def test04ParseAttributeQuery(self):
samlUtil = SAMLUtil()
samlUtil.firstName = ''
samlUtil.lastName = ''
samlUtil.emailAddress = ''
attributeQuery = samlUtil.buildAttributeQuery(SAMLTestCase.ISSUER_DN,
SAMLTestCase.NAMEID_VALUE)
elem = AttributeQueryElementTree.toXML(attributeQuery)
xmlOutput = prettyPrint(elem)
print("\n"+"_"*80)
print(xmlOutput)
attributeQueryStream = StringIO()
attributeQueryStream.write(xmlOutput)
attributeQueryStream.seek(0)
tree = ElementTree.parse(attributeQueryStream)
elem2 = tree.getroot()
attributeQuery2 = AttributeQueryElementTree.fromXML(elem2)
self.assert_(attributeQuery2.id == attributeQuery.id)
self.assert_(attributeQuery2.issuer.value==attributeQuery.issuer.value)
self.assert_(attributeQuery2.subject.nameID.value == \
attributeQuery.subject.nameID.value)
self.assert_(attributeQuery2.attributes[1].name == \
attributeQuery.attributes[1].name)
xmlOutput2 = prettyPrint(elem2)
print("_"*80)
print(xmlOutput2)
print("_"*80)
def _makeRequest(self, attributeQuery=None, **kw):
"""Convenience method to construct queries for tests"""
if attributeQuery is None:
attributeQuery = self._createAttributeQuery(**kw)
elem = AttributeQueryElementTree.toXML(attributeQuery)
soapRequest = SOAPEnvelope()
soapRequest.create()
soapRequest.body.elem.append(elem)
request = soapRequest.serialize()
return request
def test03CreateAttributeQuery(self):
samlUtil = SAMLUtil()
samlUtil.firstName = ''
samlUtil.lastName = ''
samlUtil.emailAddress = ''
attributeQuery = samlUtil.buildAttributeQuery(SAMLTestCase.ISSUER_DN,
SAMLTestCase.NAMEID_VALUE)
elem = AttributeQueryElementTree.toXML(attributeQuery)
xmlOutput = prettyPrint(elem)
print("\n"+"_"*80)
print(xmlOutput)
print("_"*80)
def _makeRequest(self, attributeQuery=None, **kw):
"""Convenience method to construct queries for tests"""
if attributeQuery is None:
attributeQuery = self._createAttributeQuery(**kw)
elem = AttributeQueryElementTree.toXML(attributeQuery)
soapRequest = SOAPEnvelope()
soapRequest.create()
soapRequest.body.elem.append(elem)
request = soapRequest.serialize()
return request
def __call__(self, environ, start_response):
soapRequestStream = environ['wsgi.input']
soapRequest = SOAPEnvelope()
soapRequest.parse(soapRequestStream)
attributeQueryElem = soapRequest.body.elem[0]
attributeQuery = AttributeQueryElementTree.fromXML(attributeQueryElem)
print("Received request from client:\n")
print soapRequest.prettyPrint()
samlResponse = Response()
samlResponse.issueInstant = datetime.utcnow()
samlResponse.id = str(uuid4())
samlResponse.issuer = Issuer()
# SAML 2.0 spec says format must be omitted
#samlResponse.issuer.format = Issuer.X509_SUBJECT
samlResponse.issuer.value = \
"/O=NDG/OU=BADC/CN=attributeauthority.badc.rl.ac.uk"
samlResponse.inResponseTo = attributeQuery.id
assertion = Assertion()
assertion.version = SAMLVersion(SAMLVersion.VERSION_20)
assertion.id = str(uuid4())
assertion.issueInstant = samlResponse.issueInstant
assertion.conditions = Conditions()
assertion.conditions.notBefore = assertion.issueInstant
assertion.conditions.notOnOrAfter = assertion.conditions.notBefore + \
timedelta(seconds=60*60*8)
assertion.subject = Subject()
assertion.subject.nameID = NameID()
assertion.subject.nameID.format = attributeQuery.subject.nameID.format
assertion.subject.nameID.value = attributeQuery.subject.nameID.value
assertion.attributeStatements.append(AttributeStatement())
for attribute in attributeQuery.attributes:
if attribute.name == SamlSoapBindingApp.FIRSTNAME_ATTRNAME:
# special case handling for 'FirstName' attribute
fnAttribute = Attribute()
fnAttribute.name = attribute.name
fnAttribute.nameFormat = attribute.nameFormat
fnAttribute.friendlyName = attribute.friendlyName
firstName = XSStringAttributeValue()
firstName.value = self.firstName
fnAttribute.attributeValues.append(firstName)
assertion.attributeStatements[0].attributes.append(fnAttribute)
elif attribute.name == SamlSoapBindingApp.LASTNAME_ATTRNAME:
lnAttribute = Attribute()
lnAttribute.name = attribute.name
lnAttribute.nameFormat = attribute.nameFormat
lnAttribute.friendlyName = attribute.friendlyName
lastName = XSStringAttributeValue()
lastName.value = self.lastName
lnAttribute.attributeValues.append(lastName)
assertion.attributeStatements[0].attributes.append(lnAttribute)
elif attribute.name == SamlSoapBindingApp.EMAILADDRESS_ATTRNAME:
emailAddressAttribute = Attribute()
emailAddressAttribute.name = attribute.name
emailAddressAttribute.nameFormat = attribute.nameFormat
emailAddressAttribute.friendlyName = attribute.friendlyName
emailAddress = XSStringAttributeValue()
emailAddress.value = self.emailAddress
emailAddressAttribute.attributeValues.append(emailAddress)
assertion.attributeStatements[0].attributes.append(
emailAddressAttribute)
samlResponse.assertions.append(assertion)
samlResponse.status = Status()
samlResponse.status.statusCode = StatusCode()
samlResponse.status.statusCode.value = StatusCode.SUCCESS_URI
# Convert to ElementTree representation to enable attachment to SOAP
# response body
samlResponseElem = ResponseElementTree.toXML(samlResponse)
xml = ElementTree.tostring(samlResponseElem)
log.debug('Sending response to query:\n%s', xml)
# Create SOAP response and attach the SAML Response payload
soapResponse = SOAPEnvelope()
soapResponse.create()
soapResponse.body.elem.append(samlResponseElem)
response = soapResponse.serialize()
start_response("200 OK",
[('Content-length', str(len(response))),
('Content-type', 'text/xml')])
return [response]
def test01AttributeQuery(self):
attributeQuery = AttributeQuery()
attributeQuery.version = SAMLVersion(SAMLVersion.VERSION_20)
attributeQuery.id = str(uuid4())
attributeQuery.issueInstant = datetime.utcnow()
attributeQuery.issuer = Issuer()
attributeQuery.issuer.format = Issuer.X509_SUBJECT
attributeQuery.issuer.value = \
"/O=NDG/OU=BADC/CN=attributeauthority.badc.rl.ac.uk"
attributeQuery.subject = Subject()
attributeQuery.subject.nameID = NameID()
attributeQuery.subject.nameID.format = SamlSoapBindingApp.NAMEID_FORMAT
attributeQuery.subject.nameID.value = \
"https://openid.localhost/philip.kershaw"
# special case handling for 'FirstName' attribute
fnAttribute = Attribute()
fnAttribute.name = SamlSoapBindingApp.FIRSTNAME_ATTRNAME
fnAttribute.nameFormat = "http://www.w3.org/2001/XMLSchema#string"
fnAttribute.friendlyName = "FirstName"
attributeQuery.attributes.append(fnAttribute)
# special case handling for 'LastName' attribute
lnAttribute = Attribute()
lnAttribute.name = SamlSoapBindingApp.LASTNAME_ATTRNAME
lnAttribute.nameFormat = "http://www.w3.org/2001/XMLSchema#string"
lnAttribute.friendlyName = "LastName"
attributeQuery.attributes.append(lnAttribute)
# special case handling for 'LastName' attribute
emailAddressAttribute = Attribute()
emailAddressAttribute.name = SamlSoapBindingApp.EMAILADDRESS_ATTRNAME
emailAddressAttribute.nameFormat = XMLConstants.XSD_NS+"#"+\
XSStringAttributeValue.TYPE_LOCAL_NAME
emailAddressAttribute.friendlyName = "emailAddress"
attributeQuery.attributes.append(emailAddressAttribute)
elem = AttributeQueryElementTree.toXML(attributeQuery)
soapRequest = SOAPEnvelope()
soapRequest.create()
soapRequest.body.elem.append(elem)
request = soapRequest.serialize()
header = {
'soapAction': "http://www.oasis-open.org/committees/security",
'Content-length': str(len(request)),
'Content-type': 'text/xml'
}
response = self.app.post('/attributeauthority',
params=request,
headers=header,
status=200)
print("Response status=%d" % response.status)
soapResponse = SOAPEnvelope()
responseStream = StringIO()
responseStream.write(response.body)
responseStream.seek(0)
soapResponse.parse(responseStream)
print("Parsed response ...")
print(soapResponse.serialize())
# print(prettyPrint(soapResponse.elem))
response = ResponseElementTree.fromXML(soapResponse.body.elem[0])
self.assert_(response.status.statusCode.value==StatusCode.SUCCESS_URI)
self.assert_(response.inResponseTo == attributeQuery.id)
self.assert_(response.assertions[0].subject.nameID.value == \
attributeQuery.subject.nameID.value)