def response(self, post, outstanding, log=None, decode=True, asynchop=True):
""" Deal with an AuthnResponse or LogoutResponse
:param post: The reply as a dictionary
:param outstanding: A dictionary with session IDs as keys and
the original web request from the user before redirection
as values.
:param log: where loggin should go.
:param decode: Whether the response is Base64 encoded or not
:param asynchop: Whether the response was return over a asynchronous
connection. SOAP for instance is synchronous
:return: An response.AuthnResponse or response.LogoutResponse instance
"""
# If the request contains a samlResponse, try to validate it
try:
saml_response = post["SAMLResponse"]
except KeyError:
return None
try:
_ = self.config.entityid
except KeyError:
raise Exception("Missing entity_id specification")
if log is None:
log = self.logger
reply_addr = self.service_url()
resp = None
if saml_response:
try:
resp = response_factory(
saml_response,
self.config,
reply_addr,
outstanding,
log,
debug=self.debug,
decode=decode,
asynchop=asynchop,
allow_unsolicited=self.allow_unsolicited,
)
except Exception, exc:
if log:
log.error("%s" % exc)
return None
if self.debug:
if log:
log.info(">> %s", resp)
resp = resp.verify()
if isinstance(resp, AuthnResponse):
self.users.add_information_about_person(resp.session_info())
if log:
log.error("--- ADDED person info ----")
elif isinstance(resp, LogoutResponse):
self.handle_logout_response(resp, log)
elif log:
log.error("Other response type: %s" % saml2.class_name(resp))
def test_2(self):
xml_response = ("%s" % (self._sign_resp_,)).split("\n",1)[1]
resp = response_factory(xml_response, self.conf,
return_addr="http://lingon.catalogix.se:8087/",
outstanding_queries={"id12": "http://localhost:8088/sso"},
timeslack=10000, decode=False)
assert isinstance(resp, StatusResponse)
assert isinstance(resp, AuthnResponse)
def test_2(self):
xml_response = self._sign_resp_
resp = response_factory(xml_response, self.conf,
return_addrs=[
"http://lingon.catalogix.se:8087/"],
outstanding_queries={
"id12": "http://localhost:8088/sso"},
timeslack=TIMESLACK, decode=False)
assert isinstance(resp, StatusResponse)
assert isinstance(resp, AuthnResponse)
def test_2(self):
xml_response = self._sign_resp_
resp = response_factory(xml_response, self.conf,
return_addrs=[
"http://lingon.catalogix.se:8087/"],
outstanding_queries={
"id12": "http://localhost:8088/sso"},
timeslack=TIMESLACK, decode=False)
assert isinstance(resp, StatusResponse)
assert isinstance(resp, AuthnResponse)
def test_1(self):
xml_response = ("%s" % (self._resp_, ))
resp = response_factory(
xml_response,
self.conf,
return_addr="http://lingon.catalogix.se:8087/",
outstanding_queries={"id12": "http://localhost:8088/sso"},
timeslack=10000,
decode=False)
assert isinstance(resp, StatusResponse)
assert isinstance(resp, AuthnResponse)
def response(self, post, outstanding, decode=True, asynchop=True):
""" Deal with an AuthnResponse or LogoutResponse
:param post: The reply as a dictionary
:param outstanding: A dictionary with session IDs as keys and
the original web request from the user before redirection
as values.
:param decode: Whether the response is Base64 encoded or not
:param asynchop: Whether the response was return over a asynchronous
connection. SOAP for instance is synchronous
:return: An response.AuthnResponse or response.LogoutResponse instance
"""
# If the request contains a samlResponse, try to validate it
try:
saml_response = post['SAMLResponse']
except KeyError:
return None
try:
_ = self.config.entityid
except KeyError:
raise Exception("Missing entity_id specification")
reply_addr = self.service_url()
resp = None
if saml_response:
try:
resp = response_factory(
saml_response,
self.config,
reply_addr,
outstanding,
decode=decode,
asynchop=asynchop,
allow_unsolicited=self.allow_unsolicited)
except Exception, exc:
logger.error("%s" % exc)
return None
logger.debug(">> %s", resp)
resp = resp.verify()
if isinstance(resp, AuthnResponse):
self.users.add_information_about_person(resp.session_info())
logger.info("--- ADDED person info ----")
elif isinstance(resp, LogoutResponse):
self.handle_logout_response(resp)
else:
logger.error("Response type not supported: %s" %
(saml2.class_name(resp), ))
def test_other_response(self):
xml_response = open(full_path("attribute_response.xml")).read()
resp = response_factory(
xml_response, self.conf,
return_addrs=['https://myreviewroom.com/saml2/acs/'],
outstanding_queries={'id-f4d370f3d03650f3ec0da694e2348bfe':
"http://localhost:8088/sso"},
timeslack=TIMESLACK, decode=False)
assert isinstance(resp, StatusResponse)
assert isinstance(resp, AuthnResponse)
resp.sec.only_use_keys_in_metadata=False
resp.parse_assertion()
si = resp.session_info()
assert si
print(si["ava"])
def test_other_response(self):
xml_response = open(full_path("attribute_response.xml")).read()
resp = response_factory(
xml_response, self.conf,
return_addrs=['https://myreviewroom.com/saml2/acs/'],
outstanding_queries={'id-f4d370f3d03650f3ec0da694e2348bfe':
"http://localhost:8088/sso"},
timeslack=TIMESLACK, decode=False)
assert isinstance(resp, StatusResponse)
assert isinstance(resp, AuthnResponse)
resp.sec.only_use_keys_in_metadata=False
resp.parse_assertion()
si = resp.session_info()
assert si
print si["ava"]
def test_false_sign(self):
xml_response = open(FALSE_ASSERT_SIGNED).read()
resp = response_factory(
xml_response, self.conf,
return_addrs=["http://lingon.catalogix.se:8087/"],
outstanding_queries={
"bahigehogffohiphlfmplepdpcohkhhmheppcdie":
"http://localhost:8088/sso"},
timeslack=TIMESLACK, decode=False)
assert isinstance(resp, StatusResponse)
assert isinstance(resp, AuthnResponse)
try:
resp.verify()
except SignatureError:
pass
else:
assert False
def test_false_sign(self):
xml_response = open(FALSE_ASSERT_SIGNED).read()
resp = response_factory(
xml_response, self.conf,
return_addrs=["http://lingon.catalogix.se:8087/"],
outstanding_queries={
"bahigehogffohiphlfmplepdpcohkhhmheppcdie":
"http://localhost:8088/sso"},
timeslack=TIMESLACK, decode=False)
assert isinstance(resp, StatusResponse)
assert isinstance(resp, AuthnResponse)
try:
resp.verify()
except SignatureError:
pass
else:
assert False
def test_false_sign(self, mock_datetime):
mock_datetime.utcnow = mock.Mock(
return_value=datetime.datetime(2016, 9, 4, 9, 59, 39))
with open(FALSE_ASSERT_SIGNED) as fp:
xml_response = fp.read()
resp = response_factory(
xml_response, self.conf,
return_addrs=["http://lingon.catalogix.se:8087/"],
outstanding_queries={
"bahigehogffohiphlfmplepdpcohkhhmheppcdie":
"http://localhost:8088/sso"},
timeslack=TIMESLACK, decode=False)
assert isinstance(resp, StatusResponse)
assert isinstance(resp, AuthnResponse)
try:
resp.verify()
except SignatureError:
pass
else:
assert False
def test_false_sign(self, mock_datetime):
mock_datetime.utcnow = mock.Mock(
return_value=datetime.datetime(2016, 9, 4, 9, 59, 39))
with open(FALSE_ASSERT_SIGNED) as fp:
xml_response = fp.read()
resp = response_factory(
xml_response,
self.conf,
return_addrs=["http://lingon.catalogix.se:8087/"],
outstanding_queries={
"bahigehogffohiphlfmplepdpcohkhhmheppcdie":
"http://localhost:8088/sso",
},
timeslack=TIMESLACK,
decode=False,
)
assert isinstance(resp, StatusResponse)
assert isinstance(resp, AuthnResponse)
with raises(SignatureError):
resp.verify()
def test_encrypted_assertion_retrieval_method(self):
with open(ENC_ASSERT_RETR_METHOD) as fp:
xml_response = fp.read()
resp = response_factory(
xml_response,
self.conf,
return_addrs=["http://lingon.catalogix.se:8087/"],
outstanding_queries={"id12": "http://foo.example.com/service"},
timeslack=TIMESLACK,
decode=False,
origxml=xml_response)
assert isinstance(resp, StatusResponse)
assert isinstance(resp, AuthnResponse)
resp.came_from = "http://foo.example.com/service"
resp.in_response_to = "id12"
resp.require_response_signature = False
resp.require_signature = False
resp.do_not_verify = True
resp.parse_assertion()
si = resp.session_info()
assert si
assert si["session_index"] == 'id-t4RLs4qJE3ZmkJe81'