openstack/deb-python-pysaml2
Code Issues Proposed changes

Change the config module, tests had to be rewritten

Browse Source
This commit is contained in:
Roland Hedberg
2011-03-18 13:05:04 +01:00
parent a62476cde3
commit c3984d6560
19 changed files with 183 additions and 501 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tests/attributemaps/urn:oasis:names:tc:SAML:2.0:attrname-format:uri/fro.py
View File

@@ -81,5 +81,5 @@
'urn:oid:1.3.6.1.4.1.5923.1.1.1.3': 'eduPersonOrgDN',
'urn:oid:1.3.6.1.4.1.2428.90.1.3': 'norEduPersonBirthDate',
'urn:oid:1.3.6.1.4.1.250.1.57': 'labeledURI',
'urn:oid:0.9.2342.19200300.100.1.1': 'uid',
}

5
tests/attributemaps/urn:oasis:names:tc:SAML:2.0:attrname-format:uri/to.py
View File

@@ -50,9 +50,7 @@
'eduPersonEntitlement': 'urn:oid:1.3.6.1.4.1.5923.1.1.1.7',
'generationQualifier': 'urn:oid:2.5.4.44',
'eduPersonAffiliation': 'urn:oid:1.3.6.1.4.1.5923.1.1.1.1',
'edupersonaffiliation': 'urn:oid:1.3.6.1.4.1.5923.1.1.1.1',
'eduPersonPrincipalName': 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6',
'edupersonprincipalname': 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6',
'localityName': 'urn:oid:2.5.4.7',
'owner': 'urn:oid:2.5.4.32',
'norEduOrgUnitUniqueNumber': 'urn:oid:1.3.6.1.4.1.2428.90.1.2',
@@ -97,5 +95,6 @@
'presentationAddress': 'urn:oid:2.5.4.29',
'sn': 'urn:oid:2.5.4.4',
'domainComponent': 'urn:oid:0.9.2342.19200300.100.1.25',
'labeledURI': '1.3.6.1.4.1.250.1.57',
'labeledURI': 'urn:oud:1.3.6.1.4.1.250.1.57',
'uid': 'urn:oud:0.9.2342.19200300.100.1.1'
}

44
tests/idp.config
View File

@@ -1,44 +0,0 @@
{
"entityid" : "urn:mace:example.com:saml:roland:idp",
"name" : "Rolands IdP",
"endpoints" : {
"single_sign_on_service" : ["http://localhost:8088/sso"],
"single_logout_service": ["http://localhost:8088/slo"]
},
"policy": {
"default": {
"lifetime": {"minutes":15},
"attribute_restrictions": None, # means all I have
"name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
},
"urn:mace:example.com:saml:roland:sp": {
"lifetime": {"minutes": 5},
"nameid_format": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
# "attribute_restrictions":{
# "givenName": None,
# "surName": None,
# }
}
},
"debug" : 1,
"key_file" : "test.key",
"cert_file" : "test.pem",
"xmlsec_binary" : "/usr/local/bin/xmlsec1",
"metadata": {
"local": ["metadata.xml", "vo_metadata.xml"],
},
"subject_data": "subject_data.db",
"attribute_map_dir" : "attributemaps",
"organization": {
"name": "Exempel AB",
"display_name": [("Exempel AB","se"),("Example Co.","en")],
"url":"http://www.example.com/roland",
},
"contact_person": [{
"given_name":"John",
"sur_name": "Smith",
"email_address": ["john.smith@example.com"],
"contact_type": "technical",
},
],
}

41
tests/idp_slo_redirect.conf
View File

@@ -1,41 +0,0 @@
{
"entityid" : "urn:mace:example.com:saml:roland:idp",
"name" : "Rolands IdP",
"endpoints" : {
"single_sign_on_service" : ["http://localhost:8088/sso"],
"single_logout_service": [("http://localhost:8088/slo",
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect')]
},
"policy": {
"default": {
"lifetime": {"minutes":15},
"attribute_restrictions": None, # means all I have
"name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
},
"urn:mace:example.com:saml:roland:sp": {
"lifetime": {"minutes": 5},
"nameid_format": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
}
},
"debug" : 1,
"key_file" : "test.key",
"cert_file" : "test.pem",
"xmlsec_binary" : "/usr/local/bin/xmlsec1",
"metadata": {
"local": ["sp_slo_redirect.xml"],
},
"subject_data": "subject_data.db",
"attribute_map_dir" : "attributemaps",
"organization": {
"name": "Exempel AB",
"display_name": [("Exempel AB","se"),("Example Co.","en")],
"url":"http://www.example.com/roland",
},
"contact_person": [{
"given_name":"John",
"sur_name": "Smith",
"email_address": ["john.smith@example.com"],
"contact_type": "technical",
},
],
}

45
tests/idp_soap.conf
View File

@@ -1,45 +0,0 @@
{
"entityid" : "urn:mace:example.com:saml:roland:idp",
"name" : "Rolands IdP",
"endpoints" : {
"single_sign_on_service" : ["http://localhost:8088/sso"],
"single_logout_service": [("http://localhost:8088/slo",
'urn:oasis:names:tc:SAML:2.0:bindings:SOAP')]
},
"policy": {
"default": {
"lifetime": {"minutes":15},
"attribute_restrictions": None, # means all I have
"name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
},
"urn:mace:example.com:saml:roland:sp": {
"lifetime": {"minutes": 5},
"nameid_format": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
# "attribute_restrictions":{
# "givenName": None,
# "surName": None,
# }
}
},
"debug" : 1,
"key_file" : "test.key",
"cert_file" : "test.pem",
"xmlsec_binary" : "/usr/local/bin/xmlsec1",
"metadata": {
"local": ["metadata.xml", "vo_metadata.xml"],
},
"subject_data": "subject_data.db",
"attribute_map_dir" : "attributemaps",
"organization": {
"name": "Exempel AB",
"display_name": [("Exempel AB","se"),("Example Co.","en")],
"url":"http://www.example.com/roland",
},
"contact_person": [{
"given_name":"John",
"sur_name": "Smith",
"email_address": ["john.smith@example.com"],
"contact_type": "technical",
},
],
}

31
tests/restrictive_idp.config
View File

@@ -1,31 +0,0 @@
{
"entityid" : "urn:mace:example.com:saml:roland:idpr",
"name" : "Rolands restrictied IdP",
"endpoints" : {
"single_sign_on_service" : ["http://localhost:8089/sso"],
"attribute_service" : ["http://localhost:8089/aa"],
},
"policy": {
"default": {
"lifetime": {"minutes":15},
"name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
},
"urn:mace:example.com:saml:roland:sp": {
"lifetime": {"minutes": 5},
"attribute_restrictions":{
"givenName": None,
"surName": None,
"mail": [".*@example.com"],
"eduPersonAffiliation": ["(employee|staff|faculty)"],
}
}
},
"key_file" : "test.key",
"cert_file" : "test.pem",
"xmlsec_binary" : "/usr/local/bin/xmlsec1",
"metadata": {
"local": ["sp_0.metadata"],
},
"subject_data": "subject_data.db",
"attribute_map_dir" : "attributemaps",
}

41
tests/server.config
View File

@@ -1,41 +0,0 @@
{
"type": "sp",
"entityid" : "urn:mace:example.com:saml:roland:sp",
"name" : "urn:mace:example.com:saml:roland:sp",
"description": "My own SP",
"endpoints":{
"assertion_consumer_service": ["http://lingon.catalogix.se:8087/"],
},
"required_attributes": ["surName", "givenName", "mail"],
"optional_attributes": ["title"],
"idp": {"urn:mace:example.com:saml:roland:idp":None},
"debug" : 1,
"key_file" : "test.key",
"cert_file" : "test.pem",
"xmlsec_binary" : "/usr/local/bin/xmlsec1",
"metadata": {
"local": ["idp.xml", "vo_metadata.xml"],
},
"virtual_organization" : {
"urn:mace:example.com:it:tek":{
"nameid_format" : "urn:oid:1.3.6.1.4.1.1466.115.121.1.15-NameID",
"common_identifier": "umuselin",
}
},
"subject_data": "subject_data.db",
"accepted_time_diff": 60,
"attribute_map_dir" : "attributemaps",
"organization": {
"name": ("AB Exempel", "se"),
"display_name": ("AB Exempel", "se"),
"url": "http://www.example.org",
},
"contact_person": [{
"given_name": "Roland",
"sur_name": "Hedberg",
"telephone_number": "+46 70 100 0000",
"email_address": ["tech@eample.com", "tech@example.org"],
"contact_type": "technical"
},
]
}

42
tests/server2.config
View File

@@ -1,42 +0,0 @@
{
"entityid" : "urn:mace:example.com:saml:roland:sp",
"name" : "urn:mace:example.com:saml:roland:sp",
"description": "My own SP",
"endpoints":{
"assertion_consumer_service": ["http://lingon.catalogix.se:8087/"],
},
"required_attributes": ["surName", "givenName", "mail"],
"optional_attributes": ["title"],
"idp":{
"urn:mace:example.com:saml:roland:idp":None,
},
"debug" : 1,
"key_file" : "test.key",
"cert_file" : "test.pem",
"xmlsec_binary" : "/usr/local/bin/xmlsec1",
"metadata": {
"local": ["idp_soap.xml", "vo_metadata.xml"],
},
"virtual_organization" : {
"urn:mace:example.com:it:tek":{
"nameid_format" : "urn:oid:1.3.6.1.4.1.1466.115.121.1.15-NameID",
"common_identifier": "umuselin",
}
},
"subject_data": "subject_data.db",
"accepted_time_diff": 60,
"attribute_map_dir" : "attributemaps",
"organization": {
"name": ("AB Exempel", "se"),
"display_name": ("AB Exempel", "se"),
"url": "http://www.example.org",
},
"contact_person": [{
"given_name": "Roland",
"sur_name": "Hedberg",
"telephone_number": "+46 70 100 0000",
"email_address": ["tech@example.com", "tech@example.org"],
"contact_type": "technical"
},
]
}

42
tests/server3.config
View File

@@ -1,42 +0,0 @@
{
"entityid" : "urn:mace:example.com:saml:roland:sp",
"name" : "urn:mace:example.com:saml:roland:sp",
"description": "My own SP",
"endpoints":{
"assertion_consumer_service": ["http://lingon.catalogix.se:8087/"],
},
"required_attributes": ["surName", "givenName", "mail"],
"optional_attributes": ["title"],
"idp":{
"urn:mace:example.com:saml:roland:idp":None,
},
"debug" : 1,
"key_file" : "test.key",
"cert_file" : "test.pem",
"xmlsec_binary" : "/usr/local/bin/xmlsec1",
"metadata": {
"local": ["idp_aa.xml", "vo_metadata.xml"],
},
"virtual_organization" : {
"urn:mace:example.com:it:tek":{
"nameid_format" : "urn:oid:1.3.6.1.4.1.1466.115.121.1.15-NameID",
"common_identifier": "umuselin",
}
},
"subject_data": "subject_data.db",
"accepted_time_diff": 60,
"attribute_map_dir" : "attributemaps",
"organization": {
"name": ("AB Exempel", "se"),
"display_name": ("AB Exempel", "se"),
"url": "http://www.example.org",
},
"contact_person": [{
"given_name": "Roland",
"sur_name": "Hedberg",
"telephone_number": "+46 70 100 0000",
"email_address": ["tech@example.com", "tech@example.org"],
"contact_type": "technical"
},
]
}

44
tests/sp_slo_redirect.conf
View File

@@ -1,44 +0,0 @@
{
"entityid" : "urn:mace:example.com:saml:roland:sp",
"name" : "urn:mace:example.com:saml:roland:sp",
"description": "My own SP",
"endpoints":{
"assertion_consumer_service": ["http://lingon.catalogix.se:8087/"],
"single_logout_service" : [("http://lingon.catalogix.se:8087/slo",
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect')],
},
"required_attributes": ["surName", "givenName", "mail"],
"optional_attributes": ["title"],
"idp":{
"urn:mace:example.com:saml:roland:idp":None,
},
"debug" : 1,
"key_file" : "test.key",
"cert_file" : "test.pem",
"xmlsec_binary" : "/usr/local/bin/xmlsec1",
"metadata": {
"local": ["idp_slo_redirect.xml"],
},
"virtual_organization" : {
"urn:mace:example.com:it:tek":{
"nameid_format" : "urn:oid:1.3.6.1.4.1.1466.115.121.1.15-NameID",
"common_identifier": "umuselin",
}
},
"subject_data": "subject_data.db",
"accepted_time_diff": 60,
"attribute_map_dir" : "attributemaps",
"organization": {
"name": ("AB Exempel", "se"),
"display_name": ("AB Exempel", "se"),
"url": "http://www.example.org",
},
"contact_person": [{
"given_name": "Roland",
"sur_name": "Hedberg",
"telephone_number": "+46 70 100 0000",
"email_address": ["tech@eample.com", "tech@example.org"],
"contact_type": "technical"
},
]
}

3
tests/test_30_metadata.py
View File

@@ -223,8 +223,7 @@ def test_make_string():
def test_make_list_of_strings():
attr = saml.Attribute()
vals = ["foo", "bar"]
val = make_vals(vals, saml.AttributeValue, attr,
"attribute_value")
make_vals(vals, saml.AttributeValue, attr, "attribute_value")
assert attr.keyswv() == ["attribute_value"]
print attr.attribute_value
assert _eq([val.text for val in attr.attribute_value], vals)

