def testGetMetadata(self):
"""
Tests the get_metadata method of the OneLogin_Saml2_IdPMetadataParser
"""
with self.assertRaises(Exception):
data = OneLogin_Saml2_IdPMetadataParser.get_metadata('http://google.es')
data = OneLogin_Saml2_IdPMetadataParser.get_metadata('https://www.testshib.org/metadata/testshib-providers.xml')
self.assertTrue(data is not None and data is not {})
def testGetMetadata(self):
"""
Tests the get_metadata method of the OneLogin_Saml2_IdPMetadataParser
"""
with self.assertRaises(Exception):
data = OneLogin_Saml2_IdPMetadataParser.get_metadata(
'http://google.es')
data = OneLogin_Saml2_IdPMetadataParser.get_metadata(
'https://www.testshib.org/metadata/testshib-providers.xml')
self.assertTrue(data is not None and data is not {})
def testGetMetadata(self):
"""
Tests the get_metadata method of the OneLogin_Saml2_IdPMetadataParser
"""
with self.assertRaises(Exception):
data = OneLogin_Saml2_IdPMetadataParser.get_metadata('http://google.es')
try:
data = OneLogin_Saml2_IdPMetadataParser.get_metadata('https://www.testshib.org/metadata/testshib-providers.xml')
except URLError:
data = self.file_contents(join(self.data_path, 'metadata', 'testshib-providers.xml'))
self.assertTrue(data is not None and data is not {})
def testGetMetadata(self):
"""
Tests the get_metadata method of the OneLogin_Saml2_IdPMetadataParser
"""
with self.assertRaises(Exception):
data = OneLogin_Saml2_IdPMetadataParser.get_metadata('http://google.es')
try:
data = OneLogin_Saml2_IdPMetadataParser.get_metadata('https://idp.testshib.org/idp/shibboleth')
self.assertTrue(data is not None and data is not {})
except URLError:
pass
def testGetMetadata(self):
"""
Tests the get_metadata method of the OneLogin_Saml2_IdPMetadataParser
"""
with self.assertRaises(Exception):
data = OneLogin_Saml2_IdPMetadataParser.get_metadata(
'http://google.es')
try:
data = OneLogin_Saml2_IdPMetadataParser.get_metadata(
'https://www.testshib.org/metadata/testshib-providers.xml')
except URLError:
data = self.file_contents(
join(self.data_path, 'metadata', 'testshib-providers.xml'))
self.assertTrue(data is not None and data is not {})
def test_parse_testshib_required_binding_sso_post(self):
"""
Test with testshib metadata.
Especially test extracting SSO with POST binding.
"""
expected_settings_json = """
{
"sp": {
"NameIDFormat": "urn:mace:shibboleth:1.0:nameIdentifier"
},
"idp": {
"entityId": "https://idp.testshib.org/idp/shibboleth",
"x509cert": "MIIDAzCCAeugAwIBAgIVAPX0G6LuoXnKS0Muei006mVSBXbvMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAMMEGlkcC50ZXN0c2hpYi5vcmcwHhcNMTYwODIzMjEyMDU0WhcNMzYwODIzMjEyMDU0WjAbMRkwFwYDVQQDDBBpZHAudGVzdHNoaWIub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9C4J2DiRTEhJAWzPt1S3ryhm3M2P3hPpwJwvt2q948vdTUxhhvNMuc3M3S4WNh6JYBs53R+YmjqJAII4ShMGNEmlGnSVfHorex7IxikpuDPKV3SNf28mCAZbQrX+hWA+ann/uifVzqXktOjs6DdzdBnxoVhniXgC8WCJwKcx6JO/hHsH1rG/0DSDeZFpTTcZHj4S9MlLNUtt5JxRzV/MmmB3ObaX0CMqsSWUOQeE4nylSlp5RWHCnx70cs9kwz5WrflnbnzCeHU2sdbNotBEeTHot6a2cj/pXlRJIgPsrL/4VSicPZcGYMJMPoLTJ8mdy6mpR6nbCmP7dVbCIm/DQIDAQABoz4wPDAdBgNVHQ4EFgQUUfaDa2mPi24x09yWp1OFXmZ2GPswGwYDVR0RBBQwEoIQaWRwLnRlc3RzaGliLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEASKKgqTxhqBzROZ1eVy++si+eTTUQZU4+8UywSKLia2RattaAPMAcXUjO+3cYOQXLVASdlJtt+8QPdRkfp8SiJemHPXC8BES83pogJPYEGJsKo19l4XFJHPnPy+Dsn3mlJyOfAa8RyWBS80u5lrvAcr2TJXt9fXgkYs7BOCigxtZoR8flceGRlAZ4p5FPPxQR6NDYb645jtOTMVr3zgfjP6Wh2dt+2p04LG7ENJn8/gEwtXVuXCsPoSCDx9Y0QmyXTJNdV1aB0AhORkWPlFYwp+zOyOIR+3m1+pqWFpn0eT/HrxpdKa74FA3R2kq4R7dXe4G0kUgXTdqXMLRKhDgdmA==",
"singleSignOnService": {
"url": "https://idp.testshib.org/idp/profile/SAML2/POST/SSO",
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
}
}
}
"""
try:
xmldoc = OneLogin_Saml2_IdPMetadataParser.get_metadata(
'https://idp.testshib.org/idp/shibboleth')
except URLError:
xmldoc = self.file_contents(
join(self.data_path, 'metadata', 'testshib-providers.xml'))
# Parse, require POST binding.
settings = OneLogin_Saml2_IdPMetadataParser.parse(
xmldoc,
required_sso_binding=OneLogin_Saml2_Constants.BINDING_HTTP_POST)
expected_settings = json.loads(expected_settings_json)
self.assertEqual(expected_settings, settings)
def test_parse_testshib_required_binding_sso_post(self):
"""
Test with testshib metadata.
Especially test extracting SSO with POST binding.
"""
expected_settings_json = """
{
"sp": {
"NameIDFormat": "urn:mace:shibboleth:1.0:nameIdentifier"
},
"idp": {
"entityId": "https://idp.testshib.org/idp/shibboleth",
"singleSignOnService": {
"url": "https://idp.testshib.org/idp/profile/SAML2/POST/SSO",
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
}
}
}
"""
try:
xmldoc = OneLogin_Saml2_IdPMetadataParser.get_metadata(
'https://www.testshib.org/metadata/testshib-providers.xml')
except URLError:
xmldoc = self.file_contents(join(self.data_path, 'metadata', 'testshib-providers.xml'))
# Parse, require POST binding.
settings = OneLogin_Saml2_IdPMetadataParser.parse(
xmldoc,
required_sso_binding=OneLogin_Saml2_Constants.BINDING_HTTP_POST
)
expected_settings = json.loads(expected_settings_json)
self.assertEqual(expected_settings, settings)
def test_parse_testshib_required_binding_sso_post(self):
"""
Test with testshib metadata.
Especially test extracting SSO with POST binding.
"""
expected_settings_json = """
{
"sp": {
"NameIDFormat": "urn:mace:shibboleth:1.0:nameIdentifier"
},
"idp": {
"x509cert": "MIIDAzCCAeugAwIBAgIVAPX0G6LuoXnKS0Muei006mVSBXbvMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAMMEGlkcC50ZXN0c2hpYi5vcmcwHhcNMTYwODIzMjEyMDU0WhcNMzYwODIzMjEyMDU0WjAbMRkwFwYDVQQDDBBpZHAudGVzdHNoaWIub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9C4J2DiRTEhJAWzPt1S3ryhm3M2P3hPpwJwvt2q948vdTUxhhvNMuc3M3S4WNh6JYBs53R+YmjqJAII4ShMGNEmlGnSVfHorex7IxikpuDPKV3SNf28mCAZbQrX+hWA+ann/uifVzqXktOjs6DdzdBnxoVhniXgC8WCJwKcx6JO/hHsH1rG/0DSDeZFpTTcZHj4S9MlLNUtt