def get_auth_response(self, samlfrontend, context, internal_response, sp_conf, idp_metadata_str): sp_config = SPConfig().load(sp_conf, metadata_construction=False) resp_args = { "name_id_policy": NameIDPolicy(format=NAMEID_FORMAT_TRANSIENT), "in_response_to": None, "destination": sp_config.endpoint("assertion_consumer_service", binding=BINDING_HTTP_REDIRECT)[0], "sp_entity_id": sp_conf["entityid"], "binding": BINDING_HTTP_REDIRECT } request_state = samlfrontend._create_state_data(context, resp_args, "") context.state[samlfrontend.name] = request_state resp = samlfrontend.handle_authn_response(context, internal_response) sp_conf["metadata"]["inline"].append(idp_metadata_str) fakesp = FakeSP(sp_config) resp_dict = parse_qs(urlparse(resp.message).query) return fakesp.parse_authn_request_response( resp_dict["SAMLResponse"][0], BINDING_HTTP_REDIRECT)
def test_sp(): cnf = SPConfig() cnf.load_file("sp_1_conf") assert cnf.single_logout_services("urn:mace:example.com:saml:roland:idp", BINDING_HTTP_POST) == ["http://localhost:8088/slo"] assert cnf.endpoint("assertion_consumer_service") == \ ["http://lingon.catalogix.se:8087/"] assert len(cnf.idps()) == 1
def test_ecp(): cnf = SPConfig() cnf.load(ECP_SP) assert cnf.endpoint("assertion_consumer_service") == ["http://lingon.catalogix.se:8087/"] eid = cnf.ecp_endpoint("130.239.16.3") assert eid == "http://example.com/idp" eid = cnf.ecp_endpoint("130.238.20.20") assert eid is None
def test_co_static_attributes(self, frontend, context, internal_response, idp_conf, sp_conf): # Use the frontend and context fixtures to dynamically create the # proxy IdP server that would be created during a flow. idp_server = frontend._create_co_virtual_idp(context) # Use the context fixture to find the CO name and the backend name # and then use those to dynamically update the ipd_conf fixture. co_name = frontend._get_co_name(context) backend_name = context.target_backend idp_conf = frontend._add_endpoints_to_config(idp_conf, co_name, backend_name) idp_conf = frontend._add_entity_id(idp_conf, co_name) # Use a utility function to serialize the idp_conf IdP configuration # fixture to a string and then dynamically update the sp_conf # SP configuration fixture with the metadata. idp_metadata_str = create_metadata_from_config_dict(idp_conf) sp_conf["metadata"]["inline"].append(idp_metadata_str) sp_config = SPConfig().load(sp_conf, metadata_construction=False) # Use the updated sp_config fixture to generate a fake SP and then # use the fake SP to generate an authentication request aimed at the # proxy CO virtual IdP. fakesp = FakeSP(sp_config) destination, auth_req = fakesp.make_auth_req( idp_server.config.entityid, nameid_format=None, relay_state="relay_state", subject=None, ) # Update the context with the authentication request. context.request = auth_req # Create the response arguments necessary for the IdP to respond to # the authentication request, update the request state and with it # the context, and then use the frontend fixture and the # internal_response fixture to handle the authentication response # and generate a response from the proxy IdP to the SP. resp_args = { "name_id_policy": NameIDPolicy(format=NAMEID_FORMAT_TRANSIENT), "in_response_to": None, "destination": sp_config.endpoint( "assertion_consumer_service", binding=BINDING_HTTP_REDIRECT )[0], "sp_entity_id": sp_conf["entityid"], "binding": BINDING_HTTP_REDIRECT } request_state = frontend._create_state_data(context, resp_args, "") context.state[frontend.name] = request_state frontend.handle_authn_response(context, internal_response) # Verify that the frontend added the CO static SAML attributes to the # internal response. for attr, value in self.CO_STATIC_SAML_ATTRIBUTES.items(): assert internal_response.attributes[attr] == value
def test_ecp(): cnf = SPConfig() cnf.load(ECP_SP) assert cnf.endpoint("assertion_consumer_service") == \ ["http://lingon.catalogix.se:8087/"] eid = cnf.ecp_endpoint("130.239.16.3") assert eid == "http://example.com/idp" eid = cnf.ecp_endpoint("130.238.20.20") assert eid is None
def get_auth_response(self, samlfrontend, context, internal_response, sp_conf, idp_metadata_str): sp_config = SPConfig().load(sp_conf, metadata_construction=False) resp_args = { "name_id_policy": NameIDPolicy(format=NAMEID_FORMAT_TRANSIENT), "in_response_to": None, "destination": sp_config.endpoint("assertion_consumer_service", binding=BINDING_HTTP_REDIRECT)[0], "sp_entity_id": sp_conf["entityid"], "binding": BINDING_HTTP_REDIRECT } request_state = samlfrontend._create_state_data(context, resp_args, "") context.state[samlfrontend.name] = request_state resp = samlfrontend.handle_authn_response(context, internal_response) sp_conf["metadata"]["inline"].append(idp_metadata_str) fakesp = FakeSP(sp_config) resp_dict = parse_qs(urlparse(resp.message).query) return fakesp.parse_authn_request_response(resp_dict["SAMLResponse"][0], BINDING_HTTP_REDIRECT)
def test_sp(): cnf = SPConfig() cnf.load_file(dotname("sp_1_conf")) assert cnf.endpoint("assertion_consumer_service") == \ ["http://lingon.catalogix.se:8087/"]
xmlstr = saml_auth_response.decode('ascii') # Fancy SAML print # from lxml import etree # root = etree.XML(xmlstr.encode('ascii')) # print(etree.tostring(root, pretty_print=True).decode('utf-8')) # pySAML2 parse authn response (sign and decrypt features included) kwargs = { "outstanding_queries": outstanding, "outstanding_certs": outstanding_certs, "allow_unsolicited": conf._sp_allow_unsolicited, "want_assertions_signed": conf._sp_want_assertions_signed, "want_response_signed": conf._sp_want_response_signed, "return_addrs": conf.endpoint("assertion_consumer_service", binding, "sp"), "entity_id": conf.entityid, "attribute_converters": conf.attribute_converters, "allow_unknown_attributes": conf.allow_unknown_attributes, 'conv_info': conv_info } # xml unravel fails bacause of b64 inflate method # pr = client.parse_authn_request_response(saml_auth_response_b64, # binding, # outstanding=outstanding, # outstanding_certs=None, # conv_info=None) authn_response = AuthnResponse(client.sec, **kwargs)