def test_create_attribute_query1(self):
req_id, req = self.client.create_attribute_query(
"https://idp.example.com/idp/",
"E8042FB4-4D5B-48C3-8E14-8EDD852790DD",
format=saml.NAMEID_FORMAT_PERSISTENT,
message_id="id1")
reqstr = "%s" % req.to_string()
assert req.destination == "https://idp.example.com/idp/"
assert req.id == "id1"
assert req.version == "2.0"
subject = req.subject
name_id = subject.name_id
assert name_id.format == saml.NAMEID_FORMAT_PERSISTENT
assert name_id.text == "E8042FB4-4D5B-48C3-8E14-8EDD852790DD"
issuer = req.issuer
assert issuer.text == "urn:mace:example.com:saml:roland:sp"
attrq = samlp.attribute_query_from_string(reqstr)
print attrq.keyswv()
assert _leq(attrq.keyswv(), [
'destination', 'subject', 'issue_instant', 'version', 'id',
'issuer'
])
assert attrq.destination == req.destination
assert attrq.id == req.id
assert attrq.version == req.version
assert attrq.issuer.text == issuer.text
assert attrq.issue_instant == req.issue_instant
assert attrq.subject.name_id.format == name_id.format
assert attrq.subject.name_id.text == name_id.text
def test_create_attribute_query1(self):
req_id, req = self.client.create_attribute_query(
"https://idp.example.com/idp/",
"E8042FB4-4D5B-48C3-8E14-8EDD852790DD",
format=saml.NAMEID_FORMAT_PERSISTENT,
message_id="id1")
reqstr = "%s" % req.to_string()
assert req.destination == "https://idp.example.com/idp/"
assert req.id == "id1"
assert req.version == "2.0"
subject = req.subject
name_id = subject.name_id
assert name_id.format == saml.NAMEID_FORMAT_PERSISTENT
assert name_id.text == "E8042FB4-4D5B-48C3-8E14-8EDD852790DD"
issuer = req.issuer
assert issuer.text == "urn:mace:example.com:saml:roland:sp"
attrq = samlp.attribute_query_from_string(reqstr)
print attrq.keyswv()
assert _leq(attrq.keyswv(), ['destination', 'subject', 'issue_instant',
'version', 'id', 'issuer'])
assert attrq.destination == req.destination
assert attrq.id == req.id
assert attrq.version == req.version
assert attrq.issuer.text == issuer.text
assert attrq.issue_instant == req.issue_instant
assert attrq.subject.name_id.format == name_id.format
assert attrq.subject.name_id.text == name_id.text
def attribute_query_endpoint(self, xml_str, binding):
if binding == BINDING_SOAP:
_str = parse_soap_enveloped_saml_attribute_query(xml_str)
else:
_str = xml_str
aquery = attribute_query_from_string(_str)
extra = {"eduPersonAffiliation": "faculty"}
#userid = "Pavill"
name_id = aquery.subject.name_id
attr_resp = self.create_attribute_response(extra, aquery.id,
None,
sp_entity_id=aquery.issuer
.text,
name_id=name_id,
attributes=aquery.attribute)
if binding == BINDING_SOAP:
# SOAP packing
#headers = {"content-type": "application/soap+xml"}
soap_message = make_soap_enveloped_saml_thingy(attr_resp)
# if self.sign and self.sec:
# _signed = self.sec.sign_statement_using_xmlsec(soap_message,
# class_name(attr_resp),
# nodeid=attr_resp.id)
# soap_message = _signed
response = "%s" % soap_message
else: # Just POST
response = "%s" % attr_resp
return DummyResponse(200, response)
def correctly_signed_attribute_query(self,
decoded_xml,
must=False,
origdoc=None):
""" Check if a request is correctly signed, if we have metadata for
the SP that sent the info use that, if not use the key that are in
the message if any.
