From 11242b8a3cab8d1594644cf22285e94639cca158 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 9 Apr 2014 15:21:55 -0400 Subject: [PATCH] Simplify metadata add_service signature Add a map that takes care of the lower level lasso-related details Signed-off-by: Simo Sorce --- ipsilon/providers/saml2idp.py | 6 ++---- ipsilon/tools/saml2metadata.py | 28 +++++++++++++++++----------- 2 files changed, 19 insertions(+), 15 deletions(-) diff --git a/ipsilon/providers/saml2idp.py b/ipsilon/providers/saml2idp.py index 87cc7f6..507bba2 100755 --- a/ipsilon/providers/saml2idp.py +++ b/ipsilon/providers/saml2idp.py @@ -268,11 +268,9 @@ class Installer(object): meta = metadata.Metadata(metadata.IDP_ROLE) meta.set_entity_id(url + '/metadata') meta.add_certs(cert, cert) - meta.add_service(metadata.SSO_SERVICE, - lasso.SAML2_METADATA_BINDING_POST, + meta.add_service(metadata.SAML2_SERVICE_MAP['sso-post'], url + 'SSO/POST') - meta.add_service(metadata.SSO_SERVICE, - lasso.SAML2_METADATA_BINDING_REDIRECT, + meta.add_service(metadata.SAML2_SERVICE_MAP['sso-redirect'], url + 'SSO/Redirect') meta.add_allowed_name_format( diff --git a/ipsilon/tools/saml2metadata.py b/ipsilon/tools/saml2metadata.py index fc2e02c..b86e727 100755 --- a/ipsilon/tools/saml2metadata.py +++ b/ipsilon/tools/saml2metadata.py @@ -34,6 +34,16 @@ SAML2_NAMEID_MAP = { 'x509': lasso.SAML2_NAME_IDENTIFIER_FORMAT_X509, } +SAML2_SERVICE_MAP = { + 'sso-post': ('SingleSignOnService', + lasso.SAML2_METADATA_BINDING_POST), + 'sso-redirect': ('SingleSignOnService', + lasso.SAML2_METADATA_BINDING_REDIRECT), + 'logout-redirect': ('SingleLogoutService', + lasso.SAML2_METADATA_BINDING_REDIRECT), + 'response-post': ('AssertionConsumerService', + lasso.SAML2_METADATA_BINDING_POST) +} EDESC = '{%s}EntityDescriptor' % lasso.SAML2_METADATA_HREF NSMAP = { @@ -47,10 +57,6 @@ SPDESC = 'SPSSODescriptor' IDP_ROLE = 'idp' SP_ROLE = 'sp' -SSO_SERVICE = 'SingleSignOnService' -LOGOUT_SERVICE = 'SingleLogoutService' -ASSERTION_SERVICE = 'AssertionConsumerService' - def mdElement(_parent, _tag, **kwargs): tag = '{%s}%s' % (lasso.SAML2_METADATA_HREF, _tag) @@ -101,9 +107,9 @@ class Metadata(object): if enccert: self.add_cert(enccert.get_cert(), 'encryption') - def add_service(self, svctype, binding, location): - svc = mdElement(self.role, svctype) - svc.set('Binding', binding) + def add_service(self, service, location): + svc = mdElement(self.role, service[0]) + svc.set('Binding', service[1]) svc.set('Location', location) def add_allowed_name_format(self, name_format): @@ -134,9 +140,9 @@ if __name__ == '__main__': idp.set_entity_id('https://ipsilon.example.com/idp/metadata') idp.set_role(IDP_ROLE) idp.add_certs(sign_cert, enc_cert) - idp.add_service(SSO_SERVICE, lasso.SAML2_METADATA_BINDING_POST, + idp.add_service(SAML2_SERVICE_MAP['sso-post'], 'https://ipsilon.example.com/idp/saml2/POST') - idp.add_service(SSO_SERVICE, lasso.SAML2_METADATA_BINDING_REDIRECT, + idp.add_service(SAML2_SERVICE_MAP['sso-redirect'], 'https://ipsilon.example.com/idp/saml2/Redirect') for k in SAML2_NAMEID_MAP: idp.add_allowed_name_format(SAML2_NAMEID_MAP[k]) @@ -155,9 +161,9 @@ if __name__ == '__main__': sp.set_entity_id('https://ipsilon.example.com/samlsp/metadata') sp.set_role(SP_ROLE) sp.add_certs(sign_cert) - sp.add_service(LOGOUT_SERVICE, lasso.SAML2_METADATA_BINDING_REDIRECT, + sp.add_service(SAML2_SERVICE_MAP['logout-redirect'], 'https://ipsilon.example.com/samlsp/logout') - sp.add_service(ASSERTION_SERVICE, lasso.SAML2_METADATA_BINDING_POST, + sp.add_service(SAML2_SERVICE_MAP['response-post'], 'https://ipsilon.example.com/samlsp/postResponse') md_file = os.path.join(tmpdir, 'metadata.xml') sp.output(md_file) -- 2.20.1