def test_assertion_with_authn_instant():
ava = {}
ast = Assertion(ava)
policy = Policy({
"default": {
"lifetime": {"minutes": 240},
"attribute_restrictions": None, # means all I have
"name_form": NAME_FORMAT_URI
},
})
name_id = NameID(format=NAMEID_FORMAT_TRANSIENT, text="foobar")
issuer = Issuer(text="entityid", format=NAMEID_FORMAT_ENTITY)
farg = add_path(
{},
['subject', 'subject_confirmation', 'method', saml.SCM_BEARER])
add_path(
farg['subject']['subject_confirmation'],
['subject_confirmation_data', 'in_response_to', 'in_response_to'])
add_path(
farg['subject']['subject_confirmation'],
['subject_confirmation_data', 'recipient', 'consumer_url'])
msg = ast.construct(
"sp_entity_id", [AttributeConverterNOOP(NAME_FORMAT_URI)], policy,
issuer=issuer, authn_decl=ACD, authn_auth="authn_authn",
authn_instant=1234567890, name_id=name_id, farg=farg)
print(msg)
assert msg.authn_statement[0].authn_instant == "2009-02-13T23:31:30Z"
def test_assertion_with_authn_instant():
ava = {}
ast = Assertion(ava)
policy = Policy({
"default": {
"lifetime": {
"minutes": 240
},
"attribute_restrictions": None, # means all I have
"name_form": NAME_FORMAT_URI
},
})
name_id = NameID(format=NAMEID_FORMAT_TRANSIENT, text="foobar")
issuer = Issuer(text="entityid", format=NAMEID_FORMAT_ENTITY)
farg = add_path(
{}, ['subject', 'subject_confirmation', 'method', saml.SCM_BEARER])
add_path(farg['subject']['subject_confirmation'],
['subject_confirmation_data', 'in_response_to', 'in_response_to'])
add_path(farg['subject']['subject_confirmation'],
['subject_confirmation_data', 'recipient', 'consumer_url'])
msg = ast.construct("sp_entity_id",
[AttributeConverterNOOP(NAME_FORMAT_URI)],
policy,
issuer=issuer,
authn_decl=ACD,
authn_auth="authn_authn",
authn_instant=1234567890,
name_id=name_id,
farg=farg)
print(msg)
assert msg.authn_statement[0].authn_instant == "2009-02-13T23:31:30Z"
def set_subject_address(oper, args):
t = {}
if args == '0.0.0.0':
# set it to whatever IP address this machine has
ipaddress = get_ip()
else:
ipaddress = args
oper.op_args['farg'] = add_path(
t, ['assertion', 'subject', 'subject_confirmation',
'subject_confirmation_data', 'address', ipaddress])
def test_assertion_with_noop_attribute_conv():
ava = {"urn:oid:2.5.4.4": "Roland", "urn:oid:2.5.4.42": "Hedberg"}
ast = Assertion(ava)
policy = Policy({
"default": {
"lifetime": {
"minutes": 240
},
"attribute_restrictions": None, # means all I have
"name_form": NAME_FORMAT_URI
},
})
name_id = NameID(format=NAMEID_FORMAT_TRANSIENT, text="foobar")
issuer = Issuer(text="entityid", format=NAMEID_FORMAT_ENTITY)
farg = add_path(
{}, ['subject', 'subject_confirmation', 'method', saml.SCM_BEARER])
add_path(farg['subject']['subject_confirmation'],
['subject_confirmation_data', 'in_response_to', 'in_response_to'])
add_path(farg['subject']['subject_confirmation'],
['subject_confirmation_data', 'recipient', 'consumer_url'])
msg = ast.construct("sp_entity_id",
[AttributeConverterNOOP(NAME_FORMAT_URI)],
policy,
issuer=issuer,
farg=farg,
authn_decl=ACD,
name_id=name_id,
authn_auth="authn_authn")
print(msg)
for attr in msg.attribute_statement[0].attribute:
assert attr.name_format == NAME_FORMAT_URI
assert len(attr.attribute_value) == 1
if attr.name == "urn:oid:2.5.4.42":
assert attr.attribute_value[0].text == "Hedberg"
elif attr.name == "urn:oid:2.5.4.4":
assert attr.attribute_value[0].text == "Roland"
def test_assertion_with_noop_attribute_conv():
ava = {"urn:oid:2.5.4.4": "Roland", "urn:oid:2.5.4.42": "Hedberg"}
ast = Assertion(ava)
policy = Policy({
"default": {
"lifetime": {"minutes": 240},
"attribute_restrictions": None, # means all I have
"name_form": NAME_FORMAT_URI
},
})
name_id = NameID(format=NAMEID_FORMAT_TRANSIENT, text="foobar")
issuer = Issuer(text="entityid", format=NAMEID_FORMAT_ENTITY)
farg = add_path(
{},
['subject', 'subject_confirmation', 'method', saml.SCM_BEARER])
add_path(
farg['subject']['subject_confirmation'],
['subject_confirmation_data', 'in_response_to', 'in_response_to'])
add_path(
farg['subject']['subject_confirmation'],
['subject_confirmation_data', 'recipient', 'consumer_url'])
msg = ast.construct(
"sp_entity_id", [AttributeConverterNOOP(NAME_FORMAT_URI)], policy,
issuer=issuer, farg=farg, authn_decl=ACD, name_id=name_id,
authn_auth="authn_authn")
print(msg)
for attr in msg.attribute_statement[0].attribute:
assert attr.name_format == NAME_FORMAT_URI
assert len(attr.attribute_value) == 1
if attr.name == "urn:oid:2.5.4.42":
assert attr.attribute_value[0].text == "Hedberg"
elif attr.name == "urn:oid:2.5.4.4":
assert attr.attribute_value[0].text == "Roland"
def update_farg(in_response_to, consumer_url, farg=None):
if not farg:
farg = add_path(
{},
['assertion', 'subject', 'subject_confirmation', 'method',
saml.SCM_BEARER])
add_path(
farg['assertion']['subject']['subject_confirmation'],
['subject_confirmation_data', 'in_response_to', in_response_to])
add_path(
farg['assertion']['subject']['subject_confirmation'],
['subject_confirmation_data', 'recipient', consumer_url])
else:
if not is_set(farg,
['assertion', 'subject', 'subject_confirmation',
'method']):
add_path(farg,
['assertion', 'subject', 'subject_confirmation',
'method', saml.SCM_BEARER])
if not is_set(farg,
['assertion', 'subject', 'subject_confirmation',
'subject_confirmation_data', 'in_response_to']):
add_path(farg,
['assertion', 'subject', 'subject_confirmation',
'subject_confirmation_data', 'in_response_to',
in_response_to])
if not is_set(farg, ['assertion', 'subject', 'subject_confirmation',
'subject_confirmation_data', 'recipient']):
add_path(farg,
['assertion', 'subject', 'subject_confirmation',
'subject_confirmation_data', 'recipient',
consumer_url])
return farg
def update_farg(in_response_to, consumer_url, farg=None):
if not farg:
farg = add_path(
{},
['assertion', 'subject', 'subject_confirmation', 'method',
saml.SCM_BEARER])
add_path(
farg['assertion']['subject']['subject_confirmation'],
['subject_confirmation_data', 'in_response_to', in_response_to])
add_path(
farg['assertion']['subject']['subject_confirmation'],
['subject_confirmation_data', 'recipient', consumer_url])
else:
if not is_set(farg,
['assertion', 'subject', 'subject_confirmation',
'method']):
add_path(farg,
['assertion', 'subject', 'subject_confirmation',
'method', saml.SCM_BEARER])
if not is_set(farg,
['assertion', 'subject', 'subject_confirmation',
'subject_confirmation_data', 'in_response_to']):
add_path(farg,
['assertion', 'subject', 'subject_confirmation',
'subject_confirmation_data', 'in_response_to',
in_response_to])
if not is_set(farg, ['assertion', 'subject', 'subject_confirmation',
'subject_confirmation_data', 'recipient']):
add_path(farg,
['assertion', 'subject', 'subject_confirmation',
'subject_confirmation_data', 'recipient',
consumer_url])
return farg
def update_farg(in_response_to, consumer_url, farg=None):
if not farg:
farg = add_path({}, ["assertion", "subject", "subject_confirmation", "method", saml.SCM_BEARER])
add_path(
farg["assertion"]["subject"]["subject_confirmation"],
["subject_confirmation_data", "in_response_to", in_response_to],
)
add_path(
farg["assertion"]["subject"]["subject_confirmation"],
["subject_confirmation_data", "recipient", consumer_url],
)
else:
if not is_set(farg, ["assertion", "subject", "subject_confirmation", "method"]):
add_path(farg, ["assertion", "subject", "subject_confirmation", "method", saml.SCM_BEARER])
if not is_set(
farg, ["assertion", "subject", "subject_confirmation", "subject_confirmation_data", "in_response_to"]
):
add_path(
farg,
[
"assertion",
"subject",
"subject_confirmation",
"subject_confirmation_data",
"in_response_to",
in_response_to,
],
)
if not is_set(
farg, ["assertion", "subject", "subject_confirmation", "subject_confirmation_data", "recipient"]
):
add_path(
farg,
[
"assertion",
"subject",
"subject_confirmation",
"subject_confirmation_data",
"recipient",
consumer_url,
],
)
return farg
