From a442e039d2396fcf1871afe03a854c0f733b9b4f Mon Sep 17 00:00:00 2001 From: Roland Hedberg Date: Thu, 20 Mar 2014 21:15:21 +0100 Subject: [PATCH] Methods creating request changed to return a tuple consisting of request id and request. --- src/saml2/client.py | 17 +++--- src/saml2/client_base.py | 16 ++--- src/saml2/ecp.py | 7 +-- src/saml2/entity.py | 30 ++++++---- tests/test_50_server.py | 12 ++-- tests/test_51_client.py | 97 ++++++++++++++++++------------- tests/test_64_artifact.py | 8 +-- tests/test_65_authn_query.py | 4 +- tests/test_66_name_id_mapping.py | 4 +- tests/test_67_manage_name_id.py | 14 ++--- tests/test_70_redirect_signing.py | 2 +- tests/test_75_mongodb.py | 2 +- tests/test_82_pefim.py | 2 +- 13 files changed, 121 insertions(+), 94 deletions(-) diff --git a/src/saml2/client.py b/src/saml2/client.py index 19007a7..755324a 100644 --- a/src/saml2/client.py +++ b/src/saml2/client.py @@ -79,7 +79,7 @@ class Saml2Client(Base): destination = self._sso_location(entityid, binding) - req = self.create_authn_request(destination, vorg, scoping, + reqid, req = self.create_authn_request(destination, vorg, scoping, response_binding, nameid_format, consent=consent, extensions=extensions, sign=sign, **kwargs) @@ -89,7 +89,7 @@ class Saml2Client(Base): info = self.apply_binding(binding, _req_str, destination, relay_state) - return req.id, info + return reqid, info def global_logout(self, name_id, reason="", expire=None, sign=None): """ More or less a layer of indirection :-/ @@ -161,10 +161,9 @@ class Saml2Client(Base): destination = destinations(srvs)[0] logger.info("destination to provider: %s" % destination) - request = self.create_logout_request(destination, entity_id, - name_id=name_id, - reason=reason, - expire=expire) + req_id, request = self.create_logout_request( + destination, entity_id, name_id=name_id, reason=reason, + expire=expire) #to_sign = [] if binding.startswith("http://"): @@ -178,7 +177,7 @@ class Saml2Client(Base): else: srequest = "%s" % request - relay_state = self._relay_state(request.id) + relay_state = self._relay_state(req_id) http_info = self.apply_binding(binding, srequest, destination, relay_state) @@ -196,7 +195,7 @@ class Saml2Client(Base): logger.info("NOT OK response from %s" % destination) else: - self.state[request.id] = {"entity_id": entity_id, + self.state[req_id] = {"entity_id": entity_id, "operation": "SLO", "entity_ids": entity_ids, "name_id": name_id, @@ -264,7 +263,7 @@ class Saml2Client(Base): except KeyError: response_args = None - query = _create_func(destination, **kwargs) + qid, query = _create_func(destination, **kwargs) response = self.send_using_soap(query, destination) diff --git a/src/saml2/client_base.py b/src/saml2/client_base.py index b3c53f9..a7a6cdb 100644 --- a/src/saml2/client_base.py +++ b/src/saml2/client_base.py @@ -230,7 +230,7 @@ class Base(Entity): of fulfilling the request, to create a new identifier to represent the principal. :param kwargs: Extra key word arguments - :return: instance + :return: tuple of request ID and instance """ client_crt = None if "client_crt" in kwargs: @@ -304,13 +304,14 @@ class Base(Entity): except KeyError: pass + rid = "" if (sign and self.sec.cert_handler.generate_cert()) or client_crt is not None: with self.lock: self.sec.cert_handler.update_cert(True, client_crt) if client_crt is not None: sign_prepare = True - return self._message(AuthnRequest, destination, message_id, consent, - extensions, sign, sign_prepare, + return self._message(AuthnRequest, destination, message_id, + consent, extensions, sign, sign_prepare, protocol_binding=binding, scoping=scoping, **args) return self._message(AuthnRequest, destination, message_id, consent, @@ -343,7 +344,7 @@ class Base(Entity): :param extensions: Possible extensions :param sign: Whether the query should be signed or not. :param sign_prepare: Whether the Signature element should be added. - :return: An AttributeQuery instance + :return: Tuple of request ID and an AttributeQuery instance """ if name_id is None: @@ -666,7 +667,7 @@ class Base(Entity): # SingleSignOnService _, location = self.pick_binding("single_sign_on_service", [_binding], entity_id=entityid) - authn_req = self.create_authn_request( + req_id, authn_req = self.create_authn_request( location, service_url_binding=BINDING_PAOS, **kwargs) # ---------------------------------------- @@ -677,7 +678,7 @@ class Base(Entity): [paos_request, relay_state]) - return authn_req.id, "%s" % soap_envelope + return req_id, "%s" % soap_envelope def parse_ecp_authn_response(self, txt, outstanding=None): rdict = soap.class_instances_from_soap_enveloped_saml_thingies(txt, @@ -757,7 +758,8 @@ class Base(Entity): params = urlencode(args) return "%s?%s" % (url, params) - def parse_discovery_service_response(self, url="", query="", + @staticmethod + def parse_discovery_service_response(url="", query="", returnIDParam="entityID"): """ Deal with the response url from a Discovery Service diff --git a/src/saml2/ecp.py b/src/saml2/ecp.py index 0962d15..4a1a0c1 100644 --- a/src/saml2/ecp.py +++ b/src/saml2/ecp.py @@ -115,9 +115,8 @@ def ecp_auth_request(cls, entityid=None, relay_state="", sign=False): logger.info("entityid: %s, binding: %s" % (entityid, BINDING_SOAP)) location = cls._sso_location(entityid, binding=BINDING_SOAP) - authn_req = cls.create_authn_request(location, - binding=BINDING_PAOS, - service_url_binding=BINDING_PAOS) + req_id, authn_req = cls.create_authn_request( + location, binding=BINDING_PAOS, service_url_binding=BINDING_PAOS) body = soapenv.Body() body.extension_elements = [element_to_extension_element(authn_req)] @@ -128,7 +127,7 @@ def ecp_auth_request(cls, entityid=None, relay_state="", sign=False): soap_envelope = soapenv.Envelope(header=header, body=body) - return authn_req.id, "%s" % soap_envelope + return req_id, "%s" % soap_envelope def handle_ecp_authn_response(cls, soap_message, outstanding=None): diff --git a/src/saml2/entity.py b/src/saml2/entity.py index 58243f5..67939e1 100644 --- a/src/saml2/entity.py +++ b/src/saml2/entity.py @@ -1,6 +1,5 @@ import base64 from binascii import hexlify -import copy import logging from hashlib import sha1 from saml2.metadata import ENDPOINTS @@ -20,10 +19,10 @@ from saml2 import soap from saml2 import element_to_extension_element from saml2 import extension_elements_to_elements -from saml2.saml import NameID, EncryptedAssertion +from saml2.saml import NameID from saml2.saml import Issuer from saml2.saml import NAMEID_FORMAT_ENTITY -from saml2.response import LogoutResponse, AuthnResponse +from saml2.response import LogoutResponse from saml2.time_util import instant from saml2.s_utils import sid from saml2.s_utils import UnravelError @@ -32,7 +31,9 @@ from saml2.s_utils import rndstr from saml2.s_utils import success_status_factory from saml2.s_utils import decode_base64_and_inflate from saml2.s_utils import UnsupportedBinding -from saml2.samlp import AuthnRequest, AuthzDecisionQuery, AuthnQuery, response_from_string +from saml2.samlp import AuthnRequest +from saml2.samlp import AuthzDecisionQuery +from saml2.samlp import AuthnQuery from saml2.samlp import AssertionIDRequest from saml2.samlp import ManageNameIDRequest from saml2.samlp import NameIDMappingRequest @@ -50,8 +51,12 @@ from saml2 import VERSION from saml2 import class_name from saml2.config import config_factory from saml2.httpbase import HTTPBase -from saml2.sigver import security_context, response_factory, SigverError, CryptoBackendXmlSec1, make_temp, \ - pre_encryption_part +from saml2.sigver import security_context +from saml2.sigver import response_factory +from saml2.sigver import SigverError +from saml2.sigver import CryptoBackendXmlSec1 +from saml2.sigver import make_temp +from saml2.sigver import pre_encryption_part from saml2.sigver import pre_signature_part from saml2.sigver import signed_instance_factory from saml2.virtual_org import VirtualOrg @@ -367,7 +372,8 @@ class Entity(HTTPBase): :param sign: Whether the request should be signed or not. :param sign_prepare: Whether the signature should be prepared or not. :param kwargs: Key word arguments specific to one request type - :return: An instance of the request_cls + :return: A tuple containing the request ID and an instance of the + request_cls """ if not message_id: message_id = sid(self.seed) @@ -377,6 +383,7 @@ class Entity(HTTPBase): kwargs[key] = val req = request_cls(**kwargs) + reqid = req.id if destination: req.destination = destination @@ -388,12 +395,13 @@ class Entity(HTTPBase): req.extensions = extensions if sign: - return self.sign(req, sign_prepare=sign_prepare) + return reqid, self.sign(req, sign_prepare=sign_prepare) else: logger.info("REQUEST: %s" % req) - return req + return reqid, req - def _filter_args(self, instance, extensions=None, **kwargs): + @staticmethod + def _filter_args(instance, extensions=None, **kwargs): args = {} if extensions is None: extensions = [] @@ -933,7 +941,7 @@ class Entity(HTTPBase): raise SAMLError("Missing endpoint location") _sid = sid() - msg = self.create_artifact_resolve(artifact, destination, _sid) + mid, msg = self.create_artifact_resolve(artifact, destination, _sid) return self.send_using_soap(msg, destination) def parse_artifact_resolve(self, txt, **kwargs): diff --git a/tests/test_50_server.py b/tests/test_50_server.py index 74416ae..6b299f9 100644 --- a/tests/test_50_server.py +++ b/tests/test_50_server.py @@ -124,7 +124,7 @@ class TestServer1(): assert status.status_code.value == samlp.STATUS_SUCCESS def test_parse_faulty_request(self): - authn_request = self.client.create_authn_request( + req_id, authn_request = self.client.create_authn_request( destination="http://www.example.com", id="id1") # should raise an error because faulty spentityid @@ -137,7 +137,7 @@ class TestServer1(): _dict["SAMLRequest"][0], binding) def test_parse_faulty_request_to_err_status(self): - authn_request = self.client.create_authn_request( + req_id, authn_request = self.client.create_authn_request( destination="http://www.example.com") binding = BINDING_HTTP_REDIRECT @@ -163,7 +163,7 @@ class TestServer1(): assert status_code.status_code.value == samlp.STATUS_UNKNOWN_PRINCIPAL def test_parse_ok_request(self): - authn_request = self.client.create_authn_request( + req_id, authn_request = self.client.create_authn_request( message_id="id1", destination="http://localhost:8088/sso") print authn_request @@ -378,7 +378,7 @@ class TestServer1(): } self.client.users.add_information_about_person(sinfo) - logout_request = self.client.create_logout_request( + req_id, logout_request = self.client.create_logout_request( destination="http://localhost:8088/slop", name_id=nid, issuer_entity_id="urn:mace:example.com:saml:roland:idp", reason="I'm tired of this") @@ -404,7 +404,7 @@ class TestServer1(): sp = client.Saml2Client(config_file="server_conf") sp.users.add_information_about_person(sinfo) - logout_request = sp.create_logout_request( + req_id, logout_request = sp.create_logout_request( name_id=nid, destination="http://localhost:8088/slo", issuer_entity_id="urn:mace:example.com:saml:roland:idp", reason="I'm tired of this") @@ -483,7 +483,7 @@ class TestServerLogout(): def test_1(self): server = Server("idp_slo_redirect_conf") - request = _logout_request("sp_slo_redirect_conf") + req_id, request = _logout_request("sp_slo_redirect_conf") print request bindings = [BINDING_HTTP_REDIRECT] response = server.create_logout_response(request, bindings) diff --git a/tests/test_51_client.py b/tests/test_51_client.py index 7aed35d..a808fca 100644 --- a/tests/test_51_client.py +++ b/tests/test_51_client.py @@ -27,7 +27,7 @@ AUTHN = { } -def for_me(condition, me ): +def for_me(condition, me): for restriction in condition.audience_restriction: audience = restriction.audience if audience.text.strip() == me: @@ -47,7 +47,7 @@ def ava(attribute_statement): def _leq(l1, l2): return set(l1) == set(l2) - + # def test_parse_3(): # xml_response = open(XML_RESPONSE_FILE3).read() # response = samlp.response_from_string(xml_response) @@ -60,11 +60,25 @@ def _leq(l1, l2): # print name_id # assert False -REQ1 = { "1.2.14": """ -urn:mace:example.com:saml:roland:spE8042FB4-4D5B-48C3-8E14-8EDD852790DD""", - "1.2.16":""" -urn:mace:example.com:saml:roland:spE8042FB4-4D5B-48C3-8E14-8EDD852790DD"""} - +REQ1 = {"1.2.14": """ +urn:mace:example.com:saml:roland:spE8042FB4-4D5B-48C3-8E14-8EDD852790DD""", + "1.2.16": """ +urn:mace:example +.com:saml:roland:spE8042FB4-4D5B-48C3-8E14-8EDD852790DD"""} nid = NameID(name_qualifier="foo", format=NAMEID_FORMAT_TRANSIENT, text="123456") @@ -77,9 +91,9 @@ class TestClient: conf = config.SPConfig() conf.load_file("server_conf") self.client = Saml2Client(conf) - + def test_create_attribute_query1(self): - req = self.client.create_attribute_query( + req_id, req = self.client.create_attribute_query( "https://idp.example.com/idp/", "E8042FB4-4D5B-48C3-8E14-8EDD852790DD", format=saml.NAMEID_FORMAT_PERSISTENT, @@ -111,7 +125,7 @@ class TestClient: assert attrq.subject.name_id.text == name_id.text def test_create_attribute_query2(self): - req = self.client.create_attribute_query( + req_id, req = self.client.create_attribute_query( "https://idp.example.com/idp/", "E8042FB4-4D5B-48C3-8E14-8EDD852790DD", attribute={ @@ -126,7 +140,7 @@ class TestClient: }, format=saml.NAMEID_FORMAT_PERSISTENT, message_id="id1") - + print req.to_string() assert req.destination == "https://idp.example.com/idp/" assert req.id == "id1" @@ -153,16 +167,17 @@ class TestClient: assert False seen.append("email") assert _leq(seen, ["givenName", "surname", "email"]) - + def test_create_attribute_query_3(self): - req = self.client.create_attribute_query( + req_id, req = self.client.create_attribute_query( "https://aai-demo-idp.switch.ch/idp/shibboleth", "_e7b68a04488f715cda642fbdd90099f5", format=saml.NAMEID_FORMAT_TRANSIENT, message_id="id1") - + assert isinstance(req, samlp.AttributeQuery) - assert req.destination == "https://aai-demo-idp.switch.ch/idp/shibboleth" + assert req.destination == "https://aai-demo-idp.switch" \ + ".ch/idp/shibboleth" assert req.id == "id1" assert req.version == "2.0" assert req.issue_instant @@ -173,10 +188,12 @@ class TestClient: def test_create_auth_request_0(self): ar_str = "%s" % self.client.create_authn_request( - "http://www.example.com/sso", message_id="id1") + "http://www.example.com/sso", message_id="id1")[1] + ar = samlp.authn_request_from_string(ar_str) print ar - assert ar.assertion_consumer_service_url == "http://lingon.catalogix.se:8087/" + assert ar.assertion_consumer_service_url == ("http://lingon.catalogix" + ".se:8087/") assert ar.destination == "http://www.example.com/sso" assert ar.protocol_binding == BINDING_HTTP_POST assert ar.version == "2.0" @@ -189,17 +206,18 @@ class TestClient: def test_create_auth_request_vo(self): assert self.client.config.vorg.keys() == [ "urn:mace:example.com:it:tek"] - + ar_str = "%s" % self.client.create_authn_request( "http://www.example.com/sso", "urn:mace:example.com:it:tek", # vo nameid_format=NAMEID_FORMAT_PERSISTENT, - message_id="666") - + message_id="666")[1] + ar = samlp.authn_request_from_string(ar_str) print ar assert ar.id == "666" - assert ar.assertion_consumer_service_url == "http://lingon.catalogix.se:8087/" + assert ar.assertion_consumer_service_url == "http://lingon.catalogix" \ + ".se:8087/" assert ar.destination == "http://www.example.com/sso" assert ar.protocol_binding == BINDING_HTTP_POST assert ar.version == "2.0" @@ -209,13 +227,14 @@ class TestClient: assert nid_policy.allow_create == "false" assert nid_policy.format == saml.NAMEID_FORMAT_PERSISTENT assert nid_policy.sp_name_qualifier == "urn:mace:example.com:it:tek" - + def test_sign_auth_request_0(self): #print self.client.config - - ar_str = "%s" % self.client.create_authn_request( + + req_id, areq = self.client.create_authn_request( "http://www.example.com/sso", sign=True, message_id="id1") + ar_str = "%s" % areq ar = samlp.authn_request_from_string(ar_str) assert ar @@ -236,12 +255,12 @@ class TestClient: def test_response(self): IDP = "urn:mace:example.com:saml:roland:idp" - - ava = { "givenName": ["Derek"], "surName": ["Jeter"], - "mail": ["derek@nyy.mlb.com"], "title":["The man"]} - nameid_policy=samlp.NameIDPolicy(allow_create="false", - format=saml.NAMEID_FORMAT_PERSISTENT) + ava = {"givenName": ["Derek"], "surName": ["Jeter"], + "mail": ["derek@nyy.mlb.com"], "title": ["The man"]} + + nameid_policy = samlp.NameIDPolicy(allow_create="false", + format=saml.NAMEID_FORMAT_PERSISTENT) resp = self.server.create_authn_response( identity=ava, @@ -255,11 +274,11 @@ class TestClient: resp_str = "%s" % resp resp_str = base64.encodestring(resp_str) - + authn_response = self.client.parse_authn_request_response( resp_str, BINDING_HTTP_POST, {"id1": "http://foo.example.com/service"}) - + assert authn_response is not None assert authn_response.issuer() == IDP assert authn_response.response.assertion[0].issuer.text == IDP @@ -272,7 +291,7 @@ class TestClient: 'title': ["The man"]} assert session_info["issuer"] == IDP assert session_info["came_from"] == "http://foo.example.com/service" - response = samlp.response_from_string(authn_response.xmlstr) + response = samlp.response_from_string(authn_response.xmlstr) assert response.destination == "http://lingon.catalogix.se:8087/" # One person in the cache @@ -283,7 +302,7 @@ class TestClient: assert self.client.users.issuers_of_info(subject_id) == [IDP] # --- authenticate another person - + ava = {"givenName": ["Alfonson"], "surName": ["Soriano"], "mail": ["alfonson@chc.mlb.com"], "title": ["outfielder"]} @@ -297,11 +316,11 @@ class TestClient: authn=AUTHN) resp_str = base64.encodestring(resp_str) - + self.client.parse_authn_request_response( resp_str, BINDING_HTTP_POST, {"id2": "http://foo.example.com/service"}) - + # Two persons in the cache assert len(self.client.users.subjects()) == 2 issuers = [self.client.users.issuers_of_info(s) for s in @@ -309,7 +328,7 @@ class TestClient: # The information I have about the subjects comes from the same source print issuers assert issuers == [[IDP], [IDP]] - + def test_init_values(self): entityid = self.client.config.entityid print entityid @@ -359,7 +378,7 @@ class TestClientWithDummy(): def test_do_attribute_query(self): response = self.client.do_attribute_query( IDP, "_e7b68a04488f715cda642fbdd90099f5", - attribute={"eduPersonAffiliation":None}, + attribute={"eduPersonAffiliation": None}, nameid_format=NAMEID_FORMAT_TRANSIENT) def test_logout_1(self): @@ -417,7 +436,7 @@ class TestClientWithDummy(): {sid: "/"}) ac = resp.assertion.authn_statement[0].authn_context assert ac.authenticating_authority[0].text == \ - 'http://www.example.com/login' + 'http://www.example.com/login' assert ac.authn_context_class_ref.text == INTERNETPROTOCOLPASSWORD @@ -429,4 +448,4 @@ class TestClientWithDummy(): if __name__ == "__main__": tc = TestClient() tc.setup_class() - tc.test_init_values() + tc.test_sign_auth_request_0() diff --git a/tests/test_64_artifact.py b/tests/test_64_artifact.py index 65edaeb..d7ca33f 100644 --- a/tests/test_64_artifact.py +++ b/tests/test_64_artifact.py @@ -83,7 +83,7 @@ def test_create_artifact_resolve(): destination = idp.artifact2destination(b64art, "spsso") - msg = idp.create_artifact_resolve(b64art, destination, sid()) + msg_id, msg = idp.create_artifact_resolve(b64art, destination, sid()) print msg @@ -108,7 +108,7 @@ def test_artifact_flow(): binding, destination = sp.pick_binding("single_sign_on_service", entity_id=idp.config.entityid) relay_state = "RS0" - req = sp.create_authn_request(destination, id="id1") + req_id, req = sp.create_authn_request(destination, id="id1") artifact = sp.use_artifact(req, 1) @@ -128,7 +128,7 @@ def test_artifact_flow(): destination = idp.artifact2destination(artifact2, "spsso") - msg = idp.create_artifact_resolve(artifact2, destination, sid()) + msg_id, msg = idp.create_artifact_resolve(artifact2, destination, sid()) hinfo = idp.use_soap(msg, destination, None, False) @@ -199,7 +199,7 @@ def test_artifact_flow(): destination = sp.artifact2destination(artifact3, "idpsso") # Got an artifact want to replace it with the real message - msg = sp.create_artifact_resolve(artifact3, destination, sid()) + msg_id, msg = sp.create_artifact_resolve(artifact3, destination, sid()) print msg diff --git a/tests/test_65_authn_query.py b/tests/test_65_authn_query.py index 74a2b46..bafc799 100644 --- a/tests/test_65_authn_query.py +++ b/tests/test_65_authn_query.py @@ -53,7 +53,7 @@ def test_basic(): subject = Subject(text="abc", name_id=NameID(format=NAMEID_FORMAT_TRANSIENT)) - aq = sp.create_authn_query(subject, destination, authn_context) + _id, aq = sp.create_authn_query(subject, destination, authn_context) print aq @@ -102,7 +102,7 @@ def test_flow(): subject = aresp.assertion.subject - aq = sp.create_authn_query(subject, destination, authn_context) + aq_id, aq = sp.create_authn_query(subject, destination, authn_context) print aq diff --git a/tests/test_66_name_id_mapping.py b/tests/test_66_name_id_mapping.py index f8f51f3..1f2654b 100644 --- a/tests/test_66_name_id_mapping.py +++ b/tests/test_66_name_id_mapping.py @@ -21,7 +21,7 @@ def test_base_request(): nameid = NameID(format=NAMEID_FORMAT_TRANSIENT, text="foobar") - nmr = sp.create_name_id_mapping_request(policy, nameid, destination) + mid, nmr = sp.create_name_id_mapping_request(policy, nameid, destination) print nmr @@ -41,7 +41,7 @@ def test_request_response(): nameid = NameID(format=NAMEID_FORMAT_TRANSIENT, text="foobar") - nmr = sp.create_name_id_mapping_request(policy, nameid, destination) + mid, nmr = sp.create_name_id_mapping_request(policy, nameid, destination) print nmr diff --git a/tests/test_67_manage_name_id.py b/tests/test_67_manage_name_id.py index 9435fea..32990e5 100644 --- a/tests/test_67_manage_name_id.py +++ b/tests/test_67_manage_name_id.py @@ -17,11 +17,11 @@ def test_basic(): nameid = NameID(format=NAMEID_FORMAT_TRANSIENT, text="foobar") newid = NewID(text="Barfoo") - mid = sp.create_manage_name_id_request(destination, name_id=nameid, + mid, mreq = sp.create_manage_name_id_request(destination, name_id=nameid, new_id=newid) - print mid - rargs = sp.apply_binding(binding, "%s" % mid, destination, "") + print mreq + rargs = sp.apply_binding(binding, "%s" % mreq, destination, "") # --------- @IDP -------------- @@ -29,7 +29,7 @@ def test_basic(): print _req.message - assert mid.id == _req.message.id + assert mid == _req.message.id def test_flow(): sp = Saml2Client(config_file="servera_conf") @@ -41,11 +41,11 @@ def test_flow(): nameid = NameID(format=NAMEID_FORMAT_TRANSIENT, text="foobar") newid = NewID(text="Barfoo") - mid = sp.create_manage_name_id_request(destination, name_id=nameid, + mid, midq = sp.create_manage_name_id_request(destination, name_id=nameid, new_id=newid) - print mid - rargs = sp.apply_binding(binding, "%s" % mid, destination, "") + print midq + rargs = sp.apply_binding(binding, "%s" % midq, destination, "") # --------- @IDP -------------- diff --git a/tests/test_70_redirect_signing.py b/tests/test_70_redirect_signing.py index f249f55..e0b95e1 100644 --- a/tests/test_70_redirect_signing.py +++ b/tests/test_70_redirect_signing.py @@ -24,7 +24,7 @@ def test(): BINDING_HTTP_REDIRECT) destination = srvs[0]["location"] - req = sp.create_authn_request(destination, id="id1") + req_id, req = sp.create_authn_request(destination, id="id1") try: key = sp.sec.key diff --git a/tests/test_75_mongodb.py b/tests/test_75_mongodb.py index 0121704..6e64e47 100644 --- a/tests/test_75_mongodb.py +++ b/tests/test_75_mongodb.py @@ -26,7 +26,7 @@ def test_flow(): idp1.ident.mdb.db.drop() # -- dummy request --- - orig_req = sp.create_authn_request(idp1.config.entityid) + req_id, orig_req = sp.create_authn_request(idp1.config.entityid) # == Create an AuthnRequest response diff --git a/tests/test_82_pefim.py b/tests/test_82_pefim.py index 7bb5c2b..79e34b1 100644 --- a/tests/test_82_pefim.py +++ b/tests/test_82_pefim.py @@ -26,7 +26,7 @@ spcertenc = SPCertEnc( extensions = Extensions( extension_elements=[element_to_extension_element(spcertenc)]) -req = client.create_authn_request( +req_id, req = client.create_authn_request( "http://www.example.com/sso", "urn:mace:example.com:it:tek", nameid_format=saml.NAMEID_FORMAT_PERSISTENT,