diff --git a/course/exam.py b/course/exam.py
index 193dc1a7cb8b2b396864643a4fbac49135b79b7e..b04d09768599d5998a80abbf0f2b7597bca3a2cc 100644
--- a/course/exam.py
+++ b/course/exam.py
@@ -550,13 +550,14 @@ class ExamFacilityMiddleware(object):
resolver_match = resolve(request.path)
from course.exam import check_in_for_exam, issue_exam_ticket
- from course.auth import (user_profile, sign_in_by_email,
+ from course.auth import (user_profile, sign_in_choice, sign_in_by_email,
sign_in_stage2_with_token, sign_in_by_user_pw)
from course.flow import view_start_flow, view_flow_page
from django.contrib.auth.views import logout
ok = False
if resolver_match.func in [
+ sign_in_choice,
sign_in_by_email,
sign_in_stage2_with_token,
sign_in_by_user_pw,
@@ -567,6 +568,9 @@ class ExamFacilityMiddleware(object):
logout]:
ok = True
+ elif path.startswith("/saml2"):
+ ok = True
+
elif (
(request.user.is_staff
or
diff --git a/local_settings.py.example b/local_settings.py.example
index f4066d5c156a1d2debb434950017bf9d16ac73de..4f02a8a644d9008a5bf3b966b2e0eccc4eb23585 100644
--- a/local_settings.py.example
+++ b/local_settings.py.example
@@ -132,14 +132,14 @@ RELATE_MAINTENANCE_MODE = False
# May be set to a string to set a sitewide announcement visible on every page.
RELATE_SITE_ANNOUNCEMENT = None
+# }}}
+
# Uncomment this to enable i18n, change 'en-us' to locale name your language.
# Make sure you have generated, translate and compile the message file of your
# language. If commented, RELATE will use default language 'en-us'.
#LANGUAGE_CODE='en-us'
-# }}}
-
# {{{ exams and testing
RELATE_FACILITIES = {
@@ -157,4 +157,118 @@ RELATE_TICKET_MINUTES_VALID_AFTER_USE = 12*60
# }}}
+# {{{ saml2 (optional)
+
+if RELATE_SIGN_IN_BY_SAML2_ENABLED:
+ from os import path
+ import saml2.saml
+ _BASEDIR = path.dirname(path.abspath(__file__))
+
+ _BASE_URL = 'https://relate.cs.illinois.edu'
+
+ SAML_CONFIG = {
+ # full path to the xmlsec1 binary programm
+ 'xmlsec_binary': '/usr/bin/xmlsec1',
+
+ # your entity id, usually your subdomain plus the url to the metadata view
+ # (usually no need to change)
+ 'entityid': _BASE_URL + '/saml2/metadata/',
+
+ # directory with attribute mapping
+ # (already populated with samples from djangosaml2, usually no need to
+ # change)
+ 'attribute_map_dir': path.join(_BASEDIR, 'saml-config', 'attribute-maps'),
+
+ # this block states what services we provide
+ 'service': {
+ 'sp': {
+ 'name': 'RELATE SAML2 SP',
+ 'name_id_format': saml2.saml.NAMEID_FORMAT_PERSISTENT,
+ 'endpoints': {
+ # url and binding to the assertion consumer service view
+ # do not change the binding or service name
+ 'assertion_consumer_service': [
+ (_BASE_URL + '/saml2/acs/',
+ saml2.BINDING_HTTP_POST),
+ ],
+ # url and binding to the single logout service view
+ # do not change the binding or service name
+ 'single_logout_service': [
+ (_BASE_URL + '/saml2/ls/',
+ saml2.BINDING_HTTP_REDIRECT),
+ (_BASE_URL + '/saml2/ls/post',
+ saml2.BINDING_HTTP_POST),
+ ],
+ },
+
+ # attributes that this project needs to identify a user
+ 'required_attributes': ['uid'],
+
+ # attributes that may be useful to have but not required
+ 'optional_attributes': ['eduPersonAffiliation'],
+
+ # in this section the list of IdPs we talk to are defined
+ 'idp': {
+ # Find the entity ID of your IdP and make this the key here:
+ 'urn:mace:incommon:uiuc.edu': {
+ 'single_sign_on_service': {
+ # Add the POST and REDIRECT bindings for the sign on service here:
+ saml2.BINDING_HTTP_POST:
+ 'https://shibboleth.illinois.edu/idp/profile/SAML2/POST/SSO',
+ saml2.BINDING_HTTP_REDIRECT:
+ 'https://shibboleth.illinois.edu/idp/profile/SAML2/Redirect/SSO',
+ },
+ 'single_logout_service': {
+ # And the REDIRECT binding for the logout service here:
+ saml2.BINDING_HTTP_REDIRECT:
+ 'https://shibboleth.illinois.edu/idp/logout.jsp', # noqa
+ },
+ },
+ },
+ },
+ },
+
+ # You will get this XML file from your institution. It has finite validity
+ # and will need to be re-downloaded periodically.
+ #
+ # "itrust" is an example name that's valid for the University of Illinois.
+ # This particular file is public and lives at
+ # https://discovery.itrust.illinois.edu/itrust-metadata/itrust-metadata.xml
+
+ 'metadata': {
+ 'local': [path.join(_BASEDIR, 'saml-config', 'itrust-metadata.xml')],
+ },
+
+ # set to 1 to output debugging information
+ 'debug': 1,
+
+ # certificate
+ # see saml2-keygen.sh in this directory
+ 'key_file': path.join(_BASEDIR, 'saml-config', 'sp-key.pem'), # private part
+ 'cert_file': path.join(_BASEDIR, 'saml-config', 'sp-cert.pem'), # public part
+
+ # own metadata settings
+ 'contact_person': [
+ {'given_name': 'Andreas',
+ 'sur_name': 'Kloeckner',
+ 'company': 'CS - University of Illinois',
+ 'email_address': 'andreask@illinois.edu',
+ 'contact_type': 'technical'},
+ {'given_name': 'Andreas',
+ 'sur_name': 'Kloeckner',
+ 'company': 'CS - University of Illinois',
+ 'email_address': 'andreask@illinois.edu',
+ 'contact_type': 'administrative'},
+ ],
+ # you can set multilanguage information here
+ 'organization': {
+ 'name': [('RELATE', 'en')],
+ 'display_name': [('RELATE', 'en')],
+ 'url': [(_BASE_URL, 'en')],
+ },
+ 'valid_for': 24, # how long is our metadata valid
+ }
+
+# }}}
+
# vim: filetype=python:foldmethod=marker
diff --git a/relate/settings.py b/relate/settings.py
index 29e16a86506c78f83e120abaa9e36895a5e96ac9..c443133e62903adfbeb7b8bd45e5ed85a542267e 100644
--- a/relate/settings.py
+++ b/relate/settings.py
@@ -275,8 +275,6 @@ SAML_ATTRIBUTE_MAPPING = {
'sn': ('last_name', ),
}
-SAML_CONFIG = join(BASE_DIR, "saml_config.py")
-
# }}}
# vim: foldmethod=marker
diff --git a/relate/templates/djangosaml2/wayf.html b/relate/templates/djangosaml2/wayf.html
new file mode 100644
index 0000000000000000000000000000000000000000..8ccde294197fe00f97a8ff2e10e0dd93b58044c2
--- /dev/null
+++ b/relate/templates/djangosaml2/wayf.html
@@ -0,0 +1,12 @@
+{% extends "base.html" %}
+
+{% load i18n %}
+{% block content %}
+ <h1>{% trans "Institutional Login (SAML2)" %}</h1>
+ <p>{% trans "Please select your Identity Provider from the following list:" %}</p>
+ <ul>
+ {% for url, name in available_idps %}
+ <li><a href="{% url 'djangosaml2.views.login' %}?idp={{ url }}{% if came_from %}&next={{ came_from }}{% endif %}">{{ name }}</a></li>
+ {% endfor %}
+ </ul>
+{% endblock %}
diff --git a/relate/templates/sign-in-choice.html b/relate/templates/sign-in-choice.html
index e0105e1c31396b89bf2f03fa00824ed17baf81cb..9d9c3bdaab543d330773910c945aba56f7b11084 100644
--- a/relate/templates/sign-in-choice.html
+++ b/relate/templates/sign-in-choice.html
@@ -9,9 +9,10 @@
<li>
<a
class="btn btn-primary"
- href="#"
+ href="{% url "djangosaml2.views.login" %}"
role="button"><i class="fa fa-institution"></i>
{% trans "Sign in using your institution's login" %} »</a>
+ (not yet working, but getting there)
</li>
{% endif %}
{% if relate_sign_in_by_email_enabled %}
diff --git a/relate/urls.py b/relate/urls.py
index 9476131b3bfe10e29373d32c3a2efca98ee0e92c..33d66d26e757ce30a160bca08e84aa8e648bcc3c 100644
--- a/relate/urls.py
+++ b/relate/urls.py
@@ -447,12 +447,12 @@ if settings.RELATE_MAINTENANCE_MODE:
if settings.RELATE_SIGN_IN_BY_SAML2_ENABLED:
urlpatterns.extend([
- (r'^saml2/', include('djangosaml2.urls')),
+ url(r'^saml2/', include('djangosaml2.urls')),
])
if settings.DEBUG:
urlpatterns.extend([
# Keep commented unless debugging SAML2.
- (r'^saml2-test/', 'djangosaml2.views.echo_attributes'),
+ url(r'^saml2-test/', 'djangosaml2.views.echo_attributes'),
])
# vim: fdm=marker
diff --git a/saml-config/.gitignore b/saml-config/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..269fe8d099d89ae3297947e11fdd618978660179
--- /dev/null
+++ b/saml-config/.gitignore
@@ -0,0 +1,2 @@
+*.pem
+*meta*.xml
diff --git a/saml-config/attribute-maps/basic.py b/saml-config/attribute-maps/basic.py
new file mode 100644
index 0000000000000000000000000000000000000000..9311d547151b65b22c0f142a7430053ff4a0facb
--- /dev/null
+++ b/saml-config/attribute-maps/basic.py
@@ -0,0 +1,326 @@
+
+MAP = {
+ "identifier": "urn:oasis:names:tc:SAML:2.0:attrname-format:basic",
+ "fro": {
+ 'urn:mace:dir:attribute-def:aRecord': 'aRecord',
+ 'urn:mace:dir:attribute-def:aliasedEntryName': 'aliasedEntryName',
+ 'urn:mace:dir:attribute-def:aliasedObjectName': 'aliasedObjectName',
+ 'urn:mace:dir:attribute-def:associatedDomain': 'associatedDomain',
+ 'urn:mace:dir:attribute-def:associatedName': 'associatedName',
+ 'urn:mace:dir:attribute-def:audio': 'audio',
+ 'urn:mace:dir:attribute-def:authorityRevocationList': 'authorityRevocationList',
+ 'urn:mace:dir:attribute-def:buildingName': 'buildingName',
+ 'urn:mace:dir:attribute-def:businessCategory': 'businessCategory',
+ 'urn:mace:dir:attribute-def:c': 'c',
+ 'urn:mace:dir:attribute-def:cACertificate': 'cACertificate',
+ 'urn:mace:dir:attribute-def:cNAMERecord': 'cNAMERecord',
+ 'urn:mace:dir:attribute-def:carLicense': 'carLicense',
+ 'urn:mace:dir:attribute-def:certificateRevocationList': 'certificateRevocationList',
+ 'urn:mace:dir:attribute-def:cn': 'cn',
+ 'urn:mace:dir:attribute-def:co': 'co',
+ 'urn:mace:dir:attribute-def:commonName': 'commonName',
