def test_metadata():
conf = config.Config()
conf.load_file("idp_conf_mdb")
UMU_IDP = 'https://idp.umu.se/saml2/idp/metadata.php'
# Set up a Metadata store
mds = MetadataStore(ONTS.values(),
ATTRCONV,
conf,
disable_ssl_certificate_validation=True)
# Import metadata from local file.
mds.imp({"local": [full_path("swamid-2.0.xml")]})
assert len(mds) == 1 # One source
export_mdstore_to_mongo_db(mds, "metadata", "test")
mdmdb = MetadataMDB(ONTS, ATTRCONV, "metadata", "test")
# replace all metadata instances with this one
mds.metadata = {"mongo_db": mdmdb}
idps = mds.with_descriptor("idpsso")
assert idps.keys()
idpsso = mds.single_sign_on_service(UMU_IDP)
assert len(idpsso) == 1
assert destinations(idpsso) == [
'https://idp.umu.se/saml2/idp/SSOService.php'
]
_name = name(mds[UMU_IDP])
assert _name == u'Ume\xe5 University'
certs = mds.certs(UMU_IDP, "idpsso", "signing")
assert len(certs) == 1
sps = mds.with_descriptor("spsso")
assert len(sps) == 356
wants = mds.attribute_requirement('https://connect.sunet.se/shibboleth')
assert wants["optional"] == []
lnamn = [d_to_local_name(mds.attrc, attr) for attr in wants["required"]]
assert _eq(lnamn, [
'eduPersonPrincipalName', 'mail', 'givenName', 'sn',
'eduPersonScopedAffiliation', 'eduPersonAffiliation'
])
wants = mds.attribute_requirement(
"https://gidp.geant.net/sp/module.php/saml/sp/metadata.php/default-sp")
# Optional
lnamn = [d_to_local_name(mds.attrc, attr) for attr in wants["optional"]]
assert _eq(lnamn, [
'displayName', 'commonName', 'schacHomeOrganization',
'eduPersonAffiliation', 'schacHomeOrganizationType'
])
# Required
lnamn = [d_to_local_name(mds.attrc, attr) for attr in wants["required"]]
assert _eq(lnamn,
['eduPersonTargetedID', 'mail', 'eduPersonScopedAffiliation'])
def test_okta():
conf = config.Config()
conf.load_file("server_conf")
conf.id_attr_name = 'Id'
md = MetadataStore([saml, samlp], None, conf)
md.load("local", IDP_EXAMPLE)
conf.metadata = md
conf.only_use_keys_in_metadata = False
sec = sigver.security_context(conf)
with open(OKTA_RESPONSE) as f:
enctext = f.read()
decr_text = sec.decrypt(enctext)
_seass = saml.encrypted_assertion_from_string(decr_text)
assers = extension_elements_to_elements(_seass.extension_elements,
[saml, samlp])
with open(OKTA_ASSERTION) as f:
okta_assertion = f.read()
expected_assert = assertion_from_string(okta_assertion)
assert len(assers) == 1
assert assers[0] == expected_assert
from pytest import raises
from saml2.extension import mdui
from saml2.extension import idpdisc
from saml2.extension import dri
from saml2.extension import mdattr
from saml2 import saml
from saml2 import xmldsig
from saml2 import xmlenc
from pathutils import full_path
ONTS = [saml, mdui, mdattr, dri, idpdisc, md, xmldsig, xmlenc]
ATTRCONV = ac_factory(full_path("attributemaps"))
sec_config = config.Config()
METADATACONF = {
"1": [{
"class": "saml2.mdstore.MetaDataFile",
"metadata": [(full_path("swamid-2.0.xml"), )],
}],
}
def _eq(l1, l2):
return set(l1) == set(l2)
gn = to_dict(
md.RequestedAttribute(name="urn:oid:2.5.4.42",