diff options
| author | Roland Hedberg <roland.hedberg@adm.umu.se> | 2013-04-28 16:59:48 +0200 |
|---|---|---|
| committer | Roland Hedberg <roland.hedberg@adm.umu.se> | 2013-04-28 16:59:48 +0200 |
| commit | 872a26633330b84fce49426ea0961dde399f01dc (patch) | |
| tree | 9d24e6e4493685f0a956d0e5314baa4113d5faad | |
| parent | ee42c42b13f913a37f18b6c106d61ce63f73e503 (diff) | |
| download | pysaml2-872a26633330b84fce49426ea0961dde399f01dc.tar.gz | |
Updated tests to follow the changed way of handling authentication context.
| -rw-r--r-- | src/saml2/server.py | 5 | ||||
| -rw-r--r-- | tests/fakeIDP.py | 53 | ||||
| -rw-r--r-- | tests/test_41_response.py | 67 | ||||
| -rwxr-xr-x | tests/test_43_soap.py | 2 | ||||
| -rw-r--r-- | tests/test_44_authnresp.py | 26 | ||||
| -rw-r--r-- | tests/test_50_server.py | 15 | ||||
| -rw-r--r-- | tests/test_51_client.py | 29 | ||||
| -rw-r--r-- | tests/test_60_sp.py | 9 | ||||
| -rw-r--r-- | tests/test_62_vo.py | 5 | ||||
| -rw-r--r-- | tests/test_63_ecp.py | 31 | ||||
| -rw-r--r-- | tests/test_64_artifact.py | 19 | ||||
| -rw-r--r-- | tests/test_65_authn_query.py | 24 | ||||
| -rw-r--r-- | tests/test_68_assertion_id.py | 24 | ||||
| -rw-r--r-- | tests/test_75_mongodb.py | 12 |
14 files changed, 198 insertions, 123 deletions
diff --git a/src/saml2/server.py b/src/saml2/server.py index e144c4f2..06e88101 100644 --- a/src/saml2/server.py +++ b/src/saml2/server.py @@ -541,8 +541,7 @@ class Server(Entity): in_response_to, destination, sp_entity_id, name_id_policy=None, userid=None, name_id=None, authn=None, - authn_decl=None, issuer=None, - sign_response=False, + issuer=None, sign_response=False, sign_assertion=False, **kwargs): # ---------------------------------------- @@ -560,7 +559,7 @@ class Server(Entity): response = self.create_authn_response(identity, in_response_to, destination, sp_entity_id, name_id_policy, userid, name_id, - authn, authn_decl, issuer, + authn, issuer, sign_response, sign_assertion) body = soapenv.Body() body.extension_elements = [element_to_extension_element(response)] diff --git a/tests/fakeIDP.py b/tests/fakeIDP.py index 971281cd..3114704b 100644 --- a/tests/fakeIDP.py +++ b/tests/fakeIDP.py @@ -1,5 +1,5 @@ from urlparse import parse_qs -from saml2.saml import AUTHN_PASSWORD +from saml2.authn_context import INTERNETPROTOCOLPASSWORD from saml2.samlp import attribute_query_from_string, logout_request_from_string from saml2 import BINDING_HTTP_REDIRECT, pack from saml2 import BINDING_HTTP_POST @@ -16,6 +16,13 @@ TYP = { "POST": [BINDING_HTTP_POST, BINDING_SOAP] } + +AUTHN = { + "class_ref": INTERNETPROTOCOLPASSWORD, + "authn_auth": "http://www.example.com/login" +} + + def unpack_form(_str, ver="SAMLRequest"): SR_STR = "name=\"%s\" value=\"" % ver RS_STR = 'name="RelayState" value="' @@ -32,7 +39,8 @@ def unpack_form(_str, ver="SAMLRequest"): rs = _str[k:l] - return {ver:sr, "RelayState":rs} + return {ver: sr, "RelayState": rs} + class DummyResponse(object): def __init__(self, code, data, headers=None): @@ -40,6 +48,7 @@ class DummyResponse(object): self.text = data self.headers = headers or [] + class FakeIDP(Server): def __init__(self, config_file=""): Server.__init__(self, config_file) @@ -106,21 +115,20 @@ class FakeIDP(Server): except Exception: raise - identity = { "surName":"Hedberg", "givenName": "Roland", - "title": "supertramp", "mail": "roland@example.com"} + identity = {"surName": "Hedberg", "givenName": "Roland", + "title": "supertramp", "mail": "roland@example.com"} userid = "Pavill" authn_resp = self.create_authn_response(identity, - userid=userid, - authn=(AUTHN_PASSWORD, - "http://www.example.com/login"), - **resp_args) + userid=userid, + authn=AUTHN, + **resp_args) response = "%s" % authn_resp _dict = pack.factory(_binding, response, - resp_args["destination"], relay_state, - "SAMLResponse") + resp_args["destination"], relay_state, + "SAMLResponse") return DummyResponse(200, **_dict) def attribute_query_endpoint(self, xml_str, binding): @@ -131,26 +139,27 @@ class FakeIDP(Server): aquery = attribute_query_from_string(_str) extra = {"eduPersonAffiliation": "faculty"} - userid = "Pavill" + #userid = "Pavill" name_id = aquery.subject.name_id attr_resp = self.create_attribute_response(extra, aquery.id, - None, - sp_entity_id=aquery.issuer.text, - name_id=name_id, - attributes=aquery.attribute) + None, + sp_entity_id=aquery.issuer + .text, + name_id=name_id, + attributes=aquery.attribute) if binding == BINDING_SOAP: # SOAP packing #headers = {"content-type": "application/soap+xml"} soap_message = make_soap_enveloped_saml_thingy(attr_resp) -# if self.sign and self.sec: -# _signed = self.sec.sign_statement_using_xmlsec(soap_message, -# class_name(attr_resp), -# nodeid=attr_resp.id) -# soap_message = _signed + # if self.sign and self.sec: + # _signed = self.sec.sign_statement_using_xmlsec(soap_message, + # class_name(attr_resp), + # nodeid=attr_resp.id) + # soap_message = _signed response = "%s" % soap_message - else: # Just POST + else: # Just POST response = "%s" % attr_resp return DummyResponse(200, response) @@ -178,4 +187,4 @@ class FakeIDP(Server): else: # Just POST response = "%s" % _resp - return DummyResponse(200, response) + return DummyResponse(200, response)
\ No newline at end of file diff --git a/tests/test_41_response.py b/tests/test_41_response.py index 6cea539d..e63d7ef8 100644 --- a/tests/test_41_response.py +++ b/tests/test_41_response.py @@ -3,6 +3,7 @@ from saml2 import saml from saml2 import config +from saml2.authn_context import INTERNETPROTOCOLPASSWORD from saml2.server import Server from saml2.response import response_factory @@ -15,54 +16,67 @@ from pytest import raises XML_RESPONSE_FILE = "saml_signed.xml" XML_RESPONSE_FILE2 = "saml2_response.xml" -def _eq(l1,l2): + +def _eq(l1, l2): return set(l1) == set(l2) + IDENTITY = {"eduPersonAffiliation": ["staff", "member"], "surName": ["Jeter"], "givenName": ["Derek"], "mail": ["foo@gmail.com"], "title": ["shortstop"]} + +AUTHN = { + "class_ref": INTERNETPROTOCOLPASSWORD, + "authn_auth": "http://www.example.com/login" +} + + class TestResponse: def setup_class(self): server = Server("idp_conf") name_id = server.ident.transient_nameid( - "urn:mace:example.com:saml:roland:sp","id12") + "urn:mace:example.com:saml:roland:sp", "id12") self._resp_ = server.create_authn_response(IDENTITY, - "id12", # in_response_to - "http://lingon.catalogix.se:8087/", # consumer_url - "urn:mace:example.com:saml:roland:sp", # sp_entity_id - name_id=name_id) - + "id12", # in_response_to + "http://lingon.catalogix.se:8087/", + + # consumer_url + "urn:mace:example" + ".com:saml:roland:sp", + # sp_entity_id + name_id=name_id) + self._sign_resp_ = server.create_authn_response( - IDENTITY, - "id12", # in_response_to - "http://lingon.catalogix.se:8087/", # consumer_url - "urn:mace:example.com:saml:roland:sp", # sp_entity_id - name_id = name_id, - sign_assertion=True) + IDENTITY, + "id12", # in_response_to + "http://lingon.catalogix.se:8087/", # consumer_url + "urn:mace:example.com:saml:roland:sp", # sp_entity_id + name_id=name_id, + sign_assertion=True) self._resp_authn = server.create_authn_response( - IDENTITY, - "id12", # in_response_to - "http://lingon.catalogix.se:8087/", # consumer_url - "urn:mace:example.com:saml:roland:sp", # sp_entity_id - name_id = name_id, - authn=(saml.AUTHN_PASSWORD, - "http://www.example.com/login")) - + IDENTITY, + "id12", # in_response_to + "http://lingon.catalogix.se:8087/", # consumer_url + "urn:mace:example.com:saml:roland:sp", # sp_entity_id + name_id=name_id, + authn=AUTHN) + conf = config.SPConfig() conf.load_file("server_conf") self.conf = conf - + def test_1(self): xml_response = ("%s" % (self._resp_,)) - resp = response_factory(xml_response, self.conf, + resp = response_factory(xml_response, self.conf, return_addr="http://lingon.catalogix.se:8087/", - outstanding_queries={"id12": "http://localhost:8088/sso"}, + outstanding_queries={ + "id12": "http://localhost:8088/sso"}, timeslack=10000, decode=False) - + assert isinstance(resp, StatusResponse) assert isinstance(resp, AuthnResponse) @@ -70,7 +84,8 @@ class TestResponse: xml_response = self._sign_resp_ resp = response_factory(xml_response, self.conf, return_addr="http://lingon.catalogix.se:8087/", - outstanding_queries={"id12": "http://localhost:8088/sso"}, + outstanding_queries={ + "id12": "http://localhost:8088/sso"}, timeslack=10000, decode=False) assert isinstance(resp, StatusResponse) diff --git a/tests/test_43_soap.py b/tests/test_43_soap.py index d54181fa..4cde3d6a 100755 --- a/tests/test_43_soap.py +++ b/tests/test_43_soap.py @@ -36,6 +36,7 @@ example = """<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/"> </Envelope> """ + def test_parse_soap_envelope(): envelope = ElementTree.fromstring(example) assert envelope.tag == '{%s}Envelope' % NAMESPACE @@ -48,6 +49,7 @@ def test_parse_soap_envelope(): assert saml_part.tag == '{%s}Response' % SAMLP_NAMESPACE # {http://schemas.xmlsoap.org/soap/envelope/}Envelope + def test_make_soap_envelope(): envelope = ElementTree.Element('') envelope.tag = '{%s}Envelope' % NAMESPACE diff --git a/tests/test_44_authnresp.py b/tests/test_44_authnresp.py index 2059ba18..c6c405a3 100644 --- a/tests/test_44_authnresp.py +++ b/tests/test_44_authnresp.py @@ -1,6 +1,6 @@ #!/usr/bin/env python # -*- coding: utf-8 -*- -from saml2.saml import AUTHN_PASSWORD +from saml2.authn_context import INTERNETPROTOCOLPASSWORD from saml2 import saml from saml2.server import Server @@ -12,7 +12,8 @@ from pathutils import dotname, full_path XML_RESPONSE_FILE = full_path("saml_signed.xml") XML_RESPONSE_FILE2 = full_path("saml2_response.xml") -def _eq(l1,l2): + +def _eq(l1, l2): return set(l1) == set(l2) IDENTITY = {"eduPersonAffiliation": ["staff", "member"], @@ -20,36 +21,41 @@ IDENTITY = {"eduPersonAffiliation": ["staff", "member"], "mail": ["foo@gmail.com"], "title": ["shortstop"]} +AUTHN = { + "class_ref": INTERNETPROTOCOLPASSWORD, + "authn_auth": "http://www.example.com/login" +} + + class TestAuthnResponse: def setup_class(self): server = Server(dotname("idp_conf")) name_id = server.ident.transient_nameid( "urn:mace:example.com:saml:roland:sp","id12") - authn = (AUTHN_PASSWORD, "http://www.example.com/login") self._resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id - name_id = name_id, - authn=authn) + name_id=name_id, + authn=AUTHN) self._sign_resp_ = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id - name_id = name_id, sign_assertion=True, - authn=authn) + name_id=name_id, sign_assertion=True, + authn=AUTHN) self._resp_authn = server.create_authn_response( IDENTITY, "id12", # in_response_to "http://lingon.catalogix.se:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id - name_id = name_id, - authn=authn) + name_id=name_id, + authn=AUTHN) self.conf = config_factory("sp", dotname("server_conf")) self.conf.only_use_keys_in_metadata = False @@ -115,7 +121,7 @@ class TestAuthnResponse: assert len(self.ar.assertion.authn_statement) == 1 authn_info = self.ar.authn_info() assert len(authn_info) == 1 - assert authn_info[0][0] == saml.AUTHN_PASSWORD + assert authn_info[0][0] == INTERNETPROTOCOLPASSWORD assert authn_info[0][1] == ["http://www.example.com/login"] session_info = self.ar.session_info() assert session_info["authn_info"] == authn_info diff --git a/tests/test_50_server.py b/tests/test_50_server.py index c02b3722..d857b5c7 100644 --- a/tests/test_50_server.py +++ b/tests/test_50_server.py @@ -2,7 +2,8 @@ # -*- coding: utf-8 -*- import base64 from urlparse import parse_qs -from saml2.saml import AUTHN_PASSWORD, NameID, NAMEID_FORMAT_TRANSIENT +from saml2.authn_context import INTERNETPROTOCOLPASSWORD +from saml2.saml import NameID, NAMEID_FORMAT_TRANSIENT from saml2.samlp import response_from_string from saml2.server import Server @@ -21,6 +22,11 @@ from py.test import raises nid = NameID(name_qualifier="foo", format=NAMEID_FORMAT_TRANSIENT, text="123456") +AUTHN = { + "class_ref": INTERNETPROTOCOLPASSWORD, + "authn_auth": "http://www.example.com/login" +} + def _eq(l1, l2): return set(l1) == set(l2) @@ -192,7 +198,7 @@ class TestServer1(): "http://localhost:8087/", # destination "urn:mace:example.com:saml:roland:sp", # sp_entity_id name_id=name_id, - authn=(AUTHN_PASSWORD, "http://www.example.com/login") + authn=AUTHN ) print resp.keyswv() @@ -239,7 +245,7 @@ class TestServer1(): "http://localhost:8087/", # consumer_url "urn:mace:example.com:saml:roland:sp", # sp_entity_id userid="USER1", - authn=(AUTHN_PASSWORD, "http://www.example.com/login") + authn=AUTHN ) print resp.keyswv() @@ -287,8 +293,7 @@ class TestServer1(): resp_str = "%s" % self.server.create_authn_response( ava, "id1", "http://local:8087/", "urn:mace:example.com:saml:roland:sp", npolicy, - "foba0001@example.com", authn=(AUTHN_PASSWORD, - "http://www.example.com/login")) + "foba0001@example.com", authn=AUTHN) response = samlp.response_from_string(resp_str) print response.keyswv() diff --git a/tests/test_51_client.py b/tests/test_51_client.py index 548c8965..d089ebd1 100644 --- a/tests/test_51_client.py +++ b/tests/test_51_client.py @@ -4,6 +4,7 @@ import base64 import urllib import urlparse +from saml2.authn_context import INTERNETPROTOCOLPASSWORD from saml2.response import LogoutResponse from saml2.client import Saml2Client @@ -12,7 +13,6 @@ from saml2 import saml, config, class_name from saml2.config import SPConfig from saml2.saml import NAMEID_FORMAT_PERSISTENT from saml2.saml import NAMEID_FORMAT_TRANSIENT -from saml2.saml import AUTHN_PASSWORD from saml2.saml import NameID from saml2.server import Server from saml2.time_util import in_a_while @@ -21,6 +21,12 @@ from py.test import raises from fakeIDP import FakeIDP, unpack_form +AUTHN = { + "class_ref": INTERNETPROTOCOLPASSWORD, + "authn_auth": "http://www.example.com/login" +} + + def for_me(condition, me ): for restriction in condition.audience_restriction: audience = restriction.audience @@ -59,7 +65,6 @@ REQ1 = { "1.2.14": """<?xml version='1.0' encoding='UTF-8'?