NZ RealMe DocumentationRelease 0.0.1

Darryl Cousins

November 04, 2014

Contents

1 NZ RealMe 31.1 Development repository only . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

2 Installation 52.1 Potential problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

3 Usage 7

4 Contributing 94.1 Types of Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94.2 Get Started! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104.3 Pull Request Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

5 Credits 115.1 Development Lead . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115.2 Credits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115.3 Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

6 History 13

7 Development (2014-01-11) 15

8 nzrealme 178.1 nzrealme package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

9 NZRealMe Authn Request 199.1 Create Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

10 Indices and tables 21

Python Module Index 23

i

ii

NZ RealMe Documentation, Release 0.0.1

Contents:

Contents 1

NZ RealMe Documentation, Release 0.0.1

2 Contents

CHAPTER 1

NZ RealMe

1.1 Development repository only

Please note that this project is under development and is not ready for use.

This Python package provides an API for integrating your application with the New Zealand RealMe login and identityservices (formerly “igovt logon”) using SAML 2.0 messaging.

The package uses python-saml2

You can also look for information at:

• Documentation: https://nz-realme.readthedocs.org.

• Issue tracker on github: https://github.com/darrylcousins/nzrealme/issues

• Source code repository on github: https://github.com/darrylcousins/nzrealme

Commercial support and consultancy is available through Encode Limited

• Free software: BSD license

3

NZ RealMe Documentation, Release 0.0.1

4 Chapter 1. NZ RealMe

CHAPTER 2

Installation

At the command line:

$ easy_install nzrealme

Or, if you have virtualenvwrapper installed:

$ mkvirtualenv nzrealme$ pip install nzrealme

From your virtualenv root directory clone the repository:

$ git clone https://bitbucket.org/darrylcousins/nzrealme

Initialize and activate the virtualenv:

$ pyenv virtualenv 2.7.6 onlymarlborough$ cd onlymarlborough$ pyenv activate onlymarlborough

Pip install the requirements for development:

$ pip install -r requirements.txt

Run tests:

$ make test

Check pep8 with flake8:

$ make lint

Check coverage:

$ make coverage

2.1 Potential problems

Installation of xml bindings lxml and dm.xmsec.binding https://github.com/onelogin/python-saml/issues/30.

5

NZ RealMe Documentation, Release 0.0.1

6 Chapter 2. Installation

CHAPTER 3

Usage

To use nzrealme in a project:

import nzrealme

TODO.

7

NZ RealMe Documentation, Release 0.0.1

8 Chapter 3. Usage

CHAPTER 4

Contributing

Contributions are welcome, and they are greatly appreciated! Every little bit helps, and credit will always be given.

You can contribute in many ways:

4.1 Types of Contributions

4.1.1 Report Bugs

Report bugs at https://github.com/darrylcousins/nzrealme/issues.

If you are reporting a bug, please include:

• Your operating system name and version.

• Any details about your local setup that might be helpful in troubleshooting.

• Detailed steps to reproduce the bug.

4.1.2 Fix Bugs

Look through the GitHub issues for bugs. Anything tagged with “bug” is open to whoever wants to implement it.

4.1.3 Write Documentation

nzrealme could always use more documentation, whether as part of the official nzrealme docs, in docstrings, or evenon the web in blog posts, articles, and such.

4.1.4 Submit Feedback

The best way to send feedback is to file an issue at https://github.com/darrylcousins/nzrealme/issues.

If you are proposing a feature:

• Explain in detail how it would work.

• Keep the scope as narrow as possible, to make it easier to implement.

• Remember that this is a volunteer-driven project, and that contributions are welcome :)

9

NZ RealMe Documentation, Release 0.0.1

4.2 Get Started!

Ready to contribute? Here’s how to set up nzrealme for local development.

1. Fork the nzrealme repo on GitHub.

2. Clone your fork locally:

$ git clone git@github.com:your_name_here/nzrealme.git

3. Install your local copy into a virtualenv. Assuming you have virtualenvwrapper installed, this is how you set upyour fork for local development:

$ mkvirtualenv nzrealme$ cd nzrealme/$ python setup.py develop

4. Create a branch for local development:

$ git checkout -b name-of-your-bugfix-or-feature

Now you can make your changes locally.

5. When you’re done making changes, check that your changes pass flake8 and the tests, including testing otherPython versions with tox:

$ flake8 nzrealme tests$ python setup.py test$ tox

To get flake8 and tox, just pip install them into your virtualenv.

