Initial import

.gitignore

@@ -0,0 +1,6 @@
+*.pyc
+*.pyo
+*.db
+.*.swp
+*.egg-info
+mandaye.log

cam/__init__.py

@@ -0,0 +1 @@
+VERSION="0.1"

cam/config.py

@@ -0,0 +1,88 @@
+
+import logging
+import os
+
+_PROJECT_PATH = os.path.join(os.path.dirname(__file__), '..')
+
+# Choose storage
+# Only mandaye.backends.sql at the moment
+storage_backend = "mandaye.backends.sql"
+
+## SQL Backend config
+# Database configuration
+# rfc 1738 http://rfc.net/rfc1738.html
+db_url = 'sqlite:///' + os.path.join(_PROJECT_PATH, 'test.db')
+
+# Needed if ssl is activated
+ssl = False
+keyfile = ''
+certfile = ''
+
+# Log configuration
+debug = False
+syslog = False
+log_file = os.path.join(_PROJECT_PATH, 'cam/mandaye_cam.log')
+log_level = logging.INFO
+
+# Log rotation
+# W[0-6] : weekly (0: Monday), D: day, ... (python doc)
+log_when = 'W6'
+# Every week
+log_interval = 1
+# BackupCount (keep one year of log)
+log_backup = 52
+
+# Template directory
+template_directory = os.path.join(_PROJECT_PATH, 'cam/templates')
+# Static folder
+static_root = os.path.join(_PROJECT_PATH, 'cam/static')
+# Data dir
+data_dir = os.path.join(_PROJECT_PATH, 'data')
+
+# Email notification configuration
+email_notification = False
+smtp_host = 'localhost'
+smtp_port = 25
+email_from = 'traceback@entrouvert.com'
+email_to = ['admin@localhost']
+
+# Use long traceback with xtraceback
+use_long_trace = True
+
+# Ask Mandaye to auto decompress a response message
+# Decompress response only if you load a filter
+auto_decompress = True
+
+# Encrypt service provider passwords with a secret
+# You should install pycypto to use this feature
+encrypt_sp_password = False
+# Must be a 16, 24, or 32 bytes long
+encrypt_secret = ''
+
+hosts = {
+        'linuxfr.local:8000': [
+            {'path': r'/',
+                'target': 'http://linuxfr.org',
+                'mapping': 'mandaye.configs.linuxfr_saml_example.linuxfr_mapping'
+                },
+            { 'path': r'/static',
+                'static': static_root
+                }
+            ],
+        }
+
+# beaker session configuration
+session_opts = {
+    'session.type': 'file',
+    'session.cookie_expires': True,
+    'session.timeout': 3600,
+    'session.data_dir': '/var/tmp/beaker'
+}
+
+# Import local config
+try:
+    from cam.local_config import *
+except ImportError, e:
+    if not 'local_config' in e.args[0]:
+        raise ImproperlyConfigured('Error while importing "local_config.py"')
+

cam/configs/linuxfr_saml_example.py

@@ -0,0 +1,50 @@
+
+from mandaye.auth.saml2 import SAML2Auth
+from mandaye.filters.replay import ReplayFilter
+from mandaye.configs import saml2 as saml2_config
+
+form_values = {
+        'form_url': '/compte/connexion',
+        'form_attrs': { 'id': 'new_account' },
+        'post_fields': ['account[login]', 'account[password]'],
+        'username_field': 'account[login]',
+        'password_field': 'account[password]',
+}
+
+auth = SAML2Auth(form_values, 'linuxfr', saml2_config)
+saml_mapping = auth.get_default_mapper()
+
+linuxfr_mapping = saml_mapping.extend(
+        [
+            {
+                'path': r'/mandaye/associate$',
+                'method': 'GET',
+                'on_response': [{
+                    'filter': ReplayFilter.associate,
+                    'values': {
+                        'action': '/mandaye/associate',
+                        'template': 'associate.html',
+                        'sp_name': 'Linux FR',
+                        'login_name': form_values['username_field'],
+                        'password_name': form_values['password_field'],
+                        },
+                    },]
+                },
+            {
+                'path':  r'/mandaye/associate$',
+                'method': 'POST',
+                'response': [
+                    {
+                        'filter': auth.associate_submit,
+                        'values': {
+                            'connection_url': '/mandaye/sso',
+                            'associate_url': '/mandaye/associate',
+                            },
+                        'condition': "response.code==302"
+                        },
+                    ]
+                },
+            ]
+        )
+
+

