def test_authn_response_no_name_id(self, context, idp_conf, sp_conf):
response_binding = BINDING_HTTP_REDIRECT
fakesp_conf = SPConfig().load(sp_conf, metadata_construction=False)
fakesp = FakeSP(fakesp_conf)
fakeidp_conf = IdPConfig().load(idp_conf, metadata_construction=False)
fakeidp = FakeIdP(USERS, config=fakeidp_conf)
destination, request_params = fakesp.make_auth_req(
idp_conf["entityid"])
# Use the fake IdP to mock up an authentication request that has no
# <NameID> element.
url, auth_resp = fakeidp.handle_auth_req_no_name_id(
request_params["SAMLRequest"],
request_params["RelayState"],
BINDING_HTTP_REDIRECT,
"testuser1",
response_binding=response_binding)
backend = self.samlbackend
context.request = auth_resp
context.state[backend.name] = {
"relay_state": request_params["RelayState"],
}
backend.authn_response(context, response_binding)
context, internal_resp = backend.auth_callback_func.call_args[0]
self.assert_authn_response(internal_resp)
assert backend.name not in context.state
def test_authn_response_no_name_id(self, context, idp_conf, sp_conf):
response_binding = BINDING_HTTP_REDIRECT
fakesp_conf = SPConfig().load(sp_conf, metadata_construction=False)
fakesp = FakeSP(fakesp_conf)
fakeidp_conf = IdPConfig().load(idp_conf, metadata_construction=False)
fakeidp = FakeIdP(USERS, config=fakeidp_conf)
destination, request_params = fakesp.make_auth_req(
idp_conf["entityid"])
# Use the fake IdP to mock up an authentication request that has no
# <NameID> element.
url, auth_resp = fakeidp.handle_auth_req_no_name_id(
request_params["SAMLRequest"],
request_params["RelayState"],
BINDING_HTTP_REDIRECT,
"testuser1",
response_binding=response_binding)
backend = self.samlbackend
context.request = auth_resp
context.state[backend.name] = {
"relay_state": request_params["RelayState"],
}
backend.authn_response(context, response_binding)
context, internal_resp = backend.auth_callback_func.call_args[0]
assert_authn_response(internal_resp)
assert backend.name not in context.state
def test_authn_response(self, context, idp_conf, sp_conf):
response_binding = BINDING_HTTP_REDIRECT
fakesp = FakeSP(SPConfig().load(sp_conf, metadata_construction=False))
fakeidp = FakeIdP(USERS,
config=IdPConfig().load(idp_conf,
metadata_construction=False))
destination, request_params = fakesp.make_auth_req(
idp_conf["entityid"])
url, auth_resp = fakeidp.handle_auth_req(
request_params["SAMLRequest"],
request_params["RelayState"],
BINDING_HTTP_REDIRECT,
"testuser1",
response_binding=response_binding)
context.request = auth_resp
context.state[self.samlbackend.name] = {
"relay_state": request_params["RelayState"]
}
self.samlbackend.authn_response(context, response_binding)
context, internal_resp = self.samlbackend.auth_callback_func.call_args[
0]
self.assert_authn_response(internal_resp)
assert self.samlbackend.name not in context.state
def test_full_flow(self, satosa_config_dict, oidc_frontend_config, saml_backend_config, idp_conf):
subject_id = "testuser1"
# proxy config
satosa_config_dict["FRONTEND_MODULES"] = [oidc_frontend_config]
satosa_config_dict["BACKEND_MODULES"] = [saml_backend_config]
satosa_config_dict["INTERNAL_ATTRIBUTES"]["attributes"] = {attr_name: {"openid": [attr_name],
"saml": [attr_name]}
for attr_name in USERS[subject_id]}
_, backend_metadata = create_entity_descriptors(SATOSAConfig(satosa_config_dict))
# application
test_client = Client(make_app(SATOSAConfig(satosa_config_dict)), Response)
# get frontend OP config info
provider_config = json.loads(test_client.get("/.well-known/openid-configuration").data.decode("utf-8"))
# create auth req
claims_request = ClaimsRequest(id_token=Claims(**{k: None for k in USERS[subject_id]}))
req_args = {"scope": "openid", "response_type": "id_token", "client_id": CLIENT_ID,
"redirect_uri": REDIRECT_URI, "nonce": "nonce",
"claims": claims_request.to_json()}
auth_req = urlparse(provider_config["authorization_endpoint"]).path + "?" + urlencode(req_args)
# make auth req to proxy
proxied_auth_req = test_client.get(auth_req)
assert proxied_auth_req.status == "303 See Other"
# config test IdP
backend_metadata_str = str(backend_metadata[saml_backend_config["name"]][0])
idp_conf["metadata"]["inline"].append(backend_metadata_str)
fakeidp = FakeIdP(USERS, config=IdPConfig().load(idp_conf))
# create auth resp
req_params = dict(parse_qsl(urlparse(proxied_auth_req.data.decode("utf-8")).query))
url, authn_resp = fakeidp.handle_auth_req(
req_params["SAMLRequest"],
req_params["RelayState"],
BINDING_HTTP_REDIRECT,
subject_id,
response_binding=BINDING_HTTP_REDIRECT)
# make auth resp to proxy
authn_resp_req = urlparse(url).path + "?" + urlencode(authn_resp)
authn_resp = test_client.get(authn_resp_req)
assert authn_resp.status == "303 See Other"
# verify auth resp from proxy
resp_dict = dict(parse_qsl(urlparse(authn_resp.data.decode("utf-8")).fragment))
signing_key = RSAKey(key=rsa_load(oidc_frontend_config["config"]["signing_key_path"]),
use="sig", alg="RS256")
id_token_claims = JWS().verify_compact(resp_dict["id_token"], keys=[signing_key])
assert all(
(name, values) in id_token_claims.items()
for name, values in OIDC_USERS[subject_id].items()
)
def test_full_flow(self, satosa_config_dict, oidc_frontend_config, saml_backend_config, idp_conf):
user_id = "testuser1"
# proxy config
satosa_config_dict["FRONTEND_MODULES"] = [oidc_frontend_config]
satosa_config_dict["BACKEND_MODULES"] = [saml_backend_config]
satosa_config_dict["INTERNAL_ATTRIBUTES"]["attributes"] = {attr_name: {"openid": [attr_name],
"saml": [attr_name]}
for attr_name in USERS[user_id]}
_, backend_metadata = create_entity_descriptors(SATOSAConfig(satosa_config_dict))
# application
test_client = Client(make_app(SATOSAConfig(satosa_config_dict)), BaseResponse)
# get frontend OP config info
provider_config = json.loads(test_client.get("/.well-known/openid-configuration").data.decode("utf-8"))
# create auth req
claims_request = ClaimsRequest(id_token=Claims(**{k: None for k in USERS[user_id]}))
req_args = {"scope": "openid", "response_type": "id_token", "client_id": CLIENT_ID,
"redirect_uri": REDIRECT_URI, "nonce": "nonce",
"claims": claims_request.to_json()}
auth_req = urlparse(provider_config["authorization_endpoint"]).path + "?" + urlencode(req_args)
# make auth req to proxy
proxied_auth_req = test_client.get(auth_req)
assert proxied_auth_req.status == "303 See Other"
# config test IdP
backend_metadata_str = str(backend_metadata[saml_backend_config["name"]][0])
idp_conf["metadata"]["inline"].append(backend_metadata_str)
fakeidp = FakeIdP(USERS, config=IdPConfig().load(idp_conf, metadata_construction=False))
# create auth resp
req_params = dict(parse_qsl(urlparse(proxied_auth_req.data.decode("utf-8")).query))
url, authn_resp = fakeidp.handle_auth_req(
req_params["SAMLRequest"],
req_params["RelayState"],
BINDING_HTTP_REDIRECT,
user_id,
response_binding=BINDING_HTTP_REDIRECT)
# make auth resp to proxy
authn_resp_req = urlparse(url).path + "?" + urlencode(authn_resp)
authn_resp = test_client.get("/" + authn_resp_req)
assert authn_resp.status == "303 See Other"
# verify auth resp from proxy
resp_dict = dict(parse_qsl(urlparse(authn_resp.data.decode("utf-8")).fragment))
signing_key = RSAKey(key=rsa_load(oidc_frontend_config["config"]["signing_key_path"]),
use="sig", alg="RS256")
id_token_claims = JWS().verify_compact(resp_dict["id_token"], keys=[signing_key])
assert all((k, v[0]) in id_token_claims.items() for k, v in USERS[user_id].items())
def setup(self):
"""
Initiates the test.
:return: None
"""
self.sp = FakeSP(None,
config=SPConfig().load(
TestConfiguration.get_instance().fake_sp_config,
metadata_construction=False))
self.idp = FakeIdP(
USERS,
IdPConfig().load(TestConfiguration.get_instance().fake_idp_config,
metadata_construction=False))
def test_start_auth_disco(self, sp_conf, idp_conf):
"""
Performs a complete test for the module satosa.backends.saml2. The flow should be accepted.
"""
samlbackend = SamlBackend(lambda context, internal_resp: (context, internal_resp),
INTERNAL_ATTRIBUTES, {"config": sp_conf,
"disco_srv": "https://my.dicso.com/role/idp.ds",
"state_id": "saml_backend_test_id"})
test_state_key = "test_state_key_456afgrh"
response_binding = BINDING_HTTP_REDIRECT
fakeidp = FakeIdP(USERS, config=IdPConfig().load(idp_conf, metadata_construction=False))
internal_req = InternalRequest(UserIdHashType.persistent, "example.se/sp.xml")
state = State()
state.add(test_state_key, "my_state")
context = Context()
context.state = state
resp = samlbackend.start_auth(context, internal_req)
assert resp.status == "303 See Other", "Must be a redirect to the discovery server."
disco_resp = parse_qs(urlparse(resp.message).query)
info = parse_qs(urlparse(disco_resp["return"][0]).query)
info[samlbackend.idp_disco_query_param] = idp_conf["entityid"]
context = Context()
context.request = info
context.state = state
resp = samlbackend.disco_response(context)
assert resp.status == "303 See Other"
req_params = dict(parse_qsl(urlparse(resp.message).query))
url, fake_idp_resp = fakeidp.handle_auth_req(
req_params["SAMLRequest"],
req_params["RelayState"],
BINDING_HTTP_REDIRECT,
"testuser1",
response_binding=response_binding)
context = Context()
context.request = fake_idp_resp
context.state = state
context, internal_resp = samlbackend.authn_response(context, response_binding)
assert isinstance(context, Context), "Not correct instance!"
assert context.state.get(test_state_key) == "my_state", "Not correct state!"
assert internal_resp.auth_info.auth_class_ref == PASSWORD, "Not correct authentication!"
_dict = internal_resp.get_attributes()
expected_data = {'surname': ['Testsson 1'], 'mail': ['*****@*****.**'],
'displayname': ['Test Testsson'], 'givenname': ['Test 1'],
'edupersontargetedid': ['one!for!all']}
for key in _dict:
assert expected_data[key] == _dict[key]
def run_test(self, satosa_config_dict, sp_conf, idp_conf, saml_backend_config, frontend_config):
user_id = "testuser1"
# proxy config
satosa_config_dict["FRONTEND_MODULES"] = [frontend_config]
satosa_config_dict["BACKEND_MODULES"] = [saml_backend_config]
satosa_config_dict["INTERNAL_ATTRIBUTES"]["attributes"] = {attr_name: {"saml": [attr_name]} for attr_name in
USERS[user_id]}
frontend_metadata, backend_metadata = create_entity_descriptors(SATOSAConfig(satosa_config_dict))
# application
test_client = Client(make_app(SATOSAConfig(satosa_config_dict)), BaseResponse)
# config test SP
frontend_metadata_str = str(frontend_metadata[frontend_config["name"]][0])
sp_conf["metadata"]["inline"].append(frontend_metadata_str)
fakesp = FakeSP(SPConfig().load(sp_conf, metadata_construction=False))
# create auth req
destination, req_args = fakesp.make_auth_req(frontend_metadata[frontend_config["name"]][0].entity_id)
auth_req = urlparse(destination).path + "?" + urlencode(req_args)
# make auth req to proxy
proxied_auth_req = test_client.get(auth_req)
assert proxied_auth_req.status == "303 See Other"
# config test IdP
backend_metadata_str = str(backend_metadata[saml_backend_config["name"]][0])
idp_conf["metadata"]["inline"].append(backend_metadata_str)
fakeidp = FakeIdP(USERS, config=IdPConfig().load(idp_conf, metadata_construction=False))
# create auth resp
req_params = dict(parse_qsl(urlparse(proxied_auth_req.data.decode("utf-8")).query))
url, authn_resp = fakeidp.handle_auth_req(
req_params["SAMLRequest"],
req_params["RelayState"],
BINDING_HTTP_REDIRECT,
user_id,
response_binding=BINDING_HTTP_REDIRECT)
# make auth resp to proxy
authn_resp_req = urlparse(url).path + "?" + urlencode(authn_resp)
authn_resp = test_client.get("/" + authn_resp_req)
assert authn_resp.status == "303 See Other"
# verify auth resp from proxy
resp_dict = dict(parse_qsl(urlparse(authn_resp.data.decode("utf-8")).query))
auth_resp = fakesp.parse_authn_request_response(resp_dict["SAMLResponse"], BINDING_HTTP_REDIRECT)
assert auth_resp.ava == USERS[user_id]
def test_authn_response(self, context, idp_conf, sp_conf):
response_binding = BINDING_HTTP_REDIRECT
fakesp = FakeSP(SPConfig().load(sp_conf, metadata_construction=False))
fakeidp = FakeIdP(USERS, config=IdPConfig().load(idp_conf, metadata_construction=False))
destination, request_params = fakesp.make_auth_req(idp_conf["entityid"])
url, auth_resp = fakeidp.handle_auth_req(request_params["SAMLRequest"], request_params["RelayState"],
BINDING_HTTP_REDIRECT,
"testuser1", response_binding=response_binding)
context.request = auth_resp
context.state[self.samlbackend.name] = {"relay_state": request_params["RelayState"]}
self.samlbackend.authn_response(context, response_binding)
context, internal_resp = self.samlbackend.auth_callback_func.call_args[0]
self.assert_authn_response(internal_resp)
assert self.samlbackend.name not in context.state
def test_full_flow(self, context, idp_conf, sp_conf):
test_state_key = "test_state_key_456afgrh"
response_binding = BINDING_HTTP_REDIRECT
fakeidp = FakeIdP(USERS,
config=IdPConfig().load(idp_conf,
metadata_construction=False))
context.state[test_state_key] = "my_state"
# start auth flow (redirecting to discovery server)
resp = self.samlbackend.start_auth(context,
InternalRequest(None, None))
self.assert_redirect_to_discovery_server(resp, sp_conf)
# fake response from discovery server
disco_resp = parse_qs(urlparse(resp.message).query)
info = parse_qs(urlparse(disco_resp["return"][0]).query)
info["entityID"] = idp_conf["entityid"]
request_context = Context()
request_context.request = info
request_context.state = context.state
# pass discovery response to backend and check that it redirects to the selected IdP
resp = self.samlbackend.disco_response(request_context)
self.assert_redirect_to_idp(resp, idp_conf)
# fake auth response to the auth request
req_params = dict(parse_qsl(urlparse(resp.message).query))
url, fake_idp_resp = fakeidp.handle_auth_req(
req_params["SAMLRequest"],
req_params["RelayState"],
BINDING_HTTP_REDIRECT,
"testuser1",
response_binding=response_binding)
response_context = Context()
response_context.request = fake_idp_resp
response_context.state = request_context.state
# pass auth response to backend and verify behavior
self.samlbackend.authn_response(response_context, response_binding)
context, internal_resp = self.samlbackend.auth_callback_func.call_args[
0]
assert self.samlbackend.name not in context.state
assert context.state[test_state_key] == "my_state"
self.assert_authn_response(internal_resp)
def setup(self):
"""
Initiates the test.
