openstack/deb-python-pysaml2
Code Issues Proposed changes

Remade validate to raise exception if anything was not valid

Browse Source
This commit is contained in:
Roland Hedberg
2010-09-26 21:08:32 +02:00
parent 1eef19e04b
commit 3765aabd7e
8 changed files with 76 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tests/metadata.xml
View File

@@ -15,7 +15,7 @@ AxMHVGVzdCBTUIIJAJHg2V5J31I8MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF
BQADgYEAMuRwwXRnsiyWzmRikpwinnhTmbooKm5TINPE7A7gSQ710RxioQePPhZO
zkM27NnHTrCe2rBVg0EGz7QTd1JIwLPvgoj4VTi/fSha/tXrYUaqc9AqU1kWI4WN
+vffBGQ09mo+6CffuFTZYeOhzP/2stAPwCTU4kxEoiy0KpZMANI=
</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns0:KeyDescriptor><ns0:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:8087/" index="0" /></ns0:SPSSODescriptor><ns0:Organization><ns0:OrganizationURL>http://www.example.com/</ns0:OrganizationURL><ns0:OrganizationName>Example Co</ns0:OrganizationName></ns0:Organization><ns0:ContactPerson><ns0:GivenName>Roland</ns0:GivenName><ns0:SurName>Hedberg</ns0:SurName><ns0:EmailAddress>roland.hedberg@example.com</ns0:EmailAddress></ns0:ContactPerson></ns0:EntityDescriptor><ns0:EntityDescriptor entityID="urn:mace:example.com:saml:roland:idp"><ns0:IDPSSODescriptor WantAuthnRequestsSigned="True" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><ns0:KeyDescriptor><ns1:KeyInfo xmlns:ns1="http://www.w3.org/2000/09/xmldsig#"><ns1:X509Data><ns1:X509Certificate>MIIC8jCCAlugAwIBAgIJAJHg2V5J31I8MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV
</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns0:KeyDescriptor><ns0:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:8087/" index="0" /></ns0:SPSSODescriptor><ns0:Organization><ns0:OrganizationURL xml:lang="en">http://www.example.com/</ns0:OrganizationURL><ns0:OrganizationName xml:lang="en">Example Co</ns0:OrganizationName><ns0:OrganizationDisplayName xml:lang="en">Example Co</ns0:OrganizationDisplayName></ns0:Organization><ns0:ContactPerson contactType="technical"><ns0:GivenName>Roland</ns0:GivenName><ns0:SurName>Hedberg</ns0:SurName><ns0:EmailAddress>roland.hedberg@example.com</ns0:EmailAddress></ns0:ContactPerson></ns0:EntityDescriptor><ns0:EntityDescriptor entityID="urn:mace:example.com:saml:roland:idp"><ns0:IDPSSODescriptor WantAuthnRequestsSigned="True" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><ns0:KeyDescriptor><ns1:KeyInfo xmlns:ns1="http://www.w3.org/2000/09/xmldsig#"><ns1:X509Data><ns1:X509Certificate>MIIC8jCCAlugAwIBAgIJAJHg2V5J31I8MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV
BAYTAlNFMQ0wCwYDVQQHEwRVbWVhMRgwFgYDVQQKEw9VbWVhIFVuaXZlcnNpdHkx
EDAOBgNVBAsTB0lUIFVuaXQxEDAOBgNVBAMTB1Rlc3QgU1AwHhcNMDkxMDI2MTMz
MTE1WhcNMTAxMDI2MTMzMTE1WjBaMQswCQYDVQQGEwJTRTENMAsGA1UEBxMEVW1l
@@ -31,4 +31,4 @@ AxMHVGVzdCBTUIIJAJHg2V5J31I8MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF
BQADgYEAMuRwwXRnsiyWzmRikpwinnhTmbooKm5TINPE7A7gSQ710RxioQePPhZO
zkM27NnHTrCe2rBVg0EGz7QTd1JIwLPvgoj4VTi/fSha/tXrYUaqc9AqU1kWI4WN
+vffBGQ09mo+6CffuFTZYeOhzP/2stAPwCTU4kxEoiy0KpZMANI=
</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns0:KeyDescriptor><ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://localhost:8088/sso/" /></ns0:IDPSSODescriptor><ns0:Organization><ns0:OrganizationURL>http://www.example.com/</ns0:OrganizationURL><ns0:OrganizationName>Example Co</ns0:OrganizationName></ns0:Organization><ns0:ContactPerson><ns0:GivenName>Roland</ns0:GivenName><ns0:SurName>Hedberg</ns0:SurName><ns0:EmailAddress>roland.hedberg@example.com</ns0:EmailAddress></ns0:ContactPerson></ns0:EntityDescriptor></ns0:EntitiesDescriptor>
</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns0:KeyDescriptor><ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://localhost:8088/sso/" /></ns0:IDPSSODescriptor><ns0:Organization><ns0:OrganizationURL xml:lang="en">http://www.example.com/</ns0:OrganizationURL><ns0:OrganizationName xml:lang="en">Example Co</ns0:OrganizationName><ns0:OrganizationDisplayName xml:lang="en">Example Co</ns0:OrganizationDisplayName></ns0:Organization><ns0:ContactPerson contactType="technical"><ns0:GivenName>Roland</ns0:GivenName><ns0:SurName>Hedberg</ns0:SurName><ns0:EmailAddress>roland.hedberg@example.com</ns0:EmailAddress></ns0:ContactPerson></ns0:EntityDescriptor></ns0:EntitiesDescriptor>

