openstack/deb-python-pysaml2
Code Issues Proposed changes

Merge pull request #27 from dv10den/master

Browse Source 
Added documentation structure
This commit is contained in:
Roland Hedberg
2014-04-05 02:37:38 +02:00
parent 53e98f3656 15f1dcc730
commit b371748a45
33 changed files with 679 additions and 740 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
doc/_static/ViewmeonGitHub.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.0 KiB

23
doc/conf.py
View File

@@ -12,6 +12,7 @@
# serve to show the default.
import sys, os
import alabaster
# If extensions (or modules to document with autodoc) are in another directory,
# add these directories to sys.path here. If the directory is relative to the
@@ -25,7 +26,7 @@ import sys, os
# Add any Sphinx extension module names here, as strings. They can be extensions
# coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
extensions = ['sphinx.ext.autodoc', 'sphinx.ext.viewcode']
extensions = ['alabaster', 'sphinx.ext.autodoc', 'sphinx.ext.viewcode']
# Add any paths that contain templates here, relative to this directory.
templates_path = ['_templates']
@@ -91,7 +92,25 @@ pygments_style = 'sphinx'
# The theme to use for HTML and HTML Help pages. See the documentation for
# a list of builtin themes.
html_theme = 'default'
html_theme_path = [alabaster.get_path()]
html_theme = 'alabaster'
html_sidebars = {
'**': [
'about.html',
'navigation.html',
'searchbox.html',
'donate.html',
]
}
html_theme_options = {
'description': '',
'github_button': False,
'github_user': 'its-dirg',
'github_repo': 'IdProxy',
'github_banner': False,
}
# Theme options are theme-specific and customize the look and feel of a theme
# further. For a list of options available for each theme, see the

19
doc/howto.rst
View File

@@ -206,7 +206,7 @@ Running the script testing an IDP
Synopsis::
$ idp_testdrv.py --help
usage: idp_testdrv.py [-h] [-d] [-H] [-i] [-C CA_CERTS] [-J TT_CONFIG_FILE] [-m] [-l]
usage: idp_testdrv.py [-h] [-d] [-H] [-C CA_CERTS] [-J TT_CONFIG_FILE] [-m] [-l]
[-c TD_CONFIG]
[oper]
@@ -215,15 +215,14 @@ Synopsis::
optional arguments:
-C CA_CERTS CA certs to use to verify HTTPS server certificates, if
HTTPS is used and server certs are passed with -C then
the default cert verification will be done using keys/cacert.pem,
which is derived from Mozilla's ca_bundle.crt.
HTTPS is used and no server CA certs are defined then
no cert verification will be done. For a generic validation you may use the ca_bundle.crt
file that comes with Mozilla.
-c TD_CONFIG, --config Test driver configuration module at the current directory or the path specified
with the -P option. Do not use relative paths or the .py filename extension
-d, --debug Print debug information to stderr
-H, --prettyprint Human readable status output
-h, --help show this help message and exit
-i, --insecure do not check TLS certificate (overriding -C option)
-J TT_CONFIG_FILE Test target configuration in JSON format
-L, --log Print HTTP log information # TODO: update documentation
-l, --list List all the test operations as a JSON object
@@ -242,22 +241,20 @@ Running the script testing an SP
Synopsis::
$ sp_testdrv.py --help
usage: sp_testdrv.py [-h] [-d] [-C CA_CERTS] [-i] [-J TT_CONFIG_FILE] [-m] [-l] [-c TD_CONFIG] [-t TEST_PACKAGE] [oper]
usage: sp_testdrv.py [-h] [-d] [-C CA_CERTS] [-J TT_CONFIG_FILE] [-m] [-l] [-c TD_CONFIG] [oper]
positional arguments:
oper Which test to run (mandatory except for options -h, -l and -m)
optional arguments:
-C CA_CERTS CA certs to use to verify HTTPS server certificates, if
HTTPS is used and server certs are passed with -C then
the default cert verification will be done using keys/cacert.pem,
which is derived from Mozilla's ca_bundle.crt.
HTTPS is used and no server CA certs are defined then
no cert verification will be done. For a generic validation you may use the ca_bundle.crt
file that comes with Mozilla.
-c TD_CONFIG, --config Test driver configuration module at the current directory or the path specified
with the -P option. Do not use relative paths or filename extension
-d, --debug Print debug information to stderr
-H, --prettyprint Human readable status output
-h, --help show this help message and exit
-i, --insecure do not check TLS certificate (overriding -C option)
-J TT_CONFIG_FILE Test target configuration in JSON format
-L, --log Print HTTP log information # TODO: update documentation
-l, --list List all the test flows as a JSON object

6
doc/index.rst
View File

@@ -18,6 +18,7 @@ Contents:
howto
install
saml2test
Indices and tables
==================
@@ -26,3 +27,8 @@ Indices and tables
* :ref:`modindex`
* :ref:`search`
.. raw:: html
<a href="https://github.com/rohe/saml2test" class="github" target="_blank">
<img style="position: absolute; top: 0; right: 0; border: 0;" src="_static/ViewmeonGitHub.png" alt="Fork me on GitHub" class="github"/>
</a>

5
doc/make.sh Executable file
View File

@@ -0,0 +1,5 @@
#!/bin/sh
rm -f saml2test*
sphinx-apidoc -F -o ../doc/ ../src/saml2test
make clean
make html

5
script/sp_testdrv.py
View File

@@ -1,8 +1,9 @@
#!/usr/bin/env python
__author__ = 'rohe0002'
from sp_test import tests
from sp_test import Client
from sp_test.check import factory
cli = Client(factory)
cli.run()
cli = Client(tests, factory)
cli.run()

7
setup.py
View File

@@ -21,19 +21,18 @@ __author__ = 'rohe0002'
setup(
name="saml2test",
version="0.5.0beta",
version="0.4.3",
description="SAML2 test tool",
author = "Roland Hedberg",
author_email = "roland.hedberg@adm.umu.se",
license="Apache 2.0",
packages=["idp_test", "idp_test/package", "saml2test", "sp_test",
"sp_test/test_suites"],
packages=["idp_test", "idp_test/package", "saml2test", "sp_test"],
package_dir = {"": "src"},
classifiers = [
"Development Status :: 4 - Beta",
"License :: OSI Approved :: Apache Software License",
"Topic :: Software Development :: Libraries :: Python Modules"],
install_requires = ["pysaml2 >= 2",
install_requires = ["pysaml2",
"mechanize",
"argparse",
"beautifulsoup4",

71
src/idp_test/__init__.py
View File

@@ -19,10 +19,9 @@ from saml2.mdstore import MetaData
from saml2test import FatalError, OperationError
from saml2test import exception_trace
from saml2test import ContextFilter
from saml2test import JSON_DUMPS_ARGS
from base import Conversation
from check import CheckSaml2IntMetaData
from idp_test.base import Conversation
from idp_test.check import CheckSaml2IntMetaData
# Schemas supported
from saml2 import md
@@ -40,12 +39,10 @@ SCHEMA = [dri, idpdisc, md, mdattr, mdui, saml, ui, xmldsig, xmlenc]
__author__ = 'rolandh'
#logger = logging.getLogger("")
#logger.setLevel(logging.DEBUG)
#formatter = logging.Formatter("%(asctime)s %(name)s:%(levelname)s "
#"%(message)s")
formatter_2 = logging.Formatter("%(delta).6f - %(levelname)s - [%(name)s] "
"%(message)s")
logger = logging.getLogger("")
logger.setLevel(logging.DEBUG)
#formatter = logging.Formatter("%(asctime)s %(name)s:%(levelname)s %(message)s")
formatter_2 = logging.Formatter("%(delta).6f - %(levelname)s - [%(name)s] %(message)s")
cf = ContextFilter()
cf.start()
@@ -53,20 +50,12 @@ cf.start()
streamhandler = logging.StreamHandler(sys.stderr)
streamhandler.setFormatter(formatter_2)
memoryhandler = logging.handlers.MemoryHandler(1024 * 10, logging.DEBUG)
memoryhandler = logging.handlers.MemoryHandler(1024*10, logging.DEBUG)
memoryhandler.addFilter(cf)
#saml2testlog = logging.getLogger("saml2test")
#saml2testlog.addHandler(memoryhandler)
#saml2testlog.setLevel(logging.DEBUG)
logger = logging.getLogger("saml2test")
logger.setLevel(logging.DEBUG)
logger.addHandler(memoryhandler)
# The streamhandler variable should be added to the logger if
# you want to see the log messages as they are printed instead
# of afterwards (mostly useful during debugging
#logger.addHandler(streamhandler)
logger.setLevel(logging.DEBUG)
saml2testlog = logging.getLogger("saml2test")
saml2testlog.addHandler(memoryhandler)
saml2testlog.setLevel(logging.DEBUG)
def recursive_find_module(name, path=None):
@@ -116,9 +105,9 @@ class SAML2client(object):
self._parser.add_argument('-L', dest='log', action='store_true',
help="Print log information")
self._parser.add_argument(
'-C', dest="ca_certs",
help=("CA certs to use to verify HTTPS server certificates, "
"if HTTPS is used and no server CA certs are defined then "
'-C', dest="§",
help=("CA certs to use to verify HTTPS server certificates, ",
"if HTTPS is used and no server CA certs are defined then ",
"no cert verification will be done"))
self._parser.add_argument('-J', dest="json_config_file",
help="Script configuration")
@@ -151,7 +140,6 @@ class SAML2client(object):
self.constraints = {}
self.operations = None
self.args = None
self.client = None
def json_config_file(self):
if self.args.json_config_file == "-":
@@ -219,7 +207,7 @@ class SAML2client(object):
try:
self.entity_id = _jc["entity_id"]
# Verify its the correct metadata
assert self.entity_id in md.entity.keys(), "Entityid {0} not found in {1}".format(self.entity_id, ', '.join(md.entity.keys()))
assert self.entity_id in md.entity.keys()
except KeyError:
if len(md.entity.keys()) == 1:
self.entity_id = md.entity.keys()[0]
@@ -296,34 +284,15 @@ class SAML2client(object):
self.setup()
except (AttributeError, ToOld), err:
print >> sys.stdout, "Configuration Error: %s" % err
return
self.client = Saml2Client(self.sp_config)
conv = None
if self.args.pretty:
pp = pprint.PrettyPrinter(indent=4)
else:
pp = None
conv = None
try:
self.client = Saml2Client(self.sp_config)
except Exception, err:
if conv:
self.test_log = conv.test_output
self.test_log.append(exception_trace("RUN", err))
else:
self.test_log = exception_trace("RUN", err)
tsum = self.test_summation(self.args.oper)
if pp:
pp.pprint(tsum)
else:
print >> sys.stdout, json.dumps(tsum, **JSON_DUMPS_ARGS)
if tsum["status"] > 1 or self.args.debug or err:
self.output_log(memoryhandler, streamhandler)
return
try:
try:
oper = self.operations.OPERATIONS[self.args.oper]
@@ -369,7 +338,7 @@ class SAML2client(object):
if pp:
pp.pprint(tsum)
else:
print >> sys.stdout, json.dumps(tsum, **JSON_DUMPS_ARGS)
print >> sys.stdout, json.dumps(tsum)
if tsum["status"] > 1 or self.args.debug or err:
self.output_log(memoryhandler, streamhandler)
@@ -416,7 +385,7 @@ class SAML2client(object):
lista.append(item)
print json.dumps(lista, **JSON_DUMPS_ARGS)
print json.dumps(lista)
def _get_operation(self, operation):
return self.operations.OPERATIONS[operation]
@@ -430,7 +399,7 @@ class SAML2client(object):
mod = import_module("config")
_res = dict([(key, cnf["description"]) for key, cnf in
mod.CONFIG.items()])
print json.dumps(_res, **JSON_DUMPS_ARGS)
print json.dumps(_res)
def verify_metadata(self):
self.json_config = self.json_config_file()

