Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
Gelencsér Szabolcs
/
circlestack
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
0
Merge Requests
0
Pipelines
Wiki
Snippets
Members
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
6f0adf06
authored
Jan 15, 2014
by
Őry Máté
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
circle: proof of concept saml sp
parent
cfc2fc67
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
79 additions
and
7 deletions
+79
-7
circle/circle/settings/base.py
+68
-5
circle/circle/settings/local.py
+2
-2
circle/circle/urls.py
+9
-0
No files found.
circle/circle/settings/base.py
View file @
6f0adf06
"""Common settings and globals."""
"""Common settings and globals."""
# flake8: noqa
# flake8: noqa
from
datetime
import
timedelta
from
os
import
environ
from
os
import
environ
from
os.path
import
abspath
,
basename
,
dirname
,
join
,
normpath
from
os.path
import
abspath
,
basename
,
dirname
,
join
,
normpath
,
isfile
from
sys
import
path
from
django.core.exceptions
import
ImproperlyConfigured
from
json
import
loads
from
json
import
loads
# from socket import SOCK_STREAM
# from socket import SOCK_STREAM
from
sys
import
path
# Normally you should not import ANYTHING from Django directly
# Normally you should not import ANYTHING from Django directly
# into your settings, but ImproperlyConfigured is an exception.
# into your settings, but ImproperlyConfigured is an exception.
from
django.core.exceptions
import
ImproperlyConfigured
def
get_env_variable
(
var_name
,
default
=
None
):
def
get_env_variable
(
var_name
,
default
=
None
):
...
@@ -36,6 +37,9 @@ SITE_ROOT = dirname(DJANGO_ROOT)
...
@@ -36,6 +37,9 @@ SITE_ROOT = dirname(DJANGO_ROOT)
# Site name:
# Site name:
SITE_NAME
=
basename
(
DJANGO_ROOT
)
SITE_NAME
=
basename
(
DJANGO_ROOT
)
# Url to site: (e.g. http://localhost:8080/)
DJANGO_URL
=
get_env_variable
(
'DJANGO_URL'
)
# Add our project to our pythonpath, this way we don't need to type our project
# Add our project to our pythonpath, this way we don't need to type our project
# name in our dotted import paths:
# name in our dotted import paths:
path
.
append
(
DJANGO_ROOT
)
path
.
append
(
DJANGO_ROOT
)
...
@@ -319,3 +323,62 @@ CACHES = {
...
@@ -319,3 +323,62 @@ CACHES = {
'LOCATION'
:
'127.0.0.1:11211'
,
'LOCATION'
:
'127.0.0.1:11211'
,
}
}
}
}
if
get_env_variable
(
'DJANGO_SAML'
,
'FALSE'
)
==
'TRUE'
:
try
:
from
shutil
import
which
# python >3.4
except
ImportError
:
from
shutilwhich
import
which
from
saml2
import
BINDING_HTTP_POST
,
BINDING_HTTP_REDIRECT
# INSTALLED_APPS += ( # needed only for testing djangosaml2
# 'djangosaml',
# )
AUTHENTICATION_BACKENDS
=
(
'django.contrib.auth.backends.ModelBackend'
,
'djangosaml2.backends.Saml2Backend'
,
)
LOGIN_URL
=
'/saml2/login/'
remote_metadata
=
join
(
SITE_ROOT
,
'remote_metadata.xml'
)
if
not
isfile
(
remote_metadata
):
raise
ImproperlyConfigured
(
