diff --git a/frontend/src/pages/org-admin/org-saml-config.js b/frontend/src/pages/org-admin/org-saml-config.js index e010d8e620..41a209842f 100644 --- a/frontend/src/pages/org-admin/org-saml-config.js +++ b/frontend/src/pages/org-admin/org-saml-config.js @@ -21,9 +21,6 @@ class OrgSAMLConfig extends Component { newUrlPrefix: '', orgUrlPrefix: '', metadataUrl: '', - singleSignOnService: '', - singleLogoutService: '', - validDays: '', isBtnsShown: false, }; } @@ -34,7 +31,6 @@ class OrgSAMLConfig extends Component { hideBtns = () => { if (!this.state.isBtnsShown) return; - if (this.state.newUrlPrefix !== this.state.orgUrlPrefix) { this.setState({newUrlPrefix: this.state.orgUrlPrefix}); } @@ -65,10 +61,6 @@ class OrgSAMLConfig extends Component { this.setState({singleLogoutService: e.target.value}); } - inputValidDays = (e) => { - this.setState({validDays: e.target.value}); - } - componentDidMount() { seafileAPI.orgAdminGetUrlPrefix(orgID).then((res) => { this.setState({ @@ -80,9 +72,6 @@ class OrgSAMLConfig extends Component { loading: false, samlConfigID: res.data.saml_config.id || '', metadataUrl: res.data.saml_config.metadata_url || '', - singleSignOnService: res.data.saml_config.single_sign_on_service || '', - singleLogoutService: res.data.saml_config.single_logout_service || '', - validDays: res.data.saml_config.valid_days || '', }); }).catch(error => { this.setState({ @@ -121,24 +110,12 @@ class OrgSAMLConfig extends Component { }); } - postIdpMetadataXml = (file) => { - seafileAPI.orgAdminUploadIdpMetadataXml(orgID, file).then(() => { - toaster.success(gettext('Success')); - }).catch((error) => { - let errMessage = Utils.getErrorMsg(error); - toaster.danger(errMessage); - }); - } - addSamlConfig = () => { - const { metadataUrl, singleSignOnService, singleLogoutService, validDays } = this.state; - seafileAPI.orgAdminAddSamlConfig(orgID, metadataUrl, singleSignOnService, singleLogoutService, validDays).then((res) => { + const { metadataUrl } = this.state; + seafileAPI.orgAdminAddSamlConfig(orgID, metadataUrl).then((res) => { this.setState({ samlConfigID: res.data.saml_config.id, metadataUrl: res.data.saml_config.metadata_url, - singleSignOnService: res.data.saml_config.single_sign_on_service, - singleLogoutService: res.data.saml_config.single_logout_service, - validDays: res.data.saml_config.valid_days, }); toaster.success(gettext('Success')); }).catch((error) => { @@ -148,14 +125,11 @@ class OrgSAMLConfig extends Component { } updateSamlConfig = () => { - const { metadataUrl, singleSignOnService, singleLogoutService, validDays } = this.state; - seafileAPI.orgAdminUpdateSamlConfig(orgID, metadataUrl, singleSignOnService, singleLogoutService, validDays).then((res) => { + const { metadataUrl } = this.state; + seafileAPI.orgAdminUpdateSamlConfig(orgID, metadataUrl).then((res) => { this.setState({ samlConfigID: res.data.saml_config.id, metadataUrl: res.data.saml_config.metadata_url, - singleSignOnService: res.data.saml_config.single_sign_on_service, - singleLogoutService: res.data.saml_config.single_logout_service, - validDays: res.data.saml_config.valid_days, }); toaster.success(gettext('Success')); }).catch((error) => { @@ -169,9 +143,6 @@ class OrgSAMLConfig extends Component { this.setState({ samlConfigID: '', metadataUrl: '', - singleSignOnService: '', - singleLogoutService: '', - validDays: '', }); toaster.success(gettext('Success')); }).catch((error) => { @@ -181,7 +152,7 @@ class OrgSAMLConfig extends Component { } render() { - const { loading, errorMsg, samlConfigID, newUrlPrefix, metadataUrl, singleSignOnService, singleLogoutService, validDays, isBtnsShown } = this.state; + const { loading, errorMsg, samlConfigID, newUrlPrefix, metadataUrl, isBtnsShown } = this.state; return ( @@ -224,21 +195,6 @@ class OrgSAMLConfig extends Component { changeValue={this.inputMetadataUrl} displayName={gettext('App Federation Metadata URL')} /> - - - {samlConfigID ? @@ -256,16 +212,10 @@ class OrgSAMLConfig extends Component {
- - - - +
} diff --git a/frontend/src/pages/org-admin/side-panel.js b/frontend/src/pages/org-admin/side-panel.js index f17326c962..2f09b6b187 100644 --- a/frontend/src/pages/org-admin/side-panel.js +++ b/frontend/src/pages/org-admin/side-panel.js @@ -2,7 +2,7 @@ import React from 'react'; import PropTypes from 'prop-types'; import { Link } from '@gatsbyjs/reach-router'; import Logo from '../../components/logo'; -import { gettext, siteRoot } from '../../utils/constants'; +import { gettext, siteRoot, enableMultiADFS } from '../../utils/constants'; const propTypes = { isSidePanelClosed: PropTypes.bool.isRequired, @@ -92,12 +92,14 @@ class SidePanel extends React.Component { {gettext('Logs')} -
  • - this.tabItemClick('SAML config')} > - - {gettext('SAML config')} - -
    • + {enableMultiADFS && +
  • + this.tabItemClick('SAML config')} > + + {gettext('SAML config')} + +
    • + } diff --git a/frontend/src/utils/constants.js b/frontend/src/utils/constants.js index 2a9091f527..7ea531c9de 100644 --- a/frontend/src/utils/constants.js +++ b/frontend/src/utils/constants.js @@ -138,6 +138,7 @@ export const invitationLink = window.org ? window.org.pageOptions.invitationLink export const orgMemberQuotaEnabled = window.org ? window.org.pageOptions.orgMemberQuotaEnabled : ''; export const orgEnableAdminCustomLogo = window.org ? window.org.pageOptions.orgEnableAdminCustomLogo === 'True' : false; export const orgEnableAdminCustomName = window.org ? window.org.pageOptions.orgEnableAdminCustomName === 'True' : false; +export const enableMultiADFS = window.org ? window.org.pageOptions.enableMultiADFS === 'True' : false; // sys admin export const constanceEnabled = window.sysadmin ? window.sysadmin.pageOptions.constance_enabled : ''; diff --git a/scripts/upgrade/sql/10.0.0/mysql/seahub.sql b/scripts/upgrade/sql/10.0.0/mysql/seahub.sql index 1409442d1f..12a75bd8fe 100644 --- a/scripts/upgrade/sql/10.0.0/mysql/seahub.sql +++ b/scripts/upgrade/sql/10.0.0/mysql/seahub.sql @@ -2,9 +2,6 @@ CREATE TABLE IF NOT EXISTS `org_saml_config` ( `id` int(11) NOT NULL AUTO_INCREMENT, `org_id` int(11) NOT NULL, `metadata_url` longtext NOT NULL, - `single_sign_on_service` longtext NOT NULL, - `single_logout_service` longtext NOT NULL, - `valid_days` int(11) NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `org_id` (`org_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; diff --git a/scripts/upgrade/sql/10.0.0/sqlite3/seahub.sql b/scripts/upgrade/sql/10.0.0/sqlite3/seahub.sql index c6902b31e0..890386c1fd 100644 --- a/scripts/upgrade/sql/10.0.0/sqlite3/seahub.sql +++ b/scripts/upgrade/sql/10.0.0/sqlite3/seahub.sql @@ -1,4 +1,4 @@ -CREATE TABLE IF NOT EXISTS "org_saml_config" ("id" integer NOT NULL PRIMARY KEY AUTOINCREMENT, "org_id" integer NOT NULL UNIQUE, "metadata_url" TEXT NOT NULL, "single_sign_on_service" TEXT NOT NULL, "single_logout_service" TEXT NOT NULL, "valid_days" integer NOT NULL); +CREATE TABLE IF NOT EXISTS "org_saml_config" ("id" integer NOT NULL PRIMARY KEY AUTOINCREMENT, "org_id" integer NOT NULL UNIQUE, "metadata_url" TEXT NOT NULL); CREATE TABLE IF NOT EXISTS "base_usermonitoredrepos" ("id" integer NOT NULL PRIMARY KEY AUTOINCREMENT, "email" varchar(254) NOT NULL, "repo_id" varchar(36) NOT NULL, "timestamp" datetime NOT NULL, UNIQUE ("email", "repo_id")); CREATE INDEX IF NOT EXISTS "base_usermonitoredrepos_email_55ead1b9" ON "base_usermonitoredrepos" ("email"); diff --git a/seahub/adfs_auth/attribute-maps/basic.py b/seahub/adfs_auth/attribute-maps/basic.py index 9311d54715..a6a65743de 100644 --- a/seahub/adfs_auth/attribute-maps/basic.py +++ b/seahub/adfs_auth/attribute-maps/basic.py @@ -1,326 +1,325 @@ - MAP = { "identifier": "urn:oasis:names:tc:SAML:2.0:attrname-format:basic", "fro": { - 'urn:mace:dir:attribute-def:aRecord': 'aRecord', - 'urn:mace:dir:attribute-def:aliasedEntryName': 'aliasedEntryName', - 'urn:mace:dir:attribute-def:aliasedObjectName': 'aliasedObjectName', - 'urn:mace:dir:attribute-def:associatedDomain': 'associatedDomain', - 'urn:mace:dir:attribute-def:associatedName': 'associatedName', - 'urn:mace:dir:attribute-def:audio': 'audio', - 'urn:mace:dir:attribute-def:authorityRevocationList': 'authorityRevocationList', - 'urn:mace:dir:attribute-def:buildingName': 'buildingName', - 'urn:mace:dir:attribute-def:businessCategory': 'businessCategory', - 'urn:mace:dir:attribute-def:c': 'c', - 'urn:mace:dir:attribute-def:cACertificate': 'cACertificate', - 'urn:mace:dir:attribute-def:cNAMERecord': 'cNAMERecord', - 'urn:mace:dir:attribute-def:carLicense': 'carLicense', - 'urn:mace:dir:attribute-def:certificateRevocationList': 'certificateRevocationList', - 'urn:mace:dir:attribute-def:cn': 'cn', - 'urn:mace:dir:attribute-def:co': 'co', - 'urn:mace:dir:attribute-def:commonName': 'commonName', - 'urn:mace:dir:attribute-def:countryName': 'countryName', - 'urn:mace:dir:attribute-def:crossCertificatePair': 'crossCertificatePair', - 'urn:mace:dir:attribute-def:dITRedirect': 'dITRedirect', - 'urn:mace:dir:attribute-def:dSAQuality': 'dSAQuality', - 'urn:mace:dir:attribute-def:dc': 'dc', - 'urn:mace:dir:attribute-def:deltaRevocationList': 'deltaRevocationList', - 'urn:mace:dir:attribute-def:departmentNumber': 'departmentNumber', - 'urn:mace:dir:attribute-def:description': 'description', - 'urn:mace:dir:attribute-def:destinationIndicator': 'destinationIndicator', - 'urn:mace:dir:attribute-def:displayName': 'displayName', - 'urn:mace:dir:attribute-def:distinguishedName': 'distinguishedName', - 'urn:mace:dir:attribute-def:dmdName': 'dmdName', - 'urn:mace:dir:attribute-def:dnQualifier': 'dnQualifier', - 'urn:mace:dir:attribute-def:documentAuthor': 'documentAuthor', - 'urn:mace:dir:attribute-def:documentIdentifier': 'documentIdentifier', - 'urn:mace:dir:attribute-def:documentLocation': 'documentLocation', - 'urn:mace:dir:attribute-def:documentPublisher': 'documentPublisher', - 'urn:mace:dir:attribute-def:documentTitle': 'documentTitle', - 'urn:mace:dir:attribute-def:documentVersion': 'documentVersion', - 'urn:mace:dir:attribute-def:domainComponent': 'domainComponent', - 'urn:mace:dir:attribute-def:drink': 'drink', - 'urn:mace:dir:attribute-def:eduOrgHomePageURI': 'eduOrgHomePageURI', - 'urn:mace:dir:attribute-def:eduOrgIdentityAuthNPolicyURI': 'eduOrgIdentityAuthNPolicyURI', - 'urn:mace:dir:attribute-def:eduOrgLegalName': 'eduOrgLegalName', - 'urn:mace:dir:attribute-def:eduOrgSuperiorURI': 'eduOrgSuperiorURI', - 'urn:mace:dir:attribute-def:eduOrgWhitePagesURI': 'eduOrgWhitePagesURI', - 'urn:mace:dir:attribute-def:eduPersonAffiliation': 'eduPersonAffiliation', - 'urn:mace:dir:attribute-def:eduPersonEntitlement': 'eduPersonEntitlement', - 'urn:mace:dir:attribute-def:eduPersonNickname': 'eduPersonNickname', - 'urn:mace:dir:attribute-def:eduPersonOrgDN': 'eduPersonOrgDN', - 'urn:mace:dir:attribute-def:eduPersonOrgUnitDN': 'eduPersonOrgUnitDN', - 'urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation': 'eduPersonPrimaryAffiliation', - 'urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN': 'eduPersonPrimaryOrgUnitDN', - 'urn:mace:dir:attribute-def:eduPersonPrincipalName': 'eduPersonPrincipalName', - 'urn:mace:dir:attribute-def:eduPersonScopedAffiliation': 'eduPersonScopedAffiliation', - 'urn:mace:dir:attribute-def:eduPersonTargetedID': 'eduPersonTargetedID', - 'urn:mace:dir:attribute-def:email': 'email', - 'urn:mace:dir:attribute-def:emailAddress': 'emailAddress', - 'urn:mace:dir:attribute-def:employeeNumber': 'employeeNumber', - 'urn:mace:dir:attribute-def:employeeType': 'employeeType', - 'urn:mace:dir:attribute-def:enhancedSearchGuide': 'enhancedSearchGuide', - 'urn:mace:dir:attribute-def:facsimileTelephoneNumber': 'facsimileTelephoneNumber', - 'urn:mace:dir:attribute-def:favouriteDrink': 'favouriteDrink', - 'urn:mace:dir:attribute-def:fax': 'fax', - 'urn:mace:dir:attribute-def:federationFeideSchemaVersion': 'federationFeideSchemaVersion', - 'urn:mace:dir:attribute-def:friendlyCountryName': 'friendlyCountryName', - 'urn:mace:dir:attribute-def:generationQualifier': 'generationQualifier', - 'urn:mace:dir:attribute-def:givenName': 'givenName', - 'urn:mace:dir:attribute-def:gn': 'gn', - 'urn:mace:dir:attribute-def:homePhone': 'homePhone', - 'urn:mace:dir:attribute-def:homePostalAddress': 'homePostalAddress', - 'urn:mace:dir:attribute-def:homeTelephoneNumber': 'homeTelephoneNumber', - 'urn:mace:dir:attribute-def:host': 'host', - 'urn:mace:dir:attribute-def:houseIdentifier': 'houseIdentifier', - 'urn:mace:dir:attribute-def:info': 'info', - 'urn:mace:dir:attribute-def:initials': 'initials', - 'urn:mace:dir:attribute-def:internationaliSDNNumber': 'internationaliSDNNumber', - 'urn:mace:dir:attribute-def:janetMailbox': 'janetMailbox', - 'urn:mace:dir:attribute-def:jpegPhoto': 'jpegPhoto', - 'urn:mace:dir:attribute-def:knowledgeInformation': 'knowledgeInformation', - 'urn:mace:dir:attribute-def:l': 'l', - 'urn:mace:dir:attribute-def:labeledURI': 'labeledURI', - 'urn:mace:dir:attribute-def:localityName': 'localityName', - 'urn:mace:dir:attribute-def:mDRecord': 'mDRecord', - 'urn:mace:dir:attribute-def:mXRecord': 'mXRecord', - 'urn:mace:dir:attribute-def:mail': 'mail', - 'urn:mace:dir:attribute-def:mailPreferenceOption': 'mailPreferenceOption', - 'urn:mace:dir:attribute-def:manager': 'manager', - 'urn:mace:dir:attribute-def:member': 'member', - 'urn:mace:dir:attribute-def:mobile': 'mobile', - 'urn:mace:dir:attribute-def:mobileTelephoneNumber': 'mobileTelephoneNumber', - 'urn:mace:dir:attribute-def:nSRecord': 'nSRecord', - 'urn:mace:dir:attribute-def:name': 'name', - 'urn:mace:dir:attribute-def:norEduOrgAcronym': 'norEduOrgAcronym', - 'urn:mace:dir:attribute-def:norEduOrgNIN': 'norEduOrgNIN', - 'urn:mace:dir:attribute-def:norEduOrgSchemaVersion': 'norEduOrgSchemaVersion', - 'urn:mace:dir:attribute-def:norEduOrgUniqueIdentifier': 'norEduOrgUniqueIdentifier', - 'urn:mace:dir:attribute-def:norEduOrgUniqueNumber': 'norEduOrgUniqueNumber', - 'urn:mace:dir:attribute-def:norEduOrgUnitUniqueIdentifier': 'norEduOrgUnitUniqueIdentifier', - 'urn:mace:dir:attribute-def:norEduOrgUnitUniqueNumber': 'norEduOrgUnitUniqueNumber', - 'urn:mace:dir:attribute-def:norEduPersonBirthDate': 'norEduPersonBirthDate', - 'urn:mace:dir:attribute-def:norEduPersonLIN': 'norEduPersonLIN', - 'urn:mace:dir:attribute-def:norEduPersonNIN': 'norEduPersonNIN', - 'urn:mace:dir:attribute-def:o': 'o', - 'urn:mace:dir:attribute-def:objectClass': 'objectClass', - 'urn:mace:dir:attribute-def:organizationName': 'organizationName', - 'urn:mace:dir:attribute-def:organizationalStatus': 'organizationalStatus', - 'urn:mace:dir:attribute-def:organizationalUnitName': 