diff options
author | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2018-08-29 18:55:00 +0300 |
---|---|---|
committer | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2018-08-29 21:42:50 +0300 |
commit | 46ec04d579539d2e2e6865e5f87d94736aeb26f8 (patch) | |
tree | 8584d3f99fdb664576faadc211d534263a51b150 | |
parent | 59a01c96f7985d6f41fcf1f62b6479432f557bc0 (diff) | |
download | pysaml2-46ec04d579539d2e2e6865e5f87d94736aeb26f8.tar.gz |
Add test for multiple attribute statements
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
-rw-r--r-- | tests/test_44_authnresp.py | 84 |
1 files changed, 77 insertions, 7 deletions
diff --git a/tests/test_44_authnresp.py b/tests/test_44_authnresp.py index 2b56e40a..02cc9ace 100644 --- a/tests/test_44_authnresp.py +++ b/tests/test_44_authnresp.py @@ -62,7 +62,7 @@ class TestAuthnResponse: self.conf = config_factory("sp", dotname("server_conf")) self.conf.only_use_keys_in_metadata = False self.ar = authn_response(self.conf, "http://lingon.catalogix.se:8087/") - + def test_verify_1(self): xml_response = "%s" % (self._resp_,) print(xml_response) @@ -70,23 +70,23 @@ class TestAuthnResponse: self.ar.timeslack = 10000 self.ar.loads(xml_response, decode=False) self.ar.verify() - + print(self.ar.__dict__) assert self.ar.came_from == 'http://localhost:8088/sso' assert self.ar.session_id() == "id12" assert self.ar.ava["givenName"] == IDENTITY["givenName"] assert self.ar.name_id assert self.ar.issuer() == 'urn:mace:example.com:saml:roland:idp' - + def test_verify_signed_1(self): xml_response = self._sign_resp_ print(xml_response) - + self.ar.outstanding_queries = {"id12": "http://localhost:8088/sso"} self.ar.timeslack = 10000 self.ar.loads(xml_response, decode=False) self.ar.verify() - + print(self.ar.__dict__) assert self.ar.came_from == 'http://localhost:8088/sso' assert self.ar.session_id() == "id12" @@ -98,14 +98,14 @@ class TestAuthnResponse: with open(XML_RESPONSE_FILE) as fp: xml_response = fp.read() ID = "bahigehogffohiphlfmplepdpcohkhhmheppcdie" - self.ar.outstanding_queries = {ID: "http://localhost:8088/foo"} + self.ar.outstanding_queries = {ID: "http://localhost:8088/foo"} self.ar.return_addr = "http://xenosmilus.umdc.umu.se:8087/login" self.ar.entity_id = "xenosmilus.umdc.umu.se" # roughly a year, should create the response on the fly self.ar.timeslack = 315360000 # indecent long time self.ar.loads(xml_response, decode=False) self.ar.verify() - + print(self.ar.__dict__) assert self.ar.came_from == 'http://localhost:8088/foo' assert self.ar.session_id() == ID @@ -189,8 +189,78 @@ class TestAuthnResponse: resp.loads(authn_response_xml, False) resp.parse_assertion() ava = resp.get_identity() + assert len(ava) == 1 assert ava["eduPersonTargetedID"] == ["b8e734571d9adb0e6444a5b49a22f4206df24d88"] + def test_multiple_attribute_statement(self): + authn_response_xml = """<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" + xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" + ID="CORTO54673f841c5297dd3614527d38e217332f9e3000" + Version="2.0" + IssueInstant="2016-09-23T14:00:45Z" + Destination="https://sp.example.com/acs/post" + InResponseTo="id-Wnv7CMQO1pFJoRWgi" + > + <saml:Issuer>https://idp.example.com</saml:Issuer> + <samlp:Status> + <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /> + </samlp:Status> + <saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + ID="CORTOadad7cb5e1237cf30fa7ab49544c15eec582854e" + Version="2.0" + IssueInstant="2016-09-23T14:00:45Z" + > + <saml:Issuer>https://idp.example.com</saml:Issuer> + <saml:Subject> + <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">b8e734571d9adb0e6444a5b49a22f4206df24d88</saml:NameID> + <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> + <saml:SubjectConfirmationData Recipient="https://sp.example.com/acs/post" + InResponseTo="id-Wnv7CMQO1pFJoRWgi" + /> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Conditions NotBefore="2016-09-23T14:00:44Z"> + <saml:AudienceRestriction> + <saml:Audience>https://sp.example.com</saml:Audience> + </saml:AudienceRestriction> + </saml:Conditions> + <saml:AuthnStatement AuthnInstant="2016-09-23T13:55:40Z" + SessionIndex="_9f1148918f12525c6cad9aea29bc557afab2cb8c33" + > + <saml:AuthnContext> + <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef> + <saml:AuthenticatingAuthority>https://idp.example.com</saml:AuthenticatingAuthority> + </saml:AuthnContext> + </saml:AuthnStatement> + <saml:AttributeStatement> + <saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" + NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" + > + <saml:AttributeValue> + <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">b8e734571d9adb0e6444a5b49a22f4206df24d88</saml:NameID> + </saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement> + <saml:AttributeStatement> + <saml:Attribute Name="name" + NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" + > + <saml:AttributeValue xsi:type="xs:string">John Doe</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement> + </saml:Assertion> + </samlp:Response>""" + + resp = authn_response(self.conf, "https://sp.example.com/acs/post", asynchop=False, allow_unsolicited=True) + resp.loads(authn_response_xml, False) + resp.parse_assertion() + ava = resp.get_identity() + assert len(ava) == 2 + assert ava["eduPersonTargetedID"] == ["b8e734571d9adb0e6444a5b49a22f4206df24d88"] + assert ava["name"] == ["John Doe"] + + if __name__ == "__main__": t = TestAuthnResponse() t.setup_class() |