本文整理汇总了Python中oic.utils.authn.authn_context.AuthnBroker类的典型用法代码示例。如果您正苦于以下问题:Python AuthnBroker类的具体用法?Python AuthnBroker怎么用?Python AuthnBroker使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了AuthnBroker类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: create_authn_broker
def create_authn_broker(config, lookup, password):
ac = AuthnBroker()
end_points = config.AUTHENTICATION["UserPassword"]["END_POINTS"]
full_end_point_paths = ["%s%s" % (config.issuer, ep) for ep in end_points]
username_password_authn = UsernamePasswordMako(
None, "login.mako", lookup, password, "%sauthorization" % config.issuer,
None, full_end_point_paths)
for authkey, value in config.AUTHENTICATION.items():
authn = None
if "UserPassword" == authkey:
PASSWORD_END_POINT_INDEX = 0
end_point = config.AUTHENTICATION[authkey]["END_POINTS"][
PASSWORD_END_POINT_INDEX]
authn = AuthnIndexedEndpointWrapper(username_password_authn,
PASSWORD_END_POINT_INDEX)
APP.add_url_rule("/{}".format(end_point), end_point, make_auth_verify(authn.verify),
methods=['GET', 'POST'])
if "JavascriptLogin" == authkey:
pass
if "SAML" == authkey:
pass
if "SamlPass" == authkey:
pass
if "JavascriptPass" == authkey:
pass
if authn is not None:
ac.add(config.AUTHENTICATION[authkey]["ACR"], authn,
config.AUTHENTICATION[authkey]["WEIGHT"],
"")
return ac示例2: as_setup
def as_setup(jconf):
_module = importlib.import_module('oic.utils.authn.user')
ab = AuthnBroker()
for _id, authn in jconf["authn"].items():
cls = getattr(_module, authn["class"])
if "template_lookup" in authn["kwargs"]:
authn["kwargs"]["template_lookup"] = lookup(jconf["template_root"])
ci = cls(None, **authn["kwargs"])
ab.add(_id, ci, authn["level"], authn["authn_authority"])
_base = jconf["configuration"]["issuer"]
cauth = dict([(x, CLIENT_AUTHN_METHOD[x]) for x in jconf["client_auth_methods"]])
return {
"name": _base,
"sdb": {},
"cdb": {},
"authn_broker": ab,
"authz": Implicit("PERMISSION"),
"client_authn": verify_client,
"symkey": "1234567890123456",
"client_authn_methods": cauth,
"client_info_url": jconf["client_info_url"],
"default_acr": jconf["default_acr"],
"keyjar": None
}示例3: test_pkce_verify_512
def test_pkce_verify_512():
_cli = Client(config={'code_challenge': {'method': 'S512', 'length': 96}})
args, cv = _cli.add_code_challenge()
authn_broker = AuthnBroker()
authn_broker.add("UNDEFINED", DummyAuthn(None, "username"))
_prov = Provider("as",
sdb.SessionDB(SERVER_INFO["issuer"]), CDB,
authn_broker, Implicit(), verify_client)
assert _prov.verify_code_challenge(cv, args['code_challenge'],'S512') is True示例4: setup_authentication_methods
def setup_authentication_methods(authn_config, template_env):
"""Add all authentication methods specified in the configuration."""
routing = {}
ac = AuthnBroker()
for authn_method in authn_config:
cls = make_cls_from_name(authn_method["class"])
instance = cls(template_env=template_env, **authn_method["kwargs"])
ac.add(authn_method["acr"], instance)
routing[instance.url_endpoint] = VerifierMiddleware(instance)
return ac, routing示例5: provider
def provider(tmpdir):
client_db_path = os.path.join(tmpdir.strpath, "client_db")
cdb = shelve_wrapper.open(client_db_path)
ab = AuthnBroker()
ab.add("dummy", DummyAuthn())
sdb = SessionDB("https://testprovider.com")
provider = CourseProvider("https://testprovider.com", sdb, cdb, ab, UserInfo({"user": {}}),
AuthzHandling(), None, None)
return provider示例6: authn_setup
def authn_setup(config):
broker = AuthnBroker()
# Which methods to use is defined in the configuration file
for authkey, method_conf in config.AUTHN_METHOD.items():
try:
func = AUTH_METHOD[authkey]
except KeyError:
pass
else:
broker.add(method_conf["ACR"], func(method_conf),
method_conf["WEIGHT"], method_conf["URL"])
return broker示例7: setup
def setup():
with open("config.yaml", 'r') as f:
