def test_from_local_nest_eduPersonTargetedID_in_NameID(self): ava = {"edupersontargetedid": ["test value1", "test value2"]} attributes = from_local(self.acs, ava, URI_NF) assert len(attributes) == 1 assert len(attributes[0].attribute_value) == 2 assert attributes[0].attribute_value[0].extension_elements[0].text == "test value1" assert attributes[0].attribute_value[1].extension_elements[0].text == "test value2"
def test_from_local_nest_eduPersonTargetedID_in_NameID(self): ava = {"edupersontargetedid": "test value"} attributes = from_local(self.acs, ava, URI_NF) assert len(attributes) == 1 assert len(attributes[0].attribute_value) == 1 assert attributes[0].attribute_value[0].text == NameID( format=NAMEID_FORMAT_PERSISTENT, text="test value").to_string().decode("utf-8")
def construct(self, sp_entity_id, in_response_to, consumer_url, name_id, attrconvs, policy, issuer, authn_class=None, authn_auth=None, authn_decl=None, encrypt=None, sec_context=None): """ Construct the Assertion :param sp_entity_id: The entityid of the SP :param in_response_to: An identifier of the message, this message is a response to :param consumer_url: The intended consumer of the assertion :param name_id: An NameID instance :param attrconvs: AttributeConverters :param policy: The policy that should be adhered to when replying :param issuer: Who is issuing the statement :param authn_class: The authentication class :param authn_auth: The authentication instance :param authn_decl: :param encrypt: Whether to encrypt parts or all of the Assertion :param sec_context: The security context used when encrypting :return: An Assertion instance """ attr_statement = saml.AttributeStatement(attribute=from_local( attrconvs, self, policy.get_name_form(sp_entity_id))) if encrypt == "attributes": for attr in attr_statement.attribute: enc = sec_context.encrypt(text="%s" % attr) encd = xmlenc.encrypted_data_from_string(enc) encattr = saml.EncryptedAttribute(encrypted_data=encd) attr_statement.encrypted_attribute.append(encattr) attr_statement.attribute = [] # start using now and for some time conds = policy.conditions(sp_entity_id) return assertion_factory( issuer=issuer, attribute_statement = attr_statement, authn_statement = self._authn_statement(authn_class, authn_auth, authn_decl), conditions = conds, subject=factory( saml.Subject, name_id=name_id, subject_confirmation=factory( saml.SubjectConfirmation, method=saml.SUBJECT_CONFIRMATION_METHOD_BEARER, subject_confirmation_data=factory( saml.SubjectConfirmationData, in_response_to=in_response_to, recipient=consumer_url, not_on_or_after=policy.not_on_or_after( sp_entity_id)))), )
def test_from_local_eduPersonTargetedID_with_qualifiers(self): IDP_ENTITY_ID = "https://some.org/idp" SP_ENTITY_ID = "https://some.org/sp" ava = { "edupersontargetedid": [{ "text": "test value1", "NameQualifier": IDP_ENTITY_ID, "SPNameQualifier": SP_ENTITY_ID, }] } attributes = from_local(self.acs, ava, URI_NF) assert len(attributes) == 1 element = attributes[0].attribute_value[0].extension_elements[0] assert element.text == "test value1" assert element.attributes["NameQualifier"] == IDP_ENTITY_ID assert element.attributes["SPNameQualifier"] == SP_ENTITY_ID
def test_to_attrstat_2(self): ava = { "givenName": "Roland", "surname": "Hedberg" } statement = attribute_converter.from_local(self.acs, ava, URI_NF) assert len(statement) == 2 a0 = statement[0] a1 = statement[1] if a0.friendly_name == 'surname': assert a0.name == 'urn:oid:2.5.4.4' assert a0.name_format == URI_NF assert a1.friendly_name == "givenName" assert a1.name == 'urn:oid:2.5.4.42' assert a1.name_format == URI_NF elif a0.friendly_name == 'givenname': assert a0.name == 'urn:oid:2.5.4.42' assert a0.name_format == URI_NF assert a1.friendly_name == "surname" assert a1.name == 'urn:oid:2.5.4.4' assert a1.name_format == URI_NF else: assert False
