diff --git a/tests/attributemaps/urn:oasis:names:tc:SAML:2.0:attrname-format:uri/fro.py b/tests/attributemaps/urn:oasis:names:tc:SAML:2.0:attrname-format:uri/fro.py index ba16480..fa32e81 100644 --- a/tests/attributemaps/urn:oasis:names:tc:SAML:2.0:attrname-format:uri/fro.py +++ b/tests/attributemaps/urn:oasis:names:tc:SAML:2.0:attrname-format:uri/fro.py @@ -81,5 +81,5 @@ 'urn:oid:1.3.6.1.4.1.5923.1.1.1.3': 'eduPersonOrgDN', 'urn:oid:1.3.6.1.4.1.2428.90.1.3': 'norEduPersonBirthDate', 'urn:oid:1.3.6.1.4.1.250.1.57': 'labeledURI', - + 'urn:oid:0.9.2342.19200300.100.1.1': 'uid', } diff --git a/tests/attributemaps/urn:oasis:names:tc:SAML:2.0:attrname-format:uri/to.py b/tests/attributemaps/urn:oasis:names:tc:SAML:2.0:attrname-format:uri/to.py index 01c4acf..9343e2b 100644 --- a/tests/attributemaps/urn:oasis:names:tc:SAML:2.0:attrname-format:uri/to.py +++ b/tests/attributemaps/urn:oasis:names:tc:SAML:2.0:attrname-format:uri/to.py @@ -50,9 +50,7 @@ 'eduPersonEntitlement': 'urn:oid:1.3.6.1.4.1.5923.1.1.1.7', 'generationQualifier': 'urn:oid:2.5.4.44', 'eduPersonAffiliation': 'urn:oid:1.3.6.1.4.1.5923.1.1.1.1', - 'edupersonaffiliation': 'urn:oid:1.3.6.1.4.1.5923.1.1.1.1', 'eduPersonPrincipalName': 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6', - 'edupersonprincipalname': 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6', 'localityName': 'urn:oid:2.5.4.7', 'owner': 'urn:oid:2.5.4.32', 'norEduOrgUnitUniqueNumber': 'urn:oid:1.3.6.1.4.1.2428.90.1.2', @@ -97,5 +95,6 @@ 'presentationAddress': 'urn:oid:2.5.4.29', 'sn': 'urn:oid:2.5.4.4', 'domainComponent': 'urn:oid:0.9.2342.19200300.100.1.25', - 'labeledURI': '1.3.6.1.4.1.250.1.57', + 'labeledURI': 'urn:oud:1.3.6.1.4.1.250.1.57', + 'uid': 'urn:oud:0.9.2342.19200300.100.1.1' } diff --git a/tests/idp.config b/tests/idp.config deleted file mode 100644 index 7e99a31..0000000 --- a/tests/idp.config +++ /dev/null @@ -1,44 +0,0 @@ -{ - "entityid" : "urn:mace:example.com:saml:roland:idp", - "name" : "Rolands IdP", - "endpoints" : { - "single_sign_on_service" : ["http://localhost:8088/sso"], - "single_logout_service": ["http://localhost:8088/slo"] - }, - "policy": { - "default": { - "lifetime": {"minutes":15}, - "attribute_restrictions": None, # means all I have - "name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", - }, - "urn:mace:example.com:saml:roland:sp": { - "lifetime": {"minutes": 5}, - "nameid_format": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - # "attribute_restrictions":{ - # "givenName": None, - # "surName": None, - # } - } - }, - "debug" : 1, - "key_file" : "test.key", - "cert_file" : "test.pem", - "xmlsec_binary" : "/usr/local/bin/xmlsec1", - "metadata": { - "local": ["metadata.xml", "vo_metadata.xml"], - }, - "subject_data": "subject_data.db", - "attribute_map_dir" : "attributemaps", - "organization": { - "name": "Exempel AB", - "display_name": [("Exempel AB","se"),("Example Co.","en")], - "url":"http://www.example.com/roland", - }, - "contact_person": [{ - "given_name":"John", - "sur_name": "Smith", - "email_address": ["john.smith@example.com"], - "contact_type": "technical", - }, - ], -} \ No newline at end of file diff --git a/tests/idp_slo_redirect.conf b/tests/idp_slo_redirect.conf deleted file mode 100644 index 6f770ff..0000000 --- a/tests/idp_slo_redirect.conf +++ /dev/null @@ -1,41 +0,0 @@ -{ - "entityid" : "urn:mace:example.com:saml:roland:idp", - "name" : "Rolands IdP", - "endpoints" : { - "single_sign_on_service" : ["http://localhost:8088/sso"], - "single_logout_service": [("http://localhost:8088/slo", - 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect')] - }, - "policy": { - "default": { - "lifetime": {"minutes":15}, - "attribute_restrictions": None, # means all I have - "name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", - }, - "urn:mace:example.com:saml:roland:sp": { - "lifetime": {"minutes": 5}, - "nameid_format": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - } - }, - "debug" : 1, - "key_file" : "test.key", - "cert_file" : "test.pem", - "xmlsec_binary" : "/usr/local/bin/xmlsec1", - "metadata": { - "local": ["sp_slo_redirect.xml"], - }, - "subject_data": "subject_data.db", - "attribute_map_dir" : "attributemaps", - "organization": { - "name": "Exempel AB", - "display_name": [("Exempel