X-Git-Url: http://git.cascardo.eti.br/?a=blobdiff_plain;f=ipsilon%2Ftools%2Fsaml2metadata.py;h=b86e7278ff7760ec2b0770477711bca5877f5312;hb=11242b8a3cab8d1594644cf22285e94639cca158;hp=fc2e02c287454e4ce17113adb2de4803feeaeeae;hpb=c3a2716985604564d46bc5367cf0be5e45d7f14a;p=cascardo%2Fipsilon.git

diff --git a/ipsilon/tools/saml2metadata.py b/ipsilon/tools/saml2metadata.py
index fc2e02c..b86e727 100755
--- a/ipsilon/tools/saml2metadata.py
+++ b/ipsilon/tools/saml2metadata.py
@@ -34,6 +34,16 @@ SAML2_NAMEID_MAP = {
     'x509': lasso.SAML2_NAME_IDENTIFIER_FORMAT_X509,
 }
 
+SAML2_SERVICE_MAP = {
+    'sso-post': ('SingleSignOnService',
+                 lasso.SAML2_METADATA_BINDING_POST),
+    'sso-redirect': ('SingleSignOnService',
+                     lasso.SAML2_METADATA_BINDING_REDIRECT),
+    'logout-redirect': ('SingleLogoutService',
+                        lasso.SAML2_METADATA_BINDING_REDIRECT),
+    'response-post': ('AssertionConsumerService',
+                      lasso.SAML2_METADATA_BINDING_POST)
+}
 
 EDESC = '{%s}EntityDescriptor' % lasso.SAML2_METADATA_HREF
 NSMAP = {
@@ -47,10 +57,6 @@ SPDESC = 'SPSSODescriptor'
 IDP_ROLE = 'idp'
 SP_ROLE = 'sp'
 
-SSO_SERVICE = 'SingleSignOnService'
-LOGOUT_SERVICE = 'SingleLogoutService'
-ASSERTION_SERVICE = 'AssertionConsumerService'
-
 
 def mdElement(_parent, _tag, **kwargs):
     tag = '{%s}%s' % (lasso.SAML2_METADATA_HREF, _tag)
@@ -101,9 +107,9 @@ class Metadata(object):
         if enccert:
             self.add_cert(enccert.get_cert(), 'encryption')
 
-    def add_service(self, svctype, binding, location):
-        svc = mdElement(self.role, svctype)
-        svc.set('Binding', binding)
+    def add_service(self, service, location):
+        svc = mdElement(self.role, service[0])
+        svc.set('Binding', service[1])
         svc.set('Location', location)
 
     def add_allowed_name_format(self, name_format):
@@ -134,9 +140,9 @@ if __name__ == '__main__':
         idp.set_entity_id('https://ipsilon.example.com/idp/metadata')
         idp.set_role(IDP_ROLE)
         idp.add_certs(sign_cert, enc_cert)
-        idp.add_service(SSO_SERVICE, lasso.SAML2_METADATA_BINDING_POST,
+        idp.add_service(SAML2_SERVICE_MAP['sso-post'],
                         'https://ipsilon.example.com/idp/saml2/POST')
-        idp.add_service(SSO_SERVICE, lasso.SAML2_METADATA_BINDING_REDIRECT,
+        idp.add_service(SAML2_SERVICE_MAP['sso-redirect'],
                         'https://ipsilon.example.com/idp/saml2/Redirect')
         for k in SAML2_NAMEID_MAP:
             idp.add_allowed_name_format(SAML2_NAMEID_MAP[k])
@@ -155,9 +161,9 @@ if __name__ == '__main__':
         sp.set_entity_id('https://ipsilon.example.com/samlsp/metadata')
         sp.set_role(SP_ROLE)
         sp.add_certs(sign_cert)
-        sp.add_service(LOGOUT_SERVICE, lasso.SAML2_METADATA_BINDING_REDIRECT,
+        sp.add_service(SAML2_SERVICE_MAP['logout-redirect'],
                        'https://ipsilon.example.com/samlsp/logout')
-        sp.add_service(ASSERTION_SERVICE, lasso.SAML2_METADATA_BINDING_POST,
+        sp.add_service(SAML2_SERVICE_MAP['response-post'],
                        'https://ipsilon.example.com/samlsp/postResponse')
         md_file = os.path.join(tmpdir, 'metadata.xml')
         sp.output(md_file)