cam/mandaye_cam.log

@@ -0,0 +1,543 @@
+2013-05-23 10:57:25 INFO CAM rp start
+2013-05-23 10:57:33 INFO [d2d9c280daf892eb837bd6b41f9d1e0a] Client 127.0.0.1 - GET http://linuxfr.local:8000/mandaye/sso
+2013-05-23 10:57:35 INFO [d2d9c280daf892eb837bd6b41f9d1e0a] 302 redirect to http://www.identity-hub.net/idp/saml2/sso?SAMLRequest=fVJdb4IwFP0rpO9QEJikERKcmpnsg0yzh70sFepsUlrWe5nz36%2BgWdyLr6fn5HzczoC3qmNljwf9Kr56Aej9tEoDGx9y0lvNDAcJTPNWAMOabcqnRzYJQtZZg6Y2ilxJbis4gLAojSbeepGTjzhJlslqkU0n89U0XS3nYZSmUXIXl9k0isqIeG%2FCguPnxMmdCKAXaw3INToojGI%2FTP1JvA0zlk5ZnL4Tb%2BE6SM1xVB0QO0bp8XgMZCM0Sjz5h34XaIFUNh0dIk8ogCHeythajEPkZM8ViMGuconlt%2FhDqkvludSN1J%2B32%2B7OJGAP223lVy%2BbLSlmgyMbe9jikk5J3f%2FsbaBMzRXLwjCkLdcNPwnaCuQNRz6j17rZ%2BWrPznG9qIyS9WmI33K8HWhAZOPvRyrrhmkB3SrEK5Uyx3srOLquaHtBaHH2%2FP85il8%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=DcL0OdhmEKiPfh2qgsODjFANRjiZn9n9eA9DelUBe1DRQy%2B3DKNx%2FbaItdSk5KdFk%2FbFh7hc8Ukkc6snnI8XhljFwtfcdzEAcoxD0rKS7y%2Fka%2FEBGpLOid5QNe6GAwzlZVcwXVz%2BlKD9Dh9OPN8KHdfwimeMXaQjfcjXrGlm2sU5jIXEBYbGJEnXMvbQWb%2FaRwAX9xmX%2FkMP1Xft6s7dc9tQqeihXn1vje8V2uOQfgSfUjCFuLda4DYtpUStS57gDvlcdK7idR9B7AJ5grzHAJm1mXw4Wgw9y9wTg8eYEqt8ZN7ZwJp8L0BZoluaiBSNZ2eJQKKFbFddycxLZrJ9rw%3D%3D
+2013-05-23 10:58:19 INFO CAM rp start
+2013-05-23 10:59:21 INFO CAM rp start
+2013-05-23 10:59:39 INFO [de5fa5344844ede5e8e7c4b7681c87c9] Client 127.0.0.1 - POST http://linuxfr.local:8000/mandaye/singleSignOnPost
+2013-05-23 10:59:39 INFO [de5fa5344844ede5e8e7c4b7681c87c9] 302 redirect to /mandaye/login
+2013-05-23 10:59:39 INFO [c9a8681c95b6be9a5d53db82c852c47e] Client 127.0.0.1 - GET http://linuxfr.local:8000/mandaye/login
+2013-05-23 10:59:39 ERROR [c9a8681c95b6be9a5d53db82c852c47e] 500 /mandaye/login: Unhandled exception, Traceback (most recent call last):
+  File "../mandaye/mandaye/server.py", line 121, in MandayeApp.__call__
+    self = <mandaye.server.MandayeApp object at 0x3041e10>
+    env = {
+        'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
+        'HTTP_ACCEPT_CHARSET': 'ISO-8859-1,utf-8;q=0.7,*;q=0.3',
+        'HTTP_ACCEPT_ENCODING': 'gzip,deflate,sdch',
+        'HTTP_ACCEPT_LANGUAGE': 'fr-FR,en-US;q=0.8,en;q=0.6',
+        'HTTP_CACHE_CONTROL': 'max-age=0',
+        'HTTP_CONNECTION': 'keep-alive',
+        'HTTP_COOKIE': 'linuxfr.org_session=BAh7B0kiD3Nlc3Npb25faWQGOgZFRkkiJTRlNzlkM2U1ZGU1NjMzZGY1NmE5NzliNDYyZTRhOWM0BjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMUlCaFJZR1JITkY0ZUdZSGd1QUs2dFV4bURBVzZOQVRSOVpkZkZla0xIbFk9BjsARg%3D%3D--e823a9bade51087980a08a5eec9fe83ebf36fdce; beaker.session.id=70db1e12f73b4412a269861b562b2f76',
+        'HTTP_HOST': 'linuxfr.local:8000',
+        'HTTP_REFERER': 'http://www.identity-hub.net/idp/saml2/continue?nonce=_344E4FD872BF75FEB01551463A8711A1&consent_attribute_answer=accepted',
+        'HTTP_USER_AGENT': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31',
+        'PATH_INFO': '/mandaye/login',
+        'QUERY_STRING': '',
+        'RAW_URI': '/mandaye/login',
+        'REMOTE_ADDR': '127.0.0.1',
+        'REMOTE_PORT': '52431',
+        'REQUEST_METHOD': 'GET',
+        'SCRIPT_NAME': '',
+        'SERVER_NAME': 'linuxfr.local',
+        'SERVER_PORT': '8000',
+        'SERVER_PROTOCOL': 'HTTP/1.1',
+        'SERVER_SOFTWARE': 'gunicorn/0.15.0',
+        'beaker.get_session': <bound method SessionMiddleware._get_session of <beaker.middleware.SessionMiddleware object at 0x3041e50>>,
+        'beaker.session': {'unique_id': '_E747E9A3EC6A3DD86C0AEDCF1D84F1A0', 'request_id': '_344E4FD872BF75FEB01551463A8711A1', 'attributes': {'__nameid': '_E747E9A3EC6A3DD86C0AEDCF1D84F1A0', (u'email', u'urn:oasis:names:tc:SAML:2.0:attrname-format:basic'): [u'jschneider@entrouvert.com'], (u'gn', u'urn:oasis:names:tc:SAML:2.0:attrname-format:basic'): [u'J\xe9r\xf4me'], (u'sn', u'urn:oasis:names:tc:SAML:2.0:attrname-format:basic'): [u'Schneider'], '__issuer': 'http://www.identity-hub.net/idp/saml2/metadata'}, 'validated': True, '_accessed_time': 1369299579.869553, '_creation_time': 1369299455.90213},
+        'gunicorn.socket': <socket._socketobject object at 0x3486670>,
+        'mandaye.scheme': 'http',
+        'mandaye.uuid': 'c9a8681c95b6be9a5d53db82c852c47e',
+        'target': ParseResult(scheme='http', netloc='linuxfr.org', path='', params='', query='', fragment=''),
+        'wsgi.errors': <open file '<stderr>', mode 'w' at 0x7f2e4f7f61e0>,
+        'wsgi.file_wrapper': <class gunicorn.http.wsgi.FileWrapper at 0x7f2e4ce91188>,
+        'wsgi.input': <gunicorn.http.body.Body object at 0x349d1d0>,
+        'wsgi.multiprocess': False,
+        'wsgi.multithread': False,
+        'wsgi.run_once': False,
+        'wsgi.url_scheme': 'http',
+        'wsgi.version': (1, 0),
+        }
+    start_response = <function session_start_response at 0x3042758>
+     119 if not response:
+     120     if self.dispatcher:
+---> 121         response = self.on_request(start_response)
+                 e = OperationalError('(OperationalError) no such table: idp_user',)
+                 local_host = 'linuxfr.local:8000'
+                 mapper = {
+                     'path': '/static',
+                     'static': '/home/jschneider/apps/mandaye-cam/cam/../cam/static',
+                     }
+                 path_info = '/mandaye/login'
+                 response = []
+     122     else:
+     123         response = self.on_response(start_response, _404(env['PATH_INFO']))
+  File "../mandaye/mandaye/server.py", line 179, in MandayeApp.on_request
+    self = <mandaye.server.MandayeApp object at 0x3041e10>
+    start_response = <function session_start_response at 0x3042758>
+     177             _500(self.env["PATH_INFO"], "Empty request"))
+     178 if not request.target:
+---> 179     response = self.dispatcher.get_response(request)
+             request = <HTTPRequest {'msg': None, 'headers': {'accept-language': ['fr-FR,en-US;q=0.8,en;q=0.6'], 'accept-encoding': ['gzip,deflate,sdch'], 'x-forwarded-host': ['linuxfr.local:8000'], 'x-forwarded-for': ['127.0.0.1'], 'accept': ['text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'], 'user-agent': ['Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31'], 'accept-charset': ['ISO-8859-1,utf-8;q=0.7,*;q=0.3'], 'connection': ['keep-alive'], 'referer': ['http://www.identity-hub.net/idp/saml2/continue?nonce=_344E4FD872BF75FEB01551463A8711A1&consent_attribute_answer=accepted'], 'cache-control': ['max-age=0']}, 'cookies': <BaseCookie: beaker.session.id='70db1e12f73b4412a269861b562b2f76' linuxfr.org_session='BAh7B0kiD3Nlc3Npb25faWQGOgZFRkkiJTRlNzlkM2U1ZGU1NjMzZGY1NmE5NzliNDYyZTRhOWM0BjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMUlCaFJZR1JITkY0ZUdZSGd1QUs2dFV4bURBVzZOQVRSOVpkZkZla0xIbFk9BjsARg%3D%3D--e823a9bade51087980a08a5eec9fe83ebf36fdce'>, 'req_method': 'GET', 'target': None}>
+     180 else:
+     181     response = get_response(self.env, request, request.target)
+  File "../mandaye/mandaye/dispatcher.py", line 132, in Dispatcher.get_response
+    self = <mandaye.dispatcher.Dispatcher object at 0x349d150>
+    request = <ref offset=-1>
+     130 logger.debug("Loading response hook(s)")
+     131 for hook in self.req_mapping['response']:
+---> 132     new_response = self._call_hook(hook, request, response)
+             hook = {
+                 'condition': 'response.code==302',
+                 'filter': <bound method SAML2Auth.login of <mandaye.auth.saml2.SAML2Auth object at 0x33fc050>>,
+                 'values': {'associate_url': '/mandaye/associate',
+                 }
+     133     if new_response:
+     134         response = new_response
+  File "../mandaye/mandaye/dispatcher.py", line 97, in Dispatcher._call_hook
+    self = <mandaye.dispatcher.Dispatcher object at 0x349d150>
+    hook = <ref offset=-1>
+    *args = (
+        <HTTPRequest {'msg': None, 'headers': {'accept-language': ['fr-FR,en-US;q=0.8,en;q=0.6'], 'accept-encoding': ['gzip,deflate,sdch'], 'x-forwarded-host': ['linuxfr.local:8000'], 'x-forwarded-for': ['127.0.0.1'], 'accept': ['text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'], 'user-agent': ['Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31'], 'accept-charset': ['ISO-8859-1,utf-8;q=0.7,*;q=0.3'], 'connection': ['keep-alive'], 'referer': ['http://www.identity-hub.net/idp/saml2/continue?nonce=_344E4FD872BF75FEB01551463A8711A1&consent_attribute_answer=accepted'], 'cache-control': ['max-age=0']}, 'cookies': <BaseCookie: beaker.session.id='70db1e12f73b4412a269861b562b2f76' linuxfr.org_session='BAh7B0kiD3Nlc3Npb25faWQGOgZFRkkiJTRlNzlkM2U1ZGU1NjMzZGY1NmE5NzliNDYyZTRhOWM0BjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMUlCaFJZR1JITkY0ZUdZSGd1QUs2dFV4bURBVzZOQVRSOVpkZkZla0xIbFk9BjsARg%3D%3D--e823a9bade51087980a08a5eec9fe83ebf36fdce'>, 'req_method': 'GET', 'target': None}>,
+        None,
+        )
+      95     values = dict()
+      96 if hook.has_key('condition'):
+----> 97     return hook['filter'](self.env, values, hook['condition'], *args)
+             values = {'associate_url': '/mandaye/associate'}
+      98 else:
+      99     return hook['filter'](self.env, values, *args)
