if __name__ == '__main__': idpname = 'idp1' user = pwd.getpwuid(os.getuid())[0] sess = HttpSessions() sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'ipsilon') for sp in splist: spname = sp['nameid'] spurl = 'https://%s:%s' % (sp['addr'], sp['port']) sess.add_server(spname, spurl) with TC.case('Authenticate to IdP'): sess.auth_to_idp(idpname) for sp in splist: spname = sp['nameid'] with TC.case('Add SP Metadata for %s to IdP' % spname): sess.add_sp_metadata(idpname, spname) with TC.case('Logout without logging into SP'): page = sess.fetch_page(idpname, '%s/%s?%s' % ( 'https://127.0.0.11:45081', 'saml2/logout', 'ReturnTo=https://127.0.0.11:45081/open/logged_out.html')) page.expected_value('text()', 'Logged out') with TC.case('Access SP Protected Area'): page = sess.fetch_page(idpname, 'https://127.0.0.11:45081/sp/') page.expected_value('text()', 'WORKS!')
krb5conf = os.path.join(testdir, 'krb5.conf') kenv = { 'PATH': '/sbin:/bin:/usr/sbin:/usr/bin', 'KRB5_CONFIG': krb5conf, 'KRB5CCNAME': 'FILE:' + os.path.join(testdir, 'ccaches/user') } for key in kenv: os.environ[key] = kenv[key] sess = HttpSessions() sess.add_server(idpname, 'https://%s:45080' % WRAP_HOSTNAME, user, 'ipsilon') sess.add_server(sp1name, 'https://127.0.0.11:45081') sess.add_server(sp2name, 'https://127.0.0.11:45082') with TC.case('Authenticate to IdP'): sess.auth_to_idp(idpname, krb=True) with TC.case('Add first SP Metadata to IdP'): sess.add_sp_metadata(idpname, sp1name) with TC.case('Access first SP Protected Area'): page = sess.fetch_page(idpname, 'https://127.0.0.11:45081/sp/') page.expected_value('text()', 'WORKS!') with TC.case('Access second SP Protected Area'): page = sess.fetch_page(idpname, 'https://127.0.0.11:45082/sp/') page.expected_value('text()', 'WORKS!')
self.start_http_server(conf, env) if __name__ == '__main__': idpname = 'idp1' sp1name = 'sp1' user = pwd.getpwuid(os.getuid())[0] sess = HttpSessions() sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'ipsilon') sess.add_server(sp1name, 'https://127.0.0.11:45081') print "openid: Authenticate to IDP ...", try: sess.auth_to_idp(idpname) except Exception as e: # pylint: disable=broad-except print >> sys.stderr, " ERROR: %s" % repr(e) sys.exit(1) print " SUCCESS" print "openid: Run OpenID Protocol ...", try: page = sess.fetch_page(idpname, 'https://127.0.0.11:45081/?extensions=NO') page.expected_value('text()', 'SUCCESS, WITHOUT EXTENSIONS') except ValueError as e: print >> sys.stderr, " ERROR: %s" % repr(e) sys.exit(1) print " SUCCESS"
port = '45081' sp = self.generate_profile(sp_g, sp_a, name, addr, port) conf = self.setup_sp_server(sp, name, addr, port, env) fixup_sp_httpd(os.path.dirname(conf)) print "Starting SP's httpd server" self.start_http_server(conf, env) if __name__ == '__main__': idpname = 'idp1' spname = 'sp1' user = '******' sess = HttpSessions() sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'tuser') sess.add_server(spname, 'https://127.0.0.11:45081') print "ldapdown: Authenticate to IDP with no LDAP backend...", try: sess.auth_to_idp( idpname, rule='//div[@class="alert alert-danger"]/p/text()', expected="Internal system error" ) except Exception, e: # pylint: disable=broad-except print >> sys.stderr, " ERROR: %s" % repr(e) sys.exit(1) print " SUCCESS"
self.start_http_server(conf, env) self.setup_step("Installing SP server") name = 'sp1' addr = '127.0.0.11' port = '45081' sp = self.generate_profile(sp_g, sp_a, name, addr, port) conf = self.setup_sp_server(sp, name, addr, port, env) fixup_sp_httpd(os.path.dirname(conf)) self.setup_step("Starting SP's httpd server") self.start_http_server(conf, env) if __name__ == '__main__': idpname = 'idp1' spname = 'sp1' user = '******' sess = HttpSessions() sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'tuser') sess.add_server(spname, 'https://127.0.0.11:45081') with TC.case('Authenticate to Idp with no LDAP backend'): sess.auth_to_idp( idpname, rule='//div[@class="alert alert-danger"]/p/text()', expected="Internal system error" )
kenv = {'PATH': '/sbin:/bin:/usr/sbin:/usr/bin', 'KRB5_CONFIG': krb5conf, 'KRB5CCNAME': 'FILE:' + os.path.join(testdir, 'ccaches/user')} for key in kenv: os.environ[key] = kenv[key] sess = HttpSessions() sess.add_server(idpname, 'https://%s:45080' % WRAP_HOSTNAME, user, 'ipsilon') sess.add_server(sp1name, 'https://127.0.0.11:45081') sess.add_server(sp2name, 'https://127.0.0.11:45082') print "testgssapi: Authenticate to IDP ...", try: sess.auth_to_idp(idpname, krb=True) except Exception, e: # pylint: disable=broad-except print >> sys.stderr, " ERROR: %s" % repr(e) sys.exit(1) print " SUCCESS" print "testgssapi: Add first SP Metadata to IDP ...", try: sess.add_sp_metadata(idpname, sp1name) except Exception, e: # pylint: disable=broad-except print >> sys.stderr, " ERROR: %s" % repr(e) sys.exit(1) print " SUCCESS" print "testgssapi: Access first SP Protected Area ...", try:
krb = False spname = sp["nameid"] spurl = "https://%s:%s" % (sp["addr"], sp["port"]) sess = HttpSessions() sess.add_server(idpname, "https://%s:45080" % WRAP_HOSTNAME, user, "ipsilon") sess.add_server(spname, spurl) print "" print "testnameid: Testing NameID format %s ..." % spname if spname == "kerberos": krb = True print "testnameid: Authenticate to IDP ...", try: sess.auth_to_idp(idpname, krb=krb) except Exception, e: # pylint: disable=broad-except print >> sys.stderr, " ERROR: %s" % repr(e) sys.exit(1) print " SUCCESS" print "testnameid: Add SP Metadata to IDP ...", try: sess.add_sp_metadata(idpname, spname) except Exception, e: # pylint: disable=broad-except print >> sys.stderr, " ERROR: %s" % repr(e) sys.exit(1) print " SUCCESS" print "testnameid: Set supported Name ID formats ...", try:
for sp in sp_list: krb = False spname = sp['nameid'] spurl = 'https://%s:%s' % (sp['addr'], sp['port']) sess = HttpSessions() sess.add_server(idpname, 'https://%s:45080' % WRAP_HOSTNAME, user, 'ipsilon') sess.add_server(spname, spurl) TC.info('Testing NameID format %s' % spname) if spname == 'kerberos': krb = True with TC.case('Authenticate to IdP'): sess.auth_to_idp(idpname, krb=krb) with TC.case('Add SP Metadata to IdP'): sess.add_sp_metadata(idpname, spname) with TC.case('Set supported Name ID formats'): sess.set_sp_default_nameids(idpname, spname, [spname]) with TC.case('Access SP Protected Area', should_fail=bool(expected[spname])): page = sess.fetch_page(idpname, '%s/sp/' % spurl) if not re.match(expected_re[spname], page.text): raise ValueError('page did not contain expression %s' % expected_re[spname]) newsess = HttpSessions()