'organizationalUnitName', - 'urn:mace:dir:attribute-def:otherMailbox': 'otherMailbox', - 'urn:mace:dir:attribute-def:ou': 'ou', - 'urn:mace:dir:attribute-def:owner': 'owner', - 'urn:mace:dir:attribute-def:pager': 'pager', - 'urn:mace:dir:attribute-def:pagerTelephoneNumber': 'pagerTelephoneNumber', - 'urn:mace:dir:attribute-def:personalSignature': 'personalSignature', - 'urn:mace:dir:attribute-def:personalTitle': 'personalTitle', - 'urn:mace:dir:attribute-def:photo': 'photo', - 'urn:mace:dir:attribute-def:physicalDeliveryOfficeName': 'physicalDeliveryOfficeName', - 'urn:mace:dir:attribute-def:pkcs9email': 'pkcs9email', - 'urn:mace:dir:attribute-def:postOfficeBox': 'postOfficeBox', - 'urn:mace:dir:attribute-def:postalAddress': 'postalAddress', - 'urn:mace:dir:attribute-def:postalCode': 'postalCode', - 'urn:mace:dir:attribute-def:preferredDeliveryMethod': 'preferredDeliveryMethod', - 'urn:mace:dir:attribute-def:preferredLanguage': 'preferredLanguage', - 'urn:mace:dir:attribute-def:presentationAddress': 'presentationAddress', - 'urn:mace:dir:attribute-def:protocolInformation': 'protocolInformation', - 'urn:mace:dir:attribute-def:pseudonym': 'pseudonym', - 'urn:mace:dir:attribute-def:registeredAddress': 'registeredAddress', - 'urn:mace:dir:attribute-def:rfc822Mailbox': 'rfc822Mailbox', - 'urn:mace:dir:attribute-def:roleOccupant': 'roleOccupant', - 'urn:mace:dir:attribute-def:roomNumber': 'roomNumber', - 'urn:mace:dir:attribute-def:sOARecord': 'sOARecord', - 'urn:mace:dir:attribute-def:searchGuide': 'searchGuide', - 'urn:mace:dir:attribute-def:secretary': 'secretary', - 'urn:mace:dir:attribute-def:seeAlso': 'seeAlso', - 'urn:mace:dir:attribute-def:serialNumber': 'serialNumber', - 'urn:mace:dir:attribute-def:singleLevelQuality': 'singleLevelQuality', - 'urn:mace:dir:attribute-def:sn': 'sn', - 'urn:mace:dir:attribute-def:st': 'st', - 'urn:mace:dir:attribute-def:stateOrProvinceName': 'stateOrProvinceName', - 'urn:mace:dir:attribute-def:street': 'street', - 'urn:mace:dir:attribute-def:streetAddress': 'streetAddress', - 'urn:mace:dir:attribute-def:subtreeMaximumQuality': 'subtreeMaximumQuality', - 'urn:mace:dir:attribute-def:subtreeMinimumQuality': 'subtreeMinimumQuality', - 'urn:mace:dir:attribute-def:supportedAlgorithms': 'supportedAlgorithms', - 'urn:mace:dir:attribute-def:supportedApplicationContext': 'supportedApplicationContext', - 'urn:mace:dir:attribute-def:surname': 'surname', - 'urn:mace:dir:attribute-def:telephoneNumber': 'telephoneNumber', - 'urn:mace:dir:attribute-def:teletexTerminalIdentifier': 'teletexTerminalIdentifier', - 'urn:mace:dir:attribute-def:telexNumber': 'telexNumber', - 'urn:mace:dir:attribute-def:textEncodedORAddress': 'textEncodedORAddress', - 'urn:mace:dir:attribute-def:title': 'title', - 'urn:mace:dir:attribute-def:uid': 'uid', - 'urn:mace:dir:attribute-def:uniqueIdentifier': 'uniqueIdentifier', - 'urn:mace:dir:attribute-def:uniqueMember': 'uniqueMember', - 'urn:mace:dir:attribute-def:userCertificate': 'userCertificate', - 'urn:mace:dir:attribute-def:userClass': 'userClass', - 'urn:mace:dir:attribute-def:userPKCS12': 'userPKCS12', - 'urn:mace:dir:attribute-def:userPassword': 'userPassword', - 'urn:mace:dir:attribute-def:userSMIMECertificate': 'userSMIMECertificate', - 'urn:mace:dir:attribute-def:userid': 'userid', - 'urn:mace:dir:attribute-def:x121Address': 'x121Address', - 'urn:mace:dir:attribute-def:x500UniqueIdentifier': 'x500UniqueIdentifier', - }, + "urn:mace:dir:attribute-def:aRecord": "aRecord", + "urn:mace:dir:attribute-def:aliasedEntryName": "aliasedEntryName", + "urn:mace:dir:attribute-def:aliasedObjectName": "aliasedObjectName", + "urn:mace:dir:attribute-def:associatedDomain": "associatedDomain", + "urn:mace:dir:attribute-def:associatedName": "associatedName", + "urn:mace:dir:attribute-def:audio": "audio", + "urn:mace:dir:attribute-def:authorityRevocationList": "authorityRevocationList", + "urn:mace:dir:attribute-def:buildingName": "buildingName", + "urn:mace:dir:attribute-def:businessCategory": "businessCategory", + "urn:mace:dir:attribute-def:c": "c", + "urn:mace:dir:attribute-def:cACertificate": "cACertificate", + "urn:mace:dir:attribute-def:cNAMERecord": "cNAMERecord", + "urn:mace:dir:attribute-def:carLicense": "carLicense", + "urn:mace:dir:attribute-def:certificateRevocationList": "certificateRevocationList", + "urn:mace:dir:attribute-def:cn": "cn", + "urn:mace:dir:attribute-def:co": "co", + "urn:mace:dir:attribute-def:commonName": "commonName", + "urn:mace:dir:attribute-def:countryName": "countryName", + "urn:mace:dir:attribute-def:crossCertificatePair": "crossCertificatePair", + "urn:mace:dir:attribute-def:dITRedirect": "dITRedirect", + "urn:mace:dir:attribute-def:dSAQuality": "dSAQuality", + "urn:mace:dir:attribute-def:dc": "dc", + "urn:mace:dir:attribute-def:deltaRevocationList": "deltaRevocationList", + "urn:mace:dir:attribute-def:departmentNumber": "departmentNumber", + "urn:mace:dir:attribute-def:description": "description", + "urn:mace:dir:attribute-def:destinationIndicator": "destinationIndicator", + "urn:mace:dir:attribute-def:displayName": "displayName", + "urn:mace:dir:attribute-def:distinguishedName": "distinguishedName", + "urn:mace:dir:attribute-def:dmdName": "dmdName", + "urn:mace:dir:attribute-def:dnQualifier": "dnQualifier", + "urn:mace:dir:attribute-def:documentAuthor": "documentAuthor", + "urn:mace:dir:attribute-def:documentIdentifier": "documentIdentifier", + "urn:mace:dir:attribute-def:documentLocation": "documentLocation", + "urn:mace:dir:attribute-def:documentPublisher": "documentPublisher", + "urn:mace:dir:attribute-def:documentTitle": "documentTitle", + "urn:mace:dir:attribute-def:documentVersion": "documentVersion", + "urn:mace:dir:attribute-def:domainComponent": "domainComponent", + "urn:mace:dir:attribute-def:drink": "drink", + "urn:mace:dir:attribute-def:eduOrgHomePageURI": "eduOrgHomePageURI", + "urn:mace:dir:attribute-def:eduOrgIdentityAuthNPolicyURI": "eduOrgIdentityAuthNPolicyURI", + "urn:mace:dir:attribute-def:eduOrgLegalName": "eduOrgLegalName", + "urn:mace:dir:attribute-def:eduOrgSuperiorURI": "eduOrgSuperiorURI", + "urn:mace:dir:attribute-def:eduOrgWhitePagesURI": "eduOrgWhitePagesURI", + "urn:mace:dir:attribute-def:eduPersonAffiliation": "eduPersonAffiliation", + "urn:mace:dir:attribute-def:eduPersonEntitlement": "eduPersonEntitlement", + "urn:mace:dir:attribute-def:eduPersonNickname": "eduPersonNickname", + "urn:mace:dir:attribute-def:eduPersonOrgDN": "eduPersonOrgDN", + "urn:mace:dir:attribute-def:eduPersonOrgUnitDN": "eduPersonOrgUnitDN", + "urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation": "eduPersonPrimaryAffiliation", + "urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN": "eduPersonPrimaryOrgUnitDN", + "urn:mace:dir:attribute-def:eduPersonPrincipalName": "eduPersonPrincipalName", + "urn:mace:dir:attribute-def:eduPersonScopedAffiliation": "eduPersonScopedAffiliation", + "urn:mace:dir:attribute-def:eduPersonTargetedID": "eduPersonTargetedID", + "urn:mace:dir:attribute-def:email": "email", + "urn:mace:dir:attribute-def:emailAddress": "emailAddress", + "urn:mace:dir:attribute-def:employeeNumber": "employeeNumber", + "urn:mace:dir:attribute-def:employeeType": "employeeType", + "urn:mace:dir:attribute-def:enhancedSearchGuide": "enhancedSearchGuide", + "urn:mace:dir:attribute-def:facsimileTelephoneNumber": "facsimileTelephoneNumber", + "urn:mace:dir:attribute-def:favouriteDrink": "favouriteDrink", + "urn:mace:dir:attribute-def:fax": "fax", + "urn:mace:dir:attribute-def:federationFeideSchemaVersion": "federationFeideSchemaVersion", + "urn:mace:dir:attribute-def:friendlyCountryName": "friendlyCountryName", + "urn:mace:dir:attribute-def:generationQualifier": "generationQualifier", + "urn:mace:dir:attribute-def:givenName": "givenName", + "urn:mace:dir:attribute-def:gn": "gn", + "urn:mace:dir:attribute-def:homePhone": "homePhone", + "urn:mace:dir:attribute-def:homePostalAddress": "homePostalAddress", + "urn:mace:dir:attribute-def:homeTelephoneNumber": "homeTelephoneNumber", + "urn:mace:dir:attribute-def:host": "host", + "urn:mace:dir:attribute-def:houseIdentifier": "houseIdentifier", + "urn:mace:dir:attribute-def:info": "info", + "urn:mace:dir:attribute-def:initials": "initials", + "urn:mace:dir:attribute-def:internationaliSDNNumber": "internationaliSDNNumber", + "urn:mace:dir:attribute-def:janetMailbox": "janetMailbox", + "urn:mace:dir:attribute-def:jpegPhoto": "jpegPhoto", + "urn:mace:dir:attribute-def:knowledgeInformation": "knowledgeInformation", + "urn:mace:dir:attribute-def:l": "l", + "urn:mace:dir:attribute-def:labeledURI": "labeledURI", + "urn:mace:dir:attribute-def:localityName": "localityName", + "urn:mace:dir:attribute-def:mDRecord": "mDRecord", + "urn:mace:dir:attribute-def:mXRecord": "mXRecord", + "urn:mace:dir:attribute-def:mail": "mail", + "urn:mace:dir:attribute-def:mailPreferenceOption": "mailPreferenceOption", + "urn:mace:dir:attribute-def:manager": "manager", + "urn:mace:dir:attribute-def:member": "member", + "urn:mace:dir:attribute-def:mobile": "mobile", + "urn:mace:dir:attribute-def:mobileTelephoneNumber": "mobileTelephoneNumber", + "urn:mace:dir:attribute-def:nSRecord": "nSRecord", + "urn:mace:dir:attribute-def:name": "name", + "urn:mace:dir:attribute-def:norEduOrgAcronym": "norEduOrgAcronym", + "urn:mace:dir:attribute-def:norEduOrgNIN": "norEduOrgNIN", + "urn:mace:dir:attribute-def:norEduOrgSchemaVersion": "norEduOrgSchemaVersion", + "urn:mace:dir:attribute-def:norEduOrgUniqueIdentifier": "norEduOrgUniqueIdentifier", + "urn:mace:dir:attribute-def:norEduOrgUniqueNumber": "norEduOrgUniqueNumber", + "urn:mace:dir:attribute-def:norEduOrgUnitUniqueIdentifier": "norEduOrgUnitUniqueIdentifier", + "urn:mace:dir:attribute-def:norEduOrgUnitUniqueNumber": "norEduOrgUnitUniqueNumber", + "urn:mace:dir:attribute-def:norEduPersonBirthDate": "norEduPersonBirthDate", + "urn:mace:dir:attribute-def:norEduPersonLIN": "norEduPersonLIN", + "urn:mace:dir:attribute-def:norEduPersonNIN": "norEduPersonNIN", + "urn:mace:dir:attribute-def:o": "o", + "urn:mace:dir:attribute-def:objectClass": "objectClass", + "urn:mace:dir:attribute-def:organizationName": "organizationName", + "urn:mace:dir:attribute-def:organizationalStatus": "organizationalStatus", + "urn:mace:dir:attribute-def:organizationalUnitName": "organizationalUnitName", + "urn:mace:dir:attribute-def:otherMailbox": "otherMailbox", + "urn:mace:dir:attribute-def:ou": "ou", + "urn:mace:dir:attribute-def:owner": "owner", + "urn:mace:dir:attribute-def:pager": "pager", + "urn:mace:dir:attribute-def:pagerTelephoneNumber": "pagerTelephoneNumber", + "urn:mace:dir:attribute-def:personalSignature": "personalSignature", + "urn:mace:dir:attribute-def:personalTitle": "personalTitle", + "urn:mace:dir:attribute-def:photo": "photo", + "urn:mace:dir:attribute-def:physicalDeliveryOfficeName": "physicalDeliveryOfficeName", + "urn:mace:dir:attribute-def:pkcs9email": "pkcs9email", + "urn:mace:dir:attribute-def:postOfficeBox": "postOfficeBox", + "urn:mace:dir:attribute-def:postalAddress": "postalAddress", + "urn:mace:dir:attribute-def:postalCode": "postalCode", + "urn:mace:dir:attribute-def:preferredDeliveryMethod": "preferredDeliveryMethod", + "urn:mace:dir:attribute-def:preferredLanguage": "preferredLanguage", + "urn:mace:dir:attribute-def:presentationAddress": "presentationAddress", + "urn:mace:dir:attribute-def:protocolInformation": "protocolInformation", + "urn:mace:dir:attribute-def:pseudonym": "pseudonym", + "urn:mace:dir:attribute-def:registeredAddress": "registeredAddress", + "urn:mace:dir:attribute-def:rfc822Mailbox": "rfc822Mailbox", + "urn:mace:dir:attribute-def:roleOccupant": "roleOccupant", + "urn:mace:dir:attribute-def:roomNumber": "roomNumber", + "urn:mace:dir:attribute-def:sOARecord": "sOARecord", + "urn:mace:dir:attribute-def:searchGuide": "searchGuide", + "urn:mace:dir:attribute-def:secretary": "secretary", + "urn:mace:dir:attribute-def:seeAlso": "seeAlso", + "urn:mace:dir:attribute-def:serialNumber": "serialNumber", + "urn:mace:dir:attribute-def:singleLevelQuality": "singleLevelQuality", + "urn:mace:dir:attribute-def:sn": "sn", + "urn:mace:dir:attribute-def:st": "st", + "urn:mace:dir:attribute-def:stateOrProvinceName": "stateOrProvinceName", + "urn:mace:dir:attribute-def:street": "street", + "urn:mace:dir:attribute-def:streetAddress": "streetAddress", + "urn:mace:dir:attribute-def:subtreeMaximumQuality": "subtreeMaximumQuality", + "urn:mace:dir:attribute-def:subtreeMinimumQuality": "subtreeMinimumQuality", + "urn:mace:dir:attribute-def:supportedAlgorithms": "supportedAlgorithms", + "urn:mace:dir:attribute-def:supportedApplicationContext": "supportedApplicationContext", + "urn:mace:dir:attribute-def:surname": "surname", + "urn:mace:dir:attribute-def:telephoneNumber": "telephoneNumber", + "urn:mace:dir:attribute-def:teletexTerminalIdentifier": "teletexTerminalIdentifier", + "urn:mace:dir:attribute-def:telexNumber": "telexNumber", + "urn:mace:dir:attribute-def:textEncodedORAddress": "textEncodedORAddress", + "urn:mace:dir:attribute-def:title": "title", + "urn:mace:dir:attribute-def:uid": "uid", + "urn:mace:dir:attribute-def:uniqueIdentifier": "uniqueIdentifier", + "urn:mace:dir:attribute-def:uniqueMember": "uniqueMember", + "urn:mace:dir:attribute-def:userCertificate": "userCertificate", + "urn:mace:dir:attribute-def:userClass": "userClass", + "urn:mace:dir:attribute-def:userPKCS12": "userPKCS12", + "urn:mace:dir:attribute-def:userPassword": "userPassword", + "urn:mace:dir:attribute-def:userSMIMECertificate": "userSMIMECertificate", + "urn:mace:dir:attribute-def:userid": "userid", + "urn:mace:dir:attribute-def:x121Address": "x121Address", + "urn:mace:dir:attribute-def:x500UniqueIdentifier": "x500UniqueIdentifier", + }, "to": { - 'aRecord': 'urn:mace:dir:attribute-def:aRecord', - 'aliasedEntryName': 'urn:mace:dir:attribute-def:aliasedEntryName', - 'aliasedObjectName': 'urn:mace:dir:attribute-def:aliasedObjectName', - 'associatedDomain': 'urn:mace:dir:attribute-def:associatedDomain', - 'associatedName': 'urn:mace:dir:attribute-def:associatedName', - 'audio': 'urn:mace:dir:attribute-def:audio', - 'authorityRevocationList': 'urn:mace:dir:attribute-def:authorityRevocationList', - 'buildingName': 'urn:mace:dir:attribute-def:buildingName', - 'businessCategory': 'urn:mace:dir:attribute-def:businessCategory', - 'c': 'urn:mace:dir:attribute-def:c', - 'cACertificate': 'urn:mace:dir:attribute-def:cACertificate', - 'cNAMERecord': 'urn:mace:dir:attribute-def:cNAMERecord', - 'carLicense': 'urn:mace:dir:attribute-def:carLicense', - 'certificateRevocationList': 