+  File "../mandaye/mandaye/auth/authform.py", line 280, in AuthForm.login
+    self = <mandaye.auth.saml2.SAML2Auth object at 0x33fc050>
+    env = <ref offset=-4>
+    values = {'associate_url': '/mandaye/associate'}
+    condition = 'response.code==302'
+    request = <ref offset=-3>
+    response = None
+     278 logger.debug('User %s successfully login' % env['beaker.session']['unique_id'])
+     279 
+---> 280 idp_user = backend.ManagerIDPUser.get_or_create(unique_id)
+         unique_id = '_E747E9A3EC6A3DD86C0AEDCF1D84F1A0'
+     281 service_provider = backend.ManagerServiceProvider.get_or_create(self.site_name)
+     282 sp_user = backend.ManagerSPUser.get_last_connected(idp_user, service_provider)
+  File "../mandaye/mandaye/backends/sql.py", line 35, in get_or_create
+    unique_id = '_E747E9A3EC6A3DD86C0AEDCF1D84F1A0'
+    idp_id = 'default'
+      33 @staticmethod
+      34 def get_or_create(unique_id, idp_id='default'):
+----> 35     idp_user= ManagerIDPUserSQL.get(unique_id, idp_id)
+      36     if idp_user:
+      37         return idp_user
+  File "../mandaye/mandaye/backends/sql.py", line 14, in get
+    unique_id = '_E747E9A3EC6A3DD86C0AEDCF1D84F1A0'
+    idp_id = 'default'
+      12 idp_user = sql_session().query(IDPUser).\
+      13         filter_by(unique_id=unique_id,
+----> 14                 idp_id='default').all()
+      15 if len(idp_user) > 1:
+      16     logger.critical('ManagerIDPUserSQL.get %s not unique' % unique_id)
+  File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/query.py", line 2115, in Query.all
+    self = <sqlalchemy.orm.query.Query object at 0x34aeed0>
+    2113 
+    2114     """
+--> 2115     return list(self)
+    2116 
+    2117 @_generative(_no_clauseelement_condition)
+  File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/query.py", line 2227, in Query.__iter__
+    self = <sqlalchemy.orm.query.Query object at 0x34aeed0>
+    2225     if self._autoflush and not self._populate_existing:
+    2226         self.session._autoflush()
+--> 2227     return self._execute_and_instances(context)
+             context = <sqlalchemy.orm.query.QueryContext object at 0x349db10>
+    2228 
+    2229 def _connection_from_session(self, **kw):
+  File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/query.py", line 2242, in Query._execute_and_instances
+    self = <sqlalchemy.orm.query.Query object at 0x34aeed0>
+    querycontext = <sqlalchemy.orm.query.QueryContext object at 0x349db10>
+    2240                 close_with_result=True)
+    2241 
+--> 2242 result = conn.execute(querycontext.statement, self._params)
+         conn = <sqlalchemy.engine.base.Connection object at 0x34b1550>
+    2243 return self.instances(result, querycontext)
+    2244 
+  File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 1449, in Connection.execute
+    self = <sqlalchemy.engine.base.Connection object at 0x34b1550>
+    object = <sqlalchemy.sql.expression.Select at 0x34aef10; Select object>
+    *multiparams = (immutabledict({}),)
+    **params = {}
+    1447                                         object,
+    1448                                         multiparams,
+--> 1449                                         params)
+                                                 c = <class 'sqlalchemy.sql.expression.ClauseElement'>
+    1450 else:
+    1451     raise exc.InvalidRequestError(
+  File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 1584, in Connection._execute_clauseelement
+    self = <sqlalchemy.engine.base.Connection object at 0x34b1550>
+    elem = <sqlalchemy.sql.expression.Select at 0x34aef10; Select object>
+    multiparams = (immutabledict({}),)
+    params = {}
+    1582     compiled_sql,
+    1583     distilled_params,
+--> 1584     compiled_sql, distilled_params
+             compiled_sql = <sqlalchemy.dialects.sqlite.base.SQLiteCompiler object at 0x34b1690>
+             dialect = <sqlalchemy.dialects.sqlite.pysqlite.SQLiteDialect_pysqlite object at 0x3041990>
+             distilled_params = [immutabledict({})]
+             keys = []
+    1585 )
+    1586 if self._has_events:
+  File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 1698, in Connection._execute_context
+    self = <sqlalchemy.engine.base.Connection object at 0x34b1550>
+    dialect = <ref offset=-1>
+    constructor = <bound method type._init_compiled of <class 'sqlalchemy.dialects.sqlite.base.SQLiteExecutionContext'>>
+    statement = u'SELECT idp_user.id AS idp_user_id, idp_user.unique_id AS id...'
+    parameters = ('default', '_E747E9A3EC6A3DD86C0AEDCF1D84F1A0')
+    *args = (
+        <sqlalchemy.dialects.sqlite.base.SQLiteCompiler object at 0x34b1690>,
+        [immutabledict({})],
+        )
+    1696                     parameters,
+    1697                     cursor,
+--> 1698                     context)
+                             conn = <sqlalchemy.pool._ConnectionFairy object at 0x3487c18>
+                             context = <sqlalchemy.dialects.sqlite.base.SQLiteExecutionContext object at 0x34b17d0>
+                             cursor = <pysqlite2.dbapi2.Cursor object at 0x3486730>
+                             e = OperationalError('no such table: idp_user',)
+    1699 raise
+    1700 
+  File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 1691, in Connection._execute_context
+    self = <sqlalchemy.engine.base.Connection object at 0x34b1550>
+    dialect = <ref offset=-2>
+    constructor = <ref offset=-1>
+    statement = <ref offset=-1>
+    parameters = ('default', '_E747E9A3EC6A3DD86C0AEDCF1D84F1A0')
+    *args = <ref offset=-1>
+    1689                             statement,
+    1690                             parameters,
+--> 1691                             context)
+                                     conn = <ref offset=-1>
+                                     context = <ref offset=-1>
+                                     cursor = <ref offset=-1>
+                                     e = <ref offset=-1>
+    1692 except Exception, e:
+    1693     self._handle_dbapi_exception(
+  File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/default.py", line 331, in DefaultDialect.do_execute
+    self = <ref offset=-3 name=dialect>
+    cursor = <pysqlite2.dbapi2.Cursor object at 0x3486730>
+    statement = <ref offset=-2>
+    parameters = ('default', '_E747E9A3EC6A3DD86C0AEDCF1D84F1A0')
+    context = <ref offset=-2>
+     329 
+     330 def do_execute(self, cursor, statement, parameters, context=None):
+---> 331     cursor.execute(statement, parameters)
+     332 
+     333 def do_execute_no_params(self, cursor, statement, context=None):
+OperationalError: (OperationalError) no such table: idp_user u'SELECT idp_user.id AS idp_user_id, idp_user.unique_id AS idp_user_unique_id, idp_user.idp_id AS idp_user_idp_id \nFROM idp_user \nWHERE idp_user.idp_id = ? AND idp_user.unique_id = ?' ('default', '_E747E9A3EC6A3DD86C0AEDCF1D84F1A0')
+, env: {'mandaye.scheme': 'http', 'HTTP_REFERER': 'http://www.identity-hub.net/idp/saml2/continue?nonce=_344E4FD872BF75FEB01551463A8711A1&consent_attribute_answer=accepted', 'SERVER_PROTOCOL': 'HTTP/1.1', 'SERVER_SOFTWARE': 'gunicorn/0.15.0', 'SCRIPT_NAME': '', 'beaker.get_session': <bound method SessionMiddleware._get_session of <beaker.middleware.SessionMiddleware object at 0x3041e50>>, 'REMOTE_PORT': '52431', 'wsgi.input': <gunicorn.http.body.Body object at 0x349d1d0>, 'REQUEST_METHOD': 'GET', 'HTTP_HOST': 'linuxfr.local:8000', 'PATH_INFO': '/mandaye/login', 'wsgi.multithread': False, 'QUERY_STRING': '', 'HTTP_CONNECTION': 'keep-alive', 'HTTP_CACHE_CONTROL': 'max-age=0', 'target': ParseResult(scheme='http', netloc='linuxfr.org', path='', params='', query='', fragment=''), 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'HTTP_ACCEPT_CHARSET': 'ISO-8859-1,utf-8;q=0.7,*;q=0.3', 'mandaye.uuid': 'c9a8681c95b6be9a5d53db82c852c47e', 'HTTP_USER_AGENT': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31', 'wsgi.version': (1, 0), 'HTTP_COOKIE': 'linuxfr.org_session=BAh7B0kiD3Nlc3Npb25faWQGOgZFRkkiJTRlNzlkM2U1ZGU1NjMzZGY1NmE5NzliNDYyZTRhOWM0BjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMUlCaFJZR1JITkY0ZUdZSGd1QUs2dFV4bURBVzZOQVRSOVpkZkZla0xIbFk9BjsARg%3D%3D--e823a9bade51087980a08a5eec9fe83ebf36fdce; beaker.session.id=70db1e12f73b4412a269861b562b2f76', 'RAW_URI': '/mandaye/login', 'REMOTE_ADDR': '127.0.0.1', 'wsgi.run_once': False, 'wsgi.errors': <open file '<stderr>', mode 'w' at 0x7f2e4f7f61e0>, 'wsgi.multiprocess': False, 'HTTP_ACCEPT_LANGUAGE': 'fr-FR,en-US;q=0.8,en;q=0.6', 'wsgi.url_scheme': 'http', 'gunicorn.socket': <socket._socketobject object at 0x3486670>, 'beaker.session': {'unique_id': '_E747E9A3EC6A3DD86C0AEDCF1D84F1A0', 'request_id': '_344E4FD872BF75FEB01551463A8711A1', 'attributes': {'__nameid': '_E747E9A3EC6A3DD86C0AEDCF1D84F1A0', (u'email', u'urn:oasis:names:tc:SAML:2.0:attrname-format:basic'): [u'jschneider@entrouvert.com'], (u'gn', u'urn:oasis:names:tc:SAML:2.0:attrname-format:basic'): [u'J\xe9r\xf4me'], (u'sn', u'urn:oasis:names:tc:SAML:2.0:attrname-format:basic'): [u'Schneider'], '__issuer': 'http://www.identity-hub.net/idp/saml2/metadata'}, 'validated': True, '_accessed_time': 1369299579.869553, '_creation_time': 1369299455.90213}, 'SERVER_NAME': 'linuxfr.local', 'SERVER_PORT': '8000', 'wsgi.file_wrapper': <class gunicorn.http.wsgi.FileWrapper at 0x7f2e4ce91188>, 'HTTP_ACCEPT_ENCODING': 'gzip,deflate,sdch'}