:return: None
"""
self.sp = FakeSP(None, config=SPConfig().load(TestConfiguration.get_instance().
fake_sp_config,
metadata_construction=False))
self.idp = FakeIdP(USERS, IdPConfig().load(TestConfiguration.get_instance().fake_idp_config,
metadata_construction=False))
def test_full_flow(self, context, idp_conf, sp_conf):
test_state_key = "test_state_key_456afgrh"
response_binding = BINDING_HTTP_REDIRECT
fakeidp = FakeIdP(USERS, config=IdPConfig().load(idp_conf, metadata_construction=False))
context.state[test_state_key] = "my_state"
# start auth flow (redirecting to discovery server)
resp = self.samlbackend.start_auth(context, InternalData())
self.assert_redirect_to_discovery_server(resp, sp_conf)
# fake response from discovery server
disco_resp = parse_qs(urlparse(resp.message).query)
info = parse_qs(urlparse(disco_resp["return"][0]).query)
info["entityID"] = idp_conf["entityid"]
request_context = Context()
request_context.request = info
request_context.state = context.state
# pass discovery response to backend and check that it redirects to the selected IdP
resp = self.samlbackend.disco_response(request_context)
self.assert_redirect_to_idp(resp, idp_conf)
# fake auth response to the auth request
req_params = dict(parse_qsl(urlparse(resp.message).query))
url, fake_idp_resp = fakeidp.handle_auth_req(
req_params["SAMLRequest"],
req_params["RelayState"],
BINDING_HTTP_REDIRECT,
"testuser1",
response_binding=response_binding)
response_context = Context()
response_context.request = fake_idp_resp
response_context.state = request_context.state
# pass auth response to backend and verify behavior
self.samlbackend.authn_response(response_context, response_binding)
context, internal_resp = self.samlbackend.auth_callback_func.call_args[0]
assert self.samlbackend.name not in context.state
assert context.state[test_state_key] == "my_state"
self.assert_authn_response(internal_resp)
def run_test(self, satosa_config_dict, sp_conf, idp_conf,
saml_backend_config, frontend_config):
subject_id = "testuser1"
# proxy config
satosa_config_dict["FRONTEND_MODULES"] = [frontend_config]
satosa_config_dict["BACKEND_MODULES"] = [saml_backend_config]
satosa_config_dict["INTERNAL_ATTRIBUTES"]["attributes"] = {
attr_name: {
"saml": [attr_name]
}
for attr_name in USERS[subject_id]
}
frontend_metadata, backend_metadata = create_entity_descriptors(
SATOSAConfig(satosa_config_dict))
# application
test_client = Client(make_app(SATOSAConfig(satosa_config_dict)),
BaseResponse)
# config test SP
frontend_metadata_str = str(
frontend_metadata[frontend_config["name"]][0])
sp_conf["metadata"]["inline"].append(frontend_metadata_str)
fakesp = FakeSP(SPConfig().load(sp_conf, metadata_construction=False))
# create auth req
destination, req_args = fakesp.make_auth_req(
frontend_metadata[frontend_config["name"]][0].entity_id)
auth_req = urlparse(destination).path + "?" + urlencode(req_args)
# make auth req to proxy
proxied_auth_req = test_client.get(auth_req)
assert proxied_auth_req.status == "303 See Other"
# config test IdP
backend_metadata_str = str(
backend_metadata[saml_backend_config["name"]][0])
idp_conf["metadata"]["inline"].append(backend_metadata_str)
fakeidp = FakeIdP(USERS,
config=IdPConfig().load(idp_conf,
metadata_construction=False))
# create auth resp
req_params = dict(
parse_qsl(urlparse(proxied_auth_req.data.decode("utf-8")).query))
url, authn_resp = fakeidp.handle_auth_req(
req_params["SAMLRequest"],
req_params["RelayState"],
BINDING_HTTP_REDIRECT,
subject_id,
response_binding=BINDING_HTTP_REDIRECT)
# make auth resp to proxy
authn_resp_req = urlparse(url).path + "?" + urlencode(authn_resp)
authn_resp = test_client.get("/" + authn_resp_req)
assert authn_resp.status == "303 See Other"
# verify auth resp from proxy
resp_dict = dict(
parse_qsl(urlparse(authn_resp.data.decode("utf-8")).query))
auth_resp = fakesp.parse_authn_request_response(
resp_dict["SAMLResponse"], BINDING_HTTP_REDIRECT)
assert auth_resp.ava == USERS[subject_id]
def test_start_auth_disco(self, sp_conf, idp_conf):
"""
Performs a complete test for the module satosa.backends.saml2. The flow should be accepted.
"""
samlbackend = SamlBackend(
lambda context, internal_resp: (context, internal_resp),
INTERNAL_ATTRIBUTES, {
"config": sp_conf,
"disco_srv": "https://my.dicso.com/role/idp.ds",
"state_id": "saml_backend_test_id"
})
test_state_key = "test_state_key_456afgrh"
response_binding = BINDING_HTTP_REDIRECT
fakeidp = FakeIdP(USERS,
config=IdPConfig().load(idp_conf,
metadata_construction=False))
internal_req = InternalRequest(UserIdHashType.persistent,
"example.se/sp.xml")
state = State()
state.add(test_state_key, "my_state")
context = Context()
context.state = state
resp = samlbackend.start_auth(context, internal_req)
assert resp.status == "303 See Other", "Must be a redirect to the discovery server."
disco_resp = parse_qs(urlparse(resp.message).query)
info = parse_qs(urlparse(disco_resp["return"][0]).query)
info[samlbackend.idp_disco_query_param] = idp_conf["entityid"]
context = Context()
context.request = info
context.state = state
resp = samlbackend.disco_response(context)
assert resp.status == "303 See Other"
req_params = dict(parse_qsl(urlparse(resp.message).query))
url, fake_idp_resp = fakeidp.handle_auth_req(
req_params["SAMLRequest"],
req_params["RelayState"],
BINDING_HTTP_REDIRECT,
"testuser1",
response_binding=response_binding)
context = Context()
context.request = fake_idp_resp
context.state = state
context, internal_resp = samlbackend.authn_response(
context, response_binding)
assert isinstance(context, Context), "Not correct instance!"
assert context.state.get(
test_state_key) == "my_state", "Not correct state!"
assert internal_resp.auth_info.auth_class_ref == PASSWORD, "Not correct authentication!"
_dict = internal_resp.get_attributes()
expected_data = {
'surname': ['Testsson 1'],
'mail': ['*****@*****.**'],
'displayname': ['Test Testsson'],
'givenname': ['Test 1'],
'edupersontargetedid': ['one!for!all']
}
for key in _dict:
assert expected_data[key] == _dict[key]
class TestProxy:
"""
Performs a complete flow test for the proxy.
Verifies SAML -> PROXY -> SAML.
"""
@pytest.fixture(autouse=True)
def setup(self):
"""
Initiates the test.
:return: None
"""
self.sp = FakeSP(None, config=SPConfig().load(TestConfiguration.get_instance().
fake_sp_config,
metadata_construction=False))
self.idp = FakeIdP(USERS, IdPConfig().load(TestConfiguration.get_instance().fake_idp_config,
metadata_construction=False))
def test_flow(self):
"""
Performs the test.
"""
e_id = 'https://localhost:8090/proxy.xml'
target_id = 'https://example.com/unittest_idp.xml'
url = "{}&entityID={}".format(self.sp.make_auth_req(e_id), quote(target_id))
app = WsgiApplication(config=TestConfiguration.get_instance().proxy_config)
test_client = Client(app.run_server, BaseResponse)
parsed = urlparse(url)
request = "{}?{}".format(parsed.path, parsed.query)
resp = test_client.get(request)
assert resp.status == '303 See Other'
headers = dict(resp.headers)
assert headers["Set-Cookie"], "Did not save state in cookie!"
url = headers["location"]
req = parse_qs(urlsplit(url).query)
assert 'SAMLRequest' in req
assert 'RelayState' in req
action, body = self.idp.handle_auth_req(req['SAMLRequest'][0],
req['RelayState'][0],
BINDING_HTTP_REDIRECT,
'testuser1')
parsed = urlparse(action)
request = "{}?{}".format(parsed.path, parsed.query)
resp = test_client.post(request, data=urlencode(body),
headers=[("Cookie", headers["Set-Cookie"]),
("Content-Type", "application/x-www-form-urlencoded")])
assert resp.status == '302 Found'
headers = dict(resp.headers)
url = headers["location"]
req = parse_qs(urlsplit(url).query)
assert 'SAMLResponse' in req
assert 'RelayState' in req
resp = self.sp.parse_authn_request_response(req['SAMLResponse'][0], BINDING_HTTP_REDIRECT)
identity = resp.ava
assert identity["displayName"][0] == "Test Testsson"
class TestProxy:
"""
Performs a complete flow test for the proxy.
Verifies SAML -> PROXY -> SAML.
"""
@pytest.fixture(autouse=True)
def setup(self):
"""
Initiates the test.
:return: None
"""
self.sp = FakeSP(None,
config=SPConfig().load(
TestConfiguration.get_instance().fake_sp_config,
metadata_construction=False))
self.idp = FakeIdP(
USERS,
IdPConfig().load(TestConfiguration.get_instance().fake_idp_config,
metadata_construction=False))
def test_flow(self):
"""
Performs the test.
"""
e_id = 'https://localhost:8090/proxy.xml'
target_id = 'https://example.com/unittest_idp.xml'
url = "{}&entityID={}".format(self.sp.make_auth_req(e_id),
quote(target_id))
app = WsgiApplication(
config=TestConfiguration.get_instance().proxy_config)
test_client = Client(app.run_server, BaseResponse)
parsed = urlparse(url)
request = "{}?{}".format(parsed.path, parsed.query)
resp = test_client.get(request)
assert resp.status == '303 See Other'
headers = dict(resp.headers)
assert headers["Set-Cookie"], "Did not save state in cookie!"
url = headers["location"]
req = parse_qs(urlsplit(url).query)
assert 'SAMLRequest' in req
assert 'RelayState' in req
action, body = self.idp.handle_auth_req(req['SAMLRequest'][0],
req['RelayState'][0],
BINDING_HTTP_REDIRECT,
'testuser1')
parsed = urlparse(action)
request = "{}?{}".format(parsed.path, parsed.query)
resp = test_client.post(request,
data=urlencode(body),
headers=[("Cookie", headers["Set-Cookie"]),
("Content-Type",
"application/x-www-form-urlencoded")
])
assert resp.status == '302 Found'
headers = dict(resp.headers)
url = headers["location"]
req = parse_qs(urlsplit(url).query)
assert 'SAMLResponse' in req
assert 'RelayState' in req
resp = self.sp.parse_authn_request_response(req['SAMLResponse'][0],
BINDING_HTTP_REDIRECT)
identity = resp.ava
assert identity["displayName"][0] == "Test Testsson"