'urn:mace:dir:attribute-def:certificateRevocationList', - 'cn': 'urn:mace:dir:attribute-def:cn', - 'co': 'urn:mace:dir:attribute-def:co', - 'commonName': 'urn:mace:dir:attribute-def:commonName', - 'countryName': 'urn:mace:dir:attribute-def:countryName', - 'crossCertificatePair': 'urn:mace:dir:attribute-def:crossCertificatePair', - 'dITRedirect': 'urn:mace:dir:attribute-def:dITRedirect', - 'dSAQuality': 'urn:mace:dir:attribute-def:dSAQuality', - 'dc': 'urn:mace:dir:attribute-def:dc', - 'deltaRevocationList': 'urn:mace:dir:attribute-def:deltaRevocationList', - 'departmentNumber': 'urn:mace:dir:attribute-def:departmentNumber', - 'description': 'urn:mace:dir:attribute-def:description', - 'destinationIndicator': 'urn:mace:dir:attribute-def:destinationIndicator', - 'displayName': 'urn:mace:dir:attribute-def:displayName', - 'distinguishedName': 'urn:mace:dir:attribute-def:distinguishedName', - 'dmdName': 'urn:mace:dir:attribute-def:dmdName', - 'dnQualifier': 'urn:mace:dir:attribute-def:dnQualifier', - 'documentAuthor': 'urn:mace:dir:attribute-def:documentAuthor', - 'documentIdentifier': 'urn:mace:dir:attribute-def:documentIdentifier', - 'documentLocation': 'urn:mace:dir:attribute-def:documentLocation', - 'documentPublisher': 'urn:mace:dir:attribute-def:documentPublisher', - 'documentTitle': 'urn:mace:dir:attribute-def:documentTitle', - 'documentVersion': 'urn:mace:dir:attribute-def:documentVersion', - 'domainComponent': 'urn:mace:dir:attribute-def:domainComponent', - 'drink': 'urn:mace:dir:attribute-def:drink', - 'eduOrgHomePageURI': 'urn:mace:dir:attribute-def:eduOrgHomePageURI', - 'eduOrgIdentityAuthNPolicyURI': 'urn:mace:dir:attribute-def:eduOrgIdentityAuthNPolicyURI', - 'eduOrgLegalName': 'urn:mace:dir:attribute-def:eduOrgLegalName', - 'eduOrgSuperiorURI': 'urn:mace:dir:attribute-def:eduOrgSuperiorURI', - 'eduOrgWhitePagesURI': 'urn:mace:dir:attribute-def:eduOrgWhitePagesURI', - 'eduPersonAffiliation': 'urn:mace:dir:attribute-def:eduPersonAffiliation', - 'eduPersonEntitlement': 'urn:mace:dir:attribute-def:eduPersonEntitlement', - 'eduPersonNickname': 'urn:mace:dir:attribute-def:eduPersonNickname', - 'eduPersonOrgDN': 'urn:mace:dir:attribute-def:eduPersonOrgDN', - 'eduPersonOrgUnitDN': 'urn:mace:dir:attribute-def:eduPersonOrgUnitDN', - 'eduPersonPrimaryAffiliation': 'urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation', - 'eduPersonPrimaryOrgUnitDN': 'urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN', - 'eduPersonPrincipalName': 'urn:mace:dir:attribute-def:eduPersonPrincipalName', - 'eduPersonScopedAffiliation': 'urn:mace:dir:attribute-def:eduPersonScopedAffiliation', - 'eduPersonTargetedID': 'urn:mace:dir:attribute-def:eduPersonTargetedID', - 'email': 'urn:mace:dir:attribute-def:email', - 'emailAddress': 'urn:mace:dir:attribute-def:emailAddress', - 'employeeNumber': 'urn:mace:dir:attribute-def:employeeNumber', - 'employeeType': 'urn:mace:dir:attribute-def:employeeType', - 'enhancedSearchGuide': 'urn:mace:dir:attribute-def:enhancedSearchGuide', - 'facsimileTelephoneNumber': 'urn:mace:dir:attribute-def:facsimileTelephoneNumber', - 'favouriteDrink': 'urn:mace:dir:attribute-def:favouriteDrink', - 'fax': 'urn:mace:dir:attribute-def:fax', - 'federationFeideSchemaVersion': 'urn:mace:dir:attribute-def:federationFeideSchemaVersion', - 'friendlyCountryName': 'urn:mace:dir:attribute-def:friendlyCountryName', - 'generationQualifier': 'urn:mace:dir:attribute-def:generationQualifier', - 'givenName': 'urn:mace:dir:attribute-def:givenName', - 'gn': 'urn:mace:dir:attribute-def:gn', - 'homePhone': 'urn:mace:dir:attribute-def:homePhone', - 'homePostalAddress': 'urn:mace:dir:attribute-def:homePostalAddress', - 'homeTelephoneNumber': 'urn:mace:dir:attribute-def:homeTelephoneNumber', - 'host': 'urn:mace:dir:attribute-def:host', - 'houseIdentifier': 'urn:mace:dir:attribute-def:houseIdentifier', - 'info': 'urn:mace:dir:attribute-def:info', - 'initials': 'urn:mace:dir:attribute-def:initials', - 'internationaliSDNNumber': 'urn:mace:dir:attribute-def:internationaliSDNNumber', - 'janetMailbox': 'urn:mace:dir:attribute-def:janetMailbox', - 'jpegPhoto': 'urn:mace:dir:attribute-def:jpegPhoto', - 'knowledgeInformation': 'urn:mace:dir:attribute-def:knowledgeInformation', - 'l': 'urn:mace:dir:attribute-def:l', - 'labeledURI': 'urn:mace:dir:attribute-def:labeledURI', - 'localityName': 'urn:mace:dir:attribute-def:localityName', - 'mDRecord': 'urn:mace:dir:attribute-def:mDRecord', - 'mXRecord': 'urn:mace:dir:attribute-def:mXRecord', - 'mail': 'urn:mace:dir:attribute-def:mail', - 'mailPreferenceOption': 'urn:mace:dir:attribute-def:mailPreferenceOption', - 'manager': 'urn:mace:dir:attribute-def:manager', - 'member': 'urn:mace:dir:attribute-def:member', - 'mobile': 'urn:mace:dir:attribute-def:mobile', - 'mobileTelephoneNumber': 'urn:mace:dir:attribute-def:mobileTelephoneNumber', - 'nSRecord': 'urn:mace:dir:attribute-def:nSRecord', - 'name': 'urn:mace:dir:attribute-def:name', - 'norEduOrgAcronym': 'urn:mace:dir:attribute-def:norEduOrgAcronym', - 'norEduOrgNIN': 'urn:mace:dir:attribute-def:norEduOrgNIN', - 'norEduOrgSchemaVersion': 'urn:mace:dir:attribute-def:norEduOrgSchemaVersion', - 'norEduOrgUniqueIdentifier': 'urn:mace:dir:attribute-def:norEduOrgUniqueIdentifier', - 'norEduOrgUniqueNumber': 'urn:mace:dir:attribute-def:norEduOrgUniqueNumber', - 'norEduOrgUnitUniqueIdentifier': 'urn:mace:dir:attribute-def:norEduOrgUnitUniqueIdentifier', - 'norEduOrgUnitUniqueNumber': 'urn:mace:dir:attribute-def:norEduOrgUnitUniqueNumber', - 'norEduPersonBirthDate': 'urn:mace:dir:attribute-def:norEduPersonBirthDate', - 'norEduPersonLIN': 'urn:mace:dir:attribute-def:norEduPersonLIN', - 'norEduPersonNIN': 'urn:mace:dir:attribute-def:norEduPersonNIN', - 'o': 'urn:mace:dir:attribute-def:o', - 'objectClass': 'urn:mace:dir:attribute-def:objectClass', - 'organizationName': 'urn:mace:dir:attribute-def:organizationName', - 'organizationalStatus': 'urn:mace:dir:attribute-def:organizationalStatus', - 'organizationalUnitName': 'urn:mace:dir:attribute-def:organizationalUnitName', - 'otherMailbox': 'urn:mace:dir:attribute-def:otherMailbox', - 'ou': 'urn:mace:dir:attribute-def:ou', - 'owner': 'urn:mace:dir:attribute-def:owner', - 'pager': 'urn:mace:dir:attribute-def:pager', - 'pagerTelephoneNumber': 'urn:mace:dir:attribute-def:pagerTelephoneNumber', - 'personalSignature': 'urn:mace:dir:attribute-def:personalSignature', - 'personalTitle': 'urn:mace:dir:attribute-def:personalTitle', - 'photo': 'urn:mace:dir:attribute-def:photo', - 'physicalDeliveryOfficeName': 'urn:mace:dir:attribute-def:physicalDeliveryOfficeName', - 'pkcs9email': 'urn:mace:dir:attribute-def:pkcs9email', - 'postOfficeBox': 'urn:mace:dir:attribute-def:postOfficeBox', - 'postalAddress': 'urn:mace:dir:attribute-def:postalAddress', - 'postalCode': 'urn:mace:dir:attribute-def:postalCode', - 'preferredDeliveryMethod': 'urn:mace:dir:attribute-def:preferredDeliveryMethod', - 'preferredLanguage': 'urn:mace:dir:attribute-def:preferredLanguage', - 'presentationAddress': 'urn:mace:dir:attribute-def:presentationAddress', - 'protocolInformation': 'urn:mace:dir:attribute-def:protocolInformation', - 'pseudonym': 'urn:mace:dir:attribute-def:pseudonym', - 'registeredAddress': 'urn:mace:dir:attribute-def:registeredAddress', - 'rfc822Mailbox': 'urn:mace:dir:attribute-def:rfc822Mailbox', - 'roleOccupant': 'urn:mace:dir:attribute-def:roleOccupant', - 'roomNumber': 'urn:mace:dir:attribute-def:roomNumber', - 'sOARecord': 'urn:mace:dir:attribute-def:sOARecord', - 'searchGuide': 'urn:mace:dir:attribute-def:searchGuide', - 'secretary': 'urn:mace:dir:attribute-def:secretary', - 'seeAlso': 'urn:mace:dir:attribute-def:seeAlso', - 'serialNumber': 'urn:mace:dir:attribute-def:serialNumber', - 'singleLevelQuality': 'urn:mace:dir:attribute-def:singleLevelQuality', - 'sn': 'urn:mace:dir:attribute-def:sn', - 'st': 'urn:mace:dir:attribute-def:st', - 'stateOrProvinceName': 'urn:mace:dir:attribute-def:stateOrProvinceName', - 'street': 'urn:mace:dir:attribute-def:street', - 'streetAddress': 'urn:mace:dir:attribute-def:streetAddress', - 'subtreeMaximumQuality': 'urn:mace:dir:attribute-def:subtreeMaximumQuality', - 'subtreeMinimumQuality': 'urn:mace:dir:attribute-def:subtreeMinimumQuality', - 'supportedAlgorithms': 'urn:mace:dir:attribute-def:supportedAlgorithms', - 'supportedApplicationContext': 'urn:mace:dir:attribute-def:supportedApplicationContext', - 'surname': 'urn:mace:dir:attribute-def:surname', - 'telephoneNumber': 'urn:mace:dir:attribute-def:telephoneNumber', - 'teletexTerminalIdentifier': 'urn:mace:dir:attribute-def:teletexTerminalIdentifier', - 'telexNumber': 'urn:mace:dir:attribute-def:telexNumber', - 'textEncodedORAddress': 'urn:mace:dir:attribute-def:textEncodedORAddress', - 'title': 'urn:mace:dir:attribute-def:title', - 'uid': 'urn:mace:dir:attribute-def:uid', - 'uniqueIdentifier': 'urn:mace:dir:attribute-def:uniqueIdentifier', - 'uniqueMember': 'urn:mace:dir:attribute-def:uniqueMember', - 'userCertificate': 'urn:mace:dir:attribute-def:userCertificate', - 'userClass': 'urn:mace:dir:attribute-def:userClass', - 'userPKCS12': 'urn:mace:dir:attribute-def:userPKCS12', - 'userPassword': 'urn:mace:dir:attribute-def:userPassword', - 'userSMIMECertificate': 'urn:mace:dir:attribute-def:userSMIMECertificate', - 'userid': 'urn:mace:dir:attribute-def:userid', - 'x121Address': 'urn:mace:dir:attribute-def:x121Address', - 'x500UniqueIdentifier': 'urn:mace:dir:attribute-def:x500UniqueIdentifier', - } -} \ No newline at end of file + "aRecord": "urn:mace:dir:attribute-def:aRecord", + "aliasedEntryName": "urn:mace:dir:attribute-def:aliasedEntryName", + "aliasedObjectName": "urn:mace:dir:attribute-def:aliasedObjectName", + "associatedDomain": "urn:mace:dir:attribute-def:associatedDomain", + "associatedName": "urn:mace:dir:attribute-def:associatedName", + "audio": "urn:mace:dir:attribute-def:audio", + "authorityRevocationList": "urn:mace:dir:attribute-def:authorityRevocationList", + "buildingName": "urn:mace:dir:attribute-def:buildingName", + "businessCategory": "urn:mace:dir:attribute-def:businessCategory", + "c": "urn:mace:dir:attribute-def:c", + "cACertificate": "urn:mace:dir:attribute-def:cACertificate", + "cNAMERecord": "urn:mace:dir:attribute-def:cNAMERecord", + "carLicense": "urn:mace:dir:attribute-def:carLicense", + "certificateRevocationList": "urn:mace:dir:attribute-def:certificateRevocationList", + "cn": "urn:mace:dir:attribute-def:cn", + "co": "urn:mace:dir:attribute-def:co", + "commonName": "urn:mace:dir:attribute-def:commonName", + "countryName": "urn:mace:dir:attribute-def:countryName", + "crossCertificatePair": "urn:mace:dir:attribute-def:crossCertificatePair", + "dITRedirect": "urn:mace:dir:attribute-def:dITRedirect", + "dSAQuality": "urn:mace:dir:attribute-def:dSAQuality", + "dc": "urn:mace:dir:attribute-def:dc", + "deltaRevocationList": "urn:mace:dir:attribute-def:deltaRevocationList", + "departmentNumber": "urn:mace:dir:attribute-def:departmentNumber", + "description": "urn:mace:dir:attribute-def:description", + "destinationIndicator": "urn:mace:dir:attribute-def:destinationIndicator", + "displayName": "urn:mace:dir:attribute-def:displayName", + "distinguishedName": "urn:mace:dir:attribute-def:distinguishedName", + "dmdName": "urn:mace:dir:attribute-def:dmdName", + "dnQualifier": "urn:mace:dir:attribute-def:dnQualifier", + "documentAuthor": "urn:mace:dir:attribute-def:documentAuthor", + "documentIdentifier": "urn:mace:dir:attribute-def:documentIdentifier", + "documentLocation": "urn:mace:dir:attribute-def:documentLocation", + "documentPublisher": "urn:mace:dir:attribute-def:documentPublisher", + "documentTitle": "urn:mace:dir:attribute-def:documentTitle", + "documentVersion": "urn:mace:dir:attribute-def:documentVersion", + "domainComponent": "urn:mace:dir:attribute-def:domainComponent", + "drink": "urn:mace:dir:attribute-def:drink", + "eduOrgHomePageURI": "urn:mace:dir:attribute-def:eduOrgHomePageURI", + "eduOrgIdentityAuthNPolicyURI": "urn:mace:dir:attribute-def:eduOrgIdentityAuthNPolicyURI", + "eduOrgLegalName": "urn:mace:dir:attribute-def:eduOrgLegalName", + "eduOrgSuperiorURI": "urn:mace:dir:attribute-def:eduOrgSuperiorURI", + "eduOrgWhitePagesURI": "urn:mace:dir:attribute-def:eduOrgWhitePagesURI", + "eduPersonAffiliation": "urn:mace:dir:attribute-def:eduPersonAffiliation", + "eduPersonEntitlement": "urn:mace:dir:attribute-def:eduPersonEntitlement", + "eduPersonNickname": "urn:mace:dir:attribute-def:eduPersonNickname", + "eduPersonOrgDN": "urn:mace:dir:attribute-def:eduPersonOrgDN", + "eduPersonOrgUnitDN": "urn:mace:dir:attribute-def:eduPersonOrgUnitDN", + "eduPersonPrimaryAffiliation": "urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation", + "eduPersonPrimaryOrgUnitDN": "urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN", + "eduPersonPrincipalName": "urn:mace:dir:attribute-def:eduPersonPrincipalName", + "eduPersonScopedAffiliation": "urn:mace:dir:attribute-def:eduPersonScopedAffiliation", + "eduPersonTargetedID": "urn:mace:dir:attribute-def:eduPersonTargetedID", + "email": "urn:mace:dir:attribute-def:email", + "emailAddress": "urn:mace:dir:attribute-def:emailAddress", + "employeeNumber": "urn:mace:dir:attribute-def:employeeNumber", + "employeeType": "urn:mace:dir:attribute-def:employeeType", + "enhancedSearchGuide": "urn:mace:dir:attribute-def:enhancedSearchGuide", + "facsimileTelephoneNumber": "urn:mace:dir:attribute-def:facsimileTelephoneNumber", + "favouriteDrink": "urn:mace:dir:attribute-def:favouriteDrink", + "fax": "urn:mace:dir:attribute-def:fax", + "federationFeideSchemaVersion": "urn:mace:dir:attribute-def:federationFeideSchemaVersion", + "friendlyCountryName": "urn:mace:dir:attribute-def:friendlyCountryName", + "generationQualifier": "urn:mace:dir:attribute-def:generationQualifier", + "givenName": "urn:mace:dir:attribute-def:givenName", + "gn": "urn:mace:dir:attribute-def:gn", + "homePhone": "urn:mace:dir:attribute-def:homePhone", + "homePostalAddress": "urn:mace:dir:attribute-def:homePostalAddress", + "homeTelephoneNumber": "urn:mace:dir:attribute-def:homeTelephoneNumber", + "host": "urn:mace:dir:attribute-def:host", + "houseIdentifier": "urn:mace:dir:attribute-def:houseIdentifier", + "info": "urn:mace:dir:attribute-def:info", + "initials": "urn:mace:dir:attribute-def:initials", + "internationaliSDNNumber": "urn:mace:dir:attribute-def:internationaliSDNNumber", + "janetMailbox": "urn:mace:dir:attribute-def:janetMailbox", + "jpegPhoto": "urn:mace:dir:attribute-def:jpegPhoto", + "knowledgeInformation": "urn:mace:dir:attribute-def:knowledgeInformation", + "l": "urn:mace:dir:attribute-def:l", + "labeledURI": "urn:mace:dir:attribute-def:labeledURI", + "localityName": "urn:mace:dir:attribute-def:localityName", + "mDRecord": "urn:mace:dir:attribute-def:mDRecord", + "mXRecord": "urn:mace:dir:attribute-def:mXRecord", + "mail": "urn:mace:dir:attribute-def:mail", + "mailPreferenceOption": "urn:mace:dir:attribute-def:mailPreferenceOption", + "manager": "urn:mace:dir:attribute-def:manager", + "member": "urn:mace:dir:attribute-def:member", + "mobile": "urn:mace:dir:attribute-def:mobile", + "mobileTelephoneNumber": "urn:mace:dir:attribute-def:mobileTelephoneNumber", + "nSRecord": "urn:mace:dir:attribute-def:nSRecord", + "name": "urn:mace:dir:attribute-def:name", + "norEduOrgAcronym": "urn:mace:dir:attribute-def:norEduOrgAcronym", + "norEduOrgNIN": "urn:mace:dir:attribute-def:norEduOrgNIN", + "norEduOrgSchemaVersion": "urn:mace:dir:attribute-def:norEduOrgSchemaVersion", + "norEduOrgUniqueIdentifier": "urn:mace:dir:attribute-def:norEduOrgUniqueIdentifier", + "norEduOrgUniqueNumber": "urn:mace:dir:attribute-def:norEduOrgUniqueNumber", + "norEduOrgUnitUniqueIdentifier": "urn:mace:dir:attribute-def:norEduOrgUnitUniqueIdentifier", + "norEduOrgUnitUniqueNumber": "urn:mace:dir:attribute-def:norEduOrgUnitUniqueNumber", + "norEduPersonBirthDate": "urn:mace:dir:attribute-def:norEduPersonBirthDate", + "norEduPersonLIN": "urn:mace:dir:attribute-def:norEduPersonLIN", + "norEduPersonNIN": "urn:mace:dir:attribute-def:norEduPersonNIN", + "o": "urn:mace:dir:attribute-def:o", + "objectClass": "urn:mace:dir:attribute-def:objectClass", + "organizationName": "urn:mace:dir:attribute-def:organizationName", + "organizationalStatus": "urn:mace:dir:attribute-def:organizationalStatus", + "organizationalUnitName": "urn:mace:dir:attribute-def:organizationalUnitName", + "otherMailbox": "urn:mace:dir:attribute-def:otherMailbox", + "ou": "urn:mace:dir:attribute-def:ou", + "owner": "urn:mace:dir:attribute-def:owner", + "pager": "urn:mace:dir:attribute-def:pager", + "pagerTelephoneNumber": "urn:mace:dir:attribute-def:pagerTelephoneNumber", + "personalSignature": "urn:mace:dir:attribute-def:personalSignature", + "personalTitle": "urn:mace:dir:attribute-def:personalTitle", + "photo": "urn:mace:dir:attribute-def:photo", + "physicalDeliveryOfficeName": "urn:mace:dir:attribute-def:physicalDeliveryOfficeName", + "pkcs9email": "urn:mace:dir:attribute-def:pkcs9email", + "postOfficeBox": "urn:mace:dir:attribute-def:postOfficeBox", + "postalAddress": "urn:mace:dir:attribute-def:postalAddress", + "postalCode": "urn:mace:dir:attribute-def:postalCode", + "preferredDeliveryMethod": "urn:mace:dir:attribute-def:preferredDeliveryMethod", + "preferredLanguage": "urn:mace:dir:attribute-def:preferredLanguage", + "presentationAddress": "urn:mace:dir:attribute-def:presentationAddress", + "protocolInformation": "urn:mace:dir:attribute-def:protocolInformation", + "pseudonym": "urn:mace:dir:attribute-def:pseudonym", + "registeredAddress": "urn:mace:dir:attribute-def:registeredAddress", + "rfc822Mailbox": "urn:mace:dir:attribute-def:rfc822Mailbox", + "roleOccupant": "urn:mace:dir:attribute-def:roleOccupant", + "roomNumber": "urn:mace:dir:attribute-def:roomNumber", + "sOARecord": "urn:mace:dir:attribute-def:sOARecord", + "searchGuide": "urn:mace:dir:attribute-def:searchGuide", + "secretary": "urn:mace:dir:attribute-def:secretary", + "seeAlso": "urn:mace:dir:attribute-def:seeAlso", + "serialNumber": "urn:mace:dir:attribute-def:serialNumber", + "singleLevelQuality": "urn:mace:dir:attribute-def:singleLevelQuality", + "sn": "urn:mace:dir:attribute-def:sn", + "st": "urn:mace:dir:attribute-def:st", + "stateOrProvinceName": "urn:mace:dir:attribute-def:stateOrProvinceName", + "street": "urn:mace:dir:attribute-def:street", + "streetAddress": "urn:mace:dir:attribute-def:streetAddress", + "subtreeMaximumQuality": "urn:mace:dir:attribute-def:subtreeMaximumQuality", + "subtreeMinimumQuality": "urn:mace:dir:attribute-def:subtreeMinimumQuality", + "supportedAlgorithms": "urn:mace:dir:attribute-def:supportedAlgorithms", + "supportedApplicationContext": "urn:mace:dir:attribute-def:supportedApplicationContext", + "surname": "urn:mace:dir:attribute-def:surname", + "telephoneNumber": "urn:mace:dir:attribute-def:telephoneNumber", + "teletexTerminalIdentifier": "urn:mace:dir:attribute-def:teletexTerminalIdentifier", + "telexNumber": "urn:mace:dir:attribute-def:telexNumber", + "textEncodedORAddress": "urn:mace:dir:attribute-def:textEncodedORAddress", + "title": "urn:mace:dir:attribute-def:title", + "uid": "urn:mace:dir:attribute-def:uid", + "uniqueIdentifier": "urn:mace:dir:attribute-def:uniqueIdentifier", + "uniqueMember": "urn:mace:dir:attribute-def:uniqueMember", + "userCertificate": "urn:mace:dir:attribute-def:userCertificate", + "userClass": "urn:mace:dir:attribute-def:userClass", + "userPKCS12": "urn:mace:dir:attribute-def:userPKCS12", + "userPassword": "urn:mace:dir:attribute-def:userPassword", + "userSMIMECertificate": "urn:mace:dir:attribute-def:userSMIMECertificate", + "userid": "urn:mace:dir:attribute-def:userid", + "x121Address": "urn:mace:dir:attribute-def:x121Address", + "x500UniqueIdentifier": "urn:mace:dir:attribute-def:x500UniqueIdentifier", + }, +} diff --git a/seahub/adfs_auth/attribute-maps/saml_uri.py b/seahub/adfs_auth/attribute-maps/saml_uri.py index 1c9d37304b..0520f4dd17 100644 --- a/seahub/adfs_auth/attribute-maps/saml_uri.py +++ b/seahub/adfs_auth/attribute-maps/saml_uri.py @@ -1,199 +1,241 @@ -__author__ = 'rolandh' +__author__ = "rolandh" EDUPERSON_OID = "urn:oid:1.3.6.1.4.1.5923.1.1.1." X500ATTR_OID = "urn:oid:2.5.4." NOREDUPERSON_OID = "urn:oid:1.3.6.1.4.1.2428.90.1." NETSCAPE_LDAP = "urn:oid:2.16.840.1.113730.3.1." -UCL_DIR_PILOT = 'urn:oid:0.9.2342.19200300.100.1.' +UCL_DIR_PILOT = "urn:oid:0.9.2342.19200300.100.1." PKCS_9 = "urn:oid:1.2.840.113549.1.9.1." UMICH = "urn:oid:1.3.6.1.4.1.250.1.57." +SCHAC = "urn:oid:1.3.6.1.4.1.25178.2." MAP = { "identifier": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "fro": { - EDUPERSON_OID+'2': 'eduPersonNickname', - EDUPERSON_OID+'9': 'eduPersonScopedAffiliation', - EDUPERSON_OID+'11': 'eduPersonAssurance', - EDUPERSON_OID+'10': 'eduPersonTargetedID', - EDUPERSON_OID+'4': 'eduPersonOrgUnitDN', - NOREDUPERSON_OID+'6': 'norEduOrgAcronym', - NOREDUPERSON_OID+'7': 'norEduOrgUniqueIdentifier', - NOREDUPERSON_OID+'4': 'norEduPersonLIN', - EDUPERSON_OID+'1': 'eduPersonAffiliation', - NOREDUPERSON_OID+'2': 'norEduOrgUnitUniqueNumber', - NETSCAPE_LDAP+'40': 'userSMIMECertificate', - NOREDUPERSON_OID+'1': 'norEduOrgUniqueNumber', - NETSCAPE_LDAP+'241': 'displayName', - UCL_DIR_PILOT+'37': 'associatedDomain', - EDUPERSON_OID+'6': 'eduPersonPrincipalName', - NOREDUPERSON_OID+'8': 'norEduOrgUnitUniqueIdentifier', - NOREDUPERSON_OID+'9': 'federationFeideSchemaVersion', - X500ATTR_OID+'53': 'deltaRevocationList', - X500ATTR_OID+'52': 'supportedAlgorithms', - X500ATTR_OID+'51': 'houseIdentifier', - X500ATTR_OID+'50': 'uniqueMember', - X500ATTR_OID+'19': 'physicalDeliveryOfficeName', - X500ATTR_OID+'18': 'postOfficeBox', - X500ATTR_OID+'17': 'postalCode', - X500ATTR_OID+'16': 'postalAddress', - X500ATTR_OID+'15': 'businessCategory', - X500ATTR_OID+'14': 'searchGuide', - EDUPERSON_OID+'5': 'eduPersonPrimaryAffiliation', - X500ATTR_OID+'12': 'title', - X500ATTR_OID+'11': 'ou', - X500ATTR_OID+'10': 'o', - X500ATTR_OID+'37': 'cACertificate', - X500ATTR_OID+'36': 'userCertificate', - X500ATTR_OID+'31': 'member', - X500ATTR_OID+'30': 'supportedApplicationContext', - X500ATTR_OID+'33': 'roleOccupant', - X500ATTR_OID+'32': 'owner', - NETSCAPE_LDAP+'1': 'carLicense', - PKCS_9+'1': 'email', - NETSCAPE_LDAP+'3': 'employeeNumber', - NETSCAPE_LDAP+'2': 'departmentNumber', - X500ATTR_OID+'39': 'certificateRevocationList', - X500ATTR_OID+'38': 'authorityRevocationList', - NETSCAPE_LDAP+'216': 'userPKCS12', - EDUPERSON_OID+'8': 'eduPersonPrimaryOrgUnitDN', - X500ATTR_OID+'9': 'street', - X500ATTR_OID+'8': 'st', - NETSCAPE_LDAP+'39': 'preferredLanguage', - EDUPERSON_OID+'7': 'eduPersonEntitlement', - X500ATTR_OID+'2': 'knowledgeInformation', - X500ATTR_OID+'7': 'l', - X500ATTR_OID+'6': 'c', - X500ATTR_OID+'5': 'serialNumber', - X500ATTR_OID+'4': 'sn', - UCL_DIR_PILOT+'60': 'jpegPhoto', - X500ATTR_OID+'65': 'pseudonym', - NOREDUPERSON_OID+'5': 'norEduPersonNIN', - UCL_DIR_PILOT+'3': 'mail', - UCL_DIR_PILOT+'25': 'dc', - X500ATTR_OID+'40': 'crossCertificatePair', - X500ATTR_OID+'42': 'givenName', - X500ATTR_OID+'43': 'initials', - X500ATTR_OID+'44': 'generationQualifier', - X500ATTR_OID+'45': 'x500UniqueIdentifier', - X500ATTR_OID+'46': 'dnQualifier', - X500ATTR_OID+'47': 'enhancedSearchGuide', - X500ATTR_OID+'48': 'protocolInformation', - X500ATTR_OID+'54': 'dmdName', - NETSCAPE_LDAP+'4': 'employeeType', - X500ATTR_OID+'22': 'teletexTerminalIdentifier', - X500ATTR_OID+'23': 'facsimileTelephoneNumber', - X500ATTR_OID+'20': 'telephoneNumber', - X500ATTR_OID+'21': 'telexNumber', - X500ATTR_OID+'26': 'registeredAddress', - X500ATTR_OID+'27': 'destinationIndicator', - X500ATTR_OID+'24': 'x121Address', - X500ATTR_OID+'25': 'internationaliSDNNumber', - X500ATTR_OID+'28': 'preferredDeliveryMethod', - X500ATTR_OID+'29': 'presentationAddress', - EDUPERSON_OID+'3': 'eduPersonOrgDN', - NOREDUPERSON_OID+'3': 'norEduPersonBirthDate', - UMICH+'57': 'labeledURI', - UCL_DIR_PILOT+'1': 'uid', + f"{EDUPERSON_OID}2": "eduPersonNickname", + f"{EDUPERSON_OID}9": "eduPersonScopedAffiliation", + f"{EDUPERSON_OID}11": "eduPersonAssurance", + f"{EDUPERSON_OID}10": "eduPersonTargetedID", + f"{EDUPERSON_OID}4": "eduPersonOrgUnitDN", + f"{NOREDUPERSON_OID}6": "norEduOrgAcronym", + f"{NOREDUPERSON_OID}7": "norEduOrgUniqueIdentifier", + f"{NOREDUPERSON_OID}4": "norEduPersonLIN", + f"{EDUPERSON_OID}1": "eduPersonAffiliation", + f"{NOREDUPERSON_OID}2": "norEduOrgUnitUniqueNumber", + f"{NETSCAPE_LDAP}40": "userSMIMECertificate", + f"{NOREDUPERSON_OID}1": "norEduOrgUniqueNumber", + f"{NETSCAPE_LDAP}241": "displayName", + f"{UCL_DIR_PILOT}37": "associatedDomain", + f"{EDUPERSON_OID}6": "eduPersonPrincipalName", + f"{NOREDUPERSON_OID}8": "norEduOrgUnitUniqueIdentifier", + f"{NOREDUPERSON_OID}9": "federationFeideSchemaVersion", + f"{X500ATTR_OID}53": "deltaRevocationList", + f"{X500ATTR_OID}52": "supportedAlgorithms", + f"{X500ATTR_OID}51": "houseIdentifier", + f"{X500ATTR_OID}50": "uniqueMember", + f"{X500ATTR_OID}19": "physicalDeliveryOfficeName", + f"{X500ATTR_OID}18": "postOfficeBox", + f"{X500ATTR_OID}17": "postalCode", + f"{X500ATTR_OID}16": "postalAddress", + f"{X500ATTR_OID}15": "businessCategory", + f"{X500ATTR_OID}14": "searchGuide", + f"{EDUPERSON_OID}5": "eduPersonPrimaryAffiliation", + f"{X500ATTR_OID}12": "title", + f"{X500ATTR_OID}11": "ou", + f"{X500ATTR_OID}10": "o", + f"{X500ATTR_OID}37": "cACertificate", + f"{X500ATTR_OID}36": "userCertificate", + f"{X500ATTR_OID}31": "member", + f"{X500ATTR_OID}30": "supportedApplicationContext", + f"{X500ATTR_OID}33": "roleOccupant", + f"{X500ATTR_OID}32": "owner", + f"{NETSCAPE_LDAP}1": "carLicense", + f"{PKCS_9}1": "email", + f"{NETSCAPE_LDAP}3": "employeeNumber", + f"{NETSCAPE_LDAP}2": "departmentNumber", + f"{X500ATTR_OID}39": "certificateRevocationList", + f"{X500ATTR_OID}38": "authorityRevocationList", + f"{NETSCAPE_LDAP}216": "userPKCS12", + f"{EDUPERSON_OID}8": "eduPersonPrimaryOrgUnitDN", + f"{X500ATTR_OID}9": "street", + f"{X500ATTR_OID}8": "st", + f"{NETSCAPE_LDAP}39": "preferredLanguage", + f"{EDUPERSON_OID}7": "eduPersonEntitlement", + f"{X500ATTR_OID}2": "knowledgeInformation", + f"{X500ATTR_OID}7": "l", + f"{X500ATTR_OID}6": "c", + f"{X500ATTR_OID}5": "serialNumber", + f"{X500ATTR_OID}4": "sn", + f"{UCL_DIR_PILOT}60": "jpegPhoto", + f"{X500ATTR_OID}65": "pseudonym", + f"{NOREDUPERSON_OID}5": "norEduPersonNIN", + f"{UCL_DIR_PILOT}3": "mail", + f"{UCL_DIR_PILOT}25": "dc", + f"{X500ATTR_OID}40": "crossCertificatePair", + f"{X500ATTR_OID}42": "givenName", + f"{X500ATTR_OID}43": "initials", + f"{X500ATTR_OID}44": "generationQualifier", + f"{X500ATTR_OID}45": "x500UniqueIdentifier", + f"{X500ATTR_OID}46": "dnQualifier", + f"{X500ATTR_OID}47": "enhancedSearchGuide", + f"{X500ATTR_OID}48": "protocolInformation", + f"{X500ATTR_OID}54": "dmdName", + f"{NETSCAPE_LDAP}4": "employeeType", + f"{X500ATTR_OID}22": "teletexTerminalIdentifier", + f"{X500ATTR_OID}23": "facsimileTelephoneNumber", + f"{X500ATTR_OID}20": "telephoneNumber", + f"{X500ATTR_OID}21": "telexNumber", + f"{X500ATTR_OID}26": "registeredAddress", + f"{X500ATTR_OID}27": "destinationIndicator", + f"{X500ATTR_OID}24": "x121Address", + f"{X500ATTR_OID}25": "internationaliSDNNumber", + f"{X500ATTR_OID}28": "preferredDeliveryMethod", + f"{X500ATTR_OID}29": "presentationAddress", + f"{EDUPERSON_OID}3": "eduPersonOrgDN", + f"{NOREDUPERSON_OID}3": "norEduPersonBirthDate", + f"{UMICH}57": "labeledURI", + f"{UCL_DIR_PILOT}1": "uid", + f"{SCHAC}1": "schacMotherTongue", + f"{SCHAC}2": "schacGender", + f"{SCHAC}3": "schacDateOfBirth", + f"{SCHAC}4": "schacPlaceOfBirth", + f"{SCHAC}5": "schacCountryOfCitizenship", + f"{SCHAC}6": "schacSn1", + f"{SCHAC}7": "schacSn2", + f"{SCHAC}8": "schacPersonalTitle", + f"{SCHAC}9": "schacHomeOrganization", + f"{SCHAC}10": "schacHomeOrganizationType", + f"{SCHAC}11": "schacCountryOfResidence", + f"{SCHAC}12": "schacUserPresenceID", + f"{SCHAC}13": "schacPersonalPosition", + f"{SCHAC}14": "schacPersonalUniqueCode", + f"{SCHAC}15": "schacPersonalUniqueID", + f"{SCHAC}17": "schacExpiryDate", + f"{SCHAC}18": "schacUserPrivateAttribute", + f"{SCHAC}19": "schacUserStatus", + f"{SCHAC}20": "schacProjectMembership", + f"{SCHAC}21": "schacProjectSpecificRole", }, "to": { - 'roleOccupant': X500ATTR_OID+'33', - 'gn': X500ATTR_OID+'42', - 'norEduPersonNIN': NOREDUPERSON_OID+'5', - 'title': X500ATTR_OID+'12', - 'facsimileTelephoneNumber': X500ATTR_OID+'23', - 'mail': UCL_DIR_PILOT+'3', - 'postOfficeBox': X500ATTR_OID+'18', - 'fax': X500ATTR_OID+'23', - 'telephoneNumber': X500ATTR_OID+'20', - 'norEduPersonBirthDate': NOREDUPERSON_OID+'3', - 'rfc822Mailbox': UCL_DIR_PILOT+'3', - 'dc': UCL_DIR_PILOT+'25', - 'countryName': X500ATTR_OID+'6', - 'emailAddress': PKCS_9+'1', - 'employeeNumber': NETSCAPE_LDAP+'3', - 'organizationName': X500ATTR_OID+'10', - 'eduPersonAssurance': EDUPERSON_OID+'11', - 'norEduOrgAcronym': NOREDUPERSON_OID+'6', - 'registeredAddress': X500ATTR_OID+'26', - 'physicalDeliveryOfficeName': X500ATTR_OID+'19', - 'associatedDomain': UCL_DIR_PILOT+'37', - 'l': X500ATTR_OID+'7', - 'stateOrProvinceName': X500ATTR_OID+'8', - 'federationFeideSchemaVersion': NOREDUPERSON_OID+'9', - 'pkcs9email': PKCS_9+'1', - 'givenName': X500ATTR_OID+'42', - 