def test(): srvs = sp.metadata.single_sign_on_service(idp.config.entityid, BINDING_HTTP_REDIRECT) destination = srvs[0]["location"] req_id, req = sp.create_authn_request(destination, id="id1") try: key = sp.sec.key except AttributeError: key = import_rsa_key_from_file(sp.sec.key_file) info = http_redirect_message(req, destination, relay_state="RS", typ="SAMLRequest", sigalg=RSA_SHA1, key=key) verified_ok = False for param, val in info["headers"]: if param == "Location": _dict = parse_qs(val.split("?")[1]) _certs = idp.metadata.certs(sp.config.entityid, "any", "signing") for cert in _certs: if verify_redirect_signature(_dict, cert): verified_ok = True assert verified_ok
def test(): with closing(Server(config_file=dotname("idp_all_conf"))) as idp: conf = SPConfig() conf.load_file(dotname("servera_conf")) sp = Saml2Client(conf) srvs = sp.metadata.single_sign_on_service(idp.config.entityid, BINDING_HTTP_REDIRECT) destination = srvs[0]["location"] req_id, req = sp.create_authn_request(destination, id="id1") try: key = sp.sec.key except AttributeError: key = import_rsa_key_from_file(sp.sec.key_file) info = http_redirect_message(req, destination, relay_state="RS", typ="SAMLRequest", sigalg=SIG_RSA_SHA1, key=key) verified_ok = False for param, val in info["headers"]: if param == "Location": _dict = parse_qs(val.split("?")[1]) _certs = idp.metadata.certs(sp.config.entityid, "any", "signing") for cert in _certs: if verify_redirect_signature(_dict, cert): verified_ok = True assert verified_ok
def test_authn_request_http_redirect_right_signature(self): xml_message = generate_authn_request() encoded_message = deflate_and_base64_encode(xml_message) args = { 'SAMLRequest': encoded_message, 'SigAlg': SIG_RSA_SHA256, } query_string = "&".join([urlencode({k: args[k]}) for k in REQ_ORDER if k in args]).encode('ascii') pkey = import_rsa_key_from_file(os.path.join(DATA_DIR, 'sp.key')) signer = self.idp_server.server.sec.sec_backend.get_signer(SIG_RSA_SHA256, pkey) args["Signature"] = base64.b64encode(signer.sign(query_string)) query_string = urlencode(args) self.assertEqual(len(self.idp_server.ticket), 0) self.assertEqual(len(self.idp_server.responses), 0) response = self.test_client.get( '/sso-test?{}'.format(query_string), follow_redirects=True ) self.assertEqual(response.status_code, 200) response_text = response.get_data(as_text=True) self.assertIn( '<form class="Form Form--spaced u-margin-bottom-l " name="login" method="post" action="/login">', response_text ) self.assertEqual(len(self.idp_server.ticket), 1) self.assertEqual(len(self.idp_server.responses), 0) key = list(self.idp_server.ticket.keys())[0] xmlstr = self.idp_server.ticket[key].xmlstr self.assertEqual(xml_message, xmlstr)
def use_http_get(self, message, destination, relay_state, typ="SAMLRequest", sign=False): """ Send a message using GET, this is the HTTP-Redirect case so no direct response is expected to this request. :param message: :param destination: :param relay_state: :param typ: Whether a Request, Response or Artifact :return: dictionary """ if not isinstance(message, basestring): message = "%s" % (message,) if sign: key = import_rsa_key_from_file(self.config.key_file) return http_redirect_message(message, destination, relay_state, typ, sigalg=RSA_SHA1, key=key) else: return http_redirect_message(message, destination, relay_state, typ)
def test(): with closing(Server(config_file=dotname("idp_all_conf"))) as idp: conf = SPConfig() conf.load_file(dotname("servera_conf")) sp = Saml2Client(conf) srvs = sp.metadata.single_sign_on_service(idp.config.entityid, BINDING_HTTP_REDIRECT) destination = srvs[0]["location"] req_id, req = sp.create_authn_request(destination, id="id1") try: key = sp.sec.key except AttributeError: key = import_rsa_key_from_file(sp.sec.key_file) info = http_redirect_message(req, destination, relay_state="RS", typ="SAMLRequest", sigalg=SIG_RSA_SHA1, key=key) verified_ok = False for param, val in info["headers"]: if param == "Location": _dict = parse_qs(val.split("?")[1]) _certs = idp.metadata.certs(sp.config.entityid, "any", "signing") for cert in _certs: if verify_redirect_signature(list_values2simpletons(_dict), cert): verified_ok = True assert verified_ok