config = yaml.load(f)
issuer = config["baseurl"]
ac = AuthnBroker()
authn = UsernamePasswordMako(
None, "login.mako", LOOKUP, PASSWD, "{}/authorization".format(issuer))
ac.add("password", authn)
URLS.append((r'^verify', make_auth_verify(authn.verify)))
authz = AuthzHandling()
client_db_path = os.environ.get("OIDC_CLIENT_DB", "client_db")
LOGGER.info("Using db: {}".format(client_db_path))
cdb = shelve_wrapper.open(client_db_path)
global OAS
OAS = CourseProvider(issuer, SessionDB(issuer), cdb, ac, None,
authz, verify_client, rndstr(16))
OAS.baseurl = issuer
OAS.userinfo = UserInfo(config["userdb"])
# Additional endpoints the OpenID Connect Provider should answer on
add_endpoints(ENDPOINTS, ENDPOINT_FUNCS)
OAS.endpoints = ENDPOINTS
authn.srv = OAS
try:
OAS.cookie_ttl = config["cookie_ttl"]
except KeyError:
pass
try:
OAS.cookie_name = config["cookie_name"]
except KeyError:
pass
keyjar_init(OAS, config["keys"])
public_keys = []
for keybundle in OAS.keyjar[""]:
for key in keybundle.keys():
public_keys.append(key.serialize())
public_jwks = {"keys": public_keys}
filename = "static/jwks.json"
with open(filename, "w") as f:
f.write(json.dumps(public_jwks))
OAS.jwks_uri = "{}/{}".format(OAS.baseurl, filename)
return config示例8: create_provider
def create_provider(self):
authn_broker = AuthnBroker()
authn_broker.add("UNDEFINED", DummyAuthn(None, "username"))
self.provider = Provider("pyoicserv",
sdb.SessionDB(
TestProvider.SERVER_INFO["issuer"]),
TestProvider.CDB,
authn_broker, Implicit(),
verify_client,
client_info_url="https://example.com/as",
client_authn_methods={
"client_secret_post": ClientSecretPost,
"client_secret_basic": ClientSecretBasic,
"bearer_header": BearerHeader})示例9: init_fed_op
def init_fed_op(cnf):
with open(cnf["PROVIDER_CONFIG"]) as f:
provider_config = yaml.safe_load(f)
root_key = keyrep(provider_config["root_key_jwk"])
federation_keys = [keyrep(jwk) for jwk in provider_config["federations_jwk"]]
authn_broker = AuthnBroker()
name = "https://" + cnf["SERVER_NAME"]
user = "tester"
authn_broker.add("password", NoAuthn(None, user))
provider = Provider(name, SessionDB(name), {}, authn_broker, None, AuthzHandling(), verify_client, None)
return OP(name, root_key, provider_config["software_statements"], federation_keys, name + "/signed_jwks",
provider, name + "/jwks")示例10: main
def main(base, cookie_handler):
as_conf = {
"version": "1.0",
"issuer": base,
"pat_profiles_supported": ["bearer"],
"aat_profiles_supported": ["bearer"],
"rpt_profiles_supported": ["bearer"],
"pat_grant_types_supported": ["authorization_code"],
"aat_grant_types_supported": ["authorization_code"],
"claim_profiles_supported": ["openid"],
#"dynamic_client_endpoint": "%s/dynamic_client_endpoint" % BASE,
#"token_endpoint": "%s/token_endpoint" % BASE,
#"user_endpoint": "%s/user_endpoint" % BASE,
#"resource_set_registration_endpoint": "%s/rsr_endpoint" % BASE,
#"introspection_endpoint": "%s/introspection_endpoint" % BASE,
#"permission_registration_endpoint": "%s/pr_endpoint" % BASE,
#"rpt_endpoint": "%s/rpt_endpoint" % BASE,
#"authorization_request_endpoint": "%s/ar_endpoint" % BASE,
#"userinfo_endpoint": "%s/user_info_endpoint" % BASE
# ------------ The OIDC provider config -----------------------
}
base_url = "http://%s" % socket.gethostname()
ab = AuthnBroker()
ab.add("linda", DummyAuthn(None, "linda"))
ab.add("hans", DummyAuthn(None, "hans"))
AUTHZSRV = FakeUmaAs(
base, SessionDB(base_url), CDB, ab, USERINFO, AUTHZ,
verify_client, "1234567890", keyjar=None, configuration=as_conf,
base_url=base)
cookie_handler.init_srv(AUTHZSRV)
jwks = keyjar_init(AUTHZSRV, KEYS, "a%d")
fp = open("static/jwk_as.json", "w")
fp.write(json.dumps(jwks))
fp.close()
return AUTHZSRV示例11: main
def main(base, cookie_handler):
as_conf = {
"version": "1.0",
"issuer": base,