+ 'urn:mace:dir:attribute-def:countryName': 'countryName',
+ 'urn:mace:dir:attribute-def:crossCertificatePair': 'crossCertificatePair',
+ 'urn:mace:dir:attribute-def:dITRedirect': 'dITRedirect',
+ 'urn:mace:dir:attribute-def:dSAQuality': 'dSAQuality',
+ 'urn:mace:dir:attribute-def:dc': 'dc',
+ 'urn:mace:dir:attribute-def:deltaRevocationList': 'deltaRevocationList',
+ 'urn:mace:dir:attribute-def:departmentNumber': 'departmentNumber',
+ 'urn:mace:dir:attribute-def:description': 'description',
+ 'urn:mace:dir:attribute-def:destinationIndicator': 'destinationIndicator',
+ 'urn:mace:dir:attribute-def:displayName': 'displayName',
+ 'urn:mace:dir:attribute-def:distinguishedName': 'distinguishedName',
+ 'urn:mace:dir:attribute-def:dmdName': 'dmdName',
+ 'urn:mace:dir:attribute-def:dnQualifier': 'dnQualifier',
+ 'urn:mace:dir:attribute-def:documentAuthor': 'documentAuthor',
+ 'urn:mace:dir:attribute-def:documentIdentifier': 'documentIdentifier',
+ 'urn:mace:dir:attribute-def:documentLocation': 'documentLocation',
+ 'urn:mace:dir:attribute-def:documentPublisher': 'documentPublisher',
+ 'urn:mace:dir:attribute-def:documentTitle': 'documentTitle',
+ 'urn:mace:dir:attribute-def:documentVersion': 'documentVersion',
+ 'urn:mace:dir:attribute-def:domainComponent': 'domainComponent',
+ 'urn:mace:dir:attribute-def:drink': 'drink',
+ 'urn:mace:dir:attribute-def:eduOrgHomePageURI': 'eduOrgHomePageURI',
+ 'urn:mace:dir:attribute-def:eduOrgIdentityAuthNPolicyURI': 'eduOrgIdentityAuthNPolicyURI',
+ 'urn:mace:dir:attribute-def:eduOrgLegalName': 'eduOrgLegalName',
+ 'urn:mace:dir:attribute-def:eduOrgSuperiorURI': 'eduOrgSuperiorURI',
+ 'urn:mace:dir:attribute-def:eduOrgWhitePagesURI': 'eduOrgWhitePagesURI',
+ 'urn:mace:dir:attribute-def:eduPersonAffiliation': 'eduPersonAffiliation',
+ 'urn:mace:dir:attribute-def:eduPersonEntitlement': 'eduPersonEntitlement',
+ 'urn:mace:dir:attribute-def:eduPersonNickname': 'eduPersonNickname',
+ 'urn:mace:dir:attribute-def:eduPersonOrgDN': 'eduPersonOrgDN',
+ 'urn:mace:dir:attribute-def:eduPersonOrgUnitDN': 'eduPersonOrgUnitDN',
+ 'urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation': 'eduPersonPrimaryAffiliation',
+ 'urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN': 'eduPersonPrimaryOrgUnitDN',
+ 'urn:mace:dir:attribute-def:eduPersonPrincipalName': 'eduPersonPrincipalName',
+ 'urn:mace:dir:attribute-def:eduPersonScopedAffiliation': 'eduPersonScopedAffiliation',
+ 'urn:mace:dir:attribute-def:eduPersonTargetedID': 'eduPersonTargetedID',
+ 'urn:mace:dir:attribute-def:email': 'email',
+ 'urn:mace:dir:attribute-def:emailAddress': 'emailAddress',
+ 'urn:mace:dir:attribute-def:employeeNumber': 'employeeNumber',
+ 'urn:mace:dir:attribute-def:employeeType': 'employeeType',
+ 'urn:mace:dir:attribute-def:enhancedSearchGuide': 'enhancedSearchGuide',
+ 'urn:mace:dir:attribute-def:facsimileTelephoneNumber': 'facsimileTelephoneNumber',
+ 'urn:mace:dir:attribute-def:favouriteDrink': 'favouriteDrink',
+ 'urn:mace:dir:attribute-def:fax': 'fax',
+ 'urn:mace:dir:attribute-def:federationFeideSchemaVersion': 'federationFeideSchemaVersion',
+ 'urn:mace:dir:attribute-def:friendlyCountryName': 'friendlyCountryName',
+ 'urn:mace:dir:attribute-def:generationQualifier': 'generationQualifier',
+ 'urn:mace:dir:attribute-def:givenName': 'givenName',
+ 'urn:mace:dir:attribute-def:gn': 'gn',
+ 'urn:mace:dir:attribute-def:homePhone': 'homePhone',
+ 'urn:mace:dir:attribute-def:homePostalAddress': 'homePostalAddress',
+ 'urn:mace:dir:attribute-def:homeTelephoneNumber': 'homeTelephoneNumber',
+ 'urn:mace:dir:attribute-def:host': 'host',
+ 'urn:mace:dir:attribute-def:houseIdentifier': 'houseIdentifier',
+ 'urn:mace:dir:attribute-def:info': 'info',
+ 'urn:mace:dir:attribute-def:initials': 'initials',
+ 'urn:mace:dir:attribute-def:internationaliSDNNumber': 'internationaliSDNNumber',
+ 'urn:mace:dir:attribute-def:janetMailbox': 'janetMailbox',
+ 'urn:mace:dir:attribute-def:jpegPhoto': 'jpegPhoto',
+ 'urn:mace:dir:attribute-def:knowledgeInformation': 'knowledgeInformation',
+ 'urn:mace:dir:attribute-def:l': 'l',
+ 'urn:mace:dir:attribute-def:labeledURI': 'labeledURI',
+ 'urn:mace:dir:attribute-def:localityName': 'localityName',
+ 'urn:mace:dir:attribute-def:mDRecord': 'mDRecord',
+ 'urn:mace:dir:attribute-def:mXRecord': 'mXRecord',
+ 'urn:mace:dir:attribute-def:mail': 'mail',
+ 'urn:mace:dir:attribute-def:mailPreferenceOption': 'mailPreferenceOption',
+ 'urn:mace:dir:attribute-def:manager': 'manager',
+ 'urn:mace:dir:attribute-def:member': 'member',
+ 'urn:mace:dir:attribute-def:mobile': 'mobile',
+ 'urn:mace:dir:attribute-def:mobileTelephoneNumber': 'mobileTelephoneNumber',
+ 'urn:mace:dir:attribute-def:nSRecord': 'nSRecord',
+ 'urn:mace:dir:attribute-def:name': 'name',
+ 'urn:mace:dir:attribute-def:norEduOrgAcronym': 'norEduOrgAcronym',
+ 'urn:mace:dir:attribute-def:norEduOrgNIN': 'norEduOrgNIN',
+ 'urn:mace:dir:attribute-def:norEduOrgSchemaVersion': 'norEduOrgSchemaVersion',
+ 'urn:mace:dir:attribute-def:norEduOrgUniqueIdentifier': 'norEduOrgUniqueIdentifier',
+ 'urn:mace:dir:attribute-def:norEduOrgUniqueNumber': 'norEduOrgUniqueNumber',
+ 'urn:mace:dir:attribute-def:norEduOrgUnitUniqueIdentifier': 'norEduOrgUnitUniqueIdentifier',
+ 'urn:mace:dir:attribute-def:norEduOrgUnitUniqueNumber': 'norEduOrgUnitUniqueNumber',
+ 'urn:mace:dir:attribute-def:norEduPersonBirthDate': 'norEduPersonBirthDate',
+ 'urn:mace:dir:attribute-def:norEduPersonLIN': 'norEduPersonLIN',
+ 'urn:mace:dir:attribute-def:norEduPersonNIN': 'norEduPersonNIN',
+ 'urn:mace:dir:attribute-def:o': 'o',
+ 'urn:mace:dir:attribute-def:objectClass': 'objectClass',
+ 'urn:mace:dir:attribute-def:organizationName': 'organizationName',
+ 'urn:mace:dir:attribute-def:organizationalStatus': 'organizationalStatus',
+ 'urn:mace:dir:attribute-def:organizationalUnitName': 'organizationalUnitName',
+ 'urn:mace:dir:attribute-def:otherMailbox': 'otherMailbox',
+ 'urn:mace:dir:attribute-def:ou': 'ou',
+ 'urn:mace:dir:attribute-def:owner': 'owner',
+ 'urn:mace:dir:attribute-def:pager': 'pager',
+ 'urn:mace:dir:attribute-def:pagerTelephoneNumber': 'pagerTelephoneNumber',
+ 'urn:mace:dir:attribute-def:personalSignature': 'personalSignature',
+ 'urn:mace:dir:attribute-def:personalTitle': 'personalTitle',
+ 'urn:mace:dir:attribute-def:photo': 'photo',
+ 'urn:mace:dir:attribute-def:physicalDeliveryOfficeName': 'physicalDeliveryOfficeName',
+ 'urn:mace:dir:attribute-def:pkcs9email': 'pkcs9email',
+ 'urn:mace:dir:attribute-def:postOfficeBox': 'postOfficeBox',
+ 'urn:mace:dir:attribute-def:postalAddress': 'postalAddress',
+ 'urn:mace:dir:attribute-def:postalCode': 'postalCode',
+ 'urn:mace:dir:attribute-def:preferredDeliveryMethod': 'preferredDeliveryMethod',
+ 'urn:mace:dir:attribute-def:preferredLanguage': 'preferredLanguage',
+ 'urn:mace:dir:attribute-def:presentationAddress': 'presentationAddress',
+ 'urn:mace:dir:attribute-def:protocolInformation': 'protocolInformation',
+ 'urn:mace:dir:attribute-def:pseudonym': 'pseudonym',
+ 'urn:mace:dir:attribute-def:registeredAddress': 'registeredAddress',
+ 'urn:mace:dir:attribute-def:rfc822Mailbox': 'rfc822Mailbox',
+ 'urn:mace:dir:attribute-def:roleOccupant': 'roleOccupant',
+ 'urn:mace:dir:attribute-def:roomNumber': 'roomNumber',
+ 'urn:mace:dir:attribute-def:sOARecord': 'sOARecord',
+ 'urn:mace:dir:attribute-def:searchGuide': 'searchGuide',
+ 'urn:mace:dir:attribute-def:secretary': 'secretary',
+ 'urn:mace:dir:attribute-def:seeAlso': 'seeAlso',
+ 'urn:mace:dir:attribute-def:serialNumber': 'serialNumber',
+ 'urn:mace:dir:attribute-def:singleLevelQuality': 'singleLevelQuality',
+ 'urn:mace:dir:attribute-def:sn': 'sn',
+ 'urn:mace:dir:attribute-def:st': 'st',
+ 'urn:mace:dir:attribute-def:stateOrProvinceName': 'stateOrProvinceName',
+ 'urn:mace:dir:attribute-def:street': 'street',
+ 'urn:mace:dir:attribute-def:streetAddress': 'streetAddress',
+ 'urn:mace:dir:attribute-def:subtreeMaximumQuality': 'subtreeMaximumQuality',
+ 'urn:mace:dir:attribute-def:subtreeMinimumQuality': 'subtreeMinimumQuality',
+ 'urn:mace:dir:attribute-def:supportedAlgorithms': 'supportedAlgorithms',
+ 'urn:mace:dir:attribute-def:supportedApplicationContext': 'supportedApplicationContext',
+ 'urn:mace:dir:attribute-def:surname': 'surname',
+ 'urn:mace:dir:attribute-def:telephoneNumber': 'telephoneNumber',
+ 'urn:mace:dir:attribute-def:teletexTerminalIdentifier': 'teletexTerminalIdentifier',
+ 'urn:mace:dir:attribute-def:telexNumber': 'telexNumber',
+ 'urn:mace:dir:attribute-def:textEncodedORAddress': 'textEncodedORAddress',
+ 'urn:mace:dir:attribute-def:title': 'title',
+ 'urn:mace:dir:attribute-def:uid': 'uid',
+ 'urn:mace:dir:attribute-def:uniqueIdentifier': 'uniqueIdentifier',
+ 'urn:mace:dir:attribute-def:uniqueMember': 'uniqueMember',
+ 'urn:mace:dir:attribute-def:userCertificate': 'userCertificate',
+ 'urn:mace:dir:attribute-def:userClass': 'userClass',
+ 'urn:mace:dir:attribute-def:userPKCS12': 'userPKCS12',
+ 'urn:mace:dir:attribute-def:userPassword': 'userPassword',
+ 'urn:mace:dir:attribute-def:userSMIMECertificate': 'userSMIMECertificate',
+ 'urn:mace:dir:attribute-def:userid': 'userid',
+ 'urn:mace:dir:attribute-def:x121Address': 'x121Address',
+ 'urn:mace:dir:attribute-def:x500UniqueIdentifier': 'x500UniqueIdentifier',
+ },
+ "to": {
+ 'aRecord': 'urn:mace:dir:attribute-def:aRecord',
+ 'aliasedEntryName': 'urn:mace:dir:attribute-def:aliasedEntryName',
+ 'aliasedObjectName': 'urn:mace:dir:attribute-def:aliasedObjectName',
+ 'associatedDomain': 'urn:mace:dir:attribute-def:associatedDomain',
+ 'associatedName': 'urn:mace:dir:attribute-def:associatedName',
+ 'audio': 'urn:mace:dir:attribute-def:audio',
+ 'authorityRevocationList': 'urn:mace:dir:attribute-def:authorityRevocationList',
+ 'buildingName': 'urn:mace:dir:attribute-def:buildingName',
+ 'businessCategory': 'urn:mace:dir:attribute-def:businessCategory',
+ 'c': 'urn:mace:dir:attribute-def:c',
+ 'cACertificate': 'urn:mace:dir:attribute-def:cACertificate',
+ 'cNAMERecord': 'urn:mace:dir:attribute-def:cNAMERecord',
+ 'carLicense': 'urn:mace:dir:attribute-def:carLicense',
