def test_automatic_registration_new_client_id(self): _registration_service = self.service['registration'] # This is cheating. Getting the OP's provider info _fe = _registration_service.service_context.federation_entity statement = Statement() statement.metadata = self.registration_endpoint.endpoint_context.provider_info statement.fo = "https://feide.no" statement.verified_chain = [{'iss': "https://ntnu.no"}] self.service['discovery'].update_service_context([statement]) # and the OP's federation keys self.rp_federation_entity.keyjar.import_jwks( read_info(os.path.join(ROOT_DIR, 'op.ntnu.no'), 'op.ntnu.no', 'jwks'), issuer_id=self.registration_endpoint.endpoint_context. provider_info['issuer']) _context = self.service['authorization'].service_context _context.set('issuer', 'https://op.ntnu.no') _context.set('redirect_uris', ['https://foodle.uninett.no/callback']) _context.set('entity_id', self.rp_federation_entity.entity_id) _context.set('client_id', self.rp_federation_entity.entity_id) _context.set('behaviour', {'response_types': ['code']}) _context.set( 'provider_info', self.authorization_endpoint.endpoint_context.provider_info) # The client not registered and the OP not supporting automatic client registration with pytest.raises(OtherError): self.service['authorization'].construct()
def test_automatic_registration_keep_client_id(self): # This is cheating. Getting the OP provider info _registration_service = self.service['registration'] _fe = _registration_service.service_context.federation_entity statement = Statement() statement.metadata = self.registration_endpoint.endpoint_context.provider_info statement.fo = "https://feide.no" statement.verified_chain = [{'iss': "https://ntnu.no"}] self.service['discovery'].update_service_context([statement]) # and the OP's federation keys self.rp_federation_entity.keyjar.import_jwks( read_info(os.path.join(ROOT_DIR, 'op.ntnu.no'), 'op.ntnu.no', 'jwks'), issuer_id=self.registration_endpoint.endpoint_context. provider_info['issuer']) service_context = self.service['authorization'].service_context service_context.set('issuer', 'https://op.ntnu.no') service_context.set('redirect_uris', ['https://foodle.uninett.no/callback']) service_context.set('entity_id', self.rp_federation_entity.entity_id) service_context.set('client_id', self.rp_federation_entity.entity_id) service_context.set('behaviour', {'response_types': ['code']}) service_context.set( 'provider_info', self.authorization_endpoint.endpoint_context.provider_info) authn_request = self.service['authorization'].construct() # Have to provide the OP with clients keys self.authorization_endpoint.endpoint_context.keyjar.import_jwks( _registration_service.service_context.keyjar.export_jwks(), ENTITY_ID) # get rid of the earlier client registrations for k in self.authorization_endpoint.endpoint_context.cdb.keys(): del self.authorization_endpoint.endpoint_context.cdb[k] # Have to provide the OP with clients keys self.authorization_endpoint.endpoint_context.keyjar.import_jwks( _registration_service.service_context.keyjar.export_jwks(), ENTITY_ID) # set new_id to False self.authorization_endpoint.automatic_registration_endpoint.kwargs[ "new_id"] = False # THe OP handles the authorization request req = self.authorization_endpoint.parse_request( authn_request.to_dict()) assert "response_type" in req # reg_resp = self.registration_endpoint.do_response(**res) # assert set(reg_resp.keys()) == {'response', 'http_headers', 'cookie'} client_ids = list( self.authorization_endpoint.endpoint_context.cdb.keys()) assert len(client_ids) == 1 assert client_ids[0] == ENTITY_ID
def test_explicit_registration(self): _registration_service = self.service['registration'] # Using the RP's federation entity instance _fe = _registration_service.client_get( "service_context").federation_entity _endpoint_context = self.registration_endpoint.server_get( "endpoint_context") # This is cheating. Getting the OP provider info trust_chain = TrustChain() trust_chain.metadata = _endpoint_context.provider_info trust_chain.anchor = "https://feide.no" trust_chain.verified_chain = [{'iss': "https://ntnu.no"}] self.service['discovery'].update_service_context([trust_chain]) # add the OP's federation keys self.rp_federation_entity.keyjar.import_jwks( read_info(os.path.join(ROOT_DIR, 'op.ntnu.no'), 'op.ntnu.no', 