This repository was archived by the owner on Dec 30, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathproxy_conf.py
118 lines (108 loc) · 3.55 KB
/
proxy_conf.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from saml2 import BINDING_HTTP_REDIRECT
from saml2 import BINDING_HTTP_POST
from saml2.extension.idpdisc import BINDING_DISCO
from saml2.saml import NAME_FORMAT_URI
from saml2.saml import NAMEID_FORMAT_TRANSIENT
from saml2.saml import NAMEID_FORMAT_PERSISTENT
import os.path
try:
from saml2.sigver import get_xmlsec_binary
except ImportError:
get_xmlsec_binary = None
if get_xmlsec_binary:
xmlsec_path = get_xmlsec_binary(["/opt/local/bin"])
else:
xmlsec_path = '/usr/bin/xmlsec1'
BASEDIR = os.path.abspath(os.path.dirname(__file__))
def full_path(local_file):
return os.path.join(BASEDIR, local_file)
HOST = 'localhost'
PORT = 8090
BASE = "https://%s:%s" % (HOST, PORT)
HTTPS = True
# HTTPS cert information
SERVER_CERT = "pki/mycert.pem"
SERVER_KEY = "pki/mykey.pem"
CERT_CHAIN = ""
DISCO_SRV = "https://md.nordu.net/role/idp.ds"
CONFIG = {
"entityid": "%s/proxy.xml" % BASE,
"description": "A SAML2SAML proxy",
"valid_for": 168,
"service": {
"idp": {
"name": "Rolands IdP",
"endpoints": {
"single_sign_on_service": [
("%s/sso/redirect" % BASE, BINDING_HTTP_REDIRECT),
("%s/sso/post" % BASE, BINDING_HTTP_POST),
],
},
"policy": {
"default": {
"lifetime": {"minutes": 15},
"attribute_restrictions": None, # means all I have
"name_form": NAME_FORMAT_URI,
"entity_categories": ["swamid", "edugain"],
"fail_on_missing_requested": False
},
},
"subject_data": "./idp.subject",
"name_id_format": [NAMEID_FORMAT_TRANSIENT,
NAMEID_FORMAT_PERSISTENT],
"want_authn_requests_signed": False
},
"sp": {
"required_attributes": ["sn", "givenname", "uid",
"edupersonaffiliation"],
"optional_attributes": ["title"],
"endpoints": {
"assertion_consumer_service": [
("%s/acs/post" % BASE, BINDING_HTTP_POST),
("%s/acs/redirect" % BASE, BINDING_HTTP_REDIRECT)
],
"discovery_response": [
("%s/disco" % BASE, BINDING_DISCO)
]
}
},
},
"debug": 1,
"key_file": full_path("pki/new_server.key"),
"cert_file": full_path("pki/new_server.crt"),
"metadata": {
#"mdfile": ["swamid2.md"],
"local": ["/Users/rolandh/code/pysaml2/example/sp-wsgi/sp.xml",
"/Users/rolandh/code/pysaml2/example/idp2/idp.xml"]
},
"organization": {
"display_name": "Rolands Identiteter",
"name": "Rolands Identiteter",
"url": "http://www.example.com",
},
"contact_person": [
{
"contact_type": "technical",
"given_name": "Roland",
"sur_name": "Hedberg",
"email_address": "[email protected]"
}, {
"contact_type": "support",
"given_name": "Support",
"email_address": "[email protected]"
},
],
# This database holds the map between a subjects local identifier and
# the identifier returned to a SP
"xmlsec_binary": xmlsec_path,
"logger": {
"rotating": {
"filename": "idp.log",
"maxBytes": 500000,
"backupCount": 5,
},
"loglevel": "debug",
}
}