Fixed RP3 errors

2014-12-16 14:23:34 +01:00 · 2014-12-16 14:23:34 +01:00 · 7e095f658b
parent 4d5d75d776
commit 7e095f658b
4 changed files with 61 additions and 87 deletions
--- a/oidc_example/rp3/conf.py.example
+++ b/oidc_example/rp3/conf.py.example
@ -1,21 +1,23 @@
 PORT = 8666
-#BASE = "http://lingon.catalogix.se:" + str(PORT) + "/"
-#BASE = "http://hashog.umdc.umu.se:" + str(PORT) + "/"
+#BASE = "https://lingon.ladok.umu.se:" + str(PORT) + "/"
 BASE = "http://localhost:" + str(PORT) + "/"

 # If BASE is https these has to be specified
-SERVER_KEY = ''
-SERVER_CERT = ''
+SERVER_CERT = "certs/server.crt"
+SERVER_KEY = "certs/server.key"
 CA_BUNDLE = None

 VERIFY_SSL = False

 # information used when registering the client, this may be the same for all OPs
+
 ME = {
    "application_type": "web",
+    "application_name": "idpproxy",
    "contacts": ["ops@example.com"],
    "redirect_uris": ["%sauthz_cb" % BASE],
-    "post_logout_redirect_uris": ["%slogout" % BASE]
+    "post_logout_redirect_uris": ["%slogout" % BASE],
+    "response_types": ["code"]
 }

 BEHAVIOUR = {
@ -25,7 +27,7 @@ BEHAVIOUR = {

 ACR_VALUES = ["SAML"]

-# The keys in this dictionary are the OPs short user friendly name
+# The keys in this dictionary are the OPs short userfriendly name
 # not the issuer (iss) name.

 CLIENTS = {
@ -36,59 +38,33 @@ CLIENTS = {
        "client_info": ME,
        "behaviour": BEHAVIOUR
    },
-    # # No webfinger support, but OP information lookup and client registration
-    # "xenosmilus": {
-    #     "srv_discovery_url": "https://xenosmilus2.umdc.umu.se:8091/",
+    #"oictest": {
+    #    "srv_discovery_url": "https://oictest.umdc.umu.se:8085/",
+    #    "client_info": ME,
+    #    "behaviour": BEHAVIOUR
+    #},
+    # "lingon": {
+    #     "srv_discovery_url": "https://lingon.ladok.umu.se:8092/",
    #     "client_info": ME,
-    #     "behaviour": BEHAVIOUR
+    #     "behaviour": BEHAVIOUR,
+    #     "verify_ssl": False
    # },
-    # # Supports OP information lookup but not client registration
-    # "op.example.org": {
-    #     "srv_discovery_url": "https://example.org/op/discovery_endpoint",
+    # Supports OP information lookup but not client registration
+    # "google": {
+    #     "srv_discovery_url": "https://accounts.google.com/",
    #     "client_registration": {
-    #         "client_id": "abcdefgh",
-    #         "client_secret": "123456789",
-    #         "redirect_uris": ["https://rp.example.com/authn_cb"],
-    #         "token_endpoint_auth_method": "client_secret_post",
-    #     }
-    # },
-    # # Does not support OP information lookup but dynamic client registration
-    # "noop.example.com": {
-    #     "provider_info": {
-    #         "issuer": "",
-    #         "authorization_endpoint": "",
-    #         "token_endpoint": "",
-    #         "userinfo_endpoint": "",
-    #         "registration_endpoint": "",
-    #         "jwks_uri": "",
-    #         "scopes_supported": "",
-    #         "response_types_supported": "",
-    #         "subject_types_supported": "",
-    #         "id_token_signing_alg_values_supported": "",
-    #         "claims_supported": "",
+    #         "client_id": "xxxxxxxxx.apps.googleusercontent.com",
+    #         "client_secret": "2222222222",
+    #         "redirect_uris": ["%s/google" % BASE],
    #     },
-    #     "client_info": ME,
-    # },
-    # # Does not support any dynamic functionality
-    # "nodyn.example.com": {
-    #     "provider_info": {
-    #         "issuer": "",
-    #         "authorization_endpoint": "",
-    #         "token_endpoint": "",
-    #         "userinfo_endpoint": "",
-    #         "registration_endpoint": "",
-    #         "jwks_uri": "",
-    #         "scopes_supported": "",
-    #         "response_types_supported": "",
-    #         "subject_types_supported": "",
-    #         "id_token_signing_alg_values_supported": "",
-    #         "claims_supported": "",
+    #     "behaviour": {
+    #         "response_type": "code",
+    #         "scope": ["openid",
+    #                   "https://www.googleapis.com/auth/userinfo.profile",
+    #                   "https://www.googleapis.com/auth/userinfo.email"]
    #     },
-    #     "client_registration": {
-    #         "client_id": "abcdefg",
-    #         "client_secret": "123456789",
-    #         "redirect_uris": ["https://rp.example.com/authn_cb"],
-    #         "token_endpoint_auth_method": "client_secret_post",
+    #     "allow": {
+    #         "issuer_mismatch": True
    #     }
-    # },
+    # }
 }
--- a/oidc_example/rp3/htdocs/opchoice.mako
+++ b/oidc_example/rp3/htdocs/opchoice.mako
@ -1,13 +1,11 @@
 <%!
    def op_choice(op_list):
-    """
-    Creates a dropdown list of OpenID Connect providers
-    """
-    element = "<select name=\"op\">"
-    for name in op_list:
-        element += "<option value=\"%s\">%s</option>" % (name, name)
-    element += "</select>"
-    return element
+        #Creates a dropdown list of OpenID Connect providers
+        element = "<select name=\"op\">"
+        for name in op_list:
+            element += "<option value=\"%s\">%s</option>" % (name, name)
+        element += "</select>"
+        return element
 %>

