summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorRoland Hedberg <roland.hedberg@adm.umu.se>2012-11-14 13:36:08 +0100
committerRoland Hedberg <roland.hedberg@adm.umu.se>2012-11-14 13:36:08 +0100
commit74cf8659e15223d14586b99265a71924e3f939f9 (patch)
tree26daf3da88e1db38ae17445cdd2fe43aaaa5d663 /tests
parentcc8e91e84ddc53d94715584f100bc4054a2dd20a (diff)
downloadpysaml2-74cf8659e15223d14586b99265a71924e3f939f9.tar.gz
All tests works now
Diffstat (limited to 'tests')
-rw-r--r--tests/idp_conf.py9
-rw-r--r--tests/idp_sp_conf.py2
-rw-r--r--tests/server3_conf.py2
-rw-r--r--tests/server_conf.py1
-rw-r--r--tests/sp_1_conf.py2
-rw-r--r--tests/test_30_metadata.py112
-rw-r--r--tests/test_31_config.py44
-rw-r--r--tests/test_41_response.py20
-rw-r--r--tests/test_44_authnresp.py41
-rw-r--r--tests/test_50_server.py106
-rw-r--r--tests/test_51_client.py181
-rw-r--r--tests/test_60_sp.py21
-rw-r--r--tests/test_61_makemeta.py8
13 files changed, 286 insertions, 263 deletions
diff --git a/tests/idp_conf.py b/tests/idp_conf.py
index 33b9c8a7..53cae8b4 100644
--- a/tests/idp_conf.py
+++ b/tests/idp_conf.py
@@ -7,6 +7,7 @@ try:
except ImportError:
xmlsec_path = '/opt/local/bin/xmlsec1'
+BASE = "http://localhost:8088"
CONFIG = {
"entityid" : "urn:mace:example.com:saml:roland:idp",
@@ -15,10 +16,10 @@ CONFIG = {
"idp": {
"endpoints" : {
"single_sign_on_service" : [
- ("http://localhost:8088/sso", BINDING_HTTP_REDIRECT)],
+ ("%s/sso" % BASE, BINDING_HTTP_REDIRECT)],
"single_logout_service": [
- ("http://localhost:8088/slo", BINDING_SOAP),
- ("http://localhost:8088/slop",BINDING_HTTP_POST)]
+ ("%s/slo" % BASE, BINDING_SOAP),
+ ("%s/slop" % BASE,BINDING_HTTP_POST)]
},
"policy": {
"default": {
@@ -43,7 +44,7 @@ CONFIG = {
"cert_file" : "test.pem",
"xmlsec_binary" : xmlsec_path,
"metadata": {
- "local": ["metadata.xml", "vo_metadata.xml"],
+ "local": ["metadata_sp_1.xml", "vo_metadata.xml"],
},
"attribute_map_dir" : "attributemaps",
"organization": {
diff --git a/tests/idp_sp_conf.py b/tests/idp_sp_conf.py
index cd3f166c..1204b113 100644
--- a/tests/idp_sp_conf.py
+++ b/tests/idp_sp_conf.py
@@ -53,7 +53,7 @@ CONFIG = {
"debug" : 1,
"key_file" : "test.key",
"cert_file" : "test.pem",
- #"xmlsec_binary" : xmlsec_path,
+ "xmlsec_binary" : xmlsec_path,
"metadata": {
"local": ["metadata.xml", "vo_metadata.xml"],
},
diff --git a/tests/server3_conf.py b/tests/server3_conf.py
index d09c1f0b..5450bc86 100644
--- a/tests/server3_conf.py
+++ b/tests/server3_conf.py
@@ -21,7 +21,7 @@ CONFIG = {
"debug" : 1,
"key_file" : "test.key",
"cert_file" : "test.pem",
- #"xmlsec_binary" : xmlsec_path,
+ "xmlsec_binary" : xmlsec_path,
"metadata": {
"local": ["idp_aa.xml", "vo_metadata.xml"],
},
diff --git a/tests/server_conf.py b/tests/server_conf.py
index 4c6802b8..38046ee4 100644
--- a/tests/server_conf.py
+++ b/tests/server_conf.py
@@ -34,6 +34,7 @@ CONFIG={
"subject_data": "subject_data.db",
"accepted_time_diff": 60,
"attribute_map_dir" : "attributemaps",
+ "valid_for": 6,
"organization": {
"name": ("AB Exempel", "se"),
"display_name": ("AB Exempel", "se"),
diff --git a/tests/sp_1_conf.py b/tests/sp_1_conf.py
index 649375a9..bb80bd3f 100644
--- a/tests/sp_1_conf.py
+++ b/tests/sp_1_conf.py
@@ -20,7 +20,7 @@ CONFIG = {
"debug" : 1,
"key_file" : "test.key",
"cert_file" : "test.pem",
- #"xmlsec_binary" : xmlsec_path,
+ "xmlsec_binary" : xmlsec_path,
"metadata": {
"local": ["idp.xml", "vo_metadata.xml"],
},
diff --git a/tests/test_30_metadata.py b/tests/test_30_metadata.py
index cb9e8d7f..d01ca31d 100644
--- a/tests/test_30_metadata.py
+++ b/tests/test_30_metadata.py
@@ -8,7 +8,7 @@ from saml2 import BINDING_SOAP
from saml2 import md, saml, samlp
from saml2 import time_util
from saml2.saml import NAMEID_FORMAT_TRANSIENT, NAME_FORMAT_URI
-from saml2.attribute_converter import ac_factory
+from saml2.attribute_converter import ac_factory, to_local_name
#from py.test import raises
@@ -48,38 +48,41 @@ def test_swami_1():
md.import_metadata(_read_file(SWAMI_METADATA),"-")
print len(md.entity)
assert len(md.entity)
- idps = dict([(id,ent["idp_sso"]) for id,ent in md.entity.items() \
- if "idp_sso" in ent])
+ idps = dict([(id,ent["idpsso"]) for id,ent in md.entity.items() \
+ if "idpsso" in ent])
print idps
assert idps.keys()
- idp_sso = md.single_sign_on_services(
+ idpsso = md.single_sign_on_services(
'https://idp.umu.se/saml2/idp/metadata.php')
assert md.name('https://idp.umu.se/saml2/idp/metadata.php') == (
u'Ume\xe5 University (SAML2)')
- assert len(idp_sso) == 1
- assert idp_sso == ['https://idp.umu.se/saml2/idp/SSOService.php']
+ assert len(idpsso) == 1
+ assert idpsso == ['https://idp.umu.se/saml2/idp/SSOService.php']
print md._loc_key['https://idp.umu.se/saml2/idp/SSOService.php']
ssocerts = md.certs('https://idp.umu.se/saml2/idp/SSOService.php', "signing")
print ssocerts
assert len(ssocerts) == 1
- print md._wants.keys()
- assert _eq(md._wants.keys(),['https://sp.swamid.se/shibboleth',
- 'https://connect8.sunet.se/shibboleth',
- 'https://beta.lobber.se/shibboleth',
- 'https://connect.uninett.no/shibboleth',
- 'https://www.diva-portal.org/shibboleth',
- 'https://connect.sunet.se/shibboleth',
- 'https://crowd.nordu.net/shibboleth'])
-
- print md.wants('https://www.diva-portal.org/shibboleth')
- assert _eq(md.wants('https://www.diva-portal.org/shibboleth')[1].keys(),
+ sps = dict([(id,ent["spsso"]) for id,ent in md.entity.items()\
+ if "spsso" in ent])
+
+ acs_sp = []
+ for nam, desc in sps.items():
+ if desc[0].attribute_consuming_service:
+ acs_sp.append(nam)
+
+ #print md.wants('https://www.diva-portal.org/shibboleth')
+ wants = md.attribute_requirement('https://connect8.sunet.se/shibboleth')
+ lnamn = [to_local_name(md.attrconv, attr) for attr in wants[1]]
+ assert _eq(lnamn,
['mail', 'givenName', 'eduPersonPrincipalName', 'sn',
'eduPersonScopedAffiliation'])
- assert md.wants('https://connect.sunet.se/shibboleth')[0] == {}
- assert _eq(md.wants('https://connect.sunet.se/shibboleth')[1].keys(),
- ['mail', 'givenName', 'eduPersonPrincipalName', 'sn',
- 'eduPersonScopedAffiliation'])
+ wants = md.attribute_requirement('https://beta.lobber.se/shibboleth')
+ assert wants[0] == []
+ lnamn = [to_local_name(md.attrconv, attr) for attr in wants[1]]
+ assert _eq(lnamn,
+ ['eduPersonScopedAffiliation', 'eduPersonEntitlement',
+ 'eduPersonPrincipalName', 'sn', 'mail', 'givenName'])
def test_incommon_1():
md = metadata.MetaData(attrconv=ATTRCONV)
@@ -87,23 +90,39 @@ def test_incommon_1():
print len(md.entity)
assert len(md.entity) == 442
idps = dict([
- (id,ent["idp_sso"]) for id,ent in md.entity.items() if "idp_sso" in ent])
+ (id,ent["idpsso"]) for id,ent in md.entity.items() if "idpsso" in ent])
print idps.keys()
assert len(idps) == 53 # !!!!???? < 10%
assert md.single_sign_on_services('urn:mace:incommon:uiuc.edu') == []
- idp_sso = md.single_sign_on_services('urn:mace:incommon:alaska.edu')
- assert len(idp_sso) == 1
- print idp_sso
- print md.wants
- assert idp_sso == ['https://idp.alaska.edu/idp/profile/SAML2/Redirect/SSO']
-
+ idpsso = md.single_sign_on_services('urn:mace:incommon:alaska.edu')
+ assert len(idpsso) == 1
+ print idpsso
+ assert idpsso == ['https://idp.alaska.edu/idp/profile/SAML2/Redirect/SSO']
+
+ sps = dict([(id,ent["spsso"]) for id,ent in md.entity.items()\
+ if "spsso" in ent])
+
+ acs_sp = []
+ for nam, desc in sps.items():
+ if desc[0].attribute_consuming_service:
+ acs_sp.append(nam)
+
+ assert len(acs_sp) == 0
+
+ # Look for attribute authorities
+ aas = dict([(id,ent["attribute_authority"]) for id,ent in md.entity.items()\
+ if "attribute_authority" in ent])
+
+ print aas.keys()
+ assert len(aas) == 53
+
def test_example():
md = metadata.MetaData(attrconv=ATTRCONV)
md.import_metadata(_read_file(EXAMPLE_METADATA), "-")
print len(md.entity)
assert len(md.entity) == 1
- idps = dict([(id,ent["idp_sso"]) for id,ent in md.entity.items() \
- if "idp_sso" in ent])
+ idps = dict([(id,ent["idpsso"]) for id,ent in md.entity.items() \
+ if "idpsso" in ent])
assert idps.keys() == [
'http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php']
print md._loc_key['http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php']
@@ -119,14 +138,14 @@ def test_switch_1():
md.import_metadata(_read_file(SWITCH_METADATA), "-")
print len(md.entity)
assert len(md.entity) == 90
- idps = dict([(id,ent["idp_sso"]) for id,ent in md.entity.items() \
- if "idp_sso" in ent])
+ idps = dict([(id,ent["idpsso"]) for id,ent in md.entity.items() \
+ if "idpsso" in ent])
print idps.keys()
- idp_sso = md.single_sign_on_services(
+ idpsso = md.single_sign_on_services(
'https://aai-demo-idp.switch.ch/idp/shibboleth')
- assert len(idp_sso) == 1
- print idp_sso
- assert idp_sso == [
+ assert len(idpsso) == 1
+ print idpsso
+ assert idpsso == [
'https://aai-demo-idp.switch.ch/idp/profile/SAML2/Redirect/SSO']
assert len(idps) == 16
aas = dict([(id,ent["attribute_authority"]) for id,ent in md.entity.items() \
@@ -138,7 +157,7 @@ def test_switch_1():
assert len(aad.attribute_service) == 1
assert len(aad.name_id_format) == 2
dual = dict([(id,ent) for id,ent in md.entity.items() \
- if "idp_sso" in ent and "sp_sso" in ent])
+ if "idpsso" in ent and "spsso" in ent])
print len(dual)
assert len(dual) == 0
@@ -150,25 +169,18 @@ def test_sp_metadata():
assert len(md.entity) == 1
assert md.entity.keys() == ['urn:mace:umu.se:saml:roland:sp']
assert _eq(md.entity['urn:mace:umu.se:saml:roland:sp'].keys(), [
- 'valid_until',"organization","sp_sso",
+ 'valid_until',"organization","spsso",
'contact_person'])
- print md.entity['urn:mace:umu.se:saml:roland:sp']["sp_sso"][0].keyswv()
- (req,opt) = md.attribute_consumer('urn:mace:umu.se:saml:roland:sp')
+ print md.entity['urn:mace:umu.se:saml:roland:sp']["spsso"][0].keyswv()
+ (req,opt) = md.attribute_requirement('urn:mace:umu.se:saml:roland:sp')
print req
assert len(req) == 3
assert len(opt) == 1
assert opt[0].name == 'urn:oid:2.5.4.12'
assert opt[0].friendly_name == 'title'
- assert _eq([n.name for n in req],['urn:oid:2.5.4.4', 'urn:oid:2.5.4.42',
- 'urn:oid:0.9.2342.19200300.100.1.3'])
+ assert _eq([n.name for n in req],['urn:oid:2.5.4.4', 'urn:oid:2.5.4.42',
+ 'urn:oid:0.9.2342.19200300.100.1.3'])
assert _eq([n.friendly_name for n in req],['surName', 'givenName', 'mail'])
- print md.wants
-
- assert md._wants.keys() == ['urn:mace:umu.se:saml:roland:sp']
- assert _eq(md.wants('urn:mace:umu.se:saml:roland:sp')[0].keys(),
- ["mail", "givenName", "sn"])
- assert _eq(md.wants('urn:mace:umu.se:saml:roland:sp')[1].keys(),
- ["title"])
KALMAR2_URL = "https://kalmar2.org/simplesaml/module.php/aggregator/?id=kalmarcentral2&set=saml2"
KALMAR2_CERT = "kalmar2.pem"
@@ -180,7 +192,7 @@ KALMAR2_CERT = "kalmar2.pem"
# print len(md.entity)
# assert len(md.entity) > 20
# idps = dict([
-# (id,ent["idp_sso"]) for id,ent in md.entity.items() if "idp_sso" in ent])
+# (id,ent["idpsso"]) for id,ent in md.entity.items() if "idpsso" in ent])
# print idps.keys()
# assert len(idps) > 1
# assert "https://idp.umu.se/saml2/idp/metadata.php" in idps
diff --git a/tests/test_31_config.py b/tests/test_31_config.py