+ 'certificateRevocationList': 'urn:mace:dir:attribute-def:certificateRevocationList',
+ 'cn': 'urn:mace:dir:attribute-def:cn',
+ 'co': 'urn:mace:dir:attribute-def:co',
+ 'commonName': 'urn:mace:dir:attribute-def:commonName',
+ 'countryName': 'urn:mace:dir:attribute-def:countryName',
+ 'crossCertificatePair': 'urn:mace:dir:attribute-def:crossCertificatePair',
+ 'dITRedirect': 'urn:mace:dir:attribute-def:dITRedirect',
+ 'dSAQuality': 'urn:mace:dir:attribute-def:dSAQuality',
+ 'dc': 'urn:mace:dir:attribute-def:dc',
+ 'deltaRevocationList': 'urn:mace:dir:attribute-def:deltaRevocationList',
+ 'departmentNumber': 'urn:mace:dir:attribute-def:departmentNumber',
+ 'description': 'urn:mace:dir:attribute-def:description',
+ 'destinationIndicator': 'urn:mace:dir:attribute-def:destinationIndicator',
+ 'displayName': 'urn:mace:dir:attribute-def:displayName',
+ 'distinguishedName': 'urn:mace:dir:attribute-def:distinguishedName',
+ 'dmdName': 'urn:mace:dir:attribute-def:dmdName',
+ 'dnQualifier': 'urn:mace:dir:attribute-def:dnQualifier',
+ 'documentAuthor': 'urn:mace:dir:attribute-def:documentAuthor',
+ 'documentIdentifier': 'urn:mace:dir:attribute-def:documentIdentifier',
+ 'documentLocation': 'urn:mace:dir:attribute-def:documentLocation',
+ 'documentPublisher': 'urn:mace:dir:attribute-def:documentPublisher',
+ 'documentTitle': 'urn:mace:dir:attribute-def:documentTitle',
+ 'documentVersion': 'urn:mace:dir:attribute-def:documentVersion',
+ 'domainComponent': 'urn:mace:dir:attribute-def:domainComponent',
+ 'drink': 'urn:mace:dir:attribute-def:drink',
+ 'eduOrgHomePageURI': 'urn:mace:dir:attribute-def:eduOrgHomePageURI',
+ 'eduOrgIdentityAuthNPolicyURI': 'urn:mace:dir:attribute-def:eduOrgIdentityAuthNPolicyURI',
+ 'eduOrgLegalName': 'urn:mace:dir:attribute-def:eduOrgLegalName',
+ 'eduOrgSuperiorURI': 'urn:mace:dir:attribute-def:eduOrgSuperiorURI',
+ 'eduOrgWhitePagesURI': 'urn:mace:dir:attribute-def:eduOrgWhitePagesURI',
+ 'eduPersonAffiliation': 'urn:mace:dir:attribute-def:eduPersonAffiliation',
+ 'eduPersonEntitlement': 'urn:mace:dir:attribute-def:eduPersonEntitlement',
+ 'eduPersonNickname': 'urn:mace:dir:attribute-def:eduPersonNickname',
+ 'eduPersonOrgDN': 'urn:mace:dir:attribute-def:eduPersonOrgDN',
+ 'eduPersonOrgUnitDN': 'urn:mace:dir:attribute-def:eduPersonOrgUnitDN',
+ 'eduPersonPrimaryAffiliation': 'urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation',
+ 'eduPersonPrimaryOrgUnitDN': 'urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN',
+ 'eduPersonPrincipalName': 'urn:mace:dir:attribute-def:eduPersonPrincipalName',
+ 'eduPersonScopedAffiliation': 'urn:mace:dir:attribute-def:eduPersonScopedAffiliation',
+ 'eduPersonTargetedID': 'urn:mace:dir:attribute-def:eduPersonTargetedID',
+ 'email': 'urn:mace:dir:attribute-def:email',
+ 'emailAddress': 'urn:mace:dir:attribute-def:emailAddress',
+ 'employeeNumber': 'urn:mace:dir:attribute-def:employeeNumber',
+ 'employeeType': 'urn:mace:dir:attribute-def:employeeType',
+ 'enhancedSearchGuide': 'urn:mace:dir:attribute-def:enhancedSearchGuide',
+ 'facsimileTelephoneNumber': 'urn:mace:dir:attribute-def:facsimileTelephoneNumber',
+ 'favouriteDrink': 'urn:mace:dir:attribute-def:favouriteDrink',
+ 'fax': 'urn:mace:dir:attribute-def:fax',
+ 'federationFeideSchemaVersion': 'urn:mace:dir:attribute-def:federationFeideSchemaVersion',
+ 'friendlyCountryName': 'urn:mace:dir:attribute-def:friendlyCountryName',
+ 'generationQualifier': 'urn:mace:dir:attribute-def:generationQualifier',
+ 'givenName': 'urn:mace:dir:attribute-def:givenName',
+ 'gn': 'urn:mace:dir:attribute-def:gn',
+ 'homePhone': 'urn:mace:dir:attribute-def:homePhone',
+ 'homePostalAddress': 'urn:mace:dir:attribute-def:homePostalAddress',
+ 'homeTelephoneNumber': 'urn:mace:dir:attribute-def:homeTelephoneNumber',
+ 'host': 'urn:mace:dir:attribute-def:host',
+ 'houseIdentifier': 'urn:mace:dir:attribute-def:houseIdentifier',
+ 'info': 'urn:mace:dir:attribute-def:info',
+ 'initials': 'urn:mace:dir:attribute-def:initials',
+ 'internationaliSDNNumber': 'urn:mace:dir:attribute-def:internationaliSDNNumber',
+ 'janetMailbox': 'urn:mace:dir:attribute-def:janetMailbox',
+ 'jpegPhoto': 'urn:mace:dir:attribute-def:jpegPhoto',
+ 'knowledgeInformation': 'urn:mace:dir:attribute-def:knowledgeInformation',
+ 'l': 'urn:mace:dir:attribute-def:l',
+ 'labeledURI': 'urn:mace:dir:attribute-def:labeledURI',
+ 'localityName': 'urn:mace:dir:attribute-def:localityName',
+ 'mDRecord': 'urn:mace:dir:attribute-def:mDRecord',
+ 'mXRecord': 'urn:mace:dir:attribute-def:mXRecord',
+ 'mail': 'urn:mace:dir:attribute-def:mail',
+ 'mailPreferenceOption': 'urn:mace:dir:attribute-def:mailPreferenceOption',
+ 'manager': 'urn:mace:dir:attribute-def:manager',
+ 'member': 'urn:mace:dir:attribute-def:member',
+ 'mobile': 'urn:mace:dir:attribute-def:mobile',
+ 'mobileTelephoneNumber': 'urn:mace:dir:attribute-def:mobileTelephoneNumber',
+ 'nSRecord': 'urn:mace:dir:attribute-def:nSRecord',
+ 'name': 'urn:mace:dir:attribute-def:name',
+ 'norEduOrgAcronym': 'urn:mace:dir:attribute-def:norEduOrgAcronym',
