/coip/apps/saml2/conf.py b/coip/apps/saml2/conf.py
new file mode 100644
index 0000000..4dc70d9
--- /dev/null
+++ b/coip/apps/saml2/conf.py
@@ -0,0 +1,42 @@
+'''
+Created on Apr 2, 2012
+
+@author: leifj
+'''
+
+from saml2 import BINDING_SOAP
+from saml2.saml import NAME_FORMAT_URI
+from coip.settings import PREFIX_URL, SAML_CERT, SAML_KEY, BASE_DIR, METADATA
+
+CONFIG={
+    "entityid" : "%s/saml2/entity" % PREFIX_URL,
+    "description": "COIP",
+    "service": {
+        "aa": {
+            "name" : "COIP",
+            "endpoints" : {
+                "attribute_service" : [("%s/aq" % PREFIX_URL, BINDING_SOAP)],
+            },
+            "policy": {
+                "default": {
+                    "lifetime": {"minutes":15},
+                    "attribute_restrictions": None, # means all I have
+                    "name_form": NAME_FORMAT_URI
+                },
+            },
+            "subject_data": ("dict", {}),
+        }
+    },
+    "debug" : 1,
+    "key_file" : SAML_KEY,
+    "cert_file" : SAML_CERT,
+    "attribute_map_dir" : "%s/saml2/attributemaps" % BASE_DIR,
+    "metadata" : {
+        "local": ["%s/saml2/metadata/sp.xml" % BASE_DIR],
+    },
+    "organization": {
+        "display_name": "COIP",
+        "name": "COIP",
+        "url": PREFIX_URL,
+    },
+}
+\ No newline at end of file
diff --git a/coip/apps/saml2/urls.py b/coip/apps/saml2/urls.py
new file mode 100644
index 0000000..1654c66
--- /dev/null
+++ b/coip/apps/saml2/urls.py
@@ -0,0 +1,11 @@
+'''
+Created on Nov 7, 2011
+
+@author: leifj
+'''
+from django.conf.urls.defaults import patterns, url, include
+
+urlpatterns = patterns('coip.apps.saml2.views',
+    url(r'^aq$',view='aq'),
+    url(r'^metadata$',view='metadata')
+)
+\ No newline at end of file
diff --git a/coip/apps/saml2/views.py b/coip/apps/saml2/views.py
new file mode 100644
index 0000000..497e219
--- /dev/null
+++ b/coip/apps/saml2/views.py
@@ -0,0 +1,61 @@
+'''
+Created on Apr 2, 2012
+
+@author: leifj
+'''
+
+import re
+from saml2 import server
+from saml2 import saml
+from saml2 import soap
+import logging
+from django.contrib.auth.models import User
+from django.http import HttpResponse, HttpResponseBadRequest
+from saml2.config import Config
+from saml2.metadata import entity_descriptor
+from coip.apps.saml2 import conf
+
+aa = server.Server("coip.apps.saml2.conf", log=logging, debug=1, stype="aa")
+
+def _aa_reply(aa, aq, user, sp_entityid):
+    consumer_url = aa.metadata.consumer_url(aq.issuer.text)
+    in_response_to = aq.id
+    name_id = aq.subject.name_id
+
+    logging.info("name_id: %s" % name_id)
+    return  aa.do_aa_response(in_response_to, 
+                              consumer_url,
+                              sp_entityid,
+                              identity=user,
+                              name_id=name_id,
+                              issuer=aa.conf.entityid)
+
+def metadata(request):
+    cnf = Config().load(conf.CONFIG, metadata_construction=True)
+    ed = entity_descriptor(cnf, 0)
+    return HttpResponse(content=ed,content_type="text/xml")
+
+def aq(request):
+    if request.method == 'POST':
+        global aa
+        request_xml = soap.parse_soap_enveloped_saml_attribute_query(request.raw_post_data)
+        logging.debug(request_xml)
+        (subject, attribute, aq) = aa.parse_attribute_query(request_xml,False)
+        sp_entityid = aq.issuer.text
+        
+        claims = {}
+        try:
+            logging.debug("Subject: %s" % subject.text)
+            user = User.objects.get(username=subject.text)
+            p = user.get_profile()
+            claims = {'uid': user.username,'displayName': p.display_name}
+        except Exception,exc:
+            logging.debug(exc)
+            pass
+        
+        aa_response = _aa_reply(aa, aq, claims, sp_entityid)
+        xml = soap.make_soap_enveloped_saml_thingy(aa_response)
+        logging.debug(xml)
+        return HttpResponse(content=xml, content_type="application/soap+xml")
+    else:
+        return HttpResponseBadRequest("<html><head><title>No</title></head><body><h1>Bad Request</h1><p>Go sell crazy someplace else, we're all stocked up here!</p></body></html>")
+\ No newline at end of file
author	Leif Johansson <leifj@sunet.se>	2012-04-02 15:30:37 +0200
committer	Leif Johansson <leifj@sunet.se>	2012-04-02 15:30:37 +0200
commit	f939426fc32edb41be77c28d94c020a8fbc6c1bd (patch)
tree	7bbe63080376cc24044c47b76595baa2621ff7fd /coip/apps/saml2
parent	dac8ce9528f7c1077f29c4fc7feb369f8aa459e9 (diff)