def test_sp_metadata():
md = metadata.MetaData(attrconv=ATTRCONV)
md.import_metadata(_fix_valid_until(_read_file(SP_METADATA)), "-")
print md.entity
assert len(md.entity) == 1
assert md.entity.keys() == ['urn:mace:umu.se:saml:roland:sp']
assert _eq(md.entity['urn:mace:umu.se:saml:roland:sp'].keys(),
['valid_until', "organization", "sp_sso", 'contact_person'])
print md.entity['urn:mace:umu.se:saml:roland:sp']["sp_sso"][0].keyswv()
(req, opt) = md.attribute_consumer('urn:mace:umu.se:saml:roland:sp')
print req
assert len(req) == 3
assert len(opt) == 1
assert opt[0].name == 'urn:oid:2.5.4.12'
assert opt[0].friendly_name == 'title'
assert _eq([n.name for n in req], [
'urn:oid:2.5.4.4', 'urn:oid:2.5.4.42',
'urn:oid:0.9.2342.19200300.100.1.3'
])
assert _eq([n.friendly_name for n in req],
['surName', 'givenName', 'mail'])
print md.wants
assert md._wants.keys() == ['urn:mace:umu.se:saml:roland:sp']
assert _eq(
md.wants('urn:mace:umu.se:saml:roland:sp')[0].keys(),
["mail", "givenName", "sn"])
assert _eq(md.wants('urn:mace:umu.se:saml:roland:sp')[1].keys(), ["title"])
def load_metadata(self, metadata_conf):
""" Loads metadata into an internal structure """
xmlsec_binary = self.xmlsec_binary
acs = self.attribute_converters
if xmlsec_binary is None:
raise Exception("Missing xmlsec1 specification")
if acs is None:
raise Exception("Missing attribute converter specification")
try:
ca_certs = self.ca_certs
except:
ca_certs = None
try:
disable_ssl_certificate_validation = self.disable_ssl_certificate_validation
except:
disable_ssl_certificate_validation = False
metad = metadata.MetaData(xmlsec_binary, acs, ca_certs,
disable_ssl_certificate_validation)
if "local" in metadata_conf:
for mdfile in metadata_conf["local"]:
metad.import_metadata(open(mdfile).read(), mdfile)
if "remote" in metadata_conf:
for spec in metadata_conf["remote"]:
try:
cert = spec["cert"]
except KeyError:
cert = None
metad.import_external_metadata(spec["url"], cert)
return metad
def test_switch_1():
md = metadata.MetaData(attrconv=ATTRCONV)
md.import_metadata(_read_file(SWITCH_METADATA), "-")
print len(md.entity)
assert len(md.entity) == 90
idps = dict([(id,ent["idp_sso"]) for id,ent in md.entity.items() \
if "idp_sso" in ent])
print idps.keys()
idp_sso = md.single_sign_on_services(
'https://aai-demo-idp.switch.ch/idp/shibboleth')
assert len(idp_sso) == 1
print idp_sso
assert idp_sso == [
'https://aai-demo-idp.switch.ch/idp/profile/SAML2/Redirect/SSO'
]
assert len(idps) == 16
aas = dict([(id,ent["attribute_authority"]) for id,ent in md.entity.items() \
if "attribute_authority" in ent])
print aas.keys()
aads = aas['https://aai-demo-idp.switch.ch/idp/shibboleth']
assert len(aads) == 1
aad = aads[0]
assert len(aad.attribute_service) == 1
assert len(aad.name_id_format) == 2
dual = dict([(id,ent) for id,ent in md.entity.items() \
if "idp_sso" in ent and "sp_sso" in ent])
print len(dual)
assert len(dual) == 0
def test_extend():
md = metadata.MetaData(attrconv=ATTRCONV)
md.import_metadata(_fix_valid_until(_read_file("extended.xml")), "-")
signcerts = md.certs("https://coip-test.sunet.se/shibboleth", "signing")
assert len(signcerts) == 1
enccerts = md.certs("https://coip-test.sunet.se/shibboleth", "encryption")
assert len(enccerts) == 1
assert signcerts[0] == enccerts[0]
def test_ui_info():
md = metadata.MetaData(attrconv=ATTRCONV)
md.import_metadata(_fix_valid_until(_read_file("idp_uiinfo.xml")), "-")
loc = md.single_sign_on_services_with_uiinfo(