'jwks'), issuer_id=_endpoint_context.provider_info['issuer']) # construct the client registration request req_args = { 'entity_id': self.rp_federation_entity.entity_id, 'redirect_uris': ['https://foodle.uninett.no/cb'] } self.rp_federation_entity.proposed_authority_hints = [ 'https://ntnu.no' ] jws = _registration_service.construct(request_args=req_args) assert jws # THe OP handles the registration request res = self.registration_endpoint.process_request(jws) assert res reg_resp = self.registration_endpoint.do_response(**res) assert set(reg_resp.keys()) == {'response', 'http_headers', 'cookie'} # The RP parses the OP's response args = _registration_service.parse_response(reg_resp['response'], request=jws) assert set(args.keys()) == { 'entity_id', 'client_id', 'contacts', 'application_type', 'redirect_uris', 'response_types', 'client_id_issued_at', 'client_secret', 'grant_types', 'client_secret_expires_at' }
def test_automatic_registration_new_client_id(self): _registration_service = self.service['registration'] self.authorization_endpoint.endpoint_context.provider_info[ 'client_registration_authn_methods_supported'] = { "ar": ['request_object'] } # This is cheating. Getting the OP's provider info _fe = _registration_service.service_context.federation_entity statement = Statement() statement.metadata = self.registration_endpoint.endpoint_context.provider_info statement.fo = "https://feide.no" statement.verified_chain = [{'iss': "https://ntnu.no"}] self.service['discovery'].update_service_context([statement]) # and the OP's federation keys self.rp_federation_entity.keyjar.import_jwks( read_info(os.path.join(ROOT_DIR, 'op.ntnu.no'), 'op.ntnu.no', 'jwks'), issuer_id=self.registration_endpoint.endpoint_context. provider_info['issuer']) _context = self.service['authorization'].service_context _context.set('issuer', 'https://op.ntnu.no') _context.set('redirect_uris', ['https://foodle.uninett.no/callback']) _context.set('entity_id', self.rp_federation_entity.entity_id) _context.set('client_id', self.rp_federation_entity.entity_id) _context.set('behaviour', {'response_types': ['code']}) _context.set( 'provider_info', self.authorization_endpoint.endpoint_context.provider_info) authn_request = self.service['authorization'].construct() # Have to provide the OP with clients keys self.authorization_endpoint.endpoint_context.keyjar.import_jwks( _registration_service.service_context.keyjar.export_jwks(), ENTITY_ID) # The OP handles the authorization request req = self.authorization_endpoint.parse_request( authn_request.to_dict()) assert "response_type" in req client_ids = list( self.authorization_endpoint.endpoint_context.cdb.keys()) assert len(client_ids) == 2 assert ENTITY_ID in client_ids
def create_endpoint(self): # First the RP service_context = ServiceContext( config={ 'behaviour': { 'federation_types_supported': ['explicit'] }, 'issuer': "https://op.ntnu.no", 'keys': { 'key_defs': KEYSPEC } }) # the federation part of the RP self.rp_federation_entity = FederationEntity( entity_id=ENTITY_ID, trusted_roots=ANCHOR, authority_hints=['https://ntnu.no'], entity_type='openid_relying_party', opponent_entity_type='openid_provider') self.rp_federation_entity.collector = DummyCollector( trusted_roots=ANCHOR, root_dir=ROOT_DIR) self.rp_federation_entity.keyjar.import_jwks(read_info( os.path.join(ROOT_DIR, 'foodle.uninett.no'), 'foodle.uninett.no', 'jwks'), issuer_id=ENTITY_ID) # add the federation part to the service context service_context.federation_entity = self.rp_federation_entity # The RP has/supports 3 services self.service = { 'discovery': FedProviderInfoDiscovery(service_context), 'registration': Registration(service_context), 'authorization': FedAuthorization(service_context), } # and now for the OP op_entity_id = "https://op.ntnu.no" conf = { "issuer": op_entity_id, "password": "******", "token_expires_in": 600, "grant_expires_in": 300, "refresh_token_expires_in": 86400, "verify_ssl": False, "endpoint": { 'provider_info': { 'path': '.well-known/openid-federation', 'class': provider_config.ProviderConfiguration, 'kwargs': { 'client_authn_method': None } }, 'registration': { 'path': 'fed_registration', 'class': registration.Registration, 'kwargs': { 'client_authn_method': None } }, 'authorization': { 'path': 'authorization', 'class': authorization.Authorization, 