def test_post_sso(self): binding = BINDING_HTTP_POST response_binding = BINDING_HTTP_POST sid, http_args = self.client.prepare_for_authenticate( "urn:mace:example.com:saml:roland:idp", relay_state="really", binding=binding, response_binding=response_binding) _dic = unpack_form(http_args["data"][3]) req = self.server.parse_authn_request(_dic["SAMLRequest"], binding) resp_args = self.server.response_args(req.message, [response_binding]) assert resp_args["binding"] == response_binding # Normally a response would now be sent back to the users web client # Here I fake what the client will do # create the form post http_args["data"] = urllib.urlencode(_dic) http_args["method"] = "POST" http_args["dummy"] = _dic["SAMLRequest"] http_args["headers"] = [('Content-type', 'application/x-www-form-urlencoded')] response = self.client.send(**http_args) print response.text _dic = unpack_form(response.text[3], "SAMLResponse") resp = self.client.parse_authn_request_response(_dic["SAMLResponse"], BINDING_HTTP_POST, {sid: "/"}) ac = resp.assertion.authn_statement[0].authn_context assert ac.authenticating_authority[0].text == \ 'http://www.example.com/login' assert ac.authn_context_class_ref.text == INTERNETPROTOCOLPASSWORD
def test_post_sso(self): binding = BINDING_HTTP_POST response_binding = BINDING_HTTP_POST sid, http_args = self.client.prepare_for_authenticate( "urn:mace:example.com:saml:roland:idp", relay_state="really", binding=binding, response_binding=response_binding) _dic = unpack_form(http_args["data"][3]) req = self.server.parse_authn_request(_dic["SAMLRequest"], binding) resp_args = self.server.response_args(req.message, [response_binding]) assert resp_args["binding"] == response_binding # Normally a response would now be sent back to the users web client # Here I fake what the client will do # create the form post http_args["data"] = urllib.urlencode(_dic) http_args["method"] = "POST" http_args["dummy"] = _dic["SAMLRequest"] http_args["headers"] = [('Content-type', 'application/x-www-form-urlencoded')] response = self.client.send(**http_args) print response.text _dic = unpack_form(response.text[3], "SAMLResponse") resp = self.client.parse_authn_request_response( _dic["SAMLResponse"], BINDING_HTTP_POST, {sid: "/"}) ac = resp.assertion.authn_statement[0].authn_context assert ac.authenticating_authority[0].text == \ 'http://www.example.com/login' assert ac.authn_context_class_ref.text == INTERNETPROTOCOLPASSWORD
def test_post_sso(self): sid, http_args = self.client.prepare_for_authenticate( "urn:mace:example.com:saml:roland:idp", relay_state="really", binding=BINDING_HTTP_POST) # Normally a response would now be sent back to the users web client # Here I fake what the client will do # create the form post _dic = unpack_form(http_args["data"][3]) http_args["data"] = urllib.urlencode(_dic) http_args["method"] = "POST" http_args["dummy"] = _dic["SAMLRequest"] http_args["headers"] = [('Content-type', 'application/x-www-form-urlencoded')] response = self.client.send(**http_args) print response.text _dic = unpack_form(response.text[3], "SAMLResponse") resp = self.client.parse_authn_request_response(_dic["SAMLResponse"], BINDING_HTTP_POST, {sid: "/"}) ac = resp.assertion.authn_statement[0].authn_context assert ac.authenticating_authority[0].text == \ 'http://www.example.com/login' assert ac.authn_context_class_ref.text == AUTHN_PASSWORD # if __name__ == "__main__": # tc = TestClient() # tc.setup_class() # tc.test_response()
