def test_parse_does_not_raise_exception_when_xml_metadata_does_not_have_display_names( self): # Arrange metadata_parser = SAMLMetadataParser() # Act result = metadata_parser.parse( fixtures.CORRECT_ONE_IDP_METADATA_WITHOUT_DISPLAY_NAMES) # Assert assert isinstance(result, list) eq_(len(result), 1) [result] = result eq_( result, IdentityProviderMetadata( entity_id=fixtures.IDP_1_ENTITY_ID, ui_info=UIInfo(), organization=Organization(), name_id_format=fixtures.NAME_ID_FORMAT_1, sso_service=Service(fixtures.IDP_1_SSO_URL, fixtures.IDP_1_SSO_BINDING), want_authn_requests_signed=False, signing_certificates=[ strip_certificate(fixtures.SIGNING_CERTIFICATE) ], encryption_certificates=[ strip_certificate(fixtures.ENCRYPTION_CERTIFICATE) ]))
NameIDFormat.UNSPECIFIED.value, Service(fixtures.SP_ACS_URL, fixtures.SP_ACS_BINDING), ) SERVICE_PROVIDER_WITH_CERTIFICATE = ServiceProviderMetadata( fixtures.SP_ENTITY_ID, UIInfo(), Organization(), NameIDFormat.UNSPECIFIED.value, Service(fixtures.SP_ACS_URL, fixtures.SP_ACS_BINDING), certificate=fixtures.SIGNING_CERTIFICATE, private_key=fixtures.PRIVATE_KEY) IDENTITY_PROVIDERS = [ IdentityProviderMetadata( fixtures.IDP_1_ENTITY_ID, UIInfo(), Organization(), NameIDFormat.UNSPECIFIED.value, Service(fixtures.IDP_1_SSO_URL, fixtures.IDP_1_SSO_BINDING)), IdentityProviderMetadata( fixtures.IDP_2_ENTITY_ID, UIInfo(), Organization(), NameIDFormat.UNSPECIFIED.value, Service(fixtures.IDP_2_SSO_URL, fixtures.IDP_2_SSO_BINDING)) ] class TestSAMLConfiguration(object): def test_service_provider_returns_correct_value(self): # Arrange service_provider_metadata = '' expected_result = copy(SERVICE_PROVIDER_WITH_CERTIFICATE) configuration_storage = create_autospec(spec=SAMLConfigurationStorage) configuration_storage.load = MagicMock(
def test_parse_correctly_parses_one_idp_metadata(self): # Arrange metadata_parser = SAMLMetadataParser() # Act result = metadata_parser.parse(fixtures.CORRECT_ONE_IDP_METADATA) # Assert assert isinstance(result, list) eq_(len(result), 1) [result] = result eq_( result, IdentityProviderMetadata( entity_id=fixtures.IDP_1_ENTITY_ID, ui_info=UIInfo([ LocalizableMetadataItem( fixtures.IDP_1_UI_INFO_EN_DISPLAY_NAME, 'en'), LocalizableMetadataItem( fixtures.IDP_1_UI_INFO_ES_DISPLAY_NAME, 'es') ], [ LocalizableMetadataItem(fixtures.IDP_1_UI_INFO_DESCRIPTION, 'en') ], [ LocalizableMetadataItem( fixtures.IDP_1_UI_INFO_INFORMATION_URL, 'en') ], [ LocalizableMetadataItem( fixtures.IDP_1_UI_INFO_PRIVACY_STATEMENT_URL, 'en') ], [LocalizableMetadataItem(fixtures.IDP_1_UI_INFO_LOGO_URL)]), organization=Organization( [ LocalizableMetadataItem( fixtures.IDP_1_ORGANIZATION_EN_ORGANIZATION_NAME, 'en'), LocalizableMetadataItem( fixtures.IDP_1_ORGANIZATION_ES_ORGANIZATION_NAME, 'es') ], [ LocalizableMetadataItem( fixtures. IDP_1_ORGANIZATION_EN_ORGANIZATION_DISPLAY_NAME, 'en'), LocalizableMetadataItem( fixtures. IDP_1_ORGANIZATION_ES_ORGANIZATION_DISPLAY_NAME, 'es') ], [ LocalizableMetadataItem( fixtures.IDP_1_ORGANIZATION_EN_ORGANIZATION_URL, 'en'), LocalizableMetadataItem( fixtures.IDP_1_ORGANIZATION_ES_ORGANIZATION_URL, 'es') ], ), name_id_format=fixtures.NAME_ID_FORMAT_1, sso_service=Service(fixtures.IDP_1_SSO_URL, fixtures.IDP_1_SSO_BINDING), want_authn_requests_signed=False, signing_certificates=[ strip_certificate(fixtures.SIGNING_CERTIFICATE) ], encryption_certificates=[ strip_certificate(fixtures.ENCRYPTION_CERTIFICATE) ]))
def test_parse_correctly_parses_metadata_with_multiple_descriptors(self): # Arrange metadata_parser = SAMLMetadataParser() # Act result = metadata_parser.parse(fixtures.CORRECT_MULTIPLE_IDPS_METADATA) # Assert assert isinstance(result, list) assert len(result) == 2 eq_( result[0], IdentityProviderMetadata( entity_id=fixtures.IDP_1_ENTITY_ID, ui_info=UIInfo([ LocalizableMetadataItem( fixtures.IDP_1_UI_INFO_EN_DISPLAY_NAME, 'en'), LocalizableMetadataItem( fixtures.IDP_1_UI_INFO_ES_DISPLAY_NAME, 'es') ]), organization=Organization( [ LocalizableMetadataItem( fixtures.IDP_1_ORGANIZATION_EN_ORGANIZATION_NAME, 'en'), LocalizableMetadataItem( fixtures.IDP_1_ORGANIZATION_ES_ORGANIZATION_NAME, 'es') ], [ LocalizableMetadataItem( fixtures. IDP_1_ORGANIZATION_EN_ORGANIZATION_DISPLAY_NAME, 'en'), LocalizableMetadataItem( fixtures. IDP_1_ORGANIZATION_ES_ORGANIZATION_DISPLAY_NAME, 'es') ], [ LocalizableMetadataItem( fixtures.IDP_1_ORGANIZATION_EN_ORGANIZATION_URL, 'en'), LocalizableMetadataItem( fixtures.IDP_1_ORGANIZATION_ES_ORGANIZATION_URL, 'es') ], ), name_id_format=fixtures.NAME_ID_FORMAT_1, sso_service=Service(fixtures.IDP_1_SSO_URL, fixtures.IDP_1_SSO_BINDING), want_authn_requests_signed=False, signing_certificates=[ strip_certificate(fixtures.SIGNING_CERTIFICATE) ], encryption_certificates=[ strip_certificate(fixtures.ENCRYPTION_CERTIFICATE) ])) eq_( result[1], IdentityProviderMetadata( entity_id=fixtures.IDP_2_ENTITY_ID, ui_info=UIInfo([ LocalizableMetadataItem( fixtures.IDP_2_UI_INFO_EN_DISPLAY_NAME, 'en'), LocalizableMetadataItem( fixtures.IDP_2_UI_INFO_ES_DISPLAY_NAME, 'es') ]), organization=Organization( [ LocalizableMetadataItem( fixtures.IDP_2_ORGANIZATION_EN_ORGANIZATION_NAME, 'en'), LocalizableMetadataItem( fixtures.IDP_2_ORGANIZATION_ES_ORGANIZATION_NAME, 'es') ], [ LocalizableMetadataItem( fixtures. IDP_2_ORGANIZATION_EN_ORGANIZATION_DISPLAY_NAME, 'en'), LocalizableMetadataItem( fixtures. IDP_2_ORGANIZATION_ES_ORGANIZATION_DISPLAY_NAME, 'es') ], [ LocalizableMetadataItem( fixtures.IDP_2_ORGANIZATION_EN_ORGANIZATION_URL, 'en'), LocalizableMetadataItem( fixtures.IDP_2_ORGANIZATION_ES_ORGANIZATION_URL, 'es') ], ), name_id_format=fixtures.NAME_ID_FORMAT_1, sso_service=Service(fixtures.IDP_2_SSO_URL, fixtures.IDP_2_SSO_BINDING), want_authn_requests_signed=False, signing_certificates=[ strip_certificate(fixtures.SIGNING_CERTIFICATE) ], encryption_certificates=[ strip_certificate(fixtures.ENCRYPTION_CERTIFICATE) ]))
from api.saml.provider import SAMLWebSSOAuthenticationProvider, SAML_INVALID_SUBJECT from core.model import Credential, Patron from core.util.problem_detail import ProblemDetail from tests.saml import fixtures from tests.saml.controller_test import ControllerTest SERVICE_PROVIDER = ServiceProviderMetadata( fixtures.SP_ENTITY_ID, UIInfo(), Organization(), NameIDFormat.UNSPECIFIED.value, Service(fixtures.SP_ACS_URL, fixtures.SP_ACS_BINDING)) IDENTITY_PROVIDERS = [ IdentityProviderMetadata( fixtures.IDP_1_ENTITY_ID, UIInfo(), Organization(), NameIDFormat.UNSPECIFIED.value, Service(fixtures.IDP_1_SSO_URL, fixtures.IDP_1_SSO_BINDING), signing_certificates=[fixtures.SIGNING_CERTIFICATE]), IdentityProviderMetadata( fixtures.IDP_2_ENTITY_ID, UIInfo(), Organization(), NameIDFormat.UNSPECIFIED.value, Service(fixtures.IDP_2_SSO_URL, fixtures.IDP_2_SSO_BINDING)) ] def create_patron_data_mock(): patron_data_mock = create_autospec(spec=PatronData) type(patron_data_mock).to_response_parameters = PropertyMock( return_value='')
def _parse_idp_metadata( self, provider_node, entity_id, ui_info, organization, required_sso_binding=Binding.HTTP_REDIRECT, required_slo_binding=Binding.HTTP_REDIRECT): """Parses IDPSSODescriptor node and translates it into an IdentityProviderMetadata object :param provider_node: IDPSSODescriptor node containing IdP metadata :param provider_node: defusedxml.lxml.RestrictedElement :param entity_id: String containing IdP's entityID :type entity_id: string :param ui_info: UIInfo object containing IdP's description :type ui_info: UIInfo :param organization: Organization object containing basic information about an organization responsible for a SAML entity or role :type organization: Organization :param required_sso_binding: Required binding for Single Sign-On profile (HTTP-Redirect by default) :type required_sso_binding: Binding :param required_slo_binding: Required binding for Single Sing-Out profile (HTTP-Redirect by default) :type required_slo_binding: Binding :return: IdentityProviderMetadata containing IdP metadata :rtype: IdentityProviderMetadata :raise: MetadataParsingError """ want_authn_requests_signed = provider_node.get('WantAuthnRequestsSigned', False) name_id_format = self._parse_name_id_format(provider_node) sso_service = None sso_nodes = OneLogin_Saml2_Utils.query( provider_node, "./md:SingleSignOnService[@Binding='%s']" % required_sso_binding.value ) if len(sso_nodes) > 0: sso_node = self._select_default_or_first_indexed_element(sso_nodes) sso_url = sso_node.get('Location', None) sso_service = Service(sso_url, required_sso_binding) else: raise SAMLMetadataParsingError( _('Missing {0} SingleSignOnService service declaration'.format(required_sso_binding.value))) slo_service = None slo_nodes = OneLogin_Saml2_Utils.query( provider_node, "./md:SingleLogoutService[@Binding='%s']" % required_slo_binding.value ) if len(slo_nodes) > 0: slo_node = self._select_default_or_first_indexed_element(slo_nodes) slo_url = slo_node.get('Location', None) slo_service = Service(slo_url, required_slo_binding) signing_certificate_nodes = OneLogin_Saml2_Utils.query( provider_node, './md:KeyDescriptor[not(contains(@use, "encryption"))]/ds:KeyInfo/ds:X509Data/ds:X509Certificate') signing_certificates = self._parse_certificates(signing_certificate_nodes) encryption_certificate_nodes = OneLogin_Saml2_Utils.query( provider_node, './md:KeyDescriptor[not(contains(@use, "signing"))]/ds:KeyInfo/ds:X509Data/ds:X509Certificate') encryption_certificates = self._parse_certificates(encryption_certificate_nodes) idp = IdentityProviderMetadata( entity_id, ui_info, organization, name_id_format, sso_service, slo_service, want_authn_requests_signed, signing_certificates, encryption_certificates) return idp
IDENTITY_PROVIDER_WITH_DISPLAY_NAME = IdentityProviderMetadata( fixtures.IDP_2_ENTITY_ID, UIInfo(display_names=[ LocalizableMetadataItem(fixtures.IDP_1_UI_INFO_EN_DISPLAY_NAME, 'en'), LocalizableMetadataItem(fixtures.IDP_1_UI_INFO_ES_DISPLAY_NAME, 'es') ], descriptions=[ LocalizableMetadataItem(fixtures.IDP_1_UI_INFO_DESCRIPTION, 'en'), LocalizableMetadataItem(fixtures.IDP_1_UI_INFO_DESCRIPTION, 'es') ], information_urls=[ LocalizableMetadataItem(fixtures.IDP_1_UI_INFO_INFORMATION_URL, 'en'), LocalizableMetadataItem(fixtures.IDP_1_UI_INFO_INFORMATION_URL, 'es') ], privacy_statement_urls=[ LocalizableMetadataItem( fixtures.IDP_1_UI_INFO_PRIVACY_STATEMENT_URL, 'en'), LocalizableMetadataItem( fixtures.IDP_1_UI_INFO_PRIVACY_STATEMENT_URL, 'es') ], logo_urls=[ LocalizableMetadataItem(fixtures.IDP_1_UI_INFO_LOGO_URL, 'en'), LocalizableMetadataItem(fixtures.IDP_1_UI_INFO_LOGO_URL, 'es') ]), Organization(), NameIDFormat.UNSPECIFIED.value, Service(fixtures.IDP_2_SSO_URL, fixtures.IDP_2_SSO_BINDING))