142
tests/test_31_config.py
View File

@@ -8,14 +8,18 @@ from py.test import raises
sp1 = {
"entityid" : "urn:mace:umu.se:saml:roland:sp",
"endpoints" : {
"assertion_consumer_service" : ["http://lingon.catalogix.se:8087/"],
},
"name": "test",
"idp" : {
"urn:mace:example.com:saml:roland:idp": {'single_sign_on_service':
{'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect':
'http://localhost:8088/sso/'}},
"service": {
"sp": {
"endpoints" : {
"assertion_consumer_service" : ["http://lingon.catalogix.se:8087/"],
},
"name": "test",
"idp" : {
"urn:mace:example.com:saml:roland:idp": {'single_sign_on_service':
{'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect':
'http://localhost:8088/sso/'}},
}
}
},
"key_file" : "mykey.pem",
"cert_file" : "mycert.pem",
@@ -39,13 +43,17 @@ sp1 = {
sp2 = {
"entityid" : "urn:mace:umu.se:saml:roland:sp",
"name" : "Rolands SP",
"endpoints" : {
"assertion_consumer_service" : ["http://lingon.catalogix.se:8087/"],
},
"required_attributes": ["surName", "givenName", "mail"],
"optional_attributes": ["title"],
"idp": {
"" : "https://example.com/saml2/idp/SSOService.php",
"service": {
"sp": {
"endpoints" : {
"assertion_consumer_service" : ["http://lingon.catalogix.se:8087/"],
},
"required_attributes": ["surName", "givenName", "mail"],
"optional_attributes": ["title"],
"idp": {
"" : "https://example.com/saml2/idp/SSOService.php",
}
}
},
"xmlsec_binary" : "/opt/local/bin/xmlsec1",
}
@@ -53,19 +61,23 @@ sp2 = {
IDP1 = {
"entityid" : "urn:mace:umu.se:saml:roland:idp",
"name" : "Rolands IdP",
"endpoints": {
"single_sign_on_service" : ["http://localhost:8088/"],
},
"policy": {
"default": {
"attribute_restrictions": {
"givenName": None,
"surName": None,
"eduPersonAffiliation": ["(member|staff)"],
"mail": [".*@example.com"],
}
},
"urn:mace:umu.se:saml:roland:sp": None
"service": {
"idp": {
"endpoints": {
"single_sign_on_service" : ["http://localhost:8088/"],
},
"policy": {
"default": {
"attribute_restrictions": {
"givenName": None,
"surName": None,
"eduPersonAffiliation": ["(member|staff)"],
"mail": [".*@example.com"],
}
},
"urn:mace:umu.se:saml:roland:sp": None
},
}
},
"xmlsec_binary" : "/usr/local/bin/xmlsec1",
}
@@ -73,20 +85,24 @@ IDP1 = {
IDP2 = {
"entityid" : "urn:mace:umu.se:saml:roland:idp",
"name" : "Rolands IdP",
"endpoints": {
"single_sign_on_service" : ["http://localhost:8088/"],
"single_logout_service" : [("http://localhost:8088/", BINDING_HTTP_REDIRECT)],
},
"policy":{
"default": {
"attribute_restrictions": {
"givenName": None,
"surName": None,
"eduPersonAffiliation": ["(member|staff)"],
"mail": [".*@example.com"],
}
},
"urn:mace:umu.se:saml:roland:sp": None
"service": {
"idp": {
"endpoints": {
"single_sign_on_service" : ["http://localhost:8088/"],
"single_logout_service" : [("http://localhost:8088/", BINDING_HTTP_REDIRECT)],
},
"policy":{
"default": {
"attribute_restrictions": {
"givenName": None,
"surName": None,
"eduPersonAffiliation": ["(member|staff)"],
"mail": [".*@example.com"],
}
},
"urn:mace:umu.se:saml:roland:sp": None
},
}
},
"xmlsec_binary" : "/usr/local/bin/xmlsec1",
}
@@ -96,7 +112,7 @@ def _eq(l1,l2):
def test_1():
c = SPConfig().load(sp1)
c.context = "sp"
print c
assert c.endpoints
assert c.name
@@ -112,7 +128,8 @@ def test_1():
def test_2():
c = SPConfig().load(sp2)
c.context = "sp"
print c
assert c.endpoints
assert c.idp
@@ -128,23 +145,29 @@ def test_2():
def test_minimum():
minimum = {
"entityid" : "urn:mace:example.com:saml:roland:sp",
"endpoints" : {
"assertion_consumer_service" : ["http://sp.example.org/"],
},
"name" : "test",
"idp": {
"" : "https://example.com/idp/SSOService.php",
"service": {
"sp": {
"endpoints" : {
"assertion_consumer_service" : ["http://sp.example.org/"],
},
"name" : "test",
"idp": {
"" : "https://example.com/idp/SSOService.php",
},
}
},
"xmlsec_binary" : "/usr/local/bin/xmlsec1",
}
c = SPConfig().load(minimum)
assert c != None
c.context = "sp"
assert c is not None
def test_idp_1():
c = IdPConfig().load(IDP1)
c.context = "idp"
print c
assert c.endpoint("single_sign_on_service") == 'http://localhost:8088/'
@@ -153,10 +176,11 @@ def test_idp_1():
def test_idp_2():
c = IdPConfig().load(IDP2)
c.context = "idp"
print c
assert c.endpoint("single_logout_service",
BINDING_SOAP) == None
BINDING_SOAP) is None
assert c.endpoint("single_logout_service",
BINDING_HTTP_REDIRECT) == 'http://localhost:8088/'
@@ -164,16 +188,18 @@ def test_idp_2():
assert attribute_restrictions["eduPersonAffiliation"][0].match("staff")
def test_wayf():
c = SPConfig().load_file("server.config")
c = SPConfig().load_file("server_conf")
c.context = "sp"
idps = c.idps()
assert idps == {'urn:mace:example.com:saml:roland:idp': 'Example Co.'}
idps = c.idps(["se","en"])
assert idps == {'urn:mace:example.com:saml:roland:idp': 'Exempel AB'}
#noinspection PyUnresolvedReferences
def test_3():
cnf = Config()
cnf.load_file("sp_1.conf")
cnf.load_file("sp_1_conf")
assert cnf.entityid == "urn:mace:example.com:saml:roland:sp"
assert cnf.debug == 1
assert cnf.key_file == "test.key"
@@ -186,7 +212,7 @@ def test_3():
def test_sp():
cnf = SPConfig()
cnf.load_file("sp_1.conf")
cnf.load_file("sp_1_conf")
assert cnf.single_logout_services("urn:mace:example.com:saml:roland:idp",
BINDING_HTTP_POST) == ["http://localhost:8088/slo"]
assert cnf.endpoint("assertion_consumer_service") == \

24
tests/test_33_identifier.py
View File

@@ -12,17 +12,21 @@ def _eq(l1,l2):
CONFIG = IdPConfig().load({
"entityid" : "urn:mace:example.com:idp:2",
"endpoints" : {
"single_sign_on_service" : ["http://idp.example.org/"],
},
"name" : "test",
"policy": {
"default": {
"lifetime": {"minutes":15},
"attribute_restrictions": None, # means all I have
"name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"nameid_format": NAMEID_FORMAT_PERSISTENT
},
"service": {
"idp": {
"endpoints" : {
"single_sign_on_service" : ["http://idp.example.org/"],
},
"policy": {
"default": {
"lifetime": {"minutes":15},
"attribute_restrictions": None, # means all I have
"name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"nameid_format": NAMEID_FORMAT_PERSISTENT
}
}
}
},
"xmlsec_binary" : "/usr/local/bin/xmlsec1",
"virtual_organization" : {

16
tests/test_41_response.py
View File

@@ -21,7 +21,7 @@ def _eq(l1,l2):
class TestResponse:
def setup_class(self):
server = Server("idp.config")
server = Server("idp_conf")
name_id = server.ident.transient_nameid(
"urn:mace:example.com:saml:roland:sp",
"id12")
@@ -53,17 +53,13 @@ class TestResponse:
)
conf = config.SPConfig()
try:
conf.load_file("tests/server.config")
except IOError:
conf.load_file("server.config")
conf.load_file("server_conf")
self.conf = conf
def test_1(self):
xml_response = ("%s" % (self._resp_,)).split("\n")[1]
resp = response_factory(xml_response, self.conf,
entity_id="urn:mace:example.com:saml:roland:sp",
return_addr="http://lingon.catalogix.se:8087/",
return_addr="http://lingon.catalogix.se:8087/",
outstanding_queries={"id12": "http://localhost:8088/sso"},
timeslack=10000, decode=False)
@@ -74,8 +70,7 @@ class TestResponse:
xml_response = ("%s" % (self._sign_resp_,)).split("\n",1)[1]
sec = security_context(self.conf)
resp = response_factory(xml_response, self.conf,
entity_id="urn:mace:example.com:saml:roland:sp",
return_addr="http://lingon.catalogix.se:8087/",
return_addr="http://lingon.catalogix.se:8087/",
outstanding_queries={"id12": "http://localhost:8088/sso"},
timeslack=10000, decode=False)
@@ -86,8 +81,7 @@ class TestResponse:
# xml_response = ("%s" % (self._logout_resp,)).split("\n")[1]
# sec = security_context(self.conf)
# resp = response_factory(xml_response, self.conf,
# entity_id="urn:mace:example.com:saml:roland:sp",
# return_addr="http://lingon.catalogix.se:8087/",
# return_addr="http://lingon.catalogix.se:8087/",
# outstanding_queries={"id12": "http://localhost:8088/sso"},
# timeslack=10000, decode=False)
#

