From ce46ba96f9e3513aa07c31ab4fe1dcce87a96b6d Mon Sep 17 00:00:00 2001 From: Paul Marillonnet Date: Thu, 9 Nov 2017 14:40:27 +0100 Subject: [PATCH] ajout des IdPS partenaires --- django/sp_sso/saml/forms.py | 9 +++------ django/sp_sso/saml/views.py | 3 +-- django/sp_sso/sp_sso/settings.py | 15 +++++++-------- django/sp_sso/sp_sso/urls.py | 3 ++- 4 files changed, 13 insertions(+), 17 deletions(-) diff --git a/django/sp_sso/saml/forms.py b/django/sp_sso/saml/forms.py index 9221944..5abb334 100644 --- a/django/sp_sso/saml/forms.py +++ b/django/sp_sso/saml/forms.py @@ -2,8 +2,8 @@ from django.utils.translation import ugettext_lazy as _ from django import forms from .utils import ldap_get_unites, ldap_get_etablissements, sso_attributes, \ sso_select_attributes, sso_tupled_attributes, \ - sso_strict_readonly_attributes, sso_needed_description_attributes, \ - ldap_get_description_etablissements, ldap_get_description_unites + sso_strict_readonly_attributes, ldap_get_description_etablissements, \ + ldap_get_description_unites AFFILIATION_CHOICES = ( @@ -102,7 +102,7 @@ class RegistrationForm(forms.Form): code_unite = kwargs['initial'].get('s_entite_affectation_principale', '') if code_unite != '': self.fields['s_entite_affectation_principale_description'].initial = ldap_get_description_unites(code_unite) - #User shouldn't be able to define this field + # User shouldn't be able to define this field self.fields['s_entite_affectation_principale_description'].widget.attrs['readonly'] = True code_hote_etablissement = kwargs['initial'].get('hote_etablissement', '') @@ -113,7 +113,6 @@ class RegistrationForm(forms.Form): code_hote_unite = kwargs['initial'].get('hote_unite', '') if code_hote_unite != '': self.fields['hote_unite'].choices = ((code_hote_unite, ldap_get_description_unites(code_hote_unite)),) - #User shouldn't be able to define this field self.fields['hote_unite'].widget.attrs['readonly'] = True self.fields['hote_etablissement'].widget.attrs['readonly'] = True @@ -152,8 +151,6 @@ class RegistrationForm(forms.Form): required=False, max_length=100, label=_("Institution")) s_etablissement_description = forms.CharField( required=False, max_length=100, label=_("Institution")) - #invite_unite = forms.CharField( - # required=False, label=_("Research entity or unit"), initial='') # supannEntiteAffectationPrincipale s_entite_affectation_principale = forms.CharField( required=False, label=_("Unit"), initial='') diff --git a/django/sp_sso/saml/views.py b/django/sp_sso/saml/views.py index 5697003..09dd2cc 100644 --- a/django/sp_sso/saml/views.py +++ b/django/sp_sso/saml/views.py @@ -1,6 +1,6 @@ import logging from django.views.generic import FormView -from django.utils.translation import ugettext_lazy as _, ugettext as ugt +from django.utils.translation import ugettext_lazy as _ from .forms import RegistrationForm from .utils import ldap_contains_user, wcs_submit, sso_attributes, \ @@ -8,7 +8,6 @@ from .utils import ldap_contains_user, wcs_submit, sso_attributes, \ ldap_get_description_etablissements - MSG_WCS_POST = _("""Your account creation request has been sent. An email summing up your request has just been sent to you. It contains all the information needed for you to follow up diff --git a/django/sp_sso/sp_sso/settings.py b/django/sp_sso/sp_sso/settings.py index 5365381..06aa8a0 100644 --- a/django/sp_sso/sp_sso/settings.py +++ b/django/sp_sso/sp_sso/settings.py @@ -54,8 +54,6 @@ TEMPLATE_DEBUG = True ALLOWED_HOSTS = ['localhost', 'sp-condorcet.dev.entrouvert.org'] -MELLON_HACK = True - TEMPLATE_DIRS = ( 'templates', ) @@ -91,14 +89,15 @@ MELLON_SUPERUSER_MAPPING = { 'is_superuser': 'true', } - -MELLON_TRANSIENT_FEDERATION_ATTRIBUTE = 'urn:oid:1.3.6.1.4.1.5923.1.1.1.10' +# The official Condorcet IdP uses a transient NameID attribute. It also +# forwards on a eduTargetID. +MELLON_TRANSIENT_FEDERATION_ATTRIBUTE = 'urn:oid:1.3.6.1.4.1.5923.1.1.1.10' # eduTargetID MELLON_IDENTITY_PROVIDERS = [ -{'METADATA_URL': 'http://idp-condorcet.dev.entrouvert.org/idp/saml2/metadata'}, -{'METADATA_URL': 'https://idp-campus-condorcet.renater.fr/idp/shibboleth'}, -{'METADATA_URL': 'https://shibboleth.ehess.fr/idp/shibboleth'}, -{'METADATA_URL': 'https://federation-identite.univ-paris13.fr/idp/shibboleth'} +{'METADATA_URL': 'http://idp-condorcet.dev.entrouvert.org/idp/saml2/metadata'}, # PoC IdP +{'METADATA_URL': 'https://idp-campus-condorcet.renater.fr/idp/shibboleth'}, # CC IdP +{'METADATA_URL': 'https://shibboleth.ehess.fr/idp/shibboleth'}, # EHESS IdP +{'METADATA_URL': 'https://federation-identite.univ-paris13.fr/idp/shibboleth'} # Paris 13 IdP ] MELLON_DISCOVERY_SERVICE_URL = "https://discovery.renater.fr/test" diff --git a/django/sp_sso/sp_sso/urls.py b/django/sp_sso/sp_sso/urls.py index 6b6cb3a..dd4253a 100644 --- a/django/sp_sso/sp_sso/urls.py +++ b/django/sp_sso/sp_sso/urls.py @@ -6,6 +6,7 @@ from saml.decorators import user_can_declare, user_not_in_ldap from saml import views as samlviews from django.contrib.auth.decorators import login_required +project_name = 'sp_sso' urlpatterns = [ url(r'^admin/', include(admin.site.urls)), url(r'^register/', include('saml.urls')), @@ -14,7 +15,7 @@ urlpatterns = [ url(r'^declare/$', login_required(user_can_declare(views.declare)), name="declare"), url(r'^declare/subscribed/$', views.subscribed, name='subscribed'), url(r'^$', views.index), - url(r'^accounts/mellon/', include('mellon.urls')), + url(r'^accounts/mellon/', include('mellon.urls'), {'project_name': project_name}), url(r'^logout/$', views.logout, name='auth_logout'), url(r'^login/$', views.login, name='auth_login'), url(r'^logged_in/', views.logged_in, name='auth_logged_in'),