> "1.2.16":"""<?xml version='1.0' encoding='UTF-8'?> <ns0:AttributeQuery xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion" Destination="https://idp.example.com/idp/" ID="id1" IssueInstant="%s" Version="2.0"><ns1:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:mace:example.com:saml:roland:sp</ns1:Issuer><ns1:Subject><ns1:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">E8042FB4-4D5B-48C3-8E14-8EDD852790DD</ns1:NameID></ns1:Subject></ns0:AttributeQuery>"""} -AUTHN = (AUTHN_PASSWORD, "http://www.example.com/login") nid = NameID(name_qualifier="foo", format=NAMEID_FORMAT_TRANSIENT, text="123456") @@ -223,10 +228,10 @@ class TestClient: assert signed_info.reference[0].digest_value print "------------------------------------------------" try: - assert self.client.sec.correctly_signed_authn_request(ar_str, - self.client.config.xmlsec_binary, - self.client.config.metadata) - except Exception: # missing certificate + assert self.client.sec.correctly_signed_authn_request( + ar_str, self.client.config.xmlsec_binary, + self.client.config.metadata) + except Exception: # missing certificate self.client.sec.verify_signature(ar_str, node_name=class_name(ar)) def test_response(self): @@ -299,7 +304,8 @@ class TestClient: # Two persons in the cache assert len(self.client.users.subjects()) == 2 - issuers = [self.client.users.issuers_of_info(s) for s in self.client.users.subjects()] + issuers = [self.client.users.issuers_of_info(s) for s in + self.client.users.subjects()] # The information I have about the subjects comes from the same source print issuers assert issuers == [[IDP], [IDP]] @@ -348,7 +354,8 @@ class TestClientWithDummy(): redirect_url = http_args["headers"][0][1] _, _, _, _, qs, _ = urlparse.urlparse(redirect_url) qs_dict = urlparse.parse_qs(qs) - req = self.server.parse_authn_request(qs_dict["SAMLRequest"][0], binding) + req = self.server.parse_authn_request(qs_dict["SAMLRequest"][0], + binding) resp_args = self.server.response_args(req.message, [response_binding]) assert resp_args["binding"] == response_binding @@ -384,8 +391,8 @@ class TestClientWithDummy(): assert isinstance(response, LogoutResponse) def test_post_sso(self): - binding=BINDING_HTTP_POST - response_binding=BINDING_HTTP_POST + binding = BINDING_HTTP_POST + response_binding = BINDING_HTTP_POST sid, http_args = self.client.prepare_for_authenticate( "urn:mace:example.com:saml:roland:idp", relay_state="really", binding=binding, response_binding=response_binding) @@ -414,7 +421,7 @@ class TestClientWithDummy(): ac = resp.assertion.authn_statement[0].authn_context assert ac.authenticating_authority[0].text == \ 'http://www.example.com/login' - assert ac.authn_context_class_ref.text == AUTHN_PASSWORD + assert ac.authn_context_class_ref.text == INTERNETPROTOCOLPASSWORD # if __name__ == "__main__": diff --git a/tests/test_60_sp.py b/tests/test_60_sp.py index 604882fa..01fed1d2 100644 --- a/tests/test_60_sp.py +++ b/tests/test_60_sp.py @@ -2,7 +2,8 @@ # -*- coding: utf-8 -*- import base64 -from saml2.saml import NAMEID_FORMAT_TRANSIENT, AUTHN_PASSWORD +from saml2.authn_context import INTERNETPROTOCOLPASSWORD +from saml2.saml import NAMEID_FORMAT_TRANSIENT from saml2.samlp import NameIDPolicy from s2repoze.plugins.sp import make_plugin from saml2.server import Server @@ -35,7 +36,11 @@ ENV1 = {'SERVER_SOFTWARE': 'CherryPy/3.1.2 WSGI Server', trans_name_policy = NameIDPolicy(format=NAMEID_FORMAT_TRANSIENT, allow_create="true") -AUTHN = (AUTHN_PASSWORD, "http://www.example.com/login") +AUTHN = { + "class_ref": INTERNETPROTOCOLPASSWORD, + "authn_auth": "http://www.example.com/login" +} + class TestSP(): def setup_class(self): diff --git a/tests/test_62_vo.py b/tests/test_62_vo.py index b0ad0c22..57c8b4bb 100644 --- a/tests/test_62_vo.py +++ b/tests/test_62_vo.py @@ -1,4 +1,5 @@ -from saml2.saml import NameID, NAMEID_FORMAT_TRANSIENT +from saml2.saml import NameID +from saml2.saml import NAMEID_FORMAT_TRANSIENT __author__ = 'rolandh' @@ -12,7 +13,7 @@ SESSION_INFO_PATTERN = {"ava": {}, "came from": "", "not_on_or_after": 0, nid = NameID(name_qualifier="foo", format=NAMEID_FORMAT_TRANSIENT, text="abcdefgh") nid0 = NameID(name_qualifier="foo", format=NAMEID_FORMAT_TRANSIENT, - text="01234567") + text="01234567") def add_derek_info(sp): diff --git a/tests/test_63_ecp.py b/tests/test_63_ecp.py index 571ee6ca..b423e522 100644 --- a/tests/test_63_ecp.py +++ b/tests/test_63_ecp.py @@ -1,4 +1,4 @@ -from saml2.saml import AUTHN_PASSWORD +from saml2.authn_context import INTERNETPROTOCOLPASSWORD from saml2.httpbase import set_list2dict from saml2.profile.ecp import RelayState from saml2.profile.paos import Request @@ -19,6 +19,11 @@ from pathutils import dotname, full_path, xmlsec_path __author__ = 'rolandh' +AUTHN = { + "class_ref": INTERNETPROTOCOLPASSWORD, + "authn_auth": "http://www.example.com/login" +} + def _eq(l1, l2): if len(l1) == len(l2): return set(l1) == set(l2) @@ -54,7 +59,7 @@ def test_complete_flow(): assert sp.can_handle_ecp_response(response) - id, message = sp.create_ecp_authn_request(IDP_ENTITY_ID, relay_state="XYZ") + sid, message = sp.create_ecp_authn_request(IDP_ENTITY_ID, relay_state="XYZ") # ------------ @Client ----------------------------- @@ -86,17 +91,15 @@ def test_complete_flow(): [BINDING_PAOS], entity_id=sp_entity_id) - resp = idp.create_ecp_authn_request_response(destination, - { - "eduPersonEntitlement": "Short stop", - "surName": "Jeter", - "givenName": "Derek", - "mail": "derek.jeter@nyy.mlb.com", - "title": "The man" - }, - req.message.id, destination, sp_entity_id, - name_id=name_id, authn=(AUTHN_PASSWORD, - "http://www.example.com/login")) + resp = idp.create_ecp_authn_request_response( + destination, {"eduPersonEntitlement": "Short stop", + "surName": "Jeter", + "givenName": "Derek", + "mail": "derek.jeter@nyy.mlb.com", + "title": "The man" + }, + req.message.id, destination, sp_entity_id, + name_id=name_id, authn=AUTHN) # ------------ @Client ----------------------------- # The client got the response from the IDP repackage and send it to the SP @@ -134,7 +137,7 @@ def test_complete_flow(): # parse the response - resp = sp.parse_authn_request_response(respdict["body"], None, {id: "/"}) + resp = sp.parse_authn_request_response(respdict["body"], None, {sid: "/"}) print resp.response diff --git a/tests/test_64_artifact.py b/tests/test_64_artifact.py index f0220db4..65edaebe 100644 --- a/tests/test_64_artifact.py +++ b/tests/test_64_artifact.py @@ -2,10 +2,10 @@ import base64 from hashlib import sha1 from urlparse import urlparse from urlparse import parse_qs -from saml2.saml import AUTHN_PASSWORD