AB","se"),("Example Co.","en")], - "url":"http://www.example.com/roland", - }, - "contact_person": [{ - "given_name":"John", - "sur_name": "Smith", - "email_address": ["john.smith@example.com"], - "contact_type": "technical", - }, - ], -} \ No newline at end of file diff --git a/tests/idp_soap.conf b/tests/idp_soap.conf deleted file mode 100644 index 2342ca2..0000000 --- a/tests/idp_soap.conf +++ /dev/null @@ -1,45 +0,0 @@ -{ - "entityid" : "urn:mace:example.com:saml:roland:idp", - "name" : "Rolands IdP", - "endpoints" : { - "single_sign_on_service" : ["http://localhost:8088/sso"], - "single_logout_service": [("http://localhost:8088/slo", - 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP')] - }, - "policy": { - "default": { - "lifetime": {"minutes":15}, - "attribute_restrictions": None, # means all I have - "name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", - }, - "urn:mace:example.com:saml:roland:sp": { - "lifetime": {"minutes": 5}, - "nameid_format": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - # "attribute_restrictions":{ - # "givenName": None, - # "surName": None, - # } - } - }, - "debug" : 1, - "key_file" : "test.key", - "cert_file" : "test.pem", - "xmlsec_binary" : "/usr/local/bin/xmlsec1", - "metadata": { - "local": ["metadata.xml", "vo_metadata.xml"], - }, - "subject_data": "subject_data.db", - "attribute_map_dir" : "attributemaps", - "organization": { - "name": "Exempel AB", - "display_name": [("Exempel AB","se"),("Example Co.","en")], - "url":"http://www.example.com/roland", - }, - "contact_person": [{ - "given_name":"John", - "sur_name": "Smith", - "email_address": ["john.smith@example.com"], - "contact_type": "technical", - }, - ], -} \ No newline at end of file diff --git a/tests/restrictive_idp.config b/tests/restrictive_idp.config deleted file mode 100644 index 7d74d2a..0000000 --- a/tests/restrictive_idp.config +++ /dev/null @@ -1,31 +0,0 @@ -{ - "entityid" : "urn:mace:example.com:saml:roland:idpr", - "name" : "Rolands restrictied IdP", - "endpoints" : { - "single_sign_on_service" : ["http://localhost:8089/sso"], - "attribute_service" : ["http://localhost:8089/aa"], - }, - "policy": { - "default": { - "lifetime": {"minutes":15}, - "name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri" - }, - "urn:mace:example.com:saml:roland:sp": { - "lifetime": {"minutes": 5}, - "attribute_restrictions":{ - "givenName": None, - "surName": None, - "mail": [".*@example.com"], - "eduPersonAffiliation": ["(employee|staff|faculty)"], - } - } - }, - "key_file" : "test.key", - "cert_file" : "test.pem", - "xmlsec_binary" : "/usr/local/bin/xmlsec1", - "metadata": { - "local": ["sp_0.metadata"], - }, - "subject_data": "subject_data.db", - "attribute_map_dir" : "attributemaps", -} \ No newline at end of file diff --git a/tests/server.config b/tests/server.config deleted file mode 100644 index d937f77..0000000 --- a/tests/server.config +++ /dev/null @@ -1,41 +0,0 @@ -{ - "type": "sp", - "entityid" : "urn:mace:example.com:saml:roland:sp", - "name" : "urn:mace:example.com:saml:roland:sp", - "description": "My own SP", - "endpoints":{ - "assertion_consumer_service": ["http://lingon.catalogix.se:8087/"], - }, - "required_attributes": ["surName", "givenName", "mail"], - "optional_attributes": ["title"], - "idp": {"urn:mace:example.com:saml:roland:idp":None}, - "debug" : 1, - "key_file" : "test.key", - "cert_file" : "test.pem", - "xmlsec_binary" : "/usr/local/bin/xmlsec1", - "metadata": { - "local": ["idp.xml", "vo_metadata.xml"], - }, - "virtual_organization" : { - "urn:mace:example.com:it:tek":{ - "nameid_format" : "urn:oid:1.3.6.1.4.1.1466.115.121.1.15-NameID", - "common_identifier": "umuselin", - } - }, - "subject_data": "subject_data.db", - "accepted_time_diff": 60, - "attribute_map_dir" : "attributemaps", - "organization": { - "name": ("AB Exempel", "se"), - "display_name": ("AB Exempel", "se"), - "url": "http://www.example.org", - }, - "contact_person": [{ - "given_name": "Roland", - "sur_name": "Hedberg", - "telephone_number": "+46 70 100 0000", - "email_address": ["tech@eample.com", "tech@example.org"], - "contact_type": "technical" - }, - ] -} \ No newline at end of file diff --git a/tests/server2.config b/tests/server2.config deleted file mode 100644 index