class TestIdentifier():
def setup_class(self):
self.ident = Identifier("foobar.db")
def test_persistent_nameid(self):
sp_id = "urn:mace:umu.se:sp"
nameid = self.ident.persistent_nameid(sp_id, "abcd0001")
remote_id = nameid.text.strip()
print remote_id
print self.ident.map
local = self.ident.local_name(sp_id, remote_id)
assert local == "abcd0001"
assert self.ident.local_name(sp_id, "pseudo random string") is None
assert self.ident.local_name(sp_id+":x", remote_id) is None
# Always get the same
nameid2 = self.ident.persistent_nameid(sp_id, "abcd0001")
assert nameid.text.strip() == nameid2.text.strip()
def test_transient_nameid(self):
sp_id = "urn:mace:umu.se:sp"
nameid = self.ident.transient_nameid(sp_id, "abcd0001")
remote_id = nameid.text.strip()
print remote_id
print self.ident.map
local = self.ident.local_name(sp_id, remote_id)
assert local == "abcd0001"
assert self.ident.local_name(sp_id, "pseudo random string") is None
assert self.ident.local_name(sp_id+":x", remote_id) is None
# Getting a new, means really getting a new !
nameid2 = self.ident.transient_nameid(sp_id, "abcd0001")
assert nameid.text.strip() != nameid2.text.strip()
def teardown_class(self):
if os.path.exists("foobar.db"):
os.unlink("foobar.db")
def create_authn_response(session_id, identity=dict(), sign=True):
config = IdPConfig()
config.load(idp_config)
idp_server = Server(config=config)
idp_server.ident = Identifier(auth.AuthDictCache(dict(), '_ident'))
authn_response = str(
idp_server.authn_response(
identity=identity,
in_response_to=session_id,
destination='https://foo.example.com/sp/acs',
sp_entity_id='https://foo.example.com/sp/metadata',
name_id_policy=None,
userid='Irrelevent',
sign=sign,
instance=True))
response = samlp.response_from_string(authn_response)
return response.assertion[0].subject.name_id.text, authn_response
def auth_response(identity, in_response_to, sp_conf):
"""Generates a fresh signed authentication response"""
sp_entity_id = sp_conf.entityid
idp_entity_id = sp_conf.idps().keys()[0]
acs = sp_conf.endpoint('assertion_consumer_service')[0]
issuer = saml.Issuer(text=idp_entity_id, format=saml.NAMEID_FORMAT_ENTITY)
response = response_factory(issuer=issuer,
in_response_to=in_response_to,
destination=acs,
status=success_status_factory())
idp_conf = IdPConfig()
name_form = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
idp_conf.load({
'entityid': idp_entity_id,
'xmlsec_binary': sp_conf.xmlsec_binary,
'attribute_map_dir': os.path.join(BASEDIR, 'attribute-maps'),
'service': {
'idp': {
'endpoints': tuple(),
'policy': {
'default': {
"lifetime": {
"minutes": 15
},
"attribute_restrictions": None,
"name_form": name_form,
}
}
},
},
'key_file': os.path.join(BASEDIR, 'idpcert.key'),
'cert_file': os.path.join(BASEDIR, 'idpcert.pem'),
'metadata': {
'local': [os.path.join(BASEDIR, 'sp_metadata.xml')],
},
})
server = Server("", idp_conf)
server.ident = Identifier(FakeDb())
userid = 'irrelevant'
response = server.authn_response(identity, in_response_to, acs,
sp_entity_id, None, userid)
return '\n'.join(response)
def setup_class(self):
self.id = Identifier("subject.db", CONFIG.vorg)
class TestIdentifier():
def setup_class(self):
self.id = Identifier("subject.db", CONFIG.vorg)
def test_persistent_1(self):
policy = Policy({
"default": {
"name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"nameid_format": NAMEID_FORMAT_PERSISTENT,
"attribute_restrictions": {
"surName": [".*berg"],
}
}
})
nameid = self.id.construct_nameid(policy, "foobar",
"urn:mace:example.com:sp:1")
assert _eq(nameid.keys(), [
'text', 'sp_provided_id', 'sp_name_qualifier', 'name_qualifier',
'format'
])
assert _eq(nameid.keyswv(), ['format', 'text', 'sp_name_qualifier'])
assert nameid.sp_name_qualifier == "urn:mace:example.com:sp:1"
assert nameid.format == NAMEID_FORMAT_PERSISTENT
nameid_2 = self.id.construct_nameid(policy, "foobar",
"urn:mace:example.com:sp:1")
assert nameid != nameid_2
assert nameid.text == nameid_2.text
def test_transient_1(self):
policy = Policy({
"default": {
"name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"nameid_format": NAMEID_FORMAT_TRANSIENT,
"attribute_restrictions": {
"surName": [".*berg"],
}
}
})
nameid = self.id.construct_nameid(policy, "foobar",
"urn:mace:example.com:sp:1")
assert _eq(nameid.keyswv(), ['text', 'format', 'sp_name_qualifier'])
assert nameid.format == NAMEID_FORMAT_TRANSIENT
def test_vo_1(self):
policy = Policy({
"default": {
"name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"nameid_format": NAMEID_FORMAT_PERSISTENT,
"attribute_restrictions": {
"surName": [".*berg"],
}
}
})
name_id_policy = samlp.name_id_policy_from_string(NAME_ID_POLICY_1)
print name_id_policy
print self.id.voconf
nameid = self.id.construct_nameid(policy, "foobar",
"urn:mace:example.com:sp:1",
{"uid": "foobar01"}, name_id_policy)
print nameid
assert _eq(nameid.keyswv(), ['text', 'sp_name_qualifier', 'format'])
assert nameid.sp_name_qualifier == 'http://vo.example.org/biomed'
assert nameid.format == 'urn:oid:2.16.756.1.2.5.1.1.1-NameID'
assert nameid.text == "foobar01"
def test_vo_2(self):
policy = Policy({
"default": {
"name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"nameid_format": NAMEID_FORMAT_PERSISTENT,
"attribute_restrictions": {
"surName": [".*berg"],
}
}
})
name_id_policy = samlp.name_id_policy_from_string(NAME_ID_POLICY_2)
nameid = self.id.construct_nameid(policy, "foobar",
"urn:mace:example.com:sp:1",
{"uid": "foobar01"}, name_id_policy)
assert _eq(nameid.keyswv(), ['text', 'sp_name_qualifier', 'format'])
assert nameid.sp_name_qualifier == 'http://vo.example.org/design'
assert nameid.format == NAMEID_FORMAT_PERSISTENT
assert nameid.text == "foobar01"
def setup_class(self):
self.id = Identifier("subject.db", CONFIG.virtual_organization)
def setup_class(self):
self.id = Identifier("subject.db", CONFIG.vorg)
class TestIdentifier:
def setup_class(self):
self.id = Identifier("subject.db", CONFIG.vorg)
def test_persistent_1(self):
policy = Policy(
{
"default": {
"name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"nameid_format": NAMEID_FORMAT_PERSISTENT,
"attribute_restrictions": {"surName": [".*berg"]},
}
}
)
nameid = self.id.construct_nameid(policy, "foobar", "urn:mace:example.com:sp:1")
assert _eq(nameid.keys(), ["text", "sp_provided_id", "sp_name_qualifier", "name_qualifier", "format"])
assert _eq(nameid.keyswv(), ["format", "text", "sp_name_qualifier"])
assert nameid.sp_name_qualifier == "urn:mace:example.com:sp:1"
assert nameid.format == NAMEID_FORMAT_PERSISTENT
nameid_2 = self.id.construct_nameid(policy, "foobar", "urn:mace:example.com:sp:1")
assert nameid != nameid_2
assert nameid.text == nameid_2.text
def test_transient_1(self):
policy = Policy(
{
"default": {
"name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"nameid_format": NAMEID_FORMAT_TRANSIENT,
"attribute_restrictions": {"surName": [".*berg"]},
}
}
)
nameid = self.id.construct_nameid(policy, "foobar", "urn:mace:example.com:sp:1")
assert _eq(nameid.keyswv(), ["text", "format", "sp_name_qualifier"])
assert nameid.format == NAMEID_FORMAT_TRANSIENT
def test_vo_1(self):
policy = Policy(
{
"default": {
"name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"nameid_format": NAMEID_FORMAT_PERSISTENT,
"attribute_restrictions": {"surName": [".*berg"]},
}
}
)
name_id_policy = samlp.name_id_policy_from_string(NAME_ID_POLICY_1)
print name_id_policy
print self.id.voconf
nameid = self.id.construct_nameid(
policy, "foobar", "urn:mace:example.com:sp:1", {"uid": "foobar01"}, name_id_policy
)
print nameid
assert _eq(nameid.keyswv(), ["text", "sp_name_qualifier", "format"])
assert nameid.sp_name_qualifier == "http://vo.example.org/biomed"
assert nameid.format == "urn:oid:2.16.756.1.2.5.1.1.1-NameID"
assert nameid.text == "foobar01"
def test_vo_2(self):
policy = Policy(
{
"default": {
"name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"nameid_format": NAMEID_FORMAT_PERSISTENT,
"attribute_restrictions": {"surName": [".*berg"]},
}
}
)
name_id_policy = samlp.name_id_policy_from_string(NAME_ID_POLICY_2)
nameid = self.id.construct_nameid(
policy, "foobar", "urn:mace:example.com:sp:1", {"uid": "foobar01"}, name_id_policy
)
assert _eq(nameid.keyswv(), ["text", "sp_name_qualifier", "format"])
assert nameid.sp_name_qualifier == "http://vo.example.org/design"
assert nameid.format == NAMEID_FORMAT_PERSISTENT
assert nameid.text == "foobar01"
def setup_class(self):
self.ident = Identifier("foobar.db")
def setup_class(self):
self.id = Identifier("subject.db", CONFIG.virtual_organization)
