openstack/deb-python-pysaml2
Code Issues Proposed changes

Stricter and stricter verification

Browse Source
This commit is contained in:
Roland Hedberg
2010-09-28 13:35:49 +02:00
parent 789943fc3c
commit 3927f17ff9
3 changed files with 11 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
tests/test_44_authnresp.py
View File

@@ -4,7 +4,7 @@
from saml2 import samlp, BINDING_HTTP_POST from saml2 import samlp, BINDING_HTTP_POST
from saml2 import saml, config, class_name, make_instance from saml2 import saml, config, class_name, make_instance
from saml2.server import Server from saml2.server import Server
from saml2.authnresponse import authn_response from saml2.response import authn_response
XML_RESPONSE_FILE = "saml_signed.xml" XML_RESPONSE_FILE = "saml_signed.xml"
XML_RESPONSE_FILE2 = "saml2_response.xml" XML_RESPONSE_FILE2 = "saml2_response.xml"
@@ -50,12 +50,12 @@ class TestAuthnResponse:
conf.load_file("tests/server.config") conf.load_file("tests/server.config")
except IOError: except IOError:
conf.load_file("server.config") conf.load_file("server.config")
self.ar = authn_response(conf,"") self.ar = authn_response(conf, "urn:mace:example.com:saml:roland:sp",
"http://lingon.catalogix.se:8087/")
def test_verify_1(self): def test_verify_1(self):
xml_response = ("%s" % (self._resp_,)).split("\n")[1] xml_response = ("%s" % (self._resp_,)).split("\n")[1]
self.ar.outstanding_queries = {"id12": "http://localhost:8088/sso"} self.ar.outstanding_queries = {"id12": "http://localhost:8088/sso"}
self.ar.requestor = "urn:mace:example.com:saml:roland:sp"
self.ar.timeslack = 10000 self.ar.timeslack = 10000
self.ar.loads(xml_response, decode=False) self.ar.loads(xml_response, decode=False)
self.ar.verify() self.ar.verify()
@@ -72,7 +72,6 @@ class TestAuthnResponse:
print xml_response print xml_response
self.ar.outstanding_queries = {"id12": "http://localhost:8088/sso"} self.ar.outstanding_queries = {"id12": "http://localhost:8088/sso"}
self.ar.requestor = "urn:mace:example.com:saml:roland:sp"
self.ar.timeslack = 10000 self.ar.timeslack = 10000
self.ar.loads(xml_response, decode=False) self.ar.loads(xml_response, decode=False)
self.ar.verify() self.ar.verify()
@@ -88,7 +87,8 @@ class TestAuthnResponse:
xml_response = open(XML_RESPONSE_FILE).read() xml_response = open(XML_RESPONSE_FILE).read()
ID = "bahigehogffohiphlfmplepdpcohkhhmheppcdie" ID = "bahigehogffohiphlfmplepdpcohkhhmheppcdie"
self.ar.outstanding_queries = {ID: "http://localhost:8088/foo"} self.ar.outstanding_queries = {ID: "http://localhost:8088/foo"}
self.ar.requestor = "xenosmilus.umdc.umu.se" self.ar.return_addr = "http://xenosmilus.umdc.umu.se:8087/login"
self.ar.entity_id = "xenosmilus.umdc.umu.se"
# roughly a year, should create the response on the fly # roughly a year, should create the response on the fly
self.ar.timeslack = 315360000 # indecent long time self.ar.timeslack = 315360000 # indecent long time
self.ar.loads(xml_response, decode=False) self.ar.loads(xml_response, decode=False)
@@ -102,7 +102,8 @@ class TestAuthnResponse:
def test_verify_w_authn(self): def test_verify_w_authn(self):
xml_response = ("%s" % (self._resp_authn,)).split("\n",1)[1] xml_response = ("%s" % (self._resp_authn,)).split("\n",1)[1]
self.ar.outstanding_queries = {"id12": "http://localhost:8088/sso"} self.ar.outstanding_queries = {"id12": "http://localhost:8088/sso"}
self.ar.requestor = "urn:mace:example.com:saml:roland:sp" self.ar.return_addr = "http://lingon.catalogix.se:8087/"
self.ar.entity_id = "urn:mace:example.com:saml:roland:sp"
self.ar.timeslack = 10000 self.ar.timeslack = 10000
self.ar.loads(xml_response, decode=False) self.ar.loads(xml_response, decode=False)
self.ar.verify() self.ar.verify()

6
tests/test_51_client.py
View File

@@ -246,7 +246,7 @@ class TestClient:
resp_str = "\n".join(self.server.authn_response( resp_str = "\n".join(self.server.authn_response(
identity=ava, identity=ava,
in_response_to="id1", in_response_to="id1",
destination="http://local:8087/", destination="http://lingon.catalogix.se:8087/",
sp_entity_id="urn:mace:example.com:saml:roland:sp", sp_entity_id="urn:mace:example.com:saml:roland:sp",
name_id_policy=samlp.NameIDPolicy( name_id_policy=samlp.NameIDPolicy(
format=saml.NAMEID_FORMAT_PERSISTENT), format=saml.NAMEID_FORMAT_PERSISTENT),
@@ -268,7 +268,7 @@ class TestClient:
assert session_info["issuer"] == IDP assert session_info["issuer"] == IDP
assert session_info["came_from"] == "http://foo.example.com/service" assert session_info["came_from"] == "http://foo.example.com/service"
response = samlp.response_from_string(authn_response.xmlstr) response = samlp.response_from_string(authn_response.xmlstr)
assert response.destination == "http://local:8087/" assert response.destination == "http://lingon.catalogix.se:8087/"
# One person in the cache # One person in the cache
assert len(self.client.users.subjects()) == 1 assert len(self.client.users.subjects()) == 1
@@ -285,7 +285,7 @@ class TestClient:
resp_str = "\n".join(self.server.authn_response( resp_str = "\n".join(self.server.authn_response(
identity=ava, identity=ava,
in_response_to="id2", in_response_to="id2",
destination="http://local:8087/", destination="http://lingon.catalogix.se:8087/",
sp_entity_id="urn:mace:example.com:saml:roland:sp", sp_entity_id="urn:mace:example.com:saml:roland:sp",
name_id_policy=samlp.NameIDPolicy( name_id_policy=samlp.NameIDPolicy(
format=saml.NAMEID_FORMAT_PERSISTENT), format=saml.NAMEID_FORMAT_PERSISTENT),

2
tests/test_60_sp.py
View File

@@ -46,7 +46,7 @@ class TestSP():
"mail": ["derek@nyy.mlb.com"]} "mail": ["derek@nyy.mlb.com"]}
resp_str = "\n".join(self.server.authn_response(ava, resp_str = "\n".join(self.server.authn_response(ava,
"id1", "http://local:8087/", "id1", "http://lingon.catalogix.se:8087/",
"urn:mace:example.com:saml:roland:sp", "urn:mace:example.com:saml:roland:sp",
make_instance(samlp.NameIDPolicy, make_instance(samlp.NameIDPolicy,
utils.args2dict( utils.args2dict(