Skip to content

Instantly share code, notes, and snippets.

View zaccone's full-sized avatar
🏠
Working from home

Marek Denis zaccone

🏠
Working from home
View GitHub Profile
class Association(Base):
__tablename__ = 'association'
left_id = Column(Integer, ForeignKey('left.id'), primary_key=True)
right_id = Column(Integer, ForeignKey('right.id'), primary_key=True)
extra_data = Column(String(50))
child = relationship("Child", backref="parent_assocs")
class Parent(Base):
__tablename__ = 'left'
id = Column(Integer, primary_key=True)
unscoped federated token:
{ token: { 'id': '223423445dfgdfgdfg'
'groups': ['sdfsdf', 'sdfsdfsd', 'sdfsdfsd', 'dfgdfgdfg'],
'expires_at' : <timestamp>,
'issued_at': <timestamp>,
[ some more token related stuff here ]
}
}
diff --git a/keystone/contrib/federation/utils.py b/keystone/contrib/federation/utils.py
index 646ce99..577e2bb 100644
--- a/keystone/contrib/federation/utils.py
+++ b/keystone/contrib/federation/utils.py
@@ -169,7 +169,8 @@ class RuleProcessor(object):
# semi-colon to indicate multiple values, i.e. groups.
# This will create a new dictionary where the values are arrays, and
# any multiple values are stored in the arrays.
- assertion = dict((n, v.split(';')) for n, v in assertion_data.items())
+ assertion = dict((n, v.split(';')) for n, v in assertion_data.items()
def _get_assertion_params_from_env(self, context):
prefix = CONF.federation.assertion_prefix
for k, v in context['environment'].iteritems():
if k.startswith(prefix):
yield (k, v)
@zaccone
zaccone / Python ECP
Created March 24, 2014 08:16
Python ECP
"""
This simple client uses standard Python modules
along with the Python lxml toolkit from
http://lxml.de/
to demonstrate how a SAML ECP client works.
Studying this client is not an acceptable replacement
for reading Draft 02 of the ECP profile [ECP] available at
{
"rules": [
{
"local":[
{
"user": {
"name": "{0}"
}
}
],
@zaccone
zaccone / federated-keystone-vhost
Created May 2, 2014 08:36
Sample federated-keystone vhost configuration
WSGISocketPrefix /var/run/apache2
<VirtualHost *:443>
WSGIScriptAliasMatch ^(/v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth)$ /var/www/keystone/main/$1
WSGIScriptAlias / /var/www/keystone/main
WSGIDaemonProcess keystone-public user=stack group=stack processes=3 threads=10 home=/opt/stack/keystone
WSGIApplicationGroup %{GLOBAL}
WSGIProcessGRoup keystone-public
ErrorLog /var/log/apache2/keystone
LogLevel debug
CustomLog /var/log/apache2/access.log combined
@zaccone
zaccone / SAML2_ASSERTION
Created June 10, 2014 20:20
SAML2 assertion from testshib.org's IdP
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
<soap11:Header>
<ecp:Response xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp" AssertionConsumerServiceURL="https://openstack4.local/Shibboleth.sso/SAML2/ECP" soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" soap11:mustUnderstand="1" />
<samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec" soap11:actor="http://schemas.xmlsoap.org/soap/actor/next">d3i1G0SkPUcH0BhYwyS4Wv0MEENFArq61Jb4N5xX1Qw=</samlec:GeneratedKey>
</soap11:Header>
<soap11:Body>
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://openstack4.local/Shibboleth.sso/SAML2/ECP" ID="_bbbe6298d7ee586c915d952013875440" InResponseTo="_a07186e3992e70e92c17b9d249495643" IssueInstant="2014-06-09T09:48:58.945Z" Version="2.0">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity
<?xml version="1.0" encoding="UTF-8"?>
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_a69045cb285de87702e1ccad45674058" IssueInstant="2014-06-11T13:05:28.891Z" Version="2.0">
<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://idp.testshib.org/idp/shibboleth</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<ds:Reference URI="#_a69045cb285de87702e1ccad45674058">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<!-- First some useful eduPerson attributes that many sites might use. -->
<Attribute name="urn:mace:dir:attribute-def:eduPersonPrincipalName" id="eppn">
<AttributeDecoder xsi:type="ScopedAttributeDecoder"/>
</Attribute>
<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" id="eppn">
<AttributeDecoder xsi:type="ScopedAttributeDecoder"/>
</Attribute>