def test_logout_1(self): """ one IdP/AA logout from""" # information about the user from an IdP session_info = { "name_id": "123456", "issuer": "urn:mace:example.com:saml:roland:idp", "not_on_or_after": in_a_while(minutes=15), "ava": { "givenName": "Anders", "surName": "Andersson", "mail": "*****@*****.**" } } self.client.users.add_information_about_person(session_info) entity_ids = self.client.users.issuers_of_info("123456") assert entity_ids == ["urn:mace:example.com:saml:roland:idp"] resp = self.client.global_logout("123456", "Tired", in_a_while(minutes=5)) print resp assert resp assert len(resp) == 1 assert resp.keys() == entity_ids http_args = resp[entity_ids[0]] assert isinstance(http_args, dict) assert http_args["headers"] == [('Content-type', 'text/html')] info = unpack_form(http_args["data"][3]) xml_str = base64.b64decode(info["SAMLRequest"]) req = logout_request_from_string(xml_str) print req assert req.reason == "Tired"
def test_post_sso(self): id, http_args = self.client.prepare_for_authenticate( "urn:mace:example.com:saml:roland:idp", relay_state="really", binding=BINDING_HTTP_POST) # Normally a response would now be sent back to the users web client # Here I fake what the client will do # create the form post _dic = unpack_form(http_args["data"][3]) http_args["data"] = urllib.urlencode(_dic) http_args["method"] = "POST" http_args["dummy"] = _dic["SAMLRequest"] http_args["headers"] = [('Content-type','application/x-www-form-urlencoded')] response = self.client.send(**http_args) print response.text _dic = unpack_form(response.text[3], "SAMLResponse") resp = self.client.parse_authn_request_response(_dic["SAMLResponse"], BINDING_HTTP_POST, {id: "/"}) ac = resp.assertion.authn_statement[0].authn_context assert ac.authenticating_authority[0].text == 'http://www.example.com/login' assert ac.authn_context_class_ref.text == AUTHN_PASSWORD # def test_logout_2(self): # """ one IdP/AA with BINDING_SOAP, can't actually send something""" # # conf = config.SPConfig() # conf.load_file("server2_conf") # client = Saml2Client(conf) # # # information about the user from an IdP # session_info = { # "name_id": "123456", # "issuer": "urn:mace:example.com:saml:roland:idp", # "not_on_or_after": in_a_while(minutes=15), # "ava": { # "givenName": "Anders", # "surName": "Andersson", # "mail": "*****@*****.**" # } # } # client.users.add_information_about_person(session_info) # entity_ids = self.client.users.issuers_of_info("123456") # assert entity_ids == ["urn:mace:example.com:saml:roland:idp"] # destinations = client.config.single_logout_services(entity_ids[0], # BINDING_SOAP) # print destinations # assert destinations == ['http://*****:*****@example.com" # } # } # client.users.add_information_about_person(session_info_authn) # session_info_aa = { # "name_id": "123456", # "issuer": "urn:mace:example.com:saml:roland:aa", # "not_on_or_after": in_a_while(minutes=15), # "ava": { # "eduPersonEntitlement": "Foobar", # } # } # client.users.add_information_about_person(session_info_aa) # entity_ids = client.users.issuers_of_info("123456") # assert _leq(entity_ids, ["urn:mace:example.com:saml:roland:idp", # "urn:mace:example.com:saml:roland:aa"]) # resp = client.global_logout("123456", "Tired", in_a_while(minutes=5)) # print resp # assert resp # assert resp[0] # a session_id # assert resp[1] == '200 OK' # # HTTP POST # assert resp[2] == [('Content-type', 'text/html')] # assert resp[3][0] == '<head>' # assert resp[3][1] == '<title>SAML 2.0 POST</title>' # # state_info = client.state[resp[0]] # print state_info # assert state_info["entity_id"] == entity_ids[0] # assert state_info["subject_id"] == "123456" # assert state_info["reason"] == "Tired" # assert state_info["operation"] == "SLO" # assert state_info["entity_ids"] == entity_ids # assert state_info["sign"] == True # # def test_authz_decision_query(self): # conf = config.SPConfig() # conf.load_file("server3_conf") # client = Saml2Client(conf) # # AVA = {'mail': u'*****@*****.