af4a522..0000000 --- a/tests/server2.config +++ /dev/null @@ -1,42 +0,0 @@ -{ - "entityid" : "urn:mace:example.com:saml:roland:sp", - "name" : "urn:mace:example.com:saml:roland:sp", - "description": "My own SP", - "endpoints":{ - "assertion_consumer_service": ["http://lingon.catalogix.se:8087/"], - }, - "required_attributes": ["surName", "givenName", "mail"], - "optional_attributes": ["title"], - "idp":{ - "urn:mace:example.com:saml:roland:idp":None, - }, - "debug" : 1, - "key_file" : "test.key", - "cert_file" : "test.pem", - "xmlsec_binary" : "/usr/local/bin/xmlsec1", - "metadata": { - "local": ["idp_soap.xml", "vo_metadata.xml"], - }, - "virtual_organization" : { - "urn:mace:example.com:it:tek":{ - "nameid_format" : "urn:oid:1.3.6.1.4.1.1466.115.121.1.15-NameID", - "common_identifier": "umuselin", - } - }, - "subject_data": "subject_data.db", - "accepted_time_diff": 60, - "attribute_map_dir" : "attributemaps", - "organization": { - "name": ("AB Exempel", "se"), - "display_name": ("AB Exempel", "se"), - "url": "http://www.example.org", - }, - "contact_person": [{ - "given_name": "Roland", - "sur_name": "Hedberg", - "telephone_number": "+46 70 100 0000", - "email_address": ["tech@example.com", "tech@example.org"], - "contact_type": "technical" - }, - ] -} \ No newline at end of file diff --git a/tests/server3.config b/tests/server3.config deleted file mode 100644 index 6a8ada3..0000000 --- a/tests/server3.config +++ /dev/null @@ -1,42 +0,0 @@ -{ - "entityid" : "urn:mace:example.com:saml:roland:sp", - "name" : "urn:mace:example.com:saml:roland:sp", - "description": "My own SP", - "endpoints":{ - "assertion_consumer_service": ["http://lingon.catalogix.se:8087/"], - }, - "required_attributes": ["surName", "givenName", "mail"], - "optional_attributes": ["title"], - "idp":{ - "urn:mace:example.com:saml:roland:idp":None, - }, - "debug" : 1, - "key_file" : "test.key", - "cert_file" : "test.pem", - "xmlsec_binary" : "/usr/local/bin/xmlsec1", - "metadata": { - "local": ["idp_aa.xml", "vo_metadata.xml"], - }, - "virtual_organization" : { - "urn:mace:example.com:it:tek":{ - "nameid_format" : "urn:oid:1.3.6.1.4.1.1466.115.121.1.15-NameID", - "common_identifier": "umuselin", - } - }, - "subject_data": "subject_data.db", - "accepted_time_diff": 60, - "attribute_map_dir" : "attributemaps", - "organization": { - "name": ("AB Exempel", "se"), - "display_name": ("AB Exempel", "se"), - "url": "http://www.example.org", - }, - "contact_person": [{ - "given_name": "Roland", - "sur_name": "Hedberg", - "telephone_number": "+46 70 100 0000", - "email_address": ["tech@example.com", "tech@example.org"], - "contact_type": "technical" - }, - ] -} \ No newline at end of file diff --git a/tests/sp_slo_redirect.conf b/tests/sp_slo_redirect.conf deleted file mode 100644 index e2a5e8c..0000000 --- a/tests/sp_slo_redirect.conf +++ /dev/null @@ -1,44 +0,0 @@ -{ - "entityid" : "urn:mace:example.com:saml:roland:sp", - "name" : "urn:mace:example.com:saml:roland:sp", - "description": "My own SP", - "endpoints":{ - "assertion_consumer_service": ["http://lingon.catalogix.se:8087/"], - "single_logout_service" : [("http://lingon.catalogix.se:8087/slo", - 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect')], - }, - "required_attributes": ["surName", "givenName", "mail"], - "optional_attributes": ["title"], - "idp":{ - "urn:mace:example.com:saml:roland:idp":None, - }, - "debug" : 1, - "key_file" : "test.key", - "cert_file" : "test.pem", - "xmlsec_binary" : "/usr/local/bin/xmlsec1", - "metadata": { - "local": ["idp_slo_redirect.xml"], - }, - "virtual_organization" : { - "urn:mace:example.com:it:tek":{ - "nameid_format" : "urn:oid:1.3.6.1.4.1.1466.115.121.1.15-NameID", - "common_identifier": "umuselin", - } - }, - "subject_data": "subject_data.db", - "accepted_time_diff": 60, - "attribute_map_dir" : "attributemaps", - "organization": { - "name": ("AB Exempel", "se"), - "display_name": ("AB Exempel", "se"), - "url": "http://www.example.org", - }, - "contact_person": [{ - "given_name": "Roland", - "sur_name": "Hedberg", - "telephone_number": "+46 70 100 0000", - "email_address": ["tech@eample.com", "tech@example.org"], - "contact_type": "technical" - }, - ] -} \ No newline at end of file diff --git a/tests/test_30_metadata.py b/tests/test_30_metadata.py index e41c8d4..df3c847 100644 --- a/tests/test_30_metadata.py +++ b/tests/test_30_metadata.py @@ -223,8 +223,7 @@ def test_make_string(): def test_make_list_of_strings(): attr = saml.Attribute() vals = ["foo", "bar"] - val = make_vals(vals, saml.AttributeValue, attr, - "attribute_value") + make_vals(vals, saml.AttributeValue, attr, "attribute_value") assert attr.keyswv() == ["attribute_value"] print attr.attribute_value assert _eq([val.text for val in attr.attribute_value], vals) diff --git a/tests/test_31_config.py b/tests/test_31_config.py index 109af4c..213cddb 100644 --- a/tests/test_31_config.py +++ b/tests/test_31_config.py @@ -8,14 +8,18 @@ from py.test import raises sp1 = { "entityid" : "urn:mace:umu.se:saml:roland:sp", - "endpoints" : { - "assertion_consumer_service" : ["http://lingon.catalogix.se:8087/"], - }, - "name": "test", - "idp" : { - "urn:mace:example.com:saml:roland:idp": {'single_sign_on_service': - {'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect': - 'http://localhost:8088/sso/'}}, + "service": { + "sp": { + "endpoints" : { + "assertion_consumer_service" : ["http://lingon.catalogix.se:8087/"], + }, + "name": "test", + "idp" : { + "urn:mace:example.com:saml:roland:idp": {'single_sign_on_service': + {'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect': + 'http://localhost:8088/sso/'}}, + } + } }, "key_file" : "mykey.pem", "cert_file" : "mycert.pem", @@ -39,13 +43,17 @@ sp1 = { sp2 = { "entityid" : "urn:mace:umu.se:saml:roland:sp", "name" : "Rolands SP", - "endpoints" : { - "assertion_consumer_service" : ["http://lingon.catalogix.se:8087/"], - }, - "required_attributes": ["surName", "givenName", "mail"], - "optional_attributes": ["title"], - "idp": { - "" : "https://example.com/saml2/idp/SSOService.php", + "service": { + "sp": { + "endpoints" : { + "assertion_consumer_service" : ["http://lingon.catalogix.se:8087/"], + }, + "required_attributes": ["surName", "givenName", "mail"], + "optional_attributes": ["title"], + "idp": { + "" : "https://example.com/saml2/idp/SSOService.php", + } + } }, "xmlsec_binary" : "/opt/local/bin/xmlsec1", } @@ -53,19 +61,23 @@ sp2 = { IDP1 = { "entityid" : "urn:mace:umu.se:saml:roland:idp", "name" : "Rolands IdP", - "endpoints": { - "single_sign_on_service" : ["http://localhost:8088/"], - }, - "policy": { - "default": { - "attribute_restrictions": { - "givenName": None, - "surName": None, - "eduPersonAffiliation": ["(member|staff)"], - "mail": [".*@example.com"], - } - }, - "urn:mace:umu.se:saml:roland:sp": None + "service": { + "idp": { + "endpoints": { + "single_sign_on_service" : ["http://localhost:8088/"], + }, + "policy": { + "default": { + "attribute_restrictions": { + "givenName": None, + "surName": None, + "eduPersonAffiliation": ["(member|staff)"], + "mail": [".*@example.com"], + } + }, + "urn:mace:umu.se:saml:roland:sp": None + }, + } }, "xmlsec_binary" : "/usr/local/bin/xmlsec1", } @@ -73,20 +85,24 @@ IDP1 = { IDP2 = { "entityid" : "urn:mace:umu.se:saml:roland:idp", "name" : "Rolands IdP", - "endpoints": { - "single_sign_on_service" : ["http://localhost:8088/"], - "single_logout_service" : [("http://localhost:8088/", BINDING_HTTP_REDIRECT)], - }, - "policy":{ - "default": { - "attribute_restrictions": { - "givenName": None, - "surName": None, - "eduPersonAffiliation": ["(member|staff)"], - "mail": [".*@example.com"], - } - }, - "urn:mace:umu.se:saml:roland:sp": None + "service": { + "idp": { + "endpoints": { + "single_sign_on_service" : ["http://localhost:8088/"], + "single_logout_service" : [("http://localhost:8088/", BINDING_HTTP_REDIRECT)], + }, + "policy":{ + "default": { + "attribute_restrictions": { + "givenName": None, + "surName": None, + "eduPersonAffiliation": ["(member|staff)"], + "mail": [".*@example.com"], + } + }, + "urn:mace:umu.se:saml:roland:sp": None + }, + } }, "xmlsec_binary" : "/usr/local/bin/xmlsec1", } @@ -96,7 +112,7 @@ def _eq(l1,l2): def test_1(): c = SPConfig().load(sp1) - + c.context = "sp" print c assert c.endpoints assert c.name @@ -112,7 +128,8 @@ def test_1(): def test_2(): c = SPConfig().load(sp2) - + c.context = "sp" + print c assert c.endpoints assert c.idp @@ -128,23 +145,29 @@ def test_2(): def test_minimum(): minimum = { "entityid" : "urn:mace:example.com:saml:roland:sp", - "endpoints" : { - "assertion_consumer_service" : ["http://sp.example.org/"], - }, - "name" : "test", - "idp": { - "" : "https://example.com/idp/SSOService.php", + "service": { + "sp": { + "endpoints" : { + "assertion_consumer_service" : ["http://sp.example.org/"], + }, + "name" : "test", + "idp": { + "" : "https://example.com/idp/SSOService.php", + }, + } }, "xmlsec_binary" : "/usr/local/bin/xmlsec1", } c = SPConfig().load(minimum) - - assert c != None + c.context = "sp" + + assert c is not None def test_idp_1(): c = IdPConfig().load(IDP1) - + c.context = "idp" + print c assert c.endpoint("single_sign_on_service") == 'http://localhost:8088/' @@ -153,10 +176,11 @@ def test_idp_1(): def test_idp_2(): c = IdPConfig().load(IDP2) + c.context = "idp" print c assert c.endpoint("single_logout_service", - BINDING_SOAP) == None + BINDING_SOAP) is None assert c.endpoint("single_logout_service", BINDING_HTTP_REDIRECT) == 'http://localhost:8088/' @@ -164,16 +188,18 @@ def test_idp_2(): assert attribute_restrictions["eduPersonAffiliation"][0].match("staff") def test_wayf(): - c = SPConfig().load_file("server.config") - + c = SPConfig().load_file("server_conf") + c.context = "sp" + idps = c.idps() assert idps == {'urn:mace:example.com:saml:roland:idp': 'Example Co.'} idps = c.idps(["se","en"]) assert idps == {'urn:mace:example.com:saml:roland:idp': 'Exempel AB'} +#noinspection PyUnresolvedReferences def test_3(): cnf = Config() - cnf.load_file("sp_1.conf") + cnf.load_file("sp_1_conf") assert cnf.entityid == "urn:mace:example.com:saml:roland:sp" assert cnf.debug == 1 assert cnf.key_file == "test.key" @@ -186,7 +212,7 @@ def test_3(): def test_sp(): cnf = SPConfig() - cnf.load_file("sp_1.conf") + cnf.load_file("sp_1_conf") assert cnf.single_logout_services("urn:mace:example.com:saml:roland:idp", BINDING_HTTP_POST) == ["http://localhost:8088/slo"] assert cnf.endpoint("assertion_consumer_service") == \ diff --git a/tests/test_33_identifier.py b/tests/test_33_identifier.py index a32b727..a0df9ed 100644 --- a/tests/test_33_identifier.py +++ b/tests/test_33_identifier.py @@ -12,17 +12,21 @@ def _eq(l1,l2): CONFIG = IdPConfig().load({ "entityid" : "urn:mace:example.com:idp:2", - "endpoints" : { - "single_sign_on_service" : ["http://idp.example.org/"], - }, "name" : "test", - "policy": { - "default": { - "lifetime": {"minutes":15}, - "attribute_restrictions": None, # means all I have - "name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", - "nameid_format": NAMEID_FORMAT_PERSISTENT - }, + "service": { + "idp": { + "endpoints" : { + "single_sign_on_service" : ["http://idp.example.org/"], + }, + "policy": { + "default": { + "lifetime": {"minutes":15}, + "attribute_restrictions": None, # means all I have + "name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", + "nameid_format": NAMEID_FORMAT_PERSISTENT + } + } + } }, "xmlsec_binary" : "/usr/local/bin/xmlsec1", "virtual_organization" : { diff --git a/tests/test_41_response.py b/tests/test_41_response.py index 75c1112..25c3ef8 100644 --- a/tests/test_41_response.py +++ b/tests/test_41_response.py @@ -21,7 +21,7 @@ def _eq(l1,l2): class TestResponse: def setup_class(self): - server = Server("idp.config") + server = Server("idp_conf") name_id = server.ident.transient_nameid( "urn:mace:example.com:saml:roland:sp", "id12") @@ -53,17 +53,13 @@ class TestResponse: ) conf = config.SPConfig() - try: - conf.load_file("tests/server.config") - except IOError: - conf.load_file("server.config") + conf.load_file("server_conf") self.conf = conf def test_1(self): xml_response = ("%s" % (self._resp_,)).split("\n")[1] resp = response_factory(xml_response, self.conf, - entity_id="urn:mace:example.com:saml:roland:sp", - return_addr="http://lingon.catalogix.se:8087/", + return_addr="http://lingon.catalogix.se:8087/", outstanding_queries={"id12": "http://localhost:8088/sso"}, timeslack=10000, decode=False) @@ -74,8 +70,7 @@ class TestResponse: xml_response = ("%s" % (self._sign_resp_,)).split("\n",1)[1] sec = security_context(self.conf) resp = response_factory(xml_response, self.conf, - entity_id="urn:mace:example.com:saml:roland:sp", - return_addr="http://lingon.catalogix.se:8087/", + return_addr="http://lingon.catalogix.se:8087/", outstanding_queries={"id12": "http://localhost:8088/sso"}, timeslack=10000, decode=False) @@ -86,8 +81,7 @@ class TestResponse: # xml_response = ("%s" % (self._logout_resp,)).split("\n")[1] # sec = security_context(self.conf) # resp = response_factory(xml_response, self.conf, - # entity_id="urn:mace:example.com:saml:roland:sp", - # return_addr="http://lingon.catalogix.se:8087/", + # return_addr="http://lingon.catalogix.se:8087/", # outstanding_queries={"id12": "http://localhost:8088/sso"}, # timeslack=10000, decode=False) # diff --git a/tests/test_44_authnresp.py b/tests/test_44_authnresp.py index 5b20409..a22af3f 100644 --- a/tests/test_44_authnresp.py +++ b/tests/test_44_authnresp.py @@ -5,6 +5,7 @@ from saml2 import samlp, BINDING_HTTP_POST from saml2 import saml, config, class_name, make_instance from saml2.server import Server from saml2.response import authn_response, StatusResponse +from saml2.config import config_factory XML_RESPONSE_FILE = "saml_signed.xml" XML_RESPONSE_FILE2 = "saml2_response.xml" @@ -16,7 +17,7 @@ def _eq(l1,l2): class TestAuthnResponse: def setup_class(self): - server = Server("idp.config") + server = Server("idp_conf") name_id = server.ident.transient_nameid( "urn:mace:example.com:saml:roland:sp","id12") @@ -46,14 +47,8 @@ class TestAuthnResponse: authn=(saml.AUTHN_PASSWORD, "http://www.example.com/login") ) - conf = config.SPConfig() - try: - conf.load_file("tests/server.config") - except IOError: - conf.load_file("server.config") - self.conf = conf - self.ar = authn_response(conf, "urn:mace:example.com:saml:roland:sp", - "http://lingon.catalogix.se:8087/") + self.conf = config_factory("sp", "server_conf") + self.ar = authn_response(self.conf, "http://lingon.catalogix.se:8087/") def test_verify_1(self): xml_response = ("%s" % (self._resp_,)).split("\n")[1] diff --git a/tests/test_50_server.py b/tests/test_50_server.py index 9687386..f2e82a0 100644 --- a/tests/test_50_server.py +++ b/tests/test_50_server.py @@ -59,13 +59,10 @@ class TestIdentifier(): class TestServer1(): def setup_class(self): - self.server = Server("idp.config") + self.server = Server("idp_conf") conf = config.SPConfig() - try: - conf.load_file("tests/server.config") - except IOError: - conf.load_file("server.config") + conf.load_file("server_conf") self.client = client.Saml2Client(conf) def test_issuer(self): @@ -352,10 +349,10 @@ class TestServer1(): self.client.users.add_information_about_person(sinfo) logout_request = self.client.construct_logout_request( - subject_id="foba0001", - destination = "http://localhost:8088/slo", - entity_id = "urn:mace:example.com:saml:roland:idp", - reason = "I'm tired of this") + subject_id="foba0001", + destination = "http://localhost:8088/slo", + issuer_entity_id = "urn:mace:example.com:saml:roland:idp", + reason = "I'm tired of this") intermed = s_utils.deflate_and_base64_encode("%s" % (logout_request,)) @@ -374,21 +371,19 @@ class TestServer1(): "surName": "Laport", } } - conf = config.SPConfig() - conf.load_file("server2.config") - sp = client.Saml2Client(conf) + sp = client.Saml2Client(config_file="server_conf") sp.users.add_information_about_person(sinfo) logout_request = sp.construct_logout_request(subject_id = "foba0001", - destination = "http://localhost:8088/slo", - entity_id = "urn:mace:example.com:saml:roland:idp", - reason = "I'm tired of this") + destination = "http://localhost:8088/slo", + issuer_entity_id = "urn:mace:example.com:saml:roland:idp", + reason = "I'm tired of this") intermed = s_utils.deflate_and_base64_encode("%s" % (logout_request,)) saml_soap = make_soap_enveloped_saml_thingy(logout_request) - idp = Server("idp_soap.conf") + idp = Server("idp_soap_conf") request = idp.parse_logout_request(saml_soap) assert request @@ -400,11 +395,8 @@ IDENTITY = {"eduPersonAffiliation": ["staff", "member"], class TestServer2(): def setup_class(self): - try: - self.server = Server("restrictive_idp.config") - except IOError, e: - self.server = Server("tests/restrictive_idp.config") - + self.server = Server("restrictive_idp_conf") + def test_do_aa_reponse(self): aa_policy = self.server.conf.policy print aa_policy.