X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=blobdiff_plain;f=ipsilon%2Fproviders%2Fsaml2%2Fprovider.py;h=58ffbfeea3f39b1bf0d903caaca005bd2f9ba4ee;hp=7975500ed3eebf30620e115942e9133019cd5d73;hb=71edd1146556eecb9f9375da46313e94bf82874c;hpb=671c9261307a23daaeafdaf3263accc836ba7b70 diff --git a/ipsilon/providers/saml2/provider.py b/ipsilon/providers/saml2/provider.py index 7975500..58ffbfe 100755 --- a/ipsilon/providers/saml2/provider.py +++ b/ipsilon/providers/saml2/provider.py @@ -18,23 +18,11 @@ # along with this program. If not, see . from ipsilon.providers.common import ProviderException -import cherrypy +from ipsilon.tools.saml2metadata import SAML2_NAMEID_MAP +from ipsilon.util.log import Log import lasso -NAMEID_MAP = { - 'email': lasso.SAML2_NAME_IDENTIFIER_FORMAT_EMAIL, - 'encrypted': lasso.SAML2_NAME_IDENTIFIER_FORMAT_ENCRYPTED, - 'entity': lasso.SAML2_NAME_IDENTIFIER_FORMAT_ENTITY, - 'kerberos': lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS, - 'persistent': lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT, - 'transient': lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT, - 'unspecified': lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED, - 'windows': lasso.SAML2_NAME_IDENTIFIER_FORMAT_WINDOWS, - 'x509': lasso.SAML2_NAME_IDENTIFIER_FORMAT_X509, -} - - class InvalidProviderId(ProviderException): def __init__(self, code): @@ -45,8 +33,8 @@ class InvalidProviderId(ProviderException): class NameIdNotAllowed(Exception): - def __init__(self): - message = 'The specified Name ID is not allowed' + def __init__(self, nid): + message = 'Name ID [%s] is not allowed' % nid super(NameIdNotAllowed, self).__init__(message) self.message = message @@ -54,7 +42,7 @@ class NameIdNotAllowed(Exception): return repr(self.message) -class ServiceProvider(object): +class ServiceProvider(Log): def __init__(self, config, provider_id): self.cfg = config @@ -129,26 +117,37 @@ class ServiceProvider(object): def get_valid_nameid(self, nip): self._debug('Requested NameId [%s]' % (nip.format,)) if nip.format is None: - return NAMEID_MAP[self.default_nameid] + return SAML2_NAMEID_MAP[self.default_nameid] elif nip.format == lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED: - return NAMEID_MAP[self.default_nameid] + return SAML2_NAMEID_MAP[self.default_nameid] else: allowed = self.allowed_nameids self._debug('Allowed NameIds %s' % (repr(allowed))) for nameid in allowed: - if nip.format == NAMEID_MAP[nameid]: + if nip.format == SAML2_NAMEID_MAP[nameid]: return nip.format raise NameIdNotAllowed(nip.format) - def _debug(self, fact): - if cherrypy.config.get('debug', False): - cherrypy.log(fact) + def permanently_delete(self): + data = self.cfg.get_data(name='id', value=self.provider_id) + if len(data) != 1: + raise InvalidProviderId('Could not find SP data') + idval = data.keys()[0] + self.cfg.del_datum(idval) def normalize_username(self, username): if 'strip domain' in self._properties: return username.split('@', 1)[0] return username + def is_valid_nameid(self, value): + if value in SAML2_NAMEID_MAP: + return True + return False + + def valid_nameids(self): + return SAML2_NAMEID_MAP.keys() + class ServiceProviderCreator(object): @@ -182,7 +181,7 @@ class ServiceProviderCreator(object): return ServiceProvider(self.cfg, spid) -class IdentityProvider(object): +class IdentityProvider(Log): def __init__(self, config): self.server = lasso.Server(config.idp_metadata_file, config.idp_key_file, @@ -203,7 +202,3 @@ class IdentityProvider(object): def get_providers(self): return self.server.get_providers() - - def _debug(self, fact): - if cherrypy.config.get('debug', False): - cherrypy.log(fact)