5JxRzV/MmmB3ObaX0CMqsSWUOQeE4nylSlp5RWHCnx70cs9kwz5WrflnbnzCeHU2sdbNotBEeTHot6a2cj/pXlRJIgPsrL/4VSicPZcGYMJMPoLTJ8mdy6mpR6nbCmP7dVbCIm/DQIDAQABoz4wPDAdBgNVHQ4EFgQUUfaDa2mPi24x09yWp1OFXmZ2GPswGwYDVR0RBBQwEoIQaWRwLnRlc3RzaGliLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEASKKgqTxhqBzROZ1eVy++si+eTTUQZU4+8UywSKLia2RattaAPMAcXUjO+3cYOQXLVASdlJtt+8QPdRkfp8SiJemHPXC8BES83pogJPYEGJsKo19l4XFJHPnPy+Dsn3mlJyOfAa8RyWBS80u5lrvAcr2TJXt9fXgkYs7BOCigxtZoR8flceGRlAZ4p5FPPxQR6NDYb645jtOTMVr3zgfjP6Wh2dt+2p04LG7ENJn8/gEwtXVuXCsPoSCDx9Y0QmyXTJNdV1aB0AhORkWPlFYwp+zOyOIR+3m1+pqWFpn0eT/HrxpdKa74FA3R2kq4R7dXe4G0kUgXTdqXMLRKhDgdmA==",
"entityId": "https://idp.testshib.org/idp/shibboleth",
"singleSignOnService": {
"url": "https://idp.testshib.org/idp/profile/SAML2/POST/SSO",
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
}
}
}
"""
try:
xmldoc = OneLogin_Saml2_IdPMetadataParser.get_metadata(
'https://idp.testshib.org/idp/shibboleth')
except URLError:
xmldoc = self.file_contents(join(self.data_path, 'metadata', 'testshib-providers.xml'))
# Parse, require POST binding.
settings = OneLogin_Saml2_IdPMetadataParser.parse(
xmldoc,
required_sso_binding=OneLogin_Saml2_Constants.BINDING_HTTP_POST
)
expected_settings = json.loads(expected_settings_json)
self.assertEqual(expected_settings, settings)
def load_idp_metadata(self, url=None):
"""Loads IdP metadata in an XML format from the specified url (by default InCommon IdP Metadata Service)
:param url: URL of a metadata service (by default InCommon IdP Metadata Service)
:type url: Optional[string]
:return: XML string containing InCommon Metadata
:rtype: string
:raise: MetadataLoadError
"""
url = url if url else self.IN_COMMON_METADATA_SERVICE_URL
self._logger.info(
'Started loading IdP XML metadata from {0}'.format(url))
try:
# TODO: Add metadata validation
# Metadata validation is described in section Validate downloaded metadata
# on https://spaces.at.internet2.edu/display/federation/Consume+InCommon+metadata)
xml_metadata = OneLogin_Saml2_IdPMetadataParser.get_metadata(url)
except Exception as exception:
raise SAMLMetadataLoadingError(inner_exception=exception)
self._logger.info(
'Finished loading IdP XML metadata from {0}'.format(url))
return xml_metadata
def test_parse_testshib_required_binding_sso_post(self):
"""
Test with testshib metadata.
Especially test extracting SSO with POST binding.
"""
expected_settings_json = """
{
"sp": {
"NameIDFormat": "urn:mace:shibboleth:1.0:nameIdentifier"
},
"idp": {
"entityId": "https://idp.testshib.org/idp/shibboleth",
"singleSignOnService": {
"url": "https://idp.testshib.org/idp/profile/SAML2/POST/SSO",
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
}
}
}
"""
try:
xmldoc = OneLogin_Saml2_IdPMetadataParser.get_metadata(
'https://www.testshib.org/metadata/testshib-providers.xml')
except URLError:
xmldoc = self.file_contents(
join(self.data_path, 'metadata', 'testshib-providers.xml'))
# Parse, require POST binding.
settings = OneLogin_Saml2_IdPMetadataParser.parse(
xmldoc,
required_sso_binding=OneLogin_Saml2_Constants.BINDING_HTTP_POST)
expected_settings = json.loads(expected_settings_json)
self.assertEqual(expected_settings, settings)
def _fetch_metadata(self):
self._logger.info('Started fetching metadata from InCommon Metadata service')
metadata = OneLogin_Saml2_IdPMetadataParser.get_metadata(self.IN_COMMON_METADATA_SERVICE_URL)
self._logger.info('Finished fetching metadata from InCommon Metadata service')
return metadata
def import_metadata(self):
if self.metadata_url:
self.metadata_xml = OneLogin_Saml2_IdPMetadataParser.get_metadata(
self.metadata_url,
validate_cert=self.verify_metadata_cert).decode("utf-8")
self.saml_settings = json.dumps(
OneLogin_Saml2_IdPMetadataParser.parse(self.metadata_xml))
self.last_import = timezone.now()
self.save()
def test_parse_testshib_required_binding_sso_redirect(self):
"""
Test with testshib metadata.
Especially test extracting SSO with REDIRECT binding.
Note that the testshib metadata does not contain an SLO specification
in the first <IDPSSODescriptor> tag.
"""
expected_settings_json = """
{
"sp": {
"NameIDFormat": "urn:mace:shibboleth:1.0:nameIdentifier"
},
"idp": {
"entityId": "https://idp.testshib.org/idp/shibboleth",
"singleSignOnService": {
"url": "https://idp.testshib.org/idp/profile/SAML2/Redirect/SSO",
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
}
}
}
"""
try:
xmldoc = OneLogin_Saml2_IdPMetadataParser.get_metadata(
'https://www.testshib.org/metadata/testshib-providers.xml')
except URLError:
xmldoc = self.file_contents(
join(self.data_path, 'metadata', 'testshib-providers.xml'))
# Parse, require SSO REDIRECT binding, implicitly.
settings1 = OneLogin_Saml2_IdPMetadataParser.parse(xmldoc)
# Parse, require SSO REDIRECT binding, explicitly.
settings2 = OneLogin_Saml2_IdPMetadataParser.parse(
xmldoc,
required_sso_binding=OneLogin_Saml2_Constants.BINDING_HTTP_REDIRECT
)
expected_settings = json.loads(expected_settings_json)
self.assertEqual(expected_settings, settings1)
self.assertEqual(expected_settings, settings2)
def test_parse_testshib_required_binding_sso_redirect(self):
"""
Test with testshib metadata.
Especially test extracting SSO with REDIRECT binding.
Note that the testshib metadata does not contain an SLO specification
in the first <IDPSSODescriptor> tag.
"""
expected_settings_json = """
{
"sp": {
"NameIDFormat": "urn:mace:shibboleth:1.0:nameIdentifier"
},
"idp": {
"entityId": "https://idp.testshib.org/idp/shibboleth",
"singleSignOnService": {
"url": "https://idp.testshib.org/idp/profile/SAML2/Redirect/SSO",
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
}
}
}
"""
try:
xmldoc = OneLogin_Saml2_IdPMetadataParser.get_metadata(
'https://www.testshib.org/metadata/testshib-providers.xml')
except URLError:
xmldoc = self.file_contents(join(self.data_path, 'metadata', 'testshib-providers.xml'))
# Parse, require SSO REDIRECT binding, implicitly.
settings1 = OneLogin_Saml2_IdPMetadataParser.parse(xmldoc)
# Parse, require SSO REDIRECT binding, explicitly.
settings2 = OneLogin_Saml2_IdPMetadataParser.parse(
xmldoc,
required_sso_binding=OneLogin_Saml2_Constants.BINDING_HTTP_REDIRECT
)
expected_settings = json.loads(expected_settings_json)
self.assertEqual(expected_settings, settings1)
self.assertEqual(expected_settings, settings2)
def load_idp_metadata(self, url=None):
"""Load IdP metadata in an XML format from the specified url.
:param url: URL of a metadata service
:type url: Optional[string]
:return: XML string containing InCommon Metadata
:rtype: string
:raise: MetadataLoadError
"""
self._logger.info(
"Started loading IdP XML metadata from {0}".format(url))
try:
xml_metadata = OneLogin_Saml2_IdPMetadataParser.get_metadata(url)
except Exception as exception:
raise SAMLMetadataLoadingError(inner_exception=exception)
self._logger.info(
"Finished loading IdP XML metadata from {0}".format(url))
return xml_metadata
