Fix generation fo server's metadata file

[cascardo/ipsilon.git] / ipsilon / providers / saml2idp.py

diff --git a/ipsilon/providers/saml2idp.py b/ipsilon/providers/saml2idp.py
index 1922c53..b337652 100755 (executable)
--- a/ipsilon/providers/saml2idp.py
+++ b/ipsilon/providers/saml2idp.py
@@ -21,14 +21,14 @@ from ipsilon.providers.common import ProviderBase, ProviderPageBase
 from ipsilon.providers.common import FACILITY
 from ipsilon.providers.saml2.auth import AuthenticateRequest
 from ipsilon.providers.saml2.admin import AdminPage
-from ipsilon.providers.saml2.certs import Certificate
 from ipsilon.providers.saml2.provider import IdentityProvider
-from ipsilon.providers.saml2 import metadata
+from ipsilon.tools.certs import Certificate
+from ipsilon.tools import saml2metadata as metadata
+from ipsilon.tools import files
 from ipsilon.util.user import UserSession
 from ipsilon.util.plugin import PluginObject
 import cherrypy
 import lasso
-import pwd
 import os
 
 
@@ -246,16 +246,13 @@ class Installer(object):
     def install_args(self, group):
         group.add_argument('--saml2', choices=['yes', 'no'], default='yes',
                            help='Configure SAML2 Provider')
-        group.add_argument('--saml2-storage',
-                           default='/var/lib/ipsilon/saml2',
-                           help='SAML2 Provider storage area')
 
     def configure(self, opts):
         if opts['saml2'] != 'yes':
             return
 
         # Check storage path is present or create it
-        path = opts['saml2_storage']
+        path = os.path.join(opts['data_dir'], 'saml2')
         if not os.path.exists(path):
             os.makedirs(path, 0700)
 
@@ -264,16 +261,14 @@ class Installer(object):
         cert.generate('idp', opts['hostname'])
 
         # Generate Idp Metadata
-        url = 'https://' + opts['hostname'] + '/idp/saml2'
+        url = 'https://' + opts['hostname'] + '/' + opts['instance'] + '/saml2'
         meta = metadata.Metadata(metadata.IDP_ROLE)
         meta.set_entity_id(url + '/metadata')
         meta.add_certs(cert, cert)
-        meta.add_service(metadata.SSO_SERVICE,
-                         lasso.SAML2_METADATA_BINDING_POST,
-                         url + 'SSO/POST')
-        meta.add_service(metadata.SSO_SERVICE,
-                         lasso.SAML2_METADATA_BINDING_REDIRECT,
-                         url + 'SSO/Redirect')
+        meta.add_service(metadata.SAML2_SERVICE_MAP['sso-post'],
+                         url + '/SSO/POST')
+        meta.add_service(metadata.SAML2_SERVICE_MAP['sso-redirect'],
+                         url + '/SSO/Redirect')
 
         meta.add_allowed_name_format(
             lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT)
@@ -296,18 +291,10 @@ class Installer(object):
         config = {'idp storage path': path,
                   'idp metadata file': 'metadata.xml',
                   'idp certificate file': cert.cert,
-                  'idp key file': cert.key}
+                  'idp key file': cert.key,
+                  'enabled': '1'}
         po.set_config(config)
         po.save_plugin_config(FACILITY)
 
         # Fixup permissions so only the ipsilon user can read these files
-        pw = pwd.getpwnam(opts['system_user'])
-        for root, dirs, files in os.walk(path):
-            for name in dirs:
-                target = os.path.join(root, name)
-                os.chown(target, pw.pw_uid, pw.pw_gid)
-                os.chmod(target, 0700)
-            for name in files:
-                target = os.path.join(root, name)
-                os.chown(target, pw.pw_uid, pw.pw_gid)
-                os.chmod(target, 0600)
+        files.fix_user_dirs(path, opts['system_user'])