Merge

Author: Hans Hörberg

README

@@ -4,23 +4,11 @@ README for PySAML2
 Dependencies
 ------------
 PySAML2 should be compatible with any python >= 2.6 not 3.X yet.
-To be able to sign/verify, encrypt/decrypt you need xmlsec1.
-The repoze stuff works best together with repoze.who .
-
-* http://www.aleksey.com/xmlsec/
-* http://static.repoze.org/whodocs/
 
 Install
 -------
-You need repoze.who to get the examples working, can be gotten through 
-easy_install
-
-    easy_install repoze.who
-
-Or from the PyPi site if you prefer to do it that way.
-You should get the latest version, which is right now 1.0.18 .
-
-You also need xmlsec, which you can find here:
+You will need xmlsec1 to be able to sign/verify, encrypt/decrypt.
+You can find xmlsec1 here:
 
     http://www.aleksey.com/xmlsec/
 
@@ -41,9 +29,9 @@ Project page on :
 
 https://github.com/rohe/pysaml2
 
-Use the [email protected] mailing list. Since we do not have
-publicly available bug tracker yet, bug reports should be emailed
-there too. 
+Use the [email protected] mailing list. Bug reports can either be emailed
+to this mailing list of added to the github repository
+https://github.com/rohe/pysaml2.
 
 You can subscribe to this mailing list at
 http://delfos.sci.uma.es/mailman/listinfo/pysaml2

example/idp/idp.xml

@@ -129,3 +129,16 @@ def full_path(local_file):
         "loglevel": "debug",
     }
 }
+
+# Authentication contexts
+
+    #(r'verify?(.*)$', do_verify),
+
+CAS_SERVER = "https://cas.umu.se"
+CAS_VERIFY = "%s/verify_cas" % BASE
+PWD_VERIFY = "%s/verify_pwd" % BASE
+
+AUTHORIZATION = {
+    "CAS" : {"ACR": "CAS", "WEIGHT": 1, "URL": CAS_VERIFY},
+    "UserPassword" : {"ACR": "PASSWORD", "WEIGHT": 2, "URL": PWD_VERIFY}
+}

example/idp/idp_conf.py renamed to example/idp/idp_conf.py.example

@@ -578,7 +578,8 @@ def _authn_context_decl_ref(self, decl_ref, authn_auth=None):
                        authenticating_authority=factory(
                            saml.AuthenticatingAuthority, text=authn_auth))
 
-    def _authn_context_class_ref(self, authn_class, authn_auth=None):
+    @staticmethod
+    def _authn_context_class_ref(authn_class, authn_auth=None):
         """
         Construct the authn context with a authn context class reference
         :param authn_class: The authn context class reference
@@ -596,45 +597,62 @@ def _authn_context_class_ref(self, authn_class, authn_auth=None):
                            authn_context_class_ref=cntx_class)
 
     def _authn_statement(self, authn_class=None, authn_auth=None,
-                         authn_decl=None, authn_decl_ref=None):
+                         authn_decl=None, authn_decl_ref=None, authn_instant="",
+                         subject_locality=""):
         """
         Construct the AuthnStatement
         :param authn_class: Authentication Context Class reference
         :param authn_auth: Authenticating Authority
         :param authn_decl: Authentication Context Declaration
         :param authn_decl_ref: Authentication Context Declaration reference
+        :param authn_instant: When the Authentication was performed.
+            Assumed to be seconds since the Epoch.
+        :param subject_locality: Specifies the DNS domain name and IP address
+            for the system from which the assertion subject was apparently
+            authenticated.
         :return: An AuthnContext instance
         """
+        if authn_instant:
+            _instant = instant(time_stamp=authn_instant)
+        else:
+            _instant = instant()
+
         if authn_class:
-            return factory(
+            res = factory(
                 saml.AuthnStatement,
-                authn_instant=instant(),
+                authn_instant=_instant,
                 session_index=sid(),
                 authn_context=self._authn_context_class_ref(
                     authn_class, authn_auth))
         elif authn_decl:
-            return factory(
+            res = factory(
                 saml.AuthnStatement,
-                authn_instant=instant(),
+                authn_instant=_instant,
                 session_index=sid(),
                 authn_context=self._authn_context_decl(authn_decl, authn_auth))
         elif authn_decl_ref:
-            return factory(
+            res = factory(
                 saml.AuthnStatement,
-                authn_instant=instant(),
+                authn_instant=_instant,
                 session_index=sid(),
                 authn_context=self._authn_context_decl_ref(authn_decl_ref,
                                                            authn_auth))
         else:
-            return factory(
+            res = factory(
                 saml.AuthnStatement,
-                authn_instant=instant(),
+                authn_instant=_instant,
                 session_index=sid())
 
+        if subject_locality:
+            res.subject_locality = saml.SubjectLocality(text=subject_locality)
+
+        return res
+
     def construct(self, sp_entity_id, in_response_to, consumer_url,
                   name_id, attrconvs, policy, issuer, authn_class=None,
                   authn_auth=None, authn_decl=None, encrypt=None,
-                  sec_context=None, authn_decl_ref=None):
+                  sec_context=None, authn_decl_ref=None, authn_instant="",
+                  subject_locality=""):
         """ Construct the Assertion 
         
         :param sp_entity_id: The entityid of the SP
@@ -651,6 +669,10 @@ def construct(self, sp_entity_id, in_response_to, consumer_url,
         :param encrypt: Whether to encrypt parts or all of the Assertion
         :param sec_context: The security context used when encrypting
         :param authn_decl_ref: An Authentication Context declaration reference
+        :param authn_instant: When the Authentication was performed
+        :param subject_locality: Specifies the DNS domain name and IP address
+            for the system from which the assertion subject was apparently
+            authenticated.
         :return: An Assertion instance
         """
 
@@ -677,7 +699,9 @@ def construct(self, sp_entity_id, in_response_to, consumer_url,
 
         if authn_auth or authn_class or authn_decl or authn_decl_ref:
             _authn_statement = self._authn_statement(authn_class, authn_auth,
-                                                     authn_decl, authn_decl_ref)
+                                                     authn_decl, authn_decl_ref,
+                                                     authn_instant,
+                                                     subject_locality)
         else:
             _authn_statement = None
 

example/idp2/idp_conf.py renamed to example/idp2/idp_conf.py.example

@@ -345,6 +345,26 @@ def entity_categories(self, entity_id):
 
         return res
 
+    def __eq__(self, other):
+        try:
+            assert isinstance(other, MetaData)
+        except AssertionError:
+            return False
+
+        if len(self.entity) != len(other.entity):
+            return False
+
+        if set(self.entity.keys()) != set(other.entity.keys()):
+            return False
+
+        for key, item in self.entity.items():
+            try:
+                assert item == other[key]
+            except AssertionError:
+                return False
+
+        return True
+
 
 class MetaDataFile(MetaData):
     """