Support for adding user name to header field.

diff --git a/etc/ecp_config.py b/etc/ecp_config.py
index 933e1ee..0e74bf0 100644 (file)
--- a/etc/ecp_config.py
+++ b/etc/ecp_config.py
@@ -1,7 +1,7 @@
 # You shouldn't change this line unless you know what you are doing
 CONFIG = 'pysaml_config'                # PySAML2 Configuration file name
 
 # You shouldn't change this line unless you know what you are doing
 CONFIG = 'pysaml_config'                # PySAML2 Configuration file name
 

-METADATA_FILE="metadata.xml"
+METADATA_FILE="/usr/local/etc/moonshot/metadata.xml"

 
 DEBUG=0
 
 
 DEBUG=0
 


@@ -14,4 +14,10 @@ IDP_ENTITYID = "http://example.com/idp"
 
 # The password that should be used when authenticating with the IdP
 # This password will be used disregarding which user it is.
 
 # The password that should be used when authenticating with the IdP
 # This password will be used disregarding which user it is.

-PASSWD = "foobar"
\ No newline at end of file
+
+PASSWD = ""
+
+# If you don't want to used Basic-Auth you can place the username in a
+# header. This defines the header name
+
+USERNAME_HEADER = "X-Moonshot-Username"
\ No newline at end of file

diff --git a/freeradius_ecp.py b/freeradius_ecp.py
index 913289f..d80714b 100644 (file)
--- a/freeradius_ecp.py
+++ b/freeradius_ecp.py
@@ -78,7 +78,12 @@ def instantiate(p):
         return -1
 
     try:
         return -1
 
     try:

-        ECP = Client("", config.PASSWD, None,
+        try:
+            _passwd = config.PASSWD
+        except AttributeError:
+            _passwd = ""
+            
+        ECP = Client("", _passwd, None,

                      metadata_file=config.METADATA_FILE)
     except Exception, err:
         log(radiusd.L_ERR, str(err))
                      metadata_file=config.METADATA_FILE)
     except Exception, err:
         log(radiusd.L_ERR, str(err))


@@ -111,9 +116,9 @@ def authentication_request(cls, ecp, idp_entity_id, destination,
     session_id = sid()
     acsus = cls.config.endpoint('assertion_consumer_service',
                                 saml2.BINDING_PAOS)
     session_id = sid()
     acsus = cls.config.endpoint('assertion_consumer_service',
                                 saml2.BINDING_PAOS)

-    if not acsus:
-        if log:
-            log.error("Couldn't find own PAOS endpoint for")
+    if not acsus and log:
+        log.error("Couldn't find own PAOS endpoint")
+        

     acsu = acsus[0]
 
     spentityid = cls.config.entityid
     acsu = acsus[0]
 
     spentityid = cls.config.entityid


@@ -130,8 +135,15 @@ def authentication_request(cls, ecp, idp_entity_id, destination,
                                 nameid_format=saml.NAMEID_FORMAT_PERSISTENT)
 
     try:
                                 nameid_format=saml.NAMEID_FORMAT_PERSISTENT)
 
     try:

+        try:
+            headers = {config.USERNAME_HEADER: ecp.user}
+        except AttributeError:
+            headers = None
+
+        print >> sys.stderr, "Headers: %s" % headers
+            

         # send the request and receive the response
         # send the request and receive the response

-        response = ecp.phase2(request, acsu, idp_entity_id)
+        response = ecp.phase2(request, acsu, idp_entity_id, headers)

     except Exception, exc:
         exception_trace("soap", exc, log)
         if log:
     except Exception, exc:
         exception_trace("soap", exc, log)
         if log:


@@ -212,13 +224,12 @@ def post_auth(authData):
     _srv = "%s:%s" % (serviceName, hostName)
     log(radiusd.L_DBG, "Working on behalf of: %s" % _srv)
 
     _srv = "%s:%s" % (serviceName, hostName)
     log(radiusd.L_DBG, "Working on behalf of: %s" % _srv)
 

-

     # Find the endpoint to use
     sso_service = CLIENT.config.single_sign_on_services(config.IDP_ENTITYID,
                                                         saml2.BINDING_PAOS)
     if not sso_service:
         log(radiusd.L_DBG,
     # Find the endpoint to use
     sso_service = CLIENT.config.single_sign_on_services(config.IDP_ENTITYID,
                                                         saml2.BINDING_PAOS)
     if not sso_service:
         log(radiusd.L_DBG,

-            "Couldn't find an single sign on endpoint for: %s" % (
+            "Couldn't find an single-sign-on endpoint for: %s" % (

                 config.IDP_ENTITYID,))
         return radiusd.RLM_MODULE_FAIL
 
                 config.IDP_ENTITYID,))
         return radiusd.RLM_MODULE_FAIL
 


@@ -226,7 +237,7 @@ def post_auth(authData):
 
     log(radiusd.L_DBG, "location: %s" % location)
 
 
     log(radiusd.L_DBG, "location: %s" % location)
 

-    ECP.http.clear_credentials()
+    #ECP.http.clear_credentials()

     ECP.user = userName
     log(radiusd.L_DBG, "Login using user:%s password:'%s'" % (ECP.user,
                                                              ECP.passwd))
     ECP.user = userName
     log(radiusd.L_DBG, "Login using user:%s password:'%s'" % (ECP.user,
                                                              ECP.passwd))