From e17b7a09b1da3e49eb2e1d98962799f06f4399c8 Mon Sep 17 00:00:00 2001
From: rohe0002 <roland.hedberg@adm.umu.se>
Date: Tue, 1 Nov 2011 12:59:20 +0100
Subject: [PATCH] Support for HTTPS certificate verification or not. Only do
 the IdP endpoint lookup once. Changed the assertion fragmentation to create
 247 chars pieces. Included the template directory in the distribution.
 Changed version number.

---
 MANIFEST.in       |  1 +
 etc/ecp_config.py | 12 +++++++++++-
 freeradius_ecp.py |  7 ++++---
 setup.py          |  2 +-
 4 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/MANIFEST.in b/MANIFEST.in
index 7b4d9b0..a102b0b 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -4,5 +4,6 @@ recursive-include template *.*
 recursive-include pki ssl.*
 recursive-include attributemaps *.py
 recursive-include attributemaps *.pyc
+recursive-include template *
 recursive-exclude template modules_python
 recursive-include etc *_config.py metadata.xml pysaml_config.py
diff --git a/etc/ecp_config.py b/etc/ecp_config.py
index 0e74bf0..923ca81 100644
--- a/etc/ecp_config.py
+++ b/etc/ecp_config.py
@@ -20,4 +20,14 @@ PASSWD = ""
 # If you don't want to used Basic-Auth you can place the username in a
 # header. This defines the header name
 
-USERNAME_HEADER = "X-Moonshot-Username"
\ No newline at end of file
+USERNAME_HEADER = "X-Moonshot-Username"
+
+# is the path of a file containing root CA certificates for SSL
+# server certificate validation.
+
+CA_CERTS = ""
+
+# If disable_ssl_certificate_validation is true, SSL cert validation will
+# not be performed.
+
+DISABLE_SSL_CERTIFICATE_VALIDATION = True
\ No newline at end of file
diff --git a/freeradius_ecp.py b/freeradius_ecp.py
index d80714b..85c9690 100644
--- a/freeradius_ecp.py
+++ b/freeradius_ecp.py
@@ -140,10 +140,11 @@ def authentication_request(cls, ecp, idp_entity_id, destination,
         except AttributeError:
             headers = None
 
-        print >> sys.stderr, "Headers: %s" % headers
+        print >> sys.stderr, "Headers: {0:>s}".format(headers)
             
         # send the request and receive the response
-        response = ecp.phase2(request, acsu, idp_entity_id, headers)
+        response = ecp.phase2(request, acsu, idp_entity_id, headers,
+                              destination)
     except Exception, exc:
         exception_trace("soap", exc, log)
         if log:
@@ -270,7 +271,7 @@ def post_auth(authData):
     attr = "SAML-AAA-Assertion"
     #attr = "UKERNA-Attr-%d" % 132
     #attr = "Vendor-%d-Attr-%d" % (25622, 132)
-    restup = (tuple([(attr, x) for x in eq_len_parts("%s" % _assertion, 248)]))
+    restup = (tuple([(attr, x) for x in eq_len_parts("%s" % _assertion, 247)]))
 
     return radiusd.RLM_MODULE_UPDATED, restup, None
 
diff --git a/setup.py b/setup.py
index 21b5f04..cc65778 100644
--- a/setup.py
+++ b/setup.py
@@ -14,7 +14,7 @@ def read(fname):
 
 setup(# Distribution meta-data
     name = "freeradius_pysaml2",
-    version = "0.0.5",
+    version = "0.0.6",
     description = "FreeRadius python modules to be used in Moonshot",
     author = "Roland Hedberg",
     author_email = "roland.hedberg@adm.umu.se",
-- 
2.1.4