def test():
srvs = sp.metadata.single_sign_on_service(idp.config.entityid,
BINDING_HTTP_REDIRECT)
destination = srvs[0]["location"]
req_id, req = sp.create_authn_request(destination, id="id1")
try:
key = sp.sec.key
except AttributeError:
key = import_rsa_key_from_file(sp.sec.key_file)
info = http_redirect_message(req,
destination,
relay_state="RS",
typ="SAMLRequest",
sigalg=RSA_SHA1,
key=key)
verified_ok = False
for param, val in info["headers"]:
if param == "Location":
_dict = parse_qs(val.split("?")[1])
_certs = idp.metadata.certs(sp.config.entityid, "any", "signing")
for cert in _certs:
if verify_redirect_signature(_dict, cert):
verified_ok = True
assert verified_ok
def test():
with closing(Server(config_file=dotname("idp_all_conf"))) as idp:
conf = SPConfig()
conf.load_file(dotname("servera_conf"))
sp = Saml2Client(conf)
srvs = sp.metadata.single_sign_on_service(idp.config.entityid,
BINDING_HTTP_REDIRECT)
destination = srvs[0]["location"]
req_id, req = sp.create_authn_request(destination, id="id1")
try:
key = sp.sec.key
except AttributeError:
key = import_rsa_key_from_file(sp.sec.key_file)
info = http_redirect_message(req, destination, relay_state="RS",
typ="SAMLRequest", sigalg=SIG_RSA_SHA1,
key=key)
verified_ok = False
for param, val in info["headers"]:
if param == "Location":
_dict = parse_qs(val.split("?")[1])
_certs = idp.metadata.certs(sp.config.entityid, "any", "signing")
for cert in _certs:
if verify_redirect_signature(_dict, cert):
verified_ok = True
assert verified_ok
def test_authn_request_http_redirect_right_signature(self):
xml_message = generate_authn_request()
encoded_message = deflate_and_base64_encode(xml_message)
args = {
'SAMLRequest': encoded_message,
'SigAlg': SIG_RSA_SHA256,
}
query_string = "&".join([urlencode({k: args[k]})
for k in REQ_ORDER if k in args]).encode('ascii')
pkey = import_rsa_key_from_file(os.path.join(DATA_DIR, 'sp.key'))
signer = self.idp_server.server.sec.sec_backend.get_signer(SIG_RSA_SHA256, pkey)
args["Signature"] = base64.b64encode(signer.sign(query_string))
query_string = urlencode(args)
self.assertEqual(len(self.idp_server.ticket), 0)
self.assertEqual(len(self.idp_server.responses), 0)
response = self.test_client.get(
'/sso-test?{}'.format(query_string),
follow_redirects=True
)
self.assertEqual(response.status_code, 200)
response_text = response.get_data(as_text=True)
self.assertIn(
'<form class="Form Form--spaced u-margin-bottom-l " name="login" method="post" action="/login">',
response_text
)
self.assertEqual(len(self.idp_server.ticket), 1)
self.assertEqual(len(self.idp_server.responses), 0)
key = list(self.idp_server.ticket.keys())[0]
xmlstr = self.idp_server.ticket[key].xmlstr
self.assertEqual(xml_message, xmlstr)
def use_http_get(self, message, destination, relay_state,
typ="SAMLRequest", sign=False):
"""
Send a message using GET, this is the HTTP-Redirect case so
no direct response is expected to this request.
:param message:
:param destination:
:param relay_state:
:param typ: Whether a Request, Response or Artifact
:return: dictionary
"""
if not isinstance(message, basestring):
message = "%s" % (message,)
if sign:
key = import_rsa_key_from_file(self.config.key_file)
return http_redirect_message(message, destination, relay_state,
typ, sigalg=RSA_SHA1, key=key)
else:
return http_redirect_message(message, destination,
relay_state, typ)
def test():
with closing(Server(config_file=dotname("idp_all_conf"))) as idp:
conf = SPConfig()
conf.load_file(dotname("servera_conf"))
sp = Saml2Client(conf)
srvs = sp.metadata.single_sign_on_service(idp.config.entityid,
BINDING_HTTP_REDIRECT)
destination = srvs[0]["location"]
req_id, req = sp.create_authn_request(destination, id="id1")
try:
key = sp.sec.key
except AttributeError:
key = import_rsa_key_from_file(sp.sec.key_file)
info = http_redirect_message(req,
destination,
relay_state="RS",
typ="SAMLRequest",
sigalg=SIG_RSA_SHA1,
key=key)
verified_ok = False
for param, val in info["headers"]:
if param == "Location":
_dict = parse_qs(val.split("?")[1])
_certs = idp.metadata.certs(sp.config.entityid, "any",
"signing")
for cert in _certs:
if verify_redirect_signature(list_values2simpletons(_dict),
cert):
verified_ok = True
assert verified_ok
