def test_saml2_create_account_multiple_email_already_taken(self):
self._skip_if_xmlsec_binary_missing()
self.config.use_signed_authn_request = True
self.config.save()
email = '*****@*****.**'
t_user = self.setup_user(
email=email, token_scope='rw:profile rw:issuer rw:backpack')
with override_settings(SAML_KEY_FILE=self.ipd_key_path,
SAML_CERT_FILE=self.ipd_cert_path):
saml2config = self.config
sp_config = config.SPConfig()
sp_config.load(create_saml_config_for(saml2config))
sp_metadata = create_metadata_string('',
config=sp_config,
sign=True)
idp_config = self.get_idp_config(sp_metadata)
identity = {
"eduPersonAffiliation": ["staff", "member"],
"surName": ["Jeter"],
"givenName": ["Derek"],
"mail": ["*****@*****.**", "*****@*****.**"],
"email": ["*****@*****.**"],
"title": ["shortstop"]
}
authn_response = self.get_authn_response(idp_config, identity)
base64_encoded_response_metadata = base64.b64encode(
authn_response.encode('utf-8'))
base_64_utf8_response_metadata = base64_encoded_response_metadata.decode(
'utf-8')
response = self.client.post(
reverse('assertion_consumer_service',
kwargs={'idp_name': self.config.slug}),
{'SAMLResponse': base_64_utf8_response_metadata})
self.assertEqual(response.status_code, 302)
location = response._headers['location'][1]
response = self.client.get(location)
self.assertEqual(Saml2Account.objects.count(), 0)
self.assertEqual(CachedEmailAddress.objects.count(), 1)
self.assertEqual(BadgeUser.objects.count(), 1)
def test_acs_with_authn_response_includes_subjectLocality(self):
self._skip_if_xmlsec_binary_missing()
self.config.use_signed_authn_request = True
self.config.save()
with override_settings(SAML_KEY_FILE=self.ipd_key_path,
SAML_CERT_FILE=self.ipd_cert_path):
saml2config = self.config
sp_config = config.SPConfig()
sp_config.load(create_saml_config_for(saml2config))
sp_metadata = create_metadata_string('',
config=sp_config,
sign=True)
idp_config = self.get_idp_config(sp_metadata)
identity = {
"eduPersonAffiliation": ["staff", "member"],
"surName": ["Jeter"],
"givenName": ["Derek"],
"mail": ["*****@*****.**"],
"title": ["shortstop"]
}
with closing(SamlServer(idp_config)) as server:
name_id = server.ident.transient_nameid(
"urn:mace:example.com:saml:roland:idp", "id12")
authn_context_ref = authn_context_class_ref(
AUTHN_PASSWORD_PROTECTED)
authn_context = AuthnContext(
authn_context_class_ref=authn_context_ref)
locality = saml.SubjectLocality()
locality.address = "172.31.25.30"
authn_statement = AuthnStatement(
subject_locality=locality,
authn_instant=datetime.now().isoformat(),
authn_context=authn_context,
session_index="id12")
authn_response = server.create_authn_response(
identity,
"id12", # in_response_to
self.
sp_acs_location, # consumer_url. config.sp.endpoints.assertion_consumer_service:["acs_endpoint"]
self.sp_acs_location, # sp_entity_id
name_id=name_id,
sign_assertion=True,
sign_response=True,
authn_statement=authn_statement)
base64_encoded_response_metadata = base64.b64encode(
authn_response.encode('utf-8'))
base_64_utf8_response_metadata = base64_encoded_response_metadata.decode(
'utf-8')
request = self.client.post(
reverse('assertion_consumer_service',
kwargs={'idp_name': self.config.slug}),
{'SAMLResponse': base_64_utf8_response_metadata})
