Merge pull request #117 from HaToHo/master

Roland Hedberg · Roland Hedberg · commit a6ef5141a9f2 · 2014-05-13T10:19:20.000+02:00
Some minor changes and a fix to make the raspberry install scripts work better.
diff --git a/example/idp2/idp.py b/example/idp2/idp.py
@@ -1,4 +1,5 @@
 #!/usr/bin/env python
+import importlib
 import argparse
 import base64
 import re
@@ -484,7 +485,9 @@ def do_authentication(environ, start_response, authn_context, key,
 
 # -----------------------------------------------------------------------------
 
-PASSWD = {"haho0032": "qwerty",
+PASSWD = {
+          "daev0001": "qwerty",
+          "haho0032": "qwerty",
           "roland": "dianakra",
           "babs": "howes",
           "upper": "crust"}
@@ -981,7 +984,7 @@ def application(environ, start_response):
                  "http://%s" % socket.gethostname())
 AUTHN_BROKER.add(authn_context_class_ref(UNSPECIFIED),
                  "", 0, "http://%s" % socket.gethostname())
-
+CONFIG = importlib.import_module(args.config)
 IDP = server.Server(args.config, cache=Cache())
 IDP.ticket = {}
 
@@ -1011,8 +1014,8 @@ def application(environ, start_response):
                             module_directory=_rot + 'modules',
                             input_encoding='utf-8', output_encoding='utf-8')
 
-    HOST = '127.0.0.1'
-    PORT = 8088
+    HOST = CONFIG.HOST
+    PORT = CONFIG.PORT
 
     SRV = make_server(HOST, PORT, application)
     print "IdP listening on %s:%s" % (HOST, PORT)
diff --git a/example/idp2/idp_conf.py.example b/example/idp2/idp_conf.py.example
@@ -25,9 +25,10 @@ BASEDIR = os.path.abspath(os.path.dirname(__file__))
 def full_path(local_file):
     return os.path.join(BASEDIR, local_file)
 
-#BASE = "http://lingon.ladok.umu.se:8088"
-#BASE = "http://lingon.catalogix.se:8088"
-BASE = "http://localhost:8088"
+HOST = 'localhost'
+PORT = 8088
+
+BASE = "http://%s:%s" % (HOST, PORT)
 
 CONFIG = {
     "entityid": "%s/idp.xml" % BASE,
diff --git a/example/idp2/idp_user.py b/example/idp2/idp_user.py
@@ -1,10 +1,47 @@
+#from dirg_util.dict import LDAPDict
+#ldap_settings = {
+#    "ldapuri": "ldaps://ldap.test.umu.se",
+#    "base": "dc=umu, dc=se",
+#    "filter_pattern": "(uid=%s)",
+#    "user": "",
+#    "passwd": "",
+#    "attr": [
+#        "eduPersonScopedAffiliation",
+#        "eduPersonAffiliation",
+#        "eduPersonPrincipalName",
+#        "givenName",
+#        "sn",
+#        "mail",
+#        "uid",
+#        "o",
+#        "c",
+#        "labeledURI",
+#        "ou",
+#        "displayName",
+#        "norEduPersonLIN"
+#    ],
+#    "keymap": {
+#        "mail": "email",
+#        "labeledURI": "labeledURL",
+#    },
+#    "static_values": {
+#        "eduPersonTargetedID": "one!for!all",
+#    },
+#    "exact_match": True,
+#    "firstonly_len1": True,
+#    "timeout": 15,
+#}
+#Uncomment to use a LDAP directory instead.
+#USERS = LDAPDict(**ldap_settings)
+
 USERS = {
     "haho0032": {
         "sn": "Hoerberg",
-        "givenName": "Hans",
-        "eduPersonScopedAffiliation": "staff@example.com",
+        "givenName": "Hasse",
+        "eduPersonAffiliation": "student",
+        "eduPersonScopedAffiliation": "student@example.com",
         "eduPersonPrincipalName": "haho@example.com",
-        "uid": "haho",
+        "uid": "haho0032",
         "eduPersonTargetedID": "one!for!all",
         "c": "SE",
         "o": "Example Co.",
diff --git a/example/sp-repoze/sp.py b/example/sp-repoze/sp.py
@@ -2,7 +2,7 @@
 from Cookie import SimpleCookie
 import logging
 import os
-
+import sp_conf
 from sp_conf import CONFIG
 import re
 import subprocess
@@ -268,8 +268,8 @@ def application(environ, start_response):
                                             log_file="repoze_who.log")
 
 # ----------------------------------------------------------------------------
-HOST = '127.0.0.1'
-PORT = 8087
+HOST = sp_conf.HOST
+PORT = sp_conf.PORT
 
 # allow uwsgi or gunicorn mount
 # by moving some initialization out of __name__ == '__main__' section.
diff --git a/example/sp-repoze/sp_conf.example b/example/sp-repoze/sp_conf.example
@@ -1,8 +1,10 @@
 from saml2 import BINDING_HTTP_REDIRECT
 from saml2.saml import NAME_FORMAT_URI
 
-BASE= "http://localhost:8087"
-#BASE= "http://lingon.catalogix.se:8087"
+HOST = 'localhost'
+PORT = 8087
+
+BASE = "http://%s:%s" % (HOST, PORT)
 
 CONFIG = {
     "entityid": "%s/sp.xml" % BASE,
diff --git a/src/saml2/server.py b/src/saml2/server.py
@@ -479,7 +479,8 @@ def create_authn_response(self, identity, in_response_to, destination,
                     if not verify_encrypt_cert(encrypt_cert):
                         raise CertificateError("Invalid certificate for encryption!")
             else:
-                raise CertificateError("No certificate for encryption!")
+                raise CertificateError("No SPCertEncType certificate for encryption contained in authentication "
+                                       "request.")
         else:
             encrypt_assertion = False
 
