[settings] add SIGNATURE to the key name for SAML public and private key settings
The presence of the SIGNATURE word in the key name will prevent the private key to be shown in the debug pages. It prevents the accidental publishing of your private key on the web.
This commit is contained in:
parent
2a68b7ac2c
commit
c95c3ddfb1
|
@ -1,6 +1,6 @@
|
|||
= Add to settings =
|
||||
|
||||
SAML_PRIVATE_KEY = *your_key*
|
||||
SAML_SIGNATURE_PRIVATE_KEY = *your_key*
|
||||
INSTALLED_APPS += ('*project*.authsaml2', '*project*.authsaml2.saml',)
|
||||
AUTHENTICATION_BACKENDS = (
|
||||
'django.contrib.auth.backends.ModelBackend',
|
||||
|
|
|
@ -55,7 +55,7 @@ metadata_map = (
|
|||
lasso.SAML2_METADATA_BINDING_REDIRECT ,
|
||||
'/manageNameId', '/manageNameIdReturn'),
|
||||
)
|
||||
metadata_options = { 'key': settings.SAML_SIGNING_KEY }
|
||||
metadata_options = { 'key': settings.SAML_SIGNATURE_PUBLIC_KEY }
|
||||
|
||||
def metadata(request):
|
||||
'''Endpoint to retrieve the metadata file'''
|
||||
|
|
|
@ -55,7 +55,7 @@ metadata_map = (
|
|||
(saml2utils.Saml2Metadata.SINGLE_LOGOUT_SERVICE, soap_bindings, '/slo/soap'),
|
||||
(saml2utils.Saml2Metadata.ARTIFACT_RESOLUTION_SERVICE, lasso.SAML2_METADATA_BINDING_SOAP, '/artifact')
|
||||
)
|
||||
metadata_options = { 'key': settings.SAML_SIGNING_KEY }
|
||||
metadata_options = { 'key': settings.SAML_SIGNATURE_PUBLIC_KEY }
|
||||
|
||||
def metadata(request):
|
||||
'''Endpoint to retrieve the metadata file'''
|
||||
|
|
|
@ -90,7 +90,7 @@ def create_saml2_server(request, metadata, idp_map=None, sp_map=None, options={}
|
|||
'''Create a lasso Server object for using with a profile'''
|
||||
server = lasso.Server.newFromBuffers(get_saml2_metadata(request, metadata,
|
||||
idp_map=idp_map, sp_map=sp_map, options=options),
|
||||
settings.SAML_PRIVATE_KEY)
|
||||
settings.SAML_SIGNATURE_PRIVATE_KEY)
|
||||
if not server:
|
||||
raise Exception('Cannot create LassoServer object')
|
||||
return server
|
||||
|
@ -174,13 +174,13 @@ def get_idff12_metadata(request, metadata):
|
|||
'SoapEndpoint': '/soap',
|
||||
'SingleSignOn': (('/sso',), sso_protocol_profiles)
|
||||
}
|
||||
options = { 'key': settings.SAML_SIGNING_KEY }
|
||||
options = { 'key': settings.SAML_SIGNATURE_PUBLIC_KEY }
|
||||
metagen.add_idp_descriptor(map, options)
|
||||
return str(metagen)
|
||||
|
||||
def create_idff12_server(request, metadata):
|
||||
server = lasso.Server.newFromBuffers(get_idff12_metadata(request,
|
||||
metadata), settings.SAML_PRIVATE_KEY)
|
||||
metadata), settings.SAML_SIGNATURE_PRIVATE_KEY)
|
||||
if not server:
|
||||
raise Exception('Cannot create LassoServer object')
|
||||
return server
|
||||
|
|
|
@ -179,7 +179,7 @@ IDP_BACKENDS = [ ]
|
|||
IDP_SAML2 = True
|
||||
|
||||
# You MUST changes these keys, they are just for testing !
|
||||
SAML_SIGNING_KEY = '''-----BEGIN CERTIFICATE-----
|
||||
SAML_SIGNATURE_PUBLIC_KEY = '''-----BEGIN CERTIFICATE-----
|
||||
MIIDIzCCAgugAwIBAgIJANUBoick1pDpMA0GCSqGSIb3DQEBBQUAMBUxEzARBgNV
|
||||
BAoTCkVudHJvdXZlcnQwHhcNMTAxMjE0MTUzMzAyWhcNMTEwMTEzMTUzMzAyWjAV
|
||||
MRMwEQYDVQQKEwpFbnRyb3V2ZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
|
||||
|
@ -199,7 +199,7 @@ JumlBc6IViKhJeo1wiBBrVRIIkKKevHKQzteK8pWm9CYWculxT26TZ4VWzGbo06j
|
|||
o2zbumirrLLqnt1gmBDvDvlOwC/zAAyL4chbz66eQHTiIYZZvYgy
|
||||
-----END CERTIFICATE-----'''
|
||||
|
||||
SAML_PRIVATE_KEY = '''-----BEGIN RSA PRIVATE KEY-----
|
||||
SAML_SIGNATURE_PRIVATE_KEY = '''-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEAvxFkfPdndlGgQPDZgFGXbrNAc/79PULZBuNdWFHDD9P5hNhZ
|
||||
n9Kqm4Cp06Pe/A6u+g5wLnYvbZQcFCgfQAEzziJtb3J55OOlB7iMEI/T2AX2WzrU
|
||||
H8QT8NGhABONKU2Gg4XiyeXNhH5R7zdHlUwcWq3ZwNbtbY0TVc+n665EbrfV/59x
|
||||
|
|
Loading…
Reference in New Issue