/usr/share/doc/python-pysaml2-doc/html/examples/sp.html is in python-pysaml2-doc 2.0.0-1+deb8u1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>An extremly simple example of a SAML2 service provider. — pysaml2 1.2.0beta documentation</title>
<link rel="stylesheet" href="../_static/default.css" type="text/css" />
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../',
VERSION: '1.2.0beta',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
};
</script>
<script type="text/javascript" src="../_static/jquery.js"></script>
<script type="text/javascript" src="../_static/underscore.js"></script>
<script type="text/javascript" src="../_static/doctools.js"></script>
<link rel="top" title="pysaml2 1.2.0beta documentation" href="../index.html" />
<link rel="up" title="These are examples of the usage of pySAML2!" href="index.html" />
<link rel="next" title="An extremly simple example of a SAML2 identity provider." href="idp.html" />
<link rel="prev" title="These are examples of the usage of pySAML2!" href="index.html" />
</head>
<body>
<div class="related">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="../genindex.html" title="General Index"
accesskey="I">index</a></li>
<li class="right" >
<a href="../py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li class="right" >
<a href="idp.html" title="An extremly simple example of a SAML2 identity provider."
accesskey="N">next</a> |</li>
<li class="right" >
<a href="index.html" title="These are examples of the usage of pySAML2!"
accesskey="P">previous</a> |</li>
<li><a href="../index.html">pysaml2 1.2.0beta documentation</a> »</li>
<li><a href="index.html" accesskey="U">These are examples of the usage of pySAML2!</a> »</li>
</ul>
</div>
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body">
<div class="section" id="an-extremly-simple-example-of-a-saml2-service-provider">
<span id="example-sp"></span><h1>An extremly simple example of a SAML2 service provider.<a class="headerlink" href="#an-extremly-simple-example-of-a-saml2-service-provider" title="Permalink to this headline">¶</a></h1>
<div class="section" id="how-it-works">
<h2>How it works<a class="headerlink" href="#how-it-works" title="Permalink to this headline">¶</a></h2>
<p>A SP works with authentication and possibly attribute aggregation.
Both of these functions can be seen as parts of the normal Repoze.who
setup. Namely the Challenger, Identifier and MetadataProvider parts.</p>
<p>Normal for Repoze.who Identifier and MetadataProvider plugins are that
they place information in environment variables. The convention is to place
identity information in environ[“repoze.who.identity”].
This is a dictionary with keys like ‘login’, and ‘repoze.who.userid’.</p>
<p>The SP follows this pattern and places the information gathered from
the IdP that handled the authentication and possible extra information
received from attribute authorities in the above mentioned dictionary under
the key ‘user’.</p>
<p>So in environ[“repoze.who.identity”] you will find a dictionary with
attributes and values, the attribute names used depends on what’s returned
from the IdP/AA. If there exists both a name and a friendly name, for
instance, the friendly name is used as the key.</p>
</div>
<div class="section" id="setup">
<h2>Setup<a class="headerlink" href="#setup" title="Permalink to this headline">¶</a></h2>
<p>I you look in the example/sp directory of the distribution you will see
the necessary files:</p>
<dl class="docutils">
<dt>application.py</dt>
<dd>which is the web application. In this case it will just print the
information provided by the IdP in a table.</dd>
<dt>sp_conf.py</dt>