def test_to_attrstat_1(self): ava = { "givenName": "Roland", "sn": "Hedberg" } statement = attribute_converter.from_local(self.acs, ava, BASIC_NF) assert statement is not None assert len(statement) == 2 a0 = statement[0] a1 = statement[1] if a0.friendly_name == 'sn': assert a0.name == 'urn:mace:dir:attribute-def:sn' assert a0.name_format == BASIC_NF assert a1.friendly_name == "givenName" assert a1.name == 'urn:mace:dir:attribute-def:givenName' assert a1.name_format == BASIC_NF elif a0.friendly_name == 'givenname': assert a0.name == 'urn:mace:dir:attribute-def:givenName' assert a0.name_format == BASIC_NF assert a1.friendly_name == "sn" assert a1.name == 'urn:mace:dir:attribute-def:sn' assert a1.name_format == BASIC_NF else: assert False
def test_to_attrstat_1(self): ava = {"givenName": "Roland", "sn": "Hedberg"} statement = attribute_converter.from_local(self.acs, ava, BASIC_NF) assert statement is not None assert len(statement) == 2 a0 = statement[0] a1 = statement[1] if a0.friendly_name == 'sn': assert a0.name == 'urn:mace:dir:attribute-def:sn' assert a0.name_format == BASIC_NF assert a1.friendly_name == "givenName" assert a1.name == 'urn:mace:dir:attribute-def:givenName' assert a1.name_format == BASIC_NF elif a0.friendly_name == 'givenName': assert a0.name == 'urn:mace:dir:attribute-def:givenName' assert a0.name_format == BASIC_NF assert a1.friendly_name == "sn" assert a1.name == 'urn:mace:dir:attribute-def:sn' assert a1.name_format == BASIC_NF else: assert False
def construct(self, sp_entity_id, in_response_to, consumer_url, name_id, attrconvs, policy, issuer, authn_class=None, authn_auth=None, authn_decl=None, encrypt=None, sec_context=None, authn_decl_ref=None, authn_instant="", subject_locality=""): """ Construct the Assertion :param sp_entity_id: The entityid of the SP :param in_response_to: An identifier of the message, this message is a response to :param consumer_url: The intended consumer of the assertion :param name_id: An NameID instance :param attrconvs: AttributeConverters :param policy: The policy that should be adhered to when replying :param issuer: Who is issuing the statement :param authn_class: The authentication class :param authn_auth: The authentication instance :param authn_decl: An Authentication Context declaration :param encrypt: Whether to encrypt parts or all of the Assertion :param sec_context: The security context used when encrypting :param authn_decl_ref: An Authentication Context declaration reference :param authn_instant: When the Authentication was performed :param subject_locality: Specifies the DNS domain name and IP address for the system from which the assertion subject was apparently authenticated. :return: An Assertion instance """ if policy: _name_format = policy.get_name_form(sp_entity_id) else: _name_format = NAME_FORMAT_URI attr_statement = saml.AttributeStatement(attribute=from_local( attrconvs, self, _name_format)) if encrypt == "attributes": for attr in attr_statement.attribute: enc = sec_context.encrypt(text="%s" % attr) encd = xmlenc.encrypted_data_from_string(enc) encattr = saml.EncryptedAttribute(encrypted_data=encd) attr_statement.encrypted_attribute.append(encattr) attr_statement.attribute = [] # start using now and for some time conds = policy.conditions(sp_entity_id) if authn_auth or authn_class or authn_decl or authn_decl_ref: _authn_statement = authn_statement(authn_class, authn_auth, authn_decl, authn_decl_ref, authn_instant, subject_locality) else: _authn_statement = None _ass = assertion_factory( issuer=issuer, conditions=conds, subject=factory( saml.Subject, name_id=name_id, subject_confirmation=[factory( saml.SubjectConfirmation, method=saml.SCM_BEARER, subject_confirmation_data=factory( saml.SubjectConfirmationData, in_response_to=in_response_to, recipient=consumer_url, not_on_or_after=policy.not_on_or_after(sp_entity_id)))] ), ) if _authn_statement: _ass.authn_statement = [_authn_statement] if not attr_statement.empty(): _ass.attribute_statement=[attr_statement] return _ass