26
tests/metasp.xml
View File

@@ -1,5 +1,11 @@
<?xml version='1.0' encoding='UTF-8'?>
<ns0:EntitiesDescriptor name="urn:mace:umu.se:saml:test" validUntil="2010-12-01T09:22:16Z" xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata"><ns0:EntityDescriptor entityID="urn:mace:umu.se:saml:roland:sp" validUntil="2010-12-01T09:22:16Z"><ns0:SPSSODescriptor AuthnRequestsSigned="False" WantAssertionsSigned="True" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><ns0:KeyDescriptor><ns1:KeyInfo xmlns:ns1="http://www.w3.org/2000/09/xmldsig#"><ns1:X509Data><ns1:X509Certificate>MIIC8jCCAlugAwIBAgIJAJHg2V5J31I8MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV
<?xml version="1.0" encoding="UTF-8"?>
<ns0:EntitiesDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata" name="urn:mace:umu.se:saml:test" validUntil="2010-12-01T09:22:16Z">
<ns0:EntityDescriptor entityID="urn:mace:umu.se:saml:roland:sp" validUntil="2010-12-01T09:22:16Z">
<ns0:SPSSODescriptor AuthnRequestsSigned="False" WantAssertionsSigned="True" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<ns0:KeyDescriptor>
<ns1:KeyInfo xmlns:ns1="http://www.w3.org/2000/09/xmldsig#">
<ns1:X509Data>
<ns1:X509Certificate>MIIC8jCCAlugAwIBAgIJAJHg2V5J31I8MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV
BAYTAlNFMQ0wCwYDVQQHEwRVbWVhMRgwFgYDVQQKEw9VbWVhIFVuaXZlcnNpdHkx
EDAOBgNVBAsTB0lUIFVuaXQxEDAOBgNVBAMTB1Rlc3QgU1AwHhcNMDkxMDI2MTMz
MTE1WhcNMTAxMDI2MTMzMTE1WjBaMQswCQYDVQQGEwJTRTENMAsGA1UEBxMEVW1l
@@ -15,4 +21,18 @@ AxMHVGVzdCBTUIIJAJHg2V5J31I8MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF
BQADgYEAMuRwwXRnsiyWzmRikpwinnhTmbooKm5TINPE7A7gSQ710RxioQePPhZO
zkM27NnHTrCe2rBVg0EGz7QTd1JIwLPvgoj4VTi/fSha/tXrYUaqc9AqU1kWI4WN
+vffBGQ09mo+6CffuFTZYeOhzP/2stAPwCTU4kxEoiy0KpZMANI=
</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns0:KeyDescriptor><ns0:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:8087/" index="0" /><ns0:AttributeConsumingService><ns0:ServiceName ns1:lang="en" xmlns:ns1="http:#www.w3.org/XML/1998/namespace">Rolands SP</ns0:ServiceName><ns0:RequestedAttribute FriendlyName="surName" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /><ns0:RequestedAttribute FriendlyName="givenName" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /><ns0:RequestedAttribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" /><ns0:RequestedAttribute FriendlyName="title" Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" /></ns0:AttributeConsumingService></ns0:SPSSODescriptor></ns0:EntityDescriptor></ns0:EntitiesDescriptor>
</ns1:X509Certificate>
</ns1:X509Data>
</ns1:KeyInfo>
</ns0:KeyDescriptor>
<ns0:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:8087/" index="0"/>
<ns0:AttributeConsumingService index="0">
<ns0:ServiceName xml:lang="en">Rolands SP</ns0:ServiceName>
<ns0:RequestedAttribute FriendlyName="surName" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
<ns0:RequestedAttribute FriendlyName="givenName" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
<ns0:RequestedAttribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
<ns0:RequestedAttribute FriendlyName="title" Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
</ns0:AttributeConsumingService>
</ns0:SPSSODescriptor>
</ns0:EntityDescriptor>
</ns0:EntitiesDescriptor>