'givenname': X500ATTR_OID+'42', - 'x500UniqueIdentifier': X500ATTR_OID+'45', - 'eduPersonNickname': EDUPERSON_OID+'2', - 'houseIdentifier': X500ATTR_OID+'51', - 'street': X500ATTR_OID+'9', - 'supportedAlgorithms': X500ATTR_OID+'52', - 'preferredLanguage': NETSCAPE_LDAP+'39', - 'postalAddress': X500ATTR_OID+'16', - 'email': PKCS_9+'1', - 'norEduOrgUnitUniqueIdentifier': NOREDUPERSON_OID+'8', - 'eduPersonPrimaryOrgUnitDN': EDUPERSON_OID+'8', - 'c': X500ATTR_OID+'6', - 'teletexTerminalIdentifier': X500ATTR_OID+'22', - 'o': X500ATTR_OID+'10', - 'cACertificate': X500ATTR_OID+'37', - 'telexNumber': X500ATTR_OID+'21', - 'ou': X500ATTR_OID+'11', - 'initials': X500ATTR_OID+'43', - 'eduPersonOrgUnitDN': EDUPERSON_OID+'4', - 'deltaRevocationList': X500ATTR_OID+'53', - 'norEduPersonLIN': NOREDUPERSON_OID+'4', - 'supportedApplicationContext': X500ATTR_OID+'30', - 'eduPersonEntitlement': EDUPERSON_OID+'7', - 'generationQualifier': X500ATTR_OID+'44', - 'eduPersonAffiliation': EDUPERSON_OID+'1', - 'eduPersonPrincipalName': EDUPERSON_OID+'6', - 'edupersonprincipalname': EDUPERSON_OID+'6', - 'localityName': X500ATTR_OID+'7', - 'owner': X500ATTR_OID+'32', - 'norEduOrgUnitUniqueNumber': NOREDUPERSON_OID+'2', - 'searchGuide': X500ATTR_OID+'14', - 'certificateRevocationList': X500ATTR_OID+'39', - 'organizationalUnitName': X500ATTR_OID+'11', - 'userCertificate': X500ATTR_OID+'36', - 'preferredDeliveryMethod': X500ATTR_OID+'28', - 'internationaliSDNNumber': X500ATTR_OID+'25', - 'uniqueMember': X500ATTR_OID+'50', - 'departmentNumber': NETSCAPE_LDAP+'2', - 'enhancedSearchGuide': X500ATTR_OID+'47', - 'userPKCS12': NETSCAPE_LDAP+'216', - 'eduPersonTargetedID': EDUPERSON_OID+'10', - 'norEduOrgUniqueNumber': NOREDUPERSON_OID+'1', - 'x121Address': X500ATTR_OID+'24', - 'destinationIndicator': X500ATTR_OID+'27', - 'eduPersonPrimaryAffiliation': EDUPERSON_OID+'5', - 'surname': X500ATTR_OID+'4', - 'jpegPhoto': UCL_DIR_PILOT+'60', - 'eduPersonScopedAffiliation': EDUPERSON_OID+'9', - 'edupersonscopedaffiliation': EDUPERSON_OID+'9', - 'protocolInformation': X500ATTR_OID+'48', - 'knowledgeInformation': X500ATTR_OID+'2', - 'employeeType': NETSCAPE_LDAP+'4', - 'userSMIMECertificate': NETSCAPE_LDAP+'40', - 'member': X500ATTR_OID+'31', - 'streetAddress': X500ATTR_OID+'9', - 'dmdName': X500ATTR_OID+'54', - 'postalCode': X500ATTR_OID+'17', - 'pseudonym': X500ATTR_OID+'65', - 'dnQualifier': X500ATTR_OID+'46', - 'crossCertificatePair': X500ATTR_OID+'40', - 'eduPersonOrgDN': EDUPERSON_OID+'3', - 'authorityRevocationList': X500ATTR_OID+'38', - 'displayName': NETSCAPE_LDAP+'241', - 'businessCategory': X500ATTR_OID+'15', - 'serialNumber': X500ATTR_OID+'5', - 'norEduOrgUniqueIdentifier': NOREDUPERSON_OID+'7', - 'st': X500ATTR_OID+'8', - 'carLicense': NETSCAPE_LDAP+'1', - 'presentationAddress': X500ATTR_OID+'29', - 'sn': X500ATTR_OID+'4', - 'domainComponent': UCL_DIR_PILOT+'25', - 'labeledURI': UMICH+'57', - 'uid': UCL_DIR_PILOT+'1' - } -} \ No newline at end of file + "roleOccupant": f"{X500ATTR_OID}33", + "gn": f"{X500ATTR_OID}42", + "norEduPersonNIN": f"{NOREDUPERSON_OID}5", + "title": f"{X500ATTR_OID}12", + "facsimileTelephoneNumber": f"{X500ATTR_OID}23", + "mail": f"{UCL_DIR_PILOT}3", + "postOfficeBox": f"{X500ATTR_OID}18", + "fax": f"{X500ATTR_OID}23", + "telephoneNumber": f"{X500ATTR_OID}20", + "norEduPersonBirthDate": f"{NOREDUPERSON_OID}3", + "rfc822Mailbox": f"{UCL_DIR_PILOT}3", + "dc": f"{UCL_DIR_PILOT}25", + "countryName": f"{X500ATTR_OID}6", + "emailAddress": f"{PKCS_9}1", + "employeeNumber": f"{NETSCAPE_LDAP}3", + "organizationName": f"{X500ATTR_OID}10", + "eduPersonAssurance": f"{EDUPERSON_OID}11", + "norEduOrgAcronym": f"{NOREDUPERSON_OID}6", + "registeredAddress": f"{X500ATTR_OID}26", + "physicalDeliveryOfficeName": f"{X500ATTR_OID}19", + "associatedDomain": f"{UCL_DIR_PILOT}37", + "l": f"{X500ATTR_OID}7", + "stateOrProvinceName": f"{X500ATTR_OID}8", + "federationFeideSchemaVersion": f"{NOREDUPERSON_OID}9", + "pkcs9email": f"{PKCS_9}1", + "givenName": f"{X500ATTR_OID}42", + "givenname": f"{X500ATTR_OID}42", + "x500UniqueIdentifier": f"{X500ATTR_OID}45", + "eduPersonNickname": f"{EDUPERSON_OID}2", + "houseIdentifier": f"{X500ATTR_OID}51", + "street": f"{X500ATTR_OID}9", + "supportedAlgorithms": f"{X500ATTR_OID}52", + "preferredLanguage": f"{NETSCAPE_LDAP}39", + "postalAddress": f"{X500ATTR_OID}16", + "email": f"{PKCS_9}1", + "norEduOrgUnitUniqueIdentifier": f"{NOREDUPERSON_OID}8", + "eduPersonPrimaryOrgUnitDN": f"{EDUPERSON_OID}8", + "c": f"{X500ATTR_OID}6", + "teletexTerminalIdentifier": f"{X500ATTR_OID}22", + "o": f"{X500ATTR_OID}10", + "cACertificate": f"{X500ATTR_OID}37", + "telexNumber": f"{X500ATTR_OID}21", + "ou": f"{X500ATTR_OID}11", + "initials": f"{X500ATTR_OID}43", + "eduPersonOrgUnitDN": f"{EDUPERSON_OID}4", + "deltaRevocationList": f"{X500ATTR_OID}53", + "norEduPersonLIN": f"{NOREDUPERSON_OID}4", + "supportedApplicationContext": f"{X500ATTR_OID}30", + "eduPersonEntitlement": f"{EDUPERSON_OID}7", + "generationQualifier": f"{X500ATTR_OID}44", + "eduPersonAffiliation": f"{EDUPERSON_OID}1", + "edupersonaffiliation": f"{EDUPERSON_OID}1", + "eduPersonPrincipalName": f"{EDUPERSON_OID}6", + "edupersonprincipalname": f"{EDUPERSON_OID}6", + "localityName": f"{X500ATTR_OID}7", + "owner": f"{X500ATTR_OID}32", + "norEduOrgUnitUniqueNumber": f"{NOREDUPERSON_OID}2", + "searchGuide": f"{X500ATTR_OID}14", + "certificateRevocationList": f"{X500ATTR_OID}39", + "organizationalUnitName": f"{X500ATTR_OID}11", + "userCertificate": f"{X500ATTR_OID}36", + "preferredDeliveryMethod": f"{X500ATTR_OID}28", + "internationaliSDNNumber": f"{X500ATTR_OID}25", + "uniqueMember": f"{X500ATTR_OID}50", + "departmentNumber": f"{NETSCAPE_LDAP}2", + "enhancedSearchGuide": f"{X500ATTR_OID}47", + "userPKCS12": f"{NETSCAPE_LDAP}216", + "eduPersonTargetedID": f"{EDUPERSON_OID}10", + "norEduOrgUniqueNumber": f"{NOREDUPERSON_OID}1", + "x121Address": f"{X500ATTR_OID}24", + "destinationIndicator": f"{X500ATTR_OID}27", + "eduPersonPrimaryAffiliation": f"{EDUPERSON_OID}5", + "surname": f"{X500ATTR_OID}4", + "jpegPhoto": f"{UCL_DIR_PILOT}60", + "eduPersonScopedAffiliation": f"{EDUPERSON_OID}9", + "edupersonscopedaffiliation": f"{EDUPERSON_OID}9", + "protocolInformation": f"{X500ATTR_OID}48", + "knowledgeInformation": f"{X500ATTR_OID}2", + "employeeType": f"{NETSCAPE_LDAP}4", + "userSMIMECertificate": f"{NETSCAPE_LDAP}40", + "member": f"{X500ATTR_OID}31", + "streetAddress": f"{X500ATTR_OID}9", + "dmdName": f"{X500ATTR_OID}54", + "postalCode": f"{X500ATTR_OID}17", + "pseudonym": f"{X500ATTR_OID}65", + "dnQualifier": f"{X500ATTR_OID}46", + "crossCertificatePair": f"{X500ATTR_OID}40", + "eduPersonOrgDN": f"{EDUPERSON_OID}3", + "authorityRevocationList": f"{X500ATTR_OID}38", + "displayName": f"{NETSCAPE_LDAP}241", + "businessCategory": f"{X500ATTR_OID}15", + "serialNumber": f"{X500ATTR_OID}5", + "norEduOrgUniqueIdentifier": f"{NOREDUPERSON_OID}7", + "st": f"{X500ATTR_OID}8", + "carLicense": f"{NETSCAPE_LDAP}1", + "presentationAddress": f"{X500ATTR_OID}29", + "sn": f"{X500ATTR_OID}4", + "domainComponent": f"{UCL_DIR_PILOT}25", + "labeledURI": f"{UMICH}57", + "uid": f"{UCL_DIR_PILOT}1", + "schacMotherTongue": f"{SCHAC}1", + "schacGender": f"{SCHAC}2", + "schacDateOfBirth": f"{SCHAC}3", + "schacPlaceOfBirth": f"{SCHAC}4", + "schacCountryOfCitizenship": f"{SCHAC}5", + "schacSn1": f"{SCHAC}6", + "schacSn2": f"{SCHAC}7", + "schacPersonalTitle": f"{SCHAC}8", + "schacHomeOrganization": f"{SCHAC}9", + "schacHomeOrganizationType": f"{SCHAC}10", + "schacCountryOfResidence": f"{SCHAC}11", + "schacUserPresenceID": f"{SCHAC}12", + "schacPersonalPosition": f"{SCHAC}13", + "schacPersonalUniqueCode": f"{SCHAC}14", + "schacPersonalUniqueID": f"{SCHAC}15", + "schacExpiryDate": f"{SCHAC}17", + "schacUserPrivateAttribute": f"{SCHAC}18", + "schacUserStatus": f"{SCHAC}19", + "schacProjectMembership": f"{SCHAC}20", + "schacProjectSpecificRole": f"{SCHAC}21", + }, +} diff --git a/seahub/adfs_auth/attribute-maps/shibboleth_uri.py b/seahub/adfs_auth/attribute-maps/shibboleth_uri.py index d26bf00614..992a2219ef 100644 --- a/seahub/adfs_auth/attribute-maps/shibboleth_uri.py +++ b/seahub/adfs_auth/attribute-maps/shibboleth_uri.py @@ -9,182 +9,182 @@ UMICH = "urn:oid:1.3.6.1.4.1.250.1.57." MAP = { "identifier": "urn:mace:shibboleth:1.0:attributeNamespace:uri", "fro": { - EDUPERSON_OID+'2': 'eduPersonNickname', - EDUPERSON_OID+'9': 'eduPersonScopedAffiliation', - EDUPERSON_OID+'11': 'eduPersonAssurance', - EDUPERSON_OID+'10': 'eduPersonTargetedID', - EDUPERSON_OID+'4': 'eduPersonOrgUnitDN', - NOREDUPERSON_OID+'6': 'norEduOrgAcronym', - NOREDUPERSON_OID+'7': 'norEduOrgUniqueIdentifier', - NOREDUPERSON_OID+'4': 'norEduPersonLIN', - EDUPERSON_OID+'1': 'eduPersonAffiliation', - NOREDUPERSON_OID+'2': 'norEduOrgUnitUniqueNumber', - NETSCAPE_LDAP+'40': 'userSMIMECertificate', - NOREDUPERSON_OID+'1': 'norEduOrgUniqueNumber', - NETSCAPE_LDAP+'241': 'displayName', - UCL_DIR_PILOT+'37': 'associatedDomain', - EDUPERSON_OID+'6': 'eduPersonPrincipalName', - NOREDUPERSON_OID+'8': 'norEduOrgUnitUniqueIdentifier', - NOREDUPERSON_OID+'9': 'federationFeideSchemaVersion', - X500ATTR+'53': 'deltaRevocationList', - X500ATTR+'52': 'supportedAlgorithms', - X500ATTR+'51': 'houseIdentifier', - X500ATTR+'50': 'uniqueMember', - X500ATTR+'19': 'physicalDeliveryOfficeName', - X500ATTR+'18': 'postOfficeBox', - X500ATTR+'17': 'postalCode', - X500ATTR+'16': 'postalAddress', - X500ATTR+'15': 'businessCategory', - X500ATTR+'14': 'searchGuide', - EDUPERSON_OID+'5': 'eduPersonPrimaryAffiliation', - X500ATTR+'12': 'title', - X500ATTR+'11': 'ou', - X500ATTR+'10': 'o', - X500ATTR+'37': 'cACertificate', - X500ATTR+'36': 'userCertificate', - X500ATTR+'31': 'member', - X500ATTR+'30': 'supportedApplicationContext', - X500ATTR+'33': 'roleOccupant', - X500ATTR+'32': 'owner', - NETSCAPE_LDAP+'1': 'carLicense', - PKCS_9+'1': 'email', - NETSCAPE_LDAP+'3': 'employeeNumber', - NETSCAPE_LDAP+'2': 'departmentNumber', - X500ATTR+'39': 'certificateRevocationList', - X500ATTR+'38': 'authorityRevocationList', - NETSCAPE_LDAP+'216': 'userPKCS12', - EDUPERSON_OID+'8': 'eduPersonPrimaryOrgUnitDN', - X500ATTR+'9': 'street', - X500ATTR+'8': 'st', - NETSCAPE_LDAP+'39': 'preferredLanguage', - EDUPERSON_OID+'7': 'eduPersonEntitlement', - X500ATTR+'2': 'knowledgeInformation', - X500ATTR+'7': 'l', - X500ATTR+'6': 'c', - X500ATTR+'5': 'serialNumber', - X500ATTR+'4': 'sn', - UCL_DIR_PILOT+'60': 'jpegPhoto', - X500ATTR+'65': 'pseudonym', - NOREDUPERSON_OID+'5': 'norEduPersonNIN', - UCL_DIR_PILOT+'3': 'mail', - UCL_DIR_PILOT+'25': 'dc', - X500ATTR+'40': 'crossCertificatePair', - X500ATTR+'42': 'givenName', - X500ATTR+'43': 'initials', - X500ATTR+'44': 'generationQualifier', - X500ATTR+'45': 'x500UniqueIdentifier', - X500ATTR+'46': 'dnQualifier', - X500ATTR+'47': 'enhancedSearchGuide', - X500ATTR+'48': 'protocolInformation', - X500ATTR+'54': 'dmdName', - NETSCAPE_LDAP+'4': 'employeeType', - X500ATTR+'22': 'teletexTerminalIdentifier', - X500ATTR+'23': 'facsimileTelephoneNumber', - X500ATTR+'20': 'telephoneNumber', - X500ATTR+'21': 'telexNumber', - X500ATTR+'26': 'registeredAddress', - X500ATTR+'27': 'destinationIndicator', - X500ATTR+'24': 'x121Address', - X500ATTR+'25': 'internationaliSDNNumber', - X500ATTR+'28': 'preferredDeliveryMethod', - X500ATTR+'29': 'presentationAddress', - EDUPERSON_OID+'3': 'eduPersonOrgDN', - NOREDUPERSON_OID+'3': 'norEduPersonBirthDate', + f"{EDUPERSON_OID}2": "eduPersonNickname", + f"{EDUPERSON_OID}9": "eduPersonScopedAffiliation", + f"{EDUPERSON_OID}11": "eduPersonAssurance", + f"{EDUPERSON_OID}10": "eduPersonTargetedID", + f"{EDUPERSON_OID}4": "eduPersonOrgUnitDN", + f"{NOREDUPERSON_OID}6": "norEduOrgAcronym", + f"{NOREDUPERSON_OID}7": "norEduOrgUniqueIdentifier", + f"{NOREDUPERSON_OID}4": "norEduPersonLIN", + f"{EDUPERSON_OID}1": "eduPersonAffiliation", + f"{NOREDUPERSON_OID}2": "norEduOrgUnitUniqueNumber", + f"{NETSCAPE_LDAP}40": "userSMIMECertificate", + f"{NOREDUPERSON_OID}1": "norEduOrgUniqueNumber", + f"{NETSCAPE_LDAP}241": "displayName", + f"{UCL_DIR_PILOT}37": "associatedDomain", + f"{EDUPERSON_OID}6": "eduPersonPrincipalName", + f"{NOREDUPERSON_OID}8": "norEduOrgUnitUniqueIdentifier", + f"{NOREDUPERSON_OID}9": "federationFeideSchemaVersion", + f"{X500ATTR}53": "deltaRevocationList", + f"{X500ATTR}52": "supportedAlgorithms", + f"{X500ATTR}51": "houseIdentifier", + f"{X500ATTR}50": "uniqueMember", + f"{X500ATTR}19": "physicalDeliveryOfficeName", + f"{X500ATTR}18": "postOfficeBox", + f"{X500ATTR}17": "postalCode", + f"{X500ATTR}16": "postalAddress", + f"{X500ATTR}15": "businessCategory", + f"{X500ATTR}14": "searchGuide", + f"{EDUPERSON_OID}5": "eduPersonPrimaryAffiliation", + f"{X500ATTR}12": "title", + f"{X500ATTR}11": "ou", + f"{X500ATTR}10": "o", + f"{X500ATTR}37": "cACertificate", + f"{X500ATTR}36": "userCertificate", + f"{X500ATTR}31": "member", + f"{X500ATTR}30": "supportedApplicationContext", + f"{X500ATTR}33": "roleOccupant", + f"{X500ATTR}32": "owner", + f"{NETSCAPE_LDAP}1": "carLicense", + f"{PKCS_9}1": "email", + f"{NETSCAPE_LDAP}3": "employeeNumber", + f"{NETSCAPE_LDAP}2": "departmentNumber", + f"{X500ATTR}39": "certificateRevocationList", + f"{X500ATTR}38": "authorityRevocationList", + f"{NETSCAPE_LDAP}216": "userPKCS12", + f"{EDUPERSON_OID}8": "eduPersonPrimaryOrgUnitDN", + f"{X500ATTR}9": "street", + f"{X500ATTR}8": "st", + f"{NETSCAPE_LDAP}39": "preferredLanguage", + f"{EDUPERSON_OID}7": "eduPersonEntitlement", + f"{X500ATTR}2": "knowledgeInformation", + f"{X500ATTR}7": "l", + f"{X500ATTR}6": "c", + f"{X500ATTR}5": "serialNumber", + f"{X500ATTR}4": "sn", + f"{UCL_DIR_PILOT}60": "jpegPhoto", + f"{X500ATTR}65": "pseudonym", + f"{NOREDUPERSON_OID}5": "norEduPersonNIN", + f"{UCL_DIR_PILOT}3": "mail", + f"{UCL_DIR_PILOT}25": "dc", + f"{X500ATTR}40": "crossCertificatePair", + f"{X500ATTR}42": "givenName", + f"{X500ATTR}43": "initials", + f"{X500ATTR}44": "generationQualifier", + f"{X500ATTR}45": "x500UniqueIdentifier", + f"{X500ATTR}46": "dnQualifier", + f"{X500ATTR}47": "enhancedSearchGuide", + f"{X500ATTR}48": "protocolInformation", + f"{X500ATTR}54": "dmdName", + f"{NETSCAPE_LDAP}4": "employeeType", + f"{X500ATTR}22": "teletexTerminalIdentifier", + f"{X500ATTR}23": "facsimileTelephoneNumber", + f"{X500ATTR}20": "telephoneNumber", + f"{X500ATTR}21": "telexNumber", + f"{X500ATTR}26": "registeredAddress", + f"{X500ATTR}27": "destinationIndicator", + f"{X500ATTR}24": "x121Address", + f"{X500ATTR}25": "internationaliSDNNumber", + f"{X500ATTR}28": "preferredDeliveryMethod", + f"{X500ATTR}29": "presentationAddress", + f"{EDUPERSON_OID}3": "eduPersonOrgDN", + f"{NOREDUPERSON_OID}3": "norEduPersonBirthDate", }, - "to":{ - 'roleOccupant': X500ATTR+'33', - 'gn': X500ATTR+'42', - 'norEduPersonNIN': NOREDUPERSON_OID+'5', - 'title': X500ATTR+'12', - 'facsimileTelephoneNumber': X500ATTR+'23', - 'mail': UCL_DIR_PILOT+'3', - 'postOfficeBox': X500ATTR+'18', - 'fax': X500ATTR+'23', - 'telephoneNumber': X500ATTR+'20', - 'norEduPersonBirthDate': NOREDUPERSON_OID+'3', - 'rfc822Mailbox': UCL_DIR_PILOT+'3', - 'dc': UCL_DIR_PILOT+'25', - 'countryName': X500ATTR+'6', - 'emailAddress': PKCS_9+'1', - 'employeeNumber': NETSCAPE_LDAP+'3', - 'organizationName': X500ATTR+'10', - 'eduPersonAssurance': EDUPERSON_OID+'11', - 'norEduOrgAcronym': NOREDUPERSON_OID+'6', - 'registeredAddress': X500ATTR+'26', - 'physicalDeliveryOfficeName': X500ATTR+'19', - 'associatedDomain': UCL_DIR_PILOT+'37', - 'l': X500ATTR+'7', - 'stateOrProvinceName': X500ATTR+'8', - 'federationFeideSchemaVersion': NOREDUPERSON_OID+'9', - 'pkcs9email': PKCS_9+'1', - 'givenName': X500ATTR+'42', - 'x500UniqueIdentifier': X500ATTR+'45', - 'eduPersonNickname': EDUPERSON_OID+'2', - 'houseIdentifier': X500ATTR+'51', - 'street': X500ATTR+'9', - 'supportedAlgorithms': X500ATTR+'52', - 'preferredLanguage': NETSCAPE_LDAP+'39', - 'postalAddress': X500ATTR+'16', - 'email': PKCS_9+'1', - 'norEduOrgUnitUniqueIdentifier': NOREDUPERSON_OID+'8', - 'eduPersonPrimaryOrgUnitDN': EDUPERSON_OID+'8', - 'c': X500ATTR+'6', - 'teletexTerminalIdentifier': X500ATTR+'22', - 'o': X500ATTR+'10', - 'cACertificate': X500ATTR+'37', - 'telexNumber': X500ATTR+'21', - 'ou': X500ATTR+'11', - 'initials': X500ATTR+'43', - 'eduPersonOrgUnitDN': EDUPERSON_OID+'4', - 'deltaRevocationList': X500ATTR+'53', - 'norEduPersonLIN': NOREDUPERSON_OID+'4', - 'supportedApplicationContext': X500ATTR+'30', - 'eduPersonEntitlement': EDUPERSON_OID+'7', - 'generationQualifier': X500ATTR+'44', - 'eduPersonAffiliation': EDUPERSON_OID+'1', - 'eduPersonPrincipalName': EDUPERSON_OID+'6', - 'localityName': X500ATTR+'7', - 'owner': X500ATTR+'32', - 'norEduOrgUnitUniqueNumber': NOREDUPERSON_OID+'2', - 'searchGuide': X500ATTR+'14', - 'certificateRevocationList': X500ATTR+'39', - 'organizationalUnitName': X500ATTR+'11', - 'userCertificate': X500ATTR+'36', - 'preferredDeliveryMethod': X500ATTR+'28', - 'internationaliSDNNumber': X500ATTR+'25', - 'uniqueMember': X500ATTR+'50', - 'departmentNumber': NETSCAPE_LDAP+'2', - 'enhancedSearchGuide': X500ATTR+'47', - 'userPKCS12': NETSCAPE_LDAP+'216', - 'eduPersonTargetedID': EDUPERSON_OID+'10', - 'norEduOrgUniqueNumber': NOREDUPERSON_OID+'1', - 'x121Address': X500ATTR+'24', - 'destinationIndicator': X500ATTR+'27', - 'eduPersonPrimaryAffiliation': EDUPERSON_OID+'5', - 'surname': X500ATTR+'4', - 'jpegPhoto': UCL_DIR_PILOT+'60', - 'eduPersonScopedAffiliation': EDUPERSON_OID+'9', - 'protocolInformation': X500ATTR+'48', - 'knowledgeInformation': X500ATTR+'2', - 'employeeType': NETSCAPE_LDAP+'4', - 'userSMIMECertificate': NETSCAPE_LDAP+'40', - 'member': X500ATTR+'31', - 'streetAddress': X500ATTR+'9', - 'dmdName': X500ATTR+'54', - 'postalCode': X500ATTR+'17', - 'pseudonym': X500ATTR+'65', - 'dnQualifier': X500ATTR+'46', - 'crossCertificatePair': X500ATTR+'40', - 'eduPersonOrgDN': EDUPERSON_OID+'3', - 'authorityRevocationList': X500ATTR+'38', - 'displayName': NETSCAPE_LDAP+'241', - 'businessCategory': X500ATTR+'15', - 'serialNumber': X500ATTR+'5', - 'norEduOrgUniqueIdentifier': NOREDUPERSON_OID+'7', - 'st': X500ATTR+'8', - 'carLicense': NETSCAPE_LDAP+'1', - 'presentationAddress': X500ATTR+'29', - 'sn': X500ATTR+'4', - 'domainComponent': UCL_DIR_PILOT+'25', - } -} \ No newline at end of file + "to": { + "roleOccupant": f"{X500ATTR}33", + "gn": f"{X500ATTR}42", + "norEduPersonNIN": f"{NOREDUPERSON_OID}5", + "title": f"{X500ATTR}12", + "facsimileTelephoneNumber": f"{X500ATTR}23", + "mail": f"{UCL_DIR_PILOT}3", + "postOfficeBox": f"{X500ATTR}18", + "fax": f"{X500ATTR}23", + "telephoneNumber": f"{X500ATTR}20", + "norEduPersonBirthDate": f"{NOREDUPERSON_OID}3", + "rfc822Mailbox": f"{UCL_DIR_PILOT}3", + "dc": f"{UCL_DIR_PILOT}25", + "countryName": f"{X500ATTR}6", + "emailAddress": f"{PKCS_9}1", + "employeeNumber": f"{NETSCAPE_LDAP}3", + "organizationName": f"{X500ATTR}10", + "eduPersonAssurance": f"{EDUPERSON_OID}11", + "norEduOrgAcronym": f"{NOREDUPERSON_OID}6", + "registeredAddress": f"{X500ATTR}26", + "physicalDeliveryOfficeName": f"{X500ATTR}19", + "associatedDomain": f"{UCL_DIR_PILOT}37", + "l": f"{X500ATTR}7", + "stateOrProvinceName": f"{X500ATTR}8", + "federationFeideSchemaVersion": f"{NOREDUPERSON_OID}9", + "pkcs9email": f"{PKCS_9}1", + "givenName": f"{X500ATTR}42", + "x500UniqueIdentifier": f"{X500ATTR}45", + "eduPersonNickname": f"{EDUPERSON_OID}2", + "houseIdentifier": f"{X500ATTR}51", + "street": f"{X500ATTR}9", + "supportedAlgorithms": f"{X500ATTR}52", + "preferredLanguage": f"{NETSCAPE_LDAP}39", + "postalAddress": f"{X500ATTR}16", + "email": f"{PKCS_9}1", + "norEduOrgUnitUniqueIdentifier": f"{NOREDUPERSON_OID}8", + "eduPersonPrimaryOrgUnitDN": f"{EDUPERSON_OID}8", + "c": f"{X500ATTR}6", + "teletexTerminalIdentifier": f"{X500ATTR}22", + "o": f"{X500ATTR}10", + "cACertificate": f"{X500ATTR}37", + "telexNumber": f"{X500ATTR}21", + "ou": f"{X500ATTR}11", + "initials": f"{X500ATTR}43", + "eduPersonOrgUnitDN": f"{EDUPERSON_OID}4", + "deltaRevocationList": f"{X500ATTR}53", + "norEduPersonLIN": f"{NOREDUPERSON_OID}4", + "supportedApplicationContext": f"{X500ATTR}30", + "eduPersonEntitlement": f"{EDUPERSON_OID}7", + "generationQualifier": f"{X500ATTR}44", + "eduPersonAffiliation": f"{EDUPERSON_OID}1", + "eduPersonPrincipalName": f"{EDUPERSON_OID}6", + "localityName": f"{X500ATTR}7", + "owner": f"{X500ATTR}32", + "norEduOrgUnitUniqueNumber": f"{NOREDUPERSON_OID}2", + "searchGuide": f"{X500ATTR}14", + "certificateRevocationList": f"{X500ATTR}39", + "organizationalUnitName": f"{X500ATTR}11", + "userCertificate": f"{X500ATTR}36", + "preferredDeliveryMethod": f"{X500ATTR}28", + "internationaliSDNNumber": f"{X500ATTR}25", + "uniqueMember": f"{X500ATTR}50", + "departmentNumber": f"{NETSCAPE_LDAP}2", + "enhancedSearchGuide": f"{X500ATTR}47", + "userPKCS12": f"{NETSCAPE_LDAP}216", + "eduPersonTargetedID": f"{EDUPERSON_OID}10", + "norEduOrgUniqueNumber": f"{NOREDUPERSON_OID}1", + "x121Address": f"{X500ATTR}24", + "destinationIndicator": f"{X500ATTR}27", + "eduPersonPrimaryAffiliation": f"{EDUPERSON_OID}5", + "surname": f"{X500ATTR}4", + "jpegPhoto": f"{UCL_DIR_PILOT}60", + "eduPersonScopedAffiliation": f"{EDUPERSON_OID}9", + "protocolInformation": f"{X500ATTR}48", + "knowledgeInformation": f"{X500ATTR}2", + "employeeType": f"{NETSCAPE_LDAP}4", + "userSMIMECertificate": f"{NETSCAPE_LDAP}40", + "member": f"{X500ATTR}31", + "streetAddress": f"{X500ATTR}9", + "dmdName": f"{X500ATTR}54", + "postalCode": f"{X500ATTR}17", + "pseudonym": f"{X500ATTR}65", + "dnQualifier": f"{X500ATTR}46", + "crossCertificatePair": f"{X500ATTR}40", + "eduPersonOrgDN": f"{EDUPERSON_OID}3", + "authorityRevocationList": f"{X500ATTR}38", + "displayName": f"{NETSCAPE_LDAP}241", + "businessCategory": f"{X500ATTR}15", + "serialNumber": f"{X500ATTR}5", + "norEduOrgUniqueIdentifier": f"{NOREDUPERSON_OID}7", + "st": f"{X500ATTR}8", + "carLicense": f"{NETSCAPE_LDAP}1", + "presentationAddress": f"{X500ATTR}29", + "sn": f"{X500ATTR}4", + "domainComponent": f"{UCL_DIR_PILOT}25", + }, +} diff --git a/seahub/adfs_auth/backends.py b/seahub/adfs_auth/backends.py index f8f1023b63..37ba0f8cdc 100644 --- a/seahub/adfs_auth/backends.py +++ b/seahub/adfs_auth/backends.py @@ -19,59 +19,19 @@ from fnmatch import fnmatch from collections import OrderedDict from django.conf import settings -from django.contrib import auth from django.contrib.auth.backends import ModelBackend -from django.core.exceptions import ImproperlyConfigured - -from djangosaml2.signals import pre_user_save - -try: - from django.contrib.auth.models import SiteProfileNotAvailable -except ImportError: - class SiteProfileNotAvailable(Exception): - pass from seaserv import ccnet_api, seafile_api + from seahub.base.accounts import User from seahub.profile.models import Profile, DetailedProfile from seahub.utils.file_size import get_quota_from_string from seahub.role_permissions.utils import get_enabled_role_permissions_by_role - -from registration.models import (notify_admins_on_activate_request, - notify_admins_on_register_complete) +from registration.models import notify_admins_on_activate_request, notify_admins_on_register_complete logger = logging.getLogger(__name__) - -def get_model(model_path): - try: - from django.apps import apps - return apps.get_model(model_path) - except ImportError: - # Django < 1.7 (cannot use the new app loader) - from django.db.models import get_model as django_get_model - try: - app_label, model_name = model_path.split('.') - except ValueError: - raise ImproperlyConfigured("SAML_USER_MODEL must be of the form " - "'app_label.model_name'") - user_model = django_get_model(app_label, model_name) - if user_model is None: - raise ImproperlyConfigured("SAML_USER_MODEL refers to model '%s' " - "that has not been installed" % model_path) - return user_model - - -def get_saml_user_model(): - try: - # djangosaml2 custom user model - return get_model(settings.SAML_USER_MODEL) - except AttributeError: - try: - # Django 1.5 Custom user model - return auth.get_user_model() - except AttributeError: - return auth.models.User +SHIBBOLETH_AFFILIATION_ROLE_MAP = getattr(settings, 'SHIBBOLETH_AFFILIATION_ROLE_MAP', False) class Saml2Backend(ModelBackend): @@ -83,8 +43,7 @@ class Saml2Backend(ModelBackend): user = None return user - def authenticate(self, session_info=None, attribute_mapping=None, - create_unknown_user=True, **kwargs): + def authenticate(self, session_info=None, attribute_mapping=None, create_unknown_user=True, **kwargs): if session_info is None or attribute_mapping is None: logger.error('Session info or attribute mapping are None') return None @@ -97,46 +56,20 @@ class Saml2Backend(ModelBackend): if not attributes: logger.error('The attributes dictionary is empty') - use_name_id_as_username = getattr( - settings, 'SAML_USE_NAME_ID_AS_USERNAME', False) - - django_user_main_attribute = getattr( - settings, 'SAML_DJANGO_USER_MAIN_ATTRIBUTE', 'username') - django_user_main_attribute_lookup = getattr( - settings, 'SAML_DJANGO_USER_MAIN_ATTRIBUTE_LOOKUP', '') - logger.debug('attributes: %s', attributes) saml_user = None - if use_name_id_as_username: - if 'name_id' in session_info: - logger.debug('name_id: %s', session_info['name_id']) - saml_user = session_info['name_id'].text - else: - logger.error('The nameid is not available. Cannot find user without a nameid.') + if session_info.get('name_id'): + logger.debug('name_id: %s', session_info['name_id']) + saml_user = session_info['name_id'].text else: - logger.debug('attribute_mapping: %s', attribute_mapping) - for saml_attr, django_fields in list(attribute_mapping.items()): - if (django_user_main_attribute in django_fields and saml_attr in attributes): - saml_user = attributes[saml_attr][0] + logger.error('The nameid is not available. Cannot find user without a nameid.') if saml_user is None: - logger.error('Could not find saml_user value') - return None - - if not self.is_authorized(attributes, attribute_mapping): + logger.error('Could not determine user identifier') return None main_attribute = self.clean_user_main_attribute(saml_user) - user_query_args = { - django_user_main_attribute+django_user_main_attribute_lookup: - main_attribute} - user_create_defaults = {django_user_main_attribute: main_attribute} - - # Note that this could be accomplished in one try-except clause, but - # instead we use get_or_create when creating unknown users since it has - # built-in safeguards for multiple threads. - # check if user exist in local ccnet db/ldapimport database username = main_attribute local_ccnet_users = ccnet_api.search_emailusers('DB', username, -1, -1) @@ -170,107 +103,10 @@ class Saml2Backend(ModelBackend): return user - def is_authorized(self, attributes, attribute_mapping): - """Hook to allow custom authorization policies based on - SAML attributes. - """ - return True - def clean_user_main_attribute(self, main_attribute): - """Performs any cleaning on the user main attribute (which - usually is "username") prior to using it to get or - create the user object. Returns the cleaned attribute. - - By default, returns the attribute unchanged. - """ + """Hook to clean the extracted user-identifying value. No-op by default.""" return main_attribute - def configure_user(self, user, attributes, attribute_mapping): - """Configures a user after creation and returns the updated user. - - By default, returns the user with his attributes updated. - """ - user.set_unusable_password() - return self.update_user(user, attributes, attribute_mapping, - force_save=True) - - def update_user(self, user, attributes, attribute_mapping, - force_save=False): - """Update a user with a set of attributes and returns the updated user. - - By default it uses a mapping defined in the settings constant - SAML_ATTRIBUTE_MAPPING. For each attribute, if the user object has - that field defined it will be set, otherwise it will try to set - it in the profile object. - """ - if not attribute_mapping: - return user - - try: - profile = user.get_profile() - except Profile.DoesNotExist: - profile = None - except SiteProfileNotAvailable: - profile = None - # Django 1.5 custom model assumed - except AttributeError: - profile = user - - user_modified = False - profile_modified = False - for saml_attr, django_attrs in list(attribute_mapping.items()): - try: - for attr in django_attrs: - if hasattr(user, attr): - modified = self._set_attribute( - user, attr, attributes[saml_attr][0]) - user_modified = user_modified or modified - - elif profile is not None and hasattr(profile, attr): - modified = self._set_attribute( - profile, attr, attributes[saml_attr][0]) - profile_modified = profile_modified or modified - - except KeyError: - # the saml attribute is missing - pass - - logger.debug('Sending the pre_save signal') - signal_modified = any( - [response for receiver, response - in pre_user_save.send_robust(sender=user, - attributes=attributes, - user_modified=user_modified)] - ) - - if user_modified or signal_modified or force_save: - user.save() - - if (profile is not None and (profile_modified or signal_modified or force_save)): - profile.save() - - return user - - def _set_attribute(self, obj, attr, value): - """Set an attribute of an object to a specific value. - - Return