Changes needed after adding CAS module to pyoidc

idp.py

@@ -264,7 +264,7 @@ def usage():
     idp_conf = import_module(args.config)
     metadata = idp_conf.CONFIG["metadata"]
     if _key:
-        generateMetadata = MetadataGeneration(
+        generateMetadata = MetadataGeneration(idp_conf.CONFIG,
             logger, idp_proxy_conf.SERVICE, publicKey=_key, privateKey=key,
             metadataList=[metadata])
     else:

idp_oic.xml

@@ -0,0 +1,2 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<ns0:EntitiesDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ns1="urn:mace:shibboleth:metadata:1.0" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" Name="http://hashog.umdc.umu.se:8091/md/idpproxy-1.0.xml" cacheDuration="" validUntil="2013-04-25T18:52:03Z"><ns0:EntityDescriptor entityID="http://hashog.umdc.umu.se:8091/google.xml"><ns0:Extensions><ns1:Scope regexp="false">google.social2saml.org</ns1:Scope></ns0:Extensions><ns0:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><ns0:KeyDescriptor><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIIC8jCCAlugAwIBAgIJAJHg2V5J31I8MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNVBAYTAlNFMQ0wCwYDVQQHEwRVbWVhMRgwFgYDVQQKEw9VbWVhIFVuaXZlcnNpdHkxEDAOBgNVBAsTB0lUIFVuaXQxEDAOBgNVBAMTB1Rlc3QgU1AwHhcNMDkxMDI2MTMzMTE1WhcNMTAxMDI2MTMzMTE1WjBaMQswCQYDVQQGEwJTRTENMAsGA1UEBxMEVW1lYTEYMBYGA1UEChMPVW1lYSBVbml2ZXJzaXR5MRAwDgYDVQQLEwdJVCBVbml0MRAwDgYDVQQDEwdUZXN0IFNQMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkJWP7bwOxtH+E15VTaulNzVQ/0cSbM5G7abqeqSNSs0l0veHr6/ROgW96ZeQ57fzVy2MCFiQRw2fzBs0n7leEmDJyVVtBTavYlhAVXDNa3stgvh43qCfLx+clUlOvtnsoMiiRmo7qf0BoPKTj7c0uLKpDpEbAHQT4OF1HRYVxMwIDAQABo4G/MIG8MB0GA1UdDgQWBBQ7RgbMJFDGRBu9o3tDQDuSoBy7JjCBjAYDVR0jBIGEMIGBgBQ7RgbMJFDGRBu9o3tDQDuSoBy7JqFepFwwWjELMAkGA1UEBhMCU0UxDTALBgNVBAcTBFVtZWExGDAWBgNVBAoTD1VtZWEgVW5pdmVyc2l0eTEQMA4GA1UECxMHSVQgVW5pdDEQMA4GA1UEAxMHVGVzdCBTUIIJAJHg2V5J31I8MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAMuRwwXRnsiyWzmRikpwinnhTmbooKm5TINPE7A7gSQ710RxioQePPhZOzkM27NnHTrCe2rBVg0EGz7QTd1JIwLPvgoj4VTi/fSha/tXrYUaqc9AqU1kWI4WN+vffBGQ09mo+6CffuFTZYeOhzP/2stAPwCTU4kxEoiy0KpZMANI=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns0:KeyDescriptor><ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://hashog.umdc.umu.se:8091/google_sso" /></ns0:IDPSSODescriptor></ns0:EntityDescriptor><ns0:EntityDescriptor