<dd>The SPs configuration</dd>
<dt>who.ini</dt>
<dd>The repoze.who configuration file</dd>
</dl>
<p>And then there are two files with certificates, mykey.pem with the private
certificate and mycert.pem with the public part.</p>
<p>I’ll go through these step by step.</p>
</div>
<div class="section" id="the-application">
<h2>The application<a class="headerlink" href="#the-application" title="Permalink to this headline">¶</a></h2>
<p>Build to use the wsgiref’s simple_server, which is fine for testing but
not for production.</p>
</div>
<div class="section" id="sp-configuration">
<h2>SP configuration<a class="headerlink" href="#sp-configuration" title="Permalink to this headline">¶</a></h2>
<p>The configuration is written as described in <a class="reference internal" href="../howto/config.html#howto-config"><em>Configuration of pySAML2 entities</em></a>. It means among other
things that it’s easily testable as to the correct syntax.</p>
<p>You can see the whole file in example/sp/sp_conf.py, here I will go through
it line by line:</p>
<div class="highlight-python"><div class="highlight"><pre>"service": ["sp"],
</pre></div>
</div>
<p>Tells the software what type of services the software are suppost to
supply. It is used to check for the
completeness of the configuration and also when constructing metadata from
the configuration. More about that later. Allowed values are: “sp”
(service provider), “idp” (identity provider) and “aa” (attribute authority).</p>
<div class="highlight-python"><div class="highlight"><pre>"entityid" : "urn:mace:example.com:saml:sp",
"service_url" : "http://example.com:8087/",
</pre></div>
</div>
<p>The ID of the entity and the URL on which it is listening.:</p>
<div class="highlight-python"><div class="highlight"><pre>"idp_url" : "https://example.com/saml2/idp/SSOService.php",
</pre></div>
</div>
<p>Since this is a very simple SP it only need to know about one IdP, therefor there
is really no need for a metadata file or a WAYF-function or anything like that.
It needs the URL of the IdP and that’s all.:</p>
<div class="highlight-python"><div class="highlight"><pre>"my_name" : "My first SP",
</pre></div>
</div>
<p>This is just for informal purposes, not really needed but nice to do:</p>
<div class="highlight-python"><div class="highlight"><pre>"debug" : 1,
</pre></div>
</div>
<p>Well, at this point in time you’d really like to have as much information
as possible as to what’s going on, right ?</p>
<div class="highlight-python"><div class="highlight"><pre>"key_file" : "./mykey.pem",
"cert_file" : "./mycert.pem",
</pre></div>
</div>
<p>The necessary certificates.:</p>
<div class="highlight-python"><div class="highlight"><pre>"xmlsec_binary" : "/opt/local/bin/xmlsec1",
</pre></div>
</div>
<p>Right now the software is built to use xmlsec binaries and not the python
xmlsec package. There are reasons for this but I won’t go into them here.:</p>
<div class="highlight-python"><div class="highlight"><pre>"organization": {
"name": "Example Co",
#display_name
"url":"http://www.example.com/",
},
</pre></div>
</div>
<p>Information about the organization that is behind this SP, only used when
building metadata.</p>
<div class="highlight-python"><div class="highlight"><pre>"contact": [{
"given_name":"John",
"sur_name": "Smith",
"email_address": "john.smith@example.com",
#contact_type
#company
#telephone_number
}]
</pre></div>
</div>
<p>Another piece of information that only is matters if you build and distribute
metadata.</p>
<p>So, now to that part. In order to allow the IdP to talk to you you may have
to provide the one running the IdP with a metadata file.
