diff options
author | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2019-08-26 22:31:00 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-08-26 22:31:00 +0300 |
commit | a5297ca8cb0aa155a095125c495788b6dd5bb2d0 (patch) | |
tree | 90c55afbf15a90e7e0bbade52bd7287c3fa9f106 | |
parent | 8214b545c77a4172894106693433c6f8c7dfa91f (diff) | |
parent | 75ca851ba910d10fe30eb9a662529239395d5fd7 (diff) | |
download | pysaml2-a5297ca8cb0aa155a095125c495788b6dd5bb2d0.tar.gz |
Merge pull request #641 from skoranda/better_pick_binding
Better pick binding by index
-rw-r--r-- | src/saml2/entity.py | 12 | ||||
-rw-r--r-- | tests/servera.xml | 69 | ||||
-rw-r--r-- | tests/test_71_authn_request.py | 37 |
3 files changed, 104 insertions, 14 deletions
diff --git a/src/saml2/entity.py b/src/saml2/entity.py index e69fc1aa..0e2cc94c 100644 --- a/src/saml2/entity.py +++ b/src/saml2/entity.py @@ -269,16 +269,8 @@ class Entity(HTTPBase): else: descr_type = "spsso" - _url = _index = None - if request: - try: - _url = getattr(request, "%s_url" % service) - except AttributeError: - _url = None - try: - _index = getattr(request, "%s_index" % service) - except AttributeError: - pass + _url = getattr(request, "%s_url" % service, None) + _index = getattr(request, "%s_index" % service, None) for binding in bindings: try: diff --git a/tests/servera.xml b/tests/servera.xml index f600be54..fe80d9d7 100644 --- a/tests/servera.xml +++ b/tests/servera.xml @@ -1,5 +1,29 @@ -<?xml version='1.0' encoding='UTF-8'?> -<ns0:EntityDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ns1="urn:oasis:names:tc:SAML:metadata:attribute" xmlns:ns2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ns4="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" xmlns:ns5="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" entityID="urn:mace:example.com:saml:roland:sp"><ns0:Extensions><ns1:EntityAttributes><ns2:Attribute Name="http://macedir.org/entity-category"><ns2:AttributeValue xsi:type="xs:string">http://www.swamid.se/category/sfs-1993-1153</ns2:AttributeValue><ns2:AttributeValue xsi:type="xs:string">http://www.swamid.se/category/hei-service</ns2:AttributeValue></ns2:Attribute></ns1:EntityAttributes></ns0:Extensions><ns0:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><ns0:Extensions><ns4:DiscoveryResponse Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="http://lingon.catalogix.se:8087/disco" index="1" /></ns0:Extensions><ns0:KeyDescriptor use="encryption"><ns5:KeyInfo><ns5:X509Data><ns5:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV +<?xml version="1.0" encoding="UTF-8"?> +<ns0:EntityDescriptor + xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:ns1="urn:oasis:names:tc:SAML:metadata:attribute" + xmlns:ns2="urn:oasis:names:tc:SAML:2.0:assertion" + xmlns:ns4="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" + xmlns:ns5="http://www.w3.org/2000/09/xmldsig#" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + entityID="urn:mace:example.com:saml:roland:sp"> + <ns0:Extensions> + <ns1:EntityAttributes> + <ns2:Attribute Name="http://macedir.org/entity-category"> + <ns2:AttributeValue xsi:type="xs:string">http://www.swamid.se/category/sfs-1993-1153</ns2:AttributeValue> + <ns2:AttributeValue xsi:type="xs:string">http://www.swamid.se/category/hei-service</ns2:AttributeValue> + </ns2:Attribute> + </ns1:EntityAttributes> + </ns0:Extensions> + <ns0:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <ns0:Extensions> + <ns4:DiscoveryResponse Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="http://lingon.catalogix.se:8087/disco" index="1"/> + </ns0:Extensions> + <ns0:KeyDescriptor use="encryption"> + <ns5:KeyInfo> + <ns5:X509Data> + <ns5:X509Certificate> +MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX aWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBF MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 @@ -14,7 +38,15 @@ mDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6 h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5 U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6 mrPzGzk3ECbupFnqyREH3+ZPSdk= -</ns5:X509Certificate></ns5:X509Data></ns5:KeyInfo></ns0:KeyDescriptor><ns0:KeyDescriptor use="signing"><ns5:KeyInfo><ns5:X509Data><ns5:X509Certificate>MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV +</ns5:X509Certificate> + </ns5:X509Data> + </ns5:KeyInfo> + </ns0:KeyDescriptor> + <ns0:KeyDescriptor use="signing"> + <ns5:KeyInfo> + <ns5:X509Data> + <ns5:X509Certificate> +MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX aWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBF MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 @@ -29,4 +61,33 @@ mDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6 h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5 U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6 mrPzGzk3ECbupFnqyREH3+ZPSdk= -</ns5:X509Certificate></ns5:X509Data></ns5:KeyInfo></ns0:KeyDescriptor><ns0:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://lingon.catalogix.se:8087/ars" index="1" /><ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://lingon.catalogix.se:8087/sls" /><ns0:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://lingon.catalogix.se:8087/mni/soap" /><ns0:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://lingon.catalogix.se:8087/mni/post" /><ns0:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://lingon.catalogix.se:8087/mni/redirect" /><ns0:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="http://lingon.catalogix.se:8087/mni/art" /><ns0:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</ns0:NameIDFormat><ns0:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</ns0:NameIDFormat><ns0:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://lingon.catalogix.se:8087/" index="1" /><ns0:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="http://lingon.catalogix.se:8087/paos" index="2" /><ns0:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://lingon.catalogix.se:8087/redirect" index="3" /></ns0:SPSSODescriptor><ns0:Organization><ns0:OrganizationName xml:lang="se">AB Exempel</ns0:OrganizationName><ns0:OrganizationDisplayName xml:lang="se">AB Exempel</ns0:OrganizationDisplayName><ns0:OrganizationURL xml:lang="en">http://www.example.org</ns0:OrganizationURL></ns0:Organization><ns0:ContactPerson contactType="technical"><ns0:GivenName>Roland</ns0:GivenName><ns0:SurName>Hedberg</ns0:SurName><ns0:EmailAddress>tech@eample.com</ns0:EmailAddress><ns0:EmailAddress>tech@example.org</ns0:EmailAddress><ns0:TelephoneNumber>+46 70 100 0000</ns0:TelephoneNumber></ns0:ContactPerson></ns0:EntityDescriptor> +</ns5:X509Certificate> + </ns5:X509Data> + </ns5:KeyInfo> + </ns0:KeyDescriptor> + <ns0:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://lingon.catalogix.se:8087/ars" index="1"/> + <ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://lingon.catalogix.se:8087/sls"/> + <ns0:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://lingon.catalogix.se:8087/mni/soap"/> + <ns0:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://lingon.catalogix.se:8087/mni/post"/> + <ns0:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://lingon.catalogix.se:8087/mni/redirect"/> + <ns0:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="http://lingon.catalogix.se:8087/mni/art"/> + <ns0:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</ns0:NameIDFormat> + <ns0:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</ns0:NameIDFormat> + <ns0:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://lingon.catalogix.se:8087/" index="1"/> + <ns0:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="http://lingon.catalogix.se:8087/paos" index="2"/> + <ns0:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://lingon.catalogix.se:8087/redirect" index="3"/> + <ns0:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://lingon.catalogix.se:8087/another/path" index="4"/> + </ns0:SPSSODescriptor> + <ns0:Organization> + <ns0:OrganizationName xml:lang="se">AB Exempel</ns0:OrganizationName> + <ns0:OrganizationDisplayName xml:lang="se">AB Exempel</ns0:OrganizationDisplayName> + <ns0:OrganizationURL xml:lang="en">http://www.example.org</ns0:OrganizationURL> + </ns0:Organization> + <ns0:ContactPerson contactType="technical"> + <ns0:GivenName>Roland</ns0:GivenName> + <ns0:SurName>Hedberg</ns0:SurName> + <ns0:EmailAddress>tech@eample.com</ns0:EmailAddress> + <ns0:EmailAddress>tech@example.org</ns0:EmailAddress> + <ns0:TelephoneNumber>+46 70 100 0000</ns0:TelephoneNumber> + </ns0:ContactPerson> +</ns0:EntityDescriptor> diff --git a/tests/test_71_authn_request.py b/tests/test_71_authn_request.py new file mode 100644 index 00000000..ee970923 --- /dev/null +++ b/tests/test_71_authn_request.py @@ -0,0 +1,37 @@ +from contextlib import closing +from saml2.client import Saml2Client +from saml2.server import Server + + +def test_authn_request_with_acs_by_index(): + # ACS index and location from SP metadata in servera.xml. + ACS_INDEX = '4' + ACS_LOCATION = 'http://lingon.catalogix.se:8087/another/path' + + # Create SP using the configuration found in servera_conf.py. + sp = Saml2Client(config_file="servera_conf") + + # Generate an authn request object that uses AssertionConsumerServiceIndex + # instead of AssertionConsumerServiceURL. The index with label ACS_INDEX + # exists in the SP metadata in servera.xml. + request_id, authn_request = sp.create_authn_request( + sp.config.entityid, + assertion_consumer_service_index=ACS_INDEX) + + # Make sure the authn_request contains AssertionConsumerServiceIndex. + acs_index = getattr(authn_request, + 'assertion_consumer_service_index', None) + + assert acs_index == ACS_INDEX + + # Create IdP. + with closing(Server(config_file="idp_all_conf")) as idp: + + # Ask the IdP to pick out the binding and destination from the + # authn_request. + binding, destination = idp.pick_binding("assertion_consumer_service", + request=authn_request) + + # Make sure the IdP pick_binding method picks the correct location + # or destination based on the ACS index in the authn request. + assert destination == ACS_LOCATION |