Example #1
0
    def setup_class(self):
        with closing(Server(dotname("idp_conf"))) as server:
            name_id = server.ident.transient_nameid(
                                "urn:mace:example.com:saml:roland:sp","id12")

            self._resp_ = server.create_authn_response(
                                IDENTITY,
                                "id12",                       # in_response_to
                                "http://lingon.catalogix.se:8087/",   # consumer_url
                                "urn:mace:example.com:saml:roland:sp", # sp_entity_id
                                name_id=name_id,
                                authn=AUTHN)

            self._sign_resp_ = server.create_authn_response(
                                IDENTITY,
                                "id12",                       # in_response_to
                                "http://lingon.catalogix.se:8087/",   # consumer_url
                                "urn:mace:example.com:saml:roland:sp", # sp_entity_id
                                name_id=name_id, sign_assertion=True,
                                authn=AUTHN)

            self._resp_authn = server.create_authn_response(
                                IDENTITY,
                                "id12",                       # in_response_to
                                "http://lingon.catalogix.se:8087/",   # consumer_url
                                "urn:mace:example.com:saml:roland:sp", # sp_entity_id
                                name_id=name_id,
                                authn=AUTHN)

            self.conf = config_factory("sp", dotname("server_conf"))
            self.conf.only_use_keys_in_metadata = False
            self.ar = authn_response(self.conf, "http://lingon.catalogix.se:8087/")
Example #2
0
    def setup_class(self):
        server = Server("idp_conf")
        name_id = server.ident.transient_nameid(
                            "urn:mace:example.com:saml:roland:sp","id12")
        policy = server.conf.getattr("policy", "idp")
        self._resp_ = server.create_response(
                    "id12",                       # in_response_to
                    "http://lingon.catalogix.se:8087/",   # consumer_url
                    "urn:mace:example.com:saml:roland:sp", # sp_entity_id
                    IDENTITY, name_id = name_id, policy=policy)
                
        self._sign_resp_ = server.create_response(
                    "id12",                       # in_response_to
                    "http://lingon.catalogix.se:8087/",   # consumer_url
                    "urn:mace:example.com:saml:roland:sp", # sp_entity_id
                    IDENTITY,
                    name_id = name_id, sign_assertion=True, policy=policy)

        self._resp_authn = server.create_response(
                    "id12",                       # in_response_to
                    "http://lingon.catalogix.se:8087/",   # consumer_url
                    "urn:mace:example.com:saml:roland:sp", # sp_entity_id
                    IDENTITY,
                    name_id = name_id,
                    authn=(saml.AUTHN_PASSWORD, "http://www.example.com/login"),
                    policy=policy)

        self.conf = config_factory("sp", "server_conf")
        self.conf.only_use_keys_in_metadata = False
        self.ar = authn_response(self.conf, "http://lingon.catalogix.se:8087/")
Example #3
0
    def setup_class(self):
        server = Server("idp_conf")
        name_id = server.ident.transient_nameid(
                            "urn:mace:example.com:saml:roland:sp","id12")

        self._resp_ = server.do_response(
                    "id12",                       # in_response_to
                    "http://lingon.catalogix.se:8087/",   # consumer_url
                    "urn:mace:example.com:saml:roland:sp", # sp_entity_id
                    {"eduPersonEntitlement":"Jeter"},
                    name_id = name_id
                )
                
        self._sign_resp_ = server.do_response(
                    "id12",                       # in_response_to
                    "http://lingon.catalogix.se:8087/",   # consumer_url
                    "urn:mace:example.com:saml:roland:sp", # sp_entity_id
                    {"eduPersonEntitlement":"Jeter"},
                    name_id = name_id,
                    sign=True
                )

        self._resp_authn = server.do_response(
                    "id12",                       # in_response_to
                    "http://lingon.catalogix.se:8087/",   # consumer_url
                    "urn:mace:example.com:saml:roland:sp", # sp_entity_id
                    {"eduPersonEntitlement":"Jeter"},
                    name_id = name_id,
                    authn=(saml.AUTHN_PASSWORD, "http://www.example.com/login")
                )

        self.conf = config_factory("sp", "server_conf")
        self.ar = authn_response(self.conf, "http://lingon.catalogix.se:8087/")
Example #4
0
    def test_unpack_nested_eptid(self):
        authn_response_xml = """<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
                xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
                ID="CORTO54673f841c5297dd3614527d38e217332f9e3000"
                Version="2.0"
                IssueInstant="2016-09-23T14:00:45Z"
                Destination="https://sp.example.com/acs/post"
                InResponseTo="id-Wnv7CMQO1pFJoRWgi"
                >
            <saml:Issuer>https://idp.example.com</saml:Issuer>
            <samlp:Status>
                <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
            </samlp:Status>
            <saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                            xmlns:xs="http://www.w3.org/2001/XMLSchema"
                            ID="CORTOadad7cb5e1237cf30fa7ab49544c15eec582854e"
                            Version="2.0"
                            IssueInstant="2016-09-23T14:00:45Z"
                            >
                <saml:Issuer>https://idp.example.com</saml:Issuer>
                <saml:Subject>
                    <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">b8e734571d9adb0e6444a5b49a22f4206df24d88</saml:NameID>
                    <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                        <saml:SubjectConfirmationData Recipient="https://sp.example.com/acs/post"
                                                      InResponseTo="id-Wnv7CMQO1pFJoRWgi"
                                                      />
                    </saml:SubjectConfirmation>
                </saml:Subject>
                <saml:Conditions NotBefore="2016-09-23T14:00:44Z">
                    <saml:AudienceRestriction>
                        <saml:Audience>https://sp.example.com</saml:Audience>
                    </saml:AudienceRestriction>
                </saml:Conditions>
                <saml:AuthnStatement AuthnInstant="2016-09-23T13:55:40Z"
                                     SessionIndex="_9f1148918f12525c6cad9aea29bc557afab2cb8c33"
                                     >
                    <saml:AuthnContext>
                        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
                        <saml:AuthenticatingAuthority>https://idp.example.com</saml:AuthenticatingAuthority>
                    </saml:AuthnContext>
                </saml:AuthnStatement>
                <saml:AttributeStatement>
                    <saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
                                    NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                                    >
                        <saml:AttributeValue>
                            <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">b8e734571d9adb0e6444a5b49a22f4206df24d88</saml:NameID>
                        </saml:AttributeValue>
                    </saml:Attribute>
                </saml:AttributeStatement>
            </saml:Assertion>
        </samlp:Response>"""

        resp = authn_response(self.conf, "https://sp.example.com/acs/post", asynchop=False, allow_unsolicited=True)
        resp.loads(authn_response_xml, False)
        resp.parse_assertion()
        ava = resp.get_identity()
        assert ava["eduPersonTargetedID"] == ["b8e734571d9adb0e6444a5b49a22f4206df24d88"]
Example #5
0
def handle_ecp_authn_response(cls, soap_message, outstanding=None):
    rdict = soap.class_instances_from_soap_enveloped_saml_thingies(
        soap_message, [paos, ecp, samlp])

    _relay_state = None
    for item in rdict["header"]:
        if item.c_tag == "RelayState" and item.c_namespace == ecp.NAMESPACE:
            _relay_state = item

    response = authn_response(cls.config, cls.service_url(), outstanding,
                              allow_unsolicited=True)

    response.loads("%s" % rdict["body"], False, soap_message)
    response.verify()
    cls.users.add_information_about_person(response.session_info())

    return response, _relay_state
            headers = None

        logger.info( "Headers: {0:>s}".format(headers))

        # send the request and receive the response
        response = ecp.phase2(request, acsu, idp_entity_id, headers,
                              sign)
    except Exception, exc:
        exception_trace("soap", exc, logger)
        logger.info("SoapClient exception: %s" % (exc,))
        return None

    if response:
        try:
            # synchronous operation
            aresp = authn_response(cls.config, acsu, asynchop=False,
                                   allow_unsolicited=True)
            #aresp.debug = True
        except Exception, exc:
            logger.error("%s" % exc)
            return None

        try:
            _resp = aresp.load_instance(response).verify()
        except Exception, err:
            logger.error("%s" % err)
            return None

        if _resp is None:
            logger.error("Didn't like the response")
            return None