If you have a SP configuration file similar to the one I’ve walked you
through here, but with your information. You can make the metadata file
by running the make_metadata script you can find in the tools directory.</p>
<p>Change directory to where you have the configuration file and do</p>
<div class="highlight-python"><div class="highlight"><pre>make_metadata.py sp_conf.py > metadata.xml
</pre></div>
</div>
</div>
<div class="section" id="repoze-configuration">
<h2>Repoze configuration<a class="headerlink" href="#repoze-configuration" title="Permalink to this headline">¶</a></h2>
<p>I’m not going through the INI file format here. You should read
<a class="reference external" href="http://static.repoze.org/whodocs/narr.html">Middleware Responsibilities</a>
to get a good introduction to the concept.</p>
<p>The configuration of the pysaml2 part in the applications middleware are
first the special module configuration, namely:</p>
<div class="highlight-python"><div class="highlight"><pre>[plugin:saml2auth]
use = s2repoze.plugins.sp:make_plugin
saml_conf = sp_conf.py
rememberer_name = auth_tkt
debug = 1
path_logout = .*/logout.*
</pre></div>
</div>
<p>Which contains a specification (“use”) of which function in which module
should be used to initialize the part. After that comes the name of the
file (“saml_conf”) that contains the PySaml2 configuration. The third line
(“rememberer_name”) points at the plugin that should be used to
remember the user information.</p>
<p>After this, the plugin is referenced in a couple of places:</p>
<div class="highlight-python"><div class="highlight"><pre>[identifiers]
plugins =
saml2auth
auth_tkt
[authenticators]
plugins = saml2auth
[challengers]
plugins = saml2auth
[mdproviders]
plugins = saml2auth
</pre></div>
</div>
<p>Which means that the plugin is used in all phases.</p>
</div>
<div class="section" id="id1">
<h2>The application<a class="headerlink" href="#id1" title="Permalink to this headline">¶</a></h2>
<p>Is as said before extremly simple. The only thing that is connected to
the PySaml2 configuration are at the bottom, namely where the server are.
You have to ascertain that this coincides with what is specified in the
PySaml2 configuration. Apart from that there really are no thing in
application.py that demands that you use PySaml2 as middleware. If you
switched to using the LDAP or CAS plugins nothing would change in the
application. In the application configuration yes! But not in the application.
And that is really how it should be done.</p>
<p>There is one assumption and that is that the middleware plugin that gathers
information about the user places the extra information in as value on the
“user” property in the dictionary found under the key “repoze.who.identity”
in the environment.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sphinxsidebar">
<div class="sphinxsidebarwrapper">
<h3><a href="../index.html">Table Of Contents</a></h3>
<ul>
<li><a class="reference internal" href="#">An extremly simple example of a SAML2 service provider.</a><ul>
<li><a class="reference internal" href="#how-it-works">How it works</a></li>
<li><a class="reference internal" href="#setup">Setup</a></li>
<li><a class="reference internal" href="#the-application">The application</a></li>
<li><a class="reference internal" href="#sp-configuration">SP configuration</a></li>
<li><a class="reference internal" href="#repoze-configuration">Repoze configuration</a></li>
<li><a class="reference internal" href="#id1">The application</a></li>
</ul>
</li>
</ul>
<h4>Previous topic</h4>
<p class="topless"><a href="index.html"
title="previous chapter">These are examples of the usage of pySAML2!</a></p>
<h4>Next topic</h4>
<p class="topless"><a href="idp.html"
title="next chapter">An extremly simple example of a SAML2 identity provider.</a></p>
<h3>This Page</h3>
<ul class="this-page-menu">
<li><a href="../_sources/examples/sp.txt"
rel="nofollow">Show Source</a></li>
</ul>
<div id="searchbox" style="display: none">
<h3>Quick search</h3>
<form class="search" action="../search.html" method="get">
<input type="text" name="q" />
<input type="submit" value="Go" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
<p class="searchtip" style="font-size: 90%">
Enter search terms or a module, class or function name.
</p>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
</div>
</div>
<div class="clearer"></div>
</div>
<div class="related">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="../genindex.html" title="General Index"
>index</a></li>
<li class="right" >
<a href="../py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li class="right" >
<a href="idp.html" title="An extremly simple example of a SAML2 identity provider."
>next</a> |</li>
<li class="right" >
<a href="index.html" title="These are examples of the usage of pySAML2!"
>previous</a> |</li>
<li><a href="../index.html">pysaml2 1.2.0beta documentation</a> »</li>
<li><a href="index.html" >These are examples of the usage of pySAML2!</a> »</li>
</ul>
</div>
<div class="footer">
© Copyright 2010-2011, Roland Hedberg.
Created using <a href="http://sphinx-doc.org/">Sphinx</a> 1.2.3.
</div>
</body>
</html>
|