27
src/idp_test/base.py
View File

@@ -5,16 +5,14 @@ import urllib
import cookielib
from saml2 import BINDING_HTTP_REDIRECT, BINDING_URI
from saml2 import BINDING_HTTP_POST, BINDING_SOAP
from saml2 import httpbase
from saml2 import BINDING_HTTP_POST
from saml2 import BINDING_SOAP
from saml2.mdstore import REQ2SRV
from saml2.pack import http_redirect_message
from saml2.pack import http_form_post_message
from saml2.pack import http_redirect_message, http_form_post_message
from saml2.s_utils import rndstr
from saml2test import tool
from saml2test import OperationError
from saml2test import FatalError
__author__ = 'rohe0002'
@@ -82,14 +80,7 @@ class Conversation(tool.Conversation):
response = None
for srv in srvs:
try:
response = self._send(srv)
except httpbase.ConnectionError, err:
logger.debug("IO error: %s" % err)
raise OperationError("IO error: %s" % err)
except Exception, err:
raise
response = self._send(srv)
if response is not None:
break
@@ -105,7 +96,7 @@ class Conversation(tool.Conversation):
try:
req = self.oper.args["message"]
except KeyError:
req_id, req = self.qfunc(**self.qargs)
req = self.qfunc(**self.qargs)
self.request = self.oper.pre_processing(req, self.args)
str_req = "%s" % self.request
@@ -193,9 +184,9 @@ class Conversation(tool.Conversation):
# remove args the create function can't handle
fargs = inspect.getargspec(self.qfunc).args
if _oper._class:
fargs.extend([p for p, _c, _r in
fargs.extend([p for p, c, r in
_oper._class.c_attributes.values()])
fargs.extend([p for p, _c in _oper._class.c_children.values()])
fargs.extend([p for p, c in _oper._class.c_children.values()])
for arg in qargs.keys():
if arg not in fargs:
del qargs[arg]
@@ -203,7 +194,7 @@ class Conversation(tool.Conversation):
self.qargs = qargs
def my_endpoints(self):
return [e for e, _b in self.client.config.getattr("endpoints", "sp")[
return [e for e, b in self.client.config.getattr("endpoints", "sp")[
"assertion_consumer_service"]]
def handle_result(self):
@@ -249,4 +240,4 @@ class Conversation(tool.Conversation):
logger.error("Exception %s" % err)
self.err_check("exception", err)
return True
return True

43
src/idp_test/check.py
View File

@@ -19,13 +19,20 @@ from saml2.samlp import Response
from saml2.sigver import cert_from_key_info_dict
from saml2.sigver import key_from_key_value_dict
# Import the status codes used indicate the test results
from saml2test.status import OK, CRITICAL, WARNING
from saml2.time_util import str_to_time
__author__ = 'rolandh'
INFORMATION = 0
OK = 1
WARNING = 2
ERROR = 3
CRITICAL = 4
INTERACTION = 5
STATUSCODE = ["INFORMATION", "OK", "WARNING", "ERROR", "CRITICAL",
"INTERACTION"]
PREFIX = "-----BEGIN CERTIFICATE-----"
POSTFIX = "-----END CERTIFICATE-----"
@@ -56,8 +63,7 @@ class CheckSaml2IntMetaData(Check):
# contact person
if "contact_person" not in idpsso and "contact_person" not in ed:
self._message = "Metadata should contain contact person "
"information"
self._message = "Metadata should contain contact person information"
self._status = WARNING
return res
else:
@@ -251,15 +257,14 @@ class CheckSubjectNameIDFormat(Check):
"""
The <NameIDPolicy> element tailors the name identifier in the subjects of
assertions resulting from an <AuthnRequest>.
When this element is used, if the content is not understood by or
acceptable to the identity provider, then a <Response> message element MUST
be returned with an error <Status>, and MAY contain a second-level
When this element is used, if the content is not understood by or acceptable
to the identity provider, then a <Response> message element MUST be
returned with an error <Status>, and MAY contain a second-level
<StatusCode> of urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy.
If the Format value is omitted or set to
urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified, then the identity
provider is free to return any kind of identifier, subject to any
additional constraints due to the content of this element or the policies
of the identity provider or principal.
If the Format value is omitted or set to urn:oasis:names:tc:SAML:2.0:nameid-
format:unspecified, then the identity provider is free to return any kind
of identifier, subject to any additional constraints due to the content of
this element or the policies of the identity provider or principal.
"""
cid = "check-saml2int-nameid-format"
msg = "Attribute error"
@@ -460,7 +465,7 @@ class VerifyFunctionality(Check):
md = conv.client.metadata
entity = md[conv.entity_id]
for desc in ["idpsso_descriptor", "attribute_authority_descriptor",
"authn_authority_descriptor"]:
"auth_authority_descriptor"]:
try:
srvgrps = entity[desc]
except KeyError:
@@ -497,8 +502,8 @@ class VerifyFunctionality(Check):
if self._status != OK:
return res
res = self._binding_support(conv, oper.request,
args["request_binding"], "idpsso")
res = self._binding_support(conv, oper.request, args["request_binding"],
"idpsso")
if self._status != OK:
return res
@@ -513,9 +518,7 @@ class VerifyFunctionality(Check):
pass
else:
res = self._nameid_format_support(conv,
args[
"name_id_policy"
].format)
args["name_id_policy"].format)
return res
@@ -634,7 +637,7 @@ CLASS_CACHE = {}
def factory(cid, classes=CLASS_CACHE):
if len(classes) == 0:
check.factory(cid, classes)
for _name, obj in inspect.getmembers(sys.modules[__name__]):
for name, obj in inspect.getmembers(sys.modules[__name__]):
if inspect.isclass(obj):
try:
classes[obj.cid] = obj

9
src/idp_test/interaction.py
View File

@@ -1,5 +1,3 @@
from saml2test import JSON_DUMPS_ARGS
__author__ = 'rohe0002'
import json
@@ -14,7 +12,6 @@ from mechanize._form import ListControl
logger = logging.getLogger(__name__)
def pick_interaction(interactions, _base="", content="", req=None):
unic = content
if content:
@@ -63,7 +60,7 @@ class FlowException(Exception):
self.url = url
def __str__(self):
return json.dumps(self.__dict__, **JSON_DUMPS_ARGS)
return json.dumps(self.__dict__)
class RResponse():
@@ -278,6 +275,7 @@ def select_form(httpc, orig_response, **kwargs):
return do_click(httpc, form, **kwargs)
#noinspection PyUnusedLocal
def chose(httpc, orig_response, path, **kwargs):
"""
Sends a HTTP GET to a url given by the present url and the given
@@ -289,6 +287,7 @@ def chose(httpc, orig_response, path, **kwargs):
:return: The response do_click() returns
"""
if not path.startswith("http"):
try:
_url = orig_response.url
@@ -325,6 +324,7 @@ def NoneFunc():
return None
#noinspection PyUnusedLocal
def parse(httpc, orig_response, **kwargs):
# content is a form from which I get the SAMLResponse
response = RResponse(orig_response)
@@ -338,6 +338,7 @@ def parse(httpc, orig_response, **kwargs):
"RelayState": form["RelayState"]}
#noinspection PyUnusedLocal
def interaction(args):
_type = args["type"]
if _type == "form":

5
src/idp_test/package/authn_request.py
View File

@@ -6,7 +6,6 @@ __author__ = 'rolandh'
from idp_test.saml2base import AuthnRequest
class DummyExtension(SamlBase):
"""The urn:mace:umu.se:SAML:2.0:extension:foo element """
@@ -18,14 +17,12 @@ class DummyExtension(SamlBase):
c_child_order = SamlBase.c_child_order[:]
c_cardinality = SamlBase.c_cardinality.copy()
class AuthnRequest_UnknownIssuer(AuthnRequest):
def pre_processing(self, message, args):
_issuer = message.issuer
_issuer.text = "https://www.example.com/foobar.xml"
return message
class AuthnRequest_UnknownExtension(AuthnRequest):
def pre_processing(self, message, args):
message.extension = ExtensionContainer()
@@ -49,4 +46,4 @@ OPERATIONS = {
"tests": {"pre": [CheckSaml2IntMetaData],
"post": [CheckSaml2IntAttributes]}
},
}
}

83
src/idp_test/saml2base.py
View File

@@ -1,9 +1,14 @@
from saml2 import samlp
from saml2 import BINDING_HTTP_ARTIFACT, BINDING_HTTP_POST
from saml2 import BINDING_HTTP_REDIRECT, BINDING_PAOS, BINDING_SOAP
from saml2 import BINDING_HTTP_ARTIFACT
from saml2 import BINDING_HTTP_POST
from saml2 import BINDING_HTTP_REDIRECT
from saml2 import BINDING_PAOS
from saml2 import BINDING_SOAP
from saml2 import BINDING_URI
from saml2.saml import NAMEID_FORMAT_PERSISTENT, NAMEID_FORMAT_UNSPECIFIED
from saml2.saml import NAMEID_FORMAT_TRANSIENT, NAMEID_FORMAT_EMAILADDRESS
from saml2.saml import NAMEID_FORMAT_PERSISTENT
from saml2.saml import NAMEID_FORMAT_UNSPECIFIED
from saml2.saml import NAMEID_FORMAT_TRANSIENT
from saml2.saml import NAMEID_FORMAT_EMAILADDRESS
from idp_test.check import CheckLogoutSupport
from idp_test.check import CheckSaml2IntAttributes
@@ -366,7 +371,7 @@ OPERATIONS = {
"sequence": [AuthnRequest],
"tests": {"pre": [CheckSaml2IntMetaData],
"post": []},
"depend": ["verify"]
"depend":["verify"]
},
'authn-nid_transient': {
"tc_id": "S2c-10",
@@ -375,7 +380,7 @@ OPERATIONS = {
"sequence": [AuthnRequestNID_Transient],
"tests": {"pre": [CheckSaml2IntMetaData],
"post": []},
"depend": ["authn"]
"depend":["authn"]
},
'authn-nid_email': {
"tc_id": "S2c-20",
@@ -384,7 +389,7 @@ OPERATIONS = {
"sequence": [AuthnRequestNID_Email],
"tests": {"pre": [CheckSaml2IntMetaData],
"post": []},
"depend": ["authn"]
"depend":["authn"]
},
'authn-nid_no': {
"tc_id": "S2c-21",
@@ -393,7 +398,7 @@ OPERATIONS = {
"sequence": [AuthnRequestNID_no],
"tests": {"pre": [CheckSaml2IntMetaData],
"post": []},
"depend": ["authn"]
"depend":["authn"]
},
'authn-nid_unspecified': {
"tc_id": "S2c-21",
@@ -402,7 +407,7 @@ OPERATIONS = {
"sequence": [AuthnRequestNID_Unspecified],
"tests": {"pre": [CheckSaml2IntMetaData],
"post": []},
"depend": ["authn"]
"depend":["authn"]
},
'authn-post': {
"tc_id": "S2c-08",
@@ -411,7 +416,7 @@ OPERATIONS = {
"sequence": [AuthnRequestPost],
"tests": {"pre": [CheckSaml2IntMetaData],
"post": []},
"depend": ["authn"]
"depend":["authn"]
},
'authn-post-transient': {
"tc_id": "S2c-09",
@@ -420,48 +425,48 @@ OPERATIONS = {
"sequence": [AuthnRequestPostNID_Transient],
"tests": {"pre": [CheckSaml2IntMetaData],
"post": []},
"depend": ["authn-post"]
"depend":["authn-post"]
},
'attribute-query': {
'attribute-query':{
"tc_id": "S2c-01",
"name": "",
"sequence": [AuthnRequest, AttributeQuery],
"depend": ["authn"]
"sequence":[AuthnRequest, AttributeQuery],
"depend":["authn"]
},
'attribute-query-transient': {
'attribute-query-transient':{
"tc_id": "S2c-20",
"name": "",
"sequence": [AuthnRequestNID_Transient, AttributeQuery],
"depend": ["authn"]
"sequence":[AuthnRequestNID_Transient, AttributeQuery],
"depend":["authn"]
},
'authn_endpoint_index': {
"tc_id": "S2c-03",
"name": '',
"descr": '',
"sequence": [AuthnRequestEndpointIndex],
"depend": ["authn"]
"depend":["authn"]
},
'authn_endpoint_index-transient': {
"tc_id": "S2c-03",
"name": '',
"descr": '',
"sequence": [AuthnRequestEndpointIndexNIDTransient],
"depend": ["authn"]
"depend":["authn"]
},
'authn_specified_endpoint': {
"tc_id": "S2c-04",
"name": '',
"descr": '',
"sequence": [AuthnRequestSpecEndpoint],
"depend": ["authn"]
"depend":["authn"]
},
'authn-artifact': {
'authn-artifact':{
'tc_id': "S2c-05",
"name": "SAML2 AuthnRequest using an artifact",
"descr": ('AuthnRequest using HTTP-redirect and artifact'),
"sequence": [AuthnRequest_using_Artifact]
},
'authn-artifact_nid-transient': {
'authn-artifact_nid-transient':{
'tc_id': "S2c-05",
"name": "SAML2 AuthnRequest expecting artifact response",
"descr": ('AuthnRequest using HTTP-redirect and artifact'),
@@ -473,7 +478,7 @@ OPERATIONS = {
"descr": 'AuthnRequest followed by an AssertionIDRequest',
"sequence": [AuthnRequest, AssertionIDRequest],
"tests": {"pre": [CheckSaml2IntMetaData], "post": []},
"depend": ["authn"]
"depend":["authn"]
},
'authn-nid_transient-assertion_id_request': {
"tc_id": "S2c-26",
@@ -481,7 +486,7 @@ OPERATIONS = {
"descr": 'AuthnRequest followed by an AssertionIDRequest',
"sequence": [AuthnRequestNID_Transient, AssertionIDRequest],
"tests": {"pre": [CheckSaml2IntMetaData], "post": []},
"depend": ["authn"]
"depend":["authn"]
},
'authn-with-name_id_policy': {
"tc_id": "S2c-11",
@@ -489,7 +494,7 @@ OPERATIONS = {
"descr": 'AuthnRequest with specific NameIDPolicy',
"sequence": [AuthnRequest_NameIDPolicy1],
"tests": {"pre": [CheckSaml2IntMetaData], "post": []},
"depend": ["authn"]
"depend":["authn"]
},
'authn-with-name_id_policy_nid-transient': {
"tc_id": "S2c-31",
@@ -497,13 +502,13 @@ OPERATIONS = {
"descr": 'AuthnRequest with specific NameIDPolicy',
"sequence": [AuthnRequest_NameIDPolicy1Transient],
"tests": {"pre": [CheckSaml2IntMetaData], "post": []},
"depend": ["authn"]
"depend":["authn"]
},
'ecp_authn': {
'tc_id': "S2c-12",
"name": "SAML2 AuthnRequest using ECP and PAOS",
"descr": "SAML2 AuthnRequest using ECP and PAOS",
"sequence": [ECP_AuthnRequest]
"sequence":[ECP_AuthnRequest]
},
'log-in-out': {
"tc_id": "S2c-13",
@@ -511,31 +516,31 @@ OPERATIONS = {
"descr": 'AuthnRequest using HTTP-redirect followed by a logout',
"sequence": [AuthnRequest, LogOutRequest],
"tests": {"pre": [CheckSaml2IntMetaData], "post": []},
"depend": ["authn"]
"depend":["authn"]
},
'manage_nameid': {
'manage_nameid':{
"tc_id": "S2c-14",
"name": "Setting the SP provided ID by using ManageNameID",
"sequence": [AuthnRequest, ManageNameIDRequest],
"depend": ["authn"]
"sequence":[AuthnRequest, ManageNameIDRequest],
"depend":["authn"]
},
'manage_nameid_nid-transient': {
'manage_nameid_nid-transient':{
"tc_id": "S2c-14",
"name": "Setting the SP provided ID by using ManageNameID",
"sequence": [AuthnRequestNID_Transient, ManageNameIDRequest],
"depend": ["authn"]
"sequence":[AuthnRequestNID_Transient, ManageNameIDRequest],
"depend":["authn"]
},
'nameid-mapping': {
'nameid-mapping':{
"tc_id": "S2c-15",
"name": "Simple NameIDMapping request",
"sequence": [AuthnRequest, NameIDMappingRequest],
"depend": ["authn"]
"sequence":[AuthnRequest, NameIDMappingRequest],
"depend":["authn"]
},
'authn-authn_query': {
"name": 'AuthnRequest and then an AuthnQuery',
"descr": 'AuthnRequest followed by an AuthnQuery',
"sequence": [AuthnRequest, AuthnQuery],
"tests": {"pre": [CheckSaml2IntMetaData], "post": []},
"depend": ["authn"]
"depend":["authn"]
},
}
}

18
src/saml2test/__init__.py
View File

@@ -12,8 +12,6 @@ logger = logging.getLogger(__name__)
__author__ = 'rolandh'
JSON_DUMPS_ARGS = {"indent": 4, "sort_keys": True}
class FatalError(Exception):
pass
@@ -23,7 +21,7 @@ class CheckError(Exception):
pass
class HttpError(Exception):
class HTTP_ERROR(Exception):
pass
@@ -40,15 +38,11 @@ class ContextFilter(logging.Filter):
This is a filter which injects time laps information into the log.
"""
def __init__(self, name=""):
logging.Filter.__init__(self, name)
self._start = 0
def start(self):
self._start = time.time()
self.start = time.time()
def filter(self, record):
record.delta = time.time() - self._start
record.delta = time.time() - self.start
return True
@@ -64,7 +58,7 @@ def stop_script_by_name(name):
import os
p = subprocess.Popen(['ps', '-A'], stdout=subprocess.PIPE)
out, _err = p.communicate()
out, err = p.communicate()
for line in out.splitlines():
if name in line:
@@ -84,7 +78,7 @@ def get_page(url):
if resp.status_code == 200:
return resp.text
else:
raise HttpError(resp.status)
raise HTTP_ERROR(resp.status)
def exception_trace(tag, exc, log=None):
@@ -100,4 +94,4 @@ def exception_trace(tag, exc, log=None):
def ip_addresses():
return [ip for ip in socket.gethostbyname_ex(socket.gethostname())[2]
if not ip.startswith("127.")]
if not ip.startswith("127.")]

23
src/saml2test/check.py
View File

@@ -1,13 +1,21 @@
import inspect
import json
import traceback
import sys
# Import the status codes used indicate the test results
from saml2test.status import INFORMATION, OK, ERROR, CRITICAL
__author__ = 'rolandh'
import traceback
import sys
INFORMATION = 0
OK = 1
WARNING = 2
ERROR = 3
CRITICAL = 4
INTERACTION = 5
STATUSCODE = ["INFORMATION", "OK", "WARNING", "ERROR", "CRITICAL",
"INTERACTION"]
CONT_JSON = "application/json"
CONT_JWT = "application/jwt"
@@ -145,7 +153,7 @@ class VerifyError(Error):
except Exception:
pass
item, _msg = conv.protocol_response[-1]
item, msg = conv.protocol_response[-1]
try:
assert item.type().endswith("ErrorResponse")
except AssertionError:
@@ -239,10 +247,9 @@ class Parse(CriticalError):
return {}
def factory(cid, classes):
if len(classes) == 0:
for _name, obj in inspect.getmembers(sys.modules[__name__]):
for name, obj in inspect.getmembers(sys.modules[__name__]):
if inspect.isclass(obj):
try:
classes[obj.cid] = obj

7
src/saml2test/interaction.py
View File

@@ -1,5 +1,3 @@
from saml2test import JSON_DUMPS_ARGS
__author__ = 'rohe0002'
import json
@@ -25,7 +23,7 @@ class FlowException(Exception):
self.url = url
def __str__(self):
return json.dumps(self.__dict__, **JSON_DUMPS_ARGS)
return json.dumps(self.__dict__)
class InteractionNeeded(Exception):
@@ -389,8 +387,7 @@ class Action(object):
except (KeyError, AttributeError):
_args = {}
_args.update({"location": location, "features": features,
"conv": conv})
_args.update({"location": location, "features": features, "conv": conv})
logger.info("<-- FUNCTION: %s" % function.__name__)
logger.info("<-- ARGS: %s" % _args)

4
src/saml2test/opfunc.py
View File

@@ -6,8 +6,6 @@ from urlparse import urlparse
from mechanize import ParseResponseEx
from mechanize._form import ControlNotFoundError, AmbiguityError
from mechanize._form import ListControl
from saml2test import JSON_DUMPS_ARGS
__author__ = 'rohe0002'
@@ -22,7 +20,7 @@ class FlowException(Exception):
self.url = url
def __str__(self):
return json.dumps(self.__dict__, **JSON_DUMPS_ARGS)
return json.dumps(self.__dict__)
class DResponse():

10
src/saml2test/tool.py
View File

@@ -7,7 +7,7 @@ from urlparse import parse_qs
from saml2test.opfunc import Operation
from saml2test import FatalError
from saml2test.check import ExpectedError, ERROR
from saml2test.status import INTERACTION
from saml2test.check import INTERACTION
from saml2test.interaction import Interaction
from saml2test.interaction import Action
from saml2test.interaction import InteractionNeeded
@@ -61,7 +61,7 @@ class Conversation(object):
except KeyError:
pass
raise OperationError
raise FatalError
def do_check(self, test, **kwargs):
if isinstance(test, basestring):
@@ -128,7 +128,7 @@ class Conversation(object):
self.client.cookiejar = self.cjar["rp"]
for_me = True
try:
_base, query = url.split("?")
base, query = url.split("?")
except ValueError:
pass
else:
@@ -300,8 +300,8 @@ class Conversation(object):
break
except (FatalError, OperationError):
raise
except Exception, _err:
#self.err_check("exception", _err)
except Exception, err:
#self.err_check("exception", err)
raise
try:

131
src/sp_test/__init__.py
View File

@@ -13,18 +13,16 @@ from saml2.server import Server
from saml2.config import IdPConfig
from saml2.config import logging
from base import Conversation
from sp_test.base import Conversation
from saml2test import FatalError
from saml2test import CheckError
from saml2test import ContextFilter
from saml2test import exception_trace
from saml2test import JSON_DUMPS_ARGS
__author__ = 'rolandh'
#formatter =
# logging.Formatter("%(asctime)s %(name)s:%(levelname)s %(message)s")
#formatter = logging.Formatter("%(asctime)s %(name)s:%(levelname)s %(message)s")
formatter_2 = logging.Formatter(
"%(delta).6f - %(levelname)s - [%(name)s] %(message)s")
@@ -40,87 +38,44 @@ memoryhandler.addFilter(cf)
logger = logging.getLogger(__name__)
logger.setLevel(logging.DEBUG)
logger.addHandler(memoryhandler)
# The streamhandler variable should be added to the logger if
# you want to see the log messages as they are printed instead
# of afterwards (mostly useful during debugging
#logger.addHandler(streamhandler)
logger.setLevel(logging.DEBUG)
class Client(object):
"""
This is the SP testing client for saml2test. It contains the methods that
are required to set up and run the tests you request.
"""
def __init__(self, check_factory):
"""
Creates a new SP testing client.
@param self: this SP testing client
@param check_factory: the factory containing the checks that are needed
during the SP test
"""
self.testsuite = None
def __init__(self, operations, check_factory):
self.operations = operations
self.tests = None
self.check_factory = check_factory
self._parser = argparse.ArgumentParser()
self._parser.add_argument("-c",
dest="config",
default="config",
self._parser.add_argument("-c", dest="config", default="config",
help="Configuration file for the IdP")
self._parser.add_argument('-C',
dest="ca_certs",
help="CA certs to use to verify HTTPS "
"server certificates, if HTTPS is used and "
"no server CA certs are defined then no "
"cert verification will be done")
self._parser.add_argument('-d',
dest='debug',
action='store_true',
self._parser.add_argument(
'-C', dest="ca_certs",
help=("CA certs to use to verify HTTPS server certificates, ",
"if HTTPS is used and no server CA certs are defined then ",
"no cert verification will be done"))
self._parser.add_argument('-d', dest='debug', action='store_true',
help="Print debug information")
self._parser.add_argument("-H",
dest="pretty",
action='store_true',
help="Human readable status output")
self._parser.add_argument("-i",
dest="insecure",
action='store_true',
help="do not verify TLS certificates")
self._parser.add_argument('-J',
dest="json_config_file",
self._parser.add_argument("-H", dest="pretty", action='store_true')
self._parser.add_argument("-i", dest="insecure", action='store_true')
self._parser.add_argument('-J', dest="json_config_file",
help="Script configuration")
self._parser.add_argument("-l",
dest="list",
action="store_true",
help="List all the test flows as a JSON "
"object")
self._parser.add_argument('-m',
dest="metadata",
action='store_true',
self._parser.add_argument(
"-l", dest="list", action="store_true",
help="List all the test flows as a JSON object")
self._parser.add_argument('-m', dest="metadata", action='store_true',
help="Return the IdP metadata")
self._parser.add_argument("-P",
dest="configpath",
default=".",
help="Path to the configuration file for "
"the IdP")
self._parser.add_argument("-t",
dest="testsuite",
default="basicTests",
help="Specifies the test suite from which "
"you wish to run tests")
self._parser.add_argument('-v',
dest='verbose',
action='store_true',
self._parser.add_argument(
"-P", dest="configpath", default=".",
help="Path to the configuration file for the IdP")
self._parser.add_argument("-t", dest="testpackage",
help="Module describing tests")
self._parser.add_argument('-v', dest='verbose', action='store_true',
help="Print runtime information")
self._parser.add_argument("-Y",
dest="pysamllog",
action='store_true',
self._parser.add_argument("-Y", dest="pysamllog", action='store_true',
help="Print PySAML2 logs")
self._parser.add_argument("oper",
nargs="?",
help="Which test to run")
self._parser.add_argument("oper", nargs="?", help="Which test to run")
self.interactions = None
self.entity_id = None
@@ -188,9 +143,6 @@ class Client(object):
root_logger.addHandler(memoryhandler)
root_logger.setLevel(logging.DEBUG)
self.testsuite = import_module("sp_test.test_suites.%s" %
self.args.testsuite)
if self.args.metadata:
return self.make_meta()
elif self.args.list:
@@ -205,15 +157,18 @@ class Client(object):
self.setup()
if self.testsuite:
try:
oper = self.testsuite.testcases[self.args.oper]
except ValueError:
try:
oper = self.operations.OPERATIONS[self.args.oper]
except KeyError:
if self.tests:
try:
oper = self.tests.OPERATIONS[self.args.oper]
except ValueError:
print >> sys.stderr, "Undefined testcase"
return
else:
print >> sys.stderr, "Undefined testcase"
return
else:
print >> sys.stderr, "Undefined testcase"
return
opers = oper["sequence"]
@@ -254,7 +209,7 @@ class Client(object):
if pp:
pp.pprint(tsum)
else:
print >> sys.stdout, json.dumps(tsum, **JSON_DUMPS_ARGS)
print >> sys.stdout, json.dumps(tsum)
if tsum["status"] > 1 or self.args.debug or err:
self.output_log(memoryhandler, streamhandler)
@@ -280,10 +235,14 @@ class Client(object):
self.idp.metadata = metadata
#self.idp_config.metadata = metadata
if self.args.testpackage:
self.tests = import_module("sp_test.package.%s" %
self.args.testpackage)
try:
self.entity_id = _jc["entity_id"]
# Verify its the correct metadata
assert self.entity_id in md.entity.keys(), "Entityid {0} not found in {1}".format(self.entity_id, ', '.join(md.entity.keys()))
assert self.entity_id in md.entity.keys()
except KeyError:
if len(md.entity.keys()) == 1:
self.entity_id = md.entity.keys()[0]
@@ -300,10 +259,10 @@ class Client(object):
def list_operations(self):
res = []
for key, val in self.testsuite.testcases.items():
for key, val in self.operations.OPERATIONS.items():
res.append({"id": key, "name": val["name"]})
print json.dumps(res, **JSON_DUMPS_ARGS)
print json.dumps(res)
def verify_metadata(self):
pass

29
src/sp_test/base.py
View File

@@ -14,11 +14,14 @@ from saml2.sigver import signed_instance_factory, pre_signature_part
from saml2test import CheckError, FatalError
from saml2test.check import Check
from saml2test.check import ExpectedError
from saml2test.status import INTERACTION, STATUSCODE
from saml2test.check import INTERACTION
from saml2test.check import STATUSCODE
from saml2test.interaction import Action
from saml2test.interaction import Interaction
from saml2test.interaction import InteractionNeeded
from sp_test.tests import ErrorResponse
__author__ = 'rolandh'
import logging
@@ -119,8 +122,8 @@ class Conversation():
for serv in ["aa", "aq", "idp"]:
endpoints = self._config.getattr("endpoints", serv)
if endpoints:
for _typ, spec in endpoints.items():
for url, _binding in spec:
for typ, spec in endpoints.items():
for url, binding in spec:
yield url
def which_endpoint(self, url):
@@ -165,11 +168,11 @@ class Conversation():
_txt = self.last_response.content
if self.last_response.status_code >= 400:
raise FatalError("Unexpected error")
raise FatalError("Did not expected error")
def handle_redirect(self):
try:
_url, query = self.last_response.headers["location"].split("?")
url, query = self.last_response.headers["location"].split("?")
except KeyError:
return
@@ -250,7 +253,7 @@ class Conversation():
if param in self.json_config:
args[param] = self.json_config[param]
if getattr(resp, "_send_error", False) == True:
if resp == ErrorResponse:
func = getattr(self.instance, "create_error_response")
else:
_op = camel2underscore.sub(r'_\1', req._class.c_tag).lower()
@@ -312,27 +315,13 @@ class Conversation():
Un-solicited starts with the IDP sending something.
"""
if len(flow) >= 3:
logger.info("TEST FLOW: Start by GET-ing the page")
self.wb_send()
logger.info("TEST FLOW: Continuing with: %s" % flow[0].__name__)
self.intermit(flow[0]._interaction)
logger.info("TEST FLOW: Handling redirect")
self.handle_redirect()
logger.info("TEST FLOW: Sending IdP Response with expected request"
" %s and response to be used %s" %
(flow[1].__name__, flow[2].__name__))
self.send_idp_response(flow[1], flow[2])
if len(flow) == 4:
if flow[3] is None:
flowName = "None"
else:
flowName = flow[3].__name__
logger.info("TEST FLOW Handling result with HTTP Response check"
" for %s" % flowName)
self.handle_result(flow[3])
else:
logger.info("TEST FLOW: Handling result (without HTTP Response "
"check)")
self.handle_result()
def do_sequence(self, oper, tests=None):

8
src/sp_test/check.py
View File

@@ -1,8 +1,8 @@
import inspect
import sys
# Import the status codes used indicate the test results
from saml2test.status import CRITICAL
from saml2test.check import Check
from saml2test.check import CRITICAL
from saml2test import check
from saml2test.interaction import Interaction
@@ -45,6 +45,8 @@ class ErrorResponse(Check):
self._status = CRITICAL
return {}
# =============================================================================
CLASS_CACHE = {}
@@ -52,7 +54,7 @@ CLASS_CACHE = {}
def factory(cid, classes=CLASS_CACHE):
if len(classes) == 0:
check.factory(cid, classes)
for _name, obj in inspect.getmembers(sys.modules[__name__]):
for name, obj in inspect.getmembers(sys.modules[__name__]):
if inspect.isclass(obj):
try:
classes[obj.cid] = obj

0
src/sp_test/test_suites/SAML2Int.py
View File

0
src/sp_test/test_suites/SAMLProf_SingleLogout.py
View File

0
src/sp_test/test_suites/SAMLProf_WebSSO.py
View File

1
src/sp_test/test_suites/__init__.py
View File

@@ -1 +0,0 @@
# Group of test suites

51
src/sp_test/test_suites/basicTests.py → src/sp_test/tests.py
View File

@@ -1,21 +1,16 @@
# -*- coding: utf-8 -*-
import copy
from saml2 import samlp
from saml2 import samlp, SamlBase
from saml2 import NAMEID_FORMAT_EMAILADDRESS
from saml2 import BINDING_HTTP_REDIRECT
from saml2 import BINDING_HTTP_POST
from saml2.s_utils import rndstr
from saml2.saml import SCM_BEARER
from saml2.saml import Condition
from saml2.saml import XSI_TYPE
from saml2.saml import Audience
from saml2.saml import SCM_BEARER, Condition, XSI_TYPE, Audience
from saml2.saml import NAMEID_FORMAT_PERSISTENT
from saml2.saml import SCM_SENDER_VOUCHES
from saml2.saml import ConditionAbstractType_
from saml2.samlp import STATUS_AUTHN_FAILED
from saml2.time_util import in_a_while
from saml2.time_util import a_while_ago
from saml2.time_util import in_a_while, a_while_ago
from sp_test.check import VerifyContent
from sp_test import check
from saml2test import ip_addresses
@@ -40,10 +35,10 @@ class TimeRestriction(ConditionAbstractType_):
c_tag = 'TimeRestriction'
c_namespace = "urn:mace:umu.se:sso"
c_children = copy.copy(ConditionAbstractType_.c_children)
c_attributes = copy.copy(ConditionAbstractType_.c_attributes)
c_children = ConditionAbstractType_.c_children.copy()
c_attributes = ConditionAbstractType_.c_attributes.copy()
c_child_order = ConditionAbstractType_.c_child_order[:]
c_cardinality = copy.copy(ConditionAbstractType_.c_cardinality)
c_cardinality = ConditionAbstractType_.c_cardinality.copy()
c_attributes['StartTime'] = ('start_time', 'time', False)
c_attributes['EndTime'] = ('end_time', 'time', False)
@@ -116,7 +111,6 @@ class ErrorResponse(Response):
"info": (STATUS_AUTHN_FAILED, "Unknown user")
}
_binding = BINDING_HTTP_POST
_send_error = True
class LogoutResponse(Response):
@@ -157,7 +151,7 @@ class AuthnResponse_NameIDformat_foo(AuthnResponse):
class AuthnResponse_without_SubjectConfirmationData_1(AuthnResponse):
def pre_processing(self, message, **kwargs):
_confirmation = message.assertion.subject.subject_confirmation[0]
_confirmation = message.assertion.subject.subject_confirmation
_confirmation.subject_confirmation_data = None
_confirmation.method = SCM_SENDER_VOUCHES
return message
@@ -177,11 +171,9 @@ class AuthnResponse_rnd_Response_inresponseto(AuthnResponse):
return message
class AuthnResponse_rnd_SubjectConfirmationData_inresponseto(AuthnResponse):
class AuthnResponse_rnd_Response_assertion_inresponseto(AuthnResponse):
def pre_processing(self, message, **kwargs):
_scs = message.assertion.subject.subject_confirmation
for _sc in _scs:
_sc.subject_confirmation_data.in_response_to = rndstr(16)
message.assertion.in_response_to = rndstr(16)
return message
@@ -206,6 +198,13 @@ class AuthnResponse_missing_Recipient(AuthnResponse):
return message
class AuthnResponse_missing_Recipient(AuthnResponse):
def pre_processing(self, message, **kwargs):
_confirmation = message.assertion.subject.subject_confirmation
_confirmation[0].subject_confirmation_data.recipient = None
return message
class AuthnResponse_broken_destination(AuthnResponse):
def pre_processing(self, message, **kwargs):
message.destination = "NotAUrl"
@@ -359,7 +358,12 @@ class AuthnResponse_AudienceRestriction_appended_audience(AuthnResponse):
conditions.audience_restriction[0].audience.append(extra)
return message
testcases = {
PHASES = {
"login_redirect": (Login, AuthnRequest, AuthnResponse_redirect),
}
OPERATIONS = {
'sp-00': {
"name": 'Basic Login test',
"descr": 'Basic Login test',
@@ -375,8 +379,7 @@ testcases = {
'FL03': {
"name": """SP should not accept a Response as valid, when the
StatusCode is not success""",
"sequence": [(Login, AuthnRequest, ErrorResponse,
check.ErrorResponse)],
"sequence": [(Login, AuthnRequest, ErrorResponse, check.ErrorResponse)],
"tests": {"pre": [], "post": []}
},
'FL04': {
@@ -417,7 +420,7 @@ StatusCode is not success""",
"name": ("SP should not accept an assertion InResponseTo ",
"which is chosen randomly"),
"sequence": [(Login, AuthnRequest,
AuthnResponse_rnd_SubjectConfirmationData_inresponseto,
AuthnResponse_rnd_Response_assertion_inresponseto,
check.ErrorResponse)],
"tests": {"pre": [], "post": []}
},
@@ -516,8 +519,8 @@ StatusCode is not success""",
"tests": {"pre": [], "post": []}
},
'FL29': {
"name": "Reject a Response with a "
"SubjectConfirmationData@NotOnOrAfter in the past",
"name": "Reject a Response with a SubjectConfirmationData@NotOnOrAfter "
"in the past",
"sequence": [(Login, AuthnRequest,
AuthnResponse_past_SubjectConfirmationData_NotOnOrAfter,
check.ErrorResponse)],
@@ -700,4 +703,4 @@ StatusCode is not success""",
# in separate session, no session-cookies)
# SP MUST accept an LogoutRequest with two sesionindexes (second valid) (
# sent in separate session, no session-cookies)
# Session fixtation check
# Session fixtation check

