コード例 #1
0
 def test_is_auth_request_id_ok(self):
     manager = SAMLResponseManager(read_resource('SAMLResponse.txt'))
     self.assertTrue(
         manager.is_auth_request_id_ok(
             '334f96ca-7e00-11e2-b46e-3c07546832b4'))
     self.assertFalse(
         manager.is_auth_request_id_ok(
             'asdfdelfalsdbflakeflkajsdlfjalskjfelkajsle'))
コード例 #2
0
 def test_is_signature_ok(self):
     manager = SAMLResponseManager(read_resource('SAMLResponse.txt'))
     metadata_manager = IDP_metadata_manager(
         os.path.abspath(
             os.path.join(os.path.dirname(__file__), '..', 'resources',
                          'IDP_Metadata.xml')))
     self.assertTrue(
         manager.is_signature_ok(
             metadata_manager.get_trusted_pem_filename()))
コード例 #3
0
def saml2_post_consumer(request):
    '''
    This is the postback from IDP
    '''
    # TODO: compare with auth response id
    auth_request_id = "retrieve the id"

    # Validate the response id against session
    __SAMLResponse = base64.b64decode(request.POST['SAMLResponse'])
    __SAMLResponse_manager = SAMLResponseManager(
        __SAMLResponse.decode('utf-8'))
    __SAMLResponse_IDP_Metadata_manager = IDP_metadata_manager(
        request.registry.settings['auth.idp.metadata'])

    __skip_verification = request.registry.settings.get(
        'auth.skip.verify', False)
    # TODO: enable auth_request_id
    # if __SAMLResponse_manager.is_auth_request_id_ok(auth_request_id)
    condition = __SAMLResponse_manager.is_condition_ok()
    status = __SAMLResponse_manager.is_status_ok()
    signature = __SAMLResponse_manager.is_signature_ok(
        __SAMLResponse_IDP_Metadata_manager.get_trusted_pem_filename())

    if condition and status and (__skip_verification or signature):

        # create a session
        identity_parser_class = load_class(
            request.registry.settings.get(
                'auth.saml.identity_parser',
                'edauth.security.basic_identity_parser.BasicIdentityParser'))
        saml = __SAMLResponse_manager.get_SAMLResponse()
        assertion = saml.get_assertion()
        session_id = create_session(request, assertion.get_attributes(),
                                    assertion.get_name_id(),
                                    assertion.get_session_index(),
                                    identity_parser_class)

        # Save session id to cookie
        headers = remember(request, session_id)
        # Get the url saved in RelayState from SAML request, redirect it back to it
        # If it's not found, redirect to list of reports
        # TODO: Need a landing other page
        redirect_url = request.POST.get('RelayState')
        if redirect_url:
            redirect_url = _get_cipher().decrypt(redirect_url)
        else:
            redirect_url = request.route_url('list_of_reports')

    else:
        message = "SAML response failed with Condition: {0}, Status: {1}, Signature: {2}".format(
            str(condition), str(status), str(signature))
        write_security_event(message, SECURITY_EVENT_TYPE.WARN)
        redirect_url = request.route_url('login')
        headers = []

    return _get_landing_page(request, redirect_url, headers=headers)
コード例 #4
0
 def test_condition_ok(self):
     manager = SAMLResponseManager(read_resource('SAMLResponse_time_test1.txt'))
     self.assertTrue(manager.is_condition_ok())
コード例 #5
0
 def test_is_condition_not_ok2(self):
     manager = SAMLResponseManager(read_resource('SAMLResponse_time_test2.txt'))
     self.assertFalse(manager.is_condition_ok())
コード例 #6
0
 def test_is_not_status_ok(self):
     manager = SAMLResponseManager(read_resource('SAMLResponse_response_not_ok.txt'))
     self.assertFalse(manager.is_status_ok())
コード例 #7
0
 def test_is_status_ok(self):
     manager = SAMLResponseManager(read_resource('SAMLResponse.txt'))
     self.assertTrue(manager.is_status_ok())
コード例 #8
0
 def test_is_auth_request_id_ok(self):
     manager = SAMLResponseManager(read_resource('SAMLResponse.txt'))
     self.assertTrue(manager.is_auth_request_id_ok('334f96ca-7e00-11e2-b46e-3c07546832b4'))
     self.assertFalse(manager.is_auth_request_id_ok('asdfdelfalsdbflakeflkajsdlfjalskjfelkajsle'))
コード例 #9
0
 def test_is_signature_ok(self):
     manager = SAMLResponseManager(read_resource('SAMLResponse.txt'))
     metadata_manager = IDP_metadata_manager(os.path.abspath(os.path.join(os.path.dirname(__file__), '..', 'resources', 'IDP_Metadata.xml')))
     self.assertTrue(manager.is_signature_ok(metadata_manager.get_trusted_pem_filename()))
コード例 #10
0
 def test_condition_ok(self):
     manager = SAMLResponseManager(
         read_resource('SAMLResponse_time_test1.txt'))
     self.assertTrue(manager.is_condition_ok())
コード例 #11
0
 def test_is_condition_not_ok2(self):
     manager = SAMLResponseManager(
         read_resource('SAMLResponse_time_test2.txt'))
     self.assertFalse(manager.is_condition_ok())
コード例 #12
0
 def test_is_not_status_ok(self):
     manager = SAMLResponseManager(
         read_resource('SAMLResponse_response_not_ok.txt'))
     self.assertFalse(manager.is_status_ok())
コード例 #13
0
 def test_is_status_ok(self):
     manager = SAMLResponseManager(read_resource('SAMLResponse.txt'))
     self.assertTrue(manager.is_status_ok())
コード例 #14
0
 def test_get_SAMLResponse(self):
     manager = SAMLResponseManager(read_resource('SAMLResponse.txt'))
     self.assertIsNotNone(manager)