'kwargs': { "response_modes_supported": ['query', 'fragment', 'form_post'], "claims_parameter_supported": True, "request_parameter_supported": True, "request_uri_parameter_supported": True, "client_authn_method": ['request_param'] } } }, "keys": { "private_path": "own/jwks.json", "uri_path": "static/jwks.json", "key_defs": KEYSPEC }, "authentication": { "anon": { 'acr': UNSPECIFIED, "class": NoAuthn, "kwargs": { "user": "******" } } }, 'template_dir': 'template' } endpoint_context = EndpointContext(conf) self.registration_endpoint = endpoint_context.endpoint["registration"] self.authorization_endpoint = endpoint_context.endpoint[ "authorization"] self.provider_endpoint = endpoint_context.endpoint["provider_config"] # === Federation stuff ======= federation_entity = FederationEntity( op_entity_id, trusted_roots=ANCHOR, authority_hints=['https://ntnu.no'], entity_type='openid_relying_party', httpd=Publisher(ROOT_DIR), opponent_entity_type='openid_relying_party') federation_entity.keyjar.import_jwks(read_info( os.path.join(ROOT_DIR, 'op.ntnu.no'), 'op.ntnu.no', 'jwks'), issuer_id=op_entity_id) federation_entity.collector = DummyCollector(httpd=Publisher(ROOT_DIR), trusted_roots=ANCHOR, root_dir=ROOT_DIR) self.registration_endpoint.endpoint_context.federation_entity = federation_entity
{ "type": "RSA", "use": ["sig"] }, { "type": "EC", "crv": "P-256", "use": ["sig"] }, ] ENTITY_ID = 'https://foodle.uninett.no' ANCHOR = { 'https://feide.no': read_info(os.path.join(ROOT_DIR, 'feide.no'), "feide.no", "jwks") } class TestExplicit(object): @pytest.fixture(autouse=True) def create_endpoint(self): # First the RP service_context = ServiceContext( config={ 'behaviour': { 'federation_types_supported': ['explicit'] }, 'issuer': "https://op.ntnu.no", 'keys': { 'key_defs': KEYSPEC
def create_setup(self): # First the RP service_context = ServiceContext( config={ 'behaviour': { 'federation_types_supported': ['automatic'] }, 'issuer': "https://op.ntnu.no", 'keys': { 'key_defs': KEYSPEC } }) self.rp_federation_entity = FederationEntity( entity_id=RP_ENTITY_ID, trusted_roots=ANCHOR, authority_hints=['https://ntnu.no'], entity_type='openid_relying_party', opponent_entity_type='openid_provider') self.rp_federation_entity.keyjar.import_jwks(read_info( os.path.join(ROOT_DIR, 'foodle.uninett.no'), 'foodle.uninett.no', 'jwks'), issuer_id=RP_ENTITY_ID) self.rp_federation_entity.collector = DummyCollector( trusted_roots=ANCHOR, root_dir=ROOT_DIR) # add the federation part to the service context service_context.federation_entity = self.rp_federation_entity # The RP has/supports 2 services self.service = { 'discovery': FedProviderInfoDiscovery(service_context), 'registration': RPRegistration(service_context), 'authorization': FedAuthorization(service_context), } # and now for the OP op_entity_id = "https://op.ntnu.no" conf = { "issuer": op_entity_id, "password": "******", "token_handler_args": { "jwks_def": { "private_path": "private/token_jwks.json", "read_only": False, "key_defs": [ { "type": "oct", "bytes": 24, "use": ["enc"], "kid": "code" }, { "type": "oct", "bytes": 24, "use": ["enc"], "kid": "refresh" }, ], }, "code": { "lifetime": 600 }, "token": { "class": "oidcendpoint.jwt_token.JWTToken", "kwargs": { "lifetime": 3600, "add_claims": [ "email", "email_verified", "phone_number", "phone_number_verified", ], "add_claim_by_scope": True, "aud": ["https://example.org/appl"] }, }, "refresh": { "lifetime": 86400 }, }, "verify_ssl": False, "capabilities": CAPABILITIES, "keys": { "uri_path": "static/jwks.json", "key_defs": KEYSPEC }, "id_token": { "class": IDToken, "kwargs": { "default_claims": { "email": { "essential": True }, "email_verified": { "essential": True }, } }, }, "endpoint": { "provider_config": { "path": ".well-known/openid-configuration", "class": ProviderConfiguration, "kwargs": {}, }, "registration": { "path": "registration", "class": OPRegistration, "kwargs": {}, }, "authorization": { "path": "authorization", "class": Authorization, "kwargs": { "response_types_supported": [" ".join(x) for x in RESPONSE_TYPES_SUPPORTED], "response_modes_supported": ["query", "fragment", "form_post"], "claims_parameter_supported": True, "request_parameter_supported": True, "request_uri_parameter_supported": True, }, }, "pushed_authorization": { "path": "pushed_authorization", "class": PushedAuthorization, "kwargs": { "client_authn_method": [ "client_secret_post", "client_secret_basic", "client_secret_jwt", "private_key_jwt", ] }, }, }, "authentication": { "anon": { "acr": "http://www.swamid.se/policy/assurance/al1", "class": "oidcendpoint.user_authn.user.NoAuthn", "kwargs": { "user": "******" }, } }, "template_dir": "template", "cookie_dealer": { "class": CookieDealer, "kwargs": { "sign_key": "ghsNKDDLshZTPn974nOsIGhedULrsqnsGoBFBLwUKuJhE2ch", "default_values": { "name": "oidcop", "domain": "127.0.0.1", "path": "/", "max_age": 3600, }, }, }, 'add_on': { "automatic_registration": { "function": "fedservice.op.add_on.automatic_registration.add_support", "kwargs": { "new_id": False, # default False "where": ["pushed_authorization"] } } } } endpoint_context = EndpointContext(conf) _clients = yaml.safe_load(io.StringIO(client_yaml)) # endpoint_context.cdb = _clients["oidc_clients"] endpoint_context.keyjar.import_jwks( endpoint_context.keyjar.export_jwks(True, ""), conf["issuer"]) self.pushed_authorization_endpoint = endpoint_context.endpoint[ "pushed_authorization"] self.authorization_endpoint = endpoint_context.endpoint[ "authorization"] self.registration_endpoint = endpoint_context.endpoint["registration"] federation_entity = FederationEntity( op_entity_id, trusted_roots=ANCHOR, authority_hints=['https://ntnu.no'], entity_type='openid_relying_party', httpd=Publisher(ROOT_DIR), opponent_entity_type='openid_relying_party') federation_entity.keyjar.import_jwks(read_info( os.path.join(ROOT_DIR, 'op.ntnu.no'), 'op.ntnu.no', 'jwks'), issuer_id=op_entity_id) federation_entity.collector = DummyCollector(httpd=Publisher(ROOT_DIR), trusted_roots=ANCHOR, root_dir=ROOT_DIR) self.authorization_endpoint.endpoint_context.federation_entity = federation_entity
def test_pushed_auth_urlencoded_process(self): # This is cheating. Getting the OP's provider info _fe = self.service['registration'].service_context.federation_entity statement = Statement() statement.metadata = self.registration_endpoint.endpoint_context.provider_info statement.fo = "https://feide.no" statement.verified_chain = [{'iss': "https://ntnu.no"}] self.service['discovery'].update_service_context([statement]) # and the OP's federation keys self.rp_federation_entity.keyjar.import_jwks( read_info(os.path.join(ROOT_DIR, 'op.ntnu.no'), 'op.ntnu.no', 'jwks'), issuer_id=self.registration_endpoint.endpoint_context. provider_info['issuer']) # Add RP's keys to the OP's keyjar. self.registration_endpoint.endpoint_context.keyjar.import_jwks( self.service["discovery"].service_context.keyjar.export_jwks( issuer_id=""), RP_ENTITY_ID) authn_request = AuthorizationRequest( response_type="code", state="af0ifjsldkj", client_id=RP_ENTITY_ID, redirect_uri="{}/callback".format(RP_ENTITY_ID), code_challenge="K2-ltc83acc4h0c9w6ESC_rEMTJ3bww-uCHaoeK1t8U", code_challenge_method="S256", scope=["ais", "openid"]) # Create the private_key_jwt assertion _jwt = JWT(self.service['registration'].service_context.keyjar, iss=RP_ENTITY_ID, sign_alg="RS256") _jwt.with_jti = True _assertion = _jwt.pack({ "aud": [ self.pushed_authorization_endpoint.endpoint_context. provider_info["pushed_authorization_request_endpoint"] ] }) authn_request.update({ "client_assertion": _assertion, "client_assertion_type": JWT_BEARER }) _req = self.pushed_authorization_endpoint.parse_request(authn_request) assert isinstance(_req, AuthorizationRequest) assert set(_req.keys()) == { "state", "redirect_uri", "response_type", "scope", "code_challenge_method", "client_id", "code_challenge", "client_assertion", "client_assertion_type", "__verified_client_assertion" } _resp = self.pushed_authorization_endpoint.process_request(_req) assert _resp["return_uri"] == authn_request["redirect_uri"] # And now for the authorization request with the OP provided request_uri authn_request["request_uri"] = _resp["http_response"]["request_uri"] for parameter in [ "code_challenge", "code_challenge_method", "client_assertion", "client_assertion_type" ]: del authn_request[parameter] _req = self.authorization_endpoint.parse_request(authn_request) assert "code_challenge" in _req