entityID="http://hashog.umdc.umu.se:8091/twitter.xml"><ns0:Extensions><ns1:Scope regexp="false">twitter.social2saml.org</ns1:Scope></ns0:Extensions><ns0:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><ns0:KeyDescriptor><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIIC8jCCAlugAwIBAgIJAJHg2V5J31I8MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNVBAYTAlNFMQ0wCwYDVQQHEwRVbWVhMRgwFgYDVQQKEw9VbWVhIFVuaXZlcnNpdHkxEDAOBgNVBAsTB0lUIFVuaXQxEDAOBgNVBAMTB1Rlc3QgU1AwHhcNMDkxMDI2MTMzMTE1WhcNMTAxMDI2MTMzMTE1WjBaMQswCQYDVQQGEwJTRTENMAsGA1UEBxMEVW1lYTEYMBYGA1UEChMPVW1lYSBVbml2ZXJzaXR5MRAwDgYDVQQLEwdJVCBVbml0MRAwDgYDVQQDEwdUZXN0IFNQMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkJWP7bwOxtH+E15VTaulNzVQ/0cSbM5G7abqeqSNSs0l0veHr6/ROgW96ZeQ57fzVy2MCFiQRw2fzBs0n7leEmDJyVVtBTavYlhAVXDNa3stgvh43qCfLx+clUlOvtnsoMiiRmo7qf0BoPKTj7c0uLKpDpEbAHQT4OF1HRYVxMwIDAQABo4G/MIG8MB0GA1UdDgQWBBQ7RgbMJFDGRBu9o3tDQDuSoBy7JjCBjAYDVR0jBIGEMIGBgBQ7RgbMJFDGRBu9o3tDQDuSoBy7JqFepFwwWjELMAkGA1UEBhMCU0UxDTALBgNVBAcTBFVtZWExGDAWBgNVBAoTD1VtZWEgVW5pdmVyc2l0eTEQMA4GA1UECxMHSVQgVW5pdDEQMA4GA1UEAxMHVGVzdCBTUIIJAJHg2V5J31I8MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAMuRwwXRnsiyWzmRikpwinnhTmbooKm5TINPE7A7gSQ710RxioQePPhZOzkM27NnHTrCe2rBVg0EGz7QTd1JIwLPvgoj4VTi/fSha/tXrYUaqc9AqU1kWI4WN+vffBGQ09mo+6CffuFTZYeOhzP/2stAPwCTU4kxEoiy0KpZMANI=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns0:KeyDescriptor><ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://hashog.umdc.umu.se:8091/twitter_sso" /></ns0:IDPSSODescriptor></ns0:EntityDescriptor><ns0:EntityDescriptor entityID="http://hashog.umdc.umu.se:8091/paypal.xml"><ns0:Extensions><ns1:Scope regexp="false">paypal.social2saml.org</ns1:Scope></ns0:Extensions><ns0:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><ns0:KeyDescriptor><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIIC8jCCAlugAwIBAgIJAJHg2V5J31I8MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNVBAYTAlNFMQ0wCwYDVQQHEwRVbWVhMRgwFgYDVQQKEw9VbWVhIFVuaXZlcnNpdHkxEDAOBgNVBAsTB0lUIFVuaXQxEDAOBgNVBAMTB1Rlc3QgU1AwHhcNMDkxMDI2MTMzMTE1WhcNMTAxMDI2MTMzMTE1WjBaMQswCQYDVQQGEwJTRTENMAsGA1UEBxMEVW1lYTEYMBYGA1UEChMPVW1lYSBVbml2ZXJzaXR5MRAwDgYDVQQLEwdJVCBVbml0MRAwDgYDVQQDEwdUZXN0IFNQMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkJWP7bwOxtH+E15VTaulNzVQ/0cSbM5G7abqeqSNSs0l0veHr6/ROgW96ZeQ57fzVy2MCFiQRw2fzBs0n7leEmDJyVVtBTavYlhAVXDNa3stgvh43qCfLx+clUlOvtnsoMiiRmo7qf0BoPKTj7c0uLKpDpEbAHQT4OF1HRYVxMwIDAQABo4G/MIG8MB0GA1UdDgQWBBQ7RgbMJFDGRBu9o3tDQDuSoBy7JjCBjAYDVR0jBIGEMIGBgBQ7RgbMJFDGRBu9o3tDQDuSoBy7JqFepFwwWjELMAkGA1UEBhMCU0UxDTALBgNVBAcTBFVtZWExGDAWBgNVBAoTD1VtZWEgVW5pdmVyc2l0eTEQMA4GA1UECxMHSVQgVW5pdDEQMA4GA1UEAxMHVGVzdCBTUIIJAJHg2V5J31I8MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAMuRwwXRnsiyWzmRikpwinnhTmbooKm5TINPE7A7gSQ710RxioQePPhZOzkM27NnHTrCe2rBVg0EGz7QTd1JIwLPvgoj4VTi/fSha/tXrYUaqc9AqU1kWI4WN+vffBGQ09mo+6CffuFTZYeOhzP/2stAPwCTU4kxEoiy0KpZMANI=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns0:KeyDescriptor><ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://hashog.umdc.umu.se:8091/paypal_sso" /></ns0:IDPSSODescriptor></ns0:EntityDescriptor><ns0:EntityDescriptor entityID="http://hashog.umdc.umu.se:8091/oic.xml"><ns0:Extensions><ns1:Scope regexp="false">oic.social2saml.org</ns1:Scope></ns0:Extensions><ns0:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><ns0:KeyDescriptor><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIIC8jCCAlugAwIBAgIJAJHg2V5J31I8MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNVBAYTAlNFMQ0wCwYDVQQHEwRVbWVhMRgwFgYDVQQKEw9VbWVhIFVuaXZlcnNpdHkxEDAOBgNVBAsTB0lUIFVuaXQxEDAOBgNVBAMTB1Rlc3QgU1AwHhcNMDkxMDI2MTMzMTE1WhcNMTAxMDI2MTMzMTE1WjBaMQswCQYDVQQGEwJTRTENMAsGA1UEBxMEVW1lYTEYMBYGA1UEChMPVW1lYSBVbml2ZXJzaXR5MRAwDgYDVQQLEwdJVCBVbml0MRAwDgYDVQQDEwdUZXN0IFNQMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkJWP7bwOxtH+E15VTaulNzVQ/0cSbM5G7abqeqSNSs0l0veHr6/ROgW96ZeQ57fzVy2MCFiQRw2fzBs0n7leEmDJyVVtBTavYlhAVXDNa3stgvh43qCfLx+clUlOvtnsoMiiRmo7qf0BoPKTj7c0uLKpDpEbAHQT4OF1HRYVxMwIDAQABo4G/MIG8MB0GA1UdDgQWBBQ7RgbMJFDGRBu9o3tDQDuSoBy7JjCBjAYDVR0jBIGEMIGBgBQ7RgbMJFDGRBu9o3tDQDuSoBy7JqFepFwwWjELMAkGA1UEBhMCU0UxDTALBgNVBAcTBFVtZWExGDAWBgNVBAoTD1VtZWEgVW5pdmVyc2l0eTEQMA4GA1UECxMHSVQgVW5pdDEQMA4GA1UEAxMHVGVzdCBTUIIJAJHg2V5J31I8MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAMuRwwXRnsiyWzmRikpwinnhTmbooKm5TINPE7A7gSQ710RxioQePPhZOzkM27NnHTrCe2rBVg0EGz7QTd1JIwLPvgoj4VTi/fSha/tXrYUaqc9AqU1kWI4WN+vffBGQ09mo+6CffuFTZYeOhzP/2stAPwCTU4kxEoiy0KpZMANI=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns0:KeyDescriptor><ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://hashog.umdc.umu.se:8091/oic_sso" /></ns0:IDPSSODescriptor></ns0:EntityDescriptor><ns0:EntityDescriptor