True if the attribute was changed and False otherwise. - """ - field = obj._meta.get_field(attr) - if len(value) > field.max_length: - cleaned_value = value[:field.max_length] - logger.warn('The attribute "%s" was trimmed from "%s" to "%s"', - attr, value, cleaned_value) - else: - cleaned_value = value - - old_value = getattr(obj, attr) - if cleaned_value != old_value: - setattr(obj, attr, cleaned_value) - return True - - return False - def update_user_role(self, user, parse_result): role = parse_result.get('role', '') if role: @@ -284,8 +120,6 @@ class Saml2Backend(ModelBackend): return - SHIBBOLETH_AFFILIATION_ROLE_MAP = getattr( - settings, 'SHIBBOLETH_AFFILIATION_ROLE_MAP', False) if not SHIBBOLETH_AFFILIATION_ROLE_MAP: return @@ -344,8 +178,7 @@ class Saml2Backend(ModelBackend): d_p = DetailedProfile.objects.get_detailed_profile_by_user(user.username) if not d_p: - d_p = DetailedProfile.objects.add_detailed_profile(user.username, - '', '') + d_p = DetailedProfile.objects.add_detailed_profile(user.username, '', '') if department: d_p.department = department diff --git a/seahub/adfs_auth/urls.py b/seahub/adfs_auth/urls.py deleted file mode 100644 index 5caba4067e..0000000000 --- a/seahub/adfs_auth/urls.py +++ /dev/null @@ -1,10 +0,0 @@ -# -*- coding: utf-8 -*- -from django.conf.urls import url, include - -from seahub.adfs_auth.views import assertion_consumer_service, org_multi_adfs - -urlpatterns = [ - url(r'^$', org_multi_adfs, name="org_multi_adfs"), - url(r'^saml2/acs/$', assertion_consumer_service, name='org_saml2_acs'), - url(r'^saml2/', include('djangosaml2.urls')), -] diff --git a/seahub/adfs_auth/utils.py b/seahub/adfs_auth/utils.py index 0867b158d0..1c7f905cfe 100644 --- a/seahub/adfs_auth/utils.py +++ b/seahub/adfs_auth/utils.py @@ -1,38 +1,46 @@ # -*- coding: utf-8 -*- -import os import re +import copy import logging +from os import path -import saml2 -from saml2 import saml +from saml2 import BINDING_HTTP_POST, NAMEID_FORMAT_EMAILADDRESS from saml2.config import SPConfig from django.utils.translation import gettext as _ from seaserv import ccnet_api -from seahub.utils import render_error +from seahub.utils import render_error, get_service_url from seahub.organizations.models import OrgSAMLConfig -try: - from seahub.settings import ENABLE_MULTI_ADFS, SP_SERVICE_URL, ATTRIBUTE_MAP_DIR, CERTS_DIR, XMLSEC_BINARY -except ImportError: - ENABLE_MULTI_ADFS = False - SP_SERVICE_URL = '' - ATTRIBUTE_MAP_DIR = '' - CERTS_DIR = '' - XMLSEC_BINARY = '' +from seahub import settings logger = logging.getLogger(__name__) +ENABLE_ADFS_LOGIN = getattr(settings, 'ENABLE_ADFS_LOGIN', False) +ENABLE_MULTI_ADFS = getattr(settings, 'ENABLE_MULTI_ADFS', False) +if ENABLE_ADFS_LOGIN or ENABLE_MULTI_ADFS: + REMOTE_METADATA_URL = getattr(settings, 'SAML_REMOTE_METADATA_URL', '') + XMLSEC_BINARY_PATH = getattr(settings, 'SAML_XMLSEC_BINARY_PATH', '/usr/bin/xmlsec1') + CERTS_DIR = getattr(settings, 'SAML_CERTS_DIR', '/opt/seafile/seahub-data/certs') + SAML_ATTRIBUTE_MAPPING = getattr(settings, 'SAML_ATTRIBUTE_MAPPING', {}) + def settings_check(func): def _decorated(request): error = False - if not ENABLE_MULTI_ADFS: + if not ENABLE_ADFS_LOGIN and not ENABLE_MULTI_ADFS: logger.error('Feature not enabled.') error = True else: - if not SP_SERVICE_URL or not ATTRIBUTE_MAP_DIR or not CERTS_DIR or not XMLSEC_BINARY: + if not XMLSEC_BINARY_PATH or not CERTS_DIR or not SAML_ATTRIBUTE_MAPPING: logger.error('ADFS login relevant settings invalid.') + logger.error('SAML_XMLSEC_BINARY_PATH: %s' % XMLSEC_BINARY_PATH) + logger.error('SAML_CERTS_DIR: %s' % CERTS_DIR) + logger.error('SAML_ATTRIBUTE_MAPPING: %s' % SAML_ATTRIBUTE_MAPPING) + error = True + if ENABLE_ADFS_LOGIN and not REMOTE_METADATA_URL: + logger.error('SAML relevant settings invalid.') + logger.error('SAML_REMOTE_METADATA_URL: %s' % REMOTE_METADATA_URL) error = True if error: return render_error(request, _('Error, please contact administrator.')) @@ -43,79 +51,68 @@ def settings_check(func): @settings_check def config_settings_loader(request): # get url_prefix - url_prefix = None + url_prefix = '' reg = re.search(r'org/custom/([a-z_0-9-]+)', request.path) if reg: url_prefix = reg.group(1) # get org_id + org_id = -1 org = ccnet_api.get_org_by_url_prefix(url_prefix) - if not org: - return render_error(request, 'Failed to get org %s ' % url_prefix) - org_id = org.org_id + if org: + org_id = org.org_id - # get org saml_config - org_saml_config = OrgSAMLConfig.objects.get_config_by_org_id(org_id) - if not org_saml_config: - return render_error(request, 'Failed to get org %s saml_config' % org_id) - metadata_url = org_saml_config.metadata_url - single_sign_on_service = org_saml_config.single_sign_on_service - single_logout_service = org_saml_config.single_logout_service - valid_days = int(org_saml_config.valid_days) + if org_id != -1: + org_saml_config = OrgSAMLConfig.objects.get_config_by_org_id(org_id) + if not org_saml_config: + return render_error(request, 'Failed to get org %s saml_config' % org_id) - # get org_sp_service_url - org_sp_service_url = SP_SERVICE_URL.rstrip('/') + '/' + url_prefix - - # generate org certs dir - org_certs_dir = os.path.join(CERTS_DIR, str(org_id)) + # get org remote_metadata_url + remote_metadata_url = org_saml_config.metadata_url + # get org sp_service_url + sp_service_url = get_service_url().rstrip('/') + '/org/custom/' + url_prefix + # generate org certs dir + certs_dir = path.join(CERTS_DIR, str(org_id)) + else: + # get remote_metadata_url + remote_metadata_url = REMOTE_METADATA_URL + # get sp_service_url + sp_service_url = get_service_url().rstrip('/') + # generate certs dir + certs_dir = CERTS_DIR # generate org saml_config saml_config = { - 'entityid': org_sp_service_url + '/saml2/metadata/', - 'attribute_map_dir': ATTRIBUTE_MAP_DIR, - 'xmlsec_binary': XMLSEC_BINARY, + 'entityid': sp_service_url + '/saml2/metadata/', + 'xmlsec_binary': XMLSEC_BINARY_PATH, + 'attribute_map_dir': path.join(path.dirname(path.abspath(__file__)), 'attribute-maps'), 'allow_unknown_attributes': True, 'service': { 'sp': { + 'name_id_format': NAMEID_FORMAT_EMAILADDRESS, + 'required_attributes': ['uid'], 'allow_unsolicited': True, # https://github.com/IdentityPython/pysaml2/blob/master/docs/howto/config.rst#want-assertions-or-response-signed 'want_response_signed': False, 'want_assertions_signed': False, 'want_assertions_or_response_signed': True, - 'name_id_format': saml.NAMEID_FORMAT_EMAILADDRESS, 'endpoints': { - 'assertion_consumer_service': [(org_sp_service_url + '/saml2/acs/', saml2.BINDING_HTTP_POST)], - 'single_logout_service': [ - (org_sp_service_url + '/saml2/ls/', saml2.BINDING_HTTP_REDIRECT), - (org_sp_service_url + '/saml2/ls/post', saml2.BINDING_HTTP_POST), + 'assertion_consumer_service': [ + (sp_service_url + '/saml2/acs/', BINDING_HTTP_POST) ], }, - 'required_attributes': ["uid"], - 'idp': { - metadata_url: { - 'single_sign_on_service': { - saml2.BINDING_HTTP_REDIRECT: single_sign_on_service, - }, - 'single_logout_service': { - saml2.BINDING_HTTP_REDIRECT: single_logout_service, - }, - }, - }, }, }, 'metadata': { - 'local': [os.path.join(org_certs_dir, 'idp_federation_metadata.xml')], + 'remote': [{'url': remote_metadata_url}], }, - 'debug': 1, - 'key_file': '', - 'cert_file': os.path.join(org_certs_dir, 'idp.crt'), + 'cert_file': path.join(certs_dir, 'idp.crt'), 'encryption_keypairs': [{ - 'key_file': os.path.join(org_certs_dir, 'sp.key'), - 'cert_file': os.path.join(org_certs_dir, 'sp.crt'), + 'key_file': path.join(certs_dir, 'sp.key'), + 'cert_file': path.join(certs_dir, 'sp.crt'), }], - 'valid_for': valid_days * 24, # how long is our metadata valid, unit is hour } conf = SPConfig() - conf.load(saml_config) + conf.load(copy.deepcopy(saml_config)) return conf diff --git a/seahub/adfs_auth/views.py b/seahub/adfs_auth/views.py index 5794bffa5b..22b61d0163 100644 --- a/seahub/adfs_auth/views.py +++ b/seahub/adfs_auth/views.py @@ -17,83 +17,84 @@ import re import logging -from django.conf import settings -from seahub import auth from django.urls import reverse -from django.http import HttpResponseRedirect # 30x -from django.http import HttpResponseBadRequest, HttpResponseForbidden # 40x +from django.http import HttpResponseRedirect, HttpResponse, HttpResponseBadRequest, HttpResponseForbidden +from django.utils.http import url_has_allowed_host_and_scheme from django.views.decorators.http import require_POST -try: - from django.views.decorators.csrf import csrf_exempt -except ImportError: - # Django 1.0 compatibility - def csrf_exempt(view_func): - return view_func - +from django.views.decorators.csrf import csrf_exempt from saml2 import BINDING_HTTP_POST from saml2.client import Saml2Client -from saml2.sigver import MissingKey -from saml2.ident import code - +from saml2.metadata import entity_descriptor from djangosaml2.cache import IdentityCache, OutstandingQueriesCache from djangosaml2.conf import get_config from djangosaml2.signals import post_authenticated from djangosaml2.utils import get_custom_setting +from seahub import auth from seahub.auth import login as auth_login from seahub.auth.decorators import login_required +from seahub import settings # Added by khorkin from seahub.base.sudo_mode import update_sudo_mode_ts logger = logging.getLogger('djangosaml2') -def _set_subject_id(session, subject_id): - session['_saml2_subject_id'] = code(subject_id) +def login(request): + next_url = settings.LOGIN_REDIRECT_URL + if 'next' in request.GET: + next_url = request.GET['next'] + elif 'RelayState' in request.GET: + next_url = request.GET['RelayState'] + + if not url_has_allowed_host_and_scheme(next_url, None): + next_url = settings.LOGIN_REDIRECT_URL + + sp_config = get_config(None, request) + saml_client = Saml2Client(sp_config) + session_id, info = saml_client.prepare_for_authenticate(relay_state=next_url) + try: + headers = dict(info['headers']) + redirect_url = headers['Location'] + except KeyError: + redirect_url = info['url'] + except Exception as e: + logger.warning(e) + redirect_url = None + + return HttpResponseRedirect(redirect_url) @require_POST @csrf_exempt -def assertion_consumer_service(request, - config_loader_path=None, - attribute_mapping=None, - create_unknown_user=None): - """SAML Authorization Response endpoint - - The IdP will send its response to this view, which - will process it with pysaml2 help and log the user - in using the custom Authorization backend - djangosaml2.backends.Saml2Backend that should be - enabled in the settings.py +def assertion_consumer_service(request, attribute_mapping=None, create_unknown_user=True): + """SAML Authorization Response endpoint. + The IdP will send its response to this view, which will process it using pysaml2 and + log the user in using whatever SAML authentication backend has been enabled in + settings.py. The `djangosaml2.backends.Saml2Backend` can be used for this purpose, + though some implementations may instead register their own subclasses of Saml2Backend. """ - attribute_mapping = attribute_mapping or get_custom_setting( - 'SAML_ATTRIBUTE_MAPPING', {'uid': ('username', )}) - create_unknown_user = create_unknown_user or get_custom_setting( - 'SAML_CREATE_UNKNOWN_USER', True) - logger.debug('Assertion Consumer Service started') - - conf = get_config(config_loader_path, request) if 'SAMLResponse' not in request.POST: - return HttpResponseBadRequest( - 'Couldn\'t find "SAMLResponse" in POST data.') - xmlstr = request.POST['SAMLResponse'] - client = Saml2Client(conf, identity_cache=IdentityCache(request.session)) + return HttpResponseBadRequest('Missing "SAMLResponse" parameter in POST data.') + attribute_mapping = attribute_mapping or get_custom_setting('SAML_ATTRIBUTE_MAPPING', None) + conf = get_config(None, request) + identity_cache = IdentityCache(request.session) + client = Saml2Client(conf, identity_cache=identity_cache) oq_cache = OutstandingQueriesCache(request.session) + oq_cache.sync() outstanding_queries = oq_cache.outstanding_queries() + xmlstr = request.POST['SAMLResponse'] try: - response = client.parse_authn_request_response(xmlstr, BINDING_HTTP_POST, - outstanding_queries) - except MissingKey: - logger.error('MissingKey error in ACS') - return HttpResponseForbidden( - "The Identity Provider is not configured correctly: " - "the certificate key is missing") + response = client.parse_authn_request_response(xmlstr, BINDING_HTTP_POST, outstanding_queries) + except Exception as e: + logger.error(e) + return HttpResponseBadRequest('SAMLResponse Error') + if response is None: logger.error('SAML response is None') - return HttpResponseBadRequest( - "SAML response has errors. Please check the logs") + return HttpResponseBadRequest('SAML response has errors. Please check the logs') session_id = response.session_id() oq_cache.delete(session_id) @@ -101,13 +102,8 @@ def assertion_consumer_service(request, # authenticate the remote user session_info = response.session_info() - if callable(attribute_mapping): - attribute_mapping = attribute_mapping() - if callable(create_unknown_user): - create_unknown_user = create_unknown_user() - # get url_prefix - url_prefix = None + url_prefix = '' reg = re.search(r'org/custom/([a-z_0-9-]+)', request.path) if reg: url_prefix = reg.group(1) @@ -126,14 +122,11 @@ def assertion_consumer_service(request, return HttpResponseForbidden("Permission denied") auth_login(request, user) - _set_subject_id(request.session, session_info['name_id']) - logger.debug('Sending the post_authenticated signal') post_authenticated.send_robust(sender=user, session_info=session_info) # redirect the user to the view where he came from - default_relay_state = get_custom_setting('ACS_DEFAULT_REDIRECT_URL', - settings.LOGIN_REDIRECT_URL) + default_relay_state = settings.LOGIN_REDIRECT_URL relay_state = request.POST.get('RelayState', default_relay_state) if not relay_state: logger.warning('The RelayState parameter exists but is empty') @@ -142,6 +135,15 @@ def assertion_consumer_service(request, return HttpResponseRedirect(relay_state) +def metadata(request): + sp_config = get_config(None, request) + sp_metadata = entity_descriptor(sp_config) + return HttpResponse( + content=str(sp_metadata).encode("utf-8"), + content_type="text/xml; charset=utf-8", + ) + + @login_required def auth_complete(request): from seahub.api2.utils import get_token_v1, get_token_v2 @@ -185,6 +187,6 @@ def auth_complete(request): return resp -def org_multi_adfs(request): +def multi_adfs_login(request): if getattr(settings, 'ENABLE_MULTI_ADFS', False): return