index bb130c2f..15624d75 100644
--- a/tests/test_31_config.py
+++ b/tests/test_31_config.py
@@ -163,15 +163,15 @@ def test_1():
c = SPConfig().load(sp1)
c.context = "sp"
print c
- assert c.endpoints
- assert c.name
- assert c.idp
+ assert c._sp_endpoints
+ assert c._sp_name
+ assert c._sp_idp
md = c.metadata
assert isinstance(md, MetaData)
- assert len(c.idp) == 1
- assert c.idp.keys() == ["urn:mace:example.com:saml:roland:idp"]
- assert c.idp.values() == [{'single_sign_on_service':
+ assert len(c._sp_idp) == 1
+ assert c._sp_idp.keys() == ["urn:mace:example.com:saml:roland:idp"]
+ assert c._sp_idp.values() == [{'single_sign_on_service':
{'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect':
'http://localhost:8088/sso/'}}]
@@ -182,15 +182,16 @@ def test_2():
c.context = "sp"
print c
- assert c.endpoints
- assert c.idp
- assert c.optional_attributes
+ assert c._sp_endpoints
+ assert c.getattr("endpoints", "sp")
+ assert c._sp_idp
+ assert c._sp_optional_attributes
assert c.name
- assert c.required_attributes
+ assert c._sp_required_attributes
- assert len(c.idp) == 1
- assert c.idp.keys() == [""]
- assert c.idp.values() == ["https://example.com/saml2/idp/SSOService.php"]
+ assert len(c._sp_idp) == 1
+ assert c._sp_idp.keys() == [""]
+ assert c._sp_idp.values() == ["https://example.com/saml2/idp/SSOService.php"]
assert c.only_use_keys_in_metadata is None
def test_minimum():
@@ -222,7 +223,7 @@ def test_idp_1():
print c
assert c.endpoint("single_sign_on_service")[0] == 'http://localhost:8088/'
- attribute_restrictions = c.policy.get_attribute_restriction("")
+ attribute_restrictions = c.getattr("policy","idp").get_attribute_restriction("")
assert attribute_restrictions["eduPersonAffiliation"][0].match("staff")
def test_idp_2():
@@ -235,7 +236,7 @@ def test_idp_2():
assert c.endpoint("single_logout_service",
BINDING_HTTP_REDIRECT) == ["http://localhost:8088/"]
- attribute_restrictions = c.policy.get_attribute_restriction("")
+ attribute_restrictions = c.getattr("policy","idp").get_attribute_restriction("")
assert attribute_restrictions["eduPersonAffiliation"][0].match("staff")
def test_wayf():
@@ -313,15 +314,12 @@ def test_sp():
def test_dual():
cnf = Config().load_file("idp_sp_conf")
- assert cnf.serves() == ["sp", "idp"]
-
- spcnf = cnf.copy_into("sp")
- assert isinstance(spcnf, SPConfig)
- assert spcnf.context == "sp"
- idpcnf = cnf.copy_into("idp")
- assert isinstance(idpcnf, IdPConfig)
- assert idpcnf.context == "idp"
+ spe = cnf.getattr("endpoints", "sp")
+ idpe = cnf.getattr("endpoints", "idp")
+ assert spe
+ assert idpe
+ assert spe != idpe
def test_ecp():
cnf = SPConfig()
diff --git a/tests/test_41_response.py b/tests/test_41_response.py
index fbb25d85..c8b7f4a3 100644
--- a/tests/test_41_response.py
+++ b/tests/test_41_response.py
@@ -19,7 +19,11 @@ XML_RESPONSE_FILE2 = "saml2_response.xml"
def _eq(l1,l2):
return set(l1) == set(l2)
-
+
+IDENTITY = {"eduPersonAffiliation": ["staff", "member"],
+ "surName": ["Jeter"], "givenName": ["Derek"],
+ "mail": ["foo@gmail.com"]}
+
class TestResponse:
def setup_class(self):
server = Server("idp_conf")
@@ -27,28 +31,28 @@ class TestResponse:
"urn:mace:example.com:saml:roland:sp",
"id12")
- self._resp_ = server.do_response(
+ self._resp_ = server.create_response(
"id12", # in_response_to
"http://lingon.catalogix.se:8087/", # consumer_url
"urn:mace:example.com:saml:roland:sp", # sp_entity_id
- {"eduPersonEntitlement":"Jeter"},
+ IDENTITY,
name_id = name_id
)
- self._sign_resp_ = server.do_response(
+ self._sign_resp_ = server.create_response(
"id12", # in_response_to
"http://lingon.catalogix.se:8087/", # consumer_url
"urn:mace:example.com:saml:roland:sp", # sp_entity_id
- {"eduPersonEntitlement":"Jeter"},
+ IDENTITY,
name_id = name_id,
- sign=True
+ sign_assertion=True
)
- self._resp_authn = server.do_response(
+ self._resp_authn = server.create_response(
"id12", # in_response_to
"http://lingon.catalogix.se:8087/", # consumer_url
"urn:mace:example.com:saml:roland:sp", # sp_entity_id
- {"eduPersonEntitlement":"Jeter"},
+ IDENTITY,
name_id = name_id,
authn=(saml.AUTHN_PASSWORD, "http://www.example.com/login")
)
diff --git a/tests/test_44_authnresp.py b/tests/test_44_authnresp.py
index a22af3ff..dc2db5e9 100644
--- a/tests/test_44_authnresp.py
+++ b/tests/test_44_authnresp.py
@@ -1,51 +1,48 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
-from saml2 import samlp, BINDING_HTTP_POST
-from saml2 import saml, config, class_name, make_instance
+from saml2 import saml
from saml2.server import Server
-from saml2.response import authn_response, StatusResponse
+from saml2.response import authn_response
from saml2.config import config_factory
XML_RESPONSE_FILE = "saml_signed.xml"
XML_RESPONSE_FILE2 = "saml2_response.xml"
-import os
-
def _eq(l1,l2):
return set(l1) == set(l2)
-
+
+IDENTITY = {"eduPersonAffiliation": ["staff", "member"],
+ "surName": ["Jeter"], "givenName": ["Derek"],
+ "mail": ["foo@gmail.com"]}
+
class TestAuthnResponse:
def setup_class(self):
server = Server("idp_conf")
name_id = server.ident.transient_nameid(
"urn:mace:example.com:saml:roland:sp","id12")
-
- self._resp_ = server.do_response(
+ policy = server.conf.getattr("policy", "idp")
+ self._resp_ = server.create_response(
"id12", # in_response_to
"http://lingon.catalogix.se:8087/", # consumer_url
"urn:mace:example.com:saml:roland:sp", # sp_entity_id
- {"eduPersonEntitlement":"Jeter"},
- name_id = name_id
- )
+ IDENTITY, name_id = name_id, policy=policy)
- self._sign_resp_ = server.do_response(
+ self._sign_resp_ = server.create_response(
"id12", # in_response_to
"http://lingon.catalogix.se:8087/", # consumer_url
"urn:mace:example.com:saml:roland:sp", # sp_entity_id
- {"eduPersonEntitlement":"Jeter"},
- name_id = name_id,
- sign=True
- )
+ IDENTITY,
+ name_id = name_id, sign_assertion=True, policy=policy)
- self._resp_authn = server.do_response(
+ self._resp_authn = server.create_response(
"id12", # in_response_to
"http://lingon.catalogix.se:8087/", # consumer_url
"urn:mace:example.com:saml:roland:sp", # sp_entity_id
- {"eduPersonEntitlement":"Jeter"},
+ IDENTITY,
name_id = name_id,
- authn=(saml.AUTHN_PASSWORD, "http://www.example.com/login")
- )
+ authn=(saml.AUTHN_PASSWORD, "http://www.example.com/login"),
+ policy=policy)
self.conf = config_factory("sp", "server_conf")
self.ar = authn_response(self.conf, "http://lingon.catalogix.se:8087/")
@@ -60,7 +57,7 @@ class TestAuthnResponse:
print self.ar.__dict__
assert self.ar.came_from == 'http://localhost:8088/sso'
assert self.ar.session_id() == "id12"
- assert self.ar.ava == {'eduPersonEntitlement': ['Jeter'] }
+ assert self.ar.ava == IDENTITY
assert self.ar.name_id
assert self.ar.issuer() == 'urn:mace:example.com:saml:roland:idp'
@@ -76,7 +73,7 @@ class TestAuthnResponse:
print self.ar.__dict__
assert self.ar.came_from == 'http://localhost:8088/sso'
assert self.ar.session_id() == "id12"
- assert self.ar.ava == {'eduPersonEntitlement': ['Jeter'] }
+ assert self.ar.ava == IDENTITY
assert self.ar.issuer() == 'urn:mace:example.com:saml:roland:idp'
assert self.ar.name_id
diff --git a/tests/test_50_server.py b/tests/test_50_server.py
index 3048f614..b5354e95 100644
--- a/tests/test_50_server.py
+++ b/tests/test_50_server.py
@@ -139,26 +139,17 @@ class TestServer1():
assert status.status_code.value == samlp.STATUS_SUCCESS
def test_parse_faulty_request(self):
- authn_request = self.client.authn_request(
- query_id = "id1",
- destination = "http://www.example.com",
- service_url = "http://www.example.org",
- spentityid = "urn:mace:example.com:saml:roland:sp",
- my_name = "My real name",
- )
+ authn_request = self.client.create_authn_request(
+ destination = "http://www.example.com",
+ id = "id1")
intermed = s_utils.deflate_and_base64_encode("%s" % authn_request)
# should raise an error because faulty spentityid
raises(OtherError, self.server.parse_authn_request, intermed)
def test_parse_faulty_request_to_err_status(self):
- authn_request = self.client.authn_request(
- query_id = "id1",
- destination = "http://www.example.com",
- service_url = "http://www.example.org",
- spentityid = "urn:mace:example.com:saml:roland:sp",
- my_name = "My real name",
- )
+ authn_request = self.client.create_authn_request(
+ destination = "http://www.example.com")
intermed = s_utils.deflate_and_base64_encode("%s" % authn_request)
try:
@@ -178,20 +169,17 @@ class TestServer1():
assert status_code.status_code.value == samlp.STATUS_UNKNOWN_PRINCIPAL
def test_parse_ok_request(self):
- authn_request = self.client.authn_request(
- query_id = "id1",
- destination = "http://localhost:8088/sso",
- service_url = "http://localhost:8087/",
- spentityid = "urn:mace:example.com:saml:roland:sp",
- my_name = "My real name",
- )
+ authn_request = self.client.create_authn_request(
+ id = "id1",
+ destination = "http://localhost:8088/sso")
print authn_request
intermed = s_utils.deflate_and_base64_encode("%s" % authn_request)
+
response = self.server.parse_authn_request(intermed)
# returns a dictionary
print response
- assert response["consumer_url"] == "http://localhost:8087/"
+ assert response["consumer_url"] == "http://lingon.catalogix.se:8087/"
assert response["id"] == "id1"
name_id_policy = response["request"].name_id_policy
assert _eq(name_id_policy.keyswv(), ["format", "allow_create"])
@@ -202,12 +190,16 @@ class TestServer1():
name_id = self.server.ident.transient_nameid(
"urn:mace:example.com:saml:roland:sp",
"id12")
- resp = self.server.do_response(
+ resp = self.server.create_response(
"id12", # in_response_to
"http://localhost:8087/", # consumer_url
"urn:mace:example.com:saml:roland:sp", # sp_entity_id
- { "eduPersonEntitlement": "Short stop"}, # identity
- name_id
+ {"eduPersonEntitlement": "Short stop",
+ "surName": "Jeter",
+ "givenName": "Derek",
+ "mail": "derek.jeter@nyy.mlb.com"},
+ name_id,
+ policy= self.server.conf.getattr("policy")
)
print resp.keyswv()
@@ -227,7 +219,7 @@ class TestServer1():
assert assertion.attribute_statement
attribute_statement = assertion.attribute_statement
print attribute_statement
- assert len(attribute_statement.attribute) == 1
+ assert len(attribute_statement.attribute) == 4
attribute = attribute_statement.attribute[0]
assert len(attribute.attribute_value) == 1
assert attribute.friendly_name == "eduPersonEntitlement"
@@ -245,7 +237,7 @@ class TestServer1():
assert confirmation.subject_confirmation_data.in_response_to == "id12"
def test_sso_response_without_identity(self):
- resp = self.server.do_response(
+ resp = self.server.create_response(
"id12", # in_response_to
"http://localhost:8087/", # consumer_url
"urn:mace:example.com:saml:roland:sp", # sp_entity_id
@@ -263,8 +255,9 @@ class TestServer1():
def test_sso_failure_response(self):
exc = s_utils.MissingValue("eduPersonAffiliation missing")
- resp = self.server.error_response("id12", "http://localhost:8087/",
- "urn:mace:example.com:saml:roland:sp", exc )
+ resp = self.server.create_error_response("id12",
+ "http://localhost:8087/",
+ exc )
print resp.keyswv()
assert _eq(resp.keyswv(),['status', 'destination', 'in_response_to',
@@ -291,14 +284,15 @@ class TestServer1():
ava = { "givenName": ["Derek"], "surName": ["Jeter"],
"mail": ["derek@nyy.mlb.com"]}
- resp_str = self.server.authn_response(ava,
- "id1", "http://local:8087/",
- "urn:mace:example.com:saml:roland:sp",
- samlp.NameIDPolicy(format=saml.NAMEID_FORMAT_TRANSIENT,
- allow_create="true"),
- "foba0001@example.com")
+ npolicy = samlp.NameIDPolicy(format=saml.NAMEID_FORMAT_TRANSIENT,
+ allow_create="true")
+ resp_str = "%s" % self.server.create_authn_response(
+ ava, "id1", "http://local:8087/",
+ "urn:mace:example.com:saml:roland:sp",
+ npolicy,
+ "foba0001@example.com")
- response = samlp.response_from_string("\n".join(resp_str))
+ response = samlp.response_from_string(resp_str)
print response.keyswv()
assert _eq(response.keyswv(),['status', 'destination', 'assertion',
'in_response_to', 'issue_instant', 'version',
@@ -318,14 +312,16 @@ class TestServer1():
name_id = self.server.ident.transient_nameid(
"urn:mace:example.com:saml:roland:sp",
"id12")
+ ava = { "givenName": ["Derek"], "surName": ["Jeter"],
+ "mail": ["derek@nyy.mlb.com"]}
- signed_resp = self.server.do_response(
+ signed_resp = self.server.create_response(
"id12", # in_response_to
"http://lingon.catalogix.se:8087/", # consumer_url
"urn:mace:example.com:saml:roland:sp", # sp_entity_id
- {"eduPersonEntitlement":"Jeter"},
+ ava,
name_id = name_id,
- sign=True
+ sign_assertion=True
)
print "%s" % signed_resp
@@ -352,11 +348,11 @@ class TestServer1():
}
self.client.users.add_information_about_person(sinfo)
- logout_request = self.client.construct_logout_request(
- subject_id="foba0001",
- destination = "http://localhost:8088/slop",
- issuer_entity_id = "urn:mace:example.com:saml:roland:idp",
- reason = "I'm tired of this")
+ logout_request = self.client.create_logout_request(
+ destination = "http://localhost:8088/slop",
+ subject_id="foba0001",
+ issuer_entity_id = "urn:mace:example.com:saml:roland:idp",
+ reason = "I'm tired of this")
intermed = s_utils.deflate_and_base64_encode("%s" % (logout_request,))
@@ -379,10 +375,11 @@ class TestServer1():
sp = client.Saml2Client(config_file="server_conf")
sp.users.add_information_about_person(sinfo)
- logout_request = sp.construct_logout_request(subject_id = "foba0001",
- destination = "http://localhost:8088/slo",
- issuer_entity_id = "urn:mace:example.com:saml:roland:idp",
- reason = "I'm tired of this")
+ logout_request = sp.create_logout_request(
+ subject_id = "foba0001",
+ destination = "http://localhost:8088/slo",
+ issuer_entity_id = "urn:mace:example.com:saml:roland:idp",
+ reason = "I'm tired of this")
_ = s_utils.deflate_and_base64_encode("%s" % (logout_request,))
@@ -402,10 +399,12 @@ class TestServer2():
self.server = Server("restrictive_idp_conf")
def test_do_aa_reponse(self):
- aa_policy = self.server.conf.policy
+ aa_policy = self.server.conf.getattr("policy", "idp")
print aa_policy.__dict__
- response = self.server.do_aa_response("aaa", "http://example.com/sp/",
- "urn:mace:example.com:sp:1", IDENTITY.copy())
+ response = self.server.create_aa_response("aaa",
+ "http://example.com/sp/",
+ "urn:mace:example.com:sp:1",
+ IDENTITY.copy())
assert response is not None
assert response.destination == "http://example.com/sp/"
@@ -439,7 +438,7 @@ def _logout_request(conf_file):
}
sp.users.add_information_about_person(sinfo)
- return sp.construct_logout_request(
+ return sp.create_logout_request(
subject_id = "foba0001",
destination = "http://localhost:8088/slo",
issuer_entity_id = "urn:mace:example.com:saml:roland:idp",
@@ -452,7 +451,8 @@ class TestServerLogout():
request = _logout_request("sp_slo_redirect_conf")
print request
bindings = [BINDING_HTTP_REDIRECT]
- (resp, headers, message) = server.logout_response(request, bindings)
+ (resp, headers, message) = server.create_logout_response(request,
+ bindings)
assert resp == '302 Found'
assert len(headers) == 1
assert headers[0][0] == "Location"
diff --git a/tests/test_51_client.py b/tests/test_51_client.py
index 68aa5e98..4d86d15f 100644
--- a/tests/test_51_client.py
+++ b/tests/test_51_client.py
@@ -6,9 +6,12 @@ import urllib
from urlparse import urlparse, parse_qs
from saml2.client import Saml2Client, LogoutError
-from saml2 import samlp, BINDING_HTTP_POST
+from saml2 import samlp, BINDING_HTTP_POST, BINDING_HTTP_REDIRECT
from saml2 import BINDING_SOAP
from saml2 import saml, config, class_name
+from saml2.discovery import discovery_service_request_url
+from saml2.discovery import discovery_service_response
+from saml2.saml import NAMEID_FORMAT_PERSISTENT
from saml2.server import Server
from saml2.s_utils import decode_base64_and_inflate
from saml2.time_util import in_a_while
@@ -62,10 +65,11 @@ class TestClient:
self.client = Saml2Client(conf)
def test_create_attribute_query1(self):
- req = self.client.create_attribute_query("id1",
- "E8042FB4-4D5B-48C3-8E14-8EDD852790DD",
- "https://idp.example.com/idp/",
- nameid_format=saml.NAMEID_FORMAT_PERSISTENT)
+ req = self.client.create_attribute_query(
+ "https://idp.example.com/idp/",
+ "E8042FB4-4D5B-48C3-8E14-8EDD852790DD",
+ nameid_format=saml.NAMEID_FORMAT_PERSISTENT,
+ id="id1")
reqstr = "%s" % req.to_string()
assert req.destination == "https://idp.example.com/idp/"
@@ -93,9 +97,9 @@ class TestClient:
assert attrq.subject.name_id.text == name_id.text
def test_create_attribute_query2(self):
- req = self.client.create_attribute_query("id1",
- "E8042FB4-4D5B-48C3-8E14-8EDD852790DD",
+ req = self.client.create_attribute_query(
"https://idp.example.com/idp/",
+ "E8042FB4-4D5B-48C3-8E14-8EDD852790DD",
attribute={
("urn:oid:2.5.4.42",
"urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
@@ -106,7 +110,8 @@ class TestClient:
("urn:oid:1.2.840.113549.1.9.1",
"urn:oasis:names:tc:SAML:2.0:attrname-format:uri"):None,
},
- nameid_format=saml.NAMEID_FORMAT_PERSISTENT)
+ nameid_format=saml.NAMEID_FORMAT_PERSISTENT,
+ id="id1")
print req.to_string()
assert req.destination == "https://idp.example.com/idp/"
@@ -133,13 +138,14 @@ class TestClient:
if getattr(attribute,"friendly_name"):
assert False
seen.append("email")
- assert set(seen) == set(["givenName", "surname", "email"])
+ assert set(seen) == {"givenName", "surname", "email"}
def test_create_attribute_query_3(self):
- req = self.client.create_attribute_query("id1",
- "_e7b68a04488f715cda642fbdd90099f5",
+ req = self.client.create_attribute_query(
"https://aai-demo-idp.switch.ch/idp/shibboleth",
- nameid_format=saml.NAMEID_FORMAT_TRANSIENT )
+ "_e7b68a04488f715cda642fbdd90099f5",
+ nameid_format=saml.NAMEID_FORMAT_TRANSIENT,
+ id="id1")
assert isinstance(req, samlp.AttributeQuery)
assert req.destination == "https://aai-demo-idp.switch.ch/idp/shibboleth"
@@ -152,13 +158,13 @@ class TestClient:
assert nameid.text == "_e7b68a04488f715cda642fbdd90099f5"
def test_attribute_query(self):
- req = self.client.attribute_query(
- "_e7b68a04488f715cda642fbdd90099f5",
- "https://aai-demo-idp.switch.ch/idp/shibboleth",
+ resp = self.client.do_attribute_query(
+ "urn:mace:example.com:saml:roland:idp",
+ "_e7b68a04488f715cda642fbdd90099f5",
nameid_format=saml.NAMEID_FORMAT_TRANSIENT)
# since no one is answering on the other end
- assert req is None
+ assert resp is None
# def test_idp_entry(self):
# idp_entry = self.client.idp_entry(name="UmeƄ Universitet",
@@ -179,19 +185,17 @@ class TestClient:
# assert idp_entry.loc == ['http://localhost:8088/sso']
def test_create_auth_request_0(self):
- ar_str = "%s" % self.client.authn_request("id1",
+ ar_str = "%s" % self.client.create_authn_request(
"http://www.example.com/sso",
- "http://www.example.org/service",
- "urn:mace:example.org:saml:sp",
- "My Name")
+ id="id1")
ar = samlp.authn_request_from_string(ar_str)
print ar
- assert ar.assertion_consumer_service_url == "http://www.example.org/service"
+ assert ar.assertion_consumer_service_url == "http://lingon.catalogix.se:8087/"
assert ar.destination == "http://www.example.com/sso"
assert ar.protocol_binding == BINDING_HTTP_POST
assert ar.version == "2.0"
- assert ar.provider_name == "My Name"
- assert ar.issuer.text == "urn:mace:example.org:saml:sp"
+ assert ar.provider_name == "urn:mace:example.com:saml:roland:sp"
+ assert ar.issuer.text == "urn:mace:example.com:saml:roland:sp"
nid_policy = ar.name_id_policy
assert nid_policy.allow_create == "true"
assert nid_policy.format == saml.NAMEID_FORMAT_TRANSIENT
@@ -200,36 +204,34 @@ class TestClient:
assert self.client.config.virtual_organization.keys() == [
"urn:mace:example.com:it:tek"]
- ar_str = "%s" % self.client.authn_request("666",
+ ar_str = "%s" % self.client.create_authn_request(
"http://www.example.com/sso",
- "http://www.example.org/service",
- "urn:mace:example.org:saml:sp",
- "My Name",
- vorg="urn:mace:example.com:it:tek")
+ "urn:mace:example.com:it:tek", # vo
+ nameid_format=NAMEID_FORMAT_PERSISTENT,
+ id="666")
ar = samlp.authn_request_from_string(ar_str)
print ar
assert ar.id == "666"
- assert ar.assertion_consumer_service_url == "http://www.example.org/service"
+ assert ar.assertion_consumer_service_url == "http://lingon.catalogix.se:8087/"
assert ar.destination == "http://www.example.com/sso"
assert ar.protocol_binding == BINDING_HTTP_POST
assert ar.version == "2.0"
- assert ar.provider_name == "My Name"
- assert ar.issuer.text == "urn:mace:example.org:saml:sp"
+ assert ar.provider_name == "urn:mace:example.com:saml:roland:sp"
+ assert ar.issuer.text == "urn:mace:example.com:saml:roland:sp"
nid_policy = ar.name_id_policy
- assert nid_policy.allow_create == "true"
+ assert nid_policy.allow_create == "false"
assert nid_policy.format == saml.NAMEID_FORMAT_PERSISTENT
assert nid_policy.sp_name_qualifier == "urn:mace:example.com:it:tek"
def test_sign_auth_request_0(self):
#print self.client.config
- ar_str = "%s" % self.client.authn_request("id1",
+ ar_str = "%s" % self.client.create_authn_request(
"http://www.example.com/sso",
- "http://www.example.org/service",
- "urn:mace:example.org:saml:sp",
- "My Name", sign=True)
-
+ sign=True,
+ id="id1")
+
ar = samlp.authn_request_from_string(ar_str)
assert ar
@@ -251,17 +253,20 @@ class TestClient:
def test_response(self):
IDP = "urn:mace:example.com:saml:roland:idp"
- ava = { "givenName": ["Derek"], "surname": ["Jeter"],
+ ava = { "givenName": ["Derek"], "surName": ["Jeter"],
"mail": ["derek@nyy.mlb.com"]}
- resp_str = "\n".join(self.server.authn_response(
- identity=ava,
- in_response_to="id1",
- destination="http://lingon.catalogix.se:8087/",
- sp_entity_id="urn:mace:example.com:saml:roland:sp",
- name_id_policy=samlp.NameIDPolicy(
- format=saml.NAMEID_FORMAT_PERSISTENT),
- userid="foba0001@example.com"))
+ nameid_policy=samlp.NameIDPolicy(allow_create="false",
+ format=saml.NAMEID_FORMAT_PERSISTENT)
+
+ resp = self.server.create_authn_response(identity=ava,
+ in_response_to="id1",
+ destination="http://lingon.catalogix.se:8087/",
+ sp_entity_id="urn:mace:example.com:saml:roland:sp",
+ name_id_policy=nameid_policy,
+ userid="foba0001@example.com")
+
+ resp_str = "%s" % resp
resp_str = base64.encodestring(resp_str)
@@ -274,7 +279,9 @@ class TestClient:
session_info = authn_response.session_info()
print session_info
- assert session_info["ava"] == {'mail': ['derek@nyy.mlb.com'], 'givenName': ['Derek'], 'sn': ['Jeter']}
+ assert session_info["ava"] == {'mail': ['derek@nyy.mlb.com'],
+ 'givenName': ['Derek'],
+ 'surName': ['Jeter']}
assert session_info["issuer"] == IDP
assert session_info["came_from"] == "http://foo.example.com/service"
response = samlp.response_from_string(authn_response.xmlstr)
@@ -289,17 +296,16 @@ class TestClient:
# --- authenticate another person
- ava = { "givenName": ["Alfonson"], "surname": ["Soriano"],
+ ava = { "givenName": ["Alfonson"], "surName": ["Soriano"],
"mail": ["alfonson@chc.mlb.com"]}
- resp_str = "\n".join(self.server.authn_response(
- identity=ava,
- in_response_to="id2",
- destination="http://lingon.catalogix.se:8087/",
- sp_entity_id="urn:mace:example.com:saml:roland:sp",
- name_id_policy=samlp.NameIDPolicy(
- format=saml.NAMEID_FORMAT_PERSISTENT),
- userid="also0001@example.com"))
+ resp_str = "%s" % self.server.create_authn_response(
+ identity=ava,
+ in_response_to="id2",
+ destination="http://lingon.catalogix.se:8087/",
+ sp_entity_id="urn:mace:example.com:saml:roland:sp",
+ name_id_policy=nameid_policy,
+ userid="also0001@example.com")
resp_str = base64.encodestring(resp_str)
@@ -317,7 +323,6 @@ class TestClient:
entityid = self.client.config.entityid
print entityid
assert entityid == "urn:mace:example.com:saml:roland:sp"
- print self.client.config.idp
print self.client.config.metadata.idps()
print self.client.config.idps()
location = self.client._sso_location()
@@ -332,10 +337,9 @@ class TestClient:
def test_authenticate(self):
print self.client.config.idps()
- (sid, response) = self.client.authenticate(
+ response = self.client.do_authenticate(
"urn:mace:example.com:saml:roland:idp",
"http://www.example.com/relay_state")
- assert sid is not None
assert response[0] == "Location"
o = urlparse(response[1])
qdict = parse_qs(o.query)
@@ -343,13 +347,11 @@ class TestClient:
saml_request = decode_base64_and_inflate(qdict["SAMLRequest"][0])
print saml_request
authnreq = samlp.authn_request_from_string(saml_request)
- assert authnreq.id == sid
def test_authenticate_no_args(self):
- (sid, request) = self.client.authenticate(relay_state="http://www.example.com/relay_state")
- assert sid is not None
- assert request[0] == "Location"
- o = urlparse(request[1])
+ response = self.client.do_authenticate(relay_state="http://www.example.com/relay_state")
+ assert response[0] == "Location"
+ o = urlparse(response[1])
qdict = parse_qs(o.query)
assert _leq(qdict.keys(), ['SAMLRequest', 'RelayState'])
saml_request = decode_base64_and_inflate(qdict["SAMLRequest"][0])
@@ -357,14 +359,13 @@ class TestClient:
print saml_request
authnreq = samlp.authn_request_from_string(saml_request)
print authnreq.keyswv()
- assert authnreq.id == sid
assert authnreq.destination == "http://localhost:8088/sso"
assert authnreq.assertion_consumer_service_url == "http://lingon.catalogix.se:8087/"
assert authnreq.provider_name == "urn:mace:example.com:saml:roland:sp"
- assert authnreq.protocol_binding == BINDING_HTTP_POST
+ assert authnreq.protocol_binding == BINDING_HTTP_REDIRECT
name_id_policy = authnreq.name_id_policy
- assert name_id_policy.allow_create == "true"
- assert name_id_policy.format == "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
+ assert name_id_policy.allow_create == "false"
+ assert name_id_policy.format == NAMEID_FORMAT_PERSISTENT
issuer = authnreq.issuer
assert issuer.text == "urn:mace:example.com:saml:roland:sp"
@@ -386,7 +387,8 @@ class TestClient:
self.client.users.add_information_about_person(session_info)
entity_ids = self.client.users.issuers_of_info("123456")
assert entity_ids == ["urn:mace:example.com:saml:roland:idp"]
- resp = self.client.global_logout("123456", "Tired", in_a_while(minutes=5))
+ resp = self.client.global_logout("123456", "Tired",
+ in_a_while(minutes=5))
print resp
assert resp
assert resp[0] # a session_id
@@ -401,7 +403,7 @@ class TestClient:
assert session_info["reason"] == "Tired"
assert session_info["operation"] == "SLO"
assert session_info["entity_ids"] == entity_ids
- assert session_info["sign"] == False
+ assert session_info["sign"] == True
def test_logout_2(self):
""" one IdP/AA with BINDING_SOAP, can't actually send something"""
@@ -480,7 +482,7 @@ class TestClient:
assert state_info["reason"] == "Tired"
assert state_info["operation"] == "SLO"
assert state_info["entity_ids"] == entity_ids
- assert state_info["sign"] == False
+ assert state_info["sign"] == True
def test_authz_decision_query(self):
conf = config.SPConfig()
@@ -503,7 +505,7 @@ class TestClient:
conf.attribute_converters,
policy, issuer=client._issuer())
- adq = client.authz_decision_query_using_assertion("entity_id",
+ adq = client.create_authz_decision_query_using_assertion("entity_id",
assertion,
"read",
"http://example.com/text")
@@ -517,11 +519,14 @@ class TestClient:
def test_request_to_discovery_service(self):
disc_url = "http://example.com/saml2/idp/disc"
- url = self.client.discovery_service_request_url(disc_url)
+ url = discovery_service_request_url("urn:mace:example.com:saml:roland:sp",
+ disc_url)
print url
assert url == "http://example.com/saml2/idp/disc?entityID=urn%3Amace%3Aexample.com%3Asaml%3Aroland%3Asp"
- url = self.client.discovery_service_request_url(disc_url,
+ url = discovery_service_request_url(
+ self.client.config.entityid,
+ disc_url,