+Traceback (most recent call last):
+  File "/home/jschneider/apps/mandaye/mandaye/server.py", line 121, in __call__
+    response = self.on_request(start_response)
+  File "/home/jschneider/apps/mandaye/mandaye/server.py", line 179, in on_request
+    response = self.dispatcher.get_response(request)
+  File "/home/jschneider/apps/mandaye/mandaye/dispatcher.py", line 132, in get_response
+    new_response = self._call_hook(hook, request, response)
+  File "/home/jschneider/apps/mandaye/mandaye/dispatcher.py", line 97, in _call_hook
+    return hook['filter'](self.env, values, hook['condition'], *args)
+  File "/home/jschneider/apps/mandaye/mandaye/auth/authform.py", line 280, in login
+    idp_user = backend.ManagerIDPUser.get_or_create(unique_id)
+  File "/home/jschneider/apps/mandaye/mandaye/backends/sql.py", line 35, in get_or_create
+    idp_user= ManagerIDPUserSQL.get(unique_id, idp_id)
+  File "/home/jschneider/apps/mandaye/mandaye/backends/sql.py", line 14, in get
+    idp_id='default').all()
+  File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/query.py", line 2115, in all
+    return list(self)
+  File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/query.py", line 2227, in __iter__
+    return self._execute_and_instances(context)
+  File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/query.py", line 2242, in _execute_and_instances
+    result = conn.execute(querycontext.statement, self._params)
+  File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 1449, in execute
+    params)
+  File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 1584, in _execute_clauseelement
+    compiled_sql, distilled_params
+  File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 1698, in _execute_context
+    context)
+  File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 1691, in _execute_context
+    context)
+  File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/default.py", line 331, in do_execute
+    cursor.execute(statement, parameters)
+OperationalError: (OperationalError) no such table: idp_user u'SELECT idp_user.id AS idp_user_id, idp_user.unique_id AS idp_user_unique_id, idp_user.idp_id AS idp_user_idp_id \nFROM idp_user \nWHERE idp_user.idp_id = ? AND idp_user.unique_id = ?' ('default', '_E747E9A3EC6A3DD86C0AEDCF1D84F1A0')
+2013-05-23 11:02:58 INFO CAM rp start
+2013-05-23 11:03:01 INFO [ffbe196a81c8aff666939b10ab594b96] Client 127.0.0.1 - GET http://linuxfr.local:8000/mandaye/login
+2013-05-23 11:03:01 ERROR [ffbe196a81c8aff666939b10ab594b96] 500 /mandaye/login: Unhandled exception, Traceback (most recent call last):
+  File "../mandaye/mandaye/server.py", line 121, in MandayeApp.__call__
+    self = <mandaye.server.MandayeApp object at 0x335bd90>
+    env = {
+        'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
+        'HTTP_ACCEPT_CHARSET': 'ISO-8859-1,utf-8;q=0.7,*;q=0.3',
+        'HTTP_ACCEPT_ENCODING': 'gzip,deflate,sdch',
+        'HTTP_ACCEPT_LANGUAGE': 'fr-FR,en-US;q=0.8,en;q=0.6',
+        'HTTP_CACHE_CONTROL': 'max-age=0',
+        'HTTP_CONNECTION': 'keep-alive',
+        'HTTP_COOKIE': 'linuxfr.org_session=BAh7B0kiD3Nlc3Npb25faWQGOgZFRkkiJTRlNzlkM2U1ZGU1NjMzZGY1NmE5NzliNDYyZTRhOWM0BjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMUlCaFJZR1JITkY0ZUdZSGd1QUs2dFV4bURBVzZOQVRSOVpkZkZla0xIbFk9BjsARg%3D%3D--e823a9bade51087980a08a5eec9fe83ebf36fdce; beaker.session.id=70db1e12f73b4412a269861b562b2f76',
+        'HTTP_HOST': 'linuxfr.local:8000',
+        'HTTP_REFERER': 'http://www.identity-hub.net/idp/saml2/continue?nonce=_344E4FD872BF75FEB01551463A8711A1&consent_attribute_answer=accepted',
+        'HTTP_USER_AGENT': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31',
+        'PATH_INFO': '/mandaye/login',
+        'QUERY_STRING': '',
+        'RAW_URI': '/mandaye/login',
+        'REMOTE_ADDR': '127.0.0.1',
+        'REMOTE_PORT': '52441',
+        'REQUEST_METHOD': 'GET',
+        'SCRIPT_NAME': '',
+        'SERVER_NAME': 'linuxfr.local',
+        'SERVER_PORT': '8000',
+        'SERVER_PROTOCOL': 'HTTP/1.1',
+        'SERVER_SOFTWARE': 'gunicorn/0.15.0',
+        'beaker.get_session': <bound method SessionMiddleware._get_session of <beaker.middleware.SessionMiddleware object at 0x3952e50>>,
+        'beaker.session': {'unique_id': '_E747E9A3EC6A3DD86C0AEDCF1D84F1A0', 'request_id': '_344E4FD872BF75FEB01551463A8711A1', 'attributes': {'__nameid': '_E747E9A3EC6A3DD86C0AEDCF1D84F1A0', (u'email', u'urn:oasis:names:tc:SAML:2.0:attrname-format:basic'): [u'jschneider@entrouvert.com'], (u'gn', u'urn:oasis:names:tc:SAML:2.0:attrname-format:basic'): [u'J\xe9r\xf4me'], (u'sn', u'urn:oasis:names:tc:SAML:2.0:attrname-format:basic'): [u'Schneider'], '__issuer': 'http://www.identity-hub.net/idp/saml2/metadata'}, 'validated': True, '_accessed_time': 1369299781.767638, '_creation_time': 1369299455.90213},
+        'gunicorn.socket': <socket._socketobject object at 0x2bf3280>,
+        'mandaye.scheme': 'http',
+        'mandaye.uuid': 'ffbe196a81c8aff666939b10ab594b96',
+        'target': ParseResult(scheme='http', netloc='linuxfr.org', path='', params='', query='', fragment=''),
+        'wsgi.errors': <open file '<stderr>', mode 'w' at 0x7f57a737b1e0>,
+        'wsgi.file_wrapper': <class gunicorn.http.wsgi.FileWrapper at 0x2bf4188>,
+        'wsgi.input': <gunicorn.http.body.Body object at 0x3958110>,
+        'wsgi.multiprocess': False,
+        'wsgi.multithread': False,
+        'wsgi.run_once': False,
+        'wsgi.url_scheme': 'http',
+        'wsgi.version': (1, 0),
+        }
+    start_response = <function session_start_response at 0x3953758>
+     119 if not response:
+     120     if self.dispatcher:
+---> 121         response = self.on_request(start_response)
+                 e = OperationalError('(OperationalError) no such table: idp_user',)
+                 local_host = 'linuxfr.local:8000'
+                 mapper = {
+                     'path': '/static',
+                     'static': '/home/jschneider/apps/mandaye-cam/cam/../cam/static',
+                     }
+                 path_info = '/mandaye/login'
+                 response = []
+     122     else:
+     123         response = self.on_response(start_response, _404(env['PATH_INFO']))
+  File "../mandaye/mandaye/server.py", line 179, in MandayeApp.on_request
+    self = <mandaye.server.MandayeApp object at 0x335bd90>
+    start_response = <function session_start_response at 0x3953758>
+     177             _500(self.env["PATH_INFO"], "Empty request"))
+     178 if not request.target:
+---> 179     response = self.dispatcher.get_response(request)
+             request = <HTTPRequest {'msg': None, 'headers': {'accept-language': ['fr-FR,en-US;q=0.8,en;q=0.6'], 'accept-encoding': ['gzip,deflate,sdch'], 'x-forwarded-host': ['linuxfr.local:8000'], 'x-forwarded-for': ['127.0.0.1'], 'accept': ['text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'], 'user-agent': ['Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31'], 'accept-charset': ['ISO-8859-1,utf-8;q=0.7,*;q=0.3'], 'connection': ['keep-alive'], 'referer': ['http://www.identity-hub.net/idp/saml2/continue?nonce=_344E4FD872BF75FEB01551463A8711A1&consent_attribute_answer=accepted'], 'cache-control': ['max-age=0']}, 'cookies': <BaseCookie: beaker.session.id='70db1e12f73b4412a269861b562b2f76' linuxfr.org_session='BAh7B0kiD3Nlc3Npb25faWQGOgZFRkkiJTRlNzlkM2U1ZGU1NjMzZGY1NmE5NzliNDYyZTRhOWM0BjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMUlCaFJZR1JITkY0ZUdZSGd1QUs2dFV4bURBVzZOQVRSOVpkZkZla0xIbFk9BjsARg%3D%3D--e823a9bade51087980a08a5eec9fe83ebf36fdce'>, 'req_method': 'GET', 'target': None}>
+     180 else:
+     181     response = get_response(self.env, request, request.target)
+  File "../mandaye/mandaye/dispatcher.py", line 132, in Dispatcher.get_response
+    self = <mandaye.dispatcher.Dispatcher object at 0x3958190>
+    request = <ref offset=-1>
+     130 logger.debug("Loading response hook(s)")
+     131 for hook in self.req_mapping['response']:
+---> 132     new_response = self._call_hook(hook, request, response)
+             hook = {
+                 'condition': 'response.code==302',
+                 'filter': <bound method SAML2Auth.login of <mandaye.auth.saml2.SAML2Auth object at 0x3cfff90>>,
+                 'values': {'associate_url': '/mandaye/associate',
+                 }
+     133     if new_response:
+     134         response = new_response
+  File "../mandaye/mandaye/dispatcher.py", line 97, in Dispatcher._call_hook
+    self = <mandaye.dispatcher.Dispatcher object at 0x3958190>
+    hook = <ref offset=-1>
+    *args = (