13
tests/test_44_authnresp.py
View File

@@ -5,6 +5,7 @@ from saml2 import samlp, BINDING_HTTP_POST
from saml2 import saml, config, class_name, make_instance
from saml2.server import Server
from saml2.response import authn_response, StatusResponse
from saml2.config import config_factory
XML_RESPONSE_FILE = "saml_signed.xml"
XML_RESPONSE_FILE2 = "saml2_response.xml"
@@ -16,7 +17,7 @@ def _eq(l1,l2):
class TestAuthnResponse:
def setup_class(self):
server = Server("idp.config")
server = Server("idp_conf")
name_id = server.ident.transient_nameid(
"urn:mace:example.com:saml:roland:sp","id12")
@@ -46,14 +47,8 @@ class TestAuthnResponse:
authn=(saml.AUTHN_PASSWORD, "http://www.example.com/login")
)
conf = config.SPConfig()
try:
conf.load_file("tests/server.config")
except IOError:
conf.load_file("server.config")
self.conf = conf
self.ar = authn_response(conf, "urn:mace:example.com:saml:roland:sp",
"http://lingon.catalogix.se:8087/")
self.conf = config_factory("sp", "server_conf")
self.ar = authn_response(self.conf, "http://lingon.catalogix.se:8087/")
def test_verify_1(self):
xml_response = ("%s" % (self._resp_,)).split("\n")[1]

46
tests/test_50_server.py
View File

@@ -59,13 +59,10 @@ class TestIdentifier():
class TestServer1():
def setup_class(self):
self.server = Server("idp.config")
self.server = Server("idp_conf")
conf = config.SPConfig()
try:
conf.load_file("tests/server.config")
except IOError:
conf.load_file("server.config")
conf.load_file("server_conf")
self.client = client.Saml2Client(conf)
def test_issuer(self):
@@ -352,10 +349,10 @@ class TestServer1():
self.client.users.add_information_about_person(sinfo)
logout_request = self.client.construct_logout_request(
subject_id="foba0001",
destination = "http://localhost:8088/slo",
entity_id = "urn:mace:example.com:saml:roland:idp",
reason = "I'm tired of this")
subject_id="foba0001",
destination = "http://localhost:8088/slo",
issuer_entity_id = "urn:mace:example.com:saml:roland:idp",
reason = "I'm tired of this")
intermed = s_utils.deflate_and_base64_encode("%s" % (logout_request,))
@@ -374,21 +371,19 @@ class TestServer1():
"surName": "Laport",
}
}
conf = config.SPConfig()
conf.load_file("server2.config")
sp = client.Saml2Client(conf)
sp = client.Saml2Client(config_file="server_conf")
sp.users.add_information_about_person(sinfo)
logout_request = sp.construct_logout_request(subject_id = "foba0001",
destination = "http://localhost:8088/slo",
entity_id = "urn:mace:example.com:saml:roland:idp",
reason = "I'm tired of this")
destination = "http://localhost:8088/slo",
issuer_entity_id = "urn:mace:example.com:saml:roland:idp",
reason = "I'm tired of this")
intermed = s_utils.deflate_and_base64_encode("%s" % (logout_request,))
saml_soap = make_soap_enveloped_saml_thingy(logout_request)
idp = Server("idp_soap.conf")
idp = Server("idp_soap_conf")
request = idp.parse_logout_request(saml_soap)
assert request
@@ -400,11 +395,8 @@ IDENTITY = {"eduPersonAffiliation": ["staff", "member"],
class TestServer2():
def setup_class(self):
try:
self.server = Server("restrictive_idp.config")
except IOError, e:
self.server = Server("tests/restrictive_idp.config")
self.server = Server("restrictive_idp_conf")
def test_do_aa_reponse(self):
aa_policy = self.server.conf.policy
print aa_policy.__dict__
@@ -444,16 +436,16 @@ def _logout_request(conf_file):
sp.users.add_information_about_person(sinfo)
return sp.construct_logout_request(
subject_id = "foba0001",
destination = "http://localhost:8088/slo",
entity_id = "urn:mace:example.com:saml:roland:idp",
reason = "I'm tired of this")
subject_id = "foba0001",
destination = "http://localhost:8088/slo",
issuer_entity_id = "urn:mace:example.com:saml:roland:idp",
reason = "I'm tired of this")
class TestServerLogout():
def test_1(self):
server = Server("idp_slo_redirect.conf")
request = _logout_request("sp_slo_redirect.conf")
server = Server("idp_slo_redirect_conf")
request = _logout_request("sp_slo_redirect_conf")
print request
bindings = [BINDING_HTTP_REDIRECT]
(resp, headers, message) = server.logout_response(request, bindings)

