disco: webadmin interface

2012-07-12 14:42:28 +02:00 · 2012-07-12 14:42:28 +02:00 · c8cb743951
parent 65c5cf66c1
commit c8cb743951
4 changed files with 60 additions and 7 deletions
--- a/virtualenv/pffedportal/base/views.py
+++ b/virtualenv/pffedportal/base/views.py
@ -106,6 +106,8 @@ def login(request):
            'idp_providers': get_idp_list_sorted(),
            'mailform': mailform,
            'https_hostname': settings.HTTPS_HOSTNAME,
+            'disco_stores_read': settings.DISCO_STORES_READ,
+            'disco_stores_write': settings.DISCO_STORES_WRITE,
            },
           context_instance=RequestContext(request))

--- a/virtualenv/pffedportal/settings.py
+++ b/virtualenv/pffedportal/settings.py
@ -219,6 +219,21 @@ try:
 except:
    SESSION_COOKIE_AGE = 15*60

+# discovery service
+try:
+    stores = root.find('installedpackages/univnautes/config/discostoresread').text.decode('base64').decode('iso-8859-1').splitlines()
+    DISCO_STORES_READ = [ l for l in stores if not re.match('^\s*$', l) ]
+except:
+    DISCO_STORES_READ = [ 'https://' + HTTPS_HOSTNAME + MEDIA_URL + 'simple-disco-store/store.html' ]
+
+try:
+    stores = root.find('installedpackages/univnautes/config/discostoreswrite').text.decode('base64').decode('iso-8859-1').splitlines()
+    DISCO_STORES_WRITE = [ l for l in stores if not re.match('^\s*$', l) ]
+    if not DISCO_STORES_WRITE:
+        DISCO_STORES_WRITE = DISCO_STORES_READ
+except:
+    DISCO_STORES_WRITE = DISCO_STORES_READ
+
 # After login, redirect the user to the original requested URL after this delay (in seconds).
 # 0 = immediate redirection
 # -1 = no redirection
--- a/virtualenv/pffedportal/templates/login0.html
+++ b/virtualenv/pffedportal/templates/login0.html
@ -52,31 +52,45 @@ Choisissez votre établissement&nbsp;:<br /><br />
 <script type="text/javascript" src="{{ MEDIA_URL }}simple-disco-store/debug.js"></script>
 <script>

+  idps = {
+    {% for p in idp_providers %}
+    "{{ p.entity_id }}": {
+      name: "{{ p.name }}",
+      href: "/sso?entity_id={{ p.entity_id|urlfullencode }}",
+    },
+    {% endfor %}
+  };
+
  function query() {
+    {% for store in disco_stores_read %}
    $.disco_query(
      "https://{{https_hostname}}/authsaml2/metadata",
-      "https://{{https_hostname}}{{ MEDIA_URL }}simple-disco-store/store.html",
+      "{{ store }}",
      "https://{{https_hostname}}{{ MEDIA_URL }}simple-disco-store/response.html",
      function (entity_id, store, auth) {
-        $('a#default-idp').text("entity_id : " + entity_id);
+        idp = idps[entity_id];
+        // alert("idp = " + JSON.stringify(idp));
+        $('a#default-idp').text(idp.name);
        $('a#default-idp').attr({
-          href: "/sso?entity_id=" + entity_id,
-          title: "Entity ID = " + entity_id,
+          href: idp.href,
+          title: "Authentification via " + idp.name,
          style: "",
        });
-        alert("query: receive " + entity_id + " from " + store);
      });
+    {% endfor %}
  }

  function set(idp_entity_id) {
+    {% for store in disco_stores_write %}
    $.disco_set(
      "https://{{https_hostname}}/authsaml2/metadata",
      idp_entity_id,
-      "https://{{https_hostname}}{{ MEDIA_URL }}simple-disco-store/store.html",
+      "{{ store }}",
      "https://{{https_hostname}}{{ MEDIA_URL }}simple-disco-store/response.html",
      function (entity_id, store, auth) {
-        alert("set: store " + entity_id + " on " + store);
+        // alert("set: store " + entity_id + " on " + store);
      });
+    {% endfor %}
  }

  $(document).ready(function() {
--- a/virtualenv/pkg/univnautes.xml
+++ b/virtualenv/pkg/univnautes.xml
@ -200,6 +200,28 @@
 			<rows>8</rows>
 			<cols>66</cols>
 		</field>
+		<field>
+			<type>listtopic</type>
+			<name>Discovery Service</name>
+		</field>
+		<field>
+			<fielddescr>IdP Discovery Service endpoints (read)</fielddescr>
+			<fieldname>discostoresread</fieldname>
+			<encoding>base64</encoding>
+			<description>List of IdP Discovery Service endpoints to contact, one URL per line. You may safely include a short list of services, but you are reccomended to limit the number, because all these services are contacted by all users when disco is used. REMEMBER: add the corresponding IPs in the whitelist statics IP above.</description>
+			<type>textarea</type>
+			<rows>4</rows>
+			<cols>66</cols>
+		</field>
+		<field>
+			<fielddescr>IdP Discovery Service endpoints (write)</fielddescr>
+			<fieldname>discostoreswrite</fieldname>
+			<encoding>base64</encoding>
+			<description>List of IdP Discovery Service endpoints that supports DiscoJuiceReadWrite, which is an extension to the IdP Discovery Protocol, that allows you to write the result of the user selection to a central discovery service. One URL per line. REMEMBER: add the corresponding IPs in the whitelist statics IP above.</description>
+			<type>textarea</type>
+			<rows>4</rows>
+			<cols>66</cols>
+		</field>
 		<field>
 			<type>listtopic</type>
 			<name>Blacklists</name>