"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "keystone/federation/idp.py" between
keystone-16.0.1.tar.gz and keystone-17.0.0.tar.gz

About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Ussuri" series (latest release).

idp.py  (keystone-16.0.1):idp.py  (keystone-17.0.0)
skipping to change at line 49 skipping to change at line 49
LOG = log.getLogger(__name__) LOG = log.getLogger(__name__)
CONF = keystone.conf.CONF CONF = keystone.conf.CONF
class SAMLGenerator(object): class SAMLGenerator(object):
"""A class to generate SAML assertions.""" """A class to generate SAML assertions."""
def __init__(self): def __init__(self):
self.assertion_id = uuid.uuid4().hex self.assertion_id = uuid.uuid4().hex
def samlize_token(self, issuer, recipient, user, user_domain_name, roles, def samlize_token(self, issuer, recipient, user, user_domain_name, roles,
project, project_domain_name, expires_in=None): project, project_domain_name, groups,
expires_in=None):
"""Convert Keystone attributes to a SAML assertion. """Convert Keystone attributes to a SAML assertion.
:param issuer: URL of the issuing party :param issuer: URL of the issuing party
:type issuer: string :type issuer: string
:param recipient: URL of the recipient :param recipient: URL of the recipient
:type recipient: string :type recipient: string
:param user: User name :param user: User name
:type user: string :type user: string
:param user_domain_name: User Domain name :param user_domain_name: User Domain name
:type user_domain_name: string :type user_domain_name: string
:param roles: List of role names :param roles: List of role names
:type roles: list :type roles: list
:param project: Project name :param project: Project name
:type project: string :type project: string
:param project_domain_name: Project Domain name :param project_domain_name: Project Domain name
:type project_domain_name: string :type project_domain_name: string
:param groups: List of strings of user groups and domain name, where
strings are serialized dictionaries.
:type groups: list
:param expires_in: Sets how long the assertion is valid for, in seconds :param expires_in: Sets how long the assertion is valid for, in seconds
:type expires_in: int :type expires_in: int
:returns: XML <Response> object :returns: XML <Response> object
""" """
expiration_time = self._determine_expiration_time(expires_in) expiration_time = self._determine_expiration_time(expires_in)
status = self._create_status() status = self._create_status()
saml_issuer = self._create_issuer(issuer) saml_issuer = self._create_issuer(issuer)
subject = self._create_subject(user, expiration_time, recipient) subject = self._create_subject(user, expiration_time, recipient)
attribute_statement = self._create_attribute_statement( attribute_statement = self._create_attribute_statement(
user, user_domain_name, roles, project, project_domain_name) user, user_domain_name, roles, project, project_domain_name,
groups)
authn_statement = self._create_authn_statement(issuer, expiration_time) authn_statement = self._create_authn_statement(issuer, expiration_time)
signature = self._create_signature() signature = self._create_signature()
assertion = self._create_assertion(saml_issuer, signature, assertion = self._create_assertion(saml_issuer, signature,
subject, authn_statement, subject, authn_statement,
attribute_statement) attribute_statement)
assertion = _sign_assertion(assertion) assertion = _sign_assertion(assertion)
response = self._create_response(saml_issuer, status, assertion, response = self._create_response(saml_issuer, status, assertion,
skipping to change at line 163 skipping to change at line 168
subject_conf_data.not_on_or_after = expiration_time subject_conf_data.not_on_or_after = expiration_time
subject_conf = saml.SubjectConfirmation() subject_conf = saml.SubjectConfirmation()
subject_conf.method = saml.SCM_BEARER subject_conf.method = saml.SCM_BEARER
subject_conf.subject_confirmation_data = subject_conf_data subject_conf.subject_confirmation_data = subject_conf_data
subject = saml.Subject() subject = saml.Subject()
subject.subject_confirmation = subject_conf subject.subject_confirmation = subject_conf
subject.name_id = name_id subject.name_id = name_id
return subject return subject
def _create_attribute_statement(self, user, user_domain_name, roles, def _create_attribute_statement(self, user, user_domain_name, roles,
project, project_domain_name): project, project_domain_name,
groups):
"""Create an object that represents a SAML AttributeStatement. """Create an object that represents a SAML AttributeStatement.