'Download SAML2 metadata to
%
s'
%
remote_metadata
)
required_attrs
=
loads
(
get_env_variable
(
'DJANGO_SAML_REQUIRED'
,
'["uid"]'
))
optional_attrs
=
loads
(
get_env_variable
(
'DJANGO_SAML_OPTIONAL'
,
'["mail", "cn", "sn"]'
))
SAML_CONFIG
=
{
'xmlsec_binary'
:
which
(
'xmlsec1'
),
'entityid'
:
DJANGO_URL
+
'saml2/metadata/'
,
'attribute_map_dir'
:
join
(
SITE_ROOT
,
'attribute-maps'
),
'service'
:
{
'sp'
:
{
'name'
:
SITE_NAME
,
'endpoints'
:
{
'assertion_consumer_service'
:
[
(
DJANGO_URL
+
'saml2/acs/'
,
BINDING_HTTP_POST
),
],
'single_logout_service'
:
[
(
DJANGO_URL
+
'saml2/ls/'
,
BINDING_HTTP_REDIRECT
),
],
},
'required_attributes'
:
required_attrs
,
'optional_attributes'
:
optional_attrs
,
},
},
'metadata'
:
{
'local'
:
[
remote_metadata
],
},
'key_file'
:
join
(
SITE_ROOT
,
'samlcert.key'
),
# private part
'cert_file'
:
join
(
SITE_ROOT
,
'samlcert.pem'
),
# public part
}
try
:
SAML_CONFIG
+=
loads
(
get_env_variable
(
'DJANGO_SAML_SETTINGS'
))
except
ImproperlyConfigured
:
pass
SAML_CREATE_UNKNOWN_USER
=
True
SAML_ATTRIBUTE_MAPPING
=
loads
(
get_env_variable
(
'DJANGO_SAML_ATTRIBUTE_MAPPING'
,
'{"mail": ["email"], "sn": ["last_name"], '
'"uid": ["username"], "cn": ["first_name"]}'
))
circle/circle/settings/local.py
View file @
6f0adf06
"""Development settings and globals."""
"""Development settings and globals."""
# from os.path import join, normpath
from
base
import
*
# noqa
from
base
import
*
# noqa
...
@@ -70,6 +68,8 @@ if get_env_variable('DJANGO_TOOLBAR', 'FALSE') == 'TRUE':
...
@@ -70,6 +68,8 @@ if get_env_variable('DJANGO_TOOLBAR', 'FALSE') == 'TRUE':
}
}
########## END TOOLBAR CONFIGURATION
########## END TOOLBAR CONFIGURATION
LOGGING
[
'loggers'
][
'djangosaml2'
]
=
{
'handlers'
:
[
'console'
],
'level'
:
'DEBUG'
}
LOGGING
[
'handlers'
][
'console'
]
=
{
'level'
:
'DEBUG'
,
LOGGING
[
'handlers'
][
'console'
]
=
{
'level'
:
'DEBUG'
,
'class'
:
'logging.StreamHandler'
,
'class'
:
'logging.StreamHandler'
,
'formatter'
:
'simple'
}
'formatter'
:
'simple'
}
...
...
circle/circle/urls.py
View file @
6f0adf06
...
@@ -3,6 +3,8 @@ from django.conf.urls import patterns, include, url
...
@@ -3,6 +3,8 @@ from django.conf.urls import patterns, include, url
from
django.contrib
import
admin
from
django.contrib
import
admin
from
circle.settings.base
import
get_env_variable
admin
.
autodiscover
()
admin
.
autodiscover
()
urlpatterns
=
patterns
(
urlpatterns
=
patterns
(
...
@@ -21,3 +23,10 @@ urlpatterns = patterns(
...
@@ -21,3 +23,10 @@ urlpatterns = patterns(
url
(
r'^accounts/'
,
include
(
'django.contrib.auth.urls'
)),
url
(
r'^accounts/'
,
include
(
'django.contrib.auth.urls'
)),
url
(
r'^vm-api/'
,
include
(
'vm.urls'
)),
url
(
r'^vm-api/'
,
include
(
'vm.urls'
)),
)
)
if
get_env_variable
(
'DJANGO_SAML'
,
'FALSE'
)
==
'TRUE'
:
urlpatterns
+=
patterns
(
''
,
(
r'^saml2/'
,
include
(
'djangosaml2.urls'
)),
)
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment