def get_authn_response(self, idp_config, identity):
with closing(SamlServer(idp_config)) as server:
name_id = server.ident.transient_nameid(
"urn:mace:example.com:saml:roland:idp", "id12")
authn_context_ref = authn_context_class_ref(
AUTHN_PASSWORD_PROTECTED)
authn_context = AuthnContext(
authn_context_class_ref=authn_context_ref)
locality = saml.SubjectLocality()
locality.address = "172.31.25.30"
authn_statement = AuthnStatement(
subject_locality=locality,
authn_instant=datetime.now().isoformat(),
authn_context=authn_context,
session_index="id12")
return server.create_authn_response(
identity,
"id12", # in_response_to
self.
sp_acs_location, # consumer_url. config.sp.endpoints.assertion_consumer_service:["acs_endpoint"]
self.sp_acs_location, # sp_entity_id
name_id=name_id,
sign_assertion=True,
sign_response=True,
authn_statement=authn_statement)
def authn_statement(authn_class=None,
authn_auth=None,
authn_decl=None,
authn_decl_ref=None,
authn_instant="",
subject_locality="",
session_not_on_or_after=None):
"""
Construct the AuthnStatement
:param authn_class: Authentication Context Class reference
:param authn_auth: Authenticating Authority
:param authn_decl: Authentication Context Declaration
:param authn_decl_ref: Authentication Context Declaration reference
:param authn_instant: When the Authentication was performed.
Assumed to be seconds since the Epoch.
:param subject_locality: Specifies the DNS domain name and IP address
for the system from which the assertion subject was apparently
authenticated.
:return: An AuthnContext instance
"""
if authn_instant:
_instant = instant(time_stamp=authn_instant)
else:
_instant = instant()
if authn_class:
res = factory(saml.AuthnStatement,
authn_instant=_instant,
session_index=sid(),
session_not_on_or_after=session_not_on_or_after,
authn_context=_authn_context_class_ref(
authn_class, authn_auth))
elif authn_decl:
res = factory(saml.AuthnStatement,
authn_instant=_instant,
session_index=sid(),
session_not_on_or_after=session_not_on_or_after,
authn_context=_authn_context_decl(
authn_decl, authn_auth))
elif authn_decl_ref:
res = factory(saml.AuthnStatement,
authn_instant=_instant,
session_index=sid(),
session_not_on_or_after=session_not_on_or_after,
authn_context=_authn_context_decl_ref(
authn_decl_ref, authn_auth))
else:
res = factory(saml.AuthnStatement,
authn_instant=_instant,
session_index=sid(),
session_not_on_or_after=session_not_on_or_after)
if subject_locality:
res.subject_locality = saml.SubjectLocality(text=subject_locality)
return res
def test_acs_with_authn_response_includes_subjectLocality(self):
self._skip_if_xmlsec_binary_missing()
self.config.use_signed_authn_request = True
self.config.save()
with override_settings(SAML_KEY_FILE=self.ipd_key_path,
SAML_CERT_FILE=self.ipd_cert_path):
saml2config = self.config
sp_config = config.SPConfig()
sp_config.load(create_saml_config_for(saml2config))
sp_metadata = create_metadata_string('',
config=sp_config,
sign=True)
idp_config = self.get_idp_config(sp_metadata)
identity = {
"eduPersonAffiliation": ["staff", "member"],
"surName": ["Jeter"],
"givenName": ["Derek"],
"mail": ["*****@*****.**"],
"title": ["shortstop"]
}
with closing(SamlServer(idp_config)) as server:
name_id = server.ident.transient_nameid(
"urn:mace:example.com:saml:roland:idp", "id12")
authn_context_ref = authn_context_class_ref(
AUTHN_PASSWORD_PROTECTED)
authn_context = AuthnContext(
authn_context_class_ref=authn_context_ref)
locality = saml.SubjectLocality()
locality.address = "172.31.25.30"
authn_statement = AuthnStatement(
subject_locality=locality,
authn_instant=datetime.now().isoformat(),
authn_context=authn_context,
session_index="id12")
authn_response = server.create_authn_response(
identity,
"id12", # in_response_to
self.
sp_acs_location, # consumer_url. config.sp.endpoints.assertion_consumer_service:["acs_endpoint"]
self.sp_acs_location, # sp_entity_id
name_id=name_id,
sign_assertion=True,
sign_response=True,
authn_statement=authn_statement)
base64_encoded_response_metadata = base64.b64encode(
authn_response.encode('utf-8'))
base_64_utf8_response_metadata = base64_encoded_response_metadata.decode(
'utf-8')
request = self.client.post(
reverse('assertion_consumer_service',
kwargs={'idp_name': self.config.slug}),
{'SAMLResponse': base_64_utf8_response_metadata})
