Skip to main content

UNKNOWN

Project description

Introduction

hl.pas.samlplugin provides a SAML2 plugin for Zope’s PluggableAuthService. It provides the IExtractionPlugin, IAuthenticationPlugin, IChallengePlugin, ICredentialsResetPlugin interfaces.

hl.pas.samlplugin so far has been tested with OpenAM.

Installation

  1. Add the package to your buildout.

  2. Run buildout. hl.pas.samlplugin will pull in pysaml2, which in turn needs xmlsec and repoze.who. xmlsec has to be installed manually, please refer to the pysaml2 documentation.

  3. Restart Zope.

  4. Visit your site’s Pluggable Auth Service in ZMI and add a SAML2 PAS plugin

Configuration

You will need to provide your IDP with an endpoint configuration for your Zope site containing your sites’ settings for AssertionConsumerService and SingleLogoutService. This will be an XML file looking like e.g:

<EntityDescriptor entityID="http://zopehost:8080/spEntityID" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
    <SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false"
                     protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
                             Location="http://zopehost:8080/site/logout"
                             ResponseLocation="https://zopehost:8080/site/logout"/>
        <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
        <AssertionConsumerService isDefault="true" index="0" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                    Location="http://zopehost:8080/site"/>
    </SPSSODescriptor>
    <RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                    xmlns:query="urn:oasis:names:tc:SAML:metadata:ext:query"
                    xsi:type="query:AttributeQueryDescriptorType"
                    protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    </RoleDescriptor>
</EntityDescriptor>

Please refer to available SAML2 documentation for further information.

On the SAML2 PAS plugins’ properties tab, you will need to specify some more properties to make things work:

  • the absolute path to the IDP config file. This XML file should be provided by your IDP

  • the service endpoint URL, i.e. http://zopehost:8080/site in the example above

  • the service endpoint entity id as given to the IDP

  • the absolute path to the xmlsec executable (s. pysaml2 documentation)

  • the attribute provided by the IDP that should be used as the users login attribute (i.e. the user id used by Zope)

  • additional user properties given by the IDP that should be stored in the users session

Please have a look in the browser and the skins/auth subdirectories for example on how to handle login/logout for a CMFSite.

It seems important to note that this PAS plugin (and the SAML2 protocol) only provides authentication. It is rather likely that you will have to implement your own plugins to provide the IPropertiesPlugin and the IUserEnumerationPlugin interfaces, at least if you have to deal with user generated content or want to use the Zope CMF.

Changelog

0.3 (2.7.2013)

  • add icon

0.2 (2.7.2013)

  • fix MANIFEST.in

0.1 (2.7.2013)

  • initial release

Contributors

Download

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

hl.pas.samlplugin-0.3.tar.gz (26.5 kB view details)

Uploaded Source

File details

Details for the file hl.pas.samlplugin-0.3.tar.gz.

File metadata

File hashes

Hashes for hl.pas.samlplugin-0.3.tar.gz
Algorithm Hash digest
SHA256 1bd90d2c5c7333d7095f0cd3e0b90ce7b7c0d9747c56c3f0ca20113f1f196616
MD5 b76c7cd85228accf43cceb5b2e268039
BLAKE2b-256 8759939fae505ec37fbc4f51d5dd71e99c76ffb2ca6b341cfd20da6d73e63bee

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page