2
tests/attributemaps/basic.py
View File

@@ -323,4 +323,4 @@ MAP = {
'x121Address': 'urn:mace:dir:attribute-def:x121Address',
'x500UniqueIdentifier': 'urn:mace:dir:attribute-def:x500UniqueIdentifier',
}
}
}

448
tests/attributemaps/saml_uri.py
View File

@@ -12,230 +12,230 @@ SCHAC = "urn:oid:1.3.6.1.4.1.25178.2."
MAP = {
"identifier": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"fro": {
EDUPERSON_OID + '2': 'eduPersonNickname',
EDUPERSON_OID + '9': 'eduPersonScopedAffiliation',
EDUPERSON_OID + '11': 'eduPersonAssurance',
EDUPERSON_OID + '10': 'eduPersonTargetedID',
EDUPERSON_OID + '4': 'eduPersonOrgUnitDN',
NOREDUPERSON_OID + '6': 'norEduOrgAcronym',
NOREDUPERSON_OID + '7': 'norEduOrgUniqueIdentifier',
NOREDUPERSON_OID + '4': 'norEduPersonLIN',
EDUPERSON_OID + '1': 'eduPersonAffiliation',
NOREDUPERSON_OID + '2': 'norEduOrgUnitUniqueNumber',
NETSCAPE_LDAP + '40': 'userSMIMECertificate',
NOREDUPERSON_OID + '1': 'norEduOrgUniqueNumber',
NETSCAPE_LDAP + '241': 'displayName',
UCL_DIR_PILOT + '37': 'associatedDomain',
EDUPERSON_OID + '6': 'eduPersonPrincipalName',
NOREDUPERSON_OID + '8': 'norEduOrgUnitUniqueIdentifier',
NOREDUPERSON_OID + '9': 'federationFeideSchemaVersion',
X500ATTR_OID + '53': 'deltaRevocationList',
X500ATTR_OID + '52': 'supportedAlgorithms',
X500ATTR_OID + '51': 'houseIdentifier',
X500ATTR_OID + '50': 'uniqueMember',
X500ATTR_OID + '19': 'physicalDeliveryOfficeName',
X500ATTR_OID + '18': 'postOfficeBox',
X500ATTR_OID + '17': 'postalCode',
X500ATTR_OID + '16': 'postalAddress',
X500ATTR_OID + '15': 'businessCategory',
X500ATTR_OID + '14': 'searchGuide',
EDUPERSON_OID + '5': 'eduPersonPrimaryAffiliation',
X500ATTR_OID + '12': 'title',
X500ATTR_OID + '11': 'ou',
X500ATTR_OID + '10': 'o',
X500ATTR_OID + '37': 'cACertificate',
X500ATTR_OID + '36': 'userCertificate',
X500ATTR_OID + '31': 'member',
X500ATTR_OID + '30': 'supportedApplicationContext',
X500ATTR_OID + '33': 'roleOccupant',
X500ATTR_OID + '32': 'owner',
NETSCAPE_LDAP + '1': 'carLicense',
PKCS_9 + '1': 'email',
NETSCAPE_LDAP + '3': 'employeeNumber',
NETSCAPE_LDAP + '2': 'departmentNumber',
X500ATTR_OID + '39': 'certificateRevocationList',
X500ATTR_OID + '38': 'authorityRevocationList',
NETSCAPE_LDAP + '216': 'userPKCS12',
EDUPERSON_OID + '8': 'eduPersonPrimaryOrgUnitDN',
X500ATTR_OID + '9': 'street',
X500ATTR_OID + '8': 'st',
NETSCAPE_LDAP + '39': 'preferredLanguage',
EDUPERSON_OID + '7': 'eduPersonEntitlement',
X500ATTR_OID + '2': 'knowledgeInformation',
X500ATTR_OID + '7': 'l',
X500ATTR_OID + '6': 'c',
X500ATTR_OID + '5': 'serialNumber',
X500ATTR_OID + '4': 'sn',
UCL_DIR_PILOT + '60': 'jpegPhoto',
X500ATTR_OID + '65': 'pseudonym',
NOREDUPERSON_OID + '5': 'norEduPersonNIN',
UCL_DIR_PILOT + '3': 'mail',
UCL_DIR_PILOT + '25': 'dc',
X500ATTR_OID + '40': 'crossCertificatePair',
X500ATTR_OID + '42': 'givenName',
X500ATTR_OID + '43': 'initials',
X500ATTR_OID + '44': 'generationQualifier',
X500ATTR_OID + '45': 'x500UniqueIdentifier',
X500ATTR_OID + '46': 'dnQualifier',
X500ATTR_OID + '47': 'enhancedSearchGuide',
X500ATTR_OID + '48': 'protocolInformation',
X500ATTR_OID + '54': 'dmdName',
NETSCAPE_LDAP + '4': 'employeeType',
X500ATTR_OID + '22': 'teletexTerminalIdentifier',
X500ATTR_OID + '23': 'facsimileTelephoneNumber',
X500ATTR_OID + '20': 'telephoneNumber',
X500ATTR_OID + '21': 'telexNumber',
X500ATTR_OID + '26': 'registeredAddress',
X500ATTR_OID + '27': 'destinationIndicator',
X500ATTR_OID + '24': 'x121Address',
X500ATTR_OID + '25': 'internationaliSDNNumber',
X500ATTR_OID + '28': 'preferredDeliveryMethod',
X500ATTR_OID + '29': 'presentationAddress',
EDUPERSON_OID + '3': 'eduPersonOrgDN',
NOREDUPERSON_OID + '3': 'norEduPersonBirthDate',
UMICH + '57': 'labeledURI',
UCL_DIR_PILOT + '1': 'uid',
SCHAC + '1': 'schacMotherTongue',
SCHAC + '2': 'schacGender',
SCHAC + '3': 'schacDateOfBirth',
SCHAC + '4': 'schacPlaceOfBirth',
SCHAC + '5': 'schacCountryOfCitizenship',
SCHAC + '6': 'schacSn1',
SCHAC + '7': 'schacSn2',
SCHAC + '8': 'schacPersonalTitle',
SCHAC + '9': 'schacHomeOrganization',
SCHAC + '10': 'schacHomeOrganizationType',
SCHAC + '11': 'schacCountryOfResidence',
SCHAC + '12': 'schacUserPresenceID',
SCHAC + '13': 'schacPersonalPosition',
SCHAC + '14': 'schacPersonalUniqueCode',
SCHAC + '15': 'schacPersonalUniqueID',
SCHAC + '17': 'schacExpiryDate',
SCHAC + '18': 'schacUserPrivateAttribute',
SCHAC + '19': 'schacUserStatus',
SCHAC + '20': 'schacProjectMembership',
SCHAC + '21': 'schacProjectSpecificRole',
EDUPERSON_OID+'2': 'eduPersonNickname',
EDUPERSON_OID+'9': 'eduPersonScopedAffiliation',
EDUPERSON_OID+'11': 'eduPersonAssurance',
EDUPERSON_OID+'10': 'eduPersonTargetedID',
EDUPERSON_OID+'4': 'eduPersonOrgUnitDN',
NOREDUPERSON_OID+'6': 'norEduOrgAcronym',
NOREDUPERSON_OID+'7': 'norEduOrgUniqueIdentifier',
NOREDUPERSON_OID+'4': 'norEduPersonLIN',
EDUPERSON_OID+'1': 'eduPersonAffiliation',
NOREDUPERSON_OID+'2': 'norEduOrgUnitUniqueNumber',
NETSCAPE_LDAP+'40': 'userSMIMECertificate',
NOREDUPERSON_OID+'1': 'norEduOrgUniqueNumber',
NETSCAPE_LDAP+'241': 'displayName',
UCL_DIR_PILOT+'37': 'associatedDomain',
EDUPERSON_OID+'6': 'eduPersonPrincipalName',
NOREDUPERSON_OID+'8': 'norEduOrgUnitUniqueIdentifier',
NOREDUPERSON_OID+'9': 'federationFeideSchemaVersion',
X500ATTR_OID+'53': 'deltaRevocationList',
X500ATTR_OID+'52': 'supportedAlgorithms',
X500ATTR_OID+'51': 'houseIdentifier',
X500ATTR_OID+'50': 'uniqueMember',
X500ATTR_OID+'19': 'physicalDeliveryOfficeName',
X500ATTR_OID+'18': 'postOfficeBox',
X500ATTR_OID+'17': 'postalCode',
X500ATTR_OID+'16': 'postalAddress',
X500ATTR_OID+'15': 'businessCategory',
X500ATTR_OID+'14': 'searchGuide',
EDUPERSON_OID+'5': 'eduPersonPrimaryAffiliation',
X500ATTR_OID+'12': 'title',
X500ATTR_OID+'11': 'ou',
X500ATTR_OID+'10': 'o',
X500ATTR_OID+'37': 'cACertificate',
X500ATTR_OID+'36': 'userCertificate',
X500ATTR_OID+'31': 'member',
X500ATTR_OID+'30': 'supportedApplicationContext',
X500ATTR_OID+'33': 'roleOccupant',
X500ATTR_OID+'32': 'owner',
NETSCAPE_LDAP+'1': 'carLicense',
PKCS_9+'1': 'email',
NETSCAPE_LDAP+'3': 'employeeNumber',
NETSCAPE_LDAP+'2': 'departmentNumber',
X500ATTR_OID+'39': 'certificateRevocationList',
X500ATTR_OID+'38': 'authorityRevocationList',
NETSCAPE_LDAP+'216': 'userPKCS12',
EDUPERSON_OID+'8': 'eduPersonPrimaryOrgUnitDN',
X500ATTR_OID+'9': 'street',
X500ATTR_OID+'8': 'st',
NETSCAPE_LDAP+'39': 'preferredLanguage',
EDUPERSON_OID+'7': 'eduPersonEntitlement',
X500ATTR_OID+'2': 'knowledgeInformation',
X500ATTR_OID+'7': 'l',
X500ATTR_OID+'6': 'c',
X500ATTR_OID+'5': 'serialNumber',
X500ATTR_OID+'4': 'sn',
UCL_DIR_PILOT+'60': 'jpegPhoto',
X500ATTR_OID+'65': 'pseudonym',
NOREDUPERSON_OID+'5': 'norEduPersonNIN',
UCL_DIR_PILOT+'3': 'mail',
UCL_DIR_PILOT+'25': 'dc',
X500ATTR_OID+'40': 'crossCertificatePair',
X500ATTR_OID+'42': 'givenName',
X500ATTR_OID+'43': 'initials',
X500ATTR_OID+'44': 'generationQualifier',
X500ATTR_OID+'45': 'x500UniqueIdentifier',
X500ATTR_OID+'46': 'dnQualifier',
X500ATTR_OID+'47': 'enhancedSearchGuide',
X500ATTR_OID+'48': 'protocolInformation',
X500ATTR_OID+'54': 'dmdName',
NETSCAPE_LDAP+'4': 'employeeType',
X500ATTR_OID+'22': 'teletexTerminalIdentifier',
X500ATTR_OID+'23': 'facsimileTelephoneNumber',
X500ATTR_OID+'20': 'telephoneNumber',
X500ATTR_OID+'21': 'telexNumber',
X500ATTR_OID+'26': 'registeredAddress',
X500ATTR_OID+'27': 'destinationIndicator',
X500ATTR_OID+'24': 'x121Address',
X500ATTR_OID+'25': 'internationaliSDNNumber',
X500ATTR_OID+'28': 'preferredDeliveryMethod',
X500ATTR_OID+'29': 'presentationAddress',
EDUPERSON_OID+'3': 'eduPersonOrgDN',
NOREDUPERSON_OID+'3': 'norEduPersonBirthDate',
UMICH+'57': 'labeledURI',
UCL_DIR_PILOT+'1': 'uid',
SCHAC+'1': 'schacMotherTongue',
SCHAC+'2': 'schacGender',
SCHAC+'3': 'schacDateOfBirth',
SCHAC+'4': 'schacPlaceOfBirth',
SCHAC+'5': 'schacCountryOfCitizenship',
SCHAC+'6': 'schacSn1',
SCHAC+'7': 'schacSn2',
SCHAC+'8': 'schacPersonalTitle',
SCHAC+'9': 'schacHomeOrganization',
SCHAC+'10': 'schacHomeOrganizationType',
SCHAC+'11': 'schacCountryOfResidence',
SCHAC+'12': 'schacUserPresenceID',
SCHAC+'13': 'schacPersonalPosition',
SCHAC+'14': 'schacPersonalUniqueCode',
SCHAC+'15': 'schacPersonalUniqueID',
SCHAC+'17': 'schacExpiryDate',
SCHAC+'18': 'schacUserPrivateAttribute',
SCHAC+'19': 'schacUserStatus',
SCHAC+'20': 'schacProjectMembership',
SCHAC+'21': 'schacProjectSpecificRole',
},
"to": {
'roleOccupant': X500ATTR_OID + '33',
'gn': X500ATTR_OID + '42',
'norEduPersonNIN': NOREDUPERSON_OID + '5',
'title': X500ATTR_OID + '12',
'facsimileTelephoneNumber': X500ATTR_OID + '23',
'mail': UCL_DIR_PILOT + '3',
'postOfficeBox': X500ATTR_OID + '18',
'fax': X500ATTR_OID + '23',
'telephoneNumber': X500ATTR_OID + '20',
'norEduPersonBirthDate': NOREDUPERSON_OID + '3',
'rfc822Mailbox': UCL_DIR_PILOT + '3',