+        <HTTPRequest {'msg': None, 'headers': {'accept-language': ['fr-FR,en-US;q=0.8,en;q=0.6'], 'accept-encoding': ['gzip,deflate,sdch'], 'x-forwarded-host': ['linuxfr.local:8000'], 'x-forwarded-for': ['127.0.0.1'], 'accept': ['text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'], 'user-agent': ['Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31'], 'accept-charset': ['ISO-8859-1,utf-8;q=0.7,*;q=0.3'], 'connection': ['keep-alive'], 'referer': ['http://www.identity-hub.net/idp/saml2/continue?nonce=_344E4FD872BF75FEB01551463A8711A1&consent_attribute_answer=accepted'], 'cache-control': ['max-age=0']}, 'cookies': <BaseCookie: beaker.session.id='70db1e12f73b4412a269861b562b2f76' linuxfr.org_session='BAh7B0kiD3Nlc3Npb25faWQGOgZFRkkiJTRlNzlkM2U1ZGU1NjMzZGY1NmE5NzliNDYyZTRhOWM0BjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMUlCaFJZR1JITkY0ZUdZSGd1QUs2dFV4bURBVzZOQVRSOVpkZkZla0xIbFk9BjsARg%3D%3D--e823a9bade51087980a08a5eec9fe83ebf36fdce'>, 'req_method': 'GET', 'target': None}>,
+        None,
+        )
+      95     values = dict()
+      96 if hook.has_key('condition'):
+----> 97     return hook['filter'](self.env, values, hook['condition'], *args)
+             values = {'associate_url': '/mandaye/associate'}
+      98 else:
+      99     return hook['filter'](self.env, values, *args)
+  File "../mandaye/mandaye/auth/authform.py", line 280, in AuthForm.login
+    self = <mandaye.auth.saml2.SAML2Auth object at 0x3cfff90>
+    env = <ref offset=-4>
+    values = {'associate_url': '/mandaye/associate'}
+    condition = 'response.code==302'
+    request = <ref offset=-3>
+    response = None
+     278 logger.debug('User %s successfully login' % env['beaker.session']['unique_id'])
+     279 
+---> 280 idp_user = backend.ManagerIDPUser.get_or_create(unique_id)
+         unique_id = '_E747E9A3EC6A3DD86C0AEDCF1D84F1A0'
+     281 service_provider = backend.ManagerServiceProvider.get_or_create(self.site_name)
+     282 sp_user = backend.ManagerSPUser.get_last_connected(idp_user, service_provider)
+  File "../mandaye/mandaye/backends/sql.py", line 35, in get_or_create
+    unique_id = '_E747E9A3EC6A3DD86C0AEDCF1D84F1A0'
+    idp_id = 'default'
+      33 @staticmethod
+      34 def get_or_create(unique_id, idp_id='default'):
+----> 35     idp_user= ManagerIDPUserSQL.get(unique_id, idp_id)
+      36     if idp_user:
+      37         return idp_user
+  File "../mandaye/mandaye/backends/sql.py", line 14, in get
+    unique_id = '_E747E9A3EC6A3DD86C0AEDCF1D84F1A0'
+    idp_id = 'default'
+      12 idp_user = sql_session().query(IDPUser).\
+      13         filter_by(unique_id=unique_id,
+----> 14                 idp_id='default').all()
+      15 if len(idp_user) > 1:
+      16     logger.critical('ManagerIDPUserSQL.get %s not unique' % unique_id)
+  File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/query.py", line 2115, in Query.all
+    self = <sqlalchemy.orm.query.Query object at 0x3db4290>
+    2113 
+    2114     """
+--> 2115     return list(self)
+    2116 
+    2117 @_generative(_no_clauseelement_condition)
+  File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/query.py", line 2227, in Query.__iter__
+    self = <sqlalchemy.orm.query.Query object at 0x3db4290>
+    2225     if self._autoflush and not self._populate_existing:
+    2226         self.session._autoflush()
+--> 2227     return self._execute_and_instances(context)
+             context = <sqlalchemy.orm.query.QueryContext object at 0x3da8250>
+    2228 
+    2229 def _connection_from_session(self, **kw):
+  File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/query.py", line 2242, in Query._execute_and_instances
+    self = <sqlalchemy.orm.query.Query object at 0x3db4290>
+    querycontext = <sqlalchemy.orm.query.QueryContext object at 0x3da8250>
+    2240                 close_with_result=True)
+    2241 
+--> 2242 result = conn.execute(querycontext.statement, self._params)
+         conn = <sqlalchemy.engine.base.Connection object at 0x3db48d0>
+    2243 return self.instances(result, querycontext)
+    2244 
+  File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 1449, in Connection.execute
+    self = <sqlalchemy.engine.base.Connection object at 0x3db48d0>
+    object = <sqlalchemy.sql.expression.Select at 0x3db42d0; Select object>
+    *multiparams = (immutabledict({}),)
+    **params = {}
+    1447                                         object,
+    1448                                         multiparams,
+--> 1449                                         params)
+                                                 c = <class 'sqlalchemy.sql.expression.ClauseElement'>
+    1450 else:
+    1451     raise exc.InvalidRequestError(
+  File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 1584, in Connection._execute_clauseelement
+    self = <sqlalchemy.engine.base.Connection object at 0x3db48d0>
+    elem = <sqlalchemy.sql.expression.Select at 0x3db42d0; Select object>
+    multiparams = (immutabledict({}),)
+    params = {}
+    1582     compiled_sql,
+    1583     distilled_params,
+--> 1584     compiled_sql, distilled_params
+             compiled_sql = <sqlalchemy.dialects.sqlite.base.SQLiteCompiler object at 0x3db4590>
+             dialect = <sqlalchemy.dialects.sqlite.pysqlite.SQLiteDialect_pysqlite object at 0x39529d0>
+             distilled_params = [immutabledict({})]
+             keys = []
+    1585 )
+    1586 if self._has_events:
+  File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 1698, in Connection._execute_context
+    self = <sqlalchemy.engine.base.Connection object at 0x3db48d0>
+    dialect = <ref offset=-1>
+    constructor = <bound method type._init_compiled of <class 'sqlalchemy.dialects.sqlite.base.SQLiteExecutionContext'>>
+    statement = u'SELECT idp_user.id AS idp_user_id, idp_user.unique_id AS id...'
+    parameters = ('default', '_E747E9A3EC6A3DD86C0AEDCF1D84F1A0')
+    *args = (
+        <sqlalchemy.dialects.sqlite.base.SQLiteCompiler object at 0x3db4590>,
+        [immutabledict({})],
+        )
+    1696                     parameters,
+    1697                     cursor,
+--> 1698                     context)
+                             conn = <sqlalchemy.pool._ConnectionFairy object at 0x3d92940>
+                             context = <sqlalchemy.dialects.sqlite.base.SQLiteExecutionContext object at 0x3db49d0>
+                             cursor = <pysqlite2.dbapi2.Cursor object at 0x3d91570>
+                             e = OperationalError('no such table: idp_user',)
+    1699 raise
+    1700 
+  File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 1691, in Connection._execute_context
+    self = <sqlalchemy.engine.base.Connection object at 0x3db48d0>
+    dialect = <ref offset=-2>
+    constructor = <ref offset=-1>
+    statement = <ref offset=-1>
+    parameters = ('default', '_E747E9A3EC6A3DD86C0AEDCF1D84F1A0')
+    *args = <ref offset=-1>
+    1689                             statement,
+    1690                             parameters,
+--> 1691                             context)
+                                     conn = <ref offset=-1>
+                                     context = <ref offset=-1>
+                                     cursor = <ref offset=-1>
+                                     e = <ref offset=-1>
+    1692 except Exception, e:
+    1693     self._handle_dbapi_exception(
+  File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/default.py", line 331, in DefaultDialect.do_execute
+    self = <ref offset=-3 name=dialect>
+    cursor = <pysqlite2.dbapi2.Cursor object at 0x3d91570>
+    statement = <ref offset=-2>
+    parameters = ('default', '_E747E9A3EC6A3DD86C0AEDCF1D84F1A0')
+    context = <ref offset=-2>
+     329 
+     330 def do_execute(self, cursor, statement, parameters, context=None):
+---> 331     cursor.execute(statement, parameters)
+     332 
+     333 def do_execute_no_params(self, cursor, statement, context=None):
+OperationalError: (OperationalError) no such table: idp_user u'SELECT idp_user.id AS idp_user_id, idp_user.unique_id AS idp_user_unique_id, idp_user.idp_id AS idp_user_idp_id \nFROM idp_user \nWHERE idp_user.idp_id = ? AND idp_user.unique_id = ?' ('default', '_E747E9A3EC6A3DD86C0AEDCF1D84F1A0')