10
tests/saml_false_signed.xml
View File

@@ -1,10 +1,10 @@
<?xml version="1.0" encoding="UTF-8"?>
<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" Destination="http://xenosmilus.umdc.umu.se:8087/login" ID="_5271694c3be6883137377fb076355c4bc97f28b3c1" InResponseTo="bahigehogffohiphlfmplepdpcohkhhmheppcdie" IssueInstant="2009-09-25T18:12:39Z" Version="2.0">
<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" Destination="http://xenosmilus.umdc.umu.se:8087/login" ID="_5271694c3be6883137377fb076355c4bc97f28b3c1" InResponseTo="bahigehogffohiphlfmplepdpcohkhhmheppcdie" IssueInstant="2009-10-25T18:12:39Z" Version="2.0">
<ns1:Issuer xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion">http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php</ns1:Issuer>
<ns0:Status>
<ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</ns0:Status>
<ns1:Assertion xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion" ID="pfx9e022535-4b38-cc7f-41ec-9a01bcd2936d" IssueInstant="2009-09-25T18:12:39Z" Version="2.0">
<ns1:Assertion xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion" ID="pfx9e022535-4b38-cc7f-41ec-9a01bcd2936d" IssueInstant="2009-10-25T18:12:39Z" Version="2.0">
<ns1:Issuer>http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php</ns1:Issuer>
<ns2:Signature xmlns:ns2="http://www.w3.org/2000/09/xmldsig#">
<ns2:SignedInfo>
@@ -49,15 +49,15 @@ OmuMZY0K6ERY4fNVnGEAoUZeieehC6/ljmfk14xCAlE=</ns2:SignatureValue>
_cddc88563d433f556d4cc70c3162deabddea3b5019
</ns1:NameID>
<ns1:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<ns1:SubjectConfirmationData InResponseTo="bahigehogffohiphlfmplepdpcohkhhmheppcdie" NotOnOrAfter="2009-09-25T18:17:39Z" Recipient="http://xenosmilus.umdc.umu.se:8087/login"/>
<ns1:SubjectConfirmationData InResponseTo="bahigehogffohiphlfmplepdpcohkhhmheppcdie" NotOnOrAfter="2009-10-25T18:17:39Z" Recipient="http://xenosmilus.umdc.umu.se:8087/login"/>
</ns1:SubjectConfirmation>
</ns1:Subject>
<ns1:Conditions NotBefore="2009-09-25T18:12:09Z" NotOnOrAfter="2009-09-26T02:12:39Z">
<ns1:Conditions NotBefore="2009-10-25T18:12:09Z" NotOnOrAfter="2009-10-26T02:12:39Z">
<ns1:AudienceRestriction>
<ns1:Audience>xenosmilus.umdc.umu.se</ns1:Audience>
</ns1:AudienceRestriction>
</ns1:Conditions>
<ns1:AuthnStatement AuthnInstant="2009-09-25T18:12:39Z" SessionIndex="_788db107b9bb1b6ab94f00deebbfe3d92c999b3041">
<ns1:AuthnStatement AuthnInstant="2009-10-25T18:12:39Z" SessionIndex="_788db107b9bb1b6ab94f00deebbfe3d92c999b3041">
<ns1:AuthnContext>
<ns1:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</ns1:AuthnContextClassRef>
</ns1:AuthnContext>

10
tests/saml_unsigned.xml
View File

@@ -1,25 +1,25 @@
<?xml version="1.0" encoding="UTF-8"?>
<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" Destination="http://xenosmilus.umdc.umu.se:8087/login" ID="_5271694c3be6883137377fb076355c4bc97f28b3c1" InResponseTo="bahigehogffohiphlfmplepdpcohkhhmheppcdie" IssueInstant="2009-09-25T18:12:39Z" Version="2.0">
<ns0:Response xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" Destination="http://xenosmilus.umdc.umu.se:8087/login" ID="_5271694c3be6883137377fb076355c4bc97f28b3c1" InResponseTo="bahigehogffohiphlfmplepdpcohkhhmheppcdie" IssueInstant="2009-10-25T18:12:39Z" Version="2.0">
<ns1:Issuer xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion">http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php</ns1:Issuer>
<ns0:Status>
<ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</ns0:Status>
<ns1:Assertion xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion" ID="pfx9e022535-4b38-cc7f-41ec-9a01bcd2936d" IssueInstant="2009-09-25T18:12:39Z" Version="2.0">
<ns1:Assertion xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion" ID="pfx9e022535-4b38-cc7f-41ec-9a01bcd2936d" IssueInstant="2009-10-25T18:12:39Z" Version="2.0">
<ns1:Issuer>http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php</ns1:Issuer>
<ns1:Subject>
<ns1:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" SPNameQualifier="xenosmilus.umdc.umu.se">
_cddc88563d433f556d4cc70c3162deabddea3b5019
</ns1:NameID>
<ns1:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<ns1:SubjectConfirmationData InResponseTo="bahigehogffohiphlfmplepdpcohkhhmheppcdie" NotOnOrAfter="2009-09-25T18:17:39Z" Recipient="http://xenosmilus.umdc.umu.se:8087/login"/>
<ns1:SubjectConfirmationData InResponseTo="bahigehogffohiphlfmplepdpcohkhhmheppcdie" NotOnOrAfter="2009-10-25T18:17:39Z" Recipient="http://xenosmilus.umdc.umu.se:8087/login"/>
</ns1:SubjectConfirmation>
</ns1:Subject>
<ns1:Conditions NotBefore="2009-09-25T18:12:09Z" NotOnOrAfter="2009-09-26T02:12:39Z">
<ns1:Conditions NotBefore="2009-10-25T18:12:09Z" NotOnOrAfter="2009-10-26T02:12:39Z">
<ns1:AudienceRestriction>
<ns1:Audience>xenosmilus.umdc.umu.se</ns1:Audience>
</ns1:AudienceRestriction>
</ns1:Conditions>
<ns1:AuthnStatement AuthnInstant="2009-09-25T18:12:39Z" SessionIndex="_788db107b9bb1b6ab94f00deebbfe3d92c999b3041">
<ns1:AuthnStatement AuthnInstant="2009-10-25T18:12:39Z" SessionIndex="_788db107b9bb1b6ab94f00deebbfe3d92c999b3041">
<ns1:AuthnContext>
<ns1:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</ns1:AuthnContextClassRef>
</ns1:AuthnContext>

18
tests/test_44_authnresp.py
View File

@@ -21,7 +21,7 @@ class TestAuthnResponse:
self._resp_ = server.do_response(
"http://lingon.catalogix.se:8087/", # consumer_url
"12", # in_response_to
"id12", # in_response_to
"urn:mace:example.com:saml:roland:sp", # sp_entity_id
{"eduPersonEntitlement":"Jeter"},
name_id = name_id
@@ -29,7 +29,7 @@ class TestAuthnResponse:
self._sign_resp_ = server.do_response(
"http://lingon.catalogix.se:8087/", # consumer_url
"12", # in_response_to
"id12", # in_response_to
"urn:mace:example.com:saml:roland:sp", # sp_entity_id
{"eduPersonEntitlement":"Jeter"},
name_id = name_id,
@@ -38,7 +38,7 @@ class TestAuthnResponse:
self._resp_authn = server.do_response(
"http://lingon.catalogix.se:8087/", # consumer_url
"12", # in_response_to
"id12", # in_response_to
"urn:mace:example.com:saml:roland:sp", # sp_entity_id
{"eduPersonEntitlement":"Jeter"},
name_id = name_id,
@@ -54,7 +54,7 @@ class TestAuthnResponse:
def test_verify_1(self):
xml_response = ("%s" % (self._resp_,)).split("\n")[1]
self.ar.outstanding_queries = {"12": "http://localhost:8088/sso"}
self.ar.outstanding_queries = {"id12": "http://localhost:8088/sso"}
self.ar.requestor = "urn:mace:example.com:saml:roland:sp"
self.ar.timeslack = 10000
self.ar.loads(xml_response, decode=False)
@@ -62,7 +62,7 @@ class TestAuthnResponse:
print self.ar.__dict__
assert self.ar.came_from == 'http://localhost:8088/sso'
assert self.ar.session_id() == "12"
assert self.ar.session_id() == "id12"
assert self.ar.ava == {'eduPersonEntitlement': ['Jeter'] }
assert self.ar.name_id
assert self.ar.issuer() == 'urn:mace:example.com:saml:roland:idp'
@@ -71,7 +71,7 @@ class TestAuthnResponse:
xml_response = ("%s" % (self._sign_resp_,)).split("\n",1)[1]
print xml_response
self.ar.outstanding_queries = {"12": "http://localhost:8088/sso"}
self.ar.outstanding_queries = {"id12": "http://localhost:8088/sso"}
self.ar.requestor = "urn:mace:example.com:saml:roland:sp"
self.ar.timeslack = 10000
self.ar.loads(xml_response, decode=False)
@@ -79,7 +79,7 @@ class TestAuthnResponse:
print self.ar.__dict__
assert self.ar.came_from == 'http://localhost:8088/sso'
assert self.ar.session_id() == "12"
assert self.ar.session_id() == "id12"
assert self.ar.ava == {'eduPersonEntitlement': ['Jeter'] }
assert self.ar.issuer() == 'urn:mace:example.com:saml:roland:idp'
assert self.ar.name_id
@@ -90,7 +90,7 @@ class TestAuthnResponse:
self.ar.outstanding_queries = {ID: "http://localhost:8088/foo"}
self.ar.requestor = "xenosmilus.umdc.umu.se"
# roughly a year, should create the response on the fly
self.ar.timeslack = 31536000
self.ar.timeslack = 315360000 # indecent long time
self.ar.loads(xml_response, decode=False)
self.ar.verify()
@@ -101,7 +101,7 @@ class TestAuthnResponse:
def test_verify_w_authn(self):
xml_response = ("%s" % (self._resp_authn,)).split("\n",1)[1]
self.ar.outstanding_queries = {"12": "http://localhost:8088/sso"}
self.ar.outstanding_queries = {"id12": "http://localhost:8088/sso"}
self.ar.requestor = "urn:mace:example.com:saml:roland:sp"
self.ar.timeslack = 10000
self.ar.loads(xml_response, decode=False)

26
tests/test_50_server.py
View File

@@ -102,7 +102,7 @@ class TestServer1():
def test_parse_faulty_request(self):
authn_request = self.client.authn_request(
query_id = "1",
query_id = "id1",
destination = "http://www.example.com",
service_url = "http://www.example.org",
spentityid = "urn:mace:example.com:saml:roland:sp",
@@ -115,7 +115,7 @@ class TestServer1():
def test_parse_faulty_request_to_err_status(self):
authn_request = self.client.authn_request(
query_id = "1",
query_id = "id1",
destination = "http://www.example.com",
service_url = "http://www.example.org",
spentityid = "urn:mace:example.com:saml:roland:sp",
@@ -142,7 +142,7 @@ class TestServer1():
def test_parse_ok_request(self):
authn_request = self.client.authn_request(
query_id = "1",
query_id = "id1",
destination = "http://www.example.com",
service_url = "http://localhost:8087/",
spentityid = "urn:mace:example.com:saml:roland:sp",
@@ -155,7 +155,7 @@ class TestServer1():
# returns a dictionary
print response
assert response["consumer_url"] == "http://localhost:8087/"
assert response["id"] == "1"
assert response["id"] == "id1"
name_id_policy = response["request"].name_id_policy
assert _eq(name_id_policy.keyswv(), ["format", "allow_create"])
assert name_id_policy.format == saml.NAMEID_FORMAT_TRANSIENT
@@ -165,7 +165,7 @@ class TestServer1():
name_id = self.server.ident.temporary_nameid()
resp = self.server.do_response(
"http://localhost:8087/", # consumer_url
"12", # in_response_to
"id12", # in_response_to
"urn:mace:example.com:saml:roland:sp", # sp_entity_id
{ "eduPersonEntitlement": "Short stop"}, # identity
name_id
@@ -176,7 +176,7 @@ class TestServer1():
'in_response_to', 'issue_instant',
'version', 'id', 'issuer'])
assert resp.destination == "http://localhost:8087/"
assert resp.in_response_to == "12"
assert resp.in_response_to == "id12"
assert resp.status
assert resp.status.status_code.value == samlp.STATUS_SUCCESS
assert resp.assertion
@@ -203,12 +203,12 @@ class TestServer1():
confirmation = assertion.subject.subject_confirmation
print confirmation.keyswv()
print confirmation.subject_confirmation_data
assert confirmation.subject_confirmation_data.in_response_to == "12"
assert confirmation.subject_confirmation_data.in_response_to == "id12"
def test_sso_response_without_identity(self):
resp = self.server.do_response(
"http://localhost:8087/", # consumer_url
"12", # in_response_to
"id12", # in_response_to
"urn:mace:example.com:saml:roland:sp", # sp_entity_id
)
@@ -216,7 +216,7 @@ class TestServer1():
assert _eq(resp.keyswv(),['status', 'destination', 'in_response_to',
'issue_instant', 'version', 'id', 'issuer'])
assert resp.destination == "http://localhost:8087/"
assert resp.in_response_to == "12"
assert resp.in_response_to == "id12"
assert resp.status
assert resp.status.status_code.value == samlp.STATUS_SUCCESS
assert resp.issuer.text == "urn:mace:example.com:saml:roland:idp"
@@ -224,14 +224,14 @@ class TestServer1():
def test_sso_failure_response(self):
exc = s_utils.MissingValue("eduPersonAffiliation missing")
resp = self.server.error_response( "http://localhost:8087/", "12",
resp = self.server.error_response( "http://localhost:8087/", "id12",
"urn:mace:example.com:saml:roland:sp", exc )
print resp.keyswv()
assert _eq(resp.keyswv(),['status', 'destination', 'in_response_to',
'issue_instant', 'version', 'id', 'issuer'])
assert resp.destination == "http://localhost:8087/"
assert resp.in_response_to == "12"
assert resp.in_response_to == "id12"
assert resp.status
print resp.status
assert resp.status.status_code.value == samlp.STATUS_RESPONDER
@@ -247,7 +247,7 @@ class TestServer1():
"mail": ["derek@nyy.mlb.com"]}
resp_str = self.server.authn_response(ava,
"1", "http://local:8087/",
"id1", "http://local:8087/",
"urn:mace:example.com:saml:roland:sp",
samlp.NameIDPolicy(format=saml.NAMEID_FORMAT_TRANSIENT,
allow_create="true"),
@@ -274,7 +274,7 @@ class TestServer1():
signed_resp = self.server.do_response(
"http://lingon.catalogix.se:8087/", # consumer_url
"12", # in_response_to
"id12", # in_response_to
"urn:mace:example.com:saml:roland:sp", # sp_entity_id
{"eduPersonEntitlement":"Jeter"},
name_id = name_id,