"http://example.com/saml2/idp.xml")
assert len(loc) == 1
assert loc[0][0] == "http://example.com/saml2/"
assert len(loc[0][1]) == 1
ui_info = loc[0][1][0]
print ui_info
assert ui_info.description[0].text == "Exempel bolag"
def test_incommon_1():
md = metadata.MetaData(attrconv=ATTRCONV)
md.import_metadata(_read_file(INCOMMON_METADATA), "-")
print len(md.entity)
assert len(md.entity) == 442
idps = dict([(id, ent["idp_sso"]) for id, ent in md.entity.items()
if "idp_sso" in ent])
print idps.keys()
assert len(idps) == 53 # !!!!???? < 10%
assert md.single_sign_on_services('urn:mace:incommon:uiuc.edu') == []
idp_sso = md.single_sign_on_services('urn:mace:incommon:alaska.edu')
assert len(idp_sso) == 1
print idp_sso
print md.wants
assert idp_sso == ['https://idp.alaska.edu/idp/profile/SAML2/Redirect/SSO']
def test_pdp():
md = metadata.MetaData(attrconv=ATTRCONV)
md.import_metadata(_fix_valid_until(_read_file("pdp_meta.xml")), "-")
assert md
pdps = md.pdp_services("http://www.example.org/pysaml2/")
assert len(pdps) == 1
pdp = pdps[0]
assert len(pdp.authz_service) == 1
assert pdp.authz_service[
0].location == "http://www.example.org/pysaml2/authz"
assert pdp.authz_service[0].binding == BINDING_SOAP
endpoints = md.authz_service_endpoints("http://www.example.org/pysaml2/")
assert len(endpoints) == 1
assert endpoints[0] == "http://www.example.org/pysaml2/authz"
def test_example():
md = metadata.MetaData(attrconv=ATTRCONV)
md.import_metadata(_read_file(EXAMPLE_METADATA), "-")
print len(md.entity)
assert len(md.entity) == 1
idps = dict([(id,ent["idp_sso"]) for id,ent in md.entity.items() \
if "idp_sso" in ent])
assert idps.keys() == [
'http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php'
]
print md._loc_key[
'http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php']
certs = md.certs(
'http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php',
"signing")
assert len(certs) == 1
assert isinstance(certs[0], tuple)
assert len(certs[0]) == 2
def test_swami_1():
md = metadata.MetaData(attrconv=ATTRCONV)
md.import_metadata(_read_file(SWAMI_METADATA), "-")
print len(md.entity)
assert len(md.entity)
idps = dict([(id,ent["idp_sso"]) for id,ent in md.entity.items() \
if "idp_sso" in ent])
print idps
assert idps.keys()
idp_sso = md.single_sign_on_services(
'https://idp.umu.se/saml2/idp/metadata.php')
assert md.name('https://idp.umu.se/saml2/idp/metadata.php') == (
u'Ume\xe5 University (SAML2)')
assert len(idp_sso) == 1
assert idp_sso == ['https://idp.umu.se/saml2/idp/SSOService.php']
print md._loc_key['https://idp.umu.se/saml2/idp/SSOService.php']
ssocerts = md.certs('https://idp.umu.se/saml2/idp/SSOService.php',
"signing")
print ssocerts
assert len(ssocerts) == 1
print md._wants.keys()
assert _eq(md._wants.keys(), [
'https://sp.swamid.se/shibboleth',
'https://connect8.sunet.se/shibboleth',
'https://beta.lobber.se/shibboleth',
'https://connect.uninett.no/shibboleth',
'https://www.diva-portal.org/shibboleth',
'https://connect.sunet.se/shibboleth',
'https://crowd.nordu.net/shibboleth'
])
print md.wants('https://www.diva-portal.org/shibboleth')
assert _eq(
md.wants('https://www.diva-portal.org/shibboleth')[1].keys(), [
'mail', 'givenName', 'eduPersonPrincipalName', 'sn',
'eduPersonScopedAffiliation'
])
assert md.wants('https://connect.sunet.se/shibboleth')[0] == {}
assert _eq(
md.wants('https://connect.sunet.se/shibboleth')[1].keys(), [
'mail', 'givenName', 'eduPersonPrincipalName', 'sn',
'eduPersonScopedAffiliation'
])