-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathlocal_settings.py.example
244 lines (207 loc) · 7.42 KB
/
local_settings.py.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
#################################################################
# MET v2 Metadate Explorer Tool
#
# This Software is Open Source. See License: https://github.com/TERENA/met/blob/master/LICENSE.md
# Copyright (c) 2012, TERENA All rights reserved.
#
# This Software is based on MET v1 developed for TERENA by Yaco Sistemas, http://www.yaco.es/
# MET v2 was developed for TERENA by Tamim Ziai, DAASI International GmbH, http://www.daasi.de
# Current version of MET has been revised for performance improvements by Andrea Biancini,
# Consortium GARR, http://www.garr.it
#########################################################################################
import os
import saml2
HOSTNAME = os.environ.get('HOSTNAME')
BASEURL = os.environ.get('BASEURL')
BASEDIR = os.path.abspath(os.path.dirname(__file__))
MYSQLPOOL_BACKEND = 'QueuePool'
MYSQLPOOL_ARGUMENTS = {
'use_threadlocal': False,
'pool_size': 5,
'max_overflow': 10,
}
ADMINS = (
# ('Your Name', 'your_email@example.com'),
)
INTERNAL_IPS = ('192.168.122.1',)
ALLOWED_HOSTS = ('met.mi.garr.it',)
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.dummy.DummyCache',
}
}
SAML_CREATE_UNKNOWN_USER = True
SAML_DJANGO_USER_MAIN_ATTRIBUTE = 'username'
SAML_ATTRIBUTE_MAPPING = {
'eduPersonPrincipalName': ('username',) ,
'mail': ('email', ),
'givenName': ('first_name', ),
'sn': ('last_name', ),
}
ORGANIZATION_NAME = 'Your organization'
SAML2DIR = os.path.join(BASEDIR, 'saml2')
LOGIN_URL = '%s%s/saml2/login' % (HOSTNAME, BASEURL)
LOGOUT_URL = '%s%s/met/logout' % (HOSTNAME, BASEURL)
LOGIN_REDIRECT_URL = '%s%s/' % (HOSTNAME, BASEURL)
LOCAL_DS = '%s%s/ds/' % (HOSTNAME, BASEURL)
GLOBAL_DS = 'https://service.seamlessaccess.org/ds/'
SAML_DESCRIPTION = 'Metadata Explorer Tool'
SAML_ENTITYID = '%s%s/saml2/metadata/' % (HOSTNAME, BASEURL)
SAML_CONFIG = {
# full path to the xmlsec1 binary programm
'xmlsec_binary': '/usr/bin/xmlsec1',
# your entity id, usually your subdomain plus the url to the metadata view
'entityid': SAML_ENTITYID,
# directory with attribute mapping
'attribute_map_dir': os.path.join(SAML2DIR, 'attribute-maps'),
# Permits to have attributes not configured in attribute-mappings
# otherwise...without OID will be rejected
'allow_unknown_attributes': True,
'name': SAML_DESCRIPTION,
# this block states what services we provide
'service': {
# we are just a lonely SP
'sp': {
'endpoints': {
# url and binding to the assetion consumer service view
# do not change the binding or service name
'assertion_consumer_service': [
('%s%s/saml2/acs/' % (HOSTNAME, BASEURL),
saml2.BINDING_HTTP_POST),
],
# url and binding to the single logout service view
# do not change the binding or service name
'single_logout_service': [
('%s%s/saml2/ls/' % (HOSTNAME, BASEURL),
saml2.BINDING_HTTP_REDIRECT),
],
},
#MDUI info to be used to customize UI of federation services
'ui_info': {
'display_name': {
'text': SAML_DESCRIPTION,
'lang': 'en',
},
'description': {
'text': 'Metadata Explorer Tool is a fast way to find federations, entities and his relations through entity/federation metadata file information.',
'lang': 'en',
},
'information_url': {
'text': '%s%s/static/doc' % (HOSTNAME, BASEURL),
'lang': 'en',
},
'privacy_statement_url': {
'text': '%s%s/static/privacy.html' % (HOSTNAME, BASEURL),
'lang': 'en',
},
},
# This is commented to be compatible with simplesamlphp
# attributes that this project need to identify a user
'required_attributes': ['eduPersonPrincipalName', 'mail'],
# attributes that may be useful to have but not required
'optional_attributes': ['givenName', 'sn'],
# When set to true, the SP will consume unsolicited SAML
# Responses, i.e. SAML Responses for which it has not sent
# a respective SAML Authentication Request.
'allow_unsolicited': True,
# Extensions for request initiator
'extensions': {
'reqinit': {
'RequestInitiator': {
'Binding': 'urn:oasis:names:tc:SAML:profiles:SSO:request-init',
'Location': "%s%s" % (HOSTNAME, LOGIN_URL),
},
},
},
# in this section the list of IdPs we talk to are defined
#'idp': {
# # we do not need a WAYF service since there is
# # only an IdP defined here. This IdP should be
# # present in our metadata
#
# # the keys of this dictionary are entity ids
# 'https://idp-hostname.example.com/idp/shibboleth': {
# 'single_sign_on_service': {
# saml2.BINDING_HTTP_REDIRECT: 'https://idp-hostname.example.com/idp/profile/Shibboleth/SSO',
# },
# 'single_logout_service': {
# saml2.BINDING_HTTP_REDIRECT: 'https://idp-hostname.example.com/idp/profile/Shibboleth/Logout',
# },
# },
#},
},
},
# where the remote metadata is stored
'metadata': {
'local': [
os.path.join(SAML2DIR, 'remote_metadata.xml'),
os.path.join(SAML2DIR, 'edugain_metadata.xml'),
],
},
# set to 1 to output debugging information
'debug': 1,
# certificate
'key_file': os.path.join(SAML2DIR, 'certs/server.key'), # private part
'cert_file': os.path.join(SAML2DIR, 'certs/server.crt'), # public part
# own metadata settings
'contact_person': [
{'given_name': 'Sysadmin',
'sur_name': '',
'company': 'Example CO',
'email_address': 'sysadmin@example.com',
'contact_type': 'technical'},
{'given_name': 'Admin',
'sur_name': 'CEO',
'company': 'Example CO',
'email_address': 'admin@example.com',
'contact_type': 'administrative'},
],
# you can set multilanguage information here
'organization': {
'name': [('Example CO', 'es'), ('Example CO', 'en')],
'display_name': [('Example', 'es'), ('Example', 'en')],
'url': [('http://www.example.com', 'es'), ('http://www.example.com', 'en')],
},
}
DJANGO_FEDERATIONS = ['edugain']
DJANGO_ADDITIONAL_IDPS = [
{
'entityID': 'https://idp-hostname.example.com/idp/shibboleth',
'title': 'IdP example',
'icon': 'openidp.png',
'descr': 'Example IdP',
'country': '_all_',
'weight': -5,
'keywords': ['Example', 'Test'],
},
]
SLACK_CONFIG = {
'token': '###SLACK_API_TOKEN',
'channel': '#devops',
}
MAIL_CONFIG = {
# Email server name
'email_server': 'mailserver.daasi.de',
# Email server port number
'email_server_port': None,
# Login password authenticate
'login_type': 'LOGIN PLAIN',
# Username to be used to login to SMTP
'username': None,
# Password to be used to login to SMTP
'password': None,
# Addressee email address
'to_email_address': ['tamim.ziai@daasi.de'],
# own email address
'from_email_address': 'met@refeds.org',
# Subject for metadata refresh error
'refresh_subject': 'Metadata failure for federation %s',
# Subject for comments
'comment_subject': 'Comment for entity \'%s\'',
# Subject for I'd like ...
'proposal_subject': 'Proposal for gathering the entity %s in a federation',
# Body for I'd like ...
'proposal_body': 'I\'d like the entity %s to be gathered in the following federation(s):%s\n\nComment:\n%s',
}
OWA_BASEURL = 'https://localhost/owa'
OWA_SITEID = ''