+ 'norEduOrgNIN': 'urn:mace:dir:attribute-def:norEduOrgNIN',
+ 'norEduOrgSchemaVersion': 'urn:mace:dir:attribute-def:norEduOrgSchemaVersion',
+ 'norEduOrgUniqueIdentifier': 'urn:mace:dir:attribute-def:norEduOrgUniqueIdentifier',
+ 'norEduOrgUniqueNumber': 'urn:mace:dir:attribute-def:norEduOrgUniqueNumber',
+ 'norEduOrgUnitUniqueIdentifier': 'urn:mace:dir:attribute-def:norEduOrgUnitUniqueIdentifier',
+ 'norEduOrgUnitUniqueNumber': 'urn:mace:dir:attribute-def:norEduOrgUnitUniqueNumber',
+ 'norEduPersonBirthDate': 'urn:mace:dir:attribute-def:norEduPersonBirthDate',
+ 'norEduPersonLIN': 'urn:mace:dir:attribute-def:norEduPersonLIN',
+ 'norEduPersonNIN': 'urn:mace:dir:attribute-def:norEduPersonNIN',
+ 'o': 'urn:mace:dir:attribute-def:o',
+ 'objectClass': 'urn:mace:dir:attribute-def:objectClass',
+ 'organizationName': 'urn:mace:dir:attribute-def:organizationName',
+ 'organizationalStatus': 'urn:mace:dir:attribute-def:organizationalStatus',
+ 'organizationalUnitName': 'urn:mace:dir:attribute-def:organizationalUnitName',
+ 'otherMailbox': 'urn:mace:dir:attribute-def:otherMailbox',
+ 'ou': 'urn:mace:dir:attribute-def:ou',
+ 'owner': 'urn:mace:dir:attribute-def:owner',
+ 'pager': 'urn:mace:dir:attribute-def:pager',
+ 'pagerTelephoneNumber': 'urn:mace:dir:attribute-def:pagerTelephoneNumber',
+ 'personalSignature': 'urn:mace:dir:attribute-def:personalSignature',
+ 'personalTitle': 'urn:mace:dir:attribute-def:personalTitle',
+ 'photo': 'urn:mace:dir:attribute-def:photo',
+ 'physicalDeliveryOfficeName': 'urn:mace:dir:attribute-def:physicalDeliveryOfficeName',
+ 'pkcs9email': 'urn:mace:dir:attribute-def:pkcs9email',
+ 'postOfficeBox': 'urn:mace:dir:attribute-def:postOfficeBox',
+ 'postalAddress': 'urn:mace:dir:attribute-def:postalAddress',
+ 'postalCode': 'urn:mace:dir:attribute-def:postalCode',
+ 'preferredDeliveryMethod': 'urn:mace:dir:attribute-def:preferredDeliveryMethod',
+ 'preferredLanguage': 'urn:mace:dir:attribute-def:preferredLanguage',
+ 'presentationAddress': 'urn:mace:dir:attribute-def:presentationAddress',
+ 'protocolInformation': 'urn:mace:dir:attribute-def:protocolInformation',
+ 'pseudonym': 'urn:mace:dir:attribute-def:pseudonym',
+ 'registeredAddress': 'urn:mace:dir:attribute-def:registeredAddress',
+ 'rfc822Mailbox': 'urn:mace:dir:attribute-def:rfc822Mailbox',
+ 'roleOccupant': 'urn:mace:dir:attribute-def:roleOccupant',
+ 'roomNumber': 'urn:mace:dir:attribute-def:roomNumber',
+ 'sOARecord': 'urn:mace:dir:attribute-def:sOARecord',
+ 'searchGuide': 'urn:mace:dir:attribute-def:searchGuide',
+ 'secretary': 'urn:mace:dir:attribute-def:secretary',
+ 'seeAlso': 'urn:mace:dir:attribute-def:seeAlso',
+ 'serialNumber': 'urn:mace:dir:attribute-def:serialNumber',
+ 'singleLevelQuality': 'urn:mace:dir:attribute-def:singleLevelQuality',
+ 'sn': 'urn:mace:dir:attribute-def:sn',
+ 'st': 'urn:mace:dir:attribute-def:st',
+ 'stateOrProvinceName': 'urn:mace:dir:attribute-def:stateOrProvinceName',
+ 'street': 'urn:mace:dir:attribute-def:street',
+ 'streetAddress': 'urn:mace:dir:attribute-def:streetAddress',
+ 'subtreeMaximumQuality': 'urn:mace:dir:attribute-def:subtreeMaximumQuality',
+ 'subtreeMinimumQuality': 'urn:mace:dir:attribute-def:subtreeMinimumQuality',
+ 'supportedAlgorithms': 'urn:mace:dir:attribute-def:supportedAlgorithms',
+ 'supportedApplicationContext': 'urn:mace:dir:attribute-def:supportedApplicationContext',
+ 'surname': 'urn:mace:dir:attribute-def:surname',
+ 'telephoneNumber': 'urn:mace:dir:attribute-def:telephoneNumber',
+ 'teletexTerminalIdentifier': 'urn:mace:dir:attribute-def:teletexTerminalIdentifier',
+ 'telexNumber': 'urn:mace:dir:attribute-def:telexNumber',
+ 'textEncodedORAddress': 'urn:mace:dir:attribute-def:textEncodedORAddress',
+ 'title': 'urn:mace:dir:attribute-def:title',
+ 'uid': 'urn:mace:dir:attribute-def:uid',
+ 'uniqueIdentifier': 'urn:mace:dir:attribute-def:uniqueIdentifier',
+ 'uniqueMember': 'urn:mace:dir:attribute-def:uniqueMember',
+ 'userCertificate': 'urn:mace:dir:attribute-def:userCertificate',
+ 'userClass': 'urn:mace:dir:attribute-def:userClass',
+ 'userPKCS12': 'urn:mace:dir:attribute-def:userPKCS12',
+ 'userPassword': 'urn:mace:dir:attribute-def:userPassword',
+ 'userSMIMECertificate': 'urn:mace:dir:attribute-def:userSMIMECertificate',
+ 'userid': 'urn:mace:dir:attribute-def:userid',
+ 'x121Address': 'urn:mace:dir:attribute-def:x121Address',
+ 'x500UniqueIdentifier': 'urn:mace:dir:attribute-def:x500UniqueIdentifier',
+ }
+}
\ No newline at end of file
diff --git a/saml-config/attribute-maps/shibboleth_uri.py b/saml-config/attribute-maps/shibboleth_uri.py
new file mode 100644
index 0000000000000000000000000000000000000000..d26bf00614545e04560f7524ce3f1dca45bbe065
--- /dev/null
+++ b/saml-config/attribute-maps/shibboleth_uri.py
@@ -0,0 +1,190 @@
+EDUPERSON_OID = "urn:oid:1.3.6.1.4.1.5923.1.1.1."
+X500ATTR = "urn:oid:2.5.4."
+NOREDUPERSON_OID = "urn:oid:1.3.6.1.4.1.2428.90.1."
+NETSCAPE_LDAP = "urn:oid:2.16.840.1.113730.3.1."
+UCL_DIR_PILOT = "urn:oid:0.9.2342.19200300.100.1."
+PKCS_9 = "urn:oid:1.2.840.113549.1.9."
+UMICH = "urn:oid:1.3.6.1.4.1.250.1.57."
