def get_authn_response(self, idp_config, identity): with closing(SamlServer(idp_config)) as server: name_id = server.ident.transient_nameid( "urn:mace:example.com:saml:roland:idp", "id12") authn_context_ref = authn_context_class_ref( AUTHN_PASSWORD_PROTECTED) authn_context = AuthnContext( authn_context_class_ref=authn_context_ref) locality = saml.SubjectLocality() locality.address = "172.31.25.30" authn_statement = AuthnStatement( subject_locality=locality, authn_instant=datetime.now().isoformat(), authn_context=authn_context, session_index="id12") return server.create_authn_response( identity, "id12", # in_response_to self. sp_acs_location, # consumer_url. config.sp.endpoints.assertion_consumer_service:["acs_endpoint"] self.sp_acs_location, # sp_entity_id name_id=name_id, sign_assertion=True, sign_response=True, authn_statement=authn_statement)
def authn_statement(authn_class=None, authn_auth=None, authn_decl=None, authn_decl_ref=None, authn_instant="", subject_locality="", session_not_on_or_after=None): """ Construct the AuthnStatement :param authn_class: Authentication Context Class reference :param authn_auth: Authenticating Authority :param authn_decl: Authentication Context Declaration :param authn_decl_ref: Authentication Context Declaration reference :param authn_instant: When the Authentication was performed. Assumed to be seconds since the Epoch. :param subject_locality: Specifies the DNS domain name and IP address for the system from which the assertion subject was apparently authenticated. :return: An AuthnContext instance """ if authn_instant: _instant = instant(time_stamp=authn_instant) else: _instant = instant() if authn_class: res = factory(saml.AuthnStatement, authn_instant=_instant, session_index=sid(), session_not_on_or_after=session_not_on_or_after, authn_context=_authn_context_class_ref( authn_class, authn_auth)) elif authn_decl: res = factory(saml.AuthnStatement, authn_instant=_instant, session_index=sid(), session_not_on_or_after=session_not_on_or_after, authn_context=_authn_context_decl( authn_decl, authn_auth)) elif authn_decl_ref: res = factory(saml.AuthnStatement, authn_instant=_instant, session_index=sid(), session_not_on_or_after=session_not_on_or_after, authn_context=_authn_context_decl_ref( authn_decl_ref, authn_auth)) else: res = factory(saml.AuthnStatement, authn_instant=_instant, session_index=sid(), session_not_on_or_after=session_not_on_or_after) if subject_locality: res.subject_locality = saml.SubjectLocality(text=subject_locality) return res
def test_acs_with_authn_response_includes_subjectLocality(self): self._skip_if_xmlsec_binary_missing() self.config.use_signed_authn_request = True self.config.save() with override_settings(SAML_KEY_FILE=self.ipd_key_path, SAML_CERT_FILE=self.ipd_cert_path): saml2config = self.config sp_config = config.SPConfig() sp_config.load(create_saml_config_for(saml2config)) sp_metadata = create_metadata_string('', config=sp_config, sign=True) idp_config = self.get_idp_config(sp_metadata) identity = { "eduPersonAffiliation": ["staff", "member"], "surName": ["Jeter"], "givenName": ["Derek"], "mail": ["*****@*****.**"], "title": ["shortstop"] } with closing(SamlServer(idp_config)) as server: name_id = server.ident.transient_nameid( "urn:mace:example.com:saml:roland:idp", "id12") authn_context_ref = authn_context_class_ref( AUTHN_PASSWORD_PROTECTED) authn_context = AuthnContext( authn_context_class_ref=authn_context_ref) locality = saml.SubjectLocality() locality.address = "172.31.25.30" authn_statement = AuthnStatement( subject_locality=locality, authn_instant=datetime.now().isoformat(), authn_context=authn_context, session_index="id12") authn_response = server.create_authn_response( identity, "id12", # in_response_to self. sp_acs_location, # consumer_url. config.sp.endpoints.assertion_consumer_service:["acs_endpoint"] self.sp_acs_location, # sp_entity_id name_id=name_id, sign_assertion=True, sign_response=True, authn_statement=authn_statement) base64_encoded_response_metadata = base64.b64encode( authn_response.encode('utf-8')) base_64_utf8_response_metadata = base64_encoded_response_metadata.decode( 'utf-8') request = self.client.post( reverse('assertion_consumer_service', kwargs={'idp_name': self.config.slug}), {'SAMLResponse': base_64_utf8_response_metadata})