'dc': UCL_DIR_PILOT + '25',
'countryName': X500ATTR_OID + '6',
'emailAddress': PKCS_9 + '1',
'employeeNumber': NETSCAPE_LDAP + '3',
'organizationName': X500ATTR_OID + '10',
'eduPersonAssurance': EDUPERSON_OID + '11',
'norEduOrgAcronym': NOREDUPERSON_OID + '6',
'registeredAddress': X500ATTR_OID + '26',
'physicalDeliveryOfficeName': X500ATTR_OID + '19',
'associatedDomain': UCL_DIR_PILOT + '37',
'l': X500ATTR_OID + '7',
'stateOrProvinceName': X500ATTR_OID + '8',
'federationFeideSchemaVersion': NOREDUPERSON_OID + '9',
'pkcs9email': PKCS_9 + '1',
'givenName': X500ATTR_OID + '42',
'givenname': X500ATTR_OID + '42',
'x500UniqueIdentifier': X500ATTR_OID + '45',
'eduPersonNickname': EDUPERSON_OID + '2',
'houseIdentifier': X500ATTR_OID + '51',
'street': X500ATTR_OID + '9',
'supportedAlgorithms': X500ATTR_OID + '52',
'preferredLanguage': NETSCAPE_LDAP + '39',
'postalAddress': X500ATTR_OID + '16',
'email': PKCS_9 + '1',
'norEduOrgUnitUniqueIdentifier': NOREDUPERSON_OID + '8',
'eduPersonPrimaryOrgUnitDN': EDUPERSON_OID + '8',
'c': X500ATTR_OID + '6',
'teletexTerminalIdentifier': X500ATTR_OID + '22',
'o': X500ATTR_OID + '10',
'cACertificate': X500ATTR_OID + '37',
'telexNumber': X500ATTR_OID + '21',
'ou': X500ATTR_OID + '11',
'initials': X500ATTR_OID + '43',
'eduPersonOrgUnitDN': EDUPERSON_OID + '4',
'deltaRevocationList': X500ATTR_OID + '53',
'norEduPersonLIN': NOREDUPERSON_OID + '4',
'supportedApplicationContext': X500ATTR_OID + '30',
'eduPersonEntitlement': EDUPERSON_OID + '7',
'generationQualifier': X500ATTR_OID + '44',
'eduPersonAffiliation': EDUPERSON_OID + '1',
'edupersonaffiliation': EDUPERSON_OID + '1',
'eduPersonPrincipalName': EDUPERSON_OID + '6',
'edupersonprincipalname': EDUPERSON_OID + '6',
'localityName': X500ATTR_OID + '7',
'owner': X500ATTR_OID + '32',
'norEduOrgUnitUniqueNumber': NOREDUPERSON_OID + '2',
'searchGuide': X500ATTR_OID + '14',
'certificateRevocationList': X500ATTR_OID + '39',
'organizationalUnitName': X500ATTR_OID + '11',
'userCertificate': X500ATTR_OID + '36',
'preferredDeliveryMethod': X500ATTR_OID + '28',
'internationaliSDNNumber': X500ATTR_OID + '25',
'uniqueMember': X500ATTR_OID + '50',
'departmentNumber': NETSCAPE_LDAP + '2',
'enhancedSearchGuide': X500ATTR_OID + '47',
'userPKCS12': NETSCAPE_LDAP + '216',
'eduPersonTargetedID': EDUPERSON_OID + '10',
'norEduOrgUniqueNumber': NOREDUPERSON_OID + '1',
'x121Address': X500ATTR_OID + '24',
'destinationIndicator': X500ATTR_OID + '27',
'eduPersonPrimaryAffiliation': EDUPERSON_OID + '5',
'surname': X500ATTR_OID + '4',
'jpegPhoto': UCL_DIR_PILOT + '60',
'eduPersonScopedAffiliation': EDUPERSON_OID + '9',
'edupersonscopedaffiliation': EDUPERSON_OID + '9',
'protocolInformation': X500ATTR_OID + '48',
'knowledgeInformation': X500ATTR_OID + '2',
'employeeType': NETSCAPE_LDAP + '4',
'userSMIMECertificate': NETSCAPE_LDAP + '40',
'member': X500ATTR_OID + '31',
'streetAddress': X500ATTR_OID + '9',
'dmdName': X500ATTR_OID + '54',
'postalCode': X500ATTR_OID + '17',
'pseudonym': X500ATTR_OID + '65',
'dnQualifier': X500ATTR_OID + '46',
'crossCertificatePair': X500ATTR_OID + '40',
'eduPersonOrgDN': EDUPERSON_OID + '3',
'authorityRevocationList': X500ATTR_OID + '38',
'displayName': NETSCAPE_LDAP + '241',
'businessCategory': X500ATTR_OID + '15',
'serialNumber': X500ATTR_OID + '5',
'norEduOrgUniqueIdentifier': NOREDUPERSON_OID + '7',
'st': X500ATTR_OID + '8',
'carLicense': NETSCAPE_LDAP + '1',
'presentationAddress': X500ATTR_OID + '29',
'sn': X500ATTR_OID + '4',
'domainComponent': UCL_DIR_PILOT + '25',
'labeledURI': UMICH + '57',
'uid': UCL_DIR_PILOT + '1',
'schacMotherTongue': SCHAC + '1',
'schacGender': SCHAC + '2',
'schacDateOfBirth': SCHAC + '3',
'schacPlaceOfBirth': SCHAC + '4',
'schacCountryOfCitizenship': SCHAC + '5',
'schacSn1': SCHAC + '6',
'schacSn2': SCHAC + '7',
'schacPersonalTitle': SCHAC + '8',
'schacHomeOrganization': SCHAC + '9',
'schacHomeOrganizationType': SCHAC + '10',
'schacCountryOfResidence': SCHAC + '11',
'schacUserPresenceID': SCHAC + '12',
'schacPersonalPosition': SCHAC + '13',
'schacPersonalUniqueCode': SCHAC + '14',
'schacPersonalUniqueID': SCHAC + '15',
'schacExpiryDate': SCHAC + '17',
'schacUserPrivateAttribute': SCHAC + '18',
'schacUserStatus': SCHAC + '19',
'schacProjectMembership': SCHAC + '20',
'schacProjectSpecificRole': SCHAC + '21',
'roleOccupant': X500ATTR_OID+'33',
'gn': X500ATTR_OID+'42',
'norEduPersonNIN': NOREDUPERSON_OID+'5',
'title': X500ATTR_OID+'12',
'facsimileTelephoneNumber': X500ATTR_OID+'23',
'mail': UCL_DIR_PILOT+'3',
'postOfficeBox': X500ATTR_OID+'18',
'fax': X500ATTR_OID+'23',
'telephoneNumber': X500ATTR_OID+'20',
'norEduPersonBirthDate': NOREDUPERSON_OID+'3',
'rfc822Mailbox': UCL_DIR_PILOT+'3',
'dc': UCL_DIR_PILOT+'25',
'countryName': X500ATTR_OID+'6',
'emailAddress': PKCS_9+'1',
'employeeNumber': NETSCAPE_LDAP+'3',
'organizationName': X500ATTR_OID+'10',
'eduPersonAssurance': EDUPERSON_OID+'11',
'norEduOrgAcronym': NOREDUPERSON_OID+'6',
'registeredAddress': X500ATTR_OID+'26',
'physicalDeliveryOfficeName': X500ATTR_OID+'19',
'associatedDomain': UCL_DIR_PILOT+'37',
'l': X500ATTR_OID+'7',
'stateOrProvinceName': X500ATTR_OID+'8',
'federationFeideSchemaVersion': NOREDUPERSON_OID+'9',
'pkcs9email': PKCS_9+'1',
'givenName': X500ATTR_OID+'42',
'givenname': X500ATTR_OID+'42',
'x500UniqueIdentifier': X500ATTR_OID+'45',
'eduPersonNickname': EDUPERSON_OID+'2',
'houseIdentifier': X500ATTR_OID+'51',
'street': X500ATTR_OID+'9',
'supportedAlgorithms': X500ATTR_OID+'52',
'preferredLanguage': NETSCAPE_LDAP+'39',
'postalAddress': X500ATTR_OID+'16',
'email': PKCS_9+'1',
'norEduOrgUnitUniqueIdentifier': NOREDUPERSON_OID+'8',
'eduPersonPrimaryOrgUnitDN': EDUPERSON_OID+'8',
'c': X500ATTR_OID+'6',
'teletexTerminalIdentifier': X500ATTR_OID+'22',
'o': X500ATTR_OID+'10',
'cACertificate': X500ATTR_OID+'37',
'telexNumber': X500ATTR_OID+'21',
'ou': X500ATTR_OID+'11',
'initials': X500ATTR_OID+'43',
'eduPersonOrgUnitDN': EDUPERSON_OID+'4',
'deltaRevocationList': X500ATTR_OID+'53',
'norEduPersonLIN': NOREDUPERSON_OID+'4',
'supportedApplicationContext': X500ATTR_OID+'30',
'eduPersonEntitlement': EDUPERSON_OID+'7',
'generationQualifier': X500ATTR_OID+'44',
'eduPersonAffiliation': EDUPERSON_OID+'1',
'edupersonaffiliation': EDUPERSON_OID+'1',
'eduPersonPrincipalName': EDUPERSON_OID+'6',
'edupersonprincipalname': EDUPERSON_OID+'6',
'localityName': X500ATTR_OID+'7',
'owner': X500ATTR_OID+'32',
'norEduOrgUnitUniqueNumber': NOREDUPERSON_OID+'2',
'searchGuide': X500ATTR_OID+'14',
'certificateRevocationList': X500ATTR_OID+'39',
'organizationalUnitName': X500ATTR_OID+'11',
'userCertificate': X500ATTR_OID+'36',
'preferredDeliveryMethod': X500ATTR_OID+'28',
'internationaliSDNNumber': X500ATTR_OID+'25',
'uniqueMember': X500ATTR_OID+'50',
'departmentNumber': NETSCAPE_LDAP+'2',
'enhancedSearchGuide': X500ATTR_OID+'47',
'userPKCS12': NETSCAPE_LDAP+'216',
'eduPersonTargetedID': EDUPERSON_OID+'10',
'norEduOrgUniqueNumber': NOREDUPERSON_OID+'1',
'x121Address': X500ATTR_OID+'24',
'destinationIndicator': X500ATTR_OID+'27',
'eduPersonPrimaryAffiliation': EDUPERSON_OID+'5',
'surname': X500ATTR_OID+'4',
'jpegPhoto': UCL_DIR_PILOT+'60',
'eduPersonScopedAffiliation': EDUPERSON_OID+'9',
'edupersonscopedaffiliation': EDUPERSON_OID+'9',
'protocolInformation': X500ATTR_OID+'48',
'knowledgeInformation': X500ATTR_OID+'2',
'employeeType': NETSCAPE_LDAP+'4',
'userSMIMECertificate': NETSCAPE_LDAP+'40',
'member': X500ATTR_OID+'31',
'streetAddress': X500ATTR_OID+'9',
'dmdName': X500ATTR_OID+'54',
'postalCode': X500ATTR_OID+'17',
'pseudonym': X500ATTR_OID+'65',
'dnQualifier': X500ATTR_OID+'46',
'crossCertificatePair': X500ATTR_OID+'40',
'eduPersonOrgDN': EDUPERSON_OID+'3',
'authorityRevocationList': X500ATTR_OID+'38',
'displayName': NETSCAPE_LDAP+'241',
'businessCategory': X500ATTR_OID+'15',
'serialNumber': X500ATTR_OID+'5',
'norEduOrgUniqueIdentifier': NOREDUPERSON_OID+'7',
'st': X500ATTR_OID+'8',
'carLicense': NETSCAPE_LDAP+'1',
'presentationAddress': X500ATTR_OID+'29',
'sn': X500ATTR_OID+'4',
'domainComponent': UCL_DIR_PILOT+'25',
'labeledURI': UMICH+'57',
'uid': UCL_DIR_PILOT+'1',
'schacMotherTongue':SCHAC+'1',
'schacGender': SCHAC+'2',
'schacDateOfBirth':SCHAC+'3',
'schacPlaceOfBirth': SCHAC+'4',
'schacCountryOfCitizenship':SCHAC+'5',
'schacSn1': SCHAC+'6',
'schacSn2': SCHAC+'7',
'schacPersonalTitle':SCHAC+'8',
'schacHomeOrganization': SCHAC+'9',
'schacHomeOrganizationType': SCHAC+'10',
'schacCountryOfResidence': SCHAC+'11',
'schacUserPresenceID': SCHAC+'12',
'schacPersonalPosition': SCHAC+'13',
'schacPersonalUniqueCode': SCHAC+'14',
'schacPersonalUniqueID': SCHAC+'15',
'schacExpiryDate': SCHAC+'17',
'schacUserPrivateAttribute': SCHAC+'18',
'schacUserStatus': SCHAC+'19',
'schacProjectMembership': SCHAC+'20',
'schacProjectSpecificRole': SCHAC+'21',
}
}
}