"pat_profiles_supported": ["bearer"],
"aat_profiles_supported": ["bearer"],
"rpt_profiles_supported": ["bearer"],
"pat_grant_types_supported": ["authorization_code"],
"aat_grant_types_supported": ["authorization_code"],
"claim_profiles_supported": ["openid"],
# "dynamic_client_endpoint": "%s/dynamic_client_endpoint" % BASE,
# "token_endpoint": "%s/token_endpoint" % BASE,
# "user_endpoint": "%s/user_endpoint" % BASE,
# "resource_set_registration_endpoint": "%s/rsr_endpoint" % BASE,
# "introspection_endpoint": "%s/introspection_endpoint" % BASE,
# "permission_registration_endpoint": "%s/pr_endpoint" % BASE,
# "rpt_endpoint": "%s/rpt_endpoint" % BASE,
# "authorization_request_endpoint": "%s/ar_endpoint" % BASE,
# "userinfo_endpoint": "%s/user_info_endpoint" % BASE
# ------------ The OIDC provider config -----------------------
}
base_url = "http://%s" % socket.gethostname()
ab = AuthnBroker()
ab.add("linda", DummyAuthn(None, "linda"))
# AB.add("hans", DummyAuthn(None, "[email protected]"))
ab.add(
"UserPwd", UsernamePasswordMako(None, "login2.mako", LOOKUP, PASSWD, "%s/authorization" % base), 10, base_url
)
ab.add("BasicAuthn", BasicAuthnExtra(None, PASSWD), 10, base_url)
AS = authz_srv.OidcDynRegUmaAS(
base,
SessionDB(base_url),
CDB,
ab,
USERINFO,
AUTHZ,
verify_client,
"1234567890",
keyjar=None,
configuration=as_conf,
base_url=base,
)
cookie_handler.init_srv(AS)
jwks = keyjar_init(AS, KEYS, "a%d")
fp = open("static/jwk_as.json", "w")
fp.write(json.dumps(jwks))
fp.close()
return AUTHZSRV示例12: main
def main(base, cookie_handler):
as_conf = {
"version": "1.0",
"issuer": base,
"pat_profiles_supported": ["bearer"],
"aat_profiles_supported": ["bearer"],
"rpt_profiles_supported": ["bearer"],
"pat_grant_types_supported": ["authorization_code"],
"aat_grant_types_supported": ["authorization_code"],
"claim_profiles_supported": ["openid"],
#"dynamic_client_endpoint": "%s/dynamic_client_endpoint" % BASE,
#"token_endpoint": "%s/token_endpoint" % BASE,
#"user_endpoint": "%s/user_endpoint" % BASE,
#"resource_set_registration_endpoint": "%s/rsr_endpoint" % BASE,
#"introspection_endpoint": "%s/introspection_endpoint" % BASE,
#"permission_registration_endpoint": "%s/pr_endpoint" % BASE,
#"rpt_endpoint": "%s/rpt_endpoint" % BASE,
#"authorization_request_endpoint": "%s/ar_endpoint" % BASE,
#"userinfo_endpoint": "%s/user_info_endpoint" % BASE
# ------------ The OIDC provider config -----------------------
}
ab = AuthnBroker()
ab.add("alice", DummyAuthn(None, "alice"))
ab.add("roger", DummyAuthn(None, "roger"))
ab.add("UserPwd",
UsernamePasswordMako(None, "login_as.mako", LOOKUP, PASSWD,
"%s/authorization" % base),
10, "http://%s" % socket.gethostname())
ab.add("BasicAuthn", BasicAuthnExtra(None, PASSWD), 10,
"http://%s" % socket.gethostname())
AUTHZSRV = authzsrv.OAuth2UmaAS(base, SessionDB(), CDB, ab, AUTHZ,
verify_client, "1234567890123456",
keyjar=None,
configuration=as_conf,
base_url=base,
client_info_url="%s/" % base,
client_authn_methods={
"client_secret_post": ClientSecretPost,
"client_secret_basic": ClientSecretBasic,
"bearer_header": BearerHeader})
cookie_handler.init_srv(AUTHZSRV)
init_keyjar(AUTHZSRV, KEYS, "static/jwk_as.json")
return AUTHZSRV示例13: test
def test(self):
ac = AuthnBroker()
issuer = "https://example.com/op"
CAS_SERVER = ""
SERVICE_URL = ""
LDAP = {
"uri": "ldaps://ldap.umu.se",
"base": "dc=umu, dc=se",
"filter_pattern": "(uid=%s)",
"user": "",
"passwd": "",
"attr": ["eduPersonScopedAffiliation", "eduPersonAffiliation"],
}
LDAP_EXTRAVALIDATION = {
"verify_attr": "eduPersonAffiliation",
"verify_attr_valid": ['employee', 'staff', 'student']
}
LDAP_EXTRAVALIDATION.update(LDAP)
ac.add(PASSWORD,
UsernamePasswordMako(None, "login.mako", LOOKUP, PASSWD,
"%s/authorization" % issuer),
10, "http://%s" % socket.gethostname())
try:
ac.add(PASSWORD,
CasAuthnMethod(
