summaryrefslogtreecommitdiffstats
path: root/authentic/admin/settings.ptl
diff options
context:
space:
mode:
authorBenjamin Dauvergne <bdauvergne@entrouvert.com>2010-02-04 23:44:47 (GMT)
committerBenjamin Dauvergne <bdauvergne@entrouvert.com>2010-02-04 23:44:47 (GMT)
commite5df75eea27546632e34a4483bb112ce1df0c424 (patch)
tree26dc2f613cae14a4b9f1bdde7c4d0f771e4eaada /authentic/admin/settings.ptl
parent97de2729f1b9122cb5fa7efc5733a8b8f0d9d603 (diff)
downloadauthentic-old-e5df75eea27546632e34a4483bb112ce1df0c424.zip
authentic-old-e5df75eea27546632e34a4483bb112ce1df0c424.tar.gz
authentic-old-e5df75eea27546632e34a4483bb112ce1df0c424.tar.bz2
Use qommon module to produce metadatas and to create key pairs
* authentic/admin/settings.ptl: - remove methods to generate metadatas using qommon.saml2utils and qommon.libertyutils. - add a button to generate RSA key pairs using qommon.x509utils - be more resilient to errors during configuration (revert to old configuration tree if something fails), check key pairs for consistency.
Diffstat (limited to 'authentic/admin/settings.ptl')
-rw-r--r--authentic/admin/settings.ptl350
1 files changed, 85 insertions, 265 deletions
diff --git a/authentic/admin/settings.ptl b/authentic/admin/settings.ptl
index 32aeb88..ad6c110 100644
--- a/authentic/admin/settings.ptl
+++ b/authentic/admin/settings.ptl
@@ -10,6 +10,9 @@ import urlparse
import tempfile
import zipfile
import qommon.x509utils as x509utils
+import qommon.libertyutils as libertyutils
+import qommon.saml2utils as saml2utils
+import qommon.storage as storage
import lasso
@@ -1275,8 +1278,69 @@ class SettingsDirectory(Directory):
'</div>'
form.render()
+ def generate_rsa_keypair(self, branch = 'sp'):
+ publickey, privatekey = x509utils.generate_rsa_keypair()
+ encryptionpublickey, encryptionprivatekey = x509utils.generate_rsa_keypair()
+ cfg_sp = get_cfg('idp' ,{})
+ self.configure_idp_metadatas(cfg_sp, publickey, privatekey, encryptionpublickey, encryptionprivatekey, True, True)
+
+ def write_idp_metadatas(self, signing_pem_key, private_signing_pem_key,
+ encryption_pem_key, private_encryption_pem_key, metadata,
+ saml2_metadata):
+ '''Write SP metadatas, that key files and metadata files'''
+ dir = get_publisher().app_dir
+ if signing_pem_key:
+ privatekey_fn = os.path.join(dir, 'private-key.pem')
+ publickey_fn = os.path.join(dir, 'public-key.pem')
+ storage.atomic_write(publickey_fn, signing_pem_key)
+ storage.atomic_write(privatekey_fn, private_signing_pem_key)
+ if encryption_pem_key:
+ encryption_privatekey_fn = os.path.join(dir, 'encryption-private-key.pem')
+ encryption_publickey_fn = os.path.join(dir, 'encryption-public-key.pem')
+ storage.atomic_write(encryption_publickey_fn, encryption_pem_key)
+ storage.atomic_write(encryption_privatekey_fn, private_encryption_pem_key)
+ if metadata:
+ metadata_fn = os.path.join(dir, 'metadata.xml')
+ storage.atomic_write(metadata_fn, metadata)
+
+ if saml2_metadata:
+ saml2_metadata_fn = os.path.join(dir, 'saml2-metadata.xml')
+ storage.atomic_write(saml2_metadata_fn, saml2_metadata)
+
+ def configure_idp_metadatas(self, cfg_sp, signing_pem_key, private_signing_pem_key,
+ encryption_pem_key, private_encryption_pem_key, liberty, saml2):
+ if x509utils.can_generate_rsa_key_pair():
+ if signing_pem_key and not x509utils.check_key_pair_consistency(signing_pem_key, private_signing_pem_key):
+ return ('publickey', _('Signing key pair is invalid'))
+ if encryption_pem_key and not x509utils.check_key_pair_consistency(encryption_pem_key, private_encryption_pem_key):
+ return ('encryption_publickey', _('Encryption key pair is invalid'))
+ if signing_pem_key:
+ cfg_sp['publickey'] = 'public-key.pem'
+ cfg_sp['privatekey'] = 'private-key.pem'
+ if encryption_pem_key:
+ cfg_sp['encryption_privatekey'] = 'encryption-private-key.pem'
+ cfg_sp['encryption_publickey'] = 'encryption-public-key.pem'
+
+ metadata = saml2_metadata = None
+ if liberty:
+ cfg_sp['metadata'] = 'metadata.xml'
+
+ metadata = libertyutils.Metadata(config = cfg_sp, provider_id = cfg_sp['providerid'], publisher = get_publisher()).get_metadata(signing_pem_key, encryption_pem_key, do_idp = True, do_sp = cfg_sp.get('idff_proxy') is not None)
+ if saml2:
+ cfg_sp['saml2_metadata'] = 'saml2-metadata.xml'
+ saml2_metadata = saml2utils.Metadata(config = cfg_sp, provider_id = cfg_sp['saml2_providerid'], publisher = get_publisher()).get_saml2_metadata(signing_pem_key, encryption_pem_key, do_idp = True, do_sp = cfg_sp.get('idff_proxy') is not None)
+ self.write_idp_metadatas(signing_pem_key, private_signing_pem_key,
+ encryption_pem_key, private_encryption_pem_key,
+ metadata, saml2_metadata)
+ get_publisher().write_cfg()
+ return None
+
def idp_save(self, form):
dir = get_publisher().app_dir
+ error = False
+ get_publisher().reload_cfg()
+ config = get_publisher().cfg.get('idp', {})
+ get_publisher().cfg['idp'] = config
def extract_file_value(name):
value = form.get_widget(name).parse()
@@ -1291,7 +1355,7 @@ class SettingsDirectory(Directory):
publickey_content = extract_file_value(prefix+'publickey')
if not privatekey_content and not publickey_content:
return None
- if x509util.can_generate_rsa_key_pair():
+ if x509utils.can_generate_rsa_key_pair():
if not x509utils.check_key_pair_consistency(publickey_content, privatekey_content):
raise Exception()
else:
@@ -1299,6 +1363,7 @@ class SettingsDirectory(Directory):
raise Exception()
except:
+ raise
form.set_error(prefix+'publickey', _('The key pair is invalid.'))
return None
return (publickey_content, privatekey_content)
@@ -1306,38 +1371,39 @@ class SettingsDirectory(Directory):
def write_key_pair(prefix1, prefix2, keypair):
if not keypair:
return
- privatekey_fn = os.path.join(dir, prefix+'private-key.pem')
- publickey_fn = os.path.join(dir, prefix+'public-key.pem')
+ privatekey_fn = os.path.join(dir, prefix1+'private-key.pem')
+ publickey_fn = os.path.join(dir, prefix1+'public-key.pem')
file(publickey_fn, 'w').write(keypair[0])
file(privatekey_fn, 'w').write(keypair[1])
- get_publisher().cfg['idp'][prefix2+'publickey'] = prefix1+'public-key.pem'
- get_publisher().cfg['idp'][prefix2+'privatekey'] = prefix1+'private-key.pem'
+ config[prefix2+'publickey'] = prefix1+'public-key.pem'
+ config[prefix2+'privatekey'] = prefix1+'private-key.pem'
- error = False
- get_publisher().reload_cfg()
- if not get_publisher().cfg.has_key('idp'):
- get_publisher().cfg['idp'] = {}
- old_common_domain_setter_url = get_publisher().cfg['idp'].get('common_domain_setter_url')
+ old_common_domain_setter_url = config.get('common_domain_setter_url')
for k in ('providerid', 'base_url', 'organization_name', 'common_domain',
'idff_proxy', 'idsis_pp', 'saml2_providerid', 'saml2_base_url',
'base_soap_url', 'saml2_base_soap_url', 'direct_proxy',
'common_domain_setter_url'):
w = form.get_widget(k)
if w:
- get_publisher().cfg['idp'][k] = w.parse()
+ config[k] = w.parse()
signing_keypair = get_key_pair('')
- encryption_keypari = get_key_pair('encryption_')
+ encryption_keypair = get_key_pair('encryption_')
+ do_sp = config.get('idff_proxy') is not None
+ public_signing_key = signing_keypair and signing_keypair[0]
+ public_encryption_key = encryption_keypair and encryption_keypair[0]
# FIXME: is it really useful to permit manual metadatas ?
metadata_fn = os.path.join(dir, 'metadata.xml')
- file(metadata_fn, 'w').write(self.get_metadata())
- get_publisher().cfg['idp']['metadata'] = 'metadata.xml'
+ metadata = libertyutils.Metadata(config = config, provider_id = config['providerid'], publisher = get_publisher())
+ file(metadata_fn, 'w').write(metadata.get_metadata(public_signing_key, public_encryption_key, do_idp = True, do_sp = do_sp))
+ config['metadata'] = 'metadata.xml'
- if get_publisher().cfg['idp'].has_key('saml2_providerid'):
+ if config.has_key('saml2_providerid'):
saml2_metadata_fn = os.path.join(dir, 'saml2-metadata.xml')
- file(saml2_metadata_fn, 'w').write(self.get_saml2_metadata())
- get_publisher().cfg['idp']['saml2_metadata'] = 'saml2-metadata.xml'
+ saml2_metadata = saml2utils.Metadata(config = config, provider_id = config['saml2_providerid'], publisher = get_publisher())
+ file(saml2_metadata_fn, 'w').write(saml2_metadata.get_saml2_metadata(public_signing_key, public_encryption_key, do_idp = True, do_sp = do_sp))
+ config['saml2_metadata'] = 'saml2-metadata.xml'
if form.has_errors():
return
@@ -1345,17 +1411,7 @@ class SettingsDirectory(Directory):
write_key_pair('','',signing_keypair)
write_key_pair('encryption-','encryption_',signing_keypair)
-
- if publickey_content:
- file(publickey_fn, 'w').write(publickey_content)
- if privatekey_content:
- file(privatekey_fn, 'w').write(privatekey_content)
- if encryption_publickey_content:
- file(encryption_publickey_fn, 'w').write(encryption_publickey_content)
- if encryption_privatekey_content:
- file(encryption_privatekey_fn, 'w').write(encryption_privatekey_content)
-
- new_common_domain_setter_url = get_publisher().cfg['idp'].get('common_domain_setter_url')
+ new_common_domain_setter_url = config.get('common_domain_setter_url')
if new_common_domain_setter_url != old_common_domain_setter_url:
old_domain = None
new_domain = None
@@ -1381,246 +1437,10 @@ class SettingsDirectory(Directory):
except OSError:
pass
fn = os.path.join(new_domain_dir, 'common_cookie')
- open(fn, 'w').write(get_publisher().app_dir)
+ open(fn, 'w').write(dir)
get_publisher().write_cfg()
- def get_key_descriptors(self):
- idp_keys = {}
- dir = get_publisher().app_dir
-
- publickey_fn = os.path.join(dir, 'public-key.pem')
- signing_pem_key = ''
- if os.path.exists(publickey_fn):
- signing_pem_key = file(publickey_fn).read()
-
- encryption_publickey_fn = os.path.join(get_publisher().app_dir, 'encryption-public-key.pem')
- encryption_pem_key = ''
- if os.path.exists(encryption_publickey_fn):
- encryption_pem_key = file(encryption_publickey_fn).read()
-
- for key_type in ('signing', 'encryption'):
- if key_type == 'signing':
- pem_key = signing_pem_key
- else:
- pem_key = encryption_pem_key
- if 'CERTIF' in pem_key:
- start = '-----BEGIN CERTIFICATE-----'
- i = pem_key.find(start)
- j = pem_key.find('-----END CERTIFICATE-----')
- if i and j:
- pem_key = pem_key[i+len(start):j].strip()
- else:
- pem_key = 'bad certficate file'
- idp_keys[key_type] = """
- <KeyDescriptor use="%s">
- <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
- <ds:X509Data><ds:X509Certificate>%s</ds:X509Certificate></ds:X509Data>
- </ds:KeyInfo>
- </KeyDescriptor>""" % (key_type, pem_key)
- elif 'KEY' in pem_key:
- # FIXME: format for RSA key is <RSAKeyValue><Modulus/><Exponent/></RSAKeyValue>
- # need to fix lasso also
- start = '-----BEGIN PUBLIC KEY-----'
- i = pem_key.find(start)
- j = pem_key.find('-----END PUBLIC KEY-----')
- if i and j:
- pem_key = pem_key[i+len(start):j].strip()
- else:
- pem_key = 'bad public key file'
- idp_keys[key_type] = """
- <KeyDescriptor use="%s">
- <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
- <ds:KeyValue>%s</ds:KeyValue>
- </ds:KeyInfo>
- </KeyDescriptor>""" % (key_type, pem_key)
- else:
- idp_keys[key_type] = ''
-
- return idp_keys
-
- def get_metadata(self):
- key_descriptors = self.get_key_descriptors()
-
- prologue = """<?xml version="1.0"?>
-<EntityDescriptor
- providerID="%(providerid)s"
- xmlns="urn:liberty:metadata:2003-08">""" % get_publisher().cfg['idp']
-
- idp_head = """
- <IDPDescriptor protocolSupportEnumeration="urn:liberty:iff:2003-08">"""
- idp_body = """
- <SoapEndpoint>%(base_soap_url)s/soapEndpoint</SoapEndpoint>
-
- <SingleLogoutServiceURL>%(base_url)s/singleLogout</SingleLogoutServiceURL>
