Idp2 uses ssl

Author: dallerbarn

example/idp2/idp.py

@@ -7,10 +7,13 @@
 import re
 import socket
 import time
+import ssl
 
 from Cookie import SimpleCookie
 from hashlib import sha1
 from urlparse import parse_qs
+from cherrypy import wsgiserver
+from cherrypy.wsgiserver import ssl_pyopenssl
 
 from saml2 import BINDING_HTTP_ARTIFACT
 from saml2 import BINDING_URI
@@ -1044,13 +1047,15 @@ def application(environ, start_response):
     parser.add_argument(dest="config")
     args = parser.parse_args()
 
+    CONFIG = importlib.import_module(args.config)
+
     AUTHN_BROKER = AuthnBroker()
     AUTHN_BROKER.add(authn_context_class_ref(PASSWORD),
                      username_password_authn, 10,
-                     "http://%s" % socket.gethostname())
+                     CONFIG.BASE)
     AUTHN_BROKER.add(authn_context_class_ref(UNSPECIFIED),
-                     "", 0, "http://%s" % socket.gethostname())
-    CONFIG = importlib.import_module(args.config)
+                     "", 0, CONFIG.BASE)
+
     IDP = server.Server(args.config, cache=Cache())
     IDP.ticket = {}
 
@@ -1062,6 +1067,17 @@ def application(environ, start_response):
     HOST = CONFIG.HOST
     PORT = CONFIG.PORT
 
-    SRV = make_server(HOST, PORT, application)
-    print("IdP listening on %s:%s" % (HOST, PORT))
-    SRV.serve_forever()
+    SRV = wsgiserver.CherryPyWSGIServer((HOST, PORT), application)
+
+    _https = ""
+    if CONFIG.HTTPS:
+        SRV.ssl_adapter = ssl_pyopenssl.pyOpenSSLAdapter(CONFIG.SERVER_CERT,
+                                                         CONFIG.SERVER_KEY, CONFIG.CERT_CHAIN)
+        _https = " using SSL/TLS"
+    logger.info("Server starting")
+    print("IDP listening on %s:%s%s" % (HOST, PORT, _https))
+    try:
+        SRV.start()
+    except KeyboardInterrupt:
+        SRV.stop()
+

example/idp2/idp_conf.py.example

@@ -15,25 +15,36 @@ except ImportError:
     get_xmlsec_binary = None
 
 if get_xmlsec_binary:
-    xmlsec_path = get_xmlsec_binary(["/opt/local/bin"])
+    xmlsec_path = get_xmlsec_binary(["/opt/local/bin","/usr/local/bin"])
 else:
-    xmlsec_path = '/usr/bin/xmlsec1'
+    xmlsec_path = '/usr/local/bin/xmlsec1'
 
 BASEDIR = os.path.abspath(os.path.dirname(__file__))
 
 
 def full_path(local_file):
     return os.path.join(BASEDIR, local_file)
 
+#HOST = '130.239.200.190'
 HOST = 'localhost'
 PORT = 8088
 
-BASE = "http://%s:%s" % (HOST, PORT)
+HTTPS = True
+
+if HTTPS:
+    BASE = "https://%s:%s" % (HOST, PORT)
+else:
+    BASE = "http://%s:%s" % (HOST, PORT)
+
+# HTTPS cert information
+SERVER_CERT = "pki/mycert.pem"
+SERVER_KEY = "pki/mykey.pem"
+CERT_CHAIN = ""
 
 CONFIG = {
     "entityid": "%s/idp.xml" % BASE,
     "description": "My IDP",
-    "valid_for": 168,
+    # "valid_for": 168,
     "service": {
         "aa": {
             "endpoints": {
@@ -81,6 +92,29 @@ CONFIG = {
                     ("%s/nim" % BASE, BINDING_SOAP),
                 ],
             },
+            "ui_info": {
+                "display_name": [
+                    {
+                        "text": "InAcademia.org - TEST",
+                        "lang": "en"
+                    }
+                ],
+                "description": [
+                    {
+                        "text": "The InAcademia Simple validation Sevice allows for the easy validation of affiliation (Student, Faculty, Staff) of a user in Academia. This is a TEST instance",
+                        "lang": "en"
+                    }
+                ],
+                "logo": [
+                    {
+                        "text": "https://inacademia.org/static/logo.png",
+                        "width": "120",
+                        "height": "60",
+                        "lang": "en"
+
+                    }
+                ],
+            },
             "policy": {
                 "default": {
                     "lifetime": {"minutes": 15},
@@ -98,19 +132,23 @@ CONFIG = {
     "key_file": full_path("pki/mykey.pem"),
     "cert_file": full_path("pki/mycert.pem"),
     "metadata": {
-        "local": [full_path("../sp-wsgi/sp.xml")],
+        #"local": [full_path("../sp-wsgi/sp.xml")],
+        "local": ["/Users/mathiashedstrom/work/DIRG/VOpaas_proxy/example/saml2.xml"],
+        # "local": ["/Users/mathiashedstrom/work/DIRG/VOpaas_proxy/example/proxy.xml"],
+        # "local": ["/Users/mathiashedstrom/work/DIRG/s2sproxy/example/proxy.xml"],
     },
     "organization": {
-        "display_name": "Rolands Identiteter",
-        "name": "Rolands Identiteter",
-        "url": "http://www.example.com",
+        "display_name": [("Rolands Identiteter", "en")],
+        "name": [("Rolands Identiteter", "se"), ("Rolands Identities", "en")],
+        "url": [("http://www.example.com", "en"), ("http://www.example.se", "se")],
     },
     "contact_person": [
         {
             "contact_type": "technical",
             "given_name": "Roland",
             "sur_name": "Hedberg",
-            "email_address": "[email protected]"
+            "email_address": ["[email protected]", "[email protected]"],
+
         }, {
             "contact_type": "support",
             "given_name": "Support",