Drop all the calls to .keys() when iterating on the keys of a dict

[cascardo/ipsilon.git] / ipsilon / install / ipsilon-client-install

diff --git a/ipsilon/install/ipsilon-client-install b/ipsilon/install/ipsilon-client-install
index 09af718..2c6df8e 100755 (executable)
--- a/ipsilon/install/ipsilon-client-install
+++ b/ipsilon/install/ipsilon-client-install
@@ -97,6 +97,8 @@ def saml2():
     m.set_entity_id(url_sp)
     m.add_certs(c)
     m.add_service(SAML2_SERVICE_MAP['logout-redirect'], url_logout)
+    if not args['no_saml_soap_logout']:
+        m.add_service(SAML2_SERVICE_MAP['slo-soap'], url_logout)
     m.add_service(SAML2_SERVICE_MAP['response-post'], url_post, index="0")
     m.add_allowed_name_format(SAML2_NAMEID_MAP[args['saml_nameid']])
     sp_metafile = os.path.join(path, 'metadata.xml')
@@ -279,7 +281,7 @@ def parse_config_profile(args):
             if g in globals():
                 globals()[g] = val
             else:
-                for k in globals().keys():
+                for k in globals():
                     if k.lower() == g.lower():
                         globals()[k] = val
                         break
@@ -330,10 +332,13 @@ def parse_args():
                         help="Where saml2 authentication is enforced")
     parser.add_argument('--saml-sp', default='/saml2',
                         help="Where saml communication happens")
-    parser.add_argument('--saml-sp-logout', default='/saml2/logout',
+    parser.add_argument('--saml-sp-logout', default=None,
                         help="Single Logout URL")
-    parser.add_argument('--saml-sp-post', default='/saml2/postResponse',
+    parser.add_argument('--saml-sp-post', default=None,
                         help="Post response URL")
+    parser.add_argument('--no-saml-soap-logout', action='store_true',
+                        default=False,
+                        help="Disable Single Logout over SOAP")
     parser.add_argument('--saml-secure-setup', action='store_true',
                         default=True, help="Turn on all security checks")
     parser.add_argument('--saml-nameid', default='unspecified',
@@ -363,7 +368,7 @@ def parse_args():
     path_args = ['saml_base', 'saml_auth', 'saml_sp', 'saml_sp_logout',
                  'saml_sp_post']
     for path_arg in path_args:
-        if not args[path_arg].startswith('/'):
+        if args[path_arg] is not None and not args[path_arg].startswith('/'):
             raise ValueError('--%s must begin with a / character.' %
                              path_arg.replace('_', '-'))
 
@@ -374,9 +379,14 @@ def parse_args():
 
     # The saml_sp_logout and saml_sp_post settings must be subpaths
     # of saml_sp (the mellon endpoint).
-    path_args = ['saml_sp_logout', 'saml_sp_post']
-    for path_arg in path_args:
-        if not args[path_arg].startswith(args['saml_sp']):
+    path_args = {'saml_sp_logout': 'logout',
+                 'saml_sp_post': 'postResponse'}
+    for path_arg, default_path in path_args.items():
+        if args[path_arg] is None:
+            args[path_arg] = '%s/%s' % (args['saml_sp'].rstrip('/'),
+                                        default_path)
+
+        elif not args[path_arg].startswith(args['saml_sp']):
             raise ValueError('--%s must be a subpath of --saml-sp' %
                              path_arg.replace('_', '-'))