Example #1
0
    def response(self, post, outstanding, log=None, decode=True, asynchop=True):
        """ Deal with an AuthnResponse or LogoutResponse
        
        :param post: The reply as a dictionary
        :param outstanding: A dictionary with session IDs as keys and
            the original web request from the user before redirection
            as values.
        :param log: where loggin should go.
        :param decode: Whether the response is Base64 encoded or not
        :param asynchop: Whether the response was return over a asynchronous
            connection. SOAP for instance is synchronous
        :return: An response.AuthnResponse or response.LogoutResponse instance
        """
        # If the request contains a samlResponse, try to validate it
        try:
            saml_response = post["SAMLResponse"]
        except KeyError:
            return None

        try:
            _ = self.config.entityid
        except KeyError:
            raise Exception("Missing entity_id specification")

        if log is None:
            log = self.logger

        reply_addr = self.service_url()

        resp = None
        if saml_response:
            try:
                resp = response_factory(
                    saml_response,
                    self.config,
                    reply_addr,
                    outstanding,
                    log,
                    debug=self.debug,
                    decode=decode,
                    asynchop=asynchop,
                    allow_unsolicited=self.allow_unsolicited,
                )
            except Exception, exc:
                if log:
                    log.error("%s" % exc)
                return None

            if self.debug:
                if log:
                    log.info(">> %s", resp)
            resp = resp.verify()
            if isinstance(resp, AuthnResponse):
                self.users.add_information_about_person(resp.session_info())
                if log:
                    log.error("--- ADDED person info ----")
            elif isinstance(resp, LogoutResponse):
                self.handle_logout_response(resp, log)
            elif log:
                log.error("Other response type: %s" % saml2.class_name(resp))
Example #2
0
    def test_2(self):
        xml_response = ("%s" % (self._sign_resp_,)).split("\n",1)[1]
        resp = response_factory(xml_response, self.conf,
                                return_addr="http://lingon.catalogix.se:8087/",
                                outstanding_queries={"id12": "http://localhost:8088/sso"},
                                timeslack=10000, decode=False)

        assert isinstance(resp, StatusResponse)
        assert isinstance(resp, AuthnResponse)
Example #3
0
    def test_2(self):
        xml_response = self._sign_resp_
        resp = response_factory(xml_response, self.conf,
                                return_addrs=[
                                    "http://lingon.catalogix.se:8087/"],
                                outstanding_queries={
                                    "id12": "http://localhost:8088/sso"},
                                timeslack=TIMESLACK, decode=False)

        assert isinstance(resp, StatusResponse)
        assert isinstance(resp, AuthnResponse)
Example #4
0
    def test_2(self):
        xml_response = self._sign_resp_
        resp = response_factory(xml_response, self.conf,
                                return_addrs=[
                                    "http://lingon.catalogix.se:8087/"],
                                outstanding_queries={
                                    "id12": "http://localhost:8088/sso"},
                                timeslack=TIMESLACK, decode=False)

        assert isinstance(resp, StatusResponse)
        assert isinstance(resp, AuthnResponse)
Example #5
0
    def test_1(self):
        xml_response = ("%s" % (self._resp_, ))
        resp = response_factory(
            xml_response,
            self.conf,
            return_addr="http://lingon.catalogix.se:8087/",
            outstanding_queries={"id12": "http://localhost:8088/sso"},
            timeslack=10000,
            decode=False)

        assert isinstance(resp, StatusResponse)
        assert isinstance(resp, AuthnResponse)
Example #6
0
    def response(self, post, outstanding, decode=True, asynchop=True):
        """ Deal with an AuthnResponse or LogoutResponse
        
        :param post: The reply as a dictionary
        :param outstanding: A dictionary with session IDs as keys and
            the original web request from the user before redirection
            as values.
        :param decode: Whether the response is Base64 encoded or not
        :param asynchop: Whether the response was return over a asynchronous
            connection. SOAP for instance is synchronous
        :return: An response.AuthnResponse or response.LogoutResponse instance
        """
        # If the request contains a samlResponse, try to validate it
        try:
            saml_response = post['SAMLResponse']
        except KeyError:
            return None

        try:
            _ = self.config.entityid
        except KeyError:
            raise Exception("Missing entity_id specification")

        reply_addr = self.service_url()

        resp = None
        if saml_response:
            try:
                resp = response_factory(
                    saml_response,
                    self.config,
                    reply_addr,
                    outstanding,
                    decode=decode,
                    asynchop=asynchop,
                    allow_unsolicited=self.allow_unsolicited)
            except Exception, exc:
                logger.error("%s" % exc)
                return None
            logger.debug(">> %s", resp)

            resp = resp.verify()
            if isinstance(resp, AuthnResponse):
                self.users.add_information_about_person(resp.session_info())
                logger.info("--- ADDED person info ----")
            elif isinstance(resp, LogoutResponse):
                self.handle_logout_response(resp)
            else:
                logger.error("Response type not supported: %s" %
                             (saml2.class_name(resp), ))
Example #7
0
    def test_other_response(self):
        xml_response = open(full_path("attribute_response.xml")).read()
        resp = response_factory(
            xml_response, self.conf,
            return_addrs=['https://myreviewroom.com/saml2/acs/'],
            outstanding_queries={'id-f4d370f3d03650f3ec0da694e2348bfe':
                                 "http://localhost:8088/sso"},
            timeslack=TIMESLACK, decode=False)

        assert isinstance(resp, StatusResponse)
        assert isinstance(resp, AuthnResponse)
        resp.sec.only_use_keys_in_metadata=False
        resp.parse_assertion()
        si = resp.session_info()
        assert si
        print(si["ava"])
Example #8
0
    def test_other_response(self):
        xml_response = open(full_path("attribute_response.xml")).read()
        resp = response_factory(
            xml_response, self.conf,
            return_addrs=['https://myreviewroom.com/saml2/acs/'],
            outstanding_queries={'id-f4d370f3d03650f3ec0da694e2348bfe':
                                 "http://localhost:8088/sso"},
            timeslack=TIMESLACK, decode=False)

        assert isinstance(resp, StatusResponse)
        assert isinstance(resp, AuthnResponse)
        resp.sec.only_use_keys_in_metadata=False
        resp.parse_assertion()
        si = resp.session_info()
        assert si
        print si["ava"]
Example #9
0
    def test_false_sign(self):
        xml_response = open(FALSE_ASSERT_SIGNED).read()
        resp = response_factory(
            xml_response, self.conf,
            return_addrs=["http://lingon.catalogix.se:8087/"],
            outstanding_queries={
                "bahigehogffohiphlfmplepdpcohkhhmheppcdie":
                    "http://localhost:8088/sso"},
            timeslack=TIMESLACK, decode=False)

        assert isinstance(resp, StatusResponse)
        assert isinstance(resp, AuthnResponse)
        try:
            resp.verify()
        except SignatureError:
            pass
        else:
            assert False
Example #10
0
    def test_false_sign(self):
        xml_response = open(FALSE_ASSERT_SIGNED).read()
        resp = response_factory(
            xml_response, self.conf,
            return_addrs=["http://lingon.catalogix.se:8087/"],
            outstanding_queries={
                "bahigehogffohiphlfmplepdpcohkhhmheppcdie":
                    "http://localhost:8088/sso"},
            timeslack=TIMESLACK, decode=False)

        assert isinstance(resp, StatusResponse)
        assert isinstance(resp, AuthnResponse)
        try:
            resp.verify()
        except SignatureError:
            pass
        else:
            assert False
Example #11
0
    def test_false_sign(self, mock_datetime):
        mock_datetime.utcnow = mock.Mock(
            return_value=datetime.datetime(2016, 9, 4, 9, 59, 39))
        with open(FALSE_ASSERT_SIGNED) as fp:
            xml_response = fp.read()
        resp = response_factory(
            xml_response, self.conf,
            return_addrs=["http://lingon.catalogix.se:8087/"],
            outstanding_queries={
                "bahigehogffohiphlfmplepdpcohkhhmheppcdie":
                    "http://localhost:8088/sso"},
            timeslack=TIMESLACK, decode=False)

        assert isinstance(resp, StatusResponse)
        assert isinstance(resp, AuthnResponse)
        try:
            resp.verify()
        except SignatureError:
            pass
        else:
            assert False
Example #12
0
    def test_false_sign(self, mock_datetime):
        mock_datetime.utcnow = mock.Mock(
            return_value=datetime.datetime(2016, 9, 4, 9, 59, 39))
        with open(FALSE_ASSERT_SIGNED) as fp:
            xml_response = fp.read()

        resp = response_factory(
            xml_response,
            self.conf,
            return_addrs=["http://lingon.catalogix.se:8087/"],
            outstanding_queries={
                "bahigehogffohiphlfmplepdpcohkhhmheppcdie":
                "http://localhost:8088/sso",
            },
            timeslack=TIMESLACK,
            decode=False,
        )

        assert isinstance(resp, StatusResponse)
        assert isinstance(resp, AuthnResponse)
        with raises(SignatureError):
            resp.verify()
Example #13
0
    def test_encrypted_assertion_retrieval_method(self):
        with open(ENC_ASSERT_RETR_METHOD) as fp:
            xml_response = fp.read()
        resp = response_factory(
            xml_response,
            self.conf,
            return_addrs=["http://lingon.catalogix.se:8087/"],
            outstanding_queries={"id12": "http://foo.example.com/service"},
            timeslack=TIMESLACK,
            decode=False,
            origxml=xml_response)

        assert isinstance(resp, StatusResponse)
        assert isinstance(resp, AuthnResponse)
        resp.came_from = "http://foo.example.com/service"
        resp.in_response_to = "id12"
        resp.require_response_signature = False
        resp.require_signature = False
        resp.do_not_verify = True
        resp.parse_assertion()
        si = resp.session_info()
        assert si
        assert si["session_index"] == 'id-t4RLs4qJE3ZmkJe81'