**', # 'eduPersonTargetedID': '95e9ae91dbe62d35198fbbd5e1fb0976', # 'displayName': u'Roland Hedberg', # 'uid': 'http://roland.hedberg.myopenid.com/'} # # sp_entity_id = "sp_entity_id" # in_response_to = "1234" # consumer_url = "http://example.com/consumer" # name_id = saml.NameID(saml.NAMEID_FORMAT_TRANSIENT, text="name_id") # policy = Policy() # ava = Assertion(AVA) # assertion = ava.construct(sp_entity_id, in_response_to, # consumer_url, name_id, # conf.attribute_converters, # policy, issuer=client._issuer()) # # adq = client.create_authz_decision_query_using_assertion("entity_id", # assertion, # "read", # "http://example.com/text") # # assert adq # print adq # assert adq.keyswv() != [] # assert adq.destination == "entity_id" # assert adq.resource == "http://example.com/text" # assert adq.action[0].text == "read" # # def test_request_to_discovery_service(self): # disc_url = "http://example.com/saml2/idp/disc" # url = discovery_service_request_url("urn:mace:example.com:saml:roland:sp", # disc_url) # print url # assert url == "http://example.com/saml2/idp/disc?entityID=urn%3Amace%3Aexample.com%3Asaml%3Aroland%3Asp" # # url = discovery_service_request_url( # self.client.config.entityid, # disc_url, # return_url= "http://example.org/saml2/sp/ds") # # print url # assert url == "http://example.com/saml2/idp/disc?entityID=urn%3Amace%3Aexample.com%3Asaml%3Aroland%3Asp&return=http%3A%2F%2Fexample.org%2Fsaml2%2Fsp%2Fds" # # def test_get_idp_from_discovery_service(self): # pdir = {"entityID": "http://example.org/saml2/idp/sso"} # params = urllib.urlencode(pdir) # redirect_url = "http://example.com/saml2/sp/disc?%s" % params # # entity_id = discovery_service_response(url=redirect_url) # assert entity_id == "http://example.org/saml2/idp/sso" # # pdir = {"idpID": "http://example.org/saml2/idp/sso"} # params = urllib.urlencode(pdir) # redirect_url = "http://example.com/saml2/sp/disc?%s" % params # # entity_id = discovery_service_response(url=redirect_url, # returnIDParam="idpID") # # assert entity_id == "http://example.org/saml2/idp/sso" # self.server.close_shelve_db() # # def test_unsolicited_response(self): # """ # # """ # self.server = Server("idp_conf") # # conf = config.SPConfig() # conf.load_file("server_conf") # self.client = Saml2Client(conf) # # for subject in self.client.users.subjects(): # self.client.users.remove_person(subject) # # IDP = "urn:mace:example.com:saml:roland:idp" # # ava = { "givenName": ["Derek"], "surName": ["Jeter"], # "mail": ["*****@*****.**"], "title": ["The man"]} # # resp_str = "%s" % self.server.create_authn_response( # identity=ava, # in_response_to="id1", # destination="http://lingon.catalogix.se:8087/", # sp_entity_id="urn:mace:example.com:saml:roland:sp", # name_id_policy=samlp.NameIDPolicy( # format=saml.NAMEID_FORMAT_PERSISTENT), # userid="*****@*****.**") # # resp_str = base64.encodestring(resp_str) # # self.client.allow_unsolicited = True # authn_response = self.client.authn_request_response( # {"SAMLResponse":resp_str}, ()) # # assert authn_response is not None # assert authn_response.issuer() == IDP # assert authn_response.response.assertion[0].issuer.text == IDP # session_info = authn_response.session_info() # # print session_info # assert session_info["ava"] == {'mail': ['*****@*****.**'], # 'givenName': ['Derek'], # 'surName': ['Jeter']} # assert session_info["issuer"] == IDP # assert session_info["came_from"] == "" # response = samlp.response_from_string(authn_response.xmlstr) # assert response.destination == "http://lingon.catalogix.se:8087/" # # # One person in the cache # assert len(self.client.users.subjects()) == 1 # self.server.close_shelve_db()