6. Commit your changes and push your branch to GitHub:

$ git add .$ git commit -m "Your detailed description of your changes."$ git push origin name-of-your-bugfix-or-feature

7. Submit a pull request through the GitHub website.

4.3 Pull Request Guidelines

Before you submit a pull request, check that it meets these guidelines:

1. The pull request should include tests.

2. If the pull request adds functionality, the docs should be updated. Put your new functionality into a functionwith a docstring, and add the feature to the list in README.rst.

3. The pull request should work for Python 2.7. Check https://travis-ci.org/darrylcousins/nzrealme/pull_requestsand make sure that the tests pass for all supported Python versions.

10 Chapter 4. Contributing

CHAPTER 5

Credits

5.1 Development Lead

• Darryl Cousins <darryljcousins@gmail.com>

5.2 Credits

• Sixto Martin (@pitbulk) for python-saml2

5.3 Contributors

11

NZ RealMe Documentation, Release 0.0.1

12 Chapter 5. Credits

CHAPTER 6

History

13

NZ RealMe Documentation, Release 0.0.1

14 Chapter 6. History

CHAPTER 7

Development (2014-01-11)

• continuing development

15

NZ RealMe Documentation, Release 0.0.1

16 Chapter 7. Development (2014-01-11)

CHAPTER 8

nzrealme

8.1 nzrealme package

8.1.1 Submodules

8.1.2 nzrealme.authn_request module

8.1.3 nzrealme.settings module

8.1.4 nzrealme.utils module

8.1.5 Module contents

Doctest documentation:

17

NZ RealMe Documentation, Release 0.0.1

18 Chapter 8. nzrealme

CHAPTER 9

NZRealMe Authn Request

The default onelogin.saml2.authn_request.OneLogin_Saml2_Authn_Request object uses an xmltemplate not quite what is required for NZRealMe.

So it has been subclassed for use in this package.

9.1 Create Request

Load the json setting file and create the authn_request object:

>>> saml_settings = loadSettings()>>> settings = OneLogin_Saml2_Settings(saml_settings)>>> authn_request = NZRealMe_Authn_Request(settings)

9.1.1 Check Encoded Request

The authn_request returned is encoded:

>>> authn_request_encoded = authn_request.get_request()>>> decoded = b64decode(authn_request_encoded)>>> inflated = decompress(decoded, -15)>>> print(inflated)<samlp:AuthnRequest

xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"ID="NZREALME_..."Version="2.0"ProviderName="SP test"IssueInstant="20...T...Z"Destination="http://idp.example.com/SSOService.php"ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"AssertionConsumerServiceURL="http://stuff.com/endpoints/endpoints/acs.php"ForceAuthn="true"><saml:Issuer>http://stuff.com/endpoints/metadata.php</saml:Issuer><samlp:NameIDPolicyFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"AllowCreate="false" />

<samlp:RequestedAuthnContext Comparison="exact"><saml:AuthnContextClassRef>urn:nzl:govt:ict:stds:authn:deployment:GLS:SAML:2.0:ac:classes:LowStrength</saml:AuthnContextClassRef>

</samlp:RequestedAuthnContext></samlp:AuthnRequest>

19

NZ RealMe Documentation, Release 0.0.1

9.1.2 The Encoded Query String

The query string of the url is encoded:

>>> parameters = {... ’SAMLRequest’: authn_request.get_request()... }>>> auth_url = NZRealMe_Utils.redirect(... ’http://idp.example.com/SSOService.php’,... parameters=parameters,... request_data={})>>> exploded = urlparse.urlparse(auth_url)>>> exploded = urlparse.parse_qs(exploded[4])>>> ’SAMLRequest’ in explodedTrue>>> payload = exploded[’SAMLRequest’][0]>>> decoded = b64decode(payload)>>> inflated = decompress(decoded, -15)>>> print(inflated)<samlp:AuthnRequest

xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"ID="NZREALME_..."

...</samlp:AuthnRequest>

Same result as for above.

20 Chapter 9. NZRealMe Authn Request

CHAPTER 10

Indices and tables

• genindex

• modindex

• search

21

NZ RealMe Documentation, Release 0.0.1

22 Chapter 10. Indices and tables

Python Module Index

nnzrealme, 17

23

NZ RealMe Documentation, Release 0.0.1

24 Python Module Index

Index

Nnzrealme (module), 17

25