def _create_assertion(self, issuer, signature, subject, authn_statement, attribute_statement): """Create an object that represents a SAML Assertion. <ns0:Assertion ID="35daed258ba647ba8962e9baff4d6a46" IssueInstant="2014-06-11T15:45:58Z" Version="2.0"> <ns0:Issuer> ... </ns0:Issuer> <ns1:Signature> ... </ns1:Signature> <ns0:Subject> ... </ns0:Subject> <ns0:AuthnStatement> ... </ns0:AuthnStatement> <ns0:AttributeStatement> ... </ns0:AttributeStatement> </ns0:Assertion> :returns: XML <Assertion> object """ assertion = saml.Assertion() assertion.id = self.assertion_id assertion.issue_instant = utils.isotime() assertion.version = '2.0' assertion.issuer = issuer assertion.signature = signature assertion.subject = subject assertion.authn_statement = authn_statement assertion.attribute_statement = attribute_statement return assertion
def assertion_factory(**kwargs): assertion = saml.Assertion(version=VERSION, id=sid(), issue_instant=instant()) for key, val in kwargs.items(): setattr(assertion, key, val) return assertion
def create_authn_query_response(self, subject, session_index=None, requested_context=None, in_response_to=None, issuer=None, sign_response=False, status=None, sign_alg=None, digest_alg=None, **kwargs): """ A successful <Response> will contain one or more assertions containing authentication statements. :return: """ margs = self.message_args() asserts = [] for statement in self.session_db.get_authn_statements( subject.name_id, session_index, requested_context): asserts.append(saml.Assertion(authn_statement=statement, subject=subject, **margs)) if asserts: args = {"assertion": asserts} else: args = {} return self._response(in_response_to, "", status, issuer, sign_response, to_sign=[], sign_alg=sign_alg, digest_alg=digest_alg, **args)
def testAccessors(self): """Test for Response accessors""" self.response.id = "response id" self.response.in_response_to = "request id" self.response.version = saml2.VERSION self.response.issue_instant = "2007-09-14T01:05:02Z" self.response.destination = "http://www.example.com/Destination" self.response.consent = saml.CONSENT_UNSPECIFIED self.response.issuer = saml.Issuer() self.response.signature = ds.Signature() self.response.extensions = samlp.Extensions() self.response.status = samlp.Status() self.response.assertion.append(saml.Assertion()) self.response.encrypted_assertion.append(saml.EncryptedAssertion()) new_response = samlp.response_from_string(self.response.to_string()) assert new_response.id == "response id" assert new_response.in_response_to == "request id" assert new_response.version == saml2.VERSION assert new_response.issue_instant == "2007-09-14T01:05:02Z" assert new_response.destination == "http://www.example.com/Destination" assert new_response.consent == saml.CONSENT_UNSPECIFIED assert isinstance(new_response.issuer, saml.Issuer) assert isinstance(new_response.signature, ds.Signature) assert isinstance(new_response.extensions, samlp.Extensions) assert isinstance(new_response.status, samlp.Status) assert isinstance(new_response.assertion[0], saml.Assertion) assert isinstance(new_response.encrypted_assertion[0], saml.EncryptedAssertion)
def sign_assertion(self, statement, **kwargs): """Sign a SAML assertion. See sign_statement() for the kwargs. :param statement: The statement to be signed :return: The signed statement """ return self.sign_statement(statement, class_name(saml.Assertion()), **kwargs)
def sign_assertion_using_xmlsec(self, statement, key=None, key_file=None, nodeid=None, id_attr=""): """Sign a SAML assertion using xmlsec. :param statement: The statement to be signed :param key: The key to be used for the signing, either this or :param key_file: The file where the key can be found :return: The signed statement """ return self.sign_statement_using_xmlsec(statement, class_name(saml.Assertion()), key, key_file, nodeid, id_attr=id_attr)
def test_valid_instance(): attr_statem = saml.AttributeStatement() text = [ "value of test attribute", "value1 of test attribute", "value2 of test attribute", "value1 of test attribute2", "value2 of test attribute2", ] attr_statem.attribute.append(saml.Attribute()) attr_statem.attribute.append(saml.Attribute()) attr_statem.attribute[0].name = "testAttribute" attr_statem.attribute[0].name_format = saml.NAME_FORMAT_URI attr_statem.attribute[0].friendly_name = "test attribute" attr_statem.attribute[0].attribute_value.append(saml.AttributeValue()) attr_statem.attribute[0].attribute_value[0].text = text[0] attr_statem.attribute[1].name = "testAttribute2" attr_statem.attribute[1].name_format = saml.NAME_FORMAT_UNSPECIFIED attr_statem.attribute[1].friendly_name = text[2] attr_statem.attribute[1].attribute_value.append(saml.AttributeValue()) attr_statem.attribute[1].attribute_value[0].text = text[2] assert valid_instance(attr_statem) response = samlp.Response() response.id = "response id" response.in_response_to = "request id" response.version = saml2.VERSION response.issue_instant = "2007-09-14T01:05:02Z" response.destination = "http://www.example.com/Destination" response.consent = saml.CONSENT_UNSPECIFIED response.issuer = saml.Issuer() response.status = samlp.Status() response.assertion.append(saml.Assertion()) with raises(MustValueError): valid_instance(response)
def sign_assertion_using_xmlsec(self, statement, **kwargs): """ Deprecated function. See sign_assertion(). """ return self.sign_statement(statement, class_name(saml.Assertion()), **kwargs)