return_url= "http://example.org/saml2/sp/ds")
print url
@@ -532,15 +537,15 @@ class TestClient:
params = urllib.urlencode(pdir)
redirect_url = "http://example.com/saml2/sp/disc?%s" % params
- entity_id = self.client.discovery_service_response(url=redirect_url)
+ entity_id = discovery_service_response(url=redirect_url)
assert entity_id == "http://example.org/saml2/idp/sso"
pdir = {"idpID": "http://example.org/saml2/idp/sso"}
params = urllib.urlencode(pdir)
redirect_url = "http://example.com/saml2/sp/disc?%s" % params
- entity_id = self.client.discovery_service_response(url=redirect_url,
- returnIDParam="idpID")
+ entity_id = discovery_service_response(url=redirect_url,
+ returnIDParam="idpID")
assert entity_id == "http://example.org/saml2/idp/sso"
@@ -559,17 +564,17 @@ class TestClient:
IDP = "urn:mace:example.com:saml:roland:idp"
- ava = { "givenName": ["Derek"], "surname": ["Jeter"],
+ ava = { "givenName": ["Derek"], "surName": ["Jeter"],
"mail": ["derek@nyy.mlb.com"]}
- resp_str = "\n".join(self.server.authn_response(
- identity=ava,
- in_response_to="id1",
- destination="http://lingon.catalogix.se:8087/",
- sp_entity_id="urn:mace:example.com:saml:roland:sp",
- name_id_policy=samlp.NameIDPolicy(
- format=saml.NAMEID_FORMAT_PERSISTENT),
- userid="foba0001@example.com"))
+ resp_str = "%s" % self.server.create_authn_response(
+ identity=ava,
+ in_response_to="id1",
+ destination="http://lingon.catalogix.se:8087/",
+ sp_entity_id="urn:mace:example.com:saml:roland:sp",
+ name_id_policy=samlp.NameIDPolicy(
+ format=saml.NAMEID_FORMAT_PERSISTENT),
+ userid="foba0001@example.com")
resp_str = base64.encodestring(resp_str)
@@ -582,7 +587,9 @@ class TestClient:
session_info = authn_response.session_info()
print session_info
- assert session_info["ava"] == {'mail': ['derek@nyy.mlb.com'], 'givenName': ['Derek'], 'sn': ['Jeter']}
+ assert session_info["ava"] == {'mail': ['derek@nyy.mlb.com'],
+ 'givenName': ['Derek'],
+ 'surName': ['Jeter']}
assert session_info["issuer"] == IDP
assert session_info["came_from"] == ""
response = samlp.response_from_string(authn_response.xmlstr)
diff --git a/tests/test_60_sp.py b/tests/test_60_sp.py
index 01b98932..b29b5468 100644
--- a/tests/test_60_sp.py
+++ b/tests/test_60_sp.py
@@ -2,6 +2,8 @@
# -*- coding: utf-8 -*-
import base64
+from saml2.saml import NAMEID_FORMAT_TRANSIENT
+from saml2.samlp import NameIDPolicy
from s2repoze.plugins.sp import make_plugin
from saml2.server import Server
from saml2 import make_instance, samlp, saml
@@ -30,7 +32,9 @@ ENV1 = {'SERVER_SOFTWARE': 'CherryPy/3.1.2 WSGI Server',
'wsgi.multiprocess': False,
'HTTP_ACCEPT_LANGUAGE': 'en-us',
'HTTP_ACCEPT_ENCODING': 'gzip, deflate'}
-
+
+trans_name_policy = NameIDPolicy(format=NAMEID_FORMAT_TRANSIENT,
+ allow_create="true")
class TestSP():
def setup_class(self):
self.sp = make_plugin("rem", saml_conf="server_conf")
@@ -42,15 +46,14 @@ class TestSP():
def test_identify(self):
# Create a SAMLResponse
- ava = { "givenName": ["Derek"], "surname": ["Jeter"],
+ ava = { "givenName": ["Derek"], "surName": ["Jeter"],
"mail": ["derek@nyy.mlb.com"]}
- resp_str = "\n".join(self.server.authn_response(ava,
- "id1", "http://lingon.catalogix.se:8087/",
- "urn:mace:example.com:saml:roland:sp",
- samlp.NameIDPolicy(format=saml.NAMEID_FORMAT_TRANSIENT,
- allow_create="true"),
- "foba0001@example.com"))
+ resp_str = "%s" % self.server.create_authn_response(ava, "id1",
+ "http://lingon.catalogix.se:8087/",
+ "urn:mace:example.com:saml:roland:sp",
+ trans_name_policy,
+ "foba0001@example.com")
resp_str = base64.encodestring(resp_str)
self.sp.outstanding_queries = {"id1":"http://www.example.com/service"}
@@ -60,4 +63,4 @@ class TestSP():
assert session_info["came_from"] == 'http://www.example.com/service'
assert session_info["ava"] == {'givenName': ['Derek'],
'mail': ['derek@nyy.mlb.com'],
- 'sn': ['Jeter']} \ No newline at end of file
+ 'surName': ['Jeter']} \ No newline at end of file
diff --git a/tests/test_61_makemeta.py b/tests/test_61_makemeta.py
index 49b2015a..591564a7 100644
--- a/tests/test_61_makemeta.py
+++ b/tests/test_61_makemeta.py
@@ -186,7 +186,7 @@ def test_optional_attributes():
def test_do_sp_sso_descriptor():
conf = SPConfig().load(SP, metadata_construction=True)
- spsso = metadata.do_sp_sso_descriptor(conf)
+ spsso = metadata.do_spsso_descriptor(conf)
assert isinstance(spsso, md.SPSSODescriptor)
assert _eq(spsso.keyswv(), ['authn_requests_signed',
@@ -215,7 +215,7 @@ def test_do_sp_sso_descriptor_2():
SP["service"]["sp"]["discovery_response"] = "http://example.com/sp/ds"
conf = SPConfig().load(SP, metadata_construction=True)
- spsso = metadata.do_sp_sso_descriptor(conf)
+ spsso = metadata.do_spsso_descriptor(conf)
assert isinstance(spsso, md.SPSSODescriptor)
print spsso.keyswv()
@@ -242,7 +242,7 @@ def test_entity_description():
#confd = eval(open("../tests/server.config").read())
confd = SPConfig().load_file("server_conf")
print confd.attribute_converters
- entd = metadata.entity_descriptor(confd, 1)
+ entd = metadata.entity_descriptor(confd)
assert entd is not None
print entd.keyswv()
assert _eq(entd.keyswv(), ['valid_until', 'entity_id', 'contact_person',
@@ -252,7 +252,7 @@ def test_entity_description():
def test_do_idp_sso_descriptor():
conf = IdPConfig().load(IDP, metadata_construction=True)
- idpsso = metadata.do_idp_sso_descriptor(conf)
+ idpsso = metadata.do_idpsso_descriptor(conf)
assert isinstance(idpsso, md.IDPSSODescriptor)
assert _eq(idpsso.keyswv(), ['protocol_support_enumeration',
View Lorry Controller Status