sources/saml: fix Metadata cert including PEM header
This commit is contained in:
Jens Langhammer
parent
c8b3c6e51a
commit
40a2a26904
|
|
@ -1,10 +1,7 @@
|
||||||
<md:EntityDescriptor
|
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
|
||||||
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
|
|
||||||
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
|
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
|
||||||
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
|
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="{{ entity_id }}">
|
||||||
entityID="{{ entity_id }}">
|
<md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
||||||
<md:SPSSODescriptor
|
|
||||||
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
|
||||||
<md:KeyDescriptor use="signing">
|
<md:KeyDescriptor use="signing">
|
||||||
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||||
<ds:X509Data>
|
<ds:X509Data>
|
||||||
|
|
@ -19,52 +16,7 @@
|
||||||
</ds:X509Data>
|
</ds:X509Data>
|
||||||
</ds:KeyInfo>
|
</ds:KeyInfo>
|
||||||
</md:KeyDescriptor>
|
</md:KeyDescriptor>
|
||||||
<md:NameIDFormat>
|
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
|
||||||
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
|
<md:AssertionConsumerService isDefault="true" index="0" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="{{ acs_url }}"/>
|
||||||
</md:NameIDFormat>
|
|
||||||
<md:AssertionConsumerService isDefault="true" index="0"
|
|
||||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
|
|
||||||
Location="{{ acs_url }}"/>
|
|
||||||
{% comment %}
|
|
||||||
<!-- Other bits that we might need. -->
|
|
||||||
<!-- Ref: saml-metadata-2.0-os.pdf, pg 10, section 2.3... -->
|
|
||||||
<md:NameIDFormat>
|
|
||||||
urn:oasis:names:tc:SAML:2.0:nameid-format:transient
|
|
||||||
</md:NameIDFormat>
|
|
||||||
<md:ArtifactResolutionService isDefault="true" index="0"
|
|
||||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
|
|
||||||
Location="https://sp.example.com/SAML2/ArtifactResolution"/>
|
|
||||||
<md:AssertionConsumerService index="1"
|
|
||||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
|
|
||||||
Location="https://sp.example.com/SAML2/Artifact"/>
|
|
||||||
<md:AttributeConsumingService isDefault="true" index="1">
|
|
||||||
<md:ServiceName xml:lang="en">
|
|
||||||
Service Provider Portal
|
|
||||||
</md:ServiceName>
|
|
||||||
<md:RequestedAttribute
|
|
||||||
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
|
|
||||||
Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1"
|
|
||||||
FriendlyName="eduPersonAffiliation">
|
|
||||||
</md:RequestedAttribute>
|
|
||||||
</md:AttributeConsumingService>
|
|
||||||
{% endcomment %}
|
|
||||||
</md:SPSSODescriptor>
|
</md:SPSSODescriptor>
|
||||||
{% comment %}
|
|
||||||
<!-- #TODO: Add support for optional Organization section -->
|
|
||||||
{# if org #}
|
|
||||||
<md:Organization>
|
|
||||||
<md:OrganizationName xml:lang="en">{{ org.name }}</md:OrganizationName>
|
|
||||||
<md:OrganizationDisplayName xml:lang="en">{{ org.display_name }}</md:OrganizationDisplayName>
|
|
||||||
<md:OrganizationURL xml:lang="en">{{ org.url }}</md:OrganizationURL>
|
|
||||||
</md:Organization>
|
|
||||||
{# endif #}
|
|
||||||
<!-- #TODO: Add support for optional ContactPerson section(s) -->
|
|
||||||
{# for contact in contacts #}
|
|
||||||
<md:ContactPerson contactType="{{ contact.type }}">
|
|
||||||
<md:GivenName>{{ contact.given_name }}</md:GivenName>
|
|
||||||
<md:SurName>{{ contact.sur_name }}</md:SurName>
|
|
||||||
<md:EmailAddress>{{ contact.email }}</md:EmailAddress>
|
|
||||||
</md:ContactPerson>
|
|
||||||
{# endfor #}
|
|
||||||
{% endcomment %}
|
|
||||||
</md:EntityDescriptor>
|
</md:EntityDescriptor>
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,7 @@ from django.shortcuts import get_object_or_404, redirect, render, reverse
|
||||||
from django.utils.decorators import method_decorator
|
from django.utils.decorators import method_decorator
|
||||||
from django.views import View
|
from django.views import View
|
||||||
from django.views.decorators.csrf import csrf_exempt
|
from django.views.decorators.csrf import csrf_exempt
|
||||||
|
from signxml.util import strip_pem_header
|
||||||
|
|
||||||
from passbook.providers.saml.utils import get_random_id, render_xml
|
from passbook.providers.saml.utils import get_random_id, render_xml
|
||||||
from passbook.providers.saml.utils.encoding import nice64
|
from passbook.providers.saml.utils.encoding import nice64
|
||||||
|
|
@ -97,12 +98,15 @@ class MetadataView(View):
|
||||||
"""Replies with the XML Metadata SPSSODescriptor."""
|
"""Replies with the XML Metadata SPSSODescriptor."""
|
||||||
source: SAMLSource = get_object_or_404(SAMLSource, slug=source_slug)
|
source: SAMLSource = get_object_or_404(SAMLSource, slug=source_slug)
|
||||||
entity_id = get_entity_id(request, source)
|
entity_id = get_entity_id(request, source)
|
||||||
|
cert_stripped = strip_pem_header(source.signing_cert.replace("\r", "")).replace(
|
||||||
|
"\n", ""
|
||||||
|
)
|
||||||
return render_xml(
|
return render_xml(
|
||||||
request,
|
request,
|
||||||
"saml/sp/xml/spssodescriptor.xml",
|
"saml/sp/xml/spssodescriptor.xml",
|
||||||
{
|
{
|
||||||
"acs_url": build_full_url("acs", request, source),
|
"acs_url": build_full_url("acs", request, source),
|
||||||
"entity_id": entity_id,
|
"entity_id": entity_id,
|
||||||
"cert_public_key": source.signing_cert,
|
"cert_public_key": cert_stripped,
|
||||||
},
|
},
|
||||||
)
|
)
|
||||||
|
|
|
||||||
Reference in New Issue