def setup_class(self): self.server = FakeIDP("idp_all_conf") conf = SPConfig() conf.load_file("servera_conf") self.client = Saml2Client(conf) self.client.send = self.server.receive
class TestClientWithDummy(): def setup_class(self): self.server = FakeIDP("idp_all_conf") conf = SPConfig() conf.load_file("servera_conf") self.client = Saml2Client(conf) self.client.send = self.server.receive def test_do_authn(self): binding = BINDING_HTTP_REDIRECT response_binding = BINDING_HTTP_POST sid, http_args = self.client.prepare_for_authenticate( IDP, "http://www.example.com/relay_state", binding=binding, response_binding=response_binding) assert isinstance(sid, basestring) assert len(http_args) == 4 assert http_args["headers"][0][0] == "Location" assert http_args["data"] == [] redirect_url = http_args["headers"][0][1] _, _, _, _, qs, _ = urlparse.urlparse(redirect_url) qs_dict = urlparse.parse_qs(qs) req = self.server.parse_authn_request(qs_dict["SAMLRequest"][0], binding) resp_args = self.server.response_args(req.message, [response_binding]) assert resp_args["binding"] == response_binding def test_do_attribute_query(self): response = self.client.do_attribute_query( IDP, "_e7b68a04488f715cda642fbdd90099f5", attribute={"eduPersonAffiliation": None}, nameid_format=NAMEID_FORMAT_TRANSIENT) def test_logout_1(self): """ one IdP/AA logout from""" # information about the user from an IdP session_info = { "name_id": nid, "issuer": "urn:mace:example.com:saml:roland:idp", "not_on_or_after": in_a_while(minutes=15), "ava": { "givenName": "Anders", "surName": "Andersson", "mail": "*****@*****.**" } } self.client.users.add_information_about_person(session_info) entity_ids = self.client.users.issuers_of_info(nid) assert entity_ids == ["urn:mace:example.com:saml:roland:idp"] resp = self.client.global_logout(nid, "Tired", in_a_while(minutes=5)) print resp assert resp assert len(resp) == 1 assert resp.keys() == entity_ids response = resp[entity_ids[0]] assert isinstance(response, LogoutResponse) def test_post_sso(self): binding = BINDING_HTTP_POST response_binding = BINDING_HTTP_POST sid, http_args = self.client.prepare_for_authenticate( "urn:mace:example.com:saml:roland:idp", relay_state="really", binding=binding, response_binding=response_binding) _dic = unpack_form(http_args["data"][3]) req = self.server.parse_authn_request(_dic["SAMLRequest"], binding) resp_args = self.server.response_args(req.message, [response_binding]) assert resp_args["binding"] == response_binding # Normally a response would now be sent back to the users web client # Here I fake what the client will do # create the form post http_args["data"] = urllib.urlencode(_dic) http_args["method"] = "POST" http_args["dummy"] = _dic["SAMLRequest"] http_args["headers"] = [('Content-type', 'application/x-www-form-urlencoded')] response = self.client.send(**http_args) print response.text _dic = unpack_form(response.text[3], "SAMLResponse") resp = self.client.parse_authn_request_response(_dic["SAMLResponse"], BINDING_HTTP_POST, {sid: "/"}) ac = resp.assertion.authn_statement[0].authn_context assert ac.authenticating_authority[0].text == \ 'http://www.example.com/login' assert ac.authn_context_class_ref.text == INTERNETPROTOCOLPASSWORD
class TestClientWithDummy(): def setup_class(self): self.server = FakeIDP("idp_all_conf") conf = SPConfig() conf.load_file("servera_conf") self.client = Saml2Client(conf) self.client.send = self.server.receive def test_do_authn(self): binding = BINDING_HTTP_REDIRECT response_binding = BINDING_HTTP_POST sid, http_args = self.client.prepare_for_authenticate( IDP, "http://www.example.com/relay_state", binding=binding, response_binding=response_binding) assert isinstance(sid, basestring) assert len(http_args) == 4 assert http_args["headers"][0][0] == "Location" assert http_args["data"] == [] redirect_url = http_args["headers"][0][1] _, _, _, _, qs, _ = urlparse.urlparse(redirect_url) qs_dict = urlparse.parse_qs(qs) req = self.server.parse_authn_request(qs_dict["SAMLRequest"][0], binding) resp_args = self.server.response_args(req.message, [response_binding]) assert resp_args["binding"] == response_binding def test_do_attribute_query(self): response = self.client.do_attribute_query( IDP, "_e7b68a04488f715cda642fbdd90099f5", attribute={"eduPersonAffiliation": None}, nameid_format=NAMEID_FORMAT_TRANSIENT) def test_logout_1(self): """ one IdP/AA logout from""" # information about the user from an IdP session_info = { "name_id": nid, "issuer": "urn:mace:example.com:saml:roland:idp", "not_on_or_after": in_a_while(minutes=15), "ava": { "givenName": "Anders", "surName": "Andersson", "mail": "*****@*****.**" } } self.client.users.add_information_about_person(session_info) entity_ids = self.client.users.issuers_of_info(nid) assert entity_ids == ["urn:mace:example.com:saml:roland:idp"] resp = self.client.global_logout(nid, "Tired", in_a_while(minutes=5)) print resp assert resp assert len(resp) == 1 assert resp.keys() == entity_ids response = resp[entity_ids[0]] assert isinstance(response, LogoutResponse) def test_post_sso(self): binding = BINDING_HTTP_POST response_binding = BINDING_HTTP_POST sid, http_args = self.client.prepare_for_authenticate( "urn:mace:example.com:saml:roland:idp", relay_state="really", binding=binding, response_binding=response_binding) _dic = unpack_form(http_args["data"][3]) req = self.server.parse_authn_request(_dic["SAMLRequest"], binding) resp_args = self.server.response_args(req.message, [response_binding]) assert resp_args["binding"] == response_binding # Normally a response would now be sent back to the users web client # Here I fake what the client will do # create the form post http_args["data"] = urllib.urlencode(_dic) http_args["method"] = "POST" http_args["dummy"] = _dic["SAMLRequest"] http_args["headers"] = [('Content-type', 'application/x-www-form-urlencoded')] response = self.client.send(**http_args) print response.text _dic = unpack_form(response.text[3], "SAMLResponse") resp = self.client.parse_authn_request_response( _dic["SAMLResponse"], BINDING_HTTP_POST, {sid: "/"}) ac = resp.assertion.authn_statement[0].authn_context assert ac.authenticating_authority[0].text == \ 'http://www.example.com/login' assert ac.authn_context_class_ref.text == INTERNETPROTOCOLPASSWORD