HttpResponseRedirect(request.path.rstrip('/') + '/saml2/login/') diff --git a/seahub/organizations/api/admin/saml_config.py b/seahub/organizations/api/admin/saml_config.py index 578e1a92a6..d97dbe8402 100644 --- a/seahub/organizations/api/admin/saml_config.py +++ b/seahub/organizations/api/admin/saml_config.py @@ -17,13 +17,12 @@ from seahub.api2.authentication import TokenAuthentication from seahub.api2.utils import api_error from seahub.organizations.utils import get_ccnet_db_name, update_org_url_prefix from seahub.organizations.models import OrgSAMLConfig -try: - from seahub.settings import CERTS_DIR -except ImportError: - CERTS_DIR = '' +from seahub import settings logger = logging.getLogger(__name__) +CERTS_DIR = getattr(settings, 'SAML_CERTS_DIR', '/opt/seafile/seahub-data/certs') + class OrgUploadIdPCertificateView(APIView): @@ -67,48 +66,6 @@ class OrgUploadIdPCertificateView(APIView): return Response({'success': True}) -class OrgUploadIdPMetadataXMLView(APIView): - - authentication_classes = (TokenAuthentication, SessionAuthentication) - throttle_classes = (UserRateThrottle,) - permission_classes = (IsProVersion, IsOrgAdminUser) - - def post(self, request, org_id): - # argument check - idp_metadata_xml = request.FILES.get('idp_metadata_xml', None) - if not idp_metadata_xml: - error_msg = 'idp_metadata_xml not found.' - return api_error(status.HTTP_400_BAD_REQUEST, error_msg) - - if idp_metadata_xml.name != 'idp_federation_metadata.xml': - error_msg = 'idp_metadata_xml invalid.' - return api_error(status.HTTP_400_BAD_REQUEST, error_msg) - - if not CERTS_DIR: - error_msg = 'CERTS_DIR invalid.' - return api_error(status.HTTP_400_BAD_REQUEST, error_msg) - - # resource check - if not ccnet_api.get_org_by_id(int(org_id)): - error_msg = 'Organization %s not found.' % org_id - return api_error(status.HTTP_404_NOT_FOUND, error_msg) - - org_certs_dir = os.path.join(CERTS_DIR, str(org_id)) - try: - if not os.path.exists(org_certs_dir): - os.makedirs(org_certs_dir) - - cert_file_path = os.path.join(org_certs_dir, 'idp_federation_metadata.xml') - with open(cert_file_path, 'wb') as fd: - fd.write(idp_metadata_xml.read()) - except Exception as e: - logger.error(e) - error_msg = 'Internal Server Error' - return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) - - return Response({'success': True}) - - class OrgSAMLConfigView(APIView): authentication_classes = (TokenAuthentication, SessionAuthentication) @@ -132,11 +89,8 @@ class OrgSAMLConfigView(APIView): def post(self, request, org_id): # argument check metadata_url = request.data.get('metadata_url', None) - single_sign_on_service = request.data.get('single_sign_on_service', None) - single_logout_service = request.data.get('single_logout_service', None) - valid_days = request.data.get('valid_days', None) - if not metadata_url or not single_sign_on_service or not single_logout_service or not valid_days: - return api_error(status.HTTP_400_BAD_REQUEST, 'argument invalid.') + if not metadata_url: + return api_error(status.HTTP_400_BAD_REQUEST, 'metadata_url invalid.') # resource check org_id = int(org_id) @@ -146,9 +100,7 @@ class OrgSAMLConfigView(APIView): # add an org saml config try: - saml_comfig = OrgSAMLConfig.objects.add_or_update_saml_config( - org_id, metadata_url, single_sign_on_service, single_logout_service, valid_days - ) + saml_comfig = OrgSAMLConfig.objects.add_or_update_saml_config(org_id, metadata_url) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' @@ -159,11 +111,8 @@ class OrgSAMLConfigView(APIView): def put(self, request, org_id): # argument check metadata_url = request.data.get('metadata_url', None) - single_sign_on_service = request.data.get('single_sign_on_service', None) - single_logout_service = request.data.get('single_logout_service', None) - valid_days = request.data.get('valid_days', None) - if not metadata_url and not single_sign_on_service and not single_logout_service and not valid_days: - return api_error(status.HTTP_400_BAD_REQUEST, 'argument invalid.') + if not metadata_url: + return api_error(status.HTTP_400_BAD_REQUEST, 'metadata_url invalid.') # resource check org_id = int(org_id) @@ -173,9 +122,7 @@ class OrgSAMLConfigView(APIView): # update config try: - saml_comfig = OrgSAMLConfig.objects.add_or_update_saml_config( - org_id, metadata_url, single_sign_on_service, single_logout_service, valid_days - ) + saml_comfig = OrgSAMLConfig.objects.add_or_update_saml_config(org_id, metadata_url) except Exception as e: logger.error(e) error_msg = 'Internal Server Error' @@ -229,7 +176,8 @@ class OrgUrlPrefixView(APIView): reg = re.match(r'^[a-z0-9-]{6,20}$', org_url_prefix) if not reg: - error_msg = _('org_url_prefix should be 6 to 20 characters, and can only contain alphanumeric characters and hyphens.') + error_msg = _('org_url_prefix should be 6 to 20 characters, ' + 'and can only contain alphanumeric characters and hyphens.') return api_error(status.HTTP_400_BAD_REQUEST, error_msg) if ccnet_api.get_org_by_url_prefix(org_url_prefix) is not None: diff --git a/seahub/organizations/api_urls.py b/seahub/organizations/api_urls.py index 882bf8acb1..7fcce2c0b9 100644 --- a/seahub/organizations/api_urls.py +++ b/seahub/organizations/api_urls.py @@ -26,8 +26,7 @@ from .api.admin.logo import OrgAdminLogo from .api.admin.statistics import OrgFileOperationsView, OrgTotalStorageView, \ OrgActiveUsersView, OrgSystemTrafficView, OrgUserTrafficView, \ OrgUserTrafficExcelView, OrgUserStorageExcelView -from .api.admin.saml_config import OrgUploadIdPCertificateView, OrgUploadIdPMetadataXMLView, OrgSAMLConfigView, \ - OrgUrlPrefixView +from .api.admin.saml_config import OrgUploadIdPCertificateView, OrgSAMLConfigView, OrgUrlPrefixView urlpatterns = [ @@ -56,9 +55,6 @@ urlpatterns = [ url(r'^(?P\d+)/admin/saml-idp-certificate/$', OrgUploadIdPCertificateView.as_view(), name='api-v2.1-org-admin-saml-idp-certificate'), - url(r'^(?P\d+)/admin/saml-idp-metadata-xml/$', - OrgUploadIdPMetadataXMLView.as_view(), - name='api-v2.1-org-admin-saml-idp-metadata-xml'), url(r'^(?P\d+)/admin/saml-config/$', OrgSAMLConfigView.as_view(), name='api-v2.1-org-admin-saml-config'), diff --git a/seahub/organizations/migrations/0004_orgsamlconfig.py b/seahub/organizations/migrations/0004_orgsamlconfig.py deleted file mode 100644 index e58a123468..0000000000 --- a/seahub/organizations/migrations/0004_orgsamlconfig.py +++ /dev/null @@ -1,27 +0,0 @@ -# Generated by Django 3.2.14 on 2022-12-08 12:27 - -from django.db import migrations, models - - -class Migration(migrations.Migration): - - dependencies = [ - ('organizations', '0003_auto_20190116_0323'), - ] - - operations = [ - migrations.CreateModel( - name='OrgSAMLConfig', - fields=[ - ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), - ('org_id', models.IntegerField(unique=True)), - ('metadata_url', models.TextField()), - ('single_sign_on_service', models.TextField()), - ('single_logout_service', models.TextField()), - ('valid_days', models.IntegerField()), - ], - options={ - 'db_table': 'org_saml_config', - }, - ), - ] diff --git a/seahub/organizations/models.py b/seahub/organizations/models.py index d38c4de191..40429be7c8 100644 --- a/seahub/organizations/models.py +++ b/seahub/organizations/models.py @@ -84,11 +84,7 @@ class OrgSettings(models.Model): class OrgSAMLConfigManager(models.Manager): - - def add_or_update_saml_config( - self, org_id, metadata_url, single_sign_on_service, - single_logout_service, valid_days - ): + def add_or_update_saml_config(self, org_id, metadata_url): try: saml_config = self.get(org_id=org_id) except OrgSAMLConfig.DoesNotExist: @@ -96,12 +92,6 @@ class OrgSAMLConfigManager(models.Manager): if metadata_url: saml_config.metadata_url = metadata_url - if single_sign_on_service: - saml_config.single_sign_on_service = single_sign_on_service - if single_logout_service: - saml_config.single_logout_service = single_logout_service - if valid_days: - saml_config.valid_days = valid_days saml_config.save(using=self._db) return saml_config @@ -117,9 +107,6 @@ class OrgSAMLConfigManager(models.Manager): class OrgSAMLConfig(models.Model): org_id = models.IntegerField(unique=True) metadata_url = models.TextField() - single_sign_on_service = models.TextField() - single_logout_service = models.TextField() - valid_days = models.IntegerField() objects = OrgSAMLConfigManager() @@ -131,9 +118,6 @@ class OrgSAMLConfig(models.Model): 'id': self.pk, 'org_id': self.org_id, 'metadata_url': self.metadata_url, - 'single_sign_on_service': self.single_sign_on_service, - 'single_logout_service': self.single_logout_service, - 'valid_days': self.valid_days, } diff --git a/seahub/organizations/templates/organizations/org_admin_react.html b/seahub/organizations/templates/organizations/org_admin_react.html index 08a9a745e1..75f68aacbb 100644 --- a/seahub/organizations/templates/organizations/org_admin_react.html +++ b/seahub/organizations/templates/organizations/org_admin_react.html @@ -15,7 +15,8 @@ invitationLink: '{{ invitation_link|escapejs }}', orgMemberQuotaEnabled: '{{ org_member_quota_enabled }}', orgEnableAdminCustomLogo: '{{ org_enable_admin_custom_logo }}', - orgEnableAdminCustomName: '{{ org_enable_admin_custom_name }}' + orgEnableAdminCustomName: '{{ org_enable_admin_custom_name }}', + enableMultiADFS: '{{ enable_multi_adfs }}', } } diff --git a/seahub/organizations/views.py b/seahub/organizations/views.py index 26a8a1836e..ec67b93b55 100644 --- a/seahub/organizations/views.py +++ b/seahub/organizations/views.py @@ -18,6 +18,7 @@ from django.utils.crypto import get_random_string import seaserv from seaserv import ccnet_api +from seahub import settings from seahub.auth import login from seahub.auth.decorators import login_required, login_required_ajax from seahub.base.accounts import User @@ -37,6 +38,9 @@ from seahub.organizations.utils import get_or_create_invitation_link # Get an instance of a logger logger = logging.getLogger(__name__) +ENABLE_MULTI_ADFS = getattr(settings, 'ENABLE_MULTI_ADFS', False) + + ########## ccnet rpc wrapper def create_org(org_name, url_prefix, creator): return seaserv.create_org(org_name, url_prefix, creator) @@ -253,6 +257,7 @@ def react_fake_view(request, **kwargs): 'org_enable_admin_custom_name': ORG_ENABLE_ADMIN_CUSTOM_NAME, 'group_id': group_id, 'invitation_link': invitation_link, + 'enable_multi_adfs': ENABLE_MULTI_ADFS, }) @login_required diff --git a/seahub/settings.py b/seahub/settings.py index 86e5777fbb..2adadcd8b4 100644 --- a/seahub/settings.py +++ b/seahub/settings.py @@ -953,6 +953,7 @@ if ENABLE_CAS: if ENABLE_ADFS_LOGIN or ENABLE_MULTI_ADFS: MIDDLEWARE.append('djangosaml2.middleware.SamlSessionMiddleware') AUTHENTICATION_BACKENDS += ('seahub.adfs_auth.backends.Saml2Backend',) + SAML_CONFIG_LOADER = 'seahub.adfs_auth.utils.config_settings_loader' ##################### # Custom Nav Items # diff --git a/seahub/urls.py b/seahub/urls.py index 6e51ffc2ad..60c3bc739d 100644 --- a/seahub/urls.py +++ b/seahub/urls.py @@ -876,19 +876,26 @@ if HAS_OFFICE_CONVERTER: ] if getattr(settings, 'ENABLE_MULTI_ADFS', False): - from seahub.adfs_auth.views import auth_complete + from seahub.adfs_auth.views import * urlpatterns += [ - url(r'^org/custom/[a-z_0-9-]+/', include(('seahub.adfs_auth.urls', 'adfs_auth'), namespace='adfs_auth')), - url(r'^saml2/complete/$', auth_complete, name='org_saml2_complete'), + url(r'^org/custom/[a-z_0-9-]+/$', multi_adfs_login, name="multi_adfs_login"), + url(r'^org/custom/[a-z_0-9-]+/saml2/login/$', login, name='org_saml2_login'), + url(r'^org/custom/[a-z_0-9-]+/saml2/acs/$', assertion_consumer_service, name='org_saml2_acs'), + url(r'^org/custom/[a-z_0-9-]+/saml2/metadata/$', metadata, name='org_saml2_metadata'), ] if getattr(settings, 'ENABLE_ADFS_LOGIN', False): - from seahub.adfs_auth.views import assertion_consumer_service, \ - auth_complete + from seahub.adfs_auth.views import * urlpatterns += [ + url(r'^saml2/login/$', login, name='saml2_login'), url(r'^saml2/acs/$', assertion_consumer_service, name='saml2_acs'), + url(r'^saml2/metadata/$', metadata, name='saml2_metadata'), + ] + +if getattr(settings, 'ENABLE_MULTI_ADFS', False) or getattr(settings, 'ENABLE_ADFS_LOGIN', False): + from seahub.adfs_auth.views import auth_complete + urlpatterns += [ url(r'^saml2/complete/$', auth_complete, name='saml2_complete'), - url(r'^saml2/', include('djangosaml2.urls')), ] if getattr(settings, 'ENABLE_ONLYOFFICE', False): diff --git a/sql/mysql.sql b/sql/mysql.sql index a4ed4f1311..e75dfa601d 100644 --- a/sql/mysql.sql +++ b/sql/mysql.sql @@ -1349,9 +1349,6 @@ CREATE TABLE `org_saml_config` ( `id` int(11) NOT NULL AUTO_INCREMENT, `org_id` int(11) NOT NULL, `metadata_url` longtext NOT NULL, - `single_sign_on_service` longtext NOT NULL, - `single_logout_service` longtext NOT NULL, - `valid_days` int(11) NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `org_id` (`org_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; diff --git a/sql/sqlite3.sql b/sql/sqlite3.sql index 20f89327fa..c18173ec70 100644 --- a/sql/sqlite3.sql +++ b/sql/sqlite3.sql @@ -615,7 +615,7 @@ CREATE INDEX IF NOT EXISTS "ocm_via_webdav_share_received_shared_by_1786d580" ON CREATE TABLE IF NOT EXISTS "onlyoffice_onlyofficedockey" ("id" integer NOT NULL PRIMARY KEY AUTOINCREMENT, "doc_key" varchar(36) NOT NULL, "username" varchar(255) NOT NULL, "repo_id" varchar(36) NULL, "file_path" TEXT NOT NULL, "repo_id_file_path_md5" varchar(100) NOT NULL, "created_time" datetime NOT NULL); CREATE INDEX IF NOT EXISTS "onlyoffice_onlyofficedockey_doc_key_edba1352" ON "onlyoffice_onlyofficedockey" ("doc_key"); CREATE INDEX IF NOT EXISTS "onlyoffice_onlyofficedockey_repo_id_file_path_md5_52002073" ON "onlyoffice_onlyofficedockey" ("repo_id_file_path_md5"); -CREATE TABLE IF NOT EXISTS "org_saml_config" ("id" integer NOT NULL PRIMARY KEY AUTOINCREMENT, "org_id" integer NOT NULL UNIQUE, "metadata_url" TEXT NOT NULL, "single_sign_on_service" TEXT NOT NULL, "single_logout_service" TEXT NOT NULL, "valid_days" integer NOT NULL); +CREATE TABLE IF NOT EXISTS "org_saml_config" ("id" integer NOT NULL PRIMARY KEY AUTOINCREMENT, "org_id" integer NOT NULL UNIQUE, "metadata_url" TEXT NOT NULL); CREATE TABLE IF NOT EXISTS "base_usermonitoredrepos" ("id" integer NOT NULL PRIMARY KEY AUTOINCREMENT, "email" varchar(254) NOT NULL, "repo_id" varchar(36) NOT NULL, "timestamp" datetime NOT NULL, UNIQUE ("email", "repo_id")); CREATE INDEX IF NOT EXISTS "base_usermonitoredrepos_email_55ead1b9" ON "base_usermonitoredrepos" ("email"); CREATE INDEX IF NOT EXISTS "base_usermonitoredrepos_repo_id_00e624c3" ON "base_usermonitoredrepos" ("repo_id");