def test_from_light_response(self):
self.maxDiff = None
saml_response = SAMLResponse.from_light_response(
self.create_light_response(True), 'saml-request-issuer',
'test/destination', datetime(2017, 12, 11, 14, 12, 5, 148000),
timedelta(minutes=5))
with cast(TextIO,
(DATA_DIR /
'saml_response_from_light_response.xml').open('r')) as f2:
data = f2.read()
self.assertXMLEqual(
dump_xml(saml_response.document).decode('utf-8'), data)
def test_from_light_response_minimal(self):
self.maxDiff = None
status = Status(failure=False)
response = self.create_light_response(True,
ip_address=None,
status=status,
attributes={})
saml_response = SAMLResponse.from_light_response(
response, None, None, datetime(2017, 12, 11, 14, 12, 5, 148000),
timedelta(minutes=5))
with cast(
TextIO,
(DATA_DIR /
'saml_response_from_light_response_minimal.xml').open('r')) as f2:
data = f2.read()
self.assertXMLEqual(
dump_xml(saml_response.document).decode('utf-8'), data)
def create_saml_response(
self,
issuer: str,
audience: Optional[str],
destination: Optional[str],
signature_options: Optional[Dict[str, str]],
validity: int,
encryption_options: Dict[str, Any] = None) -> SAMLResponse:
"""
Create a SAML response from a light response.
:param issuer: Issuer of the SAML response.
:param audience: The audience of the SAML response (the issuer of the SAML request).
:param destination: Service provider's endpoint.
:param signature_options: Optional options to create a signed response: `key_file`, `cert_file`.
`signature_method`, and `digest_method`.
:param validity: The validity of the response in minutes.
:param encryption_options: Optional options to encrypt an assertion: `cert_file`, `encryption_method`,
and `key_transport`.
:return: A SAML response.
"""
# Replace the original issuer with our issuer registered at the Identity Provider.
self.light_response.issuer = issuer
response = SAMLResponse.from_light_response(
self.light_response, audience, destination, datetime.utcnow(),
timedelta(minutes=validity))
LOGGER.info(
'[#%r] Created SAML response: id=%r, issuer=%r, in_response_to_id=%r',
self.log_id, response.id, response.issuer,
response.in_response_to_id)
sign = signature_options and signature_options.get(
'key_file') and signature_options.get('cert_file')
if sign:
response.sign_assertion(**cast(Dict[str, Any], signature_options))
if encryption_options and encryption_options.get('cert_file'):
response.encrypt_assertion(encryption_options['cert_file'],
encryption_options['encryption_method'],
encryption_options['key_transport'])
if sign:
response.sign_response(**cast(Dict[str, Any], signature_options))
return response
def test_from_light_response_version_mismatch(self):
self.maxDiff = None
status = Status(failure=True,
sub_status_code=SubStatusCode.VERSION_MISMATCH,
status_message='Oops.')
response = self.create_light_response(False,
issuer=None,
ip_address=None,
status=status)
saml_response = SAMLResponse.from_light_response(
response, None, None, datetime(2017, 12, 11, 14, 12, 5, 148000),
timedelta(minutes=5))
with cast(TextIO,
(DATA_DIR /
'saml_response_from_light_response_version_mismatch.xml'
).open('r')) as f2:
data = f2.read()
self.assertXMLEqual(
dump_xml(saml_response.document).decode('utf-8'), data)