From 4c11e382987f12a3553c1825e0faf754c5a5b2cd Mon Sep 17 00:00:00 2001
From: Joseph Wenninger <jowenn@jowenn.net>
Date: Tue, 19 Dec 2023 17:37:16 +0100
Subject: [PATCH] other SPs use the signing key as encryption key in the aconet
federation xml, make path of exclude json configurable
---
README.md | 1 +
main.py | 5 +++--
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index 79d0363..26a9b2d 100644
--- a/README.md
+++ b/README.md
@@ -29,6 +29,7 @@ You may want to run the script once a day to update the IdPs, e.g. via cron or s
- `SAML2_METADATA_URL` (URL to SAML 2.0 Metadata document)
- `SAML2_METADATA_CRT_FILE` (path to the X.509 certificate to use for XML Signature verification of the Metadata)
- `SAML2_METADATA_INSECURE` (if no XML Signature verification and no `validUntil` expiration check should be performed; NOT RECOMMENDED)
+ - `SAML2_METADATA_EXCLUDE_JSON_PATH` (path ending with /, default is ./)
- `KEYCLOAK_URL` (URL to Keycloak instance)
- `KEYCLOAK_REALM` (Keycloak realm)
- `KEYCLOAK_USER` (Keycloak user)
diff --git a/main.py b/main.py
index ba9e46b..26f395a 100644
--- a/main.py
+++ b/main.py
@@ -57,6 +57,7 @@ class Metadata_importer():
self.__get_excluded()
def __get_settings(self):
+ self.metadata_exclude_json_path = os.getenv('SAML2_METADATA_EXCLUDE_JSON_PATH','./')
self.metadata_feed_url = os.getenv('SAML2_METADATA_URL')
self.metadata_feed_crt = os.getenv('SAML2_METADATA_CRT_FILE')
self.metadata_feed_insecure = os.getenv('SAML2_METADATA_INSECURE', False)
@@ -88,7 +89,7 @@ class Metadata_importer():
self.NS = json.load(f)
def __get_excluded(self):
- with open("./exclude.json") as f:
+ with open(self.metadata_exclude_json_path+"exclude.json") as f:
self.excluded = json.load(f)
def __get_sync_db(self):
@@ -471,7 +472,7 @@ class Metadata_importer():
keys=jdata["keys"]
key_to_use=None
for k in keys:
- if k['use']=='enc':
+ if k['use']=='sig':
key_to_use=k["x5c"][0]
break
if not key_to_use:
--
GitLab