summaryrefslogtreecommitdiffstats
path: root/authentic/admin/settings.ptl
diff options
context:
space:
mode:
authorFrédéric Péters <fpeters@entrouvert.com>2007-10-18 17:51:26 (GMT)
committerFrédéric Péters <fpeters@entrouvert.com>2007-10-18 17:51:26 (GMT)
commitb03dbc13f895b61f3db3a789b1678ac545682bd1 (patch)
tree9e433c757b1d29137de0a73d893943cb7ec21109 /authentic/admin/settings.ptl
parent3b07bad8c5c7b93c8c75114c37dd174708cd6766 (diff)
downloadauthentic-old-b03dbc13f895b61f3db3a789b1678ac545682bd1.zip
authentic-old-b03dbc13f895b61f3db3a789b1678ac545682bd1.tar.gz
authentic-old-b03dbc13f895b61f3db3a789b1678ac545682bd1.tar.bz2
first go at SAMLv2 proxying, untested
Diffstat (limited to 'authentic/admin/settings.ptl')
-rw-r--r--authentic/admin/settings.ptl30
1 files changed, 27 insertions, 3 deletions
diff --git a/authentic/admin/settings.ptl b/authentic/admin/settings.ptl
index ed31a25..5de4ab2 100644
--- a/authentic/admin/settings.ptl
+++ b/authentic/admin/settings.ptl
@@ -1105,7 +1105,7 @@ class SettingsDirectory(Directory):
hint = _('Disabled if empty'),
value = get_cfg('idp', {}).get('common_domain_setter_url'))
- form.add(CheckboxWidget, 'idff_proxy', title = _('ID-FF Proxy Support'),
+ form.add(CheckboxWidget, 'idff_proxy', title = _('ID-FF & SAMLv2 Proxy Support'),
value = get_cfg('idp', {}).get('idff_proxy', False))
if not hasattr(lasso.Server(), str('role')):
widget = form.get_widget('idff_proxy')
@@ -1403,7 +1403,31 @@ class SettingsDirectory(Directory):
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="%(saml2_base_soap_url)s/singleSignOnSOAP" />
</IDPSSODescriptor>""" % get_publisher().cfg['idp']
-
+
+ sp = ''
+ if get_publisher().cfg['idp'].get('idff_proxy'):
+ sp_head = '''<SPSSODescriptor
+ AuthnRequestsSigned="true"
+ protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">'''
+
+ sp_body = '''
+ <SingleLogoutService
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
+ Location="%(saml2_base_url)s/proxySingleLogoutSOAP" />
+ <SingleLogoutService
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+ Location="%(saml2_base_url)s/proxySingleLogout"
+ ResponseLocation="%(saml2_base_url)s/proxySingleLogoutReturn" />
+ <AssertionConsumerService isDefault="true" index="0"
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
+ Location="%(saml2_base_url)s/proxySingleSignOnArtifact" />
+ <AssertionConsumerService index="1"
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+ Location="%(saml2_base_url)s/proxySingleSignOnPost" />
+</SPSSODescriptor>''' % get_publisher().cfg['idp']
+
+ sp = '\n'.join([sp_head, idp_key['signing'], idp_key['encryption'], sp_body])
+
if get_publisher().cfg['idp'].get('organization_name'):
epilogue = """<Organization>
<OrganizationName xml:lang="en">%s</OrganizationName>
@@ -1415,7 +1439,7 @@ class SettingsDirectory(Directory):
epilogue = '</EntityDescriptor>'
return '\n'.join([prologue, idp_head, idp_key['signing'], idp_key['encryption'],
- idp_body, epilogue])
+ idp_body, sp, epilogue])
def debug_options [html] (self):