diff options
author | Maxime Besson <maxime.besson@worteks.com> | 2020-10-04 09:20:24 +0200 |
---|---|---|
committer | Maxime Besson <maxime.besson@worteks.com> | 2020-10-07 17:19:25 +0200 |
commit | 50b2963d136d1940f9e26bf5d7b1c76cc9df02a2 (patch) | |
tree | dc50747147080b1edd82556b18e9c3670bc05d21 | |
parent | 60476ae2516e89aa6d52b6300c535173883edd81 (diff) | |
download | pysaml2-50b2963d136d1940f9e26bf5d7b1c76cc9df02a2.tar.gz |
Unit test for logout_responses_signed
-rw-r--r-- | tests/server_conf.py | 2 | ||||
-rw-r--r-- | tests/test_51_client.py | 32 |
2 files changed, 33 insertions, 1 deletions
diff --git a/tests/server_conf.py b/tests/server_conf.py index 2b87b942..f1dc33d6 100644 --- a/tests/server_conf.py +++ b/tests/server_conf.py @@ -14,6 +14,8 @@ CONFIG = { "required_attributes": ["surName", "givenName", "mail"], "optional_attributes": ["title"], "idp": ["urn:mace:example.com:saml:roland:idp"], + "logout_responses_signed": True, + "logout_requests_signed": True, "requested_attributes": [ { "name": "urn:oid:1.3.6.1.4.1.5923.1.1.1.2", diff --git a/tests/test_51_client.py b/tests/test_51_client.py index 2b71146c..c1d52531 100644 --- a/tests/test_51_client.py +++ b/tests/test_51_client.py @@ -2,6 +2,7 @@ # -*- coding: utf-8 -*- from base64 import encodebytes as b64encode +from base64 import decodebytes as b64decode import uuid import six from six.moves.urllib import parse @@ -51,7 +52,6 @@ AUTHN = { "authn_auth": "http://www.example.com/login" } - def generate_cert(): sn = uuid.uuid4().urn cert_info = { @@ -413,6 +413,36 @@ class TestClient: except Exception: # missing certificate self.client.sec.verify_signature(ar_str, node_name=class_name(ar)) + def test_logout_response(self): + req_id, req = self.server.create_logout_request( + "http://localhost:8088/slo", "urn:mace:example.com:saml:roland:sp", + name_id=nid, reason="Tired", expire=in_a_while(minutes=15), + session_indexes=["_foo"]) + + info = self.client.apply_binding( + BINDING_HTTP_REDIRECT, req, destination="", + relay_state="relay2") + loc = info["headers"][0][1] + qs = parse.parse_qs(loc[1:]) + samlreq = qs['SAMLRequest'][0] + resphttp = self.client.handle_logout_request(samlreq, nid, + BINDING_HTTP_REDIRECT) + _dic = unpack_form(resphttp['data'], "SAMLResponse") + xml = b64decode(_dic['SAMLResponse'].encode('UTF-8')) + + # Signature found + assert xml.decode('UTF-8').find(r"Signature") > 0 + + # Try again with logout_responses_signed=False + self.client.logout_responses_signed = False + resphttp = self.client.handle_logout_request(samlreq, nid, + BINDING_HTTP_REDIRECT) + _dic = unpack_form(resphttp['data'], "SAMLResponse") + xml = b64decode(_dic['SAMLResponse'].encode('UTF-8')) + + # Signature not found + assert xml.decode('UTF-8').find(r"Signature") < 0 + def test_create_logout_request(self): req_id, req = self.client.create_logout_request( "http://localhost:8088/slo", "urn:mace:example.com:saml:roland:idp", |