def _create_attribute_statement(self, user, user_domain_name, roles, project, project_domain_name): """Create an object that represents a SAML AttributeStatement. <ns0:AttributeStatement> <ns0:Attribute Name="openstack_user"> <ns0:AttributeValue xsi:type="xs:string">test_user</ns0:AttributeValue> </ns0:Attribute> <ns0:Attribute Name="openstack_user_domain"> <ns0:AttributeValue xsi:type="xs:string">Default</ns0:AttributeValue> </ns0:Attribute> <ns0:Attribute Name="openstack_roles"> <ns0:AttributeValue xsi:type="xs:string">admin</ns0:AttributeValue> <ns0:AttributeValue xsi:type="xs:string">member</ns0:AttributeValue> </ns0:Attribute> <ns0:Attribute Name="openstack_project"> <ns0:AttributeValue xsi:type="xs:string">development</ns0:AttributeValue> </ns0:Attribute> <ns0:Attribute Name="openstack_project_domain"> <ns0:AttributeValue xsi:type="xs:string">Default</ns0:AttributeValue> </ns0:Attribute> </ns0:AttributeStatement> :returns: XML <AttributeStatement> object """ def _build_attribute(attribute_name, attribute_values): attribute = saml.Attribute() attribute.name = attribute_name for value in attribute_values: attribute_value = saml.AttributeValue() attribute_value.set_text(value) attribute.attribute_value.append(attribute_value) return attribute user_attribute = _build_attribute('openstack_user', [user]) roles_attribute = _build_attribute('openstack_roles', roles) project_attribute = _build_attribute('openstack_project', [project]) project_domain_attribute = _build_attribute('openstack_project_domain', [project_domain_name]) user_domain_attribute = _build_attribute('openstack_user_domain', [user_domain_name]) attribute_statement = saml.AttributeStatement() attribute_statement.attribute.append(user_attribute) attribute_statement.attribute.append(roles_attribute) attribute_statement.attribute.append(project_attribute) attribute_statement.attribute.append(project_domain_attribute) attribute_statement.attribute.append(user_domain_attribute) return attribute_statement
def test_to_and_for(self): ava = {"givenName": "Roland", "surname": "Hedberg"} basic_ac = [a for a in self.acs if a.name_format == BASIC_NF][0] attr_state = saml.AttributeStatement(basic_ac.to_(ava)) oava = basic_ac.fro(attr_state) assert _eq(ava.keys(), oava.keys())
def construct(self, sp_entity_id, in_response_to, consumer_url, name_id, attrconvs, policy, issuer, authn_class=None, authn_auth=None, authn_decl=None, encrypt=None, sec_context=None): """ Construct the Assertion :param sp_entity_id: The entityid of the SP :param in_response_to: An identifier of the message, this message is a response to :param consumer_url: The intended consumer of the assertion :param name_id: An NameID instance :param attrconvs: AttributeConverters :param policy: The policy that should be adhered to when replying :param issuer: Who is issuing the statement :param authn_class: The authentication class :param authn_auth: The authentication instance :param authn_decl: :param encrypt: Whether to encrypt parts or all of the Assertion :param sec_context: The security context used when encrypting :return: An Assertion instance """ attr_statement = saml.AttributeStatement(attribute=from_local( attrconvs, self, policy.get_name_form(sp_entity_id))) if encrypt == "attributes": for attr in attr_statement.attribute: enc = sec_context.encrypt(text="%s" % attr) encd = xmlenc.encrypted_data_from_string(enc) encattr = saml.EncryptedAttribute(encrypted_data=encd) attr_statement.encrypted_attribute.append(encattr) attr_statement.attribute = [] # start using now and for some time conds = policy.conditions(sp_entity_id) return assertion_factory( issuer=issuer, attribute_statement = attr_statement, authn_statement = self._authn_statement(authn_class, authn_auth, authn_decl), conditions = conds, subject=factory( saml.Subject, name_id=name_id, subject_confirmation=factory( saml.SubjectConfirmation, method=saml.SUBJECT_CONFIRMATION_METHOD_BEARER, subject_confirmation_data=factory( saml.SubjectConfirmationData, in_response_to=in_response_to, recipient=consumer_url, not_on_or_after=policy.not_on_or_after( sp_entity_id)))), )
def _create_attribute_statement(self, user, roles, project): """Create an object that represents a SAML AttributeStatement. <ns0:AttributeStatement xmlns:ns0="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ns0:Attribute Name="openstack_user"> <ns0:AttributeValue xsi:type="xs:string">test_user</ns0:AttributeValue> </ns0:Attribute> <ns0:Attribute Name="openstack_roles"> <ns0:AttributeValue xsi:type="xs:string">admin</ns0:AttributeValue> <ns0:AttributeValue xsi:type="xs:string">member</ns0:AttributeValue> </ns0:Attribute> <ns0:Attribute Name="openstack_projects"> <ns0:AttributeValue xsi:type="xs:string">development</ns0:AttributeValue> </ns0:Attribute> </ns0:AttributeStatement> :return: XML <AttributeStatement> object """ openstack_user = '******' user_attribute = saml.Attribute() user_attribute.name = openstack_user user_value = saml.AttributeValue() user_value.set_text(user) user_attribute.attribute_value = user_value openstack_roles = 'openstack_roles' roles_attribute = saml.Attribute() roles_attribute.name = openstack_roles for role in roles: role_value = saml.AttributeValue() role_value.set_text(role) roles_attribute.attribute_value.append(role_value) openstack_project = 'openstack_project' project_attribute = saml.Attribute() project_attribute.name = openstack_project project_value = saml.AttributeValue() project_value.set_text(project) project_attribute.attribute_value = project_value attribute_statement = saml.AttributeStatement() attribute_statement.attribute.append(user_attribute) attribute_statement.attribute.append(roles_attribute) attribute_statement.attribute.append(project_attribute) return attribute_statement
def _create_attribute_statement(self, user, roles, project): """Create an object that represents a SAML AttributeStatement. <ns0:AttributeStatement> <ns0:Attribute Name="openstack_user"> <ns0:AttributeValue xsi:type="xs:string">test_user</ns0:AttributeValue> </ns0:Attribute> <ns0:Attribute Name="openstack_roles"> <ns0:AttributeValue xsi:type="xs:string">admin</ns0:AttributeValue> <ns0:AttributeValue xsi:type="xs:string">member</ns0:AttributeValue> </ns0:Attribute> <ns0:Attribute Name="openstack_project"> <ns0:AttributeValue xsi:type="xs:string">development</ns0:AttributeValue> </ns0:Attribute> </ns0:AttributeStatement> :return: XML <AttributeStatement> object """ openstack_user = '******' user_attribute = saml.Attribute() user_attribute.name = openstack_user user_value = saml.AttributeValue() user_value.set_text(user) user_attribute.attribute_value = user_value openstack_roles = 'openstack_roles' roles_attribute = saml.Attribute() roles_attribute.name = openstack_roles for role in roles: role_value = saml.AttributeValue() role_value.set_text(role) roles_attribute.attribute_value.append(role_value) openstack_project = 'openstack_project' project_attribute = saml.Attribute() project_attribute.name = openstack_project project_value = saml.AttributeValue() project_value.set_text(project) project_attribute.attribute_value = project_value attribute_statement = saml.AttributeStatement() attribute_statement.attribute.append(user_attribute) attribute_statement.attribute.append(roles_attribute) attribute_statement.attribute.append(project_attribute) return attribute_statement
def test_valid_instance(): attr_statem = saml.AttributeStatement() text = [ "value of test attribute", "value1 of test attribute", "value2 of test attribute", "value1 of test attribute2", "value2 of test attribute2", ] attr_statem.attribute.append(saml.Attribute()) attr_statem.attribute.append(saml.Attribute()) attr_statem.attribute[0].name = "testAttribute" attr_statem.attribute[0].name_format = saml.NAME_FORMAT_URI attr_statem.attribute[0].friendly_name = "test attribute" attr_statem.attribute[0].attribute_value.append(saml.AttributeValue()) attr_statem.attribute[0].attribute_value[0].text = text[0] attr_statem.attribute[1].name = "testAttribute2" attr_statem.attribute[1].name_format = saml.NAME_FORMAT_UNSPECIFIED attr_statem.attribute[1].friendly_name = text[2] attr_statem.attribute[1].attribute_value.append(saml.AttributeValue()) attr_statem.attribute[1].attribute_value[0].text = text[2] assert valid_instance(attr_statem) response = samlp.Response() response.id = "response id" response.in_response_to = "request id" response.version = saml2.VERSION response.issue_instant = "2007-09-14T01:05:02Z" response.destination = "http://www.example.com/Destination" response.consent = saml.CONSENT_UNSPECIFIED response.issuer = saml.Issuer() response.status = samlp.Status() response.assertion.append(saml.Assertion()) with raises(MustValueError): valid_instance(response)
def do_attribute_statement(identity): """ :param identity: A dictionary with fiendly names as keys :return: """ return saml.AttributeStatement(attribute=do_attributes(identity))
def construct(self, sp_entity_id, in_response_to, consumer_url, name_id, attrconvs, policy, issuer, authn_class=None, authn_auth=None, authn_decl=None, encrypt=None, sec_context=None, authn_decl_ref=None, authn_instant="", subject_locality=""): """ Construct the Assertion :param sp_entity_id: The entityid of the SP :param in_response_to: An identifier of the message, this message is a response to :param consumer_url: The intended consumer of the assertion :param name_id: An NameID instance :param attrconvs: AttributeConverters :param policy: The policy that should be adhered to when replying :param issuer: Who is issuing the statement :param authn_class: The authentication class :param authn_auth: The authentication instance :param authn_decl: An Authentication Context declaration :param encrypt: Whether to encrypt parts or all of the Assertion :param sec_context: The security context used when encrypting :param authn_decl_ref: An Authentication Context declaration reference :param authn_instant: When the Authentication was performed :param subject_locality: Specifies the DNS domain name and IP address for the system from which the assertion subject was apparently authenticated. :return: An Assertion instance """ if policy: _name_format = policy.get_name_form(sp_entity_id) else: _name_format = NAME_FORMAT_URI attr_statement = saml.AttributeStatement(attribute=from_local( attrconvs, self, _name_format)) if encrypt == "attributes": for attr in attr_statement.attribute: enc = sec_context.encrypt(text="%s" % attr) encd = xmlenc.encrypted_data_from_string(enc) encattr = saml.EncryptedAttribute(encrypted_data=encd) attr_statement.encrypted_attribute.append(encattr) attr_statement.attribute = [] # start using now and for some time conds = policy.conditions(sp_entity_id) if authn_auth or authn_class or authn_decl or authn_decl_ref: _authn_statement = authn_statement(authn_class, authn_auth, authn_decl, authn_decl_ref, authn_instant, subject_locality) else: _authn_statement = None _ass = assertion_factory( issuer=issuer, conditions=conds, subject=factory( saml.Subject, name_id=name_id, subject_confirmation=[factory( saml.SubjectConfirmation, method=saml.SCM_BEARER, subject_confirmation_data=factory( saml.SubjectConfirmationData, in_response_to=in_response_to, recipient=consumer_url, not_on_or_after=policy.not_on_or_after(sp_entity_id)))] ), ) if _authn_statement: _ass.authn_statement = [_authn_statement] if not attr_statement.empty(): _ass.attribute_statement=[attr_statement] return _ass