 <!DOCTYPE html>
--- a/oidc_example/rp3/htdocs/opresult.mako
+++ b/oidc_example/rp3/htdocs/opresult.mako
@ -1,41 +1,41 @@
 <!DOCTYPE html>

-    <%!
-        import htmlentitydefs
-        import re, string
+<%!
+    import htmlentitydefs
+    import re, string

-        # this pattern matches substrings of reserved and non-ASCII characters
-        pattern = re.compile(r"[&<>\"\x80-\xff]+")
+    # this pattern matches substrings of reserved and non-ASCII characters
+    pattern = re.compile(r"[&<>\"\x80-\xff]+")

-        # create character map
-        entity_map = {}
+    # create character map
+    entity_map = {}

-        for i in range(256):
+    for i in range(256):
        entity_map[chr(i)] = "&#%d;" % i

-        for entity, char in htmlentitydefs.entitydefs.items():
+    for entity, char in htmlentitydefs.entitydefs.items():
        if entity_map.has_key(char):
            entity_map[char] = "&%s;" % entity

-        def escape_entity(m, get=entity_map.get):
+    def escape_entity(m, get=entity_map.get):
        return string.join(map(get, m.group()), "")

-        def escape(string):
+    def escape(string):
        return pattern.sub(escape_entity, string)

-        def create_result(userinfo):
-      """
-      Creates a display of user information.
-      """
-      element = "<p>You have successfully authenticated!</p>"
+    def create_result(userinfo):
+        """
+        Creates a display of user information.
+        """
+        element = "<p>You have successfully authenticated!</p>"

-      for key, value in userinfo.items():
-          element += "<div class='row'>"
-          element += "<div class='col-md-3'>" +  escape(unicode(key).encode("utf-8")) + "</div>"
-          element += "<div class='col-md-7'>" + escape(unicode(value).encode("utf-8")) + "</div>"
-          element += "</div>"
-      return element
-    %>
+        for key, value in userinfo.items():
+            element += "<div class='row'>"
+            element += "<div class='col-md-3'>" +  escape(unicode(key).encode("utf-8")) + "</div>"
+            element += "<div class='col-md-7'>" + escape(unicode(value).encode("utf-8")) + "</div>"
+            element += "</div>"
+        return element
+%>

 <html>
 <head>
--- a/oidc_example/rp3/oidc.py
+++ b/oidc_example/rp3/oidc.py
@ -22,7 +22,7 @@ class Client(oic.Client):
    def __init__(self, client_id=None, ca_certs=None,
                 client_prefs=None, client_authn_method=None, keyjar=None,
                 verify_ssl=True, behaviour=None):
-        super(Client, self).__init__(self, client_id, ca_certs, client_prefs,
+        oic.Client.__init__(self, client_id, ca_certs, client_prefs,
                            client_authn_method, keyjar, verify_ssl)
        if behaviour:
            self.behaviour = behaviour