Support for exposing co entity's metadata endpoint

Author: vkadam

.gitignore

@@ -1,6 +1,7 @@
 **/.DS_Store
 _build
 .idea
+*.iml
 *.pyc
 *.log*
 

example/internal_attributes.yaml.example

@@ -27,7 +27,7 @@ attributes:
     orcid: [emails.str]
     github: [email]
     openid: [email]
-    saml: [email, emailAdress, mail]
+    saml: [email, emailAddress, mail]
   name:
     facebook: [name]
     orcid: [name.credit-name]

src/satosa/backends/saml2.py

@@ -448,7 +448,7 @@ def _metadata_endpoint(self, context):
         :param context: The current context
         :return: response with metadata
         """
-        msg = "Sending metadata response"
+        msg = "Sending metadata response for entityId = {}".format(self.sp.config.entityid)
         logline = lu.LOG_FMT.format(id=lu.get_session_id(context.state), message=msg)
         logger.debug(logline)
 
@@ -488,6 +488,7 @@ def register_endpoints(self):
                     ("^%s$" % parsed_endp.path[1:], self.disco_response))
 
         if self.expose_entityid_endpoint():
+            logger.debug("Exposing backend entity endpoint = {}".format(self.sp.config.entityid))
             parsed_entity_id = urlparse(self.sp.config.entityid)
             url_map.append(("^{0}".format(parsed_entity_id.path[1:]),
                             self._metadata_endpoint))

src/satosa/frontends/saml2.py

@@ -483,7 +483,7 @@ def _metadata_endpoint(self, context):
         :param context: The current context
         :return: response with metadata
         """
-        msg = "Sending metadata response"
+        msg = "Sending metadata response for entityId = {}".format(self.idp.config.entityid)
         logline = lu.LOG_FMT.format(id=lu.get_session_id(context.state), message=msg)
         logger.debug(logline)
         metadata_string = create_metadata_string(None, self.idp.config, 4, None, None, None, None,
@@ -523,6 +523,7 @@ def _register_endpoints(self, providers):
                                 functools.partial(self.handle_authn_request, binding_in=binding)))
 
         if self.expose_entityid_endpoint():
+            logger.debug("Exposing frontend entity endpoint = {}".format(self.idp.config.entityid))
             parsed_entity_id = urlparse(self.idp.config.entityid)
             url_map.append(("^{0}".format(parsed_entity_id.path[1:]),
                             self._metadata_endpoint))
@@ -959,30 +960,39 @@ def _add_endpoints_to_config(self, config, co_name, backend_name):
 
         return config
 
-    def _add_entity_id(self, config, co_name):
+    def _add_entity_id(self, config, co_name, backend_name):
         """
         Use the CO name to construct the entity ID for the virtual IdP
         for the CO and add it to the config. Also add it to the
         context.
 
         The entity ID has the form
 
-        {base_entity_id}/{co_name}
+        {base_entity_id}/{backend_name}/{co_name}
 
         :type context: The current context
         :type config: satosa.satosa_config.SATOSAConfig
         :type co_name: str
+        :type backend_name: str
         :rtype: satosa.satosa_config.SATOSAConfig
 
         :param context:
         :param config: satosa proxy config
         :param co_name: CO name
+        :param backend_name: Backend name
 
         :return: config with updated entity ID
         """
         base_entity_id = config['entityid']
-        co_entity_id = "{}/{}".format(base_entity_id, quote_plus(co_name))
-        config['entityid'] = co_entity_id
+
+        replace = [
+            ("<backend_name>", quote_plus(backend_name)),
+            ("<co_name>", quote_plus(co_name))
+        ]
+        for _replace in replace:
+            base_entity_id = base_entity_id.replace(_replace[0], _replace[1])
+
+        config['entityid'] = base_entity_id
 
         return config
 
@@ -1035,7 +1045,7 @@ def _co_names_from_config(self):
 
         return co_names
 
-    def _create_co_virtual_idp(self, context):
+    def _create_co_virtual_idp(self, context, co_name=None):
         """
         Create a virtual IdP to represent the CO.
 
@@ -1045,7 +1055,7 @@ def _create_co_virtual_idp(self, context):
         :param context:
         :return: An idp server
         """
-        co_name = self._get_co_name(context)
+        co_name = co_name or self._get_co_name(context)
         context.decorate(self.KEY_CO_NAME, co_name)
 
         # Verify that we are configured for this CO. If the CO was not
@@ -1068,7 +1078,7 @@ def _create_co_virtual_idp(self, context):
         idp_config = self._add_endpoints_to_config(
             idp_config, co_name, backend_name
         )
-        idp_config = self._add_entity_id(idp_config, co_name)
+        idp_config = self._add_entity_id(idp_config, co_name, backend_name)
         context.decorate(self.KEY_CO_ENTITY_ID, idp_config['entityid'])
 
         # Use the overwritten IdP config to generate a pysaml2 config object
@@ -1155,4 +1165,30 @@ def _register_endpoints(self, backend_names):
                 logline = "Adding mapping {}".format(mapping)
                 logger.debug(logline)
 
+        if self.expose_entityid_endpoint():
+            for backend_name in backend_names:
+                for co_name in co_names:
+                    idp_config = self._add_entity_id(copy.deepcopy(self.idp_config), co_name, backend_name)
+                    entity_id = idp_config['entityid']
+                    logger.debug("Exposing frontend entity endpoint = {}".format(entity_id))
+                    parsed_entity_id = urlparse(entity_id)
+                    metadata_endpoint = "^{0}".format(parsed_entity_id.path[1:])
+                    the_callable = functools.partial(self._metadata_endpoint, co_name=co_name)
+                    url_to_callable_mappings.append((metadata_endpoint, the_callable))
+
         return url_to_callable_mappings
+
+    def _metadata_endpoint(self, context, co_name):
+        """
+        Endpoint for retrieving the virtual frontend metadata
+        :type context: satosa.context.Context
+        :rtype: satosa.response.Response
+
+        :param context: The current context
+        :return: response with metadata
+        """
+        # Using the context of the current request and saved state from the
+        # authentication request dynamically create an IdP instance.
+        self.idp = self._create_co_virtual_idp(context, co_name=co_name)
+        return super()._metadata_endpoint(context=context);
+

src/satosa/metadata_creation/saml_metadata.py

@@ -80,7 +80,7 @@ def _create_frontend_metadata(frontend_modules, backend_modules):
                     logger.info(logline)
                     idp_config = copy.deepcopy(frontend.config["idp_config"])
                     idp_config = frontend._add_endpoints_to_config(idp_config, co_name, backend.name)
-                    idp_config = frontend._add_entity_id(idp_config, co_name)
+                    idp_config = frontend._add_entity_id(idp_config, co_name, backend.name)
                     idp_config = frontend._overlay_for_saml_metadata(idp_config, co_name)
                     entity_desc = _create_entity_descriptor(idp_config)
                     frontend_metadata[frontend.name].append(entity_desc)