feat(*): serve SAML metadata using custom frontend

Dockerfile

@@ -1,8 +1,19 @@
+FROM satosa AS custom_code
+# workaround https://github.com/IdentityPython/satosa-docker/issues/6
+USER root
+RUN mkdir -p /home/satosa; chown satosa:satosa /home/satosa
+USER satosa
+# build custom micro services
+COPY --chown=satosa:satosa src /home/satosa/src
+RUN cd /home/satosa/src/static_content; pip install --user .
+
 FROM satosa
 USER root
 RUN pip install --no-cache-dir satosa[ldap]==${SATOSA_VERSION}
 COPY --chown=satosa:satosa *.yaml /etc/satosa/
-COPY --chown=satosa:satosa plugins /etc/satosa/
+COPY --chown=satosa:satosa plugins /etc/satosa/plugins
+RUN mkdir -p /home/satosa; chown satosa:satosa /home/satosa
+COPY --from=custom_code /home/satosa/.local /home/satosa/.local
 COPY delayed-entrypoint.sh /usr/local/bin/
 USER satosa:satosa
 ENV STARTUP_DELAY=300

plugins/frontends/idp_metadata.yaml

@@ -0,0 +1,4 @@
+module: static_content.StaticContentFrontend
+name: idp_metadata
+config:
+  file: frontend.xml

plugins/frontends/sp_metadata.yaml

@@ -0,0 +1,4 @@
+module: static_content.StaticContentFrontend
+name: sp_metadata
+config:
+  file: backend.xml

proxy_conf.yaml

@@ -11,6 +11,8 @@ BACKEND_MODULES:
 FRONTEND_MODULES:
   - plugins/frontends/saml2_frontend.yaml
   - plugins/frontends/ping_frontend.yaml
+  - plugins/frontends/idp_metadata.yaml
+  - plugins/frontends/sp_metadata.yaml
 MICRO_SERVICES:
   - plugins/microservices/static_attributes.yaml
 LOGGING:

src/static_content/setup.py

@@ -0,0 +1,9 @@
+from setuptools import setup
+
+setup(
+    name='static_content',
+    version='0.0.1',
+    install_requires=[
+        'satosa'
+    ],
+)

src/static_content/static_content/__init__.py

@@ -0,0 +1,55 @@
+import logging
+
+import satosa.logging_util as lu
+import satosa.frontends.base
+from satosa.response import Response
+
+
+logger = logging.getLogger(__name__)
+
+
+class StaticContentFrontend(satosa.frontends.base.FrontendModule):
+    """
+    A simple file server for SATOSA
+    """
+
+    def __init__(self, auth_req_callback_func, internal_attributes, config, base_url, name):
+        super().__init__(auth_req_callback_func, internal_attributes, base_url, name)
+        self.config = config
+
+    def handle_authn_response(self, context, internal_resp, extra_id_token_claims=None):
+        """
+        See super class method satosa.frontends.base.FrontendModule#handle_authn_response
+        :type context: satosa.context.Context
+        :type internal_response: satosa.internal.InternalData
+        :rtype oic.utils.http_util.Response
+        """
+        raise NotImplementedError()
+
+    def handle_backend_error(self, exception):
+        """
+        See super class satosa.frontends.base.FrontendModule
+        :type exception: satosa.exception.SATOSAError
+        :rtype: oic.utils.http_util.Response
+        """
+        raise NotImplementedError()
+
+    def register_endpoints(self, backend_names):
+        """
+        See super class satosa.frontends.base.FrontendModule
+        :type backend_names: list[str]
+        :rtype: list[(str, ((satosa.context.Context, Any) -> satosa.response.Response, Any))]
+        :raise ValueError: if more than one backend is configured
+        """
+        url_map = [("^{}".format(self.name), self.static_content_endpoint)]
+        return url_map
+
+    def static_content_endpoint(self, context):
+        """
+        """
+        msg = f"Static content returning {self.config['file']}"
+        logline = lu.LOG_FMT.format(id=lu.get_session_id(context.state), message=msg)
+        logger.debug(logline)
+        file = open(self.config['file'], 'r')
+        msg = file.read()
+        return Response(msg)