moonshot ======== A python module usable in a Moonshot environment to allow a freeradius server to fetch information about a user from a SAML2 Attribute Authority. Installing ---------- sudo python setup.py install eventually also sudo easy_install moonshot When the python module is installed a couple of changes to the freeradius configuration are necessary. 1) create raddb/modules/python You can use the provided '/usr/local/etc/moonshot/template/modules_python' file as is. 2) Edit raddb/sites-available/default To the 'post-auth' section add one line referencing the python module. You can see how it can be done in '/usr/local/etc/moonshot/template/sites-available_default". 3) Edit raddb/sites-available/inner-tunnel. To the 'post-auth' section add one line referencing the python module. You can see how it can be done in '/usr/local/etc/moonshot/template/sites-available_inner-tunnel". Now, you should have the basic setup. To get it working you have to do a couple of more things: I) Get the SAML2 metadata for the Attribute Authority (AA) you want to use. Place it in the '/usr/local/etc/moonshot/' directory II) Change the configuration in /usr/local/etc/moonshot/config.py You must change the value of ATTRIBUTE_AUTHORITY so it is the identifier of the SAML2 AA you want to use. III) Change the configuration '/usr/local/etc/moonshot/pysaml_config.py'. A couple of things: BASE : This is the identifier of the SP (=this module) you are running. organization: Information about the organization running this service contact_person: Information about a person people can contact to ask about this service IV) Create your own key pair. A key and certificate can be created using the openssl tool: $ openssl genrsa 1024 > ssl.key $ openssl req -new -x509 -nodes -sha1 -days 365 -key ssl.key > ssl.cert $ sudo mv ssl.key ssl.cert /usr/local/etc/moonshot/pki If you chose other names for you key and cert you have to change accordingly in pysaml_config.py . V) Create the metadata file for your SP. $ make_metadata.py /usr/local/etc/moonshot/pysaml_config.py > sp.xml This file you have to give to the person/organization that runs the AA you want to get information from. !!! That should be it !!!