arcopole: begin replay support

This commit is contained in:
Jérôme Schneider 2014-09-02 12:07:13 +02:00
parent c370e1bd17
commit b3f62b5d43
8 changed files with 39 additions and 77 deletions

11
conf.d/arcopole Normal file
View File

@ -0,0 +1,11 @@
{
"site_name": "arcopole",
"server_name": ["arco.local:8000"],
"location": "/",
"target": "http://arcopole.local",
"mapper": "arcopole",
"auth_type": "saml2_arcopole",
"saml2_idp_metadata": "http://authentic.local/idp/saml2/metadata",
"saml2_signature_public_key": "certs/saml.crt",
"saml2_signature_private_key": "certs/saml.key"
}

View File

@ -1,11 +0,0 @@
{
"site_name": "linuxfr",
"server_name": ["linuxfrsaml.local:8000"],
"location": "/",
"target": "https://linuxfr.org",
"mapper": "linuxfr",
"auth_type": "saml2",
"saml2_idp_metadata": "http://www.identity-hub.com/idp/saml2/metadata",
"saml2_signature_public_key": "certs/saml.crt",
"saml2_signature_private_key": "certs/saml.key"
}

View File

@ -1,20 +0,0 @@
## Virtual hosts configuration
hosts = {
'linuxfrsaml.local:8000': [
{
'path': r'/',
'target': 'http://linuxfr.org',
'mapping': 'mandaye_cud.configs.linuxfr_saml_example.linuxfr_mapping'
},
],
}
## SQL Backend config
# http://docs.sqlalchemy.org/en/rel_0_7/core/engines.html
# rfc 1738 https://tools.ietf.org/html/rfc1738
# dialect+driver://username:password@host:port/database
db_url = 'sqlite:///test.db'
## Logging configuration
debug = False

View File

@ -0,0 +1,14 @@
import base64
from mandaye.auth.saml2 import SAML2Auth
class SamlArcopoleAuth(SAML2Auth):
""" Overload replay for arcopole
"""
def replay(self, env, post_values):
""" we need to b64encode the password for arcopole """
pwd = self.form_values['password_field']
post_values[pwd] = base64.b64encode(post_values[pwd])
return super(SamlArcopoleAuth, self).replay(env, post_values)

View File

@ -1,18 +0,0 @@
"""
Here you can overload Mandaye default authentification
method like SAML2Auth or AuthForm
"""
from mandaye.auth.authform import AuthForm
from mandaye.auth.saml2 import SAML2Auth
class MyAuthSAML(SAML2Auth):
""" Overload Mandaye SAML2Auth authentification
"""
pass
class MyAuth(AuthForm):
""" Overload Mandaye AuthForm authentification
"""
pass

View File

@ -10,6 +10,7 @@ from mandaye.exceptions import ImproperlyConfigured
# else /etc/mandaye-cam/config.ini
# and then /etc/mandaye-cam/local-config.ini
BASE_DIR = os.path.dirname(os.path.abspath(__file__))
print os.path.join(BASE_DIR, 'local-config.ini')
SETTINGS_INI = (os.path.join(BASE_DIR, 'default-config.ini'),)
if os.environ.get('SETTINGS_INI'):
SETTINGS_INI += (os.environ.get('SETTINGS_INI'),)
@ -17,7 +18,7 @@ else:
ETC_DIR = os.path.join('/', 'etc', 'mandaye-cam')
SETTINGS_INI += (
os.path.join(ETC_DIR, 'config.ini'),
os.path.join(ETC_DIR, 'local-config.ini')
os.path.join(BASE_DIR, 'local-config.ini')
)
config = SafeConfigParser()
@ -107,12 +108,13 @@ if config.has_section('template_vars'):
# Supported authentification
authentifications = {
'saml2': 'mandaye.auth.saml2.SAML2Auth'
'saml2': 'mandaye.auth.saml2.SAML2Auth',
'saml2_arcopole': 'mandaye_cud.auth.arcopole.SamlArcopoleAuth'
}
# sp mappers
mappers = {
'linuxfr': 'mandaye_cud.mappers.linuxfr_example',
'arcopole': 'mandaye_cud.mappers.arcopole',
}
# Raven Sentry configuration

View File

@ -21,15 +21,14 @@ login_url, form_attrs, post_fields and username_field are obligatory
* mapping
"""
from mandaye.auth.saml2 import END_POINTS_PATH
from mandaye_cud.filters.example import ReplayFilter
form_values = {
'login_url': '/compte/connexion',
'form_attrs': { 'id': 'new_account' },
'post_fields': ['account[login]', 'account[password]'],
'username_field': 'account[login]',
'password_field': 'account[password]',
'login_url': '/studio/accueil',
'form_attrs': { 'id': 'login-form' },
'post_fields': ['username', 'password'],
'username_field': 'username',
'password_field': 'password',
}
urls = {
@ -45,7 +44,7 @@ mapping = [
'method': 'GET',
'response': {
'auth': 'login',
'values': {'condition': 'response.code==302'},
'values': {'condition': "'success' in response.msg"},
},
},
{
@ -66,7 +65,7 @@ mapping = [
'values': {
'action': urls['associate_url'],
'template': 'associate.html',
'sp_name': 'Linux FR',
'sp_name': 'Arcopole',
'login_name': form_values['username_field'],
'password_name': form_values['password_field'],
},
@ -77,23 +76,8 @@ mapping = [
'method': 'POST',
'response': {
'auth': 'associate_submit',
'values': {'condition': "response.code==302"}
'values': {'condition': "'success' in response.msg"}
},
},
{
'path': r'%s$' % END_POINTS_PATH['single_sign_on_post'],
'method': 'POST',
'response': {'auth': 'single_sign_on_post'}
},
{
'path': r'%s$' % END_POINTS_PATH['single_logout'],
'method': 'GET',
'response': {'auth': 'single_logout',}
},
{
'path': r'%s$' % END_POINTS_PATH['single_logout_return'],
'method': 'GET',
'response': {'auth': 'single_logout_return',}
},
]

View File

@ -27,7 +27,7 @@
</form>
</div>
<div id="footer">
Copyright &copy; 2013 Entr'ouvert
Copyright &copy; 2014 Entr'ouvert
</div>
</div>
</body>