Skip to content
Snippets Groups Projects
Commit 1bd589d6 authored by Art's avatar Art :lizard:
Browse files

Fix meta lifetime.

parent cb0771e6
No related branches found
No related tags found
No related merge requests found
from onelogin.saml2 import settings as onelogin_settings from onelogin.saml2 import settings as onelogin_settings
from .defaults import * from .defaults import *
from django import conf from django import conf
from datetime import datetime, timedelta
# merge defaults with customized user settings # merge defaults with customized user settings
...@@ -87,7 +88,8 @@ ONELOGIN_SETTINGS_TEMPLATE = { ...@@ -87,7 +88,8 @@ ONELOGIN_SETTINGS_TEMPLATE = {
"wantNameIdEncrypted": False, "wantNameIdEncrypted": False,
"wantAssertionsEncrypted": True, "wantAssertionsEncrypted": True,
"signatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512", "signatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512",
"metadataCacheDuration": SP_METADATA_LIFETIME, "metadataCacheDuration": "P{n}D".format(n=SP_METADATA_LIFETIME_DAYS),
"metadataValidUntil": (datetime.now() + timedelta(days=SP_METADATA_LIFETIME_DAYS)).strftime('%Y-%m-%dT%H:%M:%S.%fZ')
}, },
"contactPerson": SP_CONTACTS, "contactPerson": SP_CONTACTS,
"organization": SP_ORGANIZATION, "organization": SP_ORGANIZATION,
......
...@@ -9,7 +9,7 @@ If you want to change something: ...@@ -9,7 +9,7 @@ If you want to change something:
""" """
Settings you want to change: Settings you may want to change:
""" """
# host and port, not what Django thinks, but what nginx serves # host and port, not what Django thinks, but what nginx serves
...@@ -18,6 +18,8 @@ SP_PORT = 443 ...@@ -18,6 +18,8 @@ SP_PORT = 443
IDP_META_URL = "https://idp.hs-hannover.de/idp/shibboleth" # test is "https://idp-test.it.hs-hannover.de/idp/shibboleth" IDP_META_URL = "https://idp.hs-hannover.de/idp/shibboleth" # test is "https://idp-test.it.hs-hannover.de/idp/shibboleth"
SP_KEY = "{project_settings}/cert/sp.key"
SP_CERT = "{project_settings}/cert/sp.pem"
""" """
Settings you DON'T want to change (in fact, you want to avoid even thinking about them): Settings you DON'T want to change (in fact, you want to avoid even thinking about them):
...@@ -25,10 +27,7 @@ Settings you DON'T want to change (in fact, you want to avoid even thinking abou ...@@ -25,10 +27,7 @@ Settings you DON'T want to change (in fact, you want to avoid even thinking abou
IDP_REQUIRED = True # die on start if cannot find IDP or parse its meta IDP_REQUIRED = True # die on start if cannot find IDP or parse its meta
SP_KEY = "{project_settings}/cert/sp.key" SP_METADATA_LIFETIME_DAYS = 365 * 20
SP_CERT = "{project_settings}/cert/sp.pem"
SP_METADATA_LIFETIME = "P20Y" # "P7D"-like (https://www.w3.org/TR/xmlschema-2/#duration)
# if you really really need to add/modify something in OneLogin settings, add it to ONELOGIN_OVERRIDES # if you really really need to add/modify something in OneLogin settings, add it to ONELOGIN_OVERRIDES
ONELOGIN_OVERRIDES = {} # e.g.: ONELOGIN_OVERRIDES = { "strict": False } ONELOGIN_OVERRIDES = {} # e.g.: ONELOGIN_OVERRIDES = { "strict": False }
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment