def _create_attribute_statement(self, user, roles, project):
"""Create an object that represents a SAML AttributeStatement.
<ns0:AttributeStatement
xmlns:ns0="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ns0:Attribute Name="openstack_user">
<ns0:AttributeValue
xsi:type="xs:string">test_user</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="openstack_roles">
<ns0:AttributeValue
xsi:type="xs:string">admin</ns0:AttributeValue>
<ns0:AttributeValue
xsi:type="xs:string">member</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="openstack_projects">
<ns0:AttributeValue
xsi:type="xs:string">development</ns0:AttributeValue>
</ns0:Attribute>
</ns0:AttributeStatement>
:return: XML <AttributeStatement> object
"""
openstack_user = '******'
user_attribute = saml.Attribute()
user_attribute.name = openstack_user
user_value = saml.AttributeValue()
user_value.set_text(user)
user_attribute.attribute_value = user_value
openstack_roles = 'openstack_roles'
roles_attribute = saml.Attribute()
roles_attribute.name = openstack_roles
for role in roles:
role_value = saml.AttributeValue()
role_value.set_text(role)
roles_attribute.attribute_value.append(role_value)
openstack_project = 'openstack_project'
project_attribute = saml.Attribute()
project_attribute.name = openstack_project
project_value = saml.AttributeValue()
project_value.set_text(project)
project_attribute.attribute_value = project_value
attribute_statement = saml.AttributeStatement()
attribute_statement.attribute.append(user_attribute)
attribute_statement.attribute.append(roles_attribute)
attribute_statement.attribute.append(project_attribute)
return attribute_statement
def _attrval(val, typ=""):
if isinstance(val, list) or isinstance(val, set):
attrval = [saml.AttributeValue(text=v) for v in val]
elif val is None:
attrval = None
else:
attrval = [saml.AttributeValue(text=val)]
if typ:
for ava in attrval:
ava.set_type(typ)
return attrval
def _create_attribute_statement(self, user, roles, project):
"""Create an object that represents a SAML AttributeStatement.
<ns0:AttributeStatement>
<ns0:Attribute Name="openstack_user">
<ns0:AttributeValue
xsi:type="xs:string">test_user</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="openstack_roles">
<ns0:AttributeValue
xsi:type="xs:string">admin</ns0:AttributeValue>
<ns0:AttributeValue
xsi:type="xs:string">member</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="openstack_project">
<ns0:AttributeValue
xsi:type="xs:string">development</ns0:AttributeValue>
</ns0:Attribute>
</ns0:AttributeStatement>
:return: XML <AttributeStatement> object
"""
openstack_user = '******'
user_attribute = saml.Attribute()
user_attribute.name = openstack_user
user_value = saml.AttributeValue()
user_value.set_text(user)
user_attribute.attribute_value = user_value
openstack_roles = 'openstack_roles'
roles_attribute = saml.Attribute()
roles_attribute.name = openstack_roles
for role in roles:
role_value = saml.AttributeValue()
role_value.set_text(role)
roles_attribute.attribute_value.append(role_value)
openstack_project = 'openstack_project'
project_attribute = saml.Attribute()
project_attribute.name = openstack_project
project_value = saml.AttributeValue()
project_value.set_text(project)
project_attribute.attribute_value = project_value
attribute_statement = saml.AttributeStatement()
attribute_statement.attribute.append(user_attribute)
attribute_statement.attribute.append(roles_attribute)
attribute_statement.attribute.append(project_attribute)
return attribute_statement
def to_eptid_value(self, values):
"""
Create AttributeValue instances of NameID from the given values.
Special handling for the "eptid" attribute
Name=urn:oid:1.3.6.1.4.1.5923.1.1.1.10
FriendlyName=eduPersonTargetedID
values is a list of items of type str or dict. When an item is a
dictionary it has the keys: "NameQualifier", "SPNameQualifier", and
"text".
Returns a list of AttributeValue instances of NameID elements.
"""
def _create_nameid_ext_el(value):
text = value["text"] if isinstance(value, dict) else value
attributes = ({
"Format": NAMEID_FORMAT_PERSISTENT,
"NameQualifier": value["NameQualifier"],
"SPNameQualifier": value["SPNameQualifier"],
} if isinstance(value, dict) else {
"Format": NAMEID_FORMAT_PERSISTENT
})
element = ExtensionElement("NameID",
NAMESPACE,
attributes=attributes,
text=text)
return element
attribute_values = [
saml.AttributeValue(extension_elements=[_create_nameid_ext_el(v)])
for v in values
]
return attribute_values
def _build_attribute(attribute_name, attribute_values):
attribute = saml.Attribute()
attribute.name = attribute_name
for value in attribute_values:
attribute_value = saml.AttributeValue()
attribute_value.set_text(value)
attribute.attribute_value.append(attribute_value)
return attribute
def do_ava(val, typ=""):
if isinstance(val, basestring):
ava = saml.AttributeValue()
ava.set_text(val)
attrval = [ava]
elif isinstance(val, list):
attrval = [do_ava(v)[0] for v in val]
elif val or val is False:
ava = saml.AttributeValue()
ava.set_text(val)
attrval = [ava]
elif val is None:
attrval = None
else:
raise OtherError("strange value type on: %s" % val)
if typ:
for ava in attrval:
ava.set_type(typ)
return attrval
def test_valid_instance():
attr_statem = saml.AttributeStatement()
text = [
"value of test attribute",
"value1 of test attribute",
"value2 of test attribute",
"value1 of test attribute2",
"value2 of test attribute2",
]
attr_statem.attribute.append(saml.Attribute())
attr_statem.attribute.append(saml.Attribute())
attr_statem.attribute[0].name = "testAttribute"
attr_statem.attribute[0].name_format = saml.NAME_FORMAT_URI
attr_statem.attribute[0].friendly_name = "test attribute"
attr_statem.attribute[0].attribute_value.append(saml.AttributeValue())
attr_statem.attribute[0].attribute_value[0].text = text[0]
attr_statem.attribute[1].name = "testAttribute2"
attr_statem.attribute[1].name_format = saml.NAME_FORMAT_UNSPECIFIED
attr_statem.attribute[1].friendly_name = text[2]
attr_statem.attribute[1].attribute_value.append(saml.AttributeValue())
attr_statem.attribute[1].attribute_value[0].text = text[2]
assert valid_instance(attr_statem)
response = samlp.Response()
response.id = "response id"
response.in_response_to = "request id"
response.version = saml2.VERSION
response.issue_instant = "2007-09-14T01:05:02Z"
response.destination = "http://www.example.com/Destination"
response.consent = saml.CONSENT_UNSPECIFIED
response.issuer = saml.Issuer()
response.status = samlp.Status()
response.assertion.append(saml.Assertion())
with raises(MustValueError):
valid_instance(response)
def test_attribute():
a = utils.factory(saml.Attribute,
friendly_name="eduPersonScopedAffiliation",
name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9",
name_format="urn:oasis:names:tc:SAML:2.0:attrname"
"-format:uri")
assert _eq(a.keyswv(), ["friendly_name", "name", "name_format"])
a = utils.factory(
saml.Attribute, friendly_name="eduPersonScopedAffiliation",
name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9",
name_format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
attribute_value=[saml.AttributeValue(text="*****@*****.**")])
assert _eq(a.keyswv(), ["friendly_name", "name", "name_format",
"attribute_value"])
def to_(self, attrvals):
""" Create a list of Attribute instances.
:param attrvals: A dictionary of attributes and values
:return: A list of Attribute instances
"""
attributes = []
for key, value in attrvals.items():
name = self._to.get(key.lower())
if name:
if name == "urn:oid:1.3.6.1.4.1.5923.1.1.1.10":
# special case for eduPersonTargetedID
attr_value = []
for v in value:
extension_element = ExtensionElement(
"NameID",
NAMESPACE,
attributes={'Format': NAMEID_FORMAT_PERSISTENT},
text=v)
attrval = saml.AttributeValue(
extension_elements=[extension_element])
attr_value.append(attrval)
else:
attr_value = do_ava(value)
attributes.append(
factory(saml.Attribute,
name=name,
name_format=self.name_format,
friendly_name=key,
attribute_value=attr_value))
else:
attributes.append(
factory(saml.Attribute,
name=key,
attribute_value=do_ava(value)))
return attributes
