diff options
author | Jenkins <jenkins@review.openstack.org> | 2014-09-27 22:24:55 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2014-09-27 22:24:55 +0000 |
commit | e064ed693c754a8733b5cc93630285aa823092d2 (patch) | |
tree | 08aa928c0516f00c441a26062c5db1a8ddda403a | |
parent | 7dfccb705ac9c0cbcd7394bf37b356d84dbaa0ba (diff) | |
parent | 1e985609f7535e340acd1d571d281644785338f2 (diff) | |
download | keystone-e064ed693c754a8733b5cc93630285aa823092d2.tar.gz |
Merge "Add version attribute to the SAML2 Assertion object."
-rw-r--r-- | keystone/contrib/federation/idp.py | 1 | ||||
-rw-r--r-- | keystone/tests/saml2/signed_saml2_assertion.xml | 2 | ||||
-rw-r--r-- | keystone/tests/test_v3_federation.py | 17 |
3 files changed, 19 insertions, 1 deletions
diff --git a/keystone/contrib/federation/idp.py b/keystone/contrib/federation/idp.py index 4118ce6cd..c9c20c910 100644 --- a/keystone/contrib/federation/idp.py +++ b/keystone/contrib/federation/idp.py @@ -262,6 +262,7 @@ class SAMLGenerator(object): assertion = saml.Assertion() assertion.id = self.assertion_id assertion.issue_instant = timeutils.isotime() + assertion.version = '2.0' assertion.issuer = issuer assertion.signature = signature assertion.subject = subject diff --git a/keystone/tests/saml2/signed_saml2_assertion.xml b/keystone/tests/saml2/signed_saml2_assertion.xml index a7fce8ab0..410f93888 100644 --- a/keystone/tests/saml2/signed_saml2_assertion.xml +++ b/keystone/tests/saml2/signed_saml2_assertion.xml @@ -1,4 +1,4 @@ -<ns0:Assertion xmlns:ns0="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="9a22528bfe194b2880edce5d60414d6a" IssueInstant="2014-08-19T10:53:57Z"> +<ns0:Assertion xmlns:ns0="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="9a22528bfe194b2880edce5d60414d6a" IssueInstant="2014-08-19T10:53:57Z" Version="2.0"> <ns0:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://acme.com/FIM/sps/openstack/saml20</ns0:Issuer> <ns1:Signature> <ns1:SignedInfo> diff --git a/keystone/tests/test_v3_federation.py b/keystone/tests/test_v3_federation.py index 89c61606a..ae3f48dea 100644 --- a/keystone/tests/test_v3_federation.py +++ b/keystone/tests/test_v3_federation.py @@ -1665,6 +1665,7 @@ class SAMLGenerationTests(FederationTests): ROLES = ['admin', 'member'] PROJECT = 'development' SAML_GENERATION_ROUTE = '/auth/OS-FEDERATION/saml2' + ASSERTION_VERSION = "2.0" def setUp(self): super(SAMLGenerationTests, self).setUp() @@ -1704,6 +1705,22 @@ class SAMLGenerationTests(FederationTests): self.assertEqual(self.PROJECT, project_attribute.attribute_value[0].text) + def test_verify_assertion_object(self): + """Test if the Assertion object is build properly. + + The Assertion doesn't need to be signed in this test, so + _sign_assertion method is patched and doesn't alter the assertion. + + """ + with mock.patch.object(keystone_idp, '_sign_assertion', + side_effect=lambda x: x): + generator = keystone_idp.SAMLGenerator() + response = generator.samlize_token(self.ISSUER, self.RECIPIENT, + self.SUBJECT, self.ROLES, + self.PROJECT) + assertion = response.assertion + self.assertEqual(self.ASSERTION_VERSION, assertion.version) + def test_valid_saml_xml(self): """Test the generated SAML object can become valid XML. |