30
tests/test_51_client.py
View File

@@ -8,7 +8,7 @@ from saml2.client import Saml2Client, LogoutError
from saml2 import samlp, BINDING_HTTP_POST
from saml2 import BINDING_SOAP
from saml2 import saml, config, class_name
#from saml2.sigver import correctly_signed_authn_request, verify_signature
#from saml2.sigver import correctly_signed_authn_request
from saml2.server import Server
from saml2.s_utils import decode_base64_and_inflate
from saml2.time_util import in_a_while
@@ -16,8 +16,7 @@ from saml2.sigver import xmlsec_version
from py.test import raises
import os
def for_me(condition, me ):
for restriction in condition.audience_restriction:
audience = restriction.audience
@@ -56,13 +55,10 @@ REQ1 = { "1.2.14": """<?xml version='1.0' encoding='UTF-8'?>
class TestClient:
def setup_class(self):
self.server = Server("idp.config")
self.server = Server("idp_conf")
conf = config.SPConfig()
try:
conf.load_file("tests/server.config")
except IOError:
conf.load_file("server.config")
conf.load_file("server_conf")
self.client = Saml2Client(conf)
def test_create_attribute_query1(self):
@@ -153,7 +149,7 @@ class TestClient:
nameid_format=saml.NAMEID_FORMAT_TRANSIENT)
# since no one is answering on the other end
assert req == None
assert req is None
# def test_idp_entry(self):
# idp_entry = self.client.idp_entry(name="Umeå Universitet",
@@ -237,7 +233,7 @@ class TestClient:
assert signed_info.reference[0].digest_value
print "------------------------------------------------"
try:
assert correctly_signed_authn_request(ar_str,
assert self.client.sec.correctly_signed_authn_request(ar_str,
self.client.config.xmlsec_binary,
self.client.config.metadata)
except Exception: # missing certificate
@@ -261,10 +257,9 @@ class TestClient:
resp_str = base64.encodestring(resp_str)
authn_response = self.client.response({"SAMLResponse":resp_str},
"urn:mace:example.com:saml:roland:sp",
{"id1":"http://foo.example.com/service"})
assert authn_response != None
assert authn_response is not None
assert authn_response.issuer() == IDP
assert authn_response.response.assertion[0].issuer.text == IDP
session_info = authn_response.session_info()
@@ -299,8 +294,7 @@ class TestClient:
resp_str = base64.encodestring(resp_str)
authn_response = self.client.response({"SAMLResponse":resp_str},
"urn:mace:example.com:saml:roland:sp",
self.client.response({"SAMLResponse":resp_str},
{"id2":"http://foo.example.com/service"})
# Two persons in the cache
@@ -332,7 +326,7 @@ class TestClient:
(sid, response) = self.client.authenticate(
"urn:mace:example.com:saml:roland:idp",
"http://www.example.com/relay_state")
assert sid != None
assert sid is not None
assert response[0] == "Location"
o = urlparse(response[1])
qdict = parse_qs(o.query)
@@ -344,7 +338,7 @@ class TestClient:
def test_authenticate_no_args(self):
(sid, request) = self.client.authenticate(relay_state="http://www.example.com/relay_state")
assert sid != None
assert sid is not None
assert request[0] == "Location"
o = urlparse(request[1])
qdict = parse_qs(o.query)
@@ -404,7 +398,7 @@ class TestClient:
""" one IdP/AA with BINDING_SOAP, can't actually send something"""
conf = config.SPConfig()
conf.load_file("server2.config")
conf.load_file("server2_conf")
client = Saml2Client(conf)
# information about the user from an IdP
@@ -433,7 +427,7 @@ class TestClient:
""" two or more IdP/AA with BINDING_HTTP_REDIRECT"""
conf = config.SPConfig()
conf.load_file("server3.config")
conf.load_file("server3_conf")
client = Saml2Client(conf)
# information about the user from an IdP