+, env: {'mandaye.scheme': 'http', 'HTTP_REFERER': 'http://www.identity-hub.net/idp/saml2/continue?nonce=_344E4FD872BF75FEB01551463A8711A1&consent_attribute_answer=accepted', 'SERVER_PROTOCOL': 'HTTP/1.1', 'SERVER_SOFTWARE': 'gunicorn/0.15.0', 'SCRIPT_NAME': '', 'beaker.get_session': <bound method SessionMiddleware._get_session of <beaker.middleware.SessionMiddleware object at 0x3952e50>>, 'REMOTE_PORT': '52441', 'wsgi.input': <gunicorn.http.body.Body object at 0x3958110>, 'REQUEST_METHOD': 'GET', 'HTTP_HOST': 'linuxfr.local:8000', 'PATH_INFO': '/mandaye/login', 'wsgi.multithread': False, 'QUERY_STRING': '', 'HTTP_CONNECTION': 'keep-alive', 'HTTP_CACHE_CONTROL': 'max-age=0', 'target': ParseResult(scheme='http', netloc='linuxfr.org', path='', params='', query='', fragment=''), 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'HTTP_ACCEPT_CHARSET': 'ISO-8859-1,utf-8;q=0.7,*;q=0.3', 'mandaye.uuid': 'ffbe196a81c8aff666939b10ab594b96', 'HTTP_USER_AGENT': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31', 'wsgi.version': (1, 0), 'HTTP_COOKIE': 'linuxfr.org_session=BAh7B0kiD3Nlc3Npb25faWQGOgZFRkkiJTRlNzlkM2U1ZGU1NjMzZGY1NmE5NzliNDYyZTRhOWM0BjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMUlCaFJZR1JITkY0ZUdZSGd1QUs2dFV4bURBVzZOQVRSOVpkZkZla0xIbFk9BjsARg%3D%3D--e823a9bade51087980a08a5eec9fe83ebf36fdce; beaker.session.id=70db1e12f73b4412a269861b562b2f76', 'RAW_URI': '/mandaye/login', 'REMOTE_ADDR': '127.0.0.1', 'wsgi.run_once': False, 'wsgi.errors': <open file '<stderr>', mode 'w' at 0x7f57a737b1e0>, 'wsgi.multiprocess': False, 'HTTP_ACCEPT_LANGUAGE': 'fr-FR,en-US;q=0.8,en;q=0.6', 'wsgi.url_scheme': 'http', 'gunicorn.socket': <socket._socketobject object at 0x2bf3280>, 'beaker.session': {'unique_id': '_E747E9A3EC6A3DD86C0AEDCF1D84F1A0', 'request_id': '_344E4FD872BF75FEB01551463A8711A1', 'attributes': {'__nameid': '_E747E9A3EC6A3DD86C0AEDCF1D84F1A0', (u'email', u'urn:oasis:names:tc:SAML:2.0:attrname-format:basic'): [u'jschneider@entrouvert.com'], (u'gn', u'urn:oasis:names:tc:SAML:2.0:attrname-format:basic'): [u'J\xe9r\xf4me'], (u'sn', u'urn:oasis:names:tc:SAML:2.0:attrname-format:basic'): [u'Schneider'], '__issuer': 'http://www.identity-hub.net/idp/saml2/metadata'}, 'validated': True, '_accessed_time': 1369299781.767638, '_creation_time': 1369299455.90213}, 'SERVER_NAME': 'linuxfr.local', 'SERVER_PORT': '8000', 'wsgi.file_wrapper': <class gunicorn.http.wsgi.FileWrapper at 0x2bf4188>, 'HTTP_ACCEPT_ENCODING': 'gzip,deflate,sdch'}
+Traceback (most recent call last):
+  File "/home/jschneider/apps/mandaye/mandaye/server.py", line 121, in __call__
+    response = self.on_request(start_response)
+  File "/home/jschneider/apps/mandaye/mandaye/server.py", line 179, in on_request
+    response = self.dispatcher.get_response(request)
+  File "/home/jschneider/apps/mandaye/mandaye/dispatcher.py", line 132, in get_response
+    new_response = self._call_hook(hook, request, response)
+  File "/home/jschneider/apps/mandaye/mandaye/dispatcher.py", line 97, in _call_hook
+    return hook['filter'](self.env, values, hook['condition'], *args)
+  File "/home/jschneider/apps/mandaye/mandaye/auth/authform.py", line 280, in login
+    idp_user = backend.ManagerIDPUser.get_or_create(unique_id)
+  File "/home/jschneider/apps/mandaye/mandaye/backends/sql.py", line 35, in get_or_create
+    idp_user= ManagerIDPUserSQL.get(unique_id, idp_id)
+  File "/home/jschneider/apps/mandaye/mandaye/backends/sql.py", line 14, in get
+    idp_id='default').all()
+  File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/query.py", line 2115, in all
+    return list(self)
+  File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/query.py", line 2227, in __iter__
+    return self._execute_and_instances(context)
+  File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/query.py", line 2242, in _execute_and_instances
+    result = conn.execute(querycontext.statement, self._params)
+  File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 1449, in execute
+    params)
+  File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 1584, in _execute_clauseelement
+    compiled_sql, distilled_params
+  File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 1698, in _execute_context
+    context)
+  File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/base.py", line 1691, in _execute_context
+    context)
+  File "/usr/lib/python2.7/dist-packages/sqlalchemy/engine/default.py", line 331, in do_execute
+    cursor.execute(statement, parameters)
+OperationalError: (OperationalError) no such table: idp_user u'SELECT idp_user.id AS idp_user_id, idp_user.unique_id AS idp_user_unique_id, idp_user.idp_id AS idp_user_idp_id \nFROM idp_user \nWHERE idp_user.idp_id = ? AND idp_user.unique_id = ?' ('default', '_E747E9A3EC6A3DD86C0AEDCF1D84F1A0')
+2013-05-23 11:03:18 INFO Creating or upgrading database...
+2013-05-23 11:03:26 INFO CAM rp start
+2013-05-23 11:03:27 INFO [3506715ac4749cf7441e21f5ecbf7abf] Client 127.0.0.1 - GET http://linuxfr.local:8000/mandaye/login
+2013-05-23 11:03:27 INFO [3506715ac4749cf7441e21f5ecbf7abf] Add idp user _E747E9A3EC6A3DD86C0AEDCF1D84F1A0 in db
+2013-05-23 11:03:27 INFO [3506715ac4749cf7441e21f5ecbf7abf] Add linuxfr service provider into the db
+2013-05-23 11:03:27 INFO [3506715ac4749cf7441e21f5ecbf7abf] 302 redirect to /mandaye/associate?type=first
+2013-05-23 11:03:27 INFO [fb926ce058919cbd2746ae93c3ab5d84] Client 127.0.0.1 - GET http://linuxfr.local:8000/mandaye/associate
+2013-05-23 11:03:28 INFO [fb926ce058919cbd2746ae93c3ab5d84] Mandaye GET http://linuxfr.org/mandaye/associate?type=first
+2013-05-23 11:03:28 INFO [300f3379615a6dbf221cd28b6e97e0c7] Client 127.0.0.1 - GET http://linuxfr.local:8000/static/css/style.css
+2013-05-23 11:03:31 INFO [95a2322c9d41a05e7af41f4eda58e5cc] Client 127.0.0.1 - GET http://linuxfr.local:8000/mandaye/associate
+2013-05-23 11:03:31 INFO [95a2322c9d41a05e7af41f4eda58e5cc] Mandaye GET http://linuxfr.org/mandaye/associate?type=first
+2013-05-23 11:03:31 INFO [7be01746a8de5f6d9238f805c3cd61f6] Client 127.0.0.1 - GET http://linuxfr.local:8000/static/css/style.css
+2013-05-23 11:03:31 INFO [5cd41dd36288eb6d0853cbb344f0c420] Client 127.0.0.1 - GET http://linuxfr.local:8000/mandaye/associate
+2013-05-23 11:03:31 INFO [5cd41dd36288eb6d0853cbb344f0c420] Mandaye GET http://linuxfr.org/mandaye/associate?type=first
+2013-05-23 11:03:31 INFO [0b754451c69a3ffe60791cafd8aab9fe] Client 127.0.0.1 - GET http://linuxfr.local:8000/static/css/style.css
+2013-05-23 11:05:09 INFO CAM rp start
+2013-05-23 11:05:22 INFO [9e02e49497c195c1a126f97a66cc3229] Client 127.0.0.1 - GET http://linuxfr.local:8000/
+2013-05-23 11:05:22 INFO [9e02e49497c195c1a126f97a66cc3229] Mandaye GET http://linuxfr.org/
+2013-05-23 11:05:23 INFO [4fc3fc834e51d3f6a7a00a9784a3481f] Client 127.0.0.1 - GET http://linuxfr.local:8000/images/sections/46.png
+2013-05-23 11:05:23 INFO [4fc3fc834e51d3f6a7a00a9784a3481f] Mandaye GET http://linuxfr.org/images/sections/46.png
+2013-05-23 11:05:27 INFO [1bfe22c799b0f0e2358e6b2e95aba413] Client 127.0.0.1 - GET http://linuxfr.local:8000/mandaye/sso
+2013-05-23 11:05:27 INFO [1bfe22c799b0f0e2358e6b2e95aba413] 302 redirect to http://www.identity-hub.net/idp/saml2/sso?SAMLRequest=fVLJbsIwFPyVyPdgk7BagBSaoCJ1iQrqoZfKJKZYcuzU76XA39cJqKIXbtZ4RrPYMxCVrnnS4MG8ye9GAganShvg3cWcNM5wK0ABN6KSwLHgm%2BT5iUc9xmtn0RZWkxvJfYUAkA6VNSRYp3PyGU%2ByQTQYZ6Moi1ajZTJkcd%2BfV5N4upykSUaCd%2BnA8%2BfEy70IoJFrAygMeoj145ANwyjesilnQx6NP0iQ%2Bg7KCOxUB8SaU3o8HnuqlAYVnsNDs%2BsZiVSVNW0jRxTAkmBlXSG7IeZkLzTI1i73idWP%2FEPya%2BWlMqUyX%2Ffb7i4k4I%2FbbR7mr5stWcxaR971cItrOq1Mc9q7nraF0HzCGKOVMKU4S1pJFKVAMaO3utnl1V684zrNrVbFuY1fCbwfqEVUGe47Kq%2FbaQH9KiRItLbHBycF%2Bq7oGkno4uL5%2F3MsfgE%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=Wn%2BgtTKy9Qkdv9p9FGFc7NflWi5vT2T2or4YEpG7ZemNyR6Zw73PdIrwefb2BZI1lW%2Bj5WFgYIHJs%2FqlhOWgeVr6V0V%2FZwvFlshUVMfJYqbwUeX%2FCaUcAMtBI8nXPqwe26%2FG%2FiFDVMvMmum2spxLG%2F%2FCpP0iqnkm42rkBNM0drI%2FupllXO0CQCy964tIYHSqB2Rjs8esn7J1h5R7FzK1gYdleecF9ddO7v9sfvIxZDm2xXdw9UvLMAliqjyZbtCiNSrD90wq4yJNaZYv%2FVaKK5V8iTv6YGV0MS%2BzZMTti8N8hvzDW9wV%2FV4oMd%2FUnnp5wmScfIZCMc82Jd7AOCec%2FA%3D%3D
+2013-05-23 11:05:29 INFO [f074822a692d175484ebbfd394a17925] Client 127.0.0.1 - POST http://linuxfr.local:8000/mandaye/singleSignOnPost
+2013-05-23 11:05:29 INFO [f074822a692d175484ebbfd394a17925] 302 redirect to /mandaye/login
+2013-05-23 11:05:29 INFO [2c8a73be9f9231678248c36e4430ce40] Client 127.0.0.1 - GET http://linuxfr.local:8000/mandaye/login
+2013-05-23 11:05:29 INFO [2c8a73be9f9231678248c36e4430ce40] 302 redirect to /mandaye/associate?type=first
+2013-05-23 11:05:29 INFO [95e62e3f63e29c2c5ec1f90e717ae343] Client 127.0.0.1 - GET http://linuxfr.local:8000/mandaye/associate
+2013-05-23 11:05:29 INFO [95e62e3f63e29c2c5ec1f90e717ae343] Mandaye GET http://linuxfr.org/mandaye/associate?type=first
+2013-05-23 11:05:29 INFO [4091482509d1570976a6862e78215f27] Client 127.0.0.1 - GET http://linuxfr.local:8000/static/css/style.css
+2013-05-23 11:05:29 INFO [58ca033ffc4f9b13d22666d4166f8542] Client 127.0.0.1 - GET http://linuxfr.local:8000/static/images/a1.gif
+2013-05-23 11:05:29 INFO [79b836d7c5e182d7b781a74f794f7af8] Client 127.0.0.1 - GET http://linuxfr.local:8000/static/images/a8.png
+2013-05-23 11:05:29 INFO [8433bd2f622e3e5786dbd896b667a3f6] Client 127.0.0.1 - GET http://linuxfr.local:8000/static/images/eo.png
+2013-05-23 11:05:47 INFO [8b28ef32af95c5386004a0e0cd259abc] Client 127.0.0.1 - POST http://linuxfr.local:8000/mandaye/associate
+2013-05-23 11:05:47 INFO [8b28ef32af95c5386004a0e0cd259abc] Mandaye GET http://linuxfr.org/compte/connexion
+2013-05-23 11:05:47 INFO [8b28ef32af95c5386004a0e0cd259abc] Mandaye POST http://linuxfr.org/compte/connexion
+2013-05-23 11:05:47 INFO [8b28ef32af95c5386004a0e0cd259abc] New association: totoenstr with _E747E9A3EC6A3DD86C0AEDCF1D84F1A0 on site linuxfr
+2013-05-23 11:05:47 INFO [9d17d39f3f1cf8bb57fc9ee90df1c1ee] Client 127.0.0.1 - GET http://linuxfr.local:8000/
+2013-05-23 11:05:47 INFO [9d17d39f3f1cf8bb57fc9ee90df1c1ee] Mandaye GET http://linuxfr.org/
+2013-05-23 11:08:02 INFO CAM rp start

cam/static/css/style.css

@@ -0,0 +1,498 @@
+/* theme derived and inspired by TerraFirma
+ * <http://www.oswd.org/design/information/id/3557/>
+ */
+
+html, body {
+	margin: 0;
+	font-family: sans-serif;
+	font-size: 12px;
+}
+
+body#iframe {
+    background: white;
+}
+
+html {
+	background: #F9F9F7 url(../images/a1.gif) repeat-x;
+	color: #44b2cb;
+}
+
+a
+{
+	color: #44b2cb;
+	text-decoration: underline;
+}
+
+a:hover
+{
+	text-decoration: none;
+}
+
+
+div#wrap {
+	background: white;
+	width: 640px;
+	margin: 5em auto;
+	padding: 15px;
+	-moz-border-radius: 6px;
+	-webkit-border-radius:6px;
+	-moz-box-shadow: 0 0 4px rgba(0,0,0,0.75);
+	-webkit-box-shadow: 0 0 4px rgba(0,0,0,0.75);
+	position: relative;
+}
+
+#header
+{
+	position: absolute;
+	background: url(../images/a8.png) repeat-x;
+	-moz-border-radius: 6px 0 0 6px;
+	-webkit-border-radius: 6px 0 0 6px;
+	width: 450px;
+	height: 92px;
+	color: #fff;
+	padding-left: 20px;
+}
+
+#header h1
+{
+	font-size: 23px;
+	letter-spacing: -1px;
+	padding-top: 30px;
+	margin: 0;
+}
+
+#header span
+{
+	margin: 0;
+	font-size: 13px;
+	font-weight: normal;
+	color: #FCE2CA;
+}
+
+#splash
+{
+	position: absolute;
+	right: 20px;
+	background: url(../images/eo.png) no-repeat;
+	width: 153px;
+	height: 92px;
+	-moz-border-radius: 0 6px 6px 0;
+	-webkit-border-radius: 0 6px 6px 0;
+}
+
+div#content {
+	margin: 1em 1ex;
+	margin-top: 130px;
+	padding: 1ex;
+}
+
+div#content h2 {
+	margin-top: 0;
+	font-weight: normal;
+	color: #656551;
+	font-size: 18px;
+	letter-spacing: -1px;
+	line-height: 25px;
+	margin-bottom: 20px;
+	padding: 0 0 10px 15px;
+	position: relative;
+	top: 4px;
+	background: url(../images/a22.gif) bottom repeat-x;
+}
+
+#footer
+{
+	font-size: 70%;
+	position: relative;
+	clear: both;
+	height: 66px;
+	text-align: center;
+	line-height: 66px;
+	background-image: url(../images/a8.png);
+	color: #fff;
+}
+
+#footer a
+{
+	color: #8C8C73;
+}
+
+
+form#login-form p {
+	float: left;
+	width: 40%;
+}
+
+form#login-form input.submit {
+	float: right;
+	width: 18%;
+	margin-top: 30px;
+}
+
+div.login-actions {
+	clear: both;
+	padding-top: 1em;
+}
+
+div.login-actions p {
+	margin: 0;
+}
+
+form p {
+	margin: 0 0 1em 0;
+}
+
+form p label {
+	display: block;
+}
+
+form p input,
+form p textarea {
+	margin-left: 10px;
+}
+
+ul.messages {
+	margin: 0;
+	padding: 0;
+	list-style: none;
+}
+
+ul.messages li.error {
+	color: #e80404;
+}
+
+ul.errorlist {
+	margin: 0;
+	padding: 0;
+	color: #e80404;
+	list-style: none;
+}
+
+input, textarea {
+	padding: 5px;
+	border: 1px solid #cccccc;
+	color:#666666;
+	background: white;
+	color: black;
+}
+
+textarea:focus, input[type="text"]:focus, input[type="password"]:focus {
+	border: 1px solid #4690d6;
+	color:#333333;
+}
+
+input[type=submit] {
+	color: #ffffff;
+	background:#4690d6;
+	border: 1px solid #2a567f;
+	font-weight: bold;
+	padding: 2px 8px 2px 8px;
+	margin: 0;
+	cursor: pointer;
+}
+
+
+input[type=submit]:hover {
+	border-color: #0e1d2b;
+}
+
+form#login-form ul.errorlist {
+	margin-bottom: 1em;
+	width: 80%;
+	font-weight: normal;
+}
+
+/* OpenID Stuff */
+
+#openid_btns, #openid_btns br {
+	clear: both;
+}
+
+#openid_highlight a {
+	border: 1px solid #888;
+}
+
+#openid_input_area input[type=submit] {
+	padding-top: 0;
+	margin-top: 0;
+	margin-left: 1em;
+}
+
+.openid_large_btn {
+	width: 100px;
+	height: 60px;
+	border: 1px solid #DDD;
+	margin: 3px;
+	float: left;
+}
+.openid_small_btn {
+	width: 24px;
+	height: 24px;
+	border: 1px solid #DDD;
+	margin: 3px;
+	float: left;
+}
+
+a.openid_large_btn:focus {
+	outline: none;
+}
+a.openid_large_btn:focus {
+	-moz-outline-style: none;
+}
+.openid_selected {
+	border: 4px solid #DDD;
+}
+
+#openid_input_area {
+	clear: both;
+	padding-top: 2.5em;
+}
+
+li.indented {
+	margin-left: 50px;
+}
+
+ul.NoBullet {
+	list-style-type: none;
+}
+
+div#content h4 {
+	margin-bottom: 5px;
+	margin-top: 30px;
+}
+
+div#content p {
+        margin-top: 0;
+}
+
+div.errors {
+	margin: 0;
+	padding: 0;
+	color: #e80404;
+	list-style: none;
+}
+
+div#breadcrumb {
+	font-size: 80%;
+	margin-bottom: 1em;
+}
+
+div#user {
+	position: absolute;
+	top: 115px;
+	right: 12px;
+}
+
+a#logout {
+	font-size: 100%;
+}
+
+
+.ui-tabs .ui-tabs-hide {
+     display: none;
+}
+
+h4 {
+	padding-left: 0.5em;
+}
+
+h4 + div, div#profile {
+	padding-left: 1em;
+}
+
+
+div#menu {
+position: relative;
+background: #46461F url(../images/a17.gif) repeat-x;
+height: 67px;
+padding: 0px 20px 0px 5px;
+margin: 136px 0px 0px 0px;
+}
+
+#menu ul
+{
+        padding: 0;
+        margin: 0;
+}
+
+#menu ul li
+{
+display: inline;
+line-height: 52px;
+padding-left: 3px;
+}
+
+#menu ul li.first
+{
+border-left: 0px;
+}
+
+#menu ul li a
+{
+background-color: transparent;
+background-repeat: repeat-x;
+padding: 8px 12px 8px 12px;
+font-size: 12px;
+color: #fff;
+font-weight: bold;
+}
+#menu ul li a:hover
+{
+background: #fff url(../images/a18.gif) repeat-x top;
+color: #4A4A24;
+text-decoration: none;
+}
+
+#eo
+{
+position: absolute;
+top: 0px;
+line-height: 52px;
+color: #BDBDA2;
+right: 30px;
+font-weight: bold;
+font-size: 12px;
+letter-spacing: -1px;
+}
+
+#eo a {
+        color: inherit;
+        text-decoration: none;
+}
+
+ul#tab-nav {
+        list-style: none;
+        padding: 0;
+        width: 160px;
+        float: left;
+}
+
+ul#tab-nav li {
+        line-height: 300%;
+        position: relative;
+        right: -1px;
+        border: 1px solid transparent;
+}
+
+ul#tab-nav li.ui-tabs-selected {
+        border: 1px solid #ccc;
+        border-right: 1px solid white;
+}
+
+ul#tab-nav a {
+        display: block;
+        padding-left: 1ex;
+        outline: none;
+        -moz-user-focus:ignore;
+}
+
+ul#tab-nav a:hover {
+}
+
+ul#tab-nav a:active {
+}
+
+/* XXX: add a class to divs, so it works in IE */
+div#tabs > div {
+        border: 1px solid #ccc;
+        float: left;
+        width: 420px;
+        padding: 10px;
+        min-height: 26em;
+}
+
+a.bigbutton {
+	display: block;
+	-moz-border-radius: 6px;
+	-webkit-border-radius:6px;
+	border: 1px solid black;
+	margin: 2em 0;
+	line-height: 300%;
+	text-align: center;
+	text-decoration: none;
+	font-weight: bold;
+	-webkit-box-shadow: 0 0 4px rgba(0,0,0,0.75);
+	-moz-box-shadow: 0 0 4px rgba(0,0,0,0.75);
+}
+
+a.bigbutton:hover {
+	background: #eee;
+}
+
+div#providers {
+	display: none;
+}
+
+#modalOverlay {
+	height:100%;
+	width:100%;
+	position:fixed;
+	left:0;
+	top:0;
+	z-index:3000;
+	background-color: rgba(0, 0, 0, 0.8);
+	cursor:wait;
+}
+
+div#popup {
+	display: none;
+	position:fixed;
+	width:500px;
+	left:50%;
+	margin-left:-250px;
+	z-index:3100;
+	top: 10%;
+}
+
+div#popup div {
+	position: relative;
+	margin: 0;
+	background: white;
+	border: 1px solid black;
+	border-color: #333 black black #333;
+}
+
+div#popup h2 {
+	text-align: center;
+}
+
+div#popup ul {
+	max-height: 70px;
+	overflow: auto;
+	margin: 0 1em 1em 1em;
+	padding: 0 1em 1em 1em;
+}
+
+div#popup h3 {
+	margin-bottom: 4px;
+	padding-left: 10px;
+}
+
+div#popup p {
+	margin: 5px;
+}
+
+div#popup a#close {
+	float: right;
+	padding: 1ex;
+}
+
+a.roleid_button {
+    -moz-border-radius: 5px;
+    -webkit-border-radius: 5px;
+    border-radius: 5px;
+    background: #5C5C5C;
+    color: #44b2cb;
+    font-weight: bold;
+    padding-top: 5px;
+    padding-bottom: 5px;
+    padding-right: 10px;
+    padding-left: 10px;
+    margin: 0;
+    cursor: pointer;
+    text-decoration: none;
+}
+
+a.roleid_button:hover {
+    background: black;
+}