__dict__ @@ -444,16 +436,16 @@ def _logout_request(conf_file): sp.users.add_information_about_person(sinfo) return sp.construct_logout_request( - subject_id = "foba0001", - destination = "http://localhost:8088/slo", - entity_id = "urn:mace:example.com:saml:roland:idp", - reason = "I'm tired of this") + subject_id = "foba0001", + destination = "http://localhost:8088/slo", + issuer_entity_id = "urn:mace:example.com:saml:roland:idp", + reason = "I'm tired of this") class TestServerLogout(): def test_1(self): - server = Server("idp_slo_redirect.conf") - request = _logout_request("sp_slo_redirect.conf") + server = Server("idp_slo_redirect_conf") + request = _logout_request("sp_slo_redirect_conf") print request bindings = [BINDING_HTTP_REDIRECT] (resp, headers, message) = server.logout_response(request, bindings) diff --git a/tests/test_51_client.py b/tests/test_51_client.py index 64c9a03..c09af87 100644 --- a/tests/test_51_client.py +++ b/tests/test_51_client.py @@ -8,7 +8,7 @@ from saml2.client import Saml2Client, LogoutError from saml2 import samlp, BINDING_HTTP_POST from saml2 import BINDING_SOAP from saml2 import saml, config, class_name -#from saml2.sigver import correctly_signed_authn_request, verify_signature +#from saml2.sigver import correctly_signed_authn_request from saml2.server import Server from saml2.s_utils import decode_base64_and_inflate from saml2.time_util import in_a_while @@ -16,8 +16,7 @@ from saml2.sigver import xmlsec_version from py.test import raises -import os - + def for_me(condition, me ): for restriction in condition.audience_restriction: audience = restriction.audience @@ -56,13 +55,10 @@ REQ1 = { "1.2.14": """ class TestClient: def setup_class(self): - self.server = Server("idp.config") + self.server = Server("idp_conf") conf = config.SPConfig() - try: - conf.load_file("tests/server.config") - except IOError: - conf.load_file("server.config") + conf.load_file("server_conf") self.client = Saml2Client(conf) def test_create_attribute_query1(self): @@ -153,7 +149,7 @@ class TestClient: nameid_format=saml.NAMEID_FORMAT_TRANSIENT) # since no one is answering on the other end - assert req == None + assert req is None # def test_idp_entry(self): # idp_entry = self.client.idp_entry(name="UmeƄ Universitet", @@ -237,7 +233,7 @@ class TestClient: assert signed_info.reference[0].digest_value print "------------------------------------------------" try: - assert correctly_signed_authn_request(ar_str, + assert self.client.sec.correctly_signed_authn_request(ar_str, self.client.config.xmlsec_binary, self.client.config.metadata) except Exception: # missing certificate @@ -261,10 +257,9 @@ class TestClient: resp_str = base64.encodestring(resp_str) authn_response = self.client.response({"SAMLResponse":resp_str}, - "urn:mace:example.com:saml:roland:sp", {"id1":"http://foo.example.com/service"}) - assert authn_response != None + assert authn_response is not None assert authn_response.issuer() == IDP assert authn_response.response.assertion[0].issuer.text == IDP session_info = authn_response.session_info() @@ -299,8 +294,7 @@ class TestClient: resp_str = base64.encodestring(resp_str) - authn_response = self.client.response({"SAMLResponse":resp_str}, - "urn:mace:example.com:saml:roland:sp", + self.client.response({"SAMLResponse":resp_str}, {"id2":"http://foo.example.com/service"}) # Two persons in the cache @@ -332,7 +326,7 @@ class TestClient: (sid, response) = self.client.authenticate( "urn:mace:example.com:saml:roland:idp", "http://www.example.com/relay_state") - assert sid != None + assert sid is not None assert response[0] == "Location" o = urlparse(response[1]) qdict = parse_qs(o.query) @@ -344,7 +338,7 @@ class TestClient: def test_authenticate_no_args(self): (sid, request) = self.client.authenticate(relay_state="http://www.example.com/relay_state") - assert sid != None + assert sid is not None assert request[0] == "Location" o = urlparse(request[1]) qdict = parse_qs(o.query) @@ -404,7 +398,7 @@ class TestClient: """ one IdP/AA with BINDING_SOAP, can't actually send something""" conf = config.SPConfig() - conf.load_file("server2.config") + conf.load_file("server2_conf") client = Saml2Client(conf) # information about the user from an IdP @@ -433,7 +427,7 @@ class TestClient: """ two or more IdP/AA with BINDING_HTTP_REDIRECT""" conf = config.SPConfig() - conf.load_file("server3.config") + conf.load_file("server3_conf") client = Saml2Client(conf) # information