3 A python module usable in a Moonshot environment to allow a freeradius server
4 to fetch information about a user from a SAML2 Attribute Authority.
9 sudo python setup.py install
13 sudo easy_install moonshot
15 When the python module is installed a couple of changes to the freeradius
16 configuration are necessary.
18 1) create raddb/modules/python
20 You can use the provided '/usr/local/etc/moonshot/template/modules_python' file
23 2) Edit raddb/sites-available/default
24 To the 'post-auth' section add one line referencing the python module.
25 You can see how it can be done in
26 '/usr/local/etc/moonshot/template/sites-available_default".
28 3) Edit raddb/sites-available/inner-tunnel.
29 To the 'post-auth' section add one line referencing the python module.
30 You can see how it can be done in
31 '/usr/local/etc/moonshot/template/sites-available_inner-tunnel".
34 Now, you should have the basic setup.
35 To get it working you have to do a couple of more things:
38 I) Get the SAML2 metadata for the Attribute Authority (AA) you want to use.
40 Place it in the '/usr/local/etc/moonshot/' directory
43 II) Change the configuration in /usr/local/etc/moonshot/config.py
45 You must change the value of ATTRIBUTE_AUTHORITY so it is the identifier of the
46 SAML2 AA you want to use.
49 III) Change the configuration '/usr/local/etc/moonshot/pysaml_config.py'.
52 BASE : This is the identifier of the SP (=this module) you are running.
54 organization: Information about the organization running this service
56 contact_person: Information about a person people can contact to ask about
60 IV) Create your own key pair.
62 A key and certificate can be created using the openssl tool:
63 $ openssl genrsa 1024 > ssl.key
64 $ openssl req -new -x509 -nodes -sha1 -days 365 -key ssl.key > ssl.cert
65 $ sudo mv ssl.key ssl.cert /usr/local/etc/moonshot/pki
67 If you chose other names for you key and cert you have to change accordingly
71 V) Create the metadata file for your SP.
73 $ make_metadata.py /usr/local/etc/moonshot/pysaml_config.py > sp.xml
74 This file you have to give to the person/organization that runs the AA you
75 want to get information from.
77 !!! That should be it !!!