Example #1
0
    def get_auth_response(self, samlfrontend, context, internal_response,
                          sp_conf, idp_metadata_str):
        sp_config = SPConfig().load(sp_conf, metadata_construction=False)
        resp_args = {
            "name_id_policy":
            NameIDPolicy(format=NAMEID_FORMAT_TRANSIENT),
            "in_response_to":
            None,
            "destination":
            sp_config.endpoint("assertion_consumer_service",
                               binding=BINDING_HTTP_REDIRECT)[0],
            "sp_entity_id":
            sp_conf["entityid"],
            "binding":
            BINDING_HTTP_REDIRECT
        }
        request_state = samlfrontend._create_state_data(context, resp_args, "")
        context.state[samlfrontend.name] = request_state

        resp = samlfrontend.handle_authn_response(context, internal_response)

        sp_conf["metadata"]["inline"].append(idp_metadata_str)
        fakesp = FakeSP(sp_config)
        resp_dict = parse_qs(urlparse(resp.message).query)
        return fakesp.parse_authn_request_response(
            resp_dict["SAMLResponse"][0], BINDING_HTTP_REDIRECT)
Example #2
0
def test_sp():
    cnf = SPConfig()
    cnf.load_file("sp_1_conf")
    assert cnf.single_logout_services("urn:mace:example.com:saml:roland:idp",
                            BINDING_HTTP_POST) == ["http://localhost:8088/slo"]
    assert cnf.endpoint("assertion_consumer_service") == \
                                            ["http://lingon.catalogix.se:8087/"]
    assert len(cnf.idps()) == 1
Example #3
0
def test_ecp():
    cnf = SPConfig()
    cnf.load(ECP_SP)
    assert cnf.endpoint("assertion_consumer_service") == ["http://lingon.catalogix.se:8087/"]
    eid = cnf.ecp_endpoint("130.239.16.3")
    assert eid == "http://example.com/idp"
    eid = cnf.ecp_endpoint("130.238.20.20")
    assert eid is None
Example #4
0
def test_sp():
    cnf = SPConfig()
    cnf.load_file("sp_1_conf")
    assert cnf.single_logout_services("urn:mace:example.com:saml:roland:idp",
                            BINDING_HTTP_POST) == ["http://localhost:8088/slo"]
    assert cnf.endpoint("assertion_consumer_service") == \
                                            ["http://lingon.catalogix.se:8087/"]
    assert len(cnf.idps()) == 1
Example #5
0
    def test_co_static_attributes(self, frontend, context, internal_response,
                                  idp_conf, sp_conf):
        # Use the frontend and context fixtures to dynamically create the
        # proxy IdP server that would be created during a flow.
        idp_server = frontend._create_co_virtual_idp(context)

        # Use the context fixture to find the CO name and the backend name
        # and then use those to dynamically update the ipd_conf fixture.
        co_name = frontend._get_co_name(context)
        backend_name = context.target_backend
        idp_conf = frontend._add_endpoints_to_config(idp_conf, co_name,
                                                     backend_name)
        idp_conf = frontend._add_entity_id(idp_conf, co_name)

        # Use a utility function to serialize the idp_conf IdP configuration
        # fixture to a string and then dynamically update the sp_conf
        # SP configuration fixture with the metadata.
        idp_metadata_str = create_metadata_from_config_dict(idp_conf)
        sp_conf["metadata"]["inline"].append(idp_metadata_str)
        sp_config = SPConfig().load(sp_conf, metadata_construction=False)

        # Use the updated sp_config fixture to generate a fake SP and then
        # use the fake SP to generate an authentication request aimed at the
        # proxy CO virtual IdP.
        fakesp = FakeSP(sp_config)
        destination, auth_req = fakesp.make_auth_req(
            idp_server.config.entityid,
            nameid_format=None,
            relay_state="relay_state",
            subject=None,
        )

        # Update the context with the authentication request.
        context.request = auth_req

        # Create the response arguments necessary for the IdP to respond to
        # the authentication request, update the request state and with it
        # the context, and then use the frontend fixture and the
        # internal_response fixture to handle the authentication response
        # and generate a response from the proxy IdP to the SP.
        resp_args = {
            "name_id_policy": NameIDPolicy(format=NAMEID_FORMAT_TRANSIENT),
            "in_response_to": None,
            "destination": sp_config.endpoint(
                            "assertion_consumer_service",
                            binding=BINDING_HTTP_REDIRECT
                            )[0],
            "sp_entity_id": sp_conf["entityid"],
            "binding": BINDING_HTTP_REDIRECT
        }
        request_state = frontend._create_state_data(context, resp_args, "")
        context.state[frontend.name] = request_state
        frontend.handle_authn_response(context, internal_response)

        # Verify that the frontend added the CO static SAML attributes to the
        # internal response.
        for attr, value in self.CO_STATIC_SAML_ATTRIBUTES.items():
            assert internal_response.attributes[attr] == value
Example #6
0
def test_ecp():
    cnf = SPConfig()
    cnf.load(ECP_SP)
    assert cnf.endpoint("assertion_consumer_service") == \
           ["http://lingon.catalogix.se:8087/"]
    eid = cnf.ecp_endpoint("130.239.16.3")
    assert eid == "http://example.com/idp"
    eid = cnf.ecp_endpoint("130.238.20.20")
    assert eid is None
Example #7
0
    def get_auth_response(self, samlfrontend, context, internal_response, sp_conf, idp_metadata_str):
        sp_config = SPConfig().load(sp_conf, metadata_construction=False)
        resp_args = {
            "name_id_policy": NameIDPolicy(format=NAMEID_FORMAT_TRANSIENT),
            "in_response_to": None,
            "destination": sp_config.endpoint("assertion_consumer_service", binding=BINDING_HTTP_REDIRECT)[0],
            "sp_entity_id": sp_conf["entityid"],
            "binding": BINDING_HTTP_REDIRECT
        }
        request_state = samlfrontend._create_state_data(context, resp_args, "")
        context.state[samlfrontend.name] = request_state

        resp = samlfrontend.handle_authn_response(context, internal_response)

        sp_conf["metadata"]["inline"].append(idp_metadata_str)
        fakesp = FakeSP(sp_config)
        resp_dict = parse_qs(urlparse(resp.message).query)
        return fakesp.parse_authn_request_response(resp_dict["SAMLResponse"][0], BINDING_HTTP_REDIRECT)
Example #8
0
def test_sp():
    cnf = SPConfig()
    cnf.load_file(dotname("sp_1_conf"))
    assert cnf.endpoint("assertion_consumer_service") == \
           ["http://lingon.catalogix.se:8087/"]
Example #9
0
xmlstr = saml_auth_response.decode('ascii')

# Fancy SAML print
# from lxml import etree
# root = etree.XML(xmlstr.encode('ascii'))
# print(etree.tostring(root, pretty_print=True).decode('utf-8'))

# pySAML2 parse authn response (sign and decrypt features included)

kwargs = {
    "outstanding_queries": outstanding,
    "outstanding_certs": outstanding_certs,
    "allow_unsolicited": conf._sp_allow_unsolicited,
    "want_assertions_signed": conf._sp_want_assertions_signed,
    "want_response_signed": conf._sp_want_response_signed,
    "return_addrs": conf.endpoint("assertion_consumer_service", binding, "sp"),
    "entity_id": conf.entityid,
    "attribute_converters": conf.attribute_converters,
    "allow_unknown_attributes": conf.allow_unknown_attributes,
    'conv_info': conv_info
}

# xml unravel fails bacause of b64 inflate method
# pr = client.parse_authn_request_response(saml_auth_response_b64,
# binding,
# outstanding=outstanding,
# outstanding_certs=None,
# conv_info=None)

authn_response = AuthnResponse(client.sec, **kwargs)
Example #10
0
def test_sp():
    cnf = SPConfig()
    cnf.load_file(dotname("sp_1_conf"))
    assert cnf.endpoint("assertion_consumer_service") == \
                                            ["http://lingon.catalogix.se:8087/"]