- <SingleLogoutServiceReturnURL>%(base_url)s/singleLogoutReturn</SingleLogoutServiceReturnURL>
-
- <FederationTerminationServiceURL>%(base_url)s/federationTermination</FederationTerminationServiceURL>
- <FederationTerminationServiceReturnURL>%(base_url)s/federationTerminationReturn</FederationTerminationServiceReturnURL>
- <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-soap</FederationTerminationNotificationProtocolProfile>
- <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-http</FederationTerminationNotificationProtocolProfile>
- <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-soap</FederationTerminationNotificationProtocolProfile>
- <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-http</FederationTerminationNotificationProtocolProfile>
-
- <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</SingleLogoutProtocolProfile>
- <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-http</SingleLogoutProtocolProfile>
- <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-sp-soap</SingleLogoutProtocolProfile>
- <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-sp-http</SingleLogoutProtocolProfile>
-
- <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-idp-soap</RegisterNameIdentifierProtocolProfile>
- <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-idp-http</RegisterNameIdentifierProtocolProfile>
- <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-soap</RegisterNameIdentifierProtocolProfile>
- <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-http</RegisterNameIdentifierProtocolProfile>
- <RegisterNameIdentifierServiceURL>%(base_url)s/registerNameIdentifier</RegisterNameIdentifierServiceURL>
- <RegisterNameIdentifierServiceReturnURL>%(base_url)s/registerNameIdentifierReturn</RegisterNameIdentifierServiceReturnURL>
-
- <SingleSignOnServiceURL>%(base_url)s/singleSignOn</SingleSignOnServiceURL>
- <SingleSignOnProtocolProfile>http://projectliberty.org/profiles/brws-art</SingleSignOnProtocolProfile>
- <SingleSignOnProtocolProfile>http://projectliberty.org/profiles/brws-post</SingleSignOnProtocolProfile>
-
- </IDPDescriptor>""" % get_publisher().cfg['idp']
-
- idp = '\n'.join([idp_head, key_descriptors['signing'], key_descriptors['encryption'], idp_body])
-
- if get_publisher().cfg['idp'].get('idff_proxy'):
- sp_head = """
- <SPDescriptor protocolSupportEnumeration="urn:liberty:iff:2003-08">"""
- sp_body = """
- <SoapEndpoint>%(base_soap_url)s/proxySoapEndpoint</SoapEndpoint>
-
- <SingleLogoutServiceURL>%(base_url)s/proxySingleLogout</SingleLogoutServiceURL>
- <SingleLogoutServiceReturnURL>%(base_url)s/proxySingleLogoutReturn</SingleLogoutServiceReturnURL>
-
- <FederationTerminationServiceURL>%(base_url)s/proxyFederationTermination</FederationTerminationServiceURL>
- <FederationTerminationServiceReturnURL>%(base_url)s/proxyFederationTerminationReturn</FederationTerminationServiceReturnURL>
- <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-soap</FederationTerminationNotificationProtocolProfile>
- <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-http</FederationTerminationNotificationProtocolProfile>
- <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-soap</FederationTerminationNotificationProtocolProfile>
- <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-http</FederationTerminationNotificationProtocolProfile>
-
- <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</SingleLogoutProtocolProfile>
- <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-http</SingleLogoutProtocolProfile>
- <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-sp-soap</SingleLogoutProtocolProfile>
- <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-sp-http</SingleLogoutProtocolProfile>
-
- <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-idp-soap</RegisterNameIdentifierProtocolProfile>
- <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-idp-http</RegisterNameIdentifierProtocolProfile>
- <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-soap</RegisterNameIdentifierProtocolProfile>
- <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-http</RegisterNameIdentifierProtocolProfile>
- <RegisterNameIdentifierServiceURL>%(base_url)s/proxyRegisterNameIdentifier</RegisterNameIdentifierServiceURL>
- <RegisterNameIdentifierServiceReturnURL>%(base_url)s/proxyRegisterNameIdentifierReturn</RegisterNameIdentifierServiceReturnURL>
-