None, CAS_SERVER, SERVICE_URL,
"%s/authorization" % issuer,
UserLDAPMemberValidation(**LDAP_EXTRAVALIDATION)),
20, "http://%s" % socket.gethostname())
except Exception:
assert len(ac) == 1
else:
assert len(ac) == 2
res = ac.pick(PASSWORD)
assert res
# list of two 2-tuples
assert len(res) == 2
assert res[0][0].__class__.__name__ == "CasAuthnMethod"
assert res[1][0].__class__.__name__ == "UsernamePasswordMako"示例14: ResourceServer
ressrv = ResourceServer(DataSet(), registration_info=reginfo)
# -------------------- ResourceServer as Client ---------------------
rs_client = Client({}, {"client_authn_method": CLIENT_AUTHN_METHOD})
_me = ressrv.registration_info.copy()
_me["redirect_uris"] = ["https://rs.example.com/"]
# init authsrv
authzsrv = Provider("foo", SessionDB(), CDB, None, AUTHZ,
verify_client, "1234567890", keyjar=KeyJar())
authzsrv.baseurl = "https://as.example.com/"
AUTHN_BROKER = AuthnBroker()
AUTHN_BROKER.add(UNSPECIFIED, DummyAuthn(None, user="Linda"), 0,
"http://%s" % socket.gethostname())
# AUTHN_BROKER.add(PASSWORD,
# UsernamePasswordMako(
# None, "login.mako", LOOKUP, PASSWD,
# "%s/authorization" % authzsrv.baseurl),
# 10, "http://%s" % socket.gethostname())
AUTHN_BROKER.add(PASSWORD,
BasicAuthn(None, PASSWD),
10, "http://%s" % socket.gethostname())
authzsrv.set_authn_broker(AUTHN_BROKER)
ressrv.set_client(authzsrv.baseurl, rs_client)
示例15: main_setup
def main_setup(args, lookup=None):
sys.path.insert(0, ".")
config = importlib.import_module(args.config)
config.issuer = config.issuer % args.port
config.SERVICE_URL = config.SERVICE_URL % args.port
# Client data base
cdb = shelve.open(config.CLIENT_DB, writeback=True)
ac = AuthnBroker()
for authkey, value in list(config.AUTHENTICATION.items()):
authn = None
# if "UserPassword" == authkey:
# from oic.utils.authn.user import UsernamePasswordMako
# authn = UsernamePasswordMako(None, "login.mako", LOOKUP, PASSWD,
# "authorization")
if "NoAuthn" == authkey:
from oic.utils.authn.user import NoAuthn
authn = NoAuthn(None, user=config.AUTHENTICATION[authkey]["user"])
if authn is not None:
ac.add(config.AUTHENTICATION[authkey]["ACR"], authn,
config.AUTHENTICATION[authkey]["WEIGHT"])
# dealing with authorization
authz = AuthzHandling()
if config.USERINFO == "SIMPLE":
# User info is a simple dictionary in this case statically defined in
# the configuration file
userinfo = UserInfo(config.USERDB)
else:
userinfo = None
com_args = {
"name": config.issuer,
"baseurl": config.baseurl,
"cdb": cdb,
"authn_broker": ac,
"userinfo": userinfo,
"authz": authz,
"client_authn": verify_client,
"symkey": config.SYM_KEY,
"template_lookup": lookup,
"template": {"form_post": "form_response.mako"},
"jwks_name": "./static/jwks_{}.json"
}
# Should I care about verifying the certificates used by other entities
if args.insecure:
com_args["verify_ssl"] = False
else:
com_args["verify_ssl"] = True
try:
assert os.path.isfile(config.SERVER_CERT)
assert os.path.isfile(config.SERVER_KEY)
com_args['client_cert'] = (config.SERVER_CERT, config.SERVER_KEY)
except AttributeError:
pass
except AssertionError:
print("Can't access client certificate and/or client secret")
exit(-1)
op_arg = {}
try:
op_arg["cookie_ttl"] = config.COOKIETTL
except AttributeError:
pass
try:
op_arg["cookie_name"] = config.COOKIENAME
except AttributeError:
pass
# print URLS
if args.debug:
op_arg["debug"] = True
# All endpoints the OpenID Connect Provider should answer on
add_endpoints(ENDPOINTS)
op_arg["endpoints"] = ENDPOINTS
if args.port == 80:
_baseurl = config.baseurl
else:
if config.baseurl.endswith("/"):
config.baseurl = config.baseurl[:-1]
_baseurl = "%s:%d" % (config.baseurl, args.port)
if not _baseurl.endswith("/"):
_baseurl += "/"
op_arg["baseurl"] = _baseurl
# Add own keys for signing/encrypting JWTs
#.........这里部分代码省略.........