+
+MAP = {
+ "identifier": "urn:mace:shibboleth:1.0:attributeNamespace:uri",
+ "fro": {
+ EDUPERSON_OID+'2': 'eduPersonNickname',
+ EDUPERSON_OID+'9': 'eduPersonScopedAffiliation',
+ EDUPERSON_OID+'11': 'eduPersonAssurance',
+ EDUPERSON_OID+'10': 'eduPersonTargetedID',
+ EDUPERSON_OID+'4': 'eduPersonOrgUnitDN',
+ NOREDUPERSON_OID+'6': 'norEduOrgAcronym',
+ NOREDUPERSON_OID+'7': 'norEduOrgUniqueIdentifier',
+ NOREDUPERSON_OID+'4': 'norEduPersonLIN',
+ EDUPERSON_OID+'1': 'eduPersonAffiliation',
+ NOREDUPERSON_OID+'2': 'norEduOrgUnitUniqueNumber',
+ NETSCAPE_LDAP+'40': 'userSMIMECertificate',
+ NOREDUPERSON_OID+'1': 'norEduOrgUniqueNumber',
+ NETSCAPE_LDAP+'241': 'displayName',
+ UCL_DIR_PILOT+'37': 'associatedDomain',
+ EDUPERSON_OID+'6': 'eduPersonPrincipalName',
+ NOREDUPERSON_OID+'8': 'norEduOrgUnitUniqueIdentifier',
+ NOREDUPERSON_OID+'9': 'federationFeideSchemaVersion',
+ X500ATTR+'53': 'deltaRevocationList',
+ X500ATTR+'52': 'supportedAlgorithms',
+ X500ATTR+'51': 'houseIdentifier',
+ X500ATTR+'50': 'uniqueMember',
+ X500ATTR+'19': 'physicalDeliveryOfficeName',
+ X500ATTR+'18': 'postOfficeBox',
+ X500ATTR+'17': 'postalCode',
+ X500ATTR+'16': 'postalAddress',
+ X500ATTR+'15': 'businessCategory',
+ X500ATTR+'14': 'searchGuide',
+ EDUPERSON_OID+'5': 'eduPersonPrimaryAffiliation',
+ X500ATTR+'12': 'title',
+ X500ATTR+'11': 'ou',
+ X500ATTR+'10': 'o',
+ X500ATTR+'37': 'cACertificate',
+ X500ATTR+'36': 'userCertificate',
+ X500ATTR+'31': 'member',
+ X500ATTR+'30': 'supportedApplicationContext',
+ X500ATTR+'33': 'roleOccupant',
+ X500ATTR+'32': 'owner',
+ NETSCAPE_LDAP+'1': 'carLicense',
+ PKCS_9+'1': 'email',
+ NETSCAPE_LDAP+'3': 'employeeNumber',
+ NETSCAPE_LDAP+'2': 'departmentNumber',
+ X500ATTR+'39': 'certificateRevocationList',
+ X500ATTR+'38': 'authorityRevocationList',
+ NETSCAPE_LDAP+'216': 'userPKCS12',
+ EDUPERSON_OID+'8': 'eduPersonPrimaryOrgUnitDN',
+ X500ATTR+'9': 'street',
+ X500ATTR+'8': 'st',
+ NETSCAPE_LDAP+'39': 'preferredLanguage',
+ EDUPERSON_OID+'7': 'eduPersonEntitlement',
+ X500ATTR+'2': 'knowledgeInformation',
+ X500ATTR+'7': 'l',
+ X500ATTR+'6': 'c',
+ X500ATTR+'5': 'serialNumber',
+ X500ATTR+'4': 'sn',
+ UCL_DIR_PILOT+'60': 'jpegPhoto',
+ X500ATTR+'65': 'pseudonym',
+ NOREDUPERSON_OID+'5': 'norEduPersonNIN',
+ UCL_DIR_PILOT+'3': 'mail',
+ UCL_DIR_PILOT+'25': 'dc',
+ X500ATTR+'40': 'crossCertificatePair',
+ X500ATTR+'42': 'givenName',
+ X500ATTR+'43': 'initials',
+ X500ATTR+'44': 'generationQualifier',
+ X500ATTR+'45': 'x500UniqueIdentifier',
+ X500ATTR+'46': 'dnQualifier',
+ X500ATTR+'47': 'enhancedSearchGuide',
+ X500ATTR+'48': 'protocolInformation',
+ X500ATTR+'54': 'dmdName',
+ NETSCAPE_LDAP+'4': 'employeeType',
+ X500ATTR+'22': 'teletexTerminalIdentifier',
+ X500ATTR+'23': 'facsimileTelephoneNumber',
+ X500ATTR+'20': 'telephoneNumber',
+ X500ATTR+'21': 'telexNumber',
+ X500ATTR+'26': 'registeredAddress',
+ X500ATTR+'27': 'destinationIndicator',
+ X500ATTR+'24': 'x121Address',
+ X500ATTR+'25': 'internationaliSDNNumber',
+ X500ATTR+'28': 'preferredDeliveryMethod',
+ X500ATTR+'29': 'presentationAddress',
+ EDUPERSON_OID+'3': 'eduPersonOrgDN',
+ NOREDUPERSON_OID+'3': 'norEduPersonBirthDate',
+ },
+ "to":{
+ 'roleOccupant': X500ATTR+'33',
+ 'gn': X500ATTR+'42',
+ 'norEduPersonNIN': NOREDUPERSON_OID+'5',
+ 'title': X500ATTR+'12',
+ 'facsimileTelephoneNumber': X500ATTR+'23',
+ 'mail': UCL_DIR_PILOT+'3',
+ 'postOfficeBox': X500ATTR+'18',
+ 'fax': X500ATTR+'23',
+ 'telephoneNumber': X500ATTR+'20',
+ 'norEduPersonBirthDate': NOREDUPERSON_OID+'3',
+ 'rfc822Mailbox': UCL_DIR_PILOT+'3',
+ 'dc': UCL_DIR_PILOT+'25',
+ 'countryName': X500ATTR+'6',
+ 'emailAddress': PKCS_9+'1',
+ 'employeeNumber': NETSCAPE_LDAP+'3',
+ 'organizationName': X500ATTR+'10',
+ 'eduPersonAssurance': EDUPERSON_OID+'11',
+ 'norEduOrgAcronym': NOREDUPERSON_OID+'6',
+ 'registeredAddress': X500ATTR+'26',
+ 'physicalDeliveryOfficeName': X500ATTR+'19',
+ 'associatedDomain': UCL_DIR_PILOT+'37',
+ 'l': X500ATTR+'7',
+ 'stateOrProvinceName': X500ATTR+'8',
+ 'federationFeideSchemaVersion': NOREDUPERSON_OID+'9',
+ 'pkcs9email': PKCS_9+'1',
+ 'givenName': X500ATTR+'42',
+ 'x500UniqueIdentifier': X500ATTR+'45',
+ 'eduPersonNickname': EDUPERSON_OID+'2',
+ 'houseIdentifier': X500ATTR+'51',
+ 'street': X500ATTR+'9',
+ 'supportedAlgorithms': X500ATTR+'52',
+ 'preferredLanguage': NETSCAPE_LDAP+'39',
+ 'postalAddress': X500ATTR+'16',
+ 'email': PKCS_9+'1',
+ 'norEduOrgUnitUniqueIdentifier': NOREDUPERSON_OID+'8',
+ 'eduPersonPrimaryOrgUnitDN': EDUPERSON_OID+'8',
+ 'c': X500ATTR+'6',
+ 'teletexTerminalIdentifier': X500ATTR+'22',
+ 'o': X500ATTR+'10',
+ 'cACertificate': X500ATTR+'37',
+ 'telexNumber': X500ATTR+'21',
+ 'ou': X500ATTR+'11',
+ 'initials': X500ATTR+'43',
+ 'eduPersonOrgUnitDN': EDUPERSON_OID+'4',
+ 'deltaRevocationList': X500ATTR+'53',
+ 'norEduPersonLIN': NOREDUPERSON_OID+'4',
+ 'supportedApplicationContext': X500ATTR+'30',
+ 'eduPersonEntitlement': EDUPERSON_OID+'7',
+ 'generationQualifier': X500ATTR+'44',
+ 'eduPersonAffiliation': EDUPERSON_OID+'1',
+ 'eduPersonPrincipalName': EDUPERSON_OID+'6',
+ 'localityName': X500ATTR+'7',
+ 'owner': X500ATTR+'32',
+ 'norEduOrgUnitUniqueNumber': NOREDUPERSON_OID+'2',
+ 'searchGuide': X500ATTR+'14',
+ 'certificateRevocationList': X500ATTR+'39',