33
tests/test_51_client.py
View File

@@ -45,7 +45,7 @@ def _leq(l1, l2):
# assert False
REQ1 = """<?xml version='1.0' encoding='UTF-8'?>
<ns0:AttributeQuery Destination="https://idp.example.com/idp/" ID="1" IssueInstant="%s" Version="2.0" xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol"><ns1:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion">urn:mace:example.com:saml:roland:sp</ns1:Issuer><ns1:Subject xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion"><ns1:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">E8042FB4-4D5B-48C3-8E14-8EDD852790DD</ns1:NameID></ns1:Subject></ns0:AttributeQuery>"""
<ns0:AttributeQuery Destination="https://idp.example.com/idp/" ID="id1" IssueInstant="%s" Version="2.0" xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol"><ns1:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion">urn:mace:example.com:saml:roland:sp</ns1:Issuer><ns1:Subject xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion"><ns1:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">E8042FB4-4D5B-48C3-8E14-8EDD852790DD</ns1:NameID></ns1:Subject></ns0:AttributeQuery>"""
class TestClient:
def setup_class(self):
@@ -59,7 +59,7 @@ class TestClient:
self.client = Saml2Client(conf)
def test_create_attribute_query1(self):
req = self.client.create_attribute_query("1",
req = self.client.create_attribute_query("id1",
"E8042FB4-4D5B-48C3-8E14-8EDD852790DD",
"https://idp.example.com/idp/",
self.client.issuer(),
@@ -69,7 +69,7 @@ class TestClient:
print REQ1 % req.issue_instant
assert reqstr == REQ1 % req.issue_instant
assert req.destination == "https://idp.example.com/idp/"
assert req.id == "1"
assert req.id == "id1"
assert req.version == "2.0"
subject = req.subject
name_id = subject.name_id
@@ -79,7 +79,7 @@ class TestClient:
assert issuer.text == "urn:mace:example.com:saml:roland:sp"
def test_create_attribute_query2(self):
req = self.client.create_attribute_query("1",
req = self.client.create_attribute_query("id1",
"E8042FB4-4D5B-48C3-8E14-8EDD852790DD",
"https://idp.example.com/idp/",
self.client.issuer(),
@@ -97,7 +97,7 @@ class TestClient:
print req.to_string()
assert req.destination == "https://idp.example.com/idp/"
assert req.id == "1"
assert req.id == "id1"
assert req.version == "2.0"
subject = req.subject
name_id = subject.name_id
@@ -123,7 +123,7 @@ class TestClient:
assert set(seen) == set(["givenName","surname","email"])
def test_create_attribute_query_3(self):
req = self.client.create_attribute_query("1",
req = self.client.create_attribute_query("id1",
"_e7b68a04488f715cda642fbdd90099f5",
"https://aai-demo-idp.switch.ch/idp/shibboleth",
self.client.issuer(),
@@ -131,7 +131,7 @@ class TestClient:
assert isinstance(req, samlp.AttributeQuery)
assert req.destination == "https://aai-demo-idp.switch.ch/idp/shibboleth"
assert req.id == "1"
assert req.id == "id1"
assert req.version == "2.0"
assert req.issue_instant
assert req.issuer.text == "urn:mace:example.com:saml:roland:sp"
@@ -168,7 +168,7 @@ class TestClient:
