diff options
author | Roland Hedberg <roland.hedberg@adm.umu.se> | 2015-11-02 10:22:58 -0800 |
---|---|---|
committer | Roland Hedberg <roland.hedberg@adm.umu.se> | 2015-11-02 10:22:58 -0800 |
commit | 86dec17d1f858f37f1f037a21709e2eb14cba7d6 (patch) | |
tree | 80f4c4f72030084c8c767d2718692f75bc3a5214 | |
parent | b40dfabc4403c15c9c64204e34f81fdedb038db0 (diff) | |
download | pysaml2-86dec17d1f858f37f1f037a21709e2eb14cba7d6.tar.gz |
Fixed name_format bug. Modified test to check for name_format specification.
-rw-r--r-- | src/saml2/assertion.py | 2 | ||||
-rw-r--r-- | tests/idp_conf.py | 12 | ||||
-rw-r--r-- | tests/metadata_sp_2.xml | 114 | ||||
-rw-r--r-- | tests/test_50_server.py | 8 |
4 files changed, 126 insertions, 10 deletions
diff --git a/src/saml2/assertion.py b/src/saml2/assertion.py index c9d138bf..920083c1 100644 --- a/src/saml2/assertion.py +++ b/src/saml2/assertion.py @@ -405,7 +405,7 @@ class Policy(object): :retur: The format """ - return self.get("name_format", sp_entity_id, NAME_FORMAT_URI) + return self.get("name_form", sp_entity_id, NAME_FORMAT_URI) def get_lifetime(self, sp_entity_id): """ The lifetime of the assertion diff --git a/tests/idp_conf.py b/tests/idp_conf.py index ffac5589..d805207e 100644 --- a/tests/idp_conf.py +++ b/tests/idp_conf.py @@ -1,7 +1,7 @@ from saml2 import BINDING_SOAP from saml2 import BINDING_HTTP_REDIRECT from saml2 import BINDING_HTTP_POST -from saml2.saml import NAMEID_FORMAT_PERSISTENT +from saml2.saml import NAMEID_FORMAT_PERSISTENT, NAME_FORMAT_BASIC from saml2.saml import NAME_FORMAT_URI from pathutils import full_path @@ -30,10 +30,11 @@ CONFIG = { "urn:mace:example.com:saml:roland:sp": { "lifetime": {"minutes": 5}, "nameid_format": NAMEID_FORMAT_PERSISTENT, - # "attribute_restrictions":{ - # "givenName": None, - # "surName": None, - # } + }, + "https://example.com/sp": { + "lifetime": {"minutes": 5}, + "nameid_format": NAMEID_FORMAT_PERSISTENT, + "name_form": NAME_FORMAT_BASIC } }, "subject_data": full_path("subject_data.db"), @@ -48,6 +49,7 @@ CONFIG = { "metadata": [{ "class": "saml2.mdstore.MetaDataFile", "metadata": [(full_path("metadata_sp_1.xml"), ), + (full_path("metadata_sp_2.xml"), ), (full_path("vo_metadata.xml"), )], }], "attribute_map_dir": full_path("attributemaps"), diff --git a/tests/metadata_sp_2.xml b/tests/metadata_sp_2.xml new file mode 100644 index 00000000..0e8e7103 --- /dev/null +++ b/tests/metadata_sp_2.xml @@ -0,0 +1,114 @@ +<?xml version='1.0' encoding='UTF-8'?> +<ns0:EntitiesDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:ns1="http://www.w3.org/2000/09/xmldsig#"> + <ns0:EntityDescriptor entityID="https://example.com/sp"> + <ns0:SPSSODescriptor AuthnRequestsSigned="false" + WantAssertionsSigned="true" + protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <ns0:KeyDescriptor use="signing"> + <ns1:KeyInfo> + <ns1:X509Data> + <ns1:X509Certificate> + MIICsDCCAhmgAwIBAgIJAJrzqSSwmDY9MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV + BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX + aWRnaXRzIFB0eSBMdGQwHhcNMDkxMDA2MTk0OTQxWhcNMDkxMTA1MTk0OTQxWjBF + MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 + ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB + gQDJg2cms7MqjniT8Fi/XkNHZNPbNVQyMUMXE9tXOdqwYCA1cc8vQdzkihscQMXy + 3iPw2cMggBu6gjMTOSOxECkuvX5ZCclKr8pXAJM5cY6gVOaVO2PdTZcvDBKGbiaN + efiEw5hnoZomqZGp8wHNLAUkwtH9vjqqvxyS/vclc6k2ewIDAQABo4GnMIGkMB0G + A1UdDgQWBBRePsKHKYJsiojE78ZWXccK9K4aJTB1BgNVHSMEbjBsgBRePsKHKYJs + iojE78ZWXccK9K4aJaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUt + U3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAJrzqSSw + mDY9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJSrKOEzHO7TL5cy6 + h3qh+3+JAk8HbGBW+cbX6KBCAw/mzU8flK25vnWwXS3dv2FF3Aod0/S7AWNfKib5 + U/SA9nJaz/mWeF9S0farz9AQFc8/NSzAzaVq7YbM4F6f6N2FRl7GikdXRCed45j6 + mrPzGzk3ECbupFnqyREH3+ZPSdk= + </ns1:X509Certificate> + </ns1:X509Data> + </ns1:KeyInfo> + </ns0:KeyDescriptor> + <ns0:KeyDescriptor use="encryption"> + <ns1:KeyInfo> + <ns1:X509Data> + <ns1:X509Certificate> + MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV + BAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF + Wnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MzAxWhcNMjUwNTMwMDc0 + MzAxWjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox + DjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB + nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA41tJCTPuG2lirbztuGbBlzbzSipM + EzM+zluWegUaoUjqtlgNHOTQqTJOqw/GdjkxRKJT6IxI3/HVcnfw7P4a4xSkL/ME + IG3VyzedWEyLIHeofoQSTvr84ZdD0+Gk+zNCSqOQC7UuqpOLbMKK1tgZ8Mr7BkgI + p8H3lreLf29Sd5MCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB0EXxy5+hsB7Rid7Gy + CZrAObpaC4nbyPPW/vccFKmEkYtlygEPgky7D9AGsVSaTc/YxPZcanY+vKoRIsiR + 6ZitIUU5b+NnHcdj6289tUQ0iHj5jgVyv8wYHvPntTnqH2S7he0talLER8ITYToh + 2wz3u7waz/GypMeA/suhoEfxew== + </ns1:X509Certificate> + </ns1:X509Data> + </ns1:KeyInfo> + </ns0:KeyDescriptor> + <ns0:KeyDescriptor use="encryption"> + <ns1:KeyInfo> + <ns1:X509Data> + <ns1:X509Certificate> + MIICHzCCAYgCAQEwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCenoxCzAJBgNV + BAgMAnp6MQ0wCwYDVQQHDAR6enp6MQ4wDAYDVQQKDAVaenp6ejEOMAwGA1UECwwF + Wnp6enoxDTALBgNVBAMMBHRlc3QwHhcNMTUwNjAyMDc0MjI2WhcNMjUwNTMwMDc0 + MjI2WjBYMQswCQYDVQQGEwJ6ejELMAkGA1UECAwCenoxDTALBgNVBAcMBHp6enox + DjAMBgNVBAoMBVp6enp6MQ4wDAYDVQQLDAVaenp6ejENMAsGA1UEAwwEdGVzdDCB + nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAx3I/NFlP1wbHfRZckJn4z1HX5nnY + QhQ3ekxEJmTTaj/1BvlZBmvgV40SBzH4nP1sT02xoQo7+vHItFAzaJlF2oBXsSxj + aZMGu/gkVbaHP9cYKvskhOjOJ4XArrUnKMTb1jZ+XkkOuot1NLE7/dTILF8ahHU2 + omYNASLnxHN3bnkCAwEAATANBgkqhkiG9w0BAQsFAAOBgQCQam1Oz7iQcD9+OurB + M5a+Hth53m5hbAFuguSvERPCuJ/CfP1+g7CIZN/GnsIsg9QW77NvdOyxjXxzoJJm + okl1qz/qy3FY3mJ0gIUxDyPD9DL3c9/03MDv5YmWsoP+HNqK8QtNJ/JDEOhBr/Eo + /MokRo4gtMNeLF/soveWNoNiUg== + </ns1:X509Certificate> + </ns1:X509Data> + </ns1:KeyInfo> + </ns0:KeyDescriptor> + <ns0:AssertionConsumerService + Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" + Location="http://lingon.catalogix.se:8087/" index="1"/> + <ns0:AttributeConsumingService index="1"> + <ns0:ServiceName xml:lang="en"> + urn:mace:example.com:saml:roland:sp + </ns0:ServiceName> + <ns0:ServiceDescription xml:lang="en">My own SP + </ns0:ServiceDescription> + <ns0:RequestedAttribute FriendlyName="surName" + Name="urn:oid:2.5.4.4" + NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" + isRequired="true"/> + <ns0:RequestedAttribute FriendlyName="givenName" + Name="urn:oid:2.5.4.42" + NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" + isRequired="true"/> + <ns0:RequestedAttribute FriendlyName="mail" + Name="urn:oid:0.9.2342.19200300.100.1.3" + NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" + isRequired="true"/> + <ns0:RequestedAttribute FriendlyName="title" + Name="urn:oid:2.5.4.12" + NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" + isRequired="false"/> + </ns0:AttributeConsumingService> + </ns0:SPSSODescriptor> + <ns0:Organization> + <ns0:OrganizationName xml:lang="se">AB Exempel + </ns0:OrganizationName> + <ns0:OrganizationDisplayName xml:lang="se">AB Exempel + </ns0:OrganizationDisplayName> + <ns0:OrganizationURL xml:lang="en">http://www.example.org + </ns0:OrganizationURL> + </ns0:Organization> + <ns0:ContactPerson contactType="technical"> + <ns0:GivenName>Roland</ns0:GivenName> + <ns0:SurName>Hedberg</ns0:SurName> + <ns0:EmailAddress>tech@eample.com</ns0:EmailAddress> + <ns0:EmailAddress>tech@example.org</ns0:EmailAddress> + <ns0:TelephoneNumber>+46 70 100 0000</ns0:TelephoneNumber> + </ns0:ContactPerson> + </ns0:EntityDescriptor> +</ns0:EntitiesDescriptor> diff --git a/tests/test_50_server.py b/tests/test_50_server.py index c43d489b..21703b53 100644 --- a/tests/test_50_server.py +++ b/tests/test_50_server.py @@ -271,7 +271,7 @@ class TestServer1(): def test_sso_response_with_identity(self): name_id = self.server.ident.transient_nameid( - "urn:mace:example.com:saml:roland:sp", "id12") + "https://example.com/sp", "id12") resp = self.server.create_authn_response( { "eduPersonEntitlement": "Short stop", @@ -282,7 +282,7 @@ class TestServer1(): }, "id12", # in_response_to "http://localhost:8087/", # destination - "urn:mace:example.com:saml:roland:sp", # sp_entity_id + "https://example.com/sp", # sp_entity_id name_id=name_id, authn=AUTHN ) @@ -310,8 +310,8 @@ class TestServer1(): if attr.friendly_name == "givenName": break assert len(attr.attribute_value) == 1 - assert attr.name == "urn:oid:2.5.4.42" - assert attr.name_format == "urn:oasis:names:tc:SAML:2.0:attrname-format:uri" + assert attr.name == "urn:mace:dir:attribute-def:givenName" + assert attr.name_format == "urn:oasis:names:tc:SAML:2.0:attrname-format:basic" value = attr.attribute_value[0] assert value.text.strip() == "Derek" assert value.get_type() == "xs:string" |