:param decoded_xml: The SAML message as a XML string
:param must: Whether there must be a signature
:return: None if the signature can not be verified otherwise
request as a samlp.Request instance
"""
request = samlp.attribute_query_from_string(decoded_xml)
if not request:
raise TypeError("Not an AttributeQuery")
if not request.signature:
if must:
raise SignatureError("Missing must signature")
else:
return request
return self._check_signature(decoded_xml,
request,
class_name(request),
origdoc=origdoc)
def create_attribute_query(self,
session_id,
subject_id,
destination,
issuer_id=None,
attribute=None,
sp_name_qualifier=None,
name_qualifier=None,
nameid_format=None,
sign=False):
""" Constructs an AttributeQuery
:param session_id: The identifier of the session
:param subject_id: The identifier of the subject
:param destination: To whom the query should be sent
:param issuer_id: Identifier of the issuer
:param attribute: A dictionary of attributes and values that is
asked for. The key are one of 4 variants:
3-tuple of name_format,name and friendly_name,
2-tuple of name_format and name,
1-tuple with name or
just the name as a string.
:param sp_name_qualifier: The unique identifier of the
service provider or affiliation of providers for whom the
identifier was generated.
:param name_qualifier: The unique identifier of the identity
provider that generated the identifier.
:param nameid_format: The format of the name ID
:param sign: Whether the query should be signed or not.
:return: An AttributeQuery instance
"""
subject = saml.Subject(name_id=saml.NameID(
text=subject_id,
format=nameid_format,
sp_name_qualifier=sp_name_qualifier,
name_qualifier=name_qualifier), )
query = samlp.AttributeQuery(
id=session_id,
version=VERSION,
issue_instant=instant(),
destination=destination,
issuer=self._issuer(issuer_id),
subject=subject,
)
if sign:
query.signature = pre_signature_part(query.id, self.sec.my_cert, 1)
if attribute:
query.attribute = do_attributes(attribute)
if sign:
signed_query = self.sec.sign_attribute_query_using_xmlsec("%s" %
query)
return samlp.attribute_query_from_string(signed_query)
else:
return query
def create_attribute_query(self, session_id, subject_id, destination,
issuer_id=None, attribute=None, sp_name_qualifier=None,
name_qualifier=None, nameid_format=None, sign=False):
""" Constructs an AttributeQuery
:param session_id: The identifier of the session
:param subject_id: The identifier of the subject
:param destination: To whom the query should be sent
:param issuer_id: Identifier of the issuer
:param attribute: A dictionary of attributes and values that is
asked for. The key are one of 4 variants:
3-tuple of name_format,name and friendly_name,
2-tuple of name_format and name,
1-tuple with name or
just the name as a string.
:param sp_name_qualifier: The unique identifier of the
service provider or affiliation of providers for whom the
identifier was generated.
:param name_qualifier: The unique identifier of the identity
provider that generated the identifier.
:param nameid_format: The format of the name ID
:param sign: Whether the query should be signed or not.
:return: An AttributeQuery instance
"""
subject = saml.Subject(
name_id = saml.NameID(
text=subject_id,
format=nameid_format,
sp_name_qualifier=sp_name_qualifier,
name_qualifier=name_qualifier),
)
query = samlp.AttributeQuery(
id=session_id,
version=VERSION,
issue_instant=instant(),
destination=destination,
issuer=self._issuer(issuer_id),
subject=subject,
)
if sign:
query.signature = pre_signature_part(query.id, self.sec.my_cert, 1)
if attribute:
query.attribute = do_attributes(attribute)
if sign:
signed_query = self.sec.sign_attribute_query_using_xmlsec(
"%s" % query)
return samlp.attribute_query_from_string(signed_query)
else:
return query
def correctly_signed_attribute_query(self, decoded_xml, must=False,
origdoc=None):
""" Check if a request is correctly signed, if we have metadata for
the SP that sent the info use that, if not use the key that are in
the message if any.
:param decoded_xml: The SAML message as a XML string
:param must: Whether there must be a signature
:return: None if the signature can not be verified otherwise
request as a samlp.Request instance
"""
request = samlp.attribute_query_from_string(decoded_xml)
if not request:
raise TypeError("Not an AttributeQuery")
if not request.signature:
if must:
raise SignatureError("Missing must signature")
else:
return request
return self._check_signature(decoded_xml, request,
class_name(request), origdoc=origdoc )
