keystone.federation.idp module

class keystone.federation.idp.ECPGenerator[source]

Bases: object

A class for generating an ECP assertion.

static generate_ecp(saml_assertion, relay_state_prefix)[source]
class keystone.federation.idp.MetadataGenerator[source]

Bases: object

A class for generating SAML IdP Metadata.

generate_metadata()[source]

Generate Identity Provider Metadata.

Generate and format metadata into XML that can be exposed and consumed by a federated Service Provider.

Returns:

XML <EntityDescriptor> object.

Raises:

keystone.exception.ValidationError – If the required config options aren’t set.

class keystone.federation.idp.SAMLGenerator[source]

Bases: object

A class to generate SAML assertions.

samlize_token(issuer, recipient, user, user_domain_name, roles, project, project_domain_name, groups, expires_in=None)[source]

Convert Keystone attributes to a SAML assertion.

Parameters:

  • issuer (string) – URL of the issuing party

  • recipient (string) – URL of the recipient

  • user (string) – User name

  • user_domain_name (string) – User Domain name

  • roles (list) – List of role names

  • project (string) – Project name

  • project_domain_name (string) – Project Domain name

  • groups (list) – List of strings of user groups and domain name, where strings are serialized dictionaries.

  • expires_in (int) – Sets how long the assertion is valid for, in seconds

Returns:

XML <Response> object