<ns0:AttributeStatement> <ns0:AttributeStatement>
<ns0:Attribute Name="openstack_user"> <ns0:Attribute Name="openstack_user">
<ns0:AttributeValue <ns0:AttributeValue
xsi:type="xs:string">test_user</ns0:AttributeValue> xsi:type="xs:string">test_user</ns0:AttributeValue>
</ns0:Attribute> </ns0:Attribute>
<ns0:Attribute Name="openstack_user_domain"> <ns0:Attribute Name="openstack_user_domain">
<ns0:AttributeValue <ns0:AttributeValue
xsi:type="xs:string">Default</ns0:AttributeValue> xsi:type="xs:string">Default</ns0:AttributeValue>
skipping to change at line 189 skipping to change at line 195
xsi:type="xs:string">member</ns0:AttributeValue> xsi:type="xs:string">member</ns0:AttributeValue>
</ns0:Attribute> </ns0:Attribute>
<ns0:Attribute Name="openstack_project"> <ns0:Attribute Name="openstack_project">
<ns0:AttributeValue <ns0:AttributeValue
xsi:type="xs:string">development</ns0:AttributeValue> xsi:type="xs:string">development</ns0:AttributeValue>
</ns0:Attribute> </ns0:Attribute>
<ns0:Attribute Name="openstack_project_domain"> <ns0:Attribute Name="openstack_project_domain">
<ns0:AttributeValue <ns0:AttributeValue
xsi:type="xs:string">Default</ns0:AttributeValue> xsi:type="xs:string">Default</ns0:AttributeValue>
</ns0:Attribute> </ns0:Attribute>
<ns0:Attribute Name="openstack_groups">
<ns0:AttributeValue
xsi:type="xs:string">JSON:{"name":"group1","domain":{"name":"
Default"}}
</ns0:AttributeValue>
<ns0:AttributeValue
xsi:type="xs:string">JSON:{"name":"group2","domain":{"name":"
Default"}}
</ns0:AttributeValue>
</ns0:Attribute>
</ns0:AttributeStatement> </ns0:AttributeStatement>
:returns: XML <AttributeStatement> object :returns: XML <AttributeStatement> object
""" """
def _build_attribute(attribute_name, attribute_values): def _build_attribute(attribute_name, attribute_values):
attribute = saml.Attribute() attribute = saml.Attribute()
attribute.name = attribute_name attribute.name = attribute_name
for value in attribute_values: for value in attribute_values:
skipping to change at line 219 skipping to change at line 234
'openstack_project_domain', [project_domain_name]) 'openstack_project_domain', [project_domain_name])
user_domain_attribute = _build_attribute( user_domain_attribute = _build_attribute(
'openstack_user_domain', [user_domain_name]) 'openstack_user_domain', [user_domain_name])
attribute_statement = saml.AttributeStatement() attribute_statement = saml.AttributeStatement()
attribute_statement.attribute.append(user_attribute) attribute_statement.attribute.append(user_attribute)
attribute_statement.attribute.append(roles_attribute) attribute_statement.attribute.append(roles_attribute)
attribute_statement.attribute.append(project_attribute) attribute_statement.attribute.append(project_attribute)
attribute_statement.attribute.append(project_domain_attribute) attribute_statement.attribute.append(project_domain_attribute)
attribute_statement.attribute.append(user_domain_attribute) attribute_statement.attribute.append(user_domain_attribute)
if groups:
groups_attribute = _build_attribute(
'openstack_groups', groups)
attribute_statement.attribute.append(groups_attribute)
return attribute_statement return attribute_statement
def _create_authn_statement(self, issuer, expiration_time): def _create_authn_statement(self, issuer, expiration_time):
"""Create an object that represents a SAML AuthnStatement. """Create an object that represents a SAML AuthnStatement.
<ns0:AuthnStatement xmlns:ns0="urn:oasis:names:tc:SAML:2.0:assertion" <ns0:AuthnStatement xmlns:ns0="urn:oasis:names:tc:SAML:2.0:assertion"
AuthnInstant="2014-07-30T03:04:25Z" SessionIndex="47335964efb" AuthnInstant="2014-07-30T03:04:25Z" SessionIndex="47335964efb"
SessionNotOnOrAfter="2014-07-30T03:04:26Z"> SessionNotOnOrAfter="2014-07-30T03:04:26Z">
<ns0:AuthnContext> <ns0:AuthnContext>
<ns0:AuthnContextClassRef> <ns0:AuthnContextClassRef>
 End of changes. 6 change blocks. 
3 lines changed or deleted 25 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)