SAML2 Service Provider app in web2py?
473 views
Skip to first unread message
Wei Wang
Aug 21, 2014, 10:05:29 AM8/21/14
to web...@googlegroups.com
I have the need to use a SAML2 identity provider (specifically, a NetIQ product) for authentication and authorization in some web2py apps.
I searched in this group, also googled "web2py and SAML", but did not find anything that seems readily available.
My thoughts on building a "Service Provider" (in SAML2 terminology) app in web2py alongside other apps:
I searched in this group, also googled "web2py and SAML", but did not find anything that seems readily available.
My thoughts on building a "Service Provider" (in SAML2 terminology) app in web2py alongside other apps:
- The SAML2 service provider would be "/saml2sp":
- The saml2sp app communicates to the SAML2 Id provider for authentication and authorization;
- A web2py app is configured to use "cas_auth", with "localhost/saml2sp" as the CAS server base URL;
Does something like this exist? Does that sound reasonable?
Thanks for any pointers, comments, thoughts.
Wei
Massimo Di Pierro
Aug 21, 2014, 9:56:31 PM8/21/14
to web...@googlegroups.com
Incidentally, I just committed an experimental SAML2 login method for Web2py. Please contact me privately and perhaps you can help me test it.
Massimo
Prasad Muley
Oct 17, 2014, 1:42:29 AM10/17/14
to web...@googlegroups.com
Hi Wel,
Did you test SAML2 app? there is an experimental saml2 app in web2py_2.9.6
I need to use saml2(web2py app) as service provider with onelogin (which is idp)
I am getting an error (Screen shot is attached PFA).
here is my config settings
1) private/sp_conf.py
# Make sure the same port number appear in service_conf.py
BASE = "http://localhost:8000"
APPNAME = "saml2"
PATH = "/home/prasad/Prasad/web2py_2.9.6_beta/applications/saml2/private/"
CONFIG = {
"entityid": "%s/saml2/static/sp.xml" % BASE,
'entity_category': [COC],
"accepted_time_diff": 5, # very important
"description": "Example SP",
"service": {
"sp": {
"endpoints": {
"assertion_consumer_service": [
("%s/%s/default/user/login" % (BASE, APPNAME), BINDING_HTTP_REDIRECT),
],
}
},
},
"key_file": "%s/pki/mykey.pem" % PATH,
"cert_file": "%s/pki/mycert.pem" % PATH,
"xmlsec_binary": xmlsec_path,
"metadata": {"local": [PATH+"idp.xml"]},
"name_form": NAME_FORMAT_URI,
}
Here I've copied assertion_consumer_service url (http://localhost:8000/saml2/default/login ) in onelogin's app's SAML consumer url
2) I've downloaded a meta data file from onelogin app.
copy it to saml/private/
3) Created a static/sp.xml file as
make_metadata.py sp_conf > ../static/sp.xml
4) Ran web2py server (python webpy.py)
5) Selected SAML2 app through administrator interface,
6) Clicked on login tab and
It is redirecting to onelogin app's login window.
7) Entered username and password in onelogin app
It it redirecting me to http://localhost:8000/saml2/default/login (which is a assertion consumer url)
and I am getting an internal error .
Let me know If there are wrong settings in my app.
Could you share your app settings (including web2py app and idp settings)
Did you test SAML2 app? there is an experimental saml2 app in web2py_2.9.6
I need to use saml2(web2py app) as service provider with onelogin (which is idp)
I am getting an error (Screen shot is attached PFA).
here is my config settings
1) private/sp_conf.py
# Make sure the same port number appear in service_conf.py
BASE = "http://localhost:8000"
APPNAME = "saml2"
PATH = "/home/prasad/Prasad/web2py_2.9.6_beta/applications/saml2/private/"
CONFIG = {
"entityid": "%s/saml2/static/sp.xml" % BASE,
'entity_category': [COC],
"accepted_time_diff": 5, # very important
"description": "Example SP",
"service": {
"sp": {
"endpoints": {
"assertion_consumer_service": [
("%s/%s/default/user/login" % (BASE, APPNAME), BINDING_HTTP_REDIRECT),
],
}
},
},
"key_file": "%s/pki/mykey.pem" % PATH,
"cert_file": "%s/pki/mycert.pem" % PATH,
"xmlsec_binary": xmlsec_path,
"metadata": {"local": [PATH+"idp.xml"]},
"name_form": NAME_FORMAT_URI,
}
Here I've copied assertion_consumer_service url (http://localhost:8000/saml2/default/login ) in onelogin's app's SAML consumer url
2) I've downloaded a meta data file from onelogin app.
copy it to saml/private/
3) Created a static/sp.xml file as
make_metadata.py sp_conf > ../static/sp.xml
4) Ran web2py server (python webpy.py)
5) Selected SAML2 app through administrator interface,
6) Clicked on login tab and
It is redirecting to onelogin app's login window.
7) Entered username and password in onelogin app
It it redirecting me to http://localhost:8000/saml2/default/login (which is a assertion consumer url)
and I am getting an internal error .
<type 'exceptions.AttributeError'> 'dict' object has no attribute 'assertion'
Let me know If there are wrong settings in my app.
Could you share your app settings (including web2py app and idp settings)
Prasad Muley
Oct 21, 2014, 12:29:16 AM10/21/14
to web...@googlegroups.com
Hi Massimo,
Could you reply on my query?
Could you reply on my query?
Massimo Di Pierro
Oct 23, 2014, 10:03:26 AM10/23/14
to web...@googlegroups.com
Yes it works for me. Can you help debug? Can you print d['response'] and try figure out where the response attributes are?
Prasad Muley
Oct 24, 2014, 8:30:24 PM10/24/14
to web...@googlegroups.com
Yes. I've printed it. It shows empty dict
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to a topic in the Google Groups "web2py-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/zn1OvErE6Wc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Massimo Di Pierro
Oct 24, 2014, 11:31:58 PM10/24/14
to web...@googlegroups.com
I do not know what to say. It works with the provide I was using. Look into the provider log. perhaps there is an error message there.
To unsubscribe from this group and all its topics, send an email to web2py+unsubscribe@googlegroups.com.
Prasad Muley
Oct 27, 2014, 3:09:07 AM10/27/14
to web...@googlegroups.com
Hi Massimo,
In which provider log should I look into? (service provider [web2py app] or idp provider [okta / onelogin]).
Could you share your web2py app's (service provider) setting and idp provider settings?.
Could you share your web2py app's (service provider) setting and idp provider settings?.
I've followed same instructions but getting that error.
To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com.
--
Thanks and Regards
Prasad M. Muley
Programmer at One Delta Synergies Pvt Ltd. | PICT 2013Prasad M. Muley
“Pretty much everything on the web uses those two things: C and UNIX,” - Dennis Ritchie
http://www.cs.bell-labs.com/who/dmr/
Jose de Soto
Jul 17, 2015, 8:48:11 AM7/17/15
to web...@googlegroups.com
Hi,
I have been playing with pysaml2 and web2py, maybe this SP example helps: https://github.com/josedesoto/web2py-sp-example
Regards,
I have been playing with pysaml2 and web2py, maybe this SP example helps: https://github.com/josedesoto/web2py-sp-example
Regards,
To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to a topic in the Google Groups "web2py-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/zn1OvErE6Wc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages