Allow logout to succeed if NotOnOrAfter expired.
This commit is contained in:
Serge Domkowski
@@ -207,7 +207,9 @@ class Saml2Client(Base):
|
|||||||
destination = destinations(srvs)[0]
|
destination = destinations(srvs)[0]
|
||||||
logger.info("destination to provider: %s", destination)
|
logger.info("destination to provider: %s", destination)
|
||||||
try:
|
try:
|
||||||
session_info = self.users.get_info_from(name_id, entity_id)
|
session_info = self.users.get_info_from(name_id,
|
||||||
|
entity_id,
|
||||||
|
False)
|
||||||
session_indexes = [session_info['session_index']]
|
session_indexes = [session_info['session_index']]
|
||||||
except KeyError:
|
except KeyError:
|
||||||
session_indexes = None
|
session_indexes = None
|
||||||
|
|||||||
@@ -45,8 +45,8 @@ class Population(object):
|
|||||||
def get_identity(self, name_id, entities=None, check_not_on_or_after=True):
|
def get_identity(self, name_id, entities=None, check_not_on_or_after=True):
|
||||||
return self.cache.get_identity(name_id, entities, check_not_on_or_after)
|
return self.cache.get_identity(name_id, entities, check_not_on_or_after)
|
||||||
|
|
||||||
def get_info_from(self, name_id, entity_id):
|
def get_info_from(self, name_id, entity_id, check_not_on_or_after=True):
|
||||||
return self.cache.get(name_id, entity_id)
|
return self.cache.get(name_id, entity_id, check_not_on_or_after)
|
||||||
|
|
||||||
def subjects(self):
|
def subjects(self):
|
||||||
"""Returns the name id's for all the persons in the cache"""
|
"""Returns the name id's for all the persons in the cache"""
|
||||||
|
|||||||
@@ -32,7 +32,7 @@ from saml2.sigver import rm_xmltag
|
|||||||
from saml2.sigver import verify_redirect_signature
|
from saml2.sigver import verify_redirect_signature
|
||||||
from saml2.s_utils import do_attribute_statement
|
from saml2.s_utils import do_attribute_statement
|
||||||
from saml2.s_utils import factory
|
from saml2.s_utils import factory
|
||||||
from saml2.time_util import in_a_while
|
from saml2.time_util import in_a_while, a_while_ago
|
||||||
|
|
||||||
from fakeIDP import FakeIDP
|
from fakeIDP import FakeIDP
|
||||||
from fakeIDP import unpack_form
|
from fakeIDP import unpack_form
|
||||||
@@ -1265,6 +1265,36 @@ class TestClient:
|
|||||||
BINDING_HTTP_POST)
|
BINDING_HTTP_POST)
|
||||||
assert b'<ns0:SessionIndex>_foo</ns0:SessionIndex>' in res.xmlstr
|
assert b'<ns0:SessionIndex>_foo</ns0:SessionIndex>' in res.xmlstr
|
||||||
|
|
||||||
|
def test_do_logout_session_expired(self):
|
||||||
|
# information about the user from an IdP
|
||||||
|
session_info = {
|
||||||
|
"name_id": nid,
|
||||||
|
"issuer": "urn:mace:example.com:saml:roland:idp",
|
||||||
|
"not_on_or_after": a_while_ago(minutes=15),
|
||||||
|
"ava": {
|
||||||
|
"givenName": "Anders",
|
||||||
|
"surName": "Andersson",
|
||||||
|
"mail": "anders.andersson@example.com"
|
||||||
|
},
|
||||||
|
"session_index": SessionIndex("_foo")
|
||||||
|
}
|
||||||
|
self.client.users.add_information_about_person(session_info)
|
||||||
|
entity_ids = self.client.users.issuers_of_info(nid)
|
||||||
|
assert entity_ids == ["urn:mace:example.com:saml:roland:idp"]
|
||||||
|
resp = self.client.do_logout(nid, entity_ids, "Tired",
|
||||||
|
in_a_while(minutes=5), sign=True,
|
||||||
|
expected_binding=BINDING_HTTP_POST)
|
||||||
|
assert resp
|
||||||
|
assert len(resp) == 1
|
||||||
|
assert list(resp.keys()) == entity_ids
|
||||||
|
binding, info = resp[entity_ids[0]]
|
||||||
|
assert binding == BINDING_HTTP_POST
|
||||||
|
|
||||||
|
_dic = unpack_form(info["data"][3])
|
||||||
|
res = self.server.parse_logout_request(_dic["SAMLRequest"],
|
||||||
|
BINDING_HTTP_POST)
|
||||||
|
assert b'<ns0:SessionIndex>_foo</ns0:SessionIndex>' in res.xmlstr
|
||||||
|
|
||||||
|
|
||||||
# Below can only be done with dummy Server
|
# Below can only be done with dummy Server
|
||||||
IDP = "urn:mace:example.com:saml:roland:idp"
|
IDP = "urn:mace:example.com:saml:roland:idp"
|
||||||
|
|||||||
Reference in New Issue
Block a user