if __name__ == '__main__':
idpname = 'idp1'
user = pwd.getpwuid(os.getuid())[0]
sess = HttpSessions()
sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'ipsilon')
for sp in splist:
spname = sp['nameid']
spurl = 'https://%s:%s' % (sp['addr'], sp['port'])
sess.add_server(spname, spurl)
with TC.case('Authenticate to IdP'):
sess.auth_to_idp(idpname)
for sp in splist:
spname = sp['nameid']
with TC.case('Add SP Metadata for %s to IdP' % spname):
sess.add_sp_metadata(idpname, spname)
with TC.case('Logout without logging into SP'):
page = sess.fetch_page(idpname, '%s/%s?%s' % (
'https://127.0.0.11:45081', 'saml2/logout',
'ReturnTo=https://127.0.0.11:45081/open/logged_out.html'))
page.expected_value('text()', 'Logged out')
with TC.case('Access SP Protected Area'):
page = sess.fetch_page(idpname, 'https://127.0.0.11:45081/sp/')
page.expected_value('text()', 'WORKS!')
krb5conf = os.path.join(testdir, 'krb5.conf')
kenv = {
'PATH': '/sbin:/bin:/usr/sbin:/usr/bin',
'KRB5_CONFIG': krb5conf,
'KRB5CCNAME': 'FILE:' + os.path.join(testdir, 'ccaches/user')
}
for key in kenv:
os.environ[key] = kenv[key]
sess = HttpSessions()
sess.add_server(idpname, 'https://%s:45080' % WRAP_HOSTNAME, user,
'ipsilon')
sess.add_server(sp1name, 'https://127.0.0.11:45081')
sess.add_server(sp2name, 'https://127.0.0.11:45082')
with TC.case('Authenticate to IdP'):
sess.auth_to_idp(idpname, krb=True)
with TC.case('Add first SP Metadata to IdP'):
sess.add_sp_metadata(idpname, sp1name)
with TC.case('Access first SP Protected Area'):
page = sess.fetch_page(idpname, 'https://127.0.0.11:45081/sp/')
page.expected_value('text()', 'WORKS!')
with TC.case('Access second SP Protected Area'):
page = sess.fetch_page(idpname, 'https://127.0.0.11:45082/sp/')
page.expected_value('text()', 'WORKS!')
self.start_http_server(conf, env)
if __name__ == '__main__':
idpname = 'idp1'
sp1name = 'sp1'
user = pwd.getpwuid(os.getuid())[0]
sess = HttpSessions()
sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'ipsilon')
sess.add_server(sp1name, 'https://127.0.0.11:45081')
print "openid: Authenticate to IDP ...",
try:
sess.auth_to_idp(idpname)
except Exception as e: # pylint: disable=broad-except
print >> sys.stderr, " ERROR: %s" % repr(e)
sys.exit(1)
print " SUCCESS"
print "openid: Run OpenID Protocol ...",
try:
page = sess.fetch_page(idpname,
'https://127.0.0.11:45081/?extensions=NO')
page.expected_value('text()', 'SUCCESS, WITHOUT EXTENSIONS')
except ValueError as e:
print >> sys.stderr, " ERROR: %s" % repr(e)
sys.exit(1)
print " SUCCESS"
port = '45081'
sp = self.generate_profile(sp_g, sp_a, name, addr, port)
conf = self.setup_sp_server(sp, name, addr, port, env)
fixup_sp_httpd(os.path.dirname(conf))
print "Starting SP's httpd server"
self.start_http_server(conf, env)
if __name__ == '__main__':
idpname = 'idp1'
spname = 'sp1'
user = '******'
sess = HttpSessions()
sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'tuser')
sess.add_server(spname, 'https://127.0.0.11:45081')
print "ldapdown: Authenticate to IDP with no LDAP backend...",
try:
sess.auth_to_idp(
idpname,
rule='//div[@class="alert alert-danger"]/p/text()',
expected="Internal system error"
)
except Exception, e: # pylint: disable=broad-except
print >> sys.stderr, " ERROR: %s" % repr(e)
sys.exit(1)
print " SUCCESS"
self.start_http_server(conf, env)
self.setup_step("Installing SP server")
name = 'sp1'
addr = '127.0.0.11'
port = '45081'
sp = self.generate_profile(sp_g, sp_a, name, addr, port)
conf = self.setup_sp_server(sp, name, addr, port, env)
fixup_sp_httpd(os.path.dirname(conf))
self.setup_step("Starting SP's httpd server")
self.start_http_server(conf, env)
if __name__ == '__main__':
idpname = 'idp1'
spname = 'sp1'
user = '******'
sess = HttpSessions()
sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'tuser')
sess.add_server(spname, 'https://127.0.0.11:45081')
with TC.case('Authenticate to Idp with no LDAP backend'):
sess.auth_to_idp(
idpname,
rule='//div[@class="alert alert-danger"]/p/text()',
expected="Internal system error"
)
kenv = {'PATH': '/sbin:/bin:/usr/sbin:/usr/bin',
'KRB5_CONFIG': krb5conf,
'KRB5CCNAME': 'FILE:' + os.path.join(testdir, 'ccaches/user')}
for key in kenv:
os.environ[key] = kenv[key]
sess = HttpSessions()
sess.add_server(idpname, 'https://%s:45080' % WRAP_HOSTNAME, user,
'ipsilon')
sess.add_server(sp1name, 'https://127.0.0.11:45081')
sess.add_server(sp2name, 'https://127.0.0.11:45082')
print "testgssapi: Authenticate to IDP ...",
try:
sess.auth_to_idp(idpname, krb=True)
except Exception, e: # pylint: disable=broad-except
print >> sys.stderr, " ERROR: %s" % repr(e)
sys.exit(1)
print " SUCCESS"
print "testgssapi: Add first SP Metadata to IDP ...",
try:
sess.add_sp_metadata(idpname, sp1name)
except Exception, e: # pylint: disable=broad-except
print >> sys.stderr, " ERROR: %s" % repr(e)
sys.exit(1)
print " SUCCESS"
print "testgssapi: Access first SP Protected Area ...",
try:
krb = False
spname = sp["nameid"]
spurl = "https://%s:%s" % (sp["addr"], sp["port"])
sess = HttpSessions()
sess.add_server(idpname, "https://%s:45080" % WRAP_HOSTNAME, user, "ipsilon")
sess.add_server(spname, spurl)
print ""
print "testnameid: Testing NameID format %s ..." % spname
if spname == "kerberos":
krb = True
print "testnameid: Authenticate to IDP ...",
try:
sess.auth_to_idp(idpname, krb=krb)
except Exception, e: # pylint: disable=broad-except
print >> sys.stderr, " ERROR: %s" % repr(e)
sys.exit(1)
print " SUCCESS"
print "testnameid: Add SP Metadata to IDP ...",
try:
sess.add_sp_metadata(idpname, spname)
except Exception, e: # pylint: disable=broad-except
print >> sys.stderr, " ERROR: %s" % repr(e)
sys.exit(1)
print " SUCCESS"
print "testnameid: Set supported Name ID formats ...",
try:
for sp in sp_list:
krb = False
spname = sp['nameid']
spurl = 'https://%s:%s' % (sp['addr'], sp['port'])
sess = HttpSessions()
sess.add_server(idpname, 'https://%s:45080' % WRAP_HOSTNAME, user,
'ipsilon')
sess.add_server(spname, spurl)
TC.info('Testing NameID format %s' % spname)
if spname == 'kerberos':
krb = True
with TC.case('Authenticate to IdP'):
sess.auth_to_idp(idpname, krb=krb)
with TC.case('Add SP Metadata to IdP'):
sess.add_sp_metadata(idpname, spname)
with TC.case('Set supported Name ID formats'):
sess.set_sp_default_nameids(idpname, spname, [spname])
with TC.case('Access SP Protected Area',
should_fail=bool(expected[spname])):
page = sess.fetch_page(idpname, '%s/sp/' % spurl)
if not re.match(expected_re[spname], page.text):
raise ValueError('page did not contain expression %s' %
expected_re[spname])
newsess = HttpSessions()