354
tests/attributemaps/shibboleth_uri.py
View File

@@ -9,182 +9,182 @@ UMICH = "urn:oid:1.3.6.1.4.1.250.1.57."
MAP = {
"identifier": "urn:mace:shibboleth:1.0:attributeNamespace:uri",
"fro": {
EDUPERSON_OID + '2': 'eduPersonNickname',
EDUPERSON_OID + '9': 'eduPersonScopedAffiliation',
EDUPERSON_OID + '11': 'eduPersonAssurance',
EDUPERSON_OID + '10': 'eduPersonTargetedID',
EDUPERSON_OID + '4': 'eduPersonOrgUnitDN',
NOREDUPERSON_OID + '6': 'norEduOrgAcronym',
NOREDUPERSON_OID + '7': 'norEduOrgUniqueIdentifier',
NOREDUPERSON_OID + '4': 'norEduPersonLIN',
EDUPERSON_OID + '1': 'eduPersonAffiliation',
NOREDUPERSON_OID + '2': 'norEduOrgUnitUniqueNumber',
NETSCAPE_LDAP + '40': 'userSMIMECertificate',
NOREDUPERSON_OID + '1': 'norEduOrgUniqueNumber',
NETSCAPE_LDAP + '241': 'displayName',
UCL_DIR_PILOT + '37': 'associatedDomain',
EDUPERSON_OID + '6': 'eduPersonPrincipalName',
NOREDUPERSON_OID + '8': 'norEduOrgUnitUniqueIdentifier',
NOREDUPERSON_OID + '9': 'federationFeideSchemaVersion',
X500ATTR + '53': 'deltaRevocationList',
X500ATTR + '52': 'supportedAlgorithms',
X500ATTR + '51': 'houseIdentifier',
X500ATTR + '50': 'uniqueMember',
X500ATTR + '19': 'physicalDeliveryOfficeName',
X500ATTR + '18': 'postOfficeBox',
X500ATTR + '17': 'postalCode',
X500ATTR + '16': 'postalAddress',
X500ATTR + '15': 'businessCategory',
X500ATTR + '14': 'searchGuide',
EDUPERSON_OID + '5': 'eduPersonPrimaryAffiliation',
X500ATTR + '12': 'title',
X500ATTR + '11': 'ou',
X500ATTR + '10': 'o',
X500ATTR + '37': 'cACertificate',
X500ATTR + '36': 'userCertificate',
X500ATTR + '31': 'member',
X500ATTR + '30': 'supportedApplicationContext',
X500ATTR + '33': 'roleOccupant',
X500ATTR + '32': 'owner',
NETSCAPE_LDAP + '1': 'carLicense',
PKCS_9 + '1': 'email',
NETSCAPE_LDAP + '3': 'employeeNumber',
NETSCAPE_LDAP + '2': 'departmentNumber',
X500ATTR + '39': 'certificateRevocationList',
X500ATTR + '38': 'authorityRevocationList',
NETSCAPE_LDAP + '216': 'userPKCS12',
EDUPERSON_OID + '8': 'eduPersonPrimaryOrgUnitDN',
X500ATTR + '9': 'street',
X500ATTR + '8': 'st',
NETSCAPE_LDAP + '39': 'preferredLanguage',
EDUPERSON_OID + '7': 'eduPersonEntitlement',
X500ATTR + '2': 'knowledgeInformation',
X500ATTR + '7': 'l',
X500ATTR + '6': 'c',
X500ATTR + '5': 'serialNumber',
X500ATTR + '4': 'sn',
UCL_DIR_PILOT + '60': 'jpegPhoto',
X500ATTR + '65': 'pseudonym',
NOREDUPERSON_OID + '5': 'norEduPersonNIN',
UCL_DIR_PILOT + '3': 'mail',
UCL_DIR_PILOT + '25': 'dc',
X500ATTR + '40': 'crossCertificatePair',
X500ATTR + '42': 'givenName',
X500ATTR + '43': 'initials',
X500ATTR + '44': 'generationQualifier',
X500ATTR + '45': 'x500UniqueIdentifier',
X500ATTR + '46': 'dnQualifier',
X500ATTR + '47': 'enhancedSearchGuide',
X500ATTR + '48': 'protocolInformation',
X500ATTR + '54': 'dmdName',
NETSCAPE_LDAP + '4': 'employeeType',
X500ATTR + '22': 'teletexTerminalIdentifier',
X500ATTR + '23': 'facsimileTelephoneNumber',
X500ATTR + '20': 'telephoneNumber',
X500ATTR + '21': 'telexNumber',
X500ATTR + '26': 'registeredAddress',
X500ATTR + '27': 'destinationIndicator',
X500ATTR + '24': 'x121Address',
X500ATTR + '25': 'internationaliSDNNumber',
X500ATTR + '28': 'preferredDeliveryMethod',
X500ATTR + '29': 'presentationAddress',
EDUPERSON_OID + '3': 'eduPersonOrgDN',
NOREDUPERSON_OID + '3': 'norEduPersonBirthDate',
EDUPERSON_OID+'2': 'eduPersonNickname',
EDUPERSON_OID+'9': 'eduPersonScopedAffiliation',
EDUPERSON_OID+'11': 'eduPersonAssurance',
EDUPERSON_OID+'10': 'eduPersonTargetedID',
EDUPERSON_OID+'4': 'eduPersonOrgUnitDN',
NOREDUPERSON_OID+'6': 'norEduOrgAcronym',
NOREDUPERSON_OID+'7': 'norEduOrgUniqueIdentifier',
NOREDUPERSON_OID+'4': 'norEduPersonLIN',
EDUPERSON_OID+'1': 'eduPersonAffiliation',
NOREDUPERSON_OID+'2': 'norEduOrgUnitUniqueNumber',
NETSCAPE_LDAP+'40': 'userSMIMECertificate',
NOREDUPERSON_OID+'1': 'norEduOrgUniqueNumber',
NETSCAPE_LDAP+'241': 'displayName',
UCL_DIR_PILOT+'37': 'associatedDomain',
EDUPERSON_OID+'6': 'eduPersonPrincipalName',
NOREDUPERSON_OID+'8': 'norEduOrgUnitUniqueIdentifier',
NOREDUPERSON_OID+'9': 'federationFeideSchemaVersion',
X500ATTR+'53': 'deltaRevocationList',
X500ATTR+'52': 'supportedAlgorithms',
X500ATTR+'51': 'houseIdentifier',
X500ATTR+'50': 'uniqueMember',
X500ATTR+'19': 'physicalDeliveryOfficeName',
X500ATTR+'18': 'postOfficeBox',
X500ATTR+'17': 'postalCode',
X500ATTR+'16': 'postalAddress',
X500ATTR+'15': 'businessCategory',
X500ATTR+'14': 'searchGuide',
EDUPERSON_OID+'5': 'eduPersonPrimaryAffiliation',
X500ATTR+'12': 'title',
X500ATTR+'11': 'ou',
X500ATTR+'10': 'o',
X500ATTR+'37': 'cACertificate',
X500ATTR+'36': 'userCertificate',
X500ATTR+'31': 'member',
X500ATTR+'30': 'supportedApplicationContext',
X500ATTR+'33': 'roleOccupant',
X500ATTR+'32': 'owner',
NETSCAPE_LDAP+'1': 'carLicense',
PKCS_9+'1': 'email',
NETSCAPE_LDAP+'3': 'employeeNumber',
NETSCAPE_LDAP+'2': 'departmentNumber',
X500ATTR+'39': 'certificateRevocationList',
X500ATTR+'38': 'authorityRevocationList',
NETSCAPE_LDAP+'216': 'userPKCS12',
EDUPERSON_OID+'8': 'eduPersonPrimaryOrgUnitDN',
X500ATTR+'9': 'street',
X500ATTR+'8': 'st',
NETSCAPE_LDAP+'39': 'preferredLanguage',
EDUPERSON_OID+'7': 'eduPersonEntitlement',
X500ATTR+'2': 'knowledgeInformation',
X500ATTR+'7': 'l',
X500ATTR+'6': 'c',
X500ATTR+'5': 'serialNumber',
X500ATTR+'4': 'sn',
UCL_DIR_PILOT+'60': 'jpegPhoto',
X500ATTR+'65': 'pseudonym',
NOREDUPERSON_OID+'5': 'norEduPersonNIN',
UCL_DIR_PILOT+'3': 'mail',
UCL_DIR_PILOT+'25': 'dc',
X500ATTR+'40': 'crossCertificatePair',
X500ATTR+'42': 'givenName',
X500ATTR+'43': 'initials',
X500ATTR+'44': 'generationQualifier',
X500ATTR+'45': 'x500UniqueIdentifier',
X500ATTR+'46': 'dnQualifier',
X500ATTR+'47': 'enhancedSearchGuide',
X500ATTR+'48': 'protocolInformation',
X500ATTR+'54': 'dmdName',
NETSCAPE_LDAP+'4': 'employeeType',
X500ATTR+'22': 'teletexTerminalIdentifier',
X500ATTR+'23': 'facsimileTelephoneNumber',
X500ATTR+'20': 'telephoneNumber',
X500ATTR+'21': 'telexNumber',
X500ATTR+'26': 'registeredAddress',
X500ATTR+'27': 'destinationIndicator',
X500ATTR+'24': 'x121Address',
X500ATTR+'25': 'internationaliSDNNumber',
X500ATTR+'28': 'preferredDeliveryMethod',
X500ATTR+'29': 'presentationAddress',
EDUPERSON_OID+'3': 'eduPersonOrgDN',
NOREDUPERSON_OID+'3': 'norEduPersonBirthDate',
},
"to": {
'roleOccupant': X500ATTR + '33',
'gn': X500ATTR + '42',
'norEduPersonNIN': NOREDUPERSON_OID + '5',
'title': X500ATTR + '12',
'facsimileTelephoneNumber': X500ATTR + '23',
'mail': UCL_DIR_PILOT + '3',
'postOfficeBox': X500ATTR + '18',
'fax': X500ATTR + '23',
'telephoneNumber': X500ATTR + '20',
'norEduPersonBirthDate': NOREDUPERSON_OID + '3',
'rfc822Mailbox': UCL_DIR_PILOT + '3',
'dc': UCL_DIR_PILOT + '25',
'countryName': X500ATTR + '6',
'emailAddress': PKCS_9 + '1',
'employeeNumber': NETSCAPE_LDAP + '3',
'organizationName': X500ATTR + '10',
'eduPersonAssurance': EDUPERSON_OID + '11',
'norEduOrgAcronym': NOREDUPERSON_OID + '6',
'registeredAddress': X500ATTR + '26',
'physicalDeliveryOfficeName': X500ATTR + '19',
'associatedDomain': UCL_DIR_PILOT + '37',
'l': X500ATTR + '7',
'stateOrProvinceName': X500ATTR + '8',
'federationFeideSchemaVersion': NOREDUPERSON_OID + '9',
'pkcs9email': PKCS_9 + '1',
'givenName': X500ATTR + '42',
'x500UniqueIdentifier': X500ATTR + '45',
'eduPersonNickname': EDUPERSON_OID + '2',
'houseIdentifier': X500ATTR + '51',
'street': X500ATTR + '9',
'supportedAlgorithms': X500ATTR + '52',
'preferredLanguage': NETSCAPE_LDAP + '39',
'postalAddress': X500ATTR + '16',
'email': PKCS_9 + '1',
'norEduOrgUnitUniqueIdentifier': NOREDUPERSON_OID + '8',
'eduPersonPrimaryOrgUnitDN': EDUPERSON_OID + '8',
'c': X500ATTR + '6',
'teletexTerminalIdentifier': X500ATTR + '22',
'o': X500ATTR + '10',
'cACertificate': X500ATTR + '37',
'telexNumber': X500ATTR + '21',
'ou': X500ATTR + '11',
'initials': X500ATTR + '43',
'eduPersonOrgUnitDN': EDUPERSON_OID + '4',
'deltaRevocationList': X500ATTR + '53',
'norEduPersonLIN': NOREDUPERSON_OID + '4',
'supportedApplicationContext': X500ATTR + '30',
'eduPersonEntitlement': EDUPERSON_OID + '7',
'generationQualifier': X500ATTR + '44',
'eduPersonAffiliation': EDUPERSON_OID + '1',
'eduPersonPrincipalName': EDUPERSON_OID + '6',
'localityName': X500ATTR + '7',
'owner': X500ATTR + '32',
'norEduOrgUnitUniqueNumber': NOREDUPERSON_OID + '2',
'searchGuide': X500ATTR + '14',
'certificateRevocationList': X500ATTR + '39',
'organizationalUnitName': X500ATTR + '11',
'userCertificate': X500ATTR + '36',
'preferredDeliveryMethod': X500ATTR + '28',
'internationaliSDNNumber': X500ATTR + '25',
'uniqueMember': X500ATTR + '50',
'departmentNumber': NETSCAPE_LDAP + '2',
'enhancedSearchGuide': X500ATTR + '47',
'userPKCS12': NETSCAPE_LDAP + '216',
'eduPersonTargetedID': EDUPERSON_OID + '10',
'norEduOrgUniqueNumber': NOREDUPERSON_OID + '1',
'x121Address': X500ATTR + '24',
'destinationIndicator': X500ATTR + '27',
'eduPersonPrimaryAffiliation': EDUPERSON_OID + '5',
'surname': X500ATTR + '4',
'jpegPhoto': UCL_DIR_PILOT + '60',
'eduPersonScopedAffiliation': EDUPERSON_OID + '9',
'protocolInformation': X500ATTR + '48',
'knowledgeInformation': X500ATTR + '2',
'employeeType': NETSCAPE_LDAP + '4',
'userSMIMECertificate': NETSCAPE_LDAP + '40',
'member': X500ATTR + '31',
'streetAddress': X500ATTR + '9',
'dmdName': X500ATTR + '54',
'postalCode': X500ATTR + '17',
'pseudonym': X500ATTR + '65',
'dnQualifier': X500ATTR + '46',
'crossCertificatePair': X500ATTR + '40',
'eduPersonOrgDN': EDUPERSON_OID + '3',
'authorityRevocationList': X500ATTR + '38',
'displayName': NETSCAPE_LDAP + '241',
'businessCategory': X500ATTR + '15',
'serialNumber': X500ATTR + '5',
'norEduOrgUniqueIdentifier': NOREDUPERSON_OID + '7',
'st': X500ATTR + '8',
'carLicense': NETSCAPE_LDAP + '1',
'presentationAddress': X500ATTR + '29',
'sn': X500ATTR + '4',
'domainComponent': UCL_DIR_PILOT + '25',
"to":{
'roleOccupant': X500ATTR+'33',
'gn': X500ATTR+'42',
'norEduPersonNIN': NOREDUPERSON_OID+'5',
'title': X500ATTR+'12',
'facsimileTelephoneNumber': X500ATTR+'23',
'mail': UCL_DIR_PILOT+'3',
'postOfficeBox': X500ATTR+'18',
'fax': X500ATTR+'23',
'telephoneNumber': X500ATTR+'20',
'norEduPersonBirthDate': NOREDUPERSON_OID+'3',
'rfc822Mailbox': UCL_DIR_PILOT+'3',
'dc': UCL_DIR_PILOT+'25',
'countryName': X500ATTR+'6',
'emailAddress': PKCS_9+'1',
'employeeNumber': NETSCAPE_LDAP+'3',
'organizationName': X500ATTR+'10',
'eduPersonAssurance': EDUPERSON_OID+'11',
'norEduOrgAcronym': NOREDUPERSON_OID+'6',
'registeredAddress': X500ATTR+'26',
'physicalDeliveryOfficeName': X500ATTR+'19',
'associatedDomain': UCL_DIR_PILOT+'37',
'l': X500ATTR+'7',
'stateOrProvinceName': X500ATTR+'8',
'federationFeideSchemaVersion': NOREDUPERSON_OID+'9',
'pkcs9email': PKCS_9+'1',
'givenName': X500ATTR+'42',
'x500UniqueIdentifier': X500ATTR+'45',
'eduPersonNickname': EDUPERSON_OID+'2',
'houseIdentifier': X500ATTR+'51',
'street': X500ATTR+'9',
'supportedAlgorithms': X500ATTR+'52',
'preferredLanguage': NETSCAPE_LDAP+'39',
'postalAddress': X500ATTR+'16',
'email': PKCS_9+'1',
'norEduOrgUnitUniqueIdentifier': NOREDUPERSON_OID+'8',
'eduPersonPrimaryOrgUnitDN': EDUPERSON_OID+'8',
'c': X500ATTR+'6',
'teletexTerminalIdentifier': X500ATTR+'22',
'o': X500ATTR+'10',
'cACertificate': X500ATTR+'37',
'telexNumber': X500ATTR+'21',
'ou': X500ATTR+'11',
'initials': X500ATTR+'43',
'eduPersonOrgUnitDN': EDUPERSON_OID+'4',
'deltaRevocationList': X500ATTR+'53',
'norEduPersonLIN': NOREDUPERSON_OID+'4',
'supportedApplicationContext': X500ATTR+'30',
'eduPersonEntitlement': EDUPERSON_OID+'7',
'generationQualifier': X500ATTR+'44',
'eduPersonAffiliation': EDUPERSON_OID+'1',
'eduPersonPrincipalName': EDUPERSON_OID+'6',
'localityName': X500ATTR+'7',
'owner': X500ATTR+'32',
'norEduOrgUnitUniqueNumber': NOREDUPERSON_OID+'2',
'searchGuide': X500ATTR+'14',
'certificateRevocationList': X500ATTR+'39',
'organizationalUnitName': X500ATTR+'11',
'userCertificate': X500ATTR+'36',
'preferredDeliveryMethod': X500ATTR+'28',
'internationaliSDNNumber': X500ATTR+'25',
'uniqueMember': X500ATTR+'50',
'departmentNumber': NETSCAPE_LDAP+'2',
'enhancedSearchGuide': X500ATTR+'47',
'userPKCS12': NETSCAPE_LDAP+'216',
'eduPersonTargetedID': EDUPERSON_OID+'10',
'norEduOrgUniqueNumber': NOREDUPERSON_OID+'1',
'x121Address': X500ATTR+'24',
'destinationIndicator': X500ATTR+'27',
'eduPersonPrimaryAffiliation': EDUPERSON_OID+'5',
'surname': X500ATTR+'4',
'jpegPhoto': UCL_DIR_PILOT+'60',
'eduPersonScopedAffiliation': EDUPERSON_OID+'9',
'protocolInformation': X500ATTR+'48',
'knowledgeInformation': X500ATTR+'2',
'employeeType': NETSCAPE_LDAP+'4',
'userSMIMECertificate': NETSCAPE_LDAP+'40',
'member': X500ATTR+'31',
'streetAddress': X500ATTR+'9',
'dmdName': X500ATTR+'54',
'postalCode': X500ATTR+'17',
'pseudonym': X500ATTR+'65',
'dnQualifier': X500ATTR+'46',
'crossCertificatePair': X500ATTR+'40',
'eduPersonOrgDN': EDUPERSON_OID+'3',
'authorityRevocationList': X500ATTR+'38',
'displayName': NETSCAPE_LDAP+'241',
'businessCategory': X500ATTR+'15',
'serialNumber': X500ATTR+'5',
'norEduOrgUniqueIdentifier': NOREDUPERSON_OID+'7',
'st': X500ATTR+'8',
'carLicense': NETSCAPE_LDAP+'1',
'presentationAddress': X500ATTR+'29',
'sn': X500ATTR+'4',
'domainComponent': UCL_DIR_PILOT+'25',
}
}
}