+ 'organizationalUnitName': X500ATTR+'11',
+ 'userCertificate': X500ATTR+'36',
+ 'preferredDeliveryMethod': X500ATTR+'28',
+ 'internationaliSDNNumber': X500ATTR+'25',
+ 'uniqueMember': X500ATTR+'50',
+ 'departmentNumber': NETSCAPE_LDAP+'2',
+ 'enhancedSearchGuide': X500ATTR+'47',
+ 'userPKCS12': NETSCAPE_LDAP+'216',
+ 'eduPersonTargetedID': EDUPERSON_OID+'10',
+ 'norEduOrgUniqueNumber': NOREDUPERSON_OID+'1',
+ 'x121Address': X500ATTR+'24',
+ 'destinationIndicator': X500ATTR+'27',
+ 'eduPersonPrimaryAffiliation': EDUPERSON_OID+'5',
+ 'surname': X500ATTR+'4',
+ 'jpegPhoto': UCL_DIR_PILOT+'60',
+ 'eduPersonScopedAffiliation': EDUPERSON_OID+'9',
+ 'protocolInformation': X500ATTR+'48',
+ 'knowledgeInformation': X500ATTR+'2',
+ 'employeeType': NETSCAPE_LDAP+'4',
+ 'userSMIMECertificate': NETSCAPE_LDAP+'40',
+ 'member': X500ATTR+'31',
+ 'streetAddress': X500ATTR+'9',
+ 'dmdName': X500ATTR+'54',
+ 'postalCode': X500ATTR+'17',
+ 'pseudonym': X500ATTR+'65',
+ 'dnQualifier': X500ATTR+'46',
+ 'crossCertificatePair': X500ATTR+'40',
+ 'eduPersonOrgDN': EDUPERSON_OID+'3',
+ 'authorityRevocationList': X500ATTR+'38',
+ 'displayName': NETSCAPE_LDAP+'241',
+ 'businessCategory': X500ATTR+'15',
+ 'serialNumber': X500ATTR+'5',
+ 'norEduOrgUniqueIdentifier': NOREDUPERSON_OID+'7',
+ 'st': X500ATTR+'8',
+ 'carLicense': NETSCAPE_LDAP+'1',
+ 'presentationAddress': X500ATTR+'29',
+ 'sn': X500ATTR+'4',
+ 'domainComponent': UCL_DIR_PILOT+'25',
+ }
+}
\ No newline at end of file
diff --git a/saml2-keygen.sh b/saml-keygen.sh
similarity index 95%
rename from saml2-keygen.sh
rename to saml-keygen.sh
index b1f542f535a66ca6910065bac4b4f21284fcb5ef..0c24f6481b82d5d1bbec6e03dc1fef9e3d6e2d9d 100755
--- a/saml2-keygen.sh
+++ b/saml-keygen.sh
@@ -2,7 +2,7 @@
# nicked and customized from Shibboleth
# Run as
-# ./saml2-keygen.sh –h your.host.name –e https://your.host.name/saml2/metadata -y 10
+# ./saml-keygen.sh –h your.host.name –e https://your.host.name/saml2/metadata/ -y 10
while getopts h:u:g:o:e:y:bf c
do
diff --git a/saml_config.py.example b/saml_config.py.example
deleted file mode 100644
index 1a8c02832494e7ec75619ec625a12998703f327a..0000000000000000000000000000000000000000
--- a/saml_config.py.example
+++ /dev/null
@@ -1,102 +0,0 @@
-from os import path
-import saml2
-BASEDIR = path.dirname(path.abspath(__file__))
-
-_BASE_URL = 'https://relate.cs.illinois.edu'
-
-SAML_CONFIG = {
- # full path to the xmlsec1 binary programm
- 'xmlsec_binary': '/usr/bin/xmlsec1',
-
- # your entity id, usually your subdomain plus the url to the metadata view
- 'entityid': _BASE_URL + '/saml2/metadata/',
-
- # directory with attribute mapping
- 'attribute_map_dir': path.join(BASEDIR, 'attribute-maps'),
-
- # this block states what services we provide
- 'service': {
- # we are just a lonely SP
- 'sp': {
- 'name': 'RELATE SAML2 SP',
- 'name_id_format': saml2.saml.NAMEID_FORMAT_PERSISTENT,
- 'endpoints': {
- # url and binding to the assertion consumer service view
- # do not change the binding or service name
- 'assertion_consumer_service': [
- (_BASE_URL + '/saml2/acs/',
- saml2.BINDING_HTTP_POST),
- ],
- # url and binding to the single logout service view
- # do not change the binding or service name
- 'single_logout_service': [
- (_BASE_URL + '/saml2/ls/',
- saml2.BINDING_HTTP_REDIRECT),
- (_BASE_URL + '/saml2/ls/post',
- saml2.BINDING_HTTP_POST),
- ],
- },
-
- # attributes that this project needs to identify a user
- 'required_attributes': ['uid'],
-
- # attributes that may be useful to have but not required
- 'optional_attributes': ['eduPersonAffiliation'],
-
- # in this section the list of IdPs we talk to are defined
- 'idp': {
- # we do not need a WAYF service since there is
- # only an IdP defined here. This IdP should be
- # present in our metadata
-
- # the keys of this dictionary are entity ids
- 'https://localhost/simplesaml/saml2/idp/metadata.php': {
- 'single_sign_on_service': {
- saml2.BINDING_HTTP_REDIRECT:
- 'https://localhost/simplesaml/saml2/idp/SSOService.php',
- },
- 'single_logout_service': {
- saml2.BINDING_HTTP_REDIRECT:
- 'https://localhost/simplesaml/saml2/idp/SingleLogoutService.php', # noqa
- },
- },
- },
- },
- },
-
- # where the remote metadata is stored
- 'metadata': {
- 'local': [path.join(BASEDIR, 'saml-config', 'remote_metadata.xml')],
- },
-
- # set to 1 to output debugging information
- 'debug': 1,
-
- # certificate
- # see saml2-keygen.sh in this directory
- 'key_file': path.join(BASEDIR, 'saml-config', 'sp-key.pem'), # private part
- 'cert_file': path.join(BASEDIR, 'saml-config', 'sp-cert.pem'), # public part
-
- # own metadata settings
- 'contact_person': [
- {'given_name': 'Andreas',
- 'sur_name': 'Kloeckner',
- 'company': 'CS - University of Illinois',
- 'email_address': 'andreask@illinois.edu',
- 'contact_type': 'technical'},
- {'given_name': 'Andreas',
- 'sur_name': 'Kloeckner',
- 'company': 'CS - University of Illinois',
- 'email_address': 'andreask@illinois.edu',
- 'contact_type': 'administrative'},
- ],
- # you can set multilanguage information here
- 'organization': {
- 'name': [('RELATE', 'en')],
- 'display_name': [('RELATE', 'en')],
- 'url': [(_BASE_URL, 'en')],
- },
- 'valid_for': 24, # how long is our metadata valid
- }
-
-# vim: filetype=python