4
tests/test_60_sp.py
View File

@@ -33,8 +33,8 @@ ENV1 = {'SERVER_SOFTWARE': 'CherryPy/3.1.2 WSGI Server',
class TestSP():
def setup_class(self):
self.sp = make_plugin("rem", saml_conf="server.config")
self.server = Server("idp.config")
self.sp = make_plugin("rem", saml_conf="server_conf")
self.server = Server(config_file="idp_conf")
def test_setup(self):
assert self.sp

69
tests/test_61_makemeta.py
View File

@@ -9,36 +9,43 @@ def _eq(l1,l2):
return set(l1) == set(l2)
SP = {
"type": "sp",
"name" : "Rolands SP",
"description": "One of the best SPs in business",
"endpoints": {
"single_logout_service" : ["http://localhost:8087/logout"],
"assertion_consumer_service" : [{"location":"http://localhost:8087/",
"binding":BINDING_HTTP_POST},]
"service": {
"sp": {
"endpoints": {
"single_logout_service" : ["http://localhost:8087/logout"],
"assertion_consumer_service" : [{"location":"http://localhost:8087/",
"binding":BINDING_HTTP_POST},]
},
"required_attributes": ["sn", "givenName", "mail"],
"optional_attributes": ["title"],
"idp": {
"" : "https://example.com/saml2/idp/SSOService.php",
},
}
},
"required_attributes": ["sn", "givenName", "mail"],
"optional_attributes": ["title"],
"attribute_map_dir" : "attributemaps",
"idp": {
"" : "https://example.com/saml2/idp/SSOService.php",
},
}
IDP = {
"name" : "Rolands IdP",
"endpoints": {
"single_sign_on_service" : ["http://localhost:8088/sso"],
},
"policy": {
"default": {
"lifetime": {"minutes":15},
"attribute_restrictions": None, # means all I have
"name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
},
"urn:mace:example.com:saml:roland:sp": {
"lifetime": {"minutes": 5},
"nameid_format": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
"service": {
"idp": {
"endpoints": {
"single_sign_on_service" : ["http://localhost:8088/sso"],
},
"policy": {
"default": {
"lifetime": {"minutes":15},
"attribute_restrictions": None, # means all I have
"name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
},
"urn:mace:example.com:saml:roland:sp": {
"lifetime": {"minutes": 5},
"nameid_format": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
}
}
}
}
}
@@ -109,7 +116,7 @@ def test_contact_0():
assert person.email_address[0].text == "foo@eample.com"
def test_do_endpoints():
eps = metadata.do_endpoints(SP["endpoints"],
eps = metadata.do_endpoints(SP["service"]["sp"]["endpoints"],
metadata.ENDPOINTS["sp"])
print eps
assert _eq(eps.keys(), ["assertion_consumer_service",
@@ -130,9 +137,10 @@ def test_do_endpoints():
def test_required_attributes():
attrconverters = ac_factory("../tests/attributemaps")
ras = metadata.do_requested_attribute(SP["required_attributes"],
attrconverters, is_required="true")
assert len(ras) == len(SP["required_attributes"])
ras = metadata.do_requested_attribute(
SP["service"]["sp"]["required_attributes"],
attrconverters, is_required="true")
assert len(ras) == len(SP["service"]["sp"]["required_attributes"])
print ras[0]
assert ras[0].name == 'urn:oid:2.5.4.4'
assert ras[0].name_format == NAME_FORMAT_URI
@@ -140,9 +148,10 @@ def test_required_attributes():
def test_optional_attributes():
attrconverters = ac_factory("../tests/attributemaps")
ras = metadata.do_requested_attribute(SP["optional_attributes"],
attrconverters)
assert len(ras) == len(SP["optional_attributes"])
ras = metadata.do_requested_attribute(
SP["service"]["sp"]["optional_attributes"],
attrconverters)
assert len(ras) == len(SP["service"]["sp"]["optional_attributes"])
print ras[0]
assert ras[0].name == 'urn:oid:2.5.4.12'
assert ras[0].name_format == NAME_FORMAT_URI
@@ -177,7 +186,7 @@ def test_do_sp_sso_descriptor():
def test_entity_description():
#confd = eval(open("../tests/server.config").read())
confd = SPConfig().load_file("server.config")
confd = SPConfig().load_file("server_conf")
print confd.attribute_converters
entd = metadata.entity_descriptor(confd, 1)
assert entd != None