- <AssertionConsumerServiceURL id="AssertionConsumerServiceURL1" isDefault="true">%(base_url)s/proxyAssertionConsumer</AssertionConsumerServiceURL>
-
- <AuthnRequestsSigned>true</AuthnRequestsSigned>
-
- </SPDescriptor>""" % get_publisher().cfg['idp']
-
- sp = '\n'.join([sp_head, key_descriptors['signing'], key_descriptors['encryption'], sp_body])
- else:
- sp = ''
-
- if get_publisher().cfg['idp'].get('organization_name'):
- epilogue = """
- <Organization>
- <OrganizationName>%s</OrganizationName>
- <OrganizationDisplayName xml:lang="en"></OrganizationDisplayName>
- <OrganizationURL xml:lang="en"></OrganizationURL>
- </Organization>
-
-</EntityDescriptor>""" % unicode(
- get_publisher().cfg['idp']['organization_name'], 'iso-8859-1').encode('utf-8')
- else:
- epilogue = '</EntityDescriptor>'
-
- return '\n'.join([prologue, idp, sp, epilogue])
-
-
- def get_saml2_metadata(self):
- key_descriptors = self.get_key_descriptors()
-
- prologue = """<?xml version="1.0"?>
-<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
- xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
- xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
- entityID="%(saml2_providerid)s">""" % get_publisher().cfg['idp']
-
- idp_head = """
- <IDPSSODescriptor
- WantAuthnRequestsSigned="true"
- protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">"""
- idp_body = """
- <ArtifactResolutionService isDefault="true" index="0"
- Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
- Location="%(saml2_base_soap_url)s/artifact" />
- <SingleLogoutService
- Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
- Location="%(saml2_base_soap_url)s/singleLogoutSOAP" />
- <SingleLogoutService
- Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
- Location="%(saml2_base_url)s/singleLogout"
- ResponseLocation="%(saml2_base_url)s/singleLogoutReturn" />
- <ManageNameIDService
- Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
- Location="%(saml2_base_soap_url)s/manageNameIdSOAP" />
- <ManageNameIDService
- Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
- Location="%(saml2_base_url)s/manageNameId"
- ResponseLocation="%(saml2_base_url)s/manageNameIdReturn" />
- <SingleSignOnService
- Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
- Location="%(saml2_base_url)s/singleSignOn" />
- <SingleSignOnService
- Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
- Location="%(saml2_base_soap_url)s/singleSignOnSOAP" />
- </IDPSSODescriptor>""" % get_publisher().cfg['idp']
-
- idp = '\n'.join([idp_head, key_descriptors['signing'], key_descriptors['encryption'], idp_body])
-
- if get_publisher().cfg['idp'].get('idff_proxy'):
- sp_head = """
- <SPSSODescriptor
- AuthnRequestsSigned="true"
- protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">"""
-
- sp_body = """
- <SingleLogoutService
- Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
- Location="%(saml2_base_url)s/proxySingleLogoutSOAP" />
- <SingleLogoutService
- Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
- Location="%(saml2_base_url)s/proxySingleLogout"
- ResponseLocation="%(saml2_base_url)s/proxySingleLogoutReturn" />
- <AssertionConsumerService isDefault="true" index="0"
- Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
- Location="%(saml2_base_url)s/proxySingleSignOnArtifact" />
- <AssertionConsumerService index="1"
- Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
- Location="%(saml2_base_url)s/proxySingleSignOnPost" />
- <AssertionConsumerService index="2"
- Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
- Location="%(saml2_base_url)s/proxySingleSignOnRedirect" />
- </SPSSODescriptor>""" % get_publisher().cfg['idp']
-
- sp = '\n'.join([sp_head, key_descriptors['signing'], key_descriptors['encryption'], sp_body])
- else:
- sp = ''
-
- if get_publisher().cfg['idp'].get('organization_name'):
- epilogue = """
- <Organization>
- <OrganizationName xml:lang="en">%s</OrganizationName>
- <OrganizationDisplayName xml:lang="en"></OrganizationDisplayName>
- <OrganizationURL xml:lang="en"></OrganizationURL>
- </Organization>
-
-</EntityDescriptor>""" % unicode(
- get_publisher().cfg['idp']['organization_name'], 'iso-8859-1').encode('utf-8')
- else:
- epilogue = '</EntityDescriptor>'
-
- return '\n'.join([prologue, idp, sp, epilogue])
-
def debug_options [html] (self):
form = Form(enctype='multipart/form-data')
debug_cfg = get_cfg('debug', {})