keitaroinc · IamTaoChen · Apr 10, 2023 · Apr 10, 2023 · Apr 10, 2023 · Apr 10, 2023
diff --git a/ckanext/saml2auth/spconfig.py b/ckanext/saml2auth/spconfig.py
@@ -19,9 +19,13 @@
 
 from saml2.saml import NAME_FORMAT_URI
 from saml2 import entity
+from saml2.metadata import entity_descriptor, metadata_tostring_fix
+from saml2.validate import valid_instance
+from saml2.config import Config
 
 from ckan.common import config as ckan_config
 from ckan.common import asbool, aslist
+from flask import Response
 
 
 def get_config():
@@ -84,7 +88,7 @@ def get_config():
         u'metadata': {},
         u'debug': 1 if debug else 0,
         u'name_form': NAME_FORMAT_URI
-        }
+    }
 
     if name_id_policy_format:
         config[u'service'][u'sp'][u'name_id_policy_format'] = name_id_policy_format
@@ -93,6 +97,10 @@ def get_config():
         config[u'key_file'] = key_file
         config[u'cert_file'] = cert_file
         config[u'encryption_keypairs'] = [{u'key_file': key_file, u'cert_file': cert_file}]
+    else:
+        config[u'key_file'] = None
+        config[u'cert_file'] = None
+        config[u'encryption_keypairs'] = None
 
     if attribute_map_dir is not None:
         config[u'attribute_map_dir'] = attribute_map_dir
@@ -101,9 +109,30 @@ def get_config():
         config[u'metadata'][u'local'] = [local_path]
     elif location == u'remote':
         remote = [{
-                u'url': remote_url,
-                u'cert': remote_cert
-            }]
+            u'url': remote_url,
+            u'cert': remote_cert
+        }]
         config[u'metadata'][u'remote'] = remote
 
     return config
+
+
+def get_metadata(metadata_file_path=None):
+    if metadata_file_path is None:
+        metadata_file_path = "/srv/app/metadata.xml"
+
+    nspair = {"xs": "http://www.w3.org/2001/XMLSchema"}
+
+    config = Config().load(get_config())
+
+    eid = entity_descriptor(config)
+    valid_instance(eid)
+    # xmldoc = None
+    xmldoc = metadata_tostring_fix(eid, nspair)
+    try:
+        with open(metadata_file_path, "w") as f:
+            f.write(xmldoc.decode("utf-8"))
+    except:
+        pass
+
+    return Response(xmldoc, content_type='application/xml')
diff --git a/ckanext/saml2auth/views/saml2auth.py b/ckanext/saml2auth/views/saml2auth.py
@@ -33,6 +33,7 @@
 from ckan.common import config, g, request
 
 from ckanext.saml2auth.spconfig import get_config as sp_config
+from ckanext.saml2auth.spconfig import get_metadata as sp_metadata
 from ckanext.saml2auth import helpers as h
 from ckanext.saml2auth.interfaces import ISaml2Auth
 from ckanext.saml2auth.cache import set_subject_id, set_saml_session_info
@@ -348,8 +349,10 @@ def slo():
 
 
 acs_endpoint = config.get('ckanext.saml2auth.acs_endpoint', '/acs')
+metadata_endpoint = config.get('ckanext.saml2auth.metadata', '/saml2/metadata')
 saml2auth.add_url_rule(acs_endpoint, view_func=acs, methods=[u'GET', u'POST'])
 saml2auth.add_url_rule(u'/user/saml2login', view_func=saml2login)
+saml2auth.add_url_rule(metadata_endpoint, view_func=sp_metadata, methods=[u'GET'])
 if not h.is_default_login_enabled():
     saml2auth.add_url_rule(
         u'/user/login', view_func=disable_default_login_register)