def test_parse_does_not_raise_exception_when_xml_metadata_does_not_have_display_names(
self):
# Arrange
metadata_parser = SAMLMetadataParser()
# Act
result = metadata_parser.parse(
fixtures.CORRECT_ONE_IDP_METADATA_WITHOUT_DISPLAY_NAMES)
# Assert
assert isinstance(result, list)
eq_(len(result), 1)
[result] = result
eq_(
result,
IdentityProviderMetadata(
entity_id=fixtures.IDP_1_ENTITY_ID,
ui_info=UIInfo(),
organization=Organization(),
name_id_format=fixtures.NAME_ID_FORMAT_1,
sso_service=Service(fixtures.IDP_1_SSO_URL,
fixtures.IDP_1_SSO_BINDING),
want_authn_requests_signed=False,
signing_certificates=[
strip_certificate(fixtures.SIGNING_CERTIFICATE)
],
encryption_certificates=[
strip_certificate(fixtures.ENCRYPTION_CERTIFICATE)
]))
def test_get_service_provider_settings_returns_correct_result(self, name, service_provider, expected_result):
# Arrange
configuration = create_autospec(spec=SAMLConfiguration)
configuration.get_service_provider = MagicMock(return_value=service_provider)
onelogin_configuration = SAMLOneLoginConfiguration(configuration)
db = create_autospec(spec=sqlalchemy.orm.session.Session)
# Act
result = onelogin_configuration.get_service_provider_settings(db)
# Assert
result['sp']['x509cert'] = strip_certificate(result['sp']['x509cert'])
eq_(result, expected_result)
configuration.get_service_provider.assert_called_once_with(db)
class TestSAMLOneLoginConfiguration(object):
def test_get_identity_provider_settings_returns_correct_result(self):
# Arrange
configuration = create_autospec(spec=SAMLConfiguration)
configuration.get_identity_providers = MagicMock(
return_value=IDENTITY_PROVIDERS)
onelogin_configuration = SAMLOneLoginConfiguration(configuration)
expected_result = {
'idp': {
'entityId': IDENTITY_PROVIDERS[0].entity_id,
'singleSignOnService': {
'url': IDENTITY_PROVIDERS[0].sso_service.url,
'binding': IDENTITY_PROVIDERS[0].sso_service.binding.value
}
},
'security': {
'authnRequestsSigned':
IDENTITY_PROVIDERS[0].want_authn_requests_signed
}
}
db = create_autospec(spec=sqlalchemy.orm.session.Session)
# Act
result = onelogin_configuration.get_identity_provider_settings(
db, IDENTITY_PROVIDERS[0].entity_id)
# Assert
eq_(result, expected_result)
configuration.get_identity_providers.assert_called_once_with(db)
@parameterized.expand([
('service_provider_without_certificates',
SERVICE_PROVIDER_WITHOUT_CERTIFICATE, {
'sp': {
'entityId': SERVICE_PROVIDER_WITH_CERTIFICATE.entity_id,
'assertionConsumerService': {
'url':
SERVICE_PROVIDER_WITH_CERTIFICATE.acs_service.url,
'binding':
SERVICE_PROVIDER_WITH_CERTIFICATE.acs_service.binding.
value
},
'NameIDFormat':
SERVICE_PROVIDER_WITH_CERTIFICATE.name_id_format,
'x509cert': '',
'privateKey': ''
},
'security': {
'authnRequestsSigned':
SERVICE_PROVIDER_WITH_CERTIFICATE.authn_requests_signed
}
}),
('service_provider_with_certificate',
SERVICE_PROVIDER_WITH_CERTIFICATE, {
'sp': {
'entityId':
SERVICE_PROVIDER_WITH_CERTIFICATE.entity_id,
'assertionConsumerService': {
'url':
SERVICE_PROVIDER_WITH_CERTIFICATE.acs_service.url,
'binding':
SERVICE_PROVIDER_WITH_CERTIFICATE.acs_service.binding.
value
},
'NameIDFormat':
SERVICE_PROVIDER_WITH_CERTIFICATE.name_id_format,
'x509cert':
strip_certificate(
SERVICE_PROVIDER_WITH_CERTIFICATE.certificate),
'privateKey':
SERVICE_PROVIDER_WITH_CERTIFICATE.private_key
},
'security': {
'authnRequestsSigned':
SERVICE_PROVIDER_WITH_CERTIFICATE.authn_requests_signed
}
})
])
def test_get_service_provider_settings_returns_correct_result(
self, name, service_provider, expected_result):
# Arrange
configuration = create_autospec(spec=SAMLConfiguration)
configuration.get_service_provider = MagicMock(
return_value=service_provider)
onelogin_configuration = SAMLOneLoginConfiguration(configuration)
db = create_autospec(spec=sqlalchemy.orm.session.Session)
# Act
result = onelogin_configuration.get_service_provider_settings(db)
# Assert
result['sp']['x509cert'] = strip_certificate(result['sp']['x509cert'])
eq_(result, expected_result)
configuration.get_service_provider.assert_called_once_with(db)
def test_get_settings_returns_correct_result(self):
# Arrange
configuration = create_autospec(spec=SAMLConfiguration)
debug = False
strict = False
configuration.get_debug = MagicMock(return_value=False)
configuration.get_strict = MagicMock(return_value=False)
configuration.get_service_provider = MagicMock(
return_value=SERVICE_PROVIDER_WITH_CERTIFICATE)
configuration.get_identity_providers = MagicMock(
return_value=IDENTITY_PROVIDERS)
onelogin_configuration = SAMLOneLoginConfiguration(configuration)
expected_result = {
'debug': debug,
'strict': strict,
'idp': {
'entityId': IDENTITY_PROVIDERS[0].entity_id,
'singleSignOnService': {
'url': IDENTITY_PROVIDERS[0].sso_service.url,
'binding': IDENTITY_PROVIDERS[0].sso_service.binding.value
},
'x509cert': '',
'certFingerprint': '',
'certFingerprintAlgorithm': 'sha1'
},
'sp': {
'entityId':
SERVICE_PROVIDER_WITH_CERTIFICATE.entity_id,
'assertionConsumerService': {
'url':
SERVICE_PROVIDER_WITH_CERTIFICATE.acs_service.url,
'binding':
SERVICE_PROVIDER_WITH_CERTIFICATE.acs_service.binding.value
},
'attributeConsumingService': {},
'singleLogoutService': {
'binding':
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
},
'NameIDFormat':
SERVICE_PROVIDER_WITH_CERTIFICATE.name_id_format,
'x509cert':
strip_certificate(
SERVICE_PROVIDER_WITH_CERTIFICATE.certificate),
'privateKey':
SERVICE_PROVIDER_WITH_CERTIFICATE.private_key
},
'security': {
'failOnAuthnContextMismatch':
False,
'requestedAuthnContextComparison':
'exact',
'wantNameIdEncrypted':
False,
'authnRequestsSigned':
SERVICE_PROVIDER_WITH_CERTIFICATE.authn_requests_signed
or IDENTITY_PROVIDERS[0].want_authn_requests_signed,
'logoutResponseSigned':
False,
'wantMessagesSigned':
False,
'metadataCacheDuration':
None,
'rejectUnsolicitedResponsesWithInResponseTo':
False,
'requestedAuthnContext':
True,
'logoutRequestSigned':
False,
'wantAttributeStatement':
True,
'signMetadata':
False,
'digestAlgorithm':
'http://www.w3.org/2000/09/xmldsig#sha1',
'metadataValidUntil':
None,
'wantAssertionsSigned':
False,
'wantNameId':
True,
'wantAssertionsEncrypted':
False,
'nameIdEncrypted':
False,
'signatureAlgorithm':
'http://www.w3.org/2000/09/xmldsig#rsa-sha1'
}
}
db = create_autospec(spec=sqlalchemy.orm.session.Session)
# Act
result = onelogin_configuration.get_settings(
db, IDENTITY_PROVIDERS[0].entity_id)
# Assert
result['sp']['x509cert'] = strip_certificate(result['sp']['x509cert'])
eq_(result, expected_result)
configuration.get_debug.assert_called_with(db)
configuration.get_strict.assert_called_with(db)
configuration.get_service_provider.assert_called_with(db)
configuration.get_identity_providers.assert_called_with(db)
def test_parse_correctly_parses_one_idp_metadata(self):
# Arrange
metadata_parser = SAMLMetadataParser()
# Act
result = metadata_parser.parse(fixtures.CORRECT_ONE_IDP_METADATA)
# Assert
assert isinstance(result, list)
eq_(len(result), 1)
[result] = result
eq_(
result,
IdentityProviderMetadata(
entity_id=fixtures.IDP_1_ENTITY_ID,
ui_info=UIInfo([
LocalizableMetadataItem(
fixtures.IDP_1_UI_INFO_EN_DISPLAY_NAME, 'en'),
LocalizableMetadataItem(
fixtures.IDP_1_UI_INFO_ES_DISPLAY_NAME, 'es')
], [
LocalizableMetadataItem(fixtures.IDP_1_UI_INFO_DESCRIPTION,
'en')
], [
LocalizableMetadataItem(
fixtures.IDP_1_UI_INFO_INFORMATION_URL, 'en')
], [
LocalizableMetadataItem(
fixtures.IDP_1_UI_INFO_PRIVACY_STATEMENT_URL, 'en')
], [LocalizableMetadataItem(fixtures.IDP_1_UI_INFO_LOGO_URL)]),
organization=Organization(
[
LocalizableMetadataItem(
fixtures.IDP_1_ORGANIZATION_EN_ORGANIZATION_NAME,
'en'),
LocalizableMetadataItem(
fixtures.IDP_1_ORGANIZATION_ES_ORGANIZATION_NAME,
'es')
],
[
LocalizableMetadataItem(
fixtures.
IDP_1_ORGANIZATION_EN_ORGANIZATION_DISPLAY_NAME,
'en'),
LocalizableMetadataItem(
fixtures.
IDP_1_ORGANIZATION_ES_ORGANIZATION_DISPLAY_NAME,
'es')
],
[
LocalizableMetadataItem(
fixtures.IDP_1_ORGANIZATION_EN_ORGANIZATION_URL,
'en'),
LocalizableMetadataItem(
fixtures.IDP_1_ORGANIZATION_ES_ORGANIZATION_URL,
'es')
],
),
name_id_format=fixtures.NAME_ID_FORMAT_1,
sso_service=Service(fixtures.IDP_1_SSO_URL,
fixtures.IDP_1_SSO_BINDING),
want_authn_requests_signed=False,
signing_certificates=[
strip_certificate(fixtures.SIGNING_CERTIFICATE)
],
encryption_certificates=[
strip_certificate(fixtures.ENCRYPTION_CERTIFICATE)
]))
def test_parse_correctly_parses_one_sp_metadata(self):
# Arrange
metadata_parser = SAMLMetadataParser()
# Act
result = metadata_parser.parse(fixtures.CORRECT_ONE_SP_METADATA)
# Assert
assert isinstance(result, list)
eq_(len(result), 1)
[result] = result
eq_(
result,
ServiceProviderMetadata(
entity_id=fixtures.SP_ENTITY_ID,
ui_info=UIInfo([
LocalizableMetadataItem(
fixtures.SP_UI_INFO_EN_DISPLAY_NAME, 'en'),
LocalizableMetadataItem(
fixtures.SP_UI_INFO_ES_DISPLAY_NAME, 'es')
], [
LocalizableMetadataItem(fixtures.SP_UI_INFO_DESCRIPTION,
'en')
], [
LocalizableMetadataItem(
fixtures.SP_UI_INFO_INFORMATION_URL, 'en')
], [
LocalizableMetadataItem(
fixtures.SP_UI_INFO_PRIVACY_STATEMENT_URL, 'en')
], [LocalizableMetadataItem(fixtures.SP_UI_INFO_LOGO_URL)]),
organization=Organization(
[
LocalizableMetadataItem(
fixtures.SP_ORGANIZATION_EN_ORGANIZATION_NAME,
'en'),
LocalizableMetadataItem(
fixtures.SP_ORGANIZATION_ES_ORGANIZATION_NAME,
'es')
],
[
LocalizableMetadataItem(
fixtures.
SP_ORGANIZATION_EN_ORGANIZATION_DISPLAY_NAME,
'en'),
LocalizableMetadataItem(
fixtures.
SP_ORGANIZATION_ES_ORGANIZATION_DISPLAY_NAME, 'es')
],
[
LocalizableMetadataItem(
fixtures.SP_ORGANIZATION_EN_ORGANIZATION_URL,
'en'),
LocalizableMetadataItem(
fixtures.SP_ORGANIZATION_ES_ORGANIZATION_URL, 'es')
],
),
name_id_format=NameIDFormat.UNSPECIFIED.value,
acs_service=Service(fixtures.SP_ACS_URL,
fixtures.SP_ACS_BINDING),
authn_requests_signed=False,
want_assertions_signed=False,
certificate=strip_certificate(fixtures.SIGNING_CERTIFICATE)))
def test_parse_correctly_parses_metadata_with_multiple_descriptors(self):
# Arrange
metadata_parser = SAMLMetadataParser()
# Act
result = metadata_parser.parse(fixtures.CORRECT_MULTIPLE_IDPS_METADATA)
# Assert
assert isinstance(result, list)
assert len(result) == 2
eq_(
result[0],
IdentityProviderMetadata(
entity_id=fixtures.IDP_1_ENTITY_ID,
ui_info=UIInfo([
LocalizableMetadataItem(
fixtures.IDP_1_UI_INFO_EN_DISPLAY_NAME, 'en'),
LocalizableMetadataItem(
fixtures.IDP_1_UI_INFO_ES_DISPLAY_NAME, 'es')
]),
organization=Organization(
[
LocalizableMetadataItem(
fixtures.IDP_1_ORGANIZATION_EN_ORGANIZATION_NAME,
'en'),
LocalizableMetadataItem(
fixtures.IDP_1_ORGANIZATION_ES_ORGANIZATION_NAME,
'es')
],
[
LocalizableMetadataItem(
fixtures.
IDP_1_ORGANIZATION_EN_ORGANIZATION_DISPLAY_NAME,
'en'),
LocalizableMetadataItem(
fixtures.
IDP_1_ORGANIZATION_ES_ORGANIZATION_DISPLAY_NAME,
'es')
],
[
LocalizableMetadataItem(
fixtures.IDP_1_ORGANIZATION_EN_ORGANIZATION_URL,
'en'),
LocalizableMetadataItem(
fixtures.IDP_1_ORGANIZATION_ES_ORGANIZATION_URL,
'es')
],
),
name_id_format=fixtures.NAME_ID_FORMAT_1,
sso_service=Service(fixtures.IDP_1_SSO_URL,
fixtures.IDP_1_SSO_BINDING),
want_authn_requests_signed=False,
signing_certificates=[
strip_certificate(fixtures.SIGNING_CERTIFICATE)
],
encryption_certificates=[
strip_certificate(fixtures.ENCRYPTION_CERTIFICATE)
]))
eq_(
result[1],
IdentityProviderMetadata(
entity_id=fixtures.IDP_2_ENTITY_ID,
ui_info=UIInfo([
LocalizableMetadataItem(
fixtures.IDP_2_UI_INFO_EN_DISPLAY_NAME, 'en'),
LocalizableMetadataItem(
fixtures.IDP_2_UI_INFO_ES_DISPLAY_NAME, 'es')
]),
organization=Organization(
[
LocalizableMetadataItem(
fixtures.IDP_2_ORGANIZATION_EN_ORGANIZATION_NAME,
'en'),
LocalizableMetadataItem(
fixtures.IDP_2_ORGANIZATION_ES_ORGANIZATION_NAME,
'es')
],
[
LocalizableMetadataItem(
fixtures.
IDP_2_ORGANIZATION_EN_ORGANIZATION_DISPLAY_NAME,
'en'),
LocalizableMetadataItem(
fixtures.
IDP_2_ORGANIZATION_ES_ORGANIZATION_DISPLAY_NAME,
'es')
],
[
LocalizableMetadataItem(
fixtures.IDP_2_ORGANIZATION_EN_ORGANIZATION_URL,
'en'),
LocalizableMetadataItem(
fixtures.IDP_2_ORGANIZATION_ES_ORGANIZATION_URL,
'es')
],
),
name_id_format=fixtures.NAME_ID_FORMAT_1,
sso_service=Service(fixtures.IDP_2_SSO_URL,
fixtures.IDP_2_SSO_BINDING),
want_authn_requests_signed=False,
signing_certificates=[
strip_certificate(fixtures.SIGNING_CERTIFICATE)
],
encryption_certificates=[
strip_certificate(fixtures.ENCRYPTION_CERTIFICATE)
]))