def setUp(self):
super(ScopeFederationTokenTests, self).setUp()
self.PROJECT_SCOPED_TOKEN_JSON = client_fixtures.project_scoped_token()
self.PROJECT_SCOPED_TOKEN_JSON['methods'] = ['saml2']
# for better readability
self.TEST_TENANT_ID = self.PROJECT_SCOPED_TOKEN_JSON.project_id
self.TEST_TENANT_NAME = self.PROJECT_SCOPED_TOKEN_JSON.project_name
self.DOMAIN_SCOPED_TOKEN_JSON = client_fixtures.domain_scoped_token()
self.DOMAIN_SCOPED_TOKEN_JSON['methods'] = ['saml2']
# for better readability
self.TEST_DOMAIN_ID = self.DOMAIN_SCOPED_TOKEN_JSON.domain_id
self.TEST_DOMAIN_NAME = self.DOMAIN_SCOPED_TOKEN_JSON.domain_name
self.saml2_scope_plugin = saml2.Saml2ScopedToken(
self.TEST_URL, saml2_fixtures.UNSCOPED_TOKEN_HEADER,
project_id=self.TEST_TENANT_ID)
"usernamemixed")
# Magic URL we are sending out assertion
SERVICE_PROVIDER_ENDPOINT = ("https://keystone.local:5000/Shibboleth.sso/ADFS")
# Place where unscoped federated token can be retrieved
SERVICE_PROVIDER_URL = ("https://keystone.local/v3/OS-FEDERATION/"
"identity_providers/%{IDP}s/protocols/saml2/auth")
SERVICE_PROVIDER_URL = SERVICE_PROVIDER_URL % {'IDP': IDENTITY_PROVIDER}
AUTH_URL = 'https://keystone.local:5000/v3'
saml2plugin = saml2.ADFSUnscopedToken(AUTH_URL,
IDENTITY_PROVIDER,
IDENTITY_PROVIDER_URL,
SERVICE_PROVIDER_ENDPOINT,
username='******',
password='******')
s = session.Session(auth=None, verify=False, session=requests.Session())
token = saml2plugin.get_auth_ref(s)
# Scope the token
scopeTokenplugin = saml2.Saml2ScopedToken(AUTH_URL,
token.auth_token,
project_id=VALID_PROJECT_ID)
scoped_token = scopeTokenplugin.get_auth_ref(s)
print scoped_token