entityID="http://hashog.umdc.umu.se:8091/linkedin.xml"><ns0:Extensions><ns1:Scope regexp="false">linkedin.social2saml.org</ns1:Scope></ns0:Extensions><ns0:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><ns0:KeyDescriptor><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIIC8jCCAlugAwIBAgIJAJHg2V5J31I8MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNVBAYTAlNFMQ0wCwYDVQQHEwRVbWVhMRgwFgYDVQQKEw9VbWVhIFVuaXZlcnNpdHkxEDAOBgNVBAsTB0lUIFVuaXQxEDAOBgNVBAMTB1Rlc3QgU1AwHhcNMDkxMDI2MTMzMTE1WhcNMTAxMDI2MTMzMTE1WjBaMQswCQYDVQQGEwJTRTENMAsGA1UEBxMEVW1lYTEYMBYGA1UEChMPVW1lYSBVbml2ZXJzaXR5MRAwDgYDVQQLEwdJVCBVbml0MRAwDgYDVQQDEwdUZXN0IFNQMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkJWP7bwOxtH+E15VTaulNzVQ/0cSbM5G7abqeqSNSs0l0veHr6/ROgW96ZeQ57fzVy2MCFiQRw2fzBs0n7leEmDJyVVtBTavYlhAVXDNa3stgvh43qCfLx+clUlOvtnsoMiiRmo7qf0BoPKTj7c0uLKpDpEbAHQT4OF1HRYVxMwIDAQABo4G/MIG8MB0GA1UdDgQWBBQ7RgbMJFDGRBu9o3tDQDuSoBy7JjCBjAYDVR0jBIGEMIGBgBQ7RgbMJFDGRBu9o3tDQDuSoBy7JqFepFwwWjELMAkGA1UEBhMCU0UxDTALBgNVBAcTBFVtZWExGDAWBgNVBAoTD1VtZWEgVW5pdmVyc2l0eTEQMA4GA1UECxMHSVQgVW5pdDEQMA4GA1UEAxMHVGVzdCBTUIIJAJHg2V5J31I8MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAMuRwwXRnsiyWzmRikpwinnhTmbooKm5TINPE7A7gSQ710RxioQePPhZOzkM27NnHTrCe2rBVg0EGz7QTd1JIwLPvgoj4VTi/fSha/tXrYUaqc9AqU1kWI4WN+vffBGQ09mo+6CffuFTZYeOhzP/2stAPwCTU4kxEoiy0KpZMANI=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns0:KeyDescriptor><ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://hashog.umdc.umu.se:8091/linkedin_sso" /></ns0:IDPSSODescriptor></ns0:EntityDescriptor><ns0:EntityDescriptor entityID="http://hashog.umdc.umu.se:8091/liveid.xml"><ns0:Extensions><ns1:Scope regexp="false">liveid.social2saml.org</ns1:Scope></ns0:Extensions><ns0:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><ns0:KeyDescriptor><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIIC8jCCAlugAwIBAgIJAJHg2V5J31I8MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNVBAYTAlNFMQ0wCwYDVQQHEwRVbWVhMRgwFgYDVQQKEw9VbWVhIFVuaXZlcnNpdHkxEDAOBgNVBAsTB0lUIFVuaXQxEDAOBgNVBAMTB1Rlc3QgU1AwHhcNMDkxMDI2MTMzMTE1WhcNMTAxMDI2MTMzMTE1WjBaMQswCQYDVQQGEwJTRTENMAsGA1UEBxMEVW1lYTEYMBYGA1UEChMPVW1lYSBVbml2ZXJzaXR5MRAwDgYDVQQLEwdJVCBVbml0MRAwDgYDVQQDEwdUZXN0IFNQMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkJWP7bwOxtH+E15VTaulNzVQ/0cSbM5G7abqeqSNSs0l0veHr6/ROgW96ZeQ57fzVy2MCFiQRw2fzBs0n7leEmDJyVVtBTavYlhAVXDNa3stgvh43qCfLx+clUlOvtnsoMiiRmo7qf0BoPKTj7c0uLKpDpEbAHQT4OF1HRYVxMwIDAQABo4G/MIG8MB0GA1UdDgQWBBQ7RgbMJFDGRBu9o3tDQDuSoBy7JjCBjAYDVR0jBIGEMIGBgBQ7RgbMJFDGRBu9o3tDQDuSoBy7JqFepFwwWjELMAkGA1UEBhMCU0UxDTALBgNVBAcTBFVtZWExGDAWBgNVBAoTD1VtZWEgVW5pdmVyc2l0eTEQMA4GA1UECxMHSVQgVW5pdDEQMA4GA1UEAxMHVGVzdCBTUIIJAJHg2V5J31I8MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAMuRwwXRnsiyWzmRikpwinnhTmbooKm5TINPE7A7gSQ710RxioQePPhZOzkM27NnHTrCe2rBVg0EGz7QTd1JIwLPvgoj4VTi/fSha/tXrYUaqc9AqU1kWI4WN+vffBGQ09mo+6CffuFTZYeOhzP/2stAPwCTU4kxEoiy0KpZMANI=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns0:KeyDescriptor><ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://hashog.umdc.umu.se:8091/liveid_sso" /></ns0:IDPSSODescriptor></ns0:EntityDescriptor><ns0:EntityDescriptor entityID="http://hashog.umdc.umu.se:8091/facebook.xml"><ns0:Extensions><ns1:Scope regexp="false">facebook.social2saml.org</ns1:Scope></ns0:Extensions><ns0:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><ns0:KeyDescriptor><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>MIIC8jCCAlugAwIBAgIJAJHg2V5J31I8MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNVBAYTAlNFMQ0wCwYDVQQHEwRVbWVhMRgwFgYDVQQKEw9VbWVhIFVuaXZlcnNpdHkxEDAOBgNVBAsTB0lUIFVuaXQxEDAOBgNVBAMTB1Rlc3QgU1AwHhcNMDkxMDI2MTMzMTE1WhcNMTAxMDI2MTMzMTE1WjBaMQswCQYDVQQGEwJTRTENMAsGA1UEBxMEVW1lYTEYMBYGA1UEChMPVW1lYSBVbml2ZXJzaXR5MRAwDgYDVQQLEwdJVCBVbml0MRAwDgYDVQQDEwdUZXN0IFNQMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkJWP7bwOxtH+E15VTaulNzVQ/0cSbM5G7abqeqSNSs0l0veHr6/ROgW96ZeQ57fzVy2MCFiQRw2fzBs0n7leEmDJyVVtBTavYlhAVXDNa3stgvh43qCfLx+clUlOvtnsoMiiRmo7qf0BoPKTj7c0uLKpDpEbAHQT4OF1HRYVxMwIDAQABo4G/MIG8MB0GA1UdDgQWBBQ7RgbMJFDGRBu9o3tDQDuSoBy7JjCBjAYDVR0jBIGEMIGBgBQ7RgbMJFDGRBu9o3tDQDuSoBy7JqFepFwwWjELMAkGA1UEBhMCU0UxDTALBgNVBAcTBFVtZWExGDAWBgNVBAoTD1VtZWEgVW5pdmVyc2l0eTEQMA4GA1UECxMHSVQgVW5pdDEQMA4GA1UEAxMHVGVzdCBTUIIJAJHg2V5J31I8MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAMuRwwXRnsiyWzmRikpwinnhTmbooKm5TINPE7A7gSQ710RxioQePPhZOzkM27NnHTrCe2rBVg0EGz7QTd1JIwLPvgoj4VTi/fSha/tXrYUaqc9AqU1kWI4WN+vffBGQ09mo+6CffuFTZYeOhzP/2stAPwCTU4kxEoiy0KpZMANI=</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns0:KeyDescriptor><ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://hashog.umdc.umu.se:8091/facebook_sso" /></ns0:IDPSSODescriptor></ns0:EntityDescriptor></ns0:EntitiesDescriptor>