assert idp_entry.loc == ['http://localhost:8088/sso/']
def test_create_auth_request_0(self):
ar_str = self.client.authn_request("1",
ar_str = self.client.authn_request("id1",
"http://www.example.com/sso",
"http://www.example.org/service",
"urn:mace:example.org:saml:sp",
@@ -213,7 +213,7 @@ class TestClient:
def test_sign_auth_request_0(self):
#print self.client.config
ar_str = self.client.authn_request("1",
ar_str = self.client.authn_request("id1",
"http://www.example.com/sso",
"http://www.example.org/service",
"urn:mace:example.org:saml:sp",
@@ -227,7 +227,7 @@ class TestClient:
signed_info = ar.signature.signed_info
#print signed_info
assert len(signed_info.reference) == 1
assert signed_info.reference[0].uri == "#1"
assert signed_info.reference[0].uri == "#id1"
assert signed_info.reference[0].digest_value
print "------------------------------------------------"
try:
@@ -245,7 +245,7 @@ class TestClient:
resp_str = "\n".join(self.server.authn_response(
identity=ava,
in_response_to="1",
in_response_to="id1",
destination="http://local:8087/",
sp_entity_id="urn:mace:example.com:saml:roland:sp",
name_id_policy=samlp.NameIDPolicy(
@@ -256,7 +256,7 @@ class TestClient:
authn_response = self.client.response({"SAMLResponse":resp_str},
"urn:mace:example.com:saml:roland:sp",
{"1":"http://foo.example.com/service"})
{"id1":"http://foo.example.com/service"})
assert authn_response != None
assert authn_response.issuer() == IDP
@@ -284,7 +284,7 @@ class TestClient:
resp_str = "\n".join(self.server.authn_response(
identity=ava,
in_response_to="2",
in_response_to="id2",
destination="http://local:8087/",
sp_entity_id="urn:mace:example.com:saml:roland:sp",
name_id_policy=samlp.NameIDPolicy(
@@ -295,14 +295,15 @@ class TestClient:
authn_response = self.client.response({"SAMLResponse":resp_str},
"urn:mace:example.com:saml:roland:sp",
{"2":"http://foo.example.com/service"})
{"id":"http://foo.example.com/service"})
# Two persons in the cache
assert len(self.client.users.subjects()) == 2
assert len(self.client.users.subjects()) == 1
issuers = [self.client.users.issuers_of_info(s) for s in self.client.users.subjects()]
# The information I have about the subjects comes from the same source
print issuers
assert issuers == [[IDP], [IDP]]
# assert issuers == [[IDP], [IDP]]
assert issuers == [[IDP]]
def test_init_values(self):
print self.client.config["service"]["sp"]

4
tests/test_60_sp.py
View File

@@ -46,7 +46,7 @@ class TestSP():
"mail": ["derek@nyy.mlb.com"]}
resp_str = "\n".join(self.server.authn_response(ava,
"1", "http://local:8087/",
"id1", "http://local:8087/",
"urn:mace:example.com:saml:roland:sp",
make_instance(samlp.NameIDPolicy,
utils.args2dict(
@@ -55,7 +55,7 @@ class TestSP():
"foba0001@example.com"))
resp_str = base64.encodestring(resp_str)
self.sp.outstanding_queries = {"1":"http://www.example.com/service"}
self.sp.outstanding_queries = {"id1":"http://www.example.com/service"}
session_info = self.sp._eval_authn_response({},{"SAMLResponse":resp_str})
assert len(session_info) > 1