From 536b8373b3696ee24b13b85a183e0711288901dc Mon Sep 17 00:00:00 2001 From: Roland Hedberg Date: Sat, 12 Jan 2013 15:54:43 +0100 Subject: [PATCH] Changed method arguments --- example/idp/idp.py | 2 +- example/idp2/idp.py | 3 +-- src/saml2/client_base.py | 32 ++++++++++++++++---------------- src/saml2/entity.py | 35 ++++++++++++++++++++++++++++++----- src/saml2/metadata.py | 2 -- tests/fakeIDP.py | 2 +- tests/idp_all_conf.py | 28 +++++++++++++++++++++++----- tests/test_50_server.py | 3 +-- tests/test_64_artifact.py | 2 +- 9 files changed, 74 insertions(+), 35 deletions(-) diff --git a/example/idp/idp.py b/example/idp/idp.py index 003391f..a9b4d34 100755 --- a/example/idp/idp.py +++ b/example/idp/idp.py @@ -115,7 +115,7 @@ def sso(environ, start_response, user): _binding = req.message.protocol_binding try: - resp_args = IDP.response_args(req.message, [_binding], "spsso") + resp_args = IDP.response_args(req.message, [_binding]) except Exception: raise diff --git a/example/idp2/idp.py b/example/idp2/idp.py index e03a026..1c2f3cd 100755 --- a/example/idp2/idp.py +++ b/example/idp2/idp.py @@ -97,8 +97,7 @@ def _sso(environ, start_response, query, binding, user): # base 64 encoded request req_info = IDP.parse_authn_request(query["SAMLRequest"][0], binding=binding) - resp_args = IDP.response_args(req_info.message, [BINDING_HTTP_POST], - descr_type="spsso") + resp_args = IDP.response_args(req_info.message, [BINDING_HTTP_POST]) logger.info("parsed OK") logger.info("%s" % req_info) diff --git a/src/saml2/client_base.py b/src/saml2/client_base.py index 8c3d153..34a76c0 100644 --- a/src/saml2/client_base.py +++ b/src/saml2/client_base.py @@ -399,17 +399,17 @@ class Base(Entity): sign, subject=subject, session_index=session_index, requested_authn_context=authn_context) - def create_nameid_mapping_request(self, nameid_policy, - nameid=None, baseid=None, - encryptedid=None, destination=None, + def create_nameid_mapping_request(self, name_id_policy, + name_id=None, base_id=None, + encrypted_id=None, destination=None, id=0, consent=None, extensions=None, sign=False): """ - :param nameid_policy: - :param nameid: - :param baseid: - :param encryptedid: + :param name_id_policy: + :param name_id: + :param base_id: + :param encrypted_id: :param destination: :param id: Message identifier :param consent: If the principal gave her consent to this request @@ -419,20 +419,20 @@ class Base(Entity): """ # One of them must be present - assert nameid or baseid or encryptedid + assert name_id or base_id or encrypted_id - if nameid: + if name_id: return self._message(NameIDMappingRequest, destination, id, consent, - extensions, sign, nameid_policy=nameid_policy, - nameid=nameid) - elif baseid: + extensions, sign, name_id_policy=name_id_policy, + name_id=name_id) + elif base_id: return self._message(NameIDMappingRequest, destination, id, consent, - extensions, sign, nameid_policy=nameid_policy, - baseid=baseid) + extensions, sign, name_id_policy=name_id_policy, + base_id=base_id) else: return self._message(NameIDMappingRequest, destination, id, consent, - extensions, sign, nameid_policy=nameid_policy, - encryptedid=encryptedid) + extensions, sign, name_id_policy=name_id_policy, + encrypted_id=encrypted_id) def create_manage_nameid_request(self): pass diff --git a/src/saml2/entity.py b/src/saml2/entity.py index cf57a4d..93f7c70 100644 --- a/src/saml2/entity.py +++ b/src/saml2/entity.py @@ -17,7 +17,7 @@ from saml2.s_utils import sid from saml2.s_utils import rndstr from saml2.s_utils import success_status_factory from saml2.s_utils import decode_base64_and_inflate -from saml2.samlp import AuthnRequest, AssertionIDRequest +from saml2.samlp import AuthnRequest, AssertionIDRequest, ManageNameIDRequest, NameIDMappingRequest from saml2.samlp import artifact_resolve_from_string from saml2.samlp import ArtifactResolve from saml2.samlp import ArtifactResponse @@ -156,7 +156,7 @@ class Entity(HTTPBase): raise Exception("Unkown entity or unsupported bindings") - def response_args(self, message, bindings, descr_type): + def response_args(self, message, bindings): info = {"in_response_to": message.id} if isinstance(message, AuthnRequest): rsrv = "assertion_consumer_service" @@ -166,14 +166,23 @@ class Entity(HTTPBase): rsrv = "single_logout_service" elif isinstance(message, AttributeQuery): rsrv = "attribute_consuming_service" + elif isinstance(message, ManageNameIDRequest): + rsrv = "manage_name_id_service" + # The once below are solely SOAP elif isinstance(message, ArtifactResolve): rsrv = "" elif isinstance(message, AssertionIDRequest): rsrv = "" + elif isinstance(message, NameIDMappingRequest): + rsrv = "" else: raise Exception("No support for this type of query") if rsrv: + if self.entity_type == "sp": + descr_type = "idpsso" + else: + descr_type = "spsso" binding, destination = self.pick_binding(bindings, rsrv, descr_type=descr_type, request=message) @@ -397,9 +406,10 @@ class Entity(HTTPBase): :return: HTTP args """ - rinfo = self.response_args(request, bindings, descr_type="spsso") + rinfo = self.response_args(request, bindings) + response = self._status_response(samlp.LogoutResponse, issuer, status, - sign=False, **rinfo) + sign, **rinfo) logger.info("Response: %s" % (response,)) @@ -431,7 +441,7 @@ class Entity(HTTPBase): :return: """ - rinfo = self.response_args(request, bindings, descr_type="spsso") + rinfo = self.response_args(request, bindings) response = self._status_response(ArtifactResponse, issuer, status, sign=False, **rinfo) @@ -442,6 +452,21 @@ class Entity(HTTPBase): return response + def create_manage_name_id_request(self): + pass + + def create_manage_name_id_response(self, request, bindings, status=None, + sign=False, issuer=None): + + rinfo = self.response_args(request, bindings) + + response = self._status_response(samlp.LogoutResponse, issuer, status, + sign=False, **rinfo) + + logger.info("Response: %s" % (response,)) + + return response + # ------------------------------------------------------------------------ def _parse_response(self, xmlstr, response_cls, service, binding, **kwargs): diff --git a/src/saml2/metadata.py b/src/saml2/metadata.py index e1b060b..9f0bf44 100644 --- a/src/saml2/metadata.py +++ b/src/saml2/metadata.py @@ -252,9 +252,7 @@ ENDPOINTS = { "artifact_resolution_service": (md.ArtifactResolutionService, True), "single_logout_service": (md.SingleLogoutService, False), "manage_name_id_service": (md.ManageNameIDService, False), - "assertion_id_request_service": (md.AssertionIDRequestService, False), - "attribute_service": (md.AttributeService, False) }, "pdp": { diff --git a/tests/fakeIDP.py b/tests/fakeIDP.py index 6154baf..789ba40 100644 --- a/tests/fakeIDP.py +++ b/tests/fakeIDP.py @@ -89,7 +89,7 @@ class FakeIDP(Server): _binding = req.message.protocol_binding try: - resp_args = self.response_args(req.message, [_binding], "spsso") + resp_args = self.response_args(req.message, [_binding]) except Exception: raise diff --git a/tests/idp_all_conf.py b/tests/idp_all_conf.py index f630e51..c6e3b0e 100644 --- a/tests/idp_all_conf.py +++ b/tests/idp_all_conf.py @@ -1,4 +1,7 @@ -from saml2 import BINDING_SOAP, BINDING_HTTP_REDIRECT, BINDING_HTTP_POST +from saml2 import BINDING_SOAP +from saml2 import BINDING_HTTP_REDIRECT +from saml2 import BINDING_HTTP_POST +from saml2 import BINDING_HTTP_ARTIFACT from saml2.saml import NAMEID_FORMAT_PERSISTENT from saml2.saml import NAME_FORMAT_URI @@ -36,11 +39,14 @@ CONFIG = { "idp": { "endpoints" : { "single_sign_on_service" : [ - ("%s/sso" % BASE, BINDING_HTTP_REDIRECT), - ("%s/ssop" % BASE, BINDING_HTTP_POST)], + ("%s/sso/redirect" % BASE, BINDING_HTTP_REDIRECT), + ("%s/sso/post" % BASE, BINDING_HTTP_POST), + ("%s/sso/art" % BASE, BINDING_HTTP_ARTIFACT) + ], "single_logout_service": [ - ("%s/slo" % BASE, BINDING_SOAP), - ("%s/slop" % BASE, BINDING_HTTP_POST)], + ("%s/slo/soap" % BASE, BINDING_SOAP), + ("%s/slo/post" % BASE, BINDING_HTTP_POST) + ], "artifact_resolution_service":[ ("%s/ars" % BASE, BINDING_SOAP) ], @@ -49,6 +55,18 @@ CONFIG = { ], "authn_query_service": [ ("%s/aqs" % BASE, BINDING_SOAP) + ], + "manage_name_id_service":[ + ("%s/mni/soap" % BASE, BINDING_SOAP), + ("%s/mni/post" % BASE, BINDING_HTTP_POST), + ("%s/mni/redirect" % BASE, BINDING_HTTP_REDIRECT), + ("%s/mni/art" % BASE, BINDING_HTTP_ARTIFACT) + ], + "name_id_mapping_service":[ + ("%s/nim/soap" % BASE, BINDING_SOAP), + ("%s/nim/post" % BASE, BINDING_HTTP_POST), + ("%s/nim/redirect" % BASE, BINDING_HTTP_REDIRECT), + ("%s/nim/art" % BASE, BINDING_HTTP_ARTIFACT) ] }, "policy": { diff --git a/tests/test_50_server.py b/tests/test_50_server.py index de72295..c3eb6cd 100644 --- a/tests/test_50_server.py +++ b/tests/test_50_server.py @@ -187,8 +187,7 @@ class TestServer1(): req = self.server.parse_authn_request(intermed) # returns a dictionary print req - resp_args = self.server.response_args(req.message, [BINDING_HTTP_POST], - descr_type="spsso") + resp_args = self.server.response_args(req.message, [BINDING_HTTP_POST]) assert resp_args["destination"] == "http://lingon.catalogix.se:8087/" assert resp_args["in_response_to"] == "id1" name_id_policy = resp_args["name_id_policy"] diff --git a/tests/test_64_artifact.py b/tests/test_64_artifact.py index 4a73d19..2b6a2d2 100644 --- a/tests/test_64_artifact.py +++ b/tests/test_64_artifact.py @@ -123,7 +123,7 @@ def test_artifact_flow(): name_id = idp.ident.transient_nameid(sp.config.entityid, "derek") - resp_args = idp.response_args(spreq, [BINDING_HTTP_POST], "spsso") + resp_args = idp.response_args(spreq, [BINDING_HTTP_POST]) response = idp.create_authn_response({"eduPersonEntitlement": "Short stop", "surName": "Jeter", "givenName": "Derek",