def test_create_mirrored_metadata_does_not_contain_target_contact_info(self, satosa_config_dict, idp_conf, saml_mirror_frontend_config, saml_backend_config): satosa_config_dict["FRONTEND_MODULES"] = [saml_mirror_frontend_config] saml_backend_config["config"]["sp_config"]["metadata"] = { "inline": [create_metadata_from_config_dict(idp_conf)]} satosa_config_dict["BACKEND_MODULES"] = [saml_backend_config] satosa_config = SATOSAConfig(satosa_config_dict) frontend_metadata, backend_metadata = create_entity_descriptors(satosa_config) assert len(frontend_metadata) == 1 entity_descriptors = frontend_metadata[saml_mirror_frontend_config["name"]] metadata = InMemoryMetaData(None, str(entity_descriptors[0])) metadata.load() entity_info = list(metadata.values())[0] expected_entity_info = saml_mirror_frontend_config["config"]["idp_config"] assert len(entity_info["contact_person"]) == len(expected_entity_info["contact_person"]) for i, contact in enumerate(expected_entity_info["contact_person"]): assert entity_info["contact_person"][i]["contact_type"] == contact["contact_type"] assert entity_info["contact_person"][i]["email_address"][0]["text"] == contact["email_address"][0] assert entity_info["contact_person"][i]["given_name"]["text"] == contact["given_name"] assert entity_info["contact_person"][i]["sur_name"]["text"] == contact["sur_name"] expected_org_info = expected_entity_info["organization"] assert entity_info["organization"]["organization_display_name"][0]["text"] == \ expected_org_info["display_name"][0][0] assert entity_info["organization"]["organization_name"][0]["text"] == expected_org_info["name"][0][0] assert entity_info["organization"]["organization_url"][0]["text"] == expected_org_info["url"][0][0]
def assert_assertion_consumer_service_endpoints_for_saml_backend(self, entity_descriptor, saml_backend_config): metadata = InMemoryMetaData(None, str(entity_descriptor)) metadata.load() acs = metadata.service(saml_backend_config["config"]["sp_config"]["entityid"], "spsso_descriptor", "assertion_consumer_service") for url, binding in saml_backend_config["config"]["sp_config"]["service"]["sp"]["endpoints"][ "assertion_consumer_service"]: assert acs[binding][0]["location"] == url
def test_signed_metadata(self, entity_desc, signature_security_context, verification_security_context): signed_metadata = create_signed_entity_descriptor(entity_desc, signature_security_context) md = InMemoryMetaData(None, security=verification_security_context) md.parse(signed_metadata) assert md.signed() is True assert md.parse_and_check_signature(signed_metadata) is True assert not md.entity_descr.valid_until
def test_valid_for(self, entity_desc, signature_security_context): valid_for = 4 # metadata valid for 4 hours expected_validity = in_a_while(hours=valid_for) signed_metadata = create_signed_entity_descriptor( entity_desc, signature_security_context, valid_for=valid_for) md = InMemoryMetaData(None) md.parse(signed_metadata) assert md.entity_descr.valid_until == expected_validity
def test_valid_for(self, entity_desc, signature_security_context): valid_for = 4 # metadata valid for 4 hours expected_validity = in_a_while(hours=valid_for) signed_metadata = create_signed_entity_descriptor(entity_desc, signature_security_context, valid_for=valid_for) md = InMemoryMetaData(None) md.parse(signed_metadata) assert md.entity_descr.valid_until == expected_validity
def assert_single_sign_on_endpoints_for_saml_frontend(self, entity_descriptor, saml_frontend_config, backend_names): metadata = InMemoryMetaData(None, str(entity_descriptor)) metadata.load() sso = metadata.service(saml_frontend_config["config"]["idp_config"]["entityid"], "idpsso_descriptor", "single_sign_on_service") for backend_name in backend_names: for binding, path in saml_frontend_config["config"]["endpoints"]["single_sign_on_service"].items(): sso_urls_for_binding = [endpoint["location"] for endpoint in sso[binding]] expected_url = "{}/{}/{}".format(BASE_URL, backend_name, path) assert expected_url in sso_urls_for_binding
def assert_single_sign_on_endpoints_for_saml_mirror_frontend(self, entity_descriptors, encoded_target_entity_id, saml_mirror_frontend_config, backend_names): expected_entity_id = saml_mirror_frontend_config["config"]["idp_config"][ "entityid"] + "/" + encoded_target_entity_id metadata = InMemoryMetaData(None, None) for ed in entity_descriptors: metadata.parse(str(ed)) sso = metadata.service(expected_entity_id, "idpsso_descriptor", "single_sign_on_service") for backend_name in backend_names: for binding, path in saml_mirror_frontend_config["config"]["endpoints"]["single_sign_on_service"].items(): sso_urls_for_binding = [endpoint["location"] for endpoint in sso[binding]] expected_url = "{}/{}/{}/{}".format(BASE_URL, backend_name, encoded_target_entity_id, path) assert expected_url in sso_urls_for_binding