openstack/deb-python-pysaml2
Code Issues Proposed changes

Added an AttributeQuery test

Browse Source
This commit is contained in:
Roland Hedberg
2013-01-27 21:47:16 +01:00
parent 660054ea2d
commit 9c33e19f71
6 changed files with 107 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/idp_test/saml2int.py
View File

@@ -14,7 +14,6 @@ from idp_test.check import VerifyLogout
from idp_test.check import VerifyContent from idp_test.check import VerifyContent
from idp_test.check import VerifySuccessStatus from idp_test.check import VerifySuccessStatus
from idp_test.check import VerifyNameIDMapping from idp_test.check import VerifyNameIDMapping
from idp_test.check import VerifySPProvidedID
from saml2.samlp import NameIDPolicy from saml2.samlp import NameIDPolicy
@@ -166,6 +165,15 @@ class ManageNameIDRequest(Request):
assertion = resp.assertion[0] assertion = resp.assertion[0]
self.args["name_id"] = assertion.subject.name_id self.args["name_id"] = assertion.subject.name_id
class AttributeQuery(Request):
request = "attribute_query"
_args = {"binding":BINDING_SOAP}
def setup(self, environ):
resp = environ["response"][-1].response
assertion = resp.assertion[0]
self.args["name_id"] = assertion.subject.name_id
# ----------------------------------------------------------------------------- # -----------------------------------------------------------------------------
OPERATIONS = { OPERATIONS = {
@@ -224,5 +232,9 @@ OPERATIONS = {
'manage_nameid':{ 'manage_nameid':{
"name": "Setting the SP provided ID by using ManageNameID", "name": "Setting the SP provided ID by using ManageNameID",
"sequence":[AuthnRequest, ManageNameIDRequest] "sequence":[AuthnRequest, ManageNameIDRequest]
},
'attribute-query':{
"name": "Setting the SP provided ID by using ManageNameID",
"sequence":[AuthnRequest, AttributeQuery]
} }
} }

43
tests/attributemaps/saml_uri.py
View File

@@ -7,6 +7,7 @@ NETSCAPE_LDAP = "urn:oid:2.16.840.1.113730.3.1."
UCL_DIR_PILOT = 'urn:oid:0.9.2342.19200300.100.1.' UCL_DIR_PILOT = 'urn:oid:0.9.2342.19200300.100.1.'
PKCS_9 = "urn:oid:1.2.840.113549.1.9.1." PKCS_9 = "urn:oid:1.2.840.113549.1.9.1."
UMICH = "urn:oid:1.3.6.1.4.1.250.1.57." UMICH = "urn:oid:1.3.6.1.4.1.250.1.57."
SCHAC = "urn:oid:1.3.6.1.4.1.25178.2."
MAP = { MAP = {
"identifier": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "identifier": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
@@ -94,6 +95,26 @@ MAP = {
NOREDUPERSON_OID+'3': 'norEduPersonBirthDate', NOREDUPERSON_OID+'3': 'norEduPersonBirthDate',
UMICH+'57': 'labeledURI', UMICH+'57': 'labeledURI',
UCL_DIR_PILOT+'1': 'uid', UCL_DIR_PILOT+'1': 'uid',
SCHAC+'1': 'schacMotherTongue',
SCHAC+'2': 'schacGender',
SCHAC+'3': 'schacDateOfBirth',
SCHAC+'4': 'schacPlaceOfBirth',
SCHAC+'5': 'schacCountryOfCitizenship',
SCHAC+'6': 'schacSn1',
SCHAC+'7': 'schacSn2',
SCHAC+'8': 'schacPersonalTitle',
SCHAC+'9': 'schacHomeOrganization',
SCHAC+'10': 'schacHomeOrganizationType',
SCHAC+'11': 'schacCountryOfResidence',
SCHAC+'12': 'schacUserPresenceID',
SCHAC+'13': 'schacPersonalPosition',
SCHAC+'14': 'schacPersonalUniqueCode',
SCHAC+'15': 'schacPersonalUniqueID',
SCHAC+'17': 'schacExpiryDate',
SCHAC+'18': 'schacUserPrivateAttribute',
SCHAC+'19': 'schacUserStatus',
SCHAC+'20': 'schacProjectMembership',
SCHAC+'21': 'schacProjectSpecificRole',
}, },
"to": { "to": {
'roleOccupant': X500ATTR_OID+'33', 'roleOccupant': X500ATTR_OID+'33',
@@ -195,6 +216,26 @@ MAP = {
'sn': X500ATTR_OID+'4', 'sn': X500ATTR_OID+'4',
'domainComponent': UCL_DIR_PILOT+'25', 'domainComponent': UCL_DIR_PILOT+'25',
'labeledURI': UMICH+'57', 'labeledURI': UMICH+'57',
'uid': UCL_DIR_PILOT+'1' 'uid': UCL_DIR_PILOT+'1',
'schacMotherTongue':SCHAC+'1',
'schacGender': SCHAC+'2',
'schacDateOfBirth':SCHAC+'3',
'schacPlaceOfBirth': SCHAC+'4',
'schacCountryOfCitizenship':SCHAC+'5',
'schacSn1': SCHAC+'6',
'schacSn2': SCHAC+'7',
'schacPersonalTitle':SCHAC+'8',
'schacHomeOrganization': SCHAC+'9',
'schacHomeOrganizationType': SCHAC+'10',
'schacCountryOfResidence': SCHAC+'11',
'schacUserPresenceID': SCHAC+'12',
'schacPersonalPosition': SCHAC+'13',
'schacPersonalUniqueCode': SCHAC+'14',
'schacPersonalUniqueID': SCHAC+'15',
'schacExpiryDate': SCHAC+'17',
'schacUserPrivateAttribute': SCHAC+'18',
'schacUserStatus': SCHAC+'19',
'schacProjectMembership': SCHAC+'20',
'schacProjectSpecificRole': SCHAC+'21',
} }
} }

1
tests/config_file.py
View File

@@ -24,6 +24,7 @@ CONFIG = {
("%s/acs/post" % BASE, BINDING_HTTP_POST), ("%s/acs/post" % BASE, BINDING_HTTP_POST),
("%s/acs/redirect" % BASE, BINDING_HTTP_REDIRECT), ("%s/acs/redirect" % BASE, BINDING_HTTP_REDIRECT),
("%s/acs/artifact" % BASE, BINDING_HTTP_ARTIFACT), ("%s/acs/artifact" % BASE, BINDING_HTTP_ARTIFACT),
#("%s/acs/soap" % BASE, BINDING_SOAP),
("%s/ecp" % BASE, BINDING_PAOS) ("%s/ecp" % BASE, BINDING_PAOS)
], ],
"single_logout_service": [ "single_logout_service": [

43
tests/idp/idp.py
View File

@@ -609,6 +609,45 @@ def authn_query_service(environ, start_response, user=None):
return resp(environ, start_response) return resp(environ, start_response)
# ----------------------------------------------------------------------------
# === Attribute query service ===
# ----------------------------------------------------------------------------
# Only SOAP binding
def attribute_query_service(environ, start_response, user=None):
"""
:param environ: Execution environment
:param start_response: Function to start the response with
"""
logger.info("--- Attribute Query Service ---")
_dict = unpack_soap(environ)
_binding = BINDING_SOAP
if not _dict:
resp = BadRequest("Missing or faulty request")
return resp(environ, start_response)
_req = IDP.parse_attribute_query("%s" % _dict["SAMLRequest"], _binding)
_query = _req.message
name_id = _query.subject.name_id
uid = IDP.ident.find_local_id(name_id)
logger.debug("Local uid: %s" % uid)
identity = EXTRA[uid]
# Comes in over SOAP so only need to construct the response
args = IDP.response_args(_query, [BINDING_SOAP])
msg = IDP.create_attribute_response(identity, destination="",
name_id=name_id, **args)
logger.debug("response: %s" % msg)
hinfo = IDP.apply_binding(_binding, "%s" % msg, "","",response=True)
resp = Response(hinfo["data"], headers=hinfo["headers"])
return resp(environ, start_response)
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------
# Name ID Mapping service # Name ID Mapping service
# When an entity that shares an identifier for a principal with an identity # When an entity that shares an identifier for a principal with an identity
@@ -706,7 +745,8 @@ AUTHN_URLS = [
(r'nim$', nim_soap), (r'nim$', nim_soap),
(r'nim/(.*)$', nim_soap), (r'nim/(.*)$', nim_soap),
# #
(r'aqs$', authn_query_service) (r'aqs$', authn_query_service),
(r'attr$', attribute_query_service)
] ]
NON_AUTHN_URLS = [ NON_AUTHN_URLS = [
@@ -785,6 +825,7 @@ LOOKUP = TemplateLookup(directories=[ROOT + 'templates', ROOT + 'htdocs'],
if __name__ == '__main__': if __name__ == '__main__':
import sys import sys
from idp_user import USERS from idp_user import USERS
from idp_user import EXTRA
from wsgiref.simple_server import make_server from wsgiref.simple_server import make_server
PORT = 8088 PORT = 8088

3
tests/idp/idp_conf.py
View File

@@ -27,8 +27,7 @@ CONFIG={
"aa": { "aa": {
"endpoints" : { "endpoints" : {
"attribute_service": [ "attribute_service": [
("%s/attr/post" % BASE, BINDING_HTTP_POST), ("%s/attr" % BASE, BINDING_SOAP)
("%s/attr/soap" % BASE, BINDING_SOAP)
] ]
}, },
"name_id_format": [NAMEID_FORMAT_TRANSIENT, "name_id_format": [NAMEID_FORMAT_TRANSIENT,

8
tests/idp/idp_user.py
View File

@@ -16,3 +16,11 @@ USERS = {
"eduPersonAffiliation": "affiliate" "eduPersonAffiliation": "affiliate"
}, },
} }
EXTRA = {
"roland": {
"eduPersonEntitlement" : "urn:mace:swamid.se:foo:bar",
"schacGender": "male",
"schacUserPresenceID": "skype:pepe.perez"
}
}