from saml2 import BINDING_HTTP_ARTIFACT from saml2 import BINDING_SOAP from saml2 import BINDING_HTTP_POST +from saml2.authn_context import INTERNETPROTOCOLPASSWORD from saml2.client import Saml2Client from saml2.entity import create_artifact @@ -17,6 +17,13 @@ __author__ = 'rolandh' TAG1 = "name=\"SAMLRequest\" value=" + +AUTHN = { + "class_ref": INTERNETPROTOCOLPASSWORD, + "authn_auth": "http://www.example.com/login" +} + + def get_msg(hinfo, binding, response=False): if binding == BINDING_SOAP: msg = hinfo["data"] @@ -43,6 +50,7 @@ def get_msg(hinfo, binding, response=False): return msg + def test_create_artifact(): b64art = create_artifact("http://sp.example.com/saml.xml", "aabbccddeeffgghhiijj") @@ -57,6 +65,7 @@ def test_create_artifact(): SP = 'urn:mace:example.com:saml:roland:sp' + def test_create_artifact_resolve(): b64art = create_artifact(SP, "aabbccddeeffgghhiijj", 1) artifact = base64.b64decode(b64art) @@ -88,8 +97,9 @@ def test_create_artifact_resolve(): assert ar.artifact.text == b64art + def test_artifact_flow(): - SP = 'urn:mace:example.com:saml:roland:sp' + #SP = 'urn:mace:example.com:saml:roland:sp' sp = Saml2Client(config_file="servera_conf") idp = Server(config_file="idp_all_conf") @@ -164,8 +174,7 @@ def test_artifact_flow(): "mail": "derek.jeter@nyy.mlb.com", "title": "The man"}, name_id=name_id, - authn=(AUTHN_PASSWORD, - "http://www.example.com/login"), + authn=AUTHN, **resp_args) print response @@ -207,7 +216,7 @@ def test_artifact_flow(): assert ar.artifact.text == artifact3 # The IDP retrieves the response from the database using the artifact as the key - oreq = idp.artifact[ar.artifact.text] + #oreq = idp.artifact[ar.artifact.text] binding, destination = idp.pick_binding("artifact_resolution_service", entity_id=sp.config.entityid) diff --git a/tests/test_65_authn_query.py b/tests/test_65_authn_query.py index 16930003..74a2b46e 100644 --- a/tests/test_65_authn_query.py +++ b/tests/test_65_authn_query.py @@ -3,11 +3,12 @@ from saml2 import BINDING_SOAP, BINDING_HTTP_POST __author__ = 'rolandh' -from saml2.samlp import RequestedAuthnContext, AuthnRequest, NameIDPolicy +from saml2.authn_context import INTERNETPROTOCOLPASSWORD +from saml2.authn_context import requested_authn_context +from saml2.samlp import AuthnRequest +from saml2.samlp import NameIDPolicy from saml2.samlp import AuthnQuery from saml2.client import Saml2Client -from saml2.saml import AUTHN_PASSWORD -from saml2.saml import AuthnContextClassRef from saml2.saml import Subject from saml2.saml import NameID from saml2.saml import NAMEID_FORMAT_TRANSIENT @@ -16,6 +17,12 @@ from saml2.server import Server TAG1 = "name=\"SAMLRequest\" value=" +AUTHN = { + "class_ref": INTERNETPROTOCOLPASSWORD, + "authn_auth": "http://www.example.com/login" +} + + def get_msg(hinfo, binding): if binding == BINDING_SOAP: xmlstr = hinfo["data"] @@ -41,9 +48,7 @@ def test_basic(): srvs = sp.metadata.authn_query_service(idp.config.entityid) destination = srvs[0]["location"] - authn_context = [RequestedAuthnContext( - authn_context_class_ref=AuthnContextClassRef( - text=AUTHN_PASSWORD))] + authn_context = requested_authn_context(INTERNETPROTOCOLPASSWORD) subject = Subject(text="abc", name_id=NameID(format=NAMEID_FORMAT_TRANSIENT)) @@ -80,8 +85,7 @@ def test_flow(): destination, sp.config.entityid, name_id=name_id, - authn=(AUTHN_PASSWORD, - "http://www.example.com/login")) + authn=AUTHN) hinfo = idp.apply_binding(binding, "%s" % resp, destination, relay_state) @@ -94,9 +98,7 @@ def test_flow(): binding, destination = sp.pick_binding("authn_query_service", entity_id=idp.config.entityid) - authn_context = [RequestedAuthnContext( - authn_context_class_ref=AuthnContextClassRef( - text=AUTHN_PASSWORD))] + authn_context = requested_authn_context(INTERNETPROTOCOLPASSWORD) subject = aresp.assertion.subject diff --git a/tests/test_68_assertion_id.py b/tests/test_68_assertion_id.py index 96121528..0582fd41 100644 --- a/tests/test_68_assertion_id.py +++ b/tests/test_68_assertion_id.py @@ -1,8 +1,9 @@ from urlparse import parse_qs from urlparse import urlparse +from saml2.authn_context import INTERNETPROTOCOLPASSWORD from saml2.samlp import AuthnRequest from saml2.samlp import NameIDPolicy -from saml2.saml import AUTHN_PASSWORD, Assertion +from saml2.saml import Assertion from saml2.saml import NAMEID_FORMAT_TRANSIENT from saml2 import BINDING_HTTP_POST from saml2 import BINDING_URI @@ -14,6 +15,13 @@ __author__ = 'rolandh' TAG1 = "name=\"SAMLRequest\" value=" + +AUTHN = { + "class_ref": INTERNETPROTOCOLPASSWORD, + "authn_auth": "http://www.example.com/login" +} + + def get_msg(hinfo, binding, response=False): if binding == BINDING_SOAP: msg = hinfo["data"] @@ -29,12 +37,13 @@ def get_msg(hinfo, binding, response=False): else: msg = "" return parse_qs(hinfo["url"].split("?")[1])["ID"][0] - else: # BINDING_HTTP_REDIRECT + else: # BINDING_HTTP_REDIRECT parts = urlparse(hinfo["headers"][0][1]) msg = parse_qs(parts.query)["SAMLRequest"][0] return msg + def test_basic_flow(): sp = Saml2Client(config_file="servera_conf") idp = Server(config_file="idp_all_conf") @@ -43,9 +52,9 @@ def test_basic_flow(): relay_state = "FOO" # -- dummy request --- - orig_req = AuthnRequest(issuer=sp._issuer(), - name_id_policy=NameIDPolicy(allow_create="true", - format=NAMEID_FORMAT_TRANSIENT)) + orig_req = AuthnRequest( + issuer=sp._issuer(), name_id_policy=NameIDPolicy( + allow_create="true", format=NAMEID_FORMAT_TRANSIENT)) # == Create an AuthnRequest response @@ -62,8 +71,7 @@ def test_basic_flow(): destination, sp.config.entityid, name_id=name_id, - authn=(AUTHN_PASSWORD, - "http://www.example.com/login")) + authn=AUTHN) hinfo = idp.apply_binding(binding, "%s" % resp, destination, relay_state) @@ -72,7 +80,7 @@ def test_basic_flow(): xmlstr = get_msg(hinfo, binding) aresp = sp.parse_authn_request_response(xmlstr, binding, - {resp.in_response_to :"/"}) + {resp.in_response_to: "/"}) # == Look for assertion X diff --git a/tests/test_75_mongodb.py b/tests/test_75_mongodb.py index 9c4dd82f..01217042 100644 --- a/tests/test_75_mongodb.py +++ b/tests/test_75_mongodb.py @@ -1,6 +1,5 @@ from saml2 import BINDING_HTTP_POST -from saml2.mdstore import MetadataStore -from saml2.saml import AUTHN_PASSWORD +from saml2.authn_context import INTERNETPROTOCOLPASSWORD from saml2.client import Saml2Client from saml2.server import Server from saml2.mongo_store import EptidMDB @@ -8,6 +7,12 @@ from saml2.mongo_store import EptidMDB __author__ = 'rolandh' +AUTHN = { + "class_ref": INTERNETPROTOCOLPASSWORD, + "authn_auth": "http://www.example.com/login" +} + + def _eq(l1, l2): return set(l1) == set(l2) @@ -34,8 +39,7 @@ def test_flow(): "mail": "derek.jeter@nyy.mlb.com", "title": "The man"}, userid="jeter", - authn=(AUTHN_PASSWORD, - "http://www.example.com/login"), + authn=AUTHN, **rinfo) # What's stored away is the assertion |