src/idpproxy/__init__.py

@@ -147,7 +147,10 @@ def authn_response(server_env, req_info, userid, identity,
 
     logger.info("LOGIN success: sp_entity_id=%s#authn=%s" % (req_info.sender(),
                                                              authn))
-    logger.debug("AuthNResponse: %s" % authn_resp)
+    try:
+        logger.debug("AuthNResponse: %s" % authn_resp.encode('utf-8'))
+    except Exception:
+        logger.debug("AuthNResponse: can not be logged.")
 
     ht_args = _idp.apply_binding(binding, "%s" % authn_resp, destination,
                                  req_info.relay_state, response=True)
@@ -189,8 +192,9 @@ def do_req_response(server_env, req_info, response, environ, source,
 
     session["identity"] = identity
     session["eptid"] = identity["eduPersonTargetedID"]
+    authnVal = {"class_ref": saml.AUTHN_PASSWORD,"authn_auth": source}
     return authn_response(server_env, req_info, userid, identity,
-                          authn=(saml.AUTHN_PASSWORD, source), service=service)
+                          authn=authnVal, service=service)
 
 
 def do_logout_response(req_info, status=None):

src/idpproxy/metadata/secret.py

@@ -1,6 +1,5 @@
-import cgi
-
 __author__ = 'Hans Hoerberg - Copyright 2013 Umea Universitet'
+import cgi
 import re
 import os
 import xmldsig
@@ -26,6 +25,7 @@
 from saml2.extension import dri
 from saml2.extension import ui
 from saml2 import md
+from saml2.config import Config
 
 # The class is responsible for taking care of all requests for generating SP
 # metadata for the social services used by the IdPproxy.
@@ -81,7 +81,7 @@ class MetadataGeneration(object):
     #Needed for reading metadatafiles.
     CONST_ATTRCONV = attribute_converter.ac_factory("attributemaps")
 
-    def __init__(self, logger, conf, publicKey, privateKey, metadataList):
+    def __init__(self, idp_conf, logger, conf, publicKey, privateKey, metadataList):
         """
         Constructor.
         Initiates the class.
@@ -125,10 +125,16 @@ def __init__(self, logger, conf, publicKey, privateKey, metadataList):
 
         self.xmlsec_path = xmlsec_path
 
+        config = Config()
+        config.disable_ssl_certificate_validation = True
+        config.key_file = idp_conf["key_file"]
+        config.cert_file = idp_conf["cert_file"]
+        config.xmlsec_binary = idp_conf["xmlsec_binary"]
+        config.debug = idp_conf["debug"]
+
         for metadata in metadataList:
             mds = MetadataStore(MetadataGeneration.CONST_ONTS.values(),
-                                MetadataGeneration.CONST_ATTRCONV, xmlsec_path,
-                                disable_ssl_certificate_validation=True)
+                                MetadataGeneration.CONST_ATTRCONV, config)
             mds.imp(metadata)
             for entityId in mds.keys():
                 self.spKeyList.append(entityId)

src/idpproxy/social/XpressConnect/__init__.py

@@ -0,0 +1,76 @@
+__author__ = 'haho0032'
+
+import json
+from oic.utils.authn.client import CLIENT_AUTHN_METHOD
+
+import xml.etree.ElementTree as ET
+from oic.oauth2 import Client
+from oic.oauth2.message import ErrorResponse
+from oic.oauth2.message import AuthorizationResponse
+from idpproxy.social.oauth2 import OAuth2
+
+import logging
+
+logger = logging.getLogger(__name__)
+
+
+class XpressConnect(OAuth2):
+    def __init__(self, client_id, client_secret, **kwargs):
+        OAuth2.__init__(self, client_id, client_secret, **kwargs)
+        self.token_response_body_type = "json"
+
+ #noinspection PyUnusedLocal
+    def phaseN(self, environ, info, server_env, sid):
+        session = server_env["CACHE"][sid]
+
+        callback = server_env["base_url"] + self.social_endpoint
+
+        client = Client(client_id=self.client_id,
+                        client_authn_method=CLIENT_AUTHN_METHOD)
+        response = client.parse_response(AuthorizationResponse, info, "dict")
+        logger.info("Response: %s" % response)
+
+        if isinstance(response, ErrorResponse):
+            logger.info("%s" % response)
+            session["authentication"] = "FAILED"
+            return False, "Authentication failed or permission not granted"
+
+        req_args = {
+            "redirect_uri": callback,
+            "client_secret": self.client_secret,
+        }
+
+        client.token_endpoint = self.extra["token_endpoint"]
+        tokenresp = client.do_access_token_request(
+            scope=self._scope,
+            body_type=self.token_response_body_type,
+            request_args=req_args,
+            authn_method="client_secret_post",
+            state=response["state"],
+            response_cls=self.access_token_response)
+
+        if isinstance(tokenresp, ErrorResponse):
+            logger.info("%s" % tokenresp)
+            session["authentication"] = "FAILED"
+            return False, "Authentication failed or permission not granted"
+
+        # Download the user profile and cache a local instance of the
+        # basic profile info
+        result = client.fetch_protected_resource(
+            self.userinfo_endpoint(tokenresp), token=tokenresp["access_token"])
+
+        logger.info("Userinfo: %s" % result.text)
+        root = ET.fromstring(result.text)
+        jsontext = json.dumps(root.attrib)
+        profile = json.loads(jsontext)
+        profile = self.convert(profile)
+        logger.info("PROFILE: %s" % (profile, ))
+        session["service"] = self.name
+        session["authentication"] = "OK"
+        session["status"] = "SUCCESS"
+        session["authn_auth"] = self.authenticating_authority
+        session["permanent_id"] = profile["uid"]
+
+        server_env["CACHE"][sid] = session
+
+        return True, profile, session