def test_pushed_auth_urlencoded(self): # since all endpoint used the same endpoint_context I can grab anyone _context = self.registration_endpoint.server_get("endpoint_context") # This is cheating. Getting the OP's provider info _fe = self.registration_service.client_get( "service_context").federation_entity trust_chain = TrustChain() trust_chain.metadata = _context.provider_info trust_chain.anchor = "https://feide.no" trust_chain.verified_chain = [{'iss': "https://ntnu.no"}] self.discovery_service.update_service_context([trust_chain]) # and the OP's federation keys self.rp_federation_entity.keyjar.import_jwks( read_info(os.path.join(ROOT_DIR, 'op.ntnu.no'), 'op.ntnu.no', 'jwks'), issuer_id=_context.provider_info['issuer']) # Add RP's keys to the OP's keyjar. _context.keyjar.import_jwks( self.discovery_service.client_get( "service_context").keyjar.export_jwks(issuer_id=""), RP_ENTITY_ID) authn_request = AuthorizationRequest( response_type="code", state="af0ifjsldkj", client_id=RP_ENTITY_ID, redirect_uri="{}/callback".format(RP_ENTITY_ID), code_challenge="K2-ltc83acc4h0c9w6ESC_rEMTJ3bww-uCHaoeK1t8U", code_challenge_method="S256", scope=["ais", "openid"]) # Create the private_key_jwt assertion _jwt = JWT( self.registration_service.client_get("service_context").keyjar, iss=RP_ENTITY_ID, sign_alg="RS256") _jwt.with_jti = True _assertion = _jwt.pack({ "aud": [_context.provider_info["pushed_authorization_request_endpoint"]] }) authn_request.update({ "client_assertion": _assertion, "client_assertion_type": JWT_BEARER }) _req = self.pushed_authorization_endpoint.parse_request(authn_request) assert isinstance(_req, AuthorizationRequest) assert set(_req.keys()) == { "state", "redirect_uri", "response_type", "scope", "code_challenge_method", "client_id", "code_challenge", "client_assertion", "client_assertion_type", '__verified_client_assertion' } # Should have a registered client now assert set(_context.cdb.keys()) == {RP_ENTITY_ID}
def test_automatic_registration_new_client_id(self): _registration_service = self.service['registration'] self.authorization_endpoint.server_get( "endpoint_context" ).provider_info['client_registration_authn_methods_supported'] = { "ar": ['request_object'] } self.authorization_endpoint.automatic_registration_endpoint.kwargs[ 'new_id'] = True # This is cheating. Getting the OP's provider info _fe = _registration_service.client_get( "service_context").federation_entity statement = TrustChain() statement.metadata = self.registration_endpoint.server_get( "endpoint_context").provider_info statement.anchor = "https://feide.no" statement.verified_chain = [{'iss': "https://ntnu.no"}] with responses.RequestsMock() as rsps: _jwks = self.authorization_endpoint.server_get( "endpoint_context").keyjar.export_jwks() rsps.add("GET", 'https://op.ntnu.no/static/jwks.json', body=_jwks, adding_headers={"Content-Type": "application/json"}, status=200) self.service['discovery'].update_service_context([statement]) # and the OP's federation keys self.rp_federation_entity.keyjar.import_jwks( read_info(os.path.join(ROOT_DIR, 'op.ntnu.no'), 'op.ntnu.no', 'jwks'), issuer_id=self.registration_endpoint.server_get( "endpoint_context").provider_info['issuer']) _context = self.service['authorization'].client_get("service_context") _context.issuer = 'https://op.ntnu.no' _context.redirect_uris = ['https://foodle.uninett.no/callback'] _context.entity_id = self.rp_federation_entity.entity_id _context.client_id = self.rp_federation_entity.entity_id _context.behaviour = {'response_types': ['code']} _context.provider_info = self.authorization_endpoint.server_get( "endpoint_context").provider_info authn_request = self.service['authorization'].construct() # Have to provide the OP with clients keys self.authorization_endpoint.server_get( "endpoint_context").keyjar.import_jwks( _registration_service.client_get( "service_context").keyjar.export_jwks(), ENTITY_ID) # The OP handles the authorization request req = self.authorization_endpoint.parse_request( authn_request.to_dict()) assert "response_type" in req client_ids = list( self.authorization_endpoint.server_get( "endpoint_context").cdb.keys()) assert len(client_ids) == 2 # dynamic and entity_id assert ENTITY_ID in client_ids
def create_endpoint(self): # First the RP entity = Entity( config={ 'behaviour': { 'federation_types_supported': ['explicit'] }, 'issuer': "https://op.ntnu.no", 'keys': { 'key_defs': KEYSPEC }, "httpc_param": { 'verify': False, "timeout": 2 }, }) # the federation part of the RP self.rp_federation_entity = FederationEntity( entity_id=ENTