def _create_attribute_statement(self, user, user_domain_name, roles,
project, project_domain_name):
"""Create an object that represents a SAML AttributeStatement.
<ns0:AttributeStatement>
<ns0:Attribute Name="openstack_user">
<ns0:AttributeValue
xsi:type="xs:string">test_user</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="openstack_user_domain">
<ns0:AttributeValue
xsi:type="xs:string">Default</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="openstack_roles">
<ns0:AttributeValue
xsi:type="xs:string">admin</ns0:AttributeValue>
<ns0:AttributeValue
xsi:type="xs:string">member</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="openstack_project">
<ns0:AttributeValue
xsi:type="xs:string">development</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="openstack_project_domain">
<ns0:AttributeValue
xsi:type="xs:string">Default</ns0:AttributeValue>
</ns0:Attribute>
</ns0:AttributeStatement>
:returns: XML <AttributeStatement> object
"""
def _build_attribute(attribute_name, attribute_values):
attribute = saml.Attribute()
attribute.name = attribute_name
for value in attribute_values:
attribute_value = saml.AttributeValue()
attribute_value.set_text(value)
attribute.attribute_value.append(attribute_value)
return attribute
user_attribute = _build_attribute('openstack_user', [user])
roles_attribute = _build_attribute('openstack_roles', roles)
project_attribute = _build_attribute('openstack_project', [project])
project_domain_attribute = _build_attribute('openstack_project_domain',
[project_domain_name])
user_domain_attribute = _build_attribute('openstack_user_domain',
[user_domain_name])
attribute_statement = saml.AttributeStatement()
attribute_statement.attribute.append(user_attribute)
attribute_statement.attribute.append(roles_attribute)
attribute_statement.attribute.append(project_attribute)
attribute_statement.attribute.append(project_domain_attribute)
attribute_statement.attribute.append(user_domain_attribute)
return attribute_statement
def test_to_and_for(self):
ava = {"givenName": "Roland", "surname": "Hedberg"}
basic_ac = [a for a in self.acs if a.name_format == BASIC_NF][0]
attr_state = saml.AttributeStatement(basic_ac.to_(ava))
oava = basic_ac.fro(attr_state)
assert _eq(ava.keys(), oava.keys())
def construct(self, sp_entity_id, in_response_to, consumer_url,
name_id, attrconvs, policy, issuer, authn_class=None,
authn_auth=None, authn_decl=None, encrypt=None,
sec_context=None):
""" Construct the Assertion
:param sp_entity_id: The entityid of the SP
:param in_response_to: An identifier of the message, this message is
a response to
:param consumer_url: The intended consumer of the assertion
:param name_id: An NameID instance
:param attrconvs: AttributeConverters
:param policy: The policy that should be adhered to when replying
:param issuer: Who is issuing the statement
:param authn_class: The authentication class
:param authn_auth: The authentication instance
:param authn_decl:
:param encrypt: Whether to encrypt parts or all of the Assertion
:param sec_context: The security context used when encrypting
:return: An Assertion instance
"""
attr_statement = saml.AttributeStatement(attribute=from_local(
attrconvs, self,
policy.get_name_form(sp_entity_id)))
if encrypt == "attributes":
for attr in attr_statement.attribute:
enc = sec_context.encrypt(text="%s" % attr)
encd = xmlenc.encrypted_data_from_string(enc)
encattr = saml.EncryptedAttribute(encrypted_data=encd)
attr_statement.encrypted_attribute.append(encattr)
attr_statement.attribute = []
# start using now and for some time
conds = policy.conditions(sp_entity_id)
return assertion_factory(
issuer=issuer,
attribute_statement = attr_statement,
authn_statement = self._authn_statement(authn_class, authn_auth,
authn_decl),
conditions = conds,
subject=factory( saml.Subject,
name_id=name_id,
subject_confirmation=factory( saml.SubjectConfirmation,
method=saml.SUBJECT_CONFIRMATION_METHOD_BEARER,
subject_confirmation_data=factory(
saml.SubjectConfirmationData,
in_response_to=in_response_to,
recipient=consumer_url,
not_on_or_after=policy.not_on_or_after(
sp_entity_id)))),
)
def _create_attribute_statement(self, user, roles, project):
"""Create an object that represents a SAML AttributeStatement.
<ns0:AttributeStatement
xmlns:ns0="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ns0:Attribute Name="openstack_user">
<ns0:AttributeValue
xsi:type="xs:string">test_user</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="openstack_roles">
<ns0:AttributeValue
xsi:type="xs:string">admin</ns0:AttributeValue>
<ns0:AttributeValue
xsi:type="xs:string">member</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="openstack_projects">
<ns0:AttributeValue
xsi:type="xs:string">development</ns0:AttributeValue>
</ns0:Attribute>
</ns0:AttributeStatement>
:return: XML <AttributeStatement> object
"""
openstack_user = '******'
user_attribute = saml.Attribute()
user_attribute.name = openstack_user
user_value = saml.AttributeValue()
user_value.set_text(user)
user_attribute.attribute_value = user_value
openstack_roles = 'openstack_roles'
roles_attribute = saml.Attribute()
roles_attribute.name = openstack_roles
for role in roles:
role_value = saml.AttributeValue()
role_value.set_text(role)
roles_attribute.attribute_value.append(role_value)
openstack_project = 'openstack_project'
project_attribute = saml.Attribute()
project_attribute.name = openstack_project
project_value = saml.AttributeValue()
project_value.set_text(project)
project_attribute.attribute_value = project_value
attribute_statement = saml.AttributeStatement()
attribute_statement.attribute.append(user_attribute)
attribute_statement.attribute.append(roles_attribute)
attribute_statement.attribute.append(project_attribute)
return attribute_statement
def _create_attribute_statement(self, user, roles, project):
"""Create an object that represents a SAML AttributeStatement.
<ns0:AttributeStatement>
<ns0:Attribute Name="openstack_user">
<ns0:AttributeValue
xsi:type="xs:string">test_user</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="openstack_roles">
<ns0:AttributeValue
xsi:type="xs:string">admin</ns0:AttributeValue>
<ns0:AttributeValue
xsi:type="xs:string">member</ns0:AttributeValue>
</ns0:Attribute>
<ns0:Attribute Name="openstack_project">
<ns0:AttributeValue
xsi:type="xs:string">development</ns0:AttributeValue>
</ns0:Attribute>
</ns0:AttributeStatement>
:return: XML <AttributeStatement> object
"""
openstack_user = '******'
user_attribute = saml.Attribute()
user_attribute.name = openstack_user
user_value = saml.AttributeValue()
user_value.set_text(user)
user_attribute.attribute_value = user_value
openstack_roles = 'openstack_roles'
roles_attribute = saml.Attribute()
roles_attribute.name = openstack_roles
for role in roles:
role_value = saml.AttributeValue()
role_value.set_text(role)
roles_attribute.attribute_value.append(role_value)
openstack_project = 'openstack_project'
project_attribute = saml.Attribute()
project_attribute.name = openstack_project
project_value = saml.AttributeValue()
project_value.set_text(project)
project_attribute.attribute_value = project_value
attribute_statement = saml.AttributeStatement()
attribute_statement.attribute.append(user_attribute)
attribute_statement.attribute.append(roles_attribute)
attribute_statement.attribute.append(project_attribute)
return attribute_statement
def test_valid_instance():
attr_statem = saml.AttributeStatement()
text = [
"value of test attribute",
"value1 of test attribute",
"value2 of test attribute",
"value1 of test attribute2",
"value2 of test attribute2",
]
attr_statem.attribute.append(saml.Attribute())
attr_statem.attribute.append(saml.Attribute())
attr_statem.attribute[0].name = "testAttribute"
attr_statem.attribute[0].name_format = saml.NAME_FORMAT_URI
attr_statem.attribute[0].friendly_name = "test attribute"
attr_statem.attribute[0].attribute_value.append(saml.AttributeValue())
attr_statem.attribute[0].attribute_value[0].text = text[0]
attr_statem.attribute[1].name = "testAttribute2"
attr_statem.attribute[1].name_format = saml.NAME_FORMAT_UNSPECIFIED
attr_statem.attribute[1].friendly_name = text[2]
attr_statem.attribute[1].attribute_value.append(saml.AttributeValue())
attr_statem.attribute[1].attribute_value[0].text = text[2]
assert valid_instance(attr_statem)
response = samlp.Response()
response.id = "response id"
response.in_response_to = "request id"
response.version = saml2.VERSION
response.issue_instant = "2007-09-14T01:05:02Z"
response.destination = "http://www.example.com/Destination"
response.consent = saml.CONSENT_UNSPECIFIED
response.issuer = saml.Issuer()
response.status = samlp.Status()
response.assertion.append(saml.Assertion())
with raises(MustValueError):
valid_instance(response)
def do_attribute_statement(identity):
"""
:param identity: A dictionary with fiendly names as keys
:return:
"""
return saml.AttributeStatement(attribute=do_attributes(identity))
def construct(self, sp_entity_id, in_response_to, consumer_url,
name_id, attrconvs, policy, issuer, authn_class=None,
authn_auth=None, authn_decl=None, encrypt=None,
sec_context=None, authn_decl_ref=None, authn_instant="",
subject_locality=""):
""" Construct the Assertion
:param sp_entity_id: The entityid of the SP
:param in_response_to: An identifier of the message, this message is
a response to
:param consumer_url: The intended consumer of the assertion
:param name_id: An NameID instance
:param attrconvs: AttributeConverters
:param policy: The policy that should be adhered to when replying
:param issuer: Who is issuing the statement
:param authn_class: The authentication class
:param authn_auth: The authentication instance
:param authn_decl: An Authentication Context declaration
:param encrypt: Whether to encrypt parts or all of the Assertion
:param sec_context: The security context used when encrypting
:param authn_decl_ref: An Authentication Context declaration reference
:param authn_instant: When the Authentication was performed
:param subject_locality: Specifies the DNS domain name and IP address
for the system from which the assertion subject was apparently
authenticated.
:return: An Assertion instance
"""
if policy:
_name_format = policy.get_name_form(sp_entity_id)
else:
_name_format = NAME_FORMAT_URI
attr_statement = saml.AttributeStatement(attribute=from_local(
attrconvs, self, _name_format))
if encrypt == "attributes":
for attr in attr_statement.attribute:
enc = sec_context.encrypt(text="%s" % attr)
encd = xmlenc.encrypted_data_from_string(enc)
encattr = saml.EncryptedAttribute(encrypted_data=encd)
attr_statement.encrypted_attribute.append(encattr)
attr_statement.attribute = []
# start using now and for some time
conds = policy.conditions(sp_entity_id)
if authn_auth or authn_class or authn_decl or authn_decl_ref:
_authn_statement = authn_statement(authn_class, authn_auth,
authn_decl, authn_decl_ref,
authn_instant,
subject_locality)
else:
_authn_statement = None
_ass = assertion_factory(
issuer=issuer,
conditions=conds,
subject=factory(
saml.Subject,
name_id=name_id,
subject_confirmation=[factory(
saml.SubjectConfirmation,
method=saml.SCM_BEARER,
subject_confirmation_data=factory(
saml.SubjectConfirmationData,
in_response_to=in_response_to,
recipient=consumer_url,
not_on_or_after=policy.not_on_or_after(sp_entity_id)))]
),
)
if _authn_statement:
_ass.authn_statement = [_authn_statement]
if not attr_statement.empty():
_ass.attribute_statement=[attr_statement]
return _ass