about the user from an IdP diff --git a/tests/test_60_sp.py b/tests/test_60_sp.py index c6de169..01b9893 100644 --- a/tests/test_60_sp.py +++ b/tests/test_60_sp.py @@ -33,8 +33,8 @@ ENV1 = {'SERVER_SOFTWARE': 'CherryPy/3.1.2 WSGI Server', class TestSP(): def setup_class(self): - self.sp = make_plugin("rem", saml_conf="server.config") - self.server = Server("idp.config") + self.sp = make_plugin("rem", saml_conf="server_conf") + self.server = Server(config_file="idp_conf") def test_setup(self): assert self.sp diff --git a/tests/test_61_makemeta.py b/tests/test_61_makemeta.py index ffb8cf2..523bb80 100644 --- a/tests/test_61_makemeta.py +++ b/tests/test_61_makemeta.py @@ -9,36 +9,43 @@ def _eq(l1,l2): return set(l1) == set(l2) SP = { - "type": "sp", "name" : "Rolands SP", "description": "One of the best SPs in business", - "endpoints": { - "single_logout_service" : ["http://localhost:8087/logout"], - "assertion_consumer_service" : [{"location":"http://localhost:8087/", - "binding":BINDING_HTTP_POST},] + "service": { + "sp": { + "endpoints": { + "single_logout_service" : ["http://localhost:8087/logout"], + "assertion_consumer_service" : [{"location":"http://localhost:8087/", + "binding":BINDING_HTTP_POST},] + }, + "required_attributes": ["sn", "givenName", "mail"], + "optional_attributes": ["title"], + "idp": { + "" : "https://example.com/saml2/idp/SSOService.php", + }, + } }, - "required_attributes": ["sn", "givenName", "mail"], - "optional_attributes": ["title"], "attribute_map_dir" : "attributemaps", - "idp": { - "" : "https://example.com/saml2/idp/SSOService.php", - }, } IDP = { "name" : "Rolands IdP", - "endpoints": { - "single_sign_on_service" : ["http://localhost:8088/sso"], - }, - "policy": { - "default": { - "lifetime": {"minutes":15}, - "attribute_restrictions": None, # means all I have - "name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", - }, - "urn:mace:example.com:saml:roland:sp": { - "lifetime": {"minutes": 5}, - "nameid_format": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "service": { + "idp": { + "endpoints": { + "single_sign_on_service" : ["http://localhost:8088/sso"], + }, + "policy": { + "default": { + "lifetime": {"minutes":15}, + "attribute_restrictions": None, # means all I have + "name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", + }, + "urn:mace:example.com:saml:roland:sp": { + "lifetime": {"minutes": 5}, + "nameid_format": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + } + } } } } @@ -109,7 +116,7 @@ def test_contact_0(): assert person.email_address[0].text == "foo@eample.com" def test_do_endpoints(): - eps = metadata.do_endpoints(SP["endpoints"], + eps = metadata.do_endpoints(SP["service"]["sp"]["endpoints"], metadata.ENDPOINTS["sp"]) print eps assert _eq(eps.keys(), ["assertion_consumer_service", @@ -130,9 +137,10 @@ def test_do_endpoints(): def test_required_attributes(): attrconverters = ac_factory("../tests/attributemaps") - ras = metadata.do_requested_attribute(SP["required_attributes"], - attrconverters, is_required="true") - assert len(ras) == len(SP["required_attributes"]) + ras = metadata.do_requested_attribute( + SP["service"]["sp"]["required_attributes"], + attrconverters, is_required="true") + assert len(ras) == len(SP["service"]["sp"]["required_attributes"]) print ras[0] assert ras[0].name == 'urn:oid:2.5.4.4' assert ras[0].name_format == NAME_FORMAT_URI @@ -140,9 +148,10 @@ def test_required_attributes(): def test_optional_attributes(): attrconverters = ac_factory("../tests/attributemaps") - ras = metadata.do_requested_attribute(SP["optional_attributes"], - attrconverters) - assert len(ras) == len(SP["optional_attributes"]) + ras = metadata.do_requested_attribute( + SP["service"]["sp"]["optional_attributes"], + attrconverters) + assert len(ras) == len(SP["service"]["sp"]["optional_attributes"]) print ras[0] assert ras[0].name == 'urn:oid:2.5.4.12' assert ras[0].name_format == NAME_FORMAT_URI @@ -177,7 +186,7 @@ def test_do_sp_sso_descriptor(): def test_entity_description(): #confd = eval(open("../tests/server.config").read()) - confd = SPConfig().load_file("server.config") + confd = SPConfig().load_file("server_conf") print confd.attribute_converters entd = metadata.entity_descriptor(confd, 1) assert entd != None