Created
September 24, 2015 14:04
-
-
Save sochotnicky/ba25960a16d85e04da4a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Following djangosam2 documentation, the configuration looks like this: | |
in setting.py | |
AUTHENTICATION_BACKENDS = ( | |
'django.contrib.auth.backends.ModelBackend', | |
'djangosaml2.backends.Saml2Backend', | |
) | |
in url.py | |
urlpatterns = patterns( | |
'', | |
lots of url definitions here | |
(r'^saml2/', include('djangosaml2.urls')), | |
more url definitions | |
) | |
in setting.py | |
LOGIN_URL = '/saml2/login/' | |
SESSION_EXPIRE_AT_BROWSER_CLOSE = True | |
LOGIN_REDIRECT_URL = '/' | |
import saml2 | |
from saml2 import saml | |
SAML_DJANGO_USER_MAIN_ATTRIBUTE = 'username' | |
SAML_CREATE_UNKNOWN_USER = True | |
SAML_CONFIG = { | |
full path to the xmlsec1 binary programm | |
'xmlsec_binary': '/usr/bin/xmlsec1', | |
your entity id, usually your subdomain plus the url to the metadata view | |
'entityid': 'https://edge.usersys.redhat.com/saml2', | |
directory with attribute mapping | |
'attribute_map_dir': os.path.join(BASE_DIR, 'pdc/saml2/attribute-maps'), | |
this block states what services we provide | |
'service': { | |
we are just a lonely SP | |
'sp': | |
Unknown macro: { 'name'} | |
, | |
attributes that this project need to identify a user | |
'required_attributes': ['uid'], | |
in this section the list of IdPs we talk to are defined | |
'idp': { | |
we do not need a WAYF service since there is | |
only an IdP defined here. This IdP should be | |
present in our metadata | |
the keys of this dictionary are entity ids | |
'https://ipsilon.pntdevops.com/idp/saml2/metadata': | |
Unknown macro: { 'single_sign_on_service'} | |
, | |
}, | |
}, | |
where the remote metadata is stored | |
'metadata': { 'local': [os.path.join(BASE_DIR, 'pdc/saml2/idp-metadata.xml')], } | |
, | |
set to 1 to output debugging information | |
'debug': 1, | |
certificate | |
'key_file': os.path.join(BASE_DIR, 'pdc/saml2/certificate.key'), # private part | |
'cert_file': os.path.join(BASE_DIR, 'pdc/saml2/certificate.pem'), # public part | |
'valid_for': 24, # how long is our metadata valid | |
'create_users_on_login': True | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment