possibility to limit PT delivery by service
This commit is contained in:
parent
5ebc5169c3
commit
4fd4afd9c0
6 changed files with 121 additions and 68 deletions
|
@ -7,7 +7,7 @@ msgid ""
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Project-Id-Version: cas_server\n"
|
"Project-Id-Version: cas_server\n"
|
||||||
"Report-Msgid-Bugs-To: \n"
|
"Report-Msgid-Bugs-To: \n"
|
||||||
"POT-Creation-Date: 2015-05-28 02:10+0200\n"
|
"POT-Creation-Date: 2015-05-28 15:24+0200\n"
|
||||||
"PO-Revision-Date: 2015-05-23 19:03+0100\n"
|
"PO-Revision-Date: 2015-05-23 19:03+0100\n"
|
||||||
"Last-Translator: Valentin Samir <valentin.samir@crans.org>\n"
|
"Last-Translator: Valentin Samir <valentin.samir@crans.org>\n"
|
||||||
"Language-Team: django <LL@li.org>\n"
|
"Language-Team: django <LL@li.org>\n"
|
||||||
|
@ -33,117 +33,123 @@ msgstr " Warn me before logging me into other sites."
|
||||||
msgid "Bad user"
|
msgid "Bad user"
|
||||||
msgstr "The credentials you provided cannot be determined to be authentic."
|
msgstr "The credentials you provided cannot be determined to be authentic."
|
||||||
|
|
||||||
#: models.py:89
|
#: models.py:58
|
||||||
#, fuzzy, python-format
|
#, fuzzy, python-format
|
||||||
#| msgid "Error during service logout %s"
|
#| msgid "Error during service logout %s"
|
||||||
msgid "Error during service logout %r"
|
msgid "Error during service logout %s"
|
||||||
msgstr "Error during service logout %s"
|
msgstr "Error during service logout %s"
|
||||||
|
|
||||||
#: models.py:147
|
#: models.py:117
|
||||||
msgid "position"
|
msgid "position"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: models.py:154 models.py:239
|
#: models.py:124 models.py:213
|
||||||
msgid "name"
|
msgid "name"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: models.py:155
|
#: models.py:125
|
||||||
#, fuzzy
|
#, fuzzy
|
||||||
#| msgid "Connect to the service"
|
#| msgid "Connect to the service"
|
||||||
msgid "A name for the service"
|
msgid "A name for the service"
|
||||||
msgstr "Connect to the service"
|
msgstr "Connect to the service"
|
||||||
|
|
||||||
#: models.py:160 models.py:266 models.py:283
|
#: models.py:130 models.py:240 models.py:257
|
||||||
msgid "pattern"
|
msgid "pattern"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: models.py:166
|
#: models.py:136
|
||||||
msgid "user field"
|
msgid "user field"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: models.py:167
|
#: models.py:137
|
||||||
msgid "Name of the attribut to transmit as username, empty = login"
|
msgid "Name of the attribut to transmit as username, empty = login"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: models.py:171
|
#: models.py:141
|
||||||
msgid "restrict username"
|
msgid "restrict username"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: models.py:172
|
#: models.py:142
|
||||||
msgid "Limit username allowed to connect to the list provided bellow"
|
msgid "Limit username allowed to connect to the list provided bellow"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: models.py:176
|
#: models.py:146
|
||||||
msgid "proxy"
|
msgid "proxy"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: models.py:177
|
#: models.py:147
|
||||||
msgid ""
|
msgid "Proxy tickets can be delivered to the service"
|
||||||
"A ProxyGrantingTicket can be delivered to the service in order to "
|
|
||||||
"authenticate for the user on a backend service"
|
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: models.py:182
|
#: models.py:151
|
||||||
|
msgid "proxy callback"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
|
#: models.py:152
|
||||||
|
msgid "can be used as a proxy callback to deliver PGT"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
|
#: models.py:156
|
||||||
msgid "single log out"
|
msgid "single log out"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: models.py:183
|
#: models.py:157
|
||||||
#, fuzzy
|
#, fuzzy
|
||||||
#| msgid "Connect to the service"
|
#| msgid "Connect to the service"
|
||||||
msgid "Enable SLO for the service"
|
msgid "Enable SLO for the service"
|
||||||
msgstr "Connect to the service"
|
msgstr "Connect to the service"
|
||||||
|
|
||||||
#: models.py:225
|
#: models.py:199
|
||||||
msgid "username"
|
msgid "username"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: models.py:226
|
#: models.py:200
|
||||||
#, fuzzy
|
#, fuzzy
|
||||||
#| msgid "Connect to the service"
|
#| msgid "Connect to the service"
|
||||||
msgid "username allowed to connect to the service"
|
msgid "username allowed to connect to the service"
|
||||||
msgstr "Connect to the service"
|
msgstr "Connect to the service"
|
||||||
|
|
||||||
#: models.py:240
|
#: models.py:214
|
||||||
#, fuzzy
|
#, fuzzy
|
||||||
#| msgid "The attribut %(field)s is needed to use that service"
|
#| msgid "The attribut %(field)s is needed to use that service"
|
||||||
msgid "name of an attribut to send to the service"
|
msgid "name of an attribut to send to the service"
|
||||||
msgstr "The attribut %(field)s is needed to use that service"
|
msgstr "The attribut %(field)s is needed to use that service"
|
||||||
|
|
||||||
#: models.py:245 models.py:289
|
#: models.py:219 models.py:263
|
||||||
msgid "replace"
|
msgid "replace"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: models.py:246
|
#: models.py:220
|
||||||
msgid ""
|
msgid ""
|
||||||
"name under which the attribut will be showto the service. empty = default "
|
"name under which the attribut will be showto the service. empty = default "
|
||||||
"name of the attribut"
|
"name of the attribut"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: models.py:261 models.py:278
|
#: models.py:235 models.py:252
|
||||||
msgid "attribut"
|
msgid "attribut"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: models.py:262
|
#: models.py:236
|
||||||
msgid "Name of the attribut which must verify pattern"
|
msgid "Name of the attribut which must verify pattern"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: models.py:267
|
#: models.py:241
|
||||||
msgid "a regular expression"
|
msgid "a regular expression"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: models.py:279
|
#: models.py:253
|
||||||
msgid "Name of the attribut for which the value must be replace"
|
msgid "Name of the attribut for which the value must be replace"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: models.py:284
|
#: models.py:258
|
||||||
msgid "An regular expression maching whats need to be replaced"
|
msgid "An regular expression maching whats need to be replaced"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: models.py:290
|
#: models.py:264
|
||||||
msgid "replace expression, groups are capture by \\1, \\2 …"
|
msgid "replace expression, groups are capture by \\1, \\2 …"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: models.py:337
|
#: models.py:313
|
||||||
#, python-format
|
#, python-format
|
||||||
msgid ""
|
msgid ""
|
||||||
"Error during service logout %(service)s:\n"
|
"Error during service logout %(service)s:\n"
|
||||||
|
|
Binary file not shown.
|
@ -7,8 +7,8 @@ msgid ""
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Project-Id-Version: cas_server\n"
|
"Project-Id-Version: cas_server\n"
|
||||||
"Report-Msgid-Bugs-To: \n"
|
"Report-Msgid-Bugs-To: \n"
|
||||||
"POT-Creation-Date: 2015-05-28 02:10+0200\n"
|
"POT-Creation-Date: 2015-05-28 15:24+0200\n"
|
||||||
"PO-Revision-Date: 2015-05-28 02:15+0100\n"
|
"PO-Revision-Date: 2015-05-28 15:25+0100\n"
|
||||||
"Last-Translator: Valentin Samir <valentin.samir@crans.org>\n"
|
"Last-Translator: Valentin Samir <valentin.samir@crans.org>\n"
|
||||||
"Language-Team: django <LL@li.org>\n"
|
"Language-Team: django <LL@li.org>\n"
|
||||||
"Language: fr\n"
|
"Language: fr\n"
|
||||||
|
@ -34,115 +34,119 @@ msgstr "Prévenez-moi avant d'accéder à d'autres services."
|
||||||
msgid "Bad user"
|
msgid "Bad user"
|
||||||
msgstr "Les informations transmises n'ont pas permis de vous authentifier."
|
msgstr "Les informations transmises n'ont pas permis de vous authentifier."
|
||||||
|
|
||||||
#: models.py:89
|
#: models.py:58
|
||||||
#, python-format
|
#, python-format
|
||||||
msgid "Error during service logout %r"
|
msgid "Error during service logout %s"
|
||||||
msgstr "Une erreur est survenue durant la déconnexion du service %r"
|
msgstr "Une erreur est survenue durant la déconnexion du service %s"
|
||||||
|
|
||||||
#: models.py:147
|
#: models.py:117
|
||||||
msgid "position"
|
msgid "position"
|
||||||
msgstr "position"
|
msgstr "position"
|
||||||
|
|
||||||
#: models.py:154 models.py:239
|
#: models.py:124 models.py:213
|
||||||
msgid "name"
|
msgid "name"
|
||||||
msgstr "nom"
|
msgstr "nom"
|
||||||
|
|
||||||
#: models.py:155
|
#: models.py:125
|
||||||
msgid "A name for the service"
|
msgid "A name for the service"
|
||||||
msgstr "Un nom pour le service"
|
msgstr "Un nom pour le service"
|
||||||
|
|
||||||
#: models.py:160 models.py:266 models.py:283
|
#: models.py:130 models.py:240 models.py:257
|
||||||
msgid "pattern"
|
msgid "pattern"
|
||||||
msgstr "motif"
|
msgstr "motif"
|
||||||
|
|
||||||
#: models.py:166
|
#: models.py:136
|
||||||
msgid "user field"
|
msgid "user field"
|
||||||
msgstr "champ utilisateur"
|
msgstr "champ utilisateur"
|
||||||
|
|
||||||
#: models.py:167
|
#: models.py:137
|
||||||
msgid "Name of the attribut to transmit as username, empty = login"
|
msgid "Name of the attribut to transmit as username, empty = login"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Nom de l'attribut devant être transmis comme nom d'utilisateur au service. "
|
"Nom de l'attribut devant être transmis comme nom d'utilisateur au service. "
|
||||||
"vide = nom de connection"
|
"vide = nom de connection"
|
||||||
|
|
||||||
#: models.py:171
|
#: models.py:141
|
||||||
msgid "restrict username"
|
msgid "restrict username"
|
||||||
msgstr "limiter les noms d'utilisateurs"
|
msgstr "limiter les noms d'utilisateurs"
|
||||||
|
|
||||||
#: models.py:172
|
#: models.py:142
|
||||||
msgid "Limit username allowed to connect to the list provided bellow"
|
msgid "Limit username allowed to connect to the list provided bellow"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Limiter les noms d'utilisateurs autorisé à se connecter à la liste fournie "
|
"Limiter les noms d'utilisateurs autorisé à se connecter à la liste fournie "
|
||||||
"ci-dessous"
|
"ci-dessous"
|
||||||
|
|
||||||
#: models.py:176
|
#: models.py:146
|
||||||
msgid "proxy"
|
msgid "proxy"
|
||||||
msgstr "proxy"
|
msgstr "proxy"
|
||||||
|
|
||||||
#: models.py:177
|
#: models.py:147
|
||||||
msgid ""
|
msgid "Proxy tickets can be delivered to the service"
|
||||||
"A ProxyGrantingTicket can be delivered to the service in order to "
|
msgstr "des proxy tickets peuvent être délivrés au service"
|
||||||
"authenticate for the user on a backend service"
|
|
||||||
msgstr ""
|
|
||||||
"Un ProxyGrantingTicket peut être délivré au service pour lui permettre de "
|
|
||||||
"s'authentifier en temps l'utilisateur à un autre service"
|
|
||||||
|
|
||||||
#: models.py:182
|
#: models.py:151
|
||||||
|
msgid "proxy callback"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
|
#: models.py:152
|
||||||
|
msgid "can be used as a proxy callback to deliver PGT"
|
||||||
|
msgstr "peut être utilisé comme un callback pour recevoir un PGT"
|
||||||
|
|
||||||
|
#: models.py:156
|
||||||
msgid "single log out"
|
msgid "single log out"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: models.py:183
|
#: models.py:157
|
||||||
msgid "Enable SLO for the service"
|
msgid "Enable SLO for the service"
|
||||||
msgstr "Active le SLO pour le service"
|
msgstr "Active le SLO pour le service"
|
||||||
|
|
||||||
#: models.py:225
|
#: models.py:199
|
||||||
msgid "username"
|
msgid "username"
|
||||||
msgstr "nom d'utilisateur"
|
msgstr "nom d'utilisateur"
|
||||||
|
|
||||||
#: models.py:226
|
#: models.py:200
|
||||||
msgid "username allowed to connect to the service"
|
msgid "username allowed to connect to the service"
|
||||||
msgstr "noms d'utilisateurs autorisé à se connecter au service"
|
msgstr "noms d'utilisateurs autorisé à se connecter au service"
|
||||||
|
|
||||||
#: models.py:240
|
#: models.py:214
|
||||||
msgid "name of an attribut to send to the service"
|
msgid "name of an attribut to send to the service"
|
||||||
msgstr "nom d'un attribut a envoyer au service"
|
msgstr "nom d'un attribut a envoyer au service"
|
||||||
|
|
||||||
#: models.py:245 models.py:289
|
#: models.py:219 models.py:263
|
||||||
msgid "replace"
|
msgid "replace"
|
||||||
msgstr "remplacement"
|
msgstr "remplacement"
|
||||||
|
|
||||||
#: models.py:246
|
#: models.py:220
|
||||||
msgid ""
|
msgid ""
|
||||||
"name under which the attribut will be showto the service. empty = default "
|
"name under which the attribut will be showto the service. empty = default "
|
||||||
"name of the attribut"
|
"name of the attribut"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"nom sous lequel l'attribut sera rendu visible au service. vide = inchangé"
|
"nom sous lequel l'attribut sera rendu visible au service. vide = inchangé"
|
||||||
|
|
||||||
#: models.py:261 models.py:278
|
#: models.py:235 models.py:252
|
||||||
msgid "attribut"
|
msgid "attribut"
|
||||||
msgstr "attribut"
|
msgstr "attribut"
|
||||||
|
|
||||||
#: models.py:262
|
#: models.py:236
|
||||||
msgid "Name of the attribut which must verify pattern"
|
msgid "Name of the attribut which must verify pattern"
|
||||||
msgstr "Nom de l'attribut devant vérifier un motif"
|
msgstr "Nom de l'attribut devant vérifier un motif"
|
||||||
|
|
||||||
#: models.py:267
|
#: models.py:241
|
||||||
msgid "a regular expression"
|
msgid "a regular expression"
|
||||||
msgstr "une expression régulière"
|
msgstr "une expression régulière"
|
||||||
|
|
||||||
#: models.py:279
|
#: models.py:253
|
||||||
msgid "Name of the attribut for which the value must be replace"
|
msgid "Name of the attribut for which the value must be replace"
|
||||||
msgstr "nom de l'attribue pour lequel la valeur doit être remplacé"
|
msgstr "nom de l'attribue pour lequel la valeur doit être remplacé"
|
||||||
|
|
||||||
#: models.py:284
|
#: models.py:258
|
||||||
msgid "An regular expression maching whats need to be replaced"
|
msgid "An regular expression maching whats need to be replaced"
|
||||||
msgstr "une expression régulière reconnaissant ce qui doit être remplacé"
|
msgstr "une expression régulière reconnaissant ce qui doit être remplacé"
|
||||||
|
|
||||||
#: models.py:290
|
#: models.py:264
|
||||||
msgid "replace expression, groups are capture by \\1, \\2 …"
|
msgid "replace expression, groups are capture by \\1, \\2 …"
|
||||||
msgstr "expression de remplacement, les groupe sont capturé par \\1, \\2"
|
msgstr "expression de remplacement, les groupe sont capturé par \\1, \\2"
|
||||||
|
|
||||||
#: models.py:337
|
#: models.py:313
|
||||||
#, python-format
|
#, python-format
|
||||||
msgid ""
|
msgid ""
|
||||||
"Error during service logout %(service)s:\n"
|
"Error during service logout %(service)s:\n"
|
||||||
|
@ -222,6 +226,13 @@ msgstr ""
|
||||||
"Vous vous êtes déconnecté(e) du Service Central d'Authentification.<br/>Pour "
|
"Vous vous êtes déconnecté(e) du Service Central d'Authentification.<br/>Pour "
|
||||||
"des raisons de sécurité, veuillez fermer votre navigateur."
|
"des raisons de sécurité, veuillez fermer votre navigateur."
|
||||||
|
|
||||||
|
#~ msgid ""
|
||||||
|
#~ "A ProxyGrantingTicket can be delivered to the service in order to "
|
||||||
|
#~ "authenticate for the user on a backend service"
|
||||||
|
#~ msgstr ""
|
||||||
|
#~ "Un ProxyGrantingTicket peut être délivré au service pour lui permettre de "
|
||||||
|
#~ "s'authentifier en temps l'utilisateur à un autre service"
|
||||||
|
|
||||||
#~ msgid ""
|
#~ msgid ""
|
||||||
#~ "Une demande d'authentification a été émise pour le service %(name)s "
|
#~ "Une demande d'authentification a été émise pour le service %(name)s "
|
||||||
#~ "(%(url)s)"
|
#~ "(%(url)s)"
|
||||||
|
|
26
cas_server/migrations/0016_auto_20150528_1326.py
Normal file
26
cas_server/migrations/0016_auto_20150528_1326.py
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
|
from django.db import models, migrations
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('cas_server', '0015_auto_20150528_1202'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AddField(
|
||||||
|
model_name='servicepattern',
|
||||||
|
name='proxy_callback',
|
||||||
|
field=models.BooleanField(default=False, help_text='can be used as a proxy callback to deliver PGT', verbose_name='proxy callback'),
|
||||||
|
preserve_default=True,
|
||||||
|
),
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='servicepattern',
|
||||||
|
name='proxy',
|
||||||
|
field=models.BooleanField(default=False, help_text='Proxy tickets can be delivered to the service', verbose_name='proxy'),
|
||||||
|
preserve_default=True,
|
||||||
|
),
|
||||||
|
]
|
|
@ -144,8 +144,12 @@ class ServicePattern(models.Model):
|
||||||
proxy = models.BooleanField(
|
proxy = models.BooleanField(
|
||||||
default=False,
|
default=False,
|
||||||
verbose_name=_(u"proxy"),
|
verbose_name=_(u"proxy"),
|
||||||
help_text=_("A ProxyGrantingTicket can be delivered to the service " \
|
help_text=_("Proxy tickets can be delivered to the service")
|
||||||
"in order to authenticate for the user on a backend service")
|
)
|
||||||
|
proxy_callback = models.BooleanField(
|
||||||
|
default=False,
|
||||||
|
verbose_name=_(u"proxy callback"),
|
||||||
|
help_text=_("can be used as a proxy callback to deliver PGT")
|
||||||
)
|
)
|
||||||
single_log_out = models.BooleanField(
|
single_log_out = models.BooleanField(
|
||||||
default=False,
|
default=False,
|
||||||
|
|
|
@ -291,7 +291,7 @@ def ps_validate(request, ticket_type=None):
|
||||||
params['username'] = ticket.user.attributs.get(ticket.service_pattern.user_field)
|
params['username'] = ticket.user.attributs.get(ticket.service_pattern.user_field)
|
||||||
if pgt_url and pgt_url.startswith("https://"):
|
if pgt_url and pgt_url.startswith("https://"):
|
||||||
pattern = models.ServicePattern.validate(pgt_url)
|
pattern = models.ServicePattern.validate(pgt_url)
|
||||||
if pattern.proxy:
|
if pattern.proxy_callback:
|
||||||
proxyid = utils.gen_pgtiou()
|
proxyid = utils.gen_pgtiou()
|
||||||
pticket = models.ProxyGrantingTicket.objects.create(
|
pticket = models.ProxyGrantingTicket.objects.create(
|
||||||
user=ticket.user,
|
user=ticket.user,
|
||||||
|
@ -358,6 +358,12 @@ def proxy(request):
|
||||||
try:
|
try:
|
||||||
# is the target service allowed
|
# is the target service allowed
|
||||||
pattern = models.ServicePattern.validate(target_service)
|
pattern = models.ServicePattern.validate(target_service)
|
||||||
|
if not pattern.proxy:
|
||||||
|
return _validate_error(
|
||||||
|
request,
|
||||||
|
'UNAUTHORIZED_SERVICE',
|
||||||
|
'the service do not allow proxy ticket'
|
||||||
|
)
|
||||||
# is the proxy granting ticket valid
|
# is the proxy granting ticket valid
|
||||||
ticket = models.ProxyGrantingTicket.objects.get(
|
ticket = models.ProxyGrantingTicket.objects.get(
|
||||||
value=pgt,
|
value=pgt,
|
||||||
|
|
Loading…
Reference in a new issue