This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class Association(Base): | |
__tablename__ = 'association' | |
left_id = Column(Integer, ForeignKey('left.id'), primary_key=True) | |
right_id = Column(Integer, ForeignKey('right.id'), primary_key=True) | |
extra_data = Column(String(50)) | |
child = relationship("Child", backref="parent_assocs") | |
class Parent(Base): | |
__tablename__ = 'left' | |
id = Column(Integer, primary_key=True) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
unscoped federated token: | |
{ token: { 'id': '223423445dfgdfgdfg' | |
'groups': ['sdfsdf', 'sdfsdfsd', 'sdfsdfsd', 'dfgdfgdfg'], | |
'expires_at' : <timestamp>, | |
'issued_at': <timestamp>, | |
[ some more token related stuff here ] | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/keystone/contrib/federation/utils.py b/keystone/contrib/federation/utils.py | |
index 646ce99..577e2bb 100644 | |
--- a/keystone/contrib/federation/utils.py | |
+++ b/keystone/contrib/federation/utils.py | |
@@ -169,7 +169,8 @@ class RuleProcessor(object): | |
# semi-colon to indicate multiple values, i.e. groups. | |
# This will create a new dictionary where the values are arrays, and | |
# any multiple values are stored in the arrays. | |
- assertion = dict((n, v.split(';')) for n, v in assertion_data.items()) | |
+ assertion = dict((n, v.split(';')) for n, v in assertion_data.items() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def _get_assertion_params_from_env(self, context): | |
prefix = CONF.federation.assertion_prefix | |
for k, v in context['environment'].iteritems(): | |
if k.startswith(prefix): | |
yield (k, v) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
This simple client uses standard Python modules | |
along with the Python lxml toolkit from | |
http://lxml.de/ | |
to demonstrate how a SAML ECP client works. | |
Studying this client is not an acceptable replacement | |
for reading Draft 02 of the ECP profile [ECP] available at |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"rules": [ | |
{ | |
"local":[ | |
{ | |
"user": { | |
"name": "{0}" | |
} | |
} | |
], |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
WSGISocketPrefix /var/run/apache2 | |
<VirtualHost *:443> | |
WSGIScriptAliasMatch ^(/v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth)$ /var/www/keystone/main/$1 | |
WSGIScriptAlias / /var/www/keystone/main | |
WSGIDaemonProcess keystone-public user=stack group=stack processes=3 threads=10 home=/opt/stack/keystone | |
WSGIApplicationGroup %{GLOBAL} | |
WSGIProcessGRoup keystone-public | |
ErrorLog /var/log/apache2/keystone | |
LogLevel debug | |
CustomLog /var/log/apache2/access.log combined |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8"?> | |
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/"> | |
<soap11:Header> | |
<ecp:Response xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp" AssertionConsumerServiceURL="https://openstack4.local/Shibboleth.sso/SAML2/ECP" soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" soap11:mustUnderstand="1" /> | |
<samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec" soap11:actor="http://schemas.xmlsoap.org/soap/actor/next">d3i1G0SkPUcH0BhYwyS4Wv0MEENFArq61Jb4N5xX1Qw=</samlec:GeneratedKey> | |
</soap11:Header> | |
<soap11:Body> | |
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://openstack4.local/Shibboleth.sso/SAML2/ECP" ID="_bbbe6298d7ee586c915d952013875440" InResponseTo="_a07186e3992e70e92c17b9d249495643" IssueInstant="2014-06-09T09:48:58.945Z" Version="2.0"> | |
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8"?> | |
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_a69045cb285de87702e1ccad45674058" IssueInstant="2014-06-11T13:05:28.891Z" Version="2.0"> | |
<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://idp.testshib.org/idp/shibboleth</saml2:Issuer> | |
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> | |
<ds:SignedInfo> | |
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> | |
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /> | |
<ds:Reference URI="#_a69045cb285de87702e1ccad45674058"> | |
<ds:Transforms> | |
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> | |
<!-- First some useful eduPerson attributes that many sites might use. --> | |
<Attribute name="urn:mace:dir:attribute-def:eduPersonPrincipalName" id="eppn"> | |
<AttributeDecoder xsi:type="ScopedAttributeDecoder"/> | |
</Attribute> | |
<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" id="eppn"> | |
<AttributeDecoder xsi:type="ScopedAttributeDecoder"/> | |
</Attribute> |
OlderNewer