Updated tests to work with new default signing requirements

Explicitly allow unsigned responses in tests where we do not sign them.
author: Ioannis Kakavas <ikakavas@noc.grnet.gr> 2017-08-01 15:24:35 +0300
committer: Ioannis Kakavas <ikakavas@noc.grnet.gr> 2017-08-01 15:24:35 +0300
commit: 303efd969c5d0b33c97d09c37e0c6be18588cd3c (patch)
tree: 5306c69fd7d6f61b6010f2c8f61f30221056fc54
parent: f58330ef71e2d745fdf244a88ed4c2502492faab (diff)
download: pysaml2-303efd969c5d0b33c97d09c37e0c6be18588cd3c.tar.gz
5 files changed, 18 insertions, 4 deletions
diff --git a/tests/test_51_client.py b/tests/test_51_client.py
index 937e0e20..688d73d7 100644
--- a/tests/test_51_client.py
+++ b/tests/test_51_client.py
@@ -389,6 +389,7 @@ class TestClient:
             destination="http://lingon.catalogix.se:8087/",
             sp_entity_id="urn:mace:example.com:saml:roland:sp",
             name_id_policy=nameid_policy,
+            sign_response=True,
             userid="foba0001@example.com",
             authn=AUTHN)
 
@@ -433,6 +434,7 @@ class TestClient:
             in_response_to="id2",
             destination="http://lingon.catalogix.se:8087/",
             sp_entity_id="urn:mace:example.com:saml:roland:sp",
+            sign_response=True,
             name_id_policy=nameid_policy,
             userid="also0001@example.com",
             authn=AUTHN)
@@ -889,7 +891,6 @@ class TestClient:
                                      node_id=assertion.id)
 
         sigass = rm_xmltag(sigass)
-
         response = sigver.response_factory(
             in_response_to="_012345",
             destination="http://lingon.catalogix.se:8087/",
@@ -912,6 +913,8 @@ class TestClient:
 
         resp_str = base64.encodestring(enctext.encode('utf-8'))
         # Now over to the client side
+        # Explicitely allow unsigned responses for this and the following 2 tests
+        self.client.want_response_signed = False
         resp = self.client.parse_authn_request_response(
             resp_str, BINDING_HTTP_POST,
             {"_012345": "http://foo.example.com/service"})
@@ -1313,6 +1316,9 @@ class TestClient:
 
     def test_signed_redirect(self):
 
+        # Revert configuration change to disallow unsinged responses
+        self.client.want_response_signed = True
+
         msg_str = "%s" % self.client.create_authn_request(
             "http://localhost:8088/sso", message_id="id1")[1]
 
@@ -1544,6 +1550,8 @@ class TestClientWithDummy():
         response = self.client.send(**http_args)
         print(response.text)
         _dic = unpack_form(response.text[3], "SAMLResponse")
+        # Explicitly allow unsigned responses for this test
+        self.client.want_response_signed = False
         resp = self.client.parse_authn_request_response(_dic["SAMLResponse"],
                                                         BINDING_HTTP_POST,
                                                         {sid: "/"})
diff --git a/tests/test_60_sp.py b/tests/test_60_sp.py
index 6448d6d8..dc72fa2d 100644
--- a/tests/test_60_sp.py
+++ b/tests/test_60_sp.py
@@ -46,6 +46,8 @@ AUTHN = {
 class TestSP():
     def setup_class(self):
         self.sp = make_plugin("rem", saml_conf="server_conf")
+        # Explicitly allow unsigned responses for this test
+        self.sp.saml_client.want_response_signed = False
         self.server = Server(config_file="idp_conf")
 
     def teardown_class(self):
diff --git a/tests/test_63_ecp.py b/tests/test_63_ecp.py
index 32a1aaed..61bd98c8 100644
--- a/tests/test_63_ecp.py
+++ b/tests/test_63_ecp.py
@@ -92,7 +92,7 @@ def test_complete_flow():
                                                 entity_id=sp_entity_id)
 
         resp = idp.create_ecp_authn_request_response(
-            destination, {"eduPersonEntitlement": "Short stop",
+            destination,{"eduPersonEntitlement": "Short stop",
                           "surName": "Jeter",
                           "givenName": "Derek",
                           "mail": "derek.jeter@nyy.mlb.com",
@@ -136,7 +136,8 @@ def test_complete_flow():
                 assert inst.text == "XYZ"
 
         # parse the response
-
+        # Explicitly allow unsigned responses for this test
+        sp.want_response_signed = False
         resp = sp.parse_authn_request_response(respdict["body"], None, {sid: "/"})
 
         print(resp.response)
diff --git a/tests/test_65_authn_query.py b/tests/test_65_authn_query.py
index 54d529f8..bd258238 100644
--- a/tests/test_65_authn_query.py
+++ b/tests/test_65_authn_query.py
@@ -92,6 +92,8 @@ def test_flow():
         # ------- @SP ----------
 
         xmlstr = get_msg(hinfo, binding)
+        # Explicitly allow unsigned responses for this test
+        sp.want_response_signed = False
         aresp = sp.parse_authn_request_response(xmlstr, binding,
                                                 {resp.in_response_to: "/"})
 
diff --git a/tests/test_68_assertion_id.py b/tests/test_68_assertion_id.py
index 52959f3a..60e85828 100644
--- a/tests/test_68_assertion_id.py
+++ b/tests/test_68_assertion_id.py
@@ -78,7 +78,8 @@ def test_basic_flow():
         # --------- @SP -------------
 
         xmlstr = get_msg(hinfo, binding)
-
+        # Explicitly allow unsigned responses for this test
+        sp.want_response_signed = False
         aresp = sp.parse_authn_request_response(xmlstr, binding,
                                                 {resp.in_response_to: "/"})
author	Ioannis Kakavas <ikakavas@noc.grnet.gr>	2017-08-01 15:24:35 +0300
committer	Ioannis Kakavas <ikakavas@noc.grnet.gr>	2017-08-01 15:24:35 +0300
commit	303efd969c5d0b33c97d09c37e0c6be18588cd3c (patch)
tree	5306c69fd7d6f61b6010f2c8f61f30221056fc54
parent	f58330ef71e2d745fdf244a88ed4c2502492faab (diff)
download	pysaml2-303efd969c5d0b33c97d09c37e0c6be18588cd3c.tar.gz