Add version attribute to the SAML2 Assertion object.

Attribute ``version`` in the SAML2 Assertion should be non-empty. Change-Id: I46f4b0c45e38cc1315e320369a2ba7d2279eb16f Closes-Bug: #1373961
2014-09-25 17:53:17 +02:00 · 2014-09-25 17:53:17 +02:00 · 1e985609f7
parent d8d1477d83
commit 1e985609f7
3 changed files with 19 additions and 1 deletions
--- a/keystone/contrib/federation/idp.py
+++ b/keystone/contrib/federation/idp.py
@ -262,6 +262,7 @@ class SAMLGenerator(object):
        assertion = saml.Assertion()
        assertion.id = self.assertion_id
        assertion.issue_instant = timeutils.isotime()
+        assertion.version = '2.0'
        assertion.issuer = issuer
        assertion.signature = signature
        assertion.subject = subject
--- a/keystone/tests/saml2/signed_saml2_assertion.xml
+++ b/keystone/tests/saml2/signed_saml2_assertion.xml
@ -1,4 +1,4 @@
-<ns0:Assertion xmlns:ns0="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="9a22528bfe194b2880edce5d60414d6a" IssueInstant="2014-08-19T10:53:57Z">
+<ns0:Assertion xmlns:ns0="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="9a22528bfe194b2880edce5d60414d6a" IssueInstant="2014-08-19T10:53:57Z" Version="2.0">
  <ns0:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://acme.com/FIM/sps/openstack/saml20</ns0:Issuer>
  <ns1:Signature>
    <ns1:SignedInfo>
--- a/keystone/tests/test_v3_federation.py
+++ b/keystone/tests/test_v3_federation.py
@ -1665,6 +1665,7 @@ class SAMLGenerationTests(FederationTests):
    ROLES = ['admin', 'member']
    PROJECT = 'development'
    SAML_GENERATION_ROUTE = '/auth/OS-FEDERATION/saml2'
+    ASSERTION_VERSION = "2.0"

    def setUp(self):
        super(SAMLGenerationTests, self).setUp()
@ -1704,6 +1705,22 @@ class SAMLGenerationTests(FederationTests):
        self.assertEqual(self.PROJECT,
                         project_attribute.attribute_value[0].text)

+    def test_verify_assertion_object(self):
+        """Test if the Assertion object is build properly.
+
+        The Assertion doesn't need to be signed in this test, so
+        _sign_assertion method is patched and doesn't alter the assertion.
+
+        """
+        with mock.patch.object(keystone_idp, '_sign_assertion',
+                               side_effect=lambda x: x):
+            generator = keystone_idp.SAMLGenerator()
+            response = generator.samlize_token(self.ISSUER, self.RECIPIENT,
+                                               self.SUBJECT, self.ROLES,
+                                               self.PROJECT)
+        assertion = response.assertion
+        self.assertEqual(self.ASSERTION_VERSION, assertion.version)
+
    def test_valid_saml_xml(self):
        """Test the generated SAML object can become valid XML.