projects
/
cascardo
/
ipsilon.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Define PAOS AssertionConsumerService in ipsilon-client-install
[cascardo/ipsilon.git]
/
ipsilon
/
tools
/
saml2metadata.py
diff --git
a/ipsilon/tools/saml2metadata.py
b/ipsilon/tools/saml2metadata.py
index
98e7c67
..
d1b8e46
100755
(executable)
--- a/
ipsilon/tools/saml2metadata.py
+++ b/
ipsilon/tools/saml2metadata.py
@@
-32,7
+32,9
@@
SAML2_SERVICE_MAP = {
'slo-soap': ('SingleLogoutService',
lasso.SAML2_METADATA_BINDING_SOAP),
'response-post': ('AssertionConsumerService',
'slo-soap': ('SingleLogoutService',
lasso.SAML2_METADATA_BINDING_SOAP),
'response-post': ('AssertionConsumerService',
- lasso.SAML2_METADATA_BINDING_POST)
+ lasso.SAML2_METADATA_BINDING_POST),
+ 'response-paos': ('AssertionConsumerService',
+ lasso.SAML2_METADATA_BINDING_PAOS),
}
EDESC = '{%s}EntityDescriptor' % lasso.SAML2_METADATA_HREF
}
EDESC = '{%s}EntityDescriptor' % lasso.SAML2_METADATA_HREF
@@
-86,6
+88,8
@@
class Metadata(object):
raise ValueError('invalid role: %s' % role)
self.role = mdElement(self.root, description)
self.role.set('protocolSupportEnumeration', lasso.SAML2_PROTOCOL_HREF)
raise ValueError('invalid role: %s' % role)
self.role = mdElement(self.root, description)
self.role.set('protocolSupportEnumeration', lasso.SAML2_PROTOCOL_HREF)
+ if role == IDP_ROLE:
+ self.role.set('WantAuthnRequestsSigned', 'true')
return self.role
def set_expiration(self, exp):
return self.role
def set_expiration(self, exp):
@@
-97,11
+101,11
@@
class Metadata(object):
elif isinstance(exp, datetime.datetime):
d = exp
elif isinstance(exp, datetime.timedelta):
elif isinstance(exp, datetime.datetime):
d = exp
elif isinstance(exp, datetime.timedelta):
- d = datetime.datetime.now() + exp
+ d = datetime.datetime.
utc
now() + exp
else:
raise TypeError('Invalid expiration date type')
else:
raise TypeError('Invalid expiration date type')
- self.root.set('validUntil', d.isoformat())
+ self.root.set('validUntil', d.isoformat()
+ 'Z'
)
def add_cert(self, certdata, use):
desc = mdElement(self.role, 'KeyDescriptor')
def add_cert(self, certdata, use):
desc = mdElement(self.role, 'KeyDescriptor')