Allow to configuration option name_id_format_allow_create for sp config
This commit is contained in:
parent
a0c510af7a
commit
4c6e454ee5
@ -207,7 +207,7 @@ class Base(Entity):
|
|||||||
nameid_format=None,
|
nameid_format=None,
|
||||||
service_url_binding=None, message_id=0,
|
service_url_binding=None, message_id=0,
|
||||||
consent=None, extensions=None, sign=None,
|
consent=None, extensions=None, sign=None,
|
||||||
allow_create=False, sign_prepare=False, sign_alg=None,
|
allow_create=None, sign_prepare=False, sign_alg=None,
|
||||||
digest_alg=None, **kwargs):
|
digest_alg=None, **kwargs):
|
||||||
""" Creates an authentication request.
|
""" Creates an authentication request.
|
||||||
|
|
||||||
@ -288,7 +288,12 @@ class Base(Entity):
|
|||||||
args["name_id_policy"] = kwargs["name_id_policy"]
|
args["name_id_policy"] = kwargs["name_id_policy"]
|
||||||
del kwargs["name_id_policy"]
|
del kwargs["name_id_policy"]
|
||||||
except KeyError:
|
except KeyError:
|
||||||
if allow_create:
|
if allow_create is None:
|
||||||
|
allow_create = self.config.getattr("name_id_format_allow_create", "sp")
|
||||||
|
if allow_create is None:
|
||||||
|
allow_create = "false"
|
||||||
|
else:
|
||||||
|
if allow_create is True:
|
||||||
allow_create = "true"
|
allow_create = "true"
|
||||||
else:
|
else:
|
||||||
allow_create = "false"
|
allow_create = "false"
|
||||||
|
@ -73,6 +73,7 @@ SP_ARGS = [
|
|||||||
"allow_unsolicited",
|
"allow_unsolicited",
|
||||||
"ecp",
|
"ecp",
|
||||||
"name_id_format",
|
"name_id_format",
|
||||||
|
"name_id_format_allow_create",
|
||||||
"logout_requests_signed",
|
"logout_requests_signed",
|
||||||
"requested_attribute_name_format"
|
"requested_attribute_name_format"
|
||||||
]
|
]
|
||||||
@ -187,6 +188,7 @@ class Config(object):
|
|||||||
self.contact_person = None
|
self.contact_person = None
|
||||||
self.name_form = None
|
self.name_form = None
|
||||||
self.name_id_format = None
|
self.name_id_format = None
|
||||||
|
self.name_id_format_allow_create = None
|
||||||
self.virtual_organization = None
|
self.virtual_organization = None
|
||||||
self.logger = None
|
self.logger = None
|
||||||
self.only_use_keys_in_metadata = True
|
self.only_use_keys_in_metadata = True
|
||||||
|
64
tests/sp_conf_nameidpolicy.py
Normal file
64
tests/sp_conf_nameidpolicy.py
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
from pathutils import full_path
|
||||||
|
from pathutils import xmlsec_path
|
||||||
|
|
||||||
|
CONFIG = {
|
||||||
|
"entityid": "urn:mace:example.com:saml:roland:sp",
|
||||||
|
"name": "urn:mace:example.com:saml:roland:sp",
|
||||||
|
"description": "My own SP",
|
||||||
|
"service": {
|
||||||
|
"sp": {
|
||||||
|
"endpoints": {
|
||||||
|
"assertion_consumer_service": [
|
||||||
|
"http://lingon.catalogix.se:8087/"],
|
||||||
|
},
|
||||||
|
"required_attributes": ["surName", "givenName", "mail"],
|
||||||
|
"optional_attributes": ["title"],
|
||||||
|
"idp": ["urn:mace:example.com:saml:roland:idp"],
|
||||||
|
"name_id_format": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
|
||||||
|
"name_id_format_allow_create": "true"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"debug": 1,
|
||||||
|
"key_file": full_path("test.key"),
|
||||||
|
"cert_file": full_path("test.pem"),
|
||||||
|
"encryption_keypairs": [{"key_file": full_path("test_1.key"), "cert_file": full_path("test_1.crt")},
|
||||||
|
{"key_file": full_path("test_2.key"), "cert_file": full_path("test_2.crt")}],
|
||||||
|
"ca_certs": full_path("cacerts.txt"),
|
||||||
|
"xmlsec_binary": xmlsec_path,
|
||||||
|
"metadata": [{
|
||||||
|
"class": "saml2.mdstore.MetaDataFile",
|
||||||
|
"metadata": [(full_path("idp.xml"), ), (full_path("vo_metadata.xml"), )],
|
||||||
|
}],
|
||||||
|
"virtual_organization": {
|
||||||
|
"urn:mace:example.com:it:tek": {
|
||||||
|
"nameid_format": "urn:oid:1.3.6.1.4.1.1466.115.121.1.15-NameID",
|
||||||
|
"common_identifier": "umuselin",
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"subject_data": "subject_data.db",
|
||||||
|
"accepted_time_diff": 60,
|
||||||
|
"attribute_map_dir": full_path("attributemaps"),
|
||||||
|
"valid_for": 6,
|
||||||
|
"organization": {
|
||||||
|
"name": ("AB Exempel", "se"),
|
||||||
|
"display_name": ("AB Exempel", "se"),
|
||||||
|
"url": "http://www.example.org",
|
||||||
|
},
|
||||||
|
"contact_person": [{
|
||||||
|
"given_name": "Roland",
|
||||||
|
"sur_name": "Hedberg",
|
||||||
|
"telephone_number": "+46 70 100 0000",
|
||||||
|
"email_address": ["tech@eample.com",
|
||||||
|
"tech@example.org"],
|
||||||
|
"contact_type": "technical"
|
||||||
|
},
|
||||||
|
],
|
||||||
|
"logger": {
|
||||||
|
"rotating": {
|
||||||
|
"filename": full_path("sp.log"),
|
||||||
|
"maxBytes": 100000,
|
||||||
|
"backupCount": 5,
|
||||||
|
},
|
||||||
|
"loglevel": "info",
|
||||||
|
}
|
||||||
|
}
|
@ -280,6 +280,26 @@ class TestClient:
|
|||||||
assert nid_policy.allow_create == "false"
|
assert nid_policy.allow_create == "false"
|
||||||
assert nid_policy.format == saml.NAMEID_FORMAT_TRANSIENT
|
assert nid_policy.format == saml.NAMEID_FORMAT_TRANSIENT
|
||||||
|
|
||||||
|
def test_create_auth_request_nameid_policy_allow_create(self):
|
||||||
|
conf = config.SPConfig()
|
||||||
|
conf.load_file("sp_conf_nameidpolicy")
|
||||||
|
client = Saml2Client(conf)
|
||||||
|
ar_str = "%s" % client.create_authn_request(
|
||||||
|
"http://www.example.com/sso", message_id="id1")[1]
|
||||||
|
|
||||||
|
ar = samlp.authn_request_from_string(ar_str)
|
||||||
|
print(ar)
|
||||||
|
assert ar.assertion_consumer_service_url == ("http://lingon.catalogix"
|
||||||
|
".se:8087/")
|
||||||
|
assert ar.destination == "http://www.example.com/sso"
|
||||||
|
assert ar.protocol_binding == BINDING_HTTP_POST
|
||||||
|
assert ar.version == "2.0"
|
||||||
|
assert ar.provider_name == "urn:mace:example.com:saml:roland:sp"
|
||||||
|
assert ar.issuer.text == "urn:mace:example.com:saml:roland:sp"
|
||||||
|
nid_policy = ar.name_id_policy
|
||||||
|
assert nid_policy.allow_create == "true"
|
||||||
|
assert nid_policy.format == saml.NAMEID_FORMAT_PERSISTENT
|
||||||
|
|
||||||
def test_create_auth_request_vo(self):
|
def test_create_auth_request_vo(self):
|
||||||
assert list(self.client.config.vorg.keys()) == [
|
assert list(self.client.config.vorg.keys()) == [
|
||||||
"urn:mace:example.com:it:tek"]
|
"urn:mace:example.com:it:tek"]
|
||||||
|
Loading…
Reference in New Issue
Block a user