def test_create_mirrored_metadata_does_not_contain_target_contact_info(self, satosa_config_dict, idp_conf,
saml_mirror_frontend_config,
saml_backend_config):
satosa_config_dict["FRONTEND_MODULES"] = [saml_mirror_frontend_config]
saml_backend_config["config"]["sp_config"]["metadata"] = {
"inline": [create_metadata_from_config_dict(idp_conf)]}
satosa_config_dict["BACKEND_MODULES"] = [saml_backend_config]
satosa_config = SATOSAConfig(satosa_config_dict)
frontend_metadata, backend_metadata = create_entity_descriptors(satosa_config)
assert len(frontend_metadata) == 1
entity_descriptors = frontend_metadata[saml_mirror_frontend_config["name"]]
metadata = InMemoryMetaData(None, str(entity_descriptors[0]))
metadata.load()
entity_info = list(metadata.values())[0]
expected_entity_info = saml_mirror_frontend_config["config"]["idp_config"]
assert len(entity_info["contact_person"]) == len(expected_entity_info["contact_person"])
for i, contact in enumerate(expected_entity_info["contact_person"]):
assert entity_info["contact_person"][i]["contact_type"] == contact["contact_type"]
assert entity_info["contact_person"][i]["email_address"][0]["text"] == contact["email_address"][0]
assert entity_info["contact_person"][i]["given_name"]["text"] == contact["given_name"]
assert entity_info["contact_person"][i]["sur_name"]["text"] == contact["sur_name"]
expected_org_info = expected_entity_info["organization"]
assert entity_info["organization"]["organization_display_name"][0]["text"] == \
expected_org_info["display_name"][0][0]
assert entity_info["organization"]["organization_name"][0]["text"] == expected_org_info["name"][0][0]
assert entity_info["organization"]["organization_url"][0]["text"] == expected_org_info["url"][0][0]
def test_create_mirrored_metadata_does_not_contain_target_contact_info(self, satosa_config_dict, idp_conf,
saml_mirror_frontend_config,
saml_backend_config):
satosa_config_dict["FRONTEND_MODULES"] = [saml_mirror_frontend_config]
saml_backend_config["config"]["sp_config"]["metadata"] = {
"inline": [create_metadata_from_config_dict(idp_conf)]}
satosa_config_dict["BACKEND_MODULES"] = [saml_backend_config]
satosa_config = SATOSAConfig(satosa_config_dict)
frontend_metadata, backend_metadata = create_entity_descriptors(satosa_config)
assert len(frontend_metadata) == 1
entity_descriptors = frontend_metadata[saml_mirror_frontend_config["name"]]
metadata = InMemoryMetaData(None, str(entity_descriptors[0]))
metadata.load()
entity_info = list(metadata.values())[0]
expected_entity_info = saml_mirror_frontend_config["config"]["idp_config"]
assert len(entity_info["contact_person"]) == len(expected_entity_info["contact_person"])
for i, contact in enumerate(expected_entity_info["contact_person"]):
assert entity_info["contact_person"][i]["contact_type"] == contact["contact_type"]
assert entity_info["contact_person"][i]["email_address"][0]["text"] == contact["email_address"][0]
assert entity_info["contact_person"][i]["given_name"]["text"] == contact["given_name"]
assert entity_info["contact_person"][i]["sur_name"]["text"] == contact["sur_name"]
expected_org_info = expected_entity_info["organization"]
assert entity_info["organization"]["organization_display_name"][0]["text"] == \
expected_org_info["display_name"][0][0]
assert entity_info["organization"]["organization_name"][0]["text"] == expected_org_info["name"][0][0]
assert entity_info["organization"]["organization_url"][0]["text"] == expected_org_info["url"][0][0]
def assert_assertion_consumer_service_endpoints_for_saml_backend(self, entity_descriptor, saml_backend_config):
metadata = InMemoryMetaData(None, str(entity_descriptor))
metadata.load()
acs = metadata.service(saml_backend_config["config"]["sp_config"]["entityid"], "spsso_descriptor",
"assertion_consumer_service")
for url, binding in saml_backend_config["config"]["sp_config"]["service"]["sp"]["endpoints"][
"assertion_consumer_service"]:
assert acs[binding][0]["location"] == url
def assert_assertion_consumer_service_endpoints_for_saml_backend(self, entity_descriptor, saml_backend_config):
metadata = InMemoryMetaData(None, str(entity_descriptor))
metadata.load()
acs = metadata.service(saml_backend_config["config"]["sp_config"]["entityid"], "spsso_descriptor",
"assertion_consumer_service")
for url, binding in saml_backend_config["config"]["sp_config"]["service"]["sp"]["endpoints"][
"assertion_consumer_service"]:
assert acs[binding][0]["location"] == url
def test_signed_metadata(self, entity_desc, signature_security_context, verification_security_context):
signed_metadata = create_signed_entity_descriptor(entity_desc, signature_security_context)
md = InMemoryMetaData(None, security=verification_security_context)
md.parse(signed_metadata)
assert md.signed() is True
assert md.parse_and_check_signature(signed_metadata) is True
assert not md.entity_descr.valid_until
def test_valid_for(self, entity_desc, signature_security_context):
valid_for = 4 # metadata valid for 4 hours
expected_validity = in_a_while(hours=valid_for)
signed_metadata = create_signed_entity_descriptor(
entity_desc, signature_security_context, valid_for=valid_for)
md = InMemoryMetaData(None)
md.parse(signed_metadata)
assert md.entity_descr.valid_until == expected_validity
def test_valid_for(self, entity_desc, signature_security_context):
valid_for = 4 # metadata valid for 4 hours
expected_validity = in_a_while(hours=valid_for)
signed_metadata = create_signed_entity_descriptor(entity_desc, signature_security_context,
valid_for=valid_for)
md = InMemoryMetaData(None)
md.parse(signed_metadata)
assert md.entity_descr.valid_until == expected_validity
def assert_single_sign_on_endpoints_for_saml_frontend(self, entity_descriptor, saml_frontend_config, backend_names):
metadata = InMemoryMetaData(None, str(entity_descriptor))
metadata.load()
sso = metadata.service(saml_frontend_config["config"]["idp_config"]["entityid"], "idpsso_descriptor",
"single_sign_on_service")
for backend_name in backend_names:
for binding, path in saml_frontend_config["config"]["endpoints"]["single_sign_on_service"].items():
sso_urls_for_binding = [endpoint["location"] for endpoint in sso[binding]]
expected_url = "{}/{}/{}".format(BASE_URL, backend_name, path)
assert expected_url in sso_urls_for_binding
def assert_single_sign_on_endpoints_for_saml_frontend(self, entity_descriptor, saml_frontend_config, backend_names):
metadata = InMemoryMetaData(None, str(entity_descriptor))
metadata.load()
sso = metadata.service(saml_frontend_config["config"]["idp_config"]["entityid"], "idpsso_descriptor",
"single_sign_on_service")
for backend_name in backend_names:
for binding, path in saml_frontend_config["config"]["endpoints"]["single_sign_on_service"].items():
sso_urls_for_binding = [endpoint["location"] for endpoint in sso[binding]]
expected_url = "{}/{}/{}".format(BASE_URL, backend_name, path)
assert expected_url in sso_urls_for_binding
def assert_single_sign_on_endpoints_for_saml_mirror_frontend(self, entity_descriptors, encoded_target_entity_id,
saml_mirror_frontend_config, backend_names):
expected_entity_id = saml_mirror_frontend_config["config"]["idp_config"][
"entityid"] + "/" + encoded_target_entity_id
metadata = InMemoryMetaData(None, None)
for ed in entity_descriptors:
metadata.parse(str(ed))
sso = metadata.service(expected_entity_id, "idpsso_descriptor", "single_sign_on_service")
for backend_name in backend_names:
for binding, path in saml_mirror_frontend_config["config"]["endpoints"]["single_sign_on_service"].items():
sso_urls_for_binding = [endpoint["location"] for endpoint in sso[binding]]
expected_url = "{}/{}/{}/{}".format(BASE_URL, backend_name, encoded_target_entity_id, path)
assert expected_url in sso_urls_for_binding
def assert_single_sign_on_endpoints_for_saml_mirror_frontend(self, entity_descriptors, encoded_target_entity_id,
saml_mirror_frontend_config, backend_names):
expected_entity_id = saml_mirror_frontend_config["config"]["idp_config"][
"entityid"] + "/" + encoded_target_entity_id
metadata = InMemoryMetaData(None, None)
for ed in entity_descriptors:
metadata.parse(str(ed))
sso = metadata.service(expected_entity_id, "idpsso_descriptor", "single_sign_on_service")
for backend_name in backend_names:
for binding, path in saml_mirror_frontend_config["config"]["endpoints"]["single_sign_on_service"].items():
sso_urls_for_binding = [endpoint["location"] for endpoint in sso[binding]]
expected_url = "{}/{}/{}/{}".format(BASE_URL, backend_name, encoded_target_entity_id, path)
assert expected_url in sso_urls_for_binding
def test_signed_metadata(self, entity_desc, signature_security_context, verification_security_context):
signed_metadata = create_signed_entity_descriptor(entity_desc, signature_security_context)
md = InMemoryMetaData(None, security=verification_security_context)
md.parse(signed_metadata)
assert md.signed() is True
assert md.parse_and_check_signature(signed_metadata) is True
assert not md.entity_descr.valid_until
