circle: proof of concept saml sp

circle/circle/settings/base.py

 """Common settings and globals."""
 """Common settings and globals."""
 # flake8: noqa
 # flake8: noqa
-
-from datetime import timedelta
 from os import environ
 from os import environ
-from os.path import abspath, basename, dirname, join, normpath
+from os.path import abspath, basename, dirname, join, normpath, isfile
+from sys import path
+
+from django.core.exceptions import ImproperlyConfigured
 from json import loads
 from json import loads
+
+
 # from socket import SOCK_STREAM
 # from socket import SOCK_STREAM
-from sys import path
 
 
 
 
 # Normally you should not import ANYTHING from Django directly
 # Normally you should not import ANYTHING from Django directly
 # into your settings, but ImproperlyConfigured is an exception.
 # into your settings, but ImproperlyConfigured is an exception.
-from django.core.exceptions import ImproperlyConfigured
 
 
 
 
 def get_env_variable(var_name, default=None):
 def get_env_variable(var_name, default=None):
@@ -36,6 +37,9 @@ SITE_ROOT = dirname(DJANGO_ROOT)
 # Site name:
 # Site name:
 SITE_NAME = basename(DJANGO_ROOT)
 SITE_NAME = basename(DJANGO_ROOT)
 
 
+# Url to site: (e.g. http://localhost:8080/)
+DJANGO_URL = get_env_variable('DJANGO_URL')
+
 # Add our project to our pythonpath, this way we don't need to type our project
 # Add our project to our pythonpath, this way we don't need to type our project
 # name in our dotted import paths:
 # name in our dotted import paths:
 path.append(DJANGO_ROOT)
 path.append(DJANGO_ROOT)
@@ -319,3 +323,62 @@ CACHES = {
         'LOCATION': '127.0.0.1:11211',
         'LOCATION': '127.0.0.1:11211',
     }
     }
 }
 }
+
+
+if get_env_variable('DJANGO_SAML', 'FALSE') == 'TRUE':
+    try:
+        from shutil import which  # python >3.4
+    except ImportError:
+        from shutilwhich import which
+    from saml2 import BINDING_HTTP_POST, BINDING_HTTP_REDIRECT
+
+    # INSTALLED_APPS += (  # needed only for testing djangosaml2
+    #     'djangosaml',
+    # )
+    AUTHENTICATION_BACKENDS = (
+        'django.contrib.auth.backends.ModelBackend',
+        'djangosaml2.backends.Saml2Backend',
+    )
+    LOGIN_URL = '/saml2/login/'
+
+    remote_metadata = join(SITE_ROOT, 'remote_metadata.xml')
+    if not isfile(remote_metadata):
+        raise ImproperlyConfigured('Download SAML2 metadata to %s' %
+                                   remote_metadata)
+    required_attrs = loads(get_env_variable('DJANGO_SAML_REQUIRED',
+                                            '["uid"]'))
+    optional_attrs = loads(get_env_variable('DJANGO_SAML_OPTIONAL',
+                                            '["mail", "cn", "sn"]'))
+
+    SAML_CONFIG = {
+        'xmlsec_binary': which('xmlsec1'),
+        'entityid': DJANGO_URL + 'saml2/metadata/',
+        'attribute_map_dir': join(SITE_ROOT, 'attribute-maps'),
+        'service': {
+            'sp': {
+                'name': SITE_NAME,
+                'endpoints': {
+                    'assertion_consumer_service': [
+                        (DJANGO_URL + 'saml2/acs/', BINDING_HTTP_POST),
+                    ],
+                    'single_logout_service': [
+                        (DJANGO_URL + 'saml2/ls/', BINDING_HTTP_REDIRECT),
+                    ],
+                },
+                'required_attributes': required_attrs,
+                'optional_attributes': optional_attrs,
+            },
+        },
+        'metadata': {'local': [remote_metadata], },
+        'key_file': join(SITE_ROOT, 'samlcert.key'),  # private part
+        'cert_file': join(SITE_ROOT, 'samlcert.pem'),  # public part
+    }
+    try:
+        SAML_CONFIG += loads(get_env_variable('DJANGO_SAML_SETTINGS'))
+    except ImproperlyConfigured:
+        pass
+    SAML_CREATE_UNKNOWN_USER = True
+    SAML_ATTRIBUTE_MAPPING = loads(get_env_variable(
+        'DJANGO_SAML_ATTRIBUTE_MAPPING',
+        '{"mail": ["email"], "sn": ["last_name"], '
+        '"uid": ["username"], "cn": ["first_name"]}'))

circle/circle/settings/local.py

 """Development settings and globals."""
 """Development settings and globals."""
 
 
 
 
-# from os.path import join, normpath
-
 from base import *  # noqa
 from base import *  # noqa
 
 
 
 
@@ -70,6 +68,8 @@ if get_env_variable('DJANGO_TOOLBAR', 'FALSE') == 'TRUE':
     }
     }
     ########## END TOOLBAR CONFIGURATION
     ########## END TOOLBAR CONFIGURATION
 
 
+LOGGING['loggers']['djangosaml2'] = {'handlers': ['console'], 'level': 'DEBUG'}
+
 LOGGING['handlers']['console'] = {'level': 'DEBUG',
 LOGGING['handlers']['console'] = {'level': 'DEBUG',
                                   'class': 'logging.StreamHandler',
                                   'class': 'logging.StreamHandler',
                                   'formatter': 'simple'}
                                   'formatter': 'simple'}

circle/circle/urls.py

@@ -3,6 +3,8 @@ from django.conf.urls import patterns, include, url
 
 
 from django.contrib import admin
 from django.contrib import admin
 
 
+from circle.settings.base import get_env_variable
+
 admin.autodiscover()
 admin.autodiscover()
 
 
 urlpatterns = patterns(
 urlpatterns = patterns(
@@ -21,3 +23,10 @@ urlpatterns = patterns(
     url(r'^accounts/', include('django.contrib.auth.urls')),
     url(r'^accounts/', include('django.contrib.auth.urls')),
     url(r'^vm-api/', include('vm.urls')),
     url(r'^vm-api/', include('vm.urls')),
 )
 )
+
+
+if get_env_variable('DJANGO_SAML', 'FALSE') == 'TRUE':
+    urlpatterns += patterns(
+        '',
+        (r'^saml2/', include('djangosaml2.urls')),
+    )