summaryrefslogtreecommitdiff
path: root/tests/test_60_sp.py
blob: 78e88400979c8d93d66c57f64fe16d38ce4453b9 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

#!/usr/bin/env python
# -*- coding: utf-8 -*-

import base64
import pytest
from saml2.authn_context import INTERNETPROTOCOLPASSWORD
from saml2.saml import NAMEID_FORMAT_TRANSIENT
from saml2.samlp import NameIDPolicy
from saml2.server import Server

try:
    from saml2.s2repoze.plugins.sp import make_plugin
except ImportError:
    make_plugin = None

ENV1 = {'SERVER_SOFTWARE': 'CherryPy/3.1.2 WSGI Server',
        'SCRIPT_NAME': '',
        'ACTUAL_SERVER_PROTOCOL': 'HTTP/1.1',
        'REQUEST_METHOD': 'GET',
        'PATH_INFO': '/krissms',
        'SERVER_PROTOCOL': 'HTTP/1.1',
        'QUERY_STRING': '',
        'REMOTE_ADDR': '127.0.0.1',
        'HTTP_USER_AGENT':
            'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-us) ',
        'HTTP_CONNECTION': 'keep-alive',
        'SERVER_NAME': 'lingon-catalogix-se-2.local',
        'REMOTE_PORT': '57309',
        'wsgi.url_scheme': 'http',
        'SERVER_PORT': '8087',
        'HTTP_HOST': '127.0.0.1:8087',
        'wsgi.multithread': True,
        'HTTP_ACCEPT':
            'application/xml,application/xhtml+xml,text/html;q=0.9,'
            'text/plain;q=0.8,image/png,*/*;q=0.5',
        'wsgi.version': (1, 0),
        'wsgi.run_once': False,
        'wsgi.multiprocess': False,
        'HTTP_ACCEPT_LANGUAGE': 'en-us',
        'HTTP_ACCEPT_ENCODING': 'gzip, deflate'}

trans_name_policy = NameIDPolicy(format=NAMEID_FORMAT_TRANSIENT,
                                 allow_create="true")

AUTHN = {
    "class_ref": INTERNETPROTOCOLPASSWORD,
    "authn_auth": "http://www.example.com/login"
}


@pytest.mark.skipif(not make_plugin,
                    reason="s2repoze dependencies not installed")
class TestSP():
    def setup_class(self):
        self.sp = make_plugin("rem", saml_conf="server_conf")
        # Explicitly allow unsigned responses for this test
        self.sp.saml_client.want_response_signed = False
        self.server = Server(config_file="idp_conf")

    def teardown_class(self):
        self.server.close()

    def test_setup(self):
        assert self.sp

    def test_identify(self):
        # Create a SAMLResponse
        ava = {"givenName": ["Derek"], "surName": ["Jeter"],
               "mail": ["derek@nyy.mlb.com"], "title": ["The man"]}

        resp_str = "%s" % self.server.create_authn_response(
            ava, "id1", "http://lingon.catalogix.se:8087/",
            "urn:mace:example.com:saml:roland:sp", trans_name_policy,
            "foba0001@example.com", authn=AUTHN)

        resp_str = base64.encodestring(resp_str.encode('utf-8'))
        self.sp.outstanding_queries = {"id1": "http://www.example.com/service"}
        session_info = self.sp._eval_authn_response(
            {}, {"SAMLResponse": [resp_str]})

        assert len(session_info) > 1
        assert session_info["came_from"] == 'http://www.example.com/service'
        assert session_info["ava"] == {'givenName': ['Derek'],
                                       'mail': ['derek@nyy.mlb.com'],
                                       'sn': ['Jeter'],
                                       'title': ['The man']}


if __name__ == "__main__":
    _sp = TestSP()
    _sp.setup_class()
    _sp.test_identify()
View Lorry Controller Status