cam/wsgi.py

@@ -0,0 +1,9 @@
+
+from mandaye.server import MandayeApp
+
+from mandaye import config
+from beaker.middleware import SessionMiddleware
+
+application = SessionMiddleware(MandayeApp(), config.session_opts)
+
+

cam_mandaye_manager

@@ -0,0 +1,77 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+""" Script to administrate mandaye server
+"""
+
+import os
+os.environ['MANDAYE_CONFIG_MODULE'] = 'cam.config'
+
+import base64
+
+from optparse import OptionParser
+
+from mandaye import config
+from mandaye.log import logger
+
+def get_cmd_options():
+    usage = "usage: %prog --createdb|--upgradedb|--cryptpwd"
+    parser = OptionParser(usage=usage)
+    parser.add_option("--createdb",
+            dest="createdb",
+            default=False,
+            action="store_true",
+            help="Create Mandaye database"
+            )
+    parser.add_option("--upgradedb",
+            dest="upgradedb",
+            default=False,
+            action="store_true",
+            help="Upgrade Mandaye database"
+            )
+    parser.add_option("--cryptpwd",
+            dest="cryptpwd",
+            default=False,
+            action="store_true",
+            help="Crypt external password in Mandaye's database"
+            )
+    (options, args) = parser.parse_args()
+    return options
+
+def encrypt_pwd(pwd):
+    from Crypto.Cipher import AES
+    logger.debug("Encrypt password")
+    enc_pwd = pwd
+    if config.encrypt_secret:
+        try:
+            cipher = AES.new(config.encrypt_secret, AES.MODE_CFB)
+            enc_pwd = cipher.encrypt(pwd)
+            enc_pwd = base64.b64encode(enc_pwd)
+        except Exception, e:
+            if config.debug:
+                traceback.print_exc()
+            logger.warning('Password encrypting failed %s' % e)
+    else:
+        logger.warning("You must set a secret to use pwd encryption")
+    return enc_pwd
+
+def main():
+    options = get_cmd_options()
+    if options.createdb or options.upgradedb:
+        logger.info("Creating or upgrading database...")
+        from alembic.config import Config
+        from alembic import command
+        from mandaye import global_config
+        alembic_cfg = Config(global_config.alembic_cfg)
+        alembic_cfg.set_main_option("script_location", global_config.alembic_script_path)
+        command.upgrade(alembic_cfg, "head")
+        logger.info("Database upgraded")
+    if options.cryptpwd:
+        from mandaye.config.backend import ManagerSPUser
+        for user in ManagerSPUser.all():
+            user.password = encrypt_pwd(user.password)
+        ManagerSPUser.save()
+
+if __name__ == "__main__":
+    main()
+

cam_mandaye_server

@@ -0,0 +1,31 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+""" Script to launch mandaye with gunicorn server
+"""
+
+import os
+os.environ['MANDAYE_CONFIG_MODULE'] = 'cam.config'
+
+import sys
+
+from mandaye.log import logger
+from gunicorn.app.wsgiapp import WSGIApplication
+
+class WSGIApplication(WSGIApplication):
+
+    def init(self, parser, opts, args):
+        self.cfg.set("default_proc_name", "mandaye.wsgi:application")
+        self.app_uri = "cam.wsgi:application"
+
+        sys.path.insert(0, os.getcwd())
+
+def main():
+    """ The ``gunicorn`` command line runner for launcing Gunicorn with
+    generic WSGI applications.
+    """
+    logger.info('CAM rp start')
+    WSGIApplication("%prog [OPTIONS]").run()
+
+if __name__ == "__main__":
+    main()

data/http_www.identity-hub.net_idp_saml2_metadata

@@ -0,0 +1,18 @@
+<?xml version="1.0"?>
+<ns0:EntityDescriptor entityID="http://www.identity-hub.net/idp/saml2/metadata" xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata"><ns0:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><ns0:KeyDescriptor><ns1:KeyInfo xmlns:ns1="http://www.w3.org/2000/09/xmldsig#"><ns1:X509Data><ns1:X509Certificate>MIIDIzCCAgugAwIBAgIJANUBoick1pDpMA0GCSqGSIb3DQEBBQUAMBUxEzARBgNV
+BAoTCkVudHJvdXZlcnQwHhcNMTAxMjE0MTUzMzAyWhcNMTEwMTEzMTUzMzAyWjAV
+MRMwEQYDVQQKEwpFbnRyb3V2ZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAvxFkfPdndlGgQPDZgFGXbrNAc/79PULZBuNdWFHDD9P5hNhZn9Kqm4Cp
+06Pe/A6u+g5wLnYvbZQcFCgfQAEzziJtb3J55OOlB7iMEI/T2AX2WzrUH8QT8NGh
+ABONKU2Gg4XiyeXNhH5R7zdHlUwcWq3ZwNbtbY0TVc+n665EbrfV/59xihSqsoFr
+kmBLH0CoepUXtAzA7WDYn8AzusIuMx3n8844pJwgxhTB7Gjuboptlz9Hri8JRdXi
+VT9OS9Wt69ubcNoM6zuKASmtm48UuGnhj8v6XwvbjKZrL9kA+xf8ziazZfvvw/VG
+Tm+IVFYB7d1x457jY5zjjXJvNysoowIDAQABo3YwdDAdBgNVHQ4EFgQUeF8ePnu0
+fcAK50iBQDgAhHkOu8kwRQYDVR0jBD4wPIAUeF8ePnu0fcAK50iBQDgAhHkOu8mh
+GaQXMBUxEzARBgNVBAoTCkVudHJvdXZlcnSCCQDVAaInJNaQ6TAMBgNVHRMEBTAD
+AQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAy8l3GhUtpPHx0FxzbRHVaaUSgMwYKGPhE
+IdGhqekKUJIx8et4xpEMFBl5XQjBNq/mp5vO3SPb2h2PVSks7xWnG3cvEkqJSOeo
+fEEhkqnM45b2MH1S5uxp4i8UilPG6kmQiXU2rEUBdRk9xnRWos7epVivTSIv1Ncp
+lG6l41SXp6YgIb2ToT+rOKdIGIQuGDlzeR88fDxWEU0vEujZv/v1PE1YOV0xKjTT
+JumlBc6IViKhJeo1wiBBrVRIIkKKevHKQzteK8pWm9CYWculxT26TZ4VWzGbo06j
+o2zbumirrLLqnt1gmBDvDvlOwC/zAAyL4chbz66eQHTiIYZZvYgy</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns0:KeyDescriptor><ns0:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://www.identity-hub.net/idp/saml2/artifact" index="1" /><ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://www.identity-hub.net/idp/saml2/slo" ResponseLocation="http://www.identity-hub.net/idp/saml2/slo_return" /><ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://www.identity-hub.net/idp/saml2/slo" ResponseLocation="http://www.identity-hub.net/idp/saml2/slo_return" /><ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://www.identity-hub.net/idp/saml2/slo/soap" /><ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://www.identity-hub.net/idp/saml2/sso" /><ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://www.identity-hub.net/idp/saml2/sso" /></ns0:IDPSSODescriptor></ns0:EntityDescriptor>

requirements.txt

@@ -0,0 +1,10 @@
+alembic>=0.5.0
+beaker>=1.6
+gunicorn>=0.13
+lxml>=2.0
+Mako>=0.4
+poster>=0.8
+pycrypto>=2.0
+sqlalchemy>=0.7
+static>=0.4
+xtraceback>=0.3

setup.py

@@ -0,0 +1,43 @@
+#! /usr/bin/env python
+
+'''
+   Setup script for CAM RP
+'''
+
+import cam
+
+from setuptools import setup, find_packages
+from sys import version
+
+install_requires=[
+          'alembic>=0.5.0',
+          'beaker>=1.6',
+          'gunicorn>=0.13',
+          'mako>=0.3',
+          'mandaye>=0.4',
+          'lxml>=2.0',
+          'poster>=0.8',
+          'pycrypto>=2.0',
+          'sqlalchemy>=0.7',
+          'static>=0.4',
+          'xtraceback>=0.3',
+]
+
+if version < '2.7':
+    install_requires.append('importlib')
+
+setup(name="mandaye-cam",
+      version=cam.VERSION,
+      license="AGPLv3 or later",
+      description="CAM is a Mandaye project, modular reverse proxy to authenticate",
+      url="http://dev.entrouvert.org/projects/reverse-proxy/",
+      author="Entr'ouvert",
+      author_email="info@entrouvert.org",
+      maintainer="Jerome Schneider",
+      maintainer_email="jschneider@entrouvert.com",
+      scripts=['cam_mandaye_manager', 'cam_mandaye_server'],
+      packages=find_packages(),
+      package_data={},
+      install_requires=install_requires
+)
+