21
tests/idp_test/config.py.example
View File

@@ -14,12 +14,12 @@ BASE = "http://lingon.ladok.umu.se:8087"
#BASE = "http://localhost:8087"
CONFIG = {
"entityid": "%s/sp.xml" % BASE,
"name": "SAML2 test tool",
"entityid" : "%s/sp.xml" % BASE,
"name" : "SAML2 test tool",
"description": "Simplest possible",
"service": {
"sp": {
"endpoints": {
"endpoints":{
"assertion_consumer_service": [
("%s/acs/post" % BASE, BINDING_HTTP_POST),
("%s/acs/redirect" % BASE, BINDING_HTTP_REDIRECT),
@@ -30,27 +30,27 @@ CONFIG = {
"single_logout_service": [
("%s/sls" % BASE, BINDING_SOAP)
],
"artifact_resolution_service": [
"artifact_resolution_service":[
("%s/ars" % BASE, BINDING_SOAP)
],
"manage_name_id_service": [
"manage_name_id_service":[
("%s/mni" % BASE, BINDING_HTTP_POST),
("%s/mni" % BASE, BINDING_HTTP_REDIRECT),
("%s/mni" % BASE, BINDING_SOAP),
("%s/acs/artifact" % BASE, BINDING_HTTP_ARTIFACT)
],
"discovery_response": [
"discovery_response":[
("%s/disco" % BASE, BINDING_DISCO)
]
}
}
},
"key_file": "keys/mykey.pem",
"cert_file": "keys/mycert.pem",
"xmlsec_binary": XMLSEC_BINARY,
"key_file" : "keys/mykey.pem",
"cert_file" : "keys/mycert.pem",
"xmlsec_binary" : XMLSEC_BINARY,
"subject_data": "subject_data.db",
"accepted_time_diff": 60,
"attribute_map_dir": "attributemaps",
"attribute_map_dir" : "attributemaps",
"organization": {
"name": ("AB Exempel", "se"),
"display_name": ("AB Exempel", "se"),
@@ -68,3 +68,4 @@ CONFIG = {
"secret": "0123456789",
"only_use_keys_in_metadata": False
}

3
tests/idp_test/target_idp.py
View File

@@ -1,6 +1,5 @@
#!/usr/bin/env python
from saml2.saml import NAME_FORMAT_URI
from saml2test import JSON_DUMPS_ARGS
__author__ = 'rolandh'
@@ -75,4 +74,4 @@ info = {
"name_format": NAME_FORMAT_URI
}
print json.dumps(info, **JSON_DUMPS_ARGS)
print json.dumps(info)

3
tests/localhost.py
View File

@@ -1,6 +1,5 @@
#!/usr/bin/env python
from saml2.saml import NAME_FORMAT_URI
from saml2test import JSON_DUMPS_ARGS
__author__ = 'rolandh'
@@ -65,4 +64,4 @@ info = {
"name_format": NAME_FORMAT_URI
}
print json.dumps(info, **JSON_DUMPS_ARGS)
print json.dumps(info)

3
tests/sp_test/targetsp.py
View File

@@ -1,6 +1,5 @@
#!/usr/bin/env python
from saml2.saml import AUTHN_PASSWORD
from saml2test import JSON_DUMPS_ARGS
__author__ = 'rolandh'
@@ -41,4 +40,4 @@ info = {
"userid": "roland"
}
print json.dumps(info, **JSON_DUMPS_ARGS)
print json.dumps(info)