src/idpproxy/social/oauth2/__init__.py

@@ -1,5 +1,5 @@
 import json
-from oic.utils.authn import CLIENT_AUTHN_METHOD
+from oic.utils.authn.client import CLIENT_AUTHN_METHOD
 
 from idpproxy.social import Social
 
@@ -22,7 +22,7 @@ def __init__(self, client_id, client_secret, **kwargs):
         Social.__init__(self, client_id, client_secret, **kwargs)
         self.access_token_response = AccessTokenResponse
         try:
-            self._scope = ",".join(self.extra["scope"])
+            self._scope = self.extra["scope"] # ",".join(self.extra["scope"])
         except KeyError:
             self._scope = ""
         self.token_response_body_type = "urlencoded"
@@ -95,14 +95,14 @@ def phaseN(self, environ, info, server_env, sid):
 
         logger.info("Userinfo: %s" % result.text)
         profile = json.loads(result.text)
-
+        profile = self.convert(profile)
         logger.info("PROFILE: %s" % (profile, ))
         session["service"] = self.name
         session["authentication"] = "OK"
         session["status"] = "SUCCESS"
         session["authn_auth"] = self.authenticating_authority
-        session["permanent_id"] = profile["id"]
+        session["permanent_id"] = profile["uid"]
 
         server_env["CACHE"][sid] = session
 
-        return True, self.convert(profile), session
+        return True, profile, session

src/idpproxy/social/openidconnect/__init__.py

@@ -247,8 +247,10 @@ def phaseN(self, environ, info, server_env, sid):
 
         tot_info = userinfo.update(inforesp.to_dict())
 
+        userinfo = self.convert(userinfo)
+
         logger.debug("UserInfo: %s" % inforesp)
-        session["permanent_id"] = userinfo["user_id"]
+        session["permanent_id"] = userinfo["uid"]
         #session["service"] = provider_conf["issuer"]
         session["service_info"] = userinfo
         session["authn_auth"] = client.authorization_endpoint
@@ -257,7 +259,7 @@ def phaseN(self, environ, info, server_env, sid):
         server_env["CACHE"][sid] = session
         environ["QUERY_STRING"] = ""
 
-        return True, self.convert(userinfo), session
+        return True, userinfo, session
 
 
 

src/idpproxy/social/pyoidc/__init__.py

@@ -0,0 +1,14 @@
+__author__ = 'haho0032'
+
+from idpproxy.social.oauth2 import OAuth2
+
+import logging
+
+logger = logging.getLogger(__name__)
+
+
+class pyoidcOAuth2(OAuth2):
+    def __init__(self, client_id, client_secret, **kwargs):
+        OAuth2.__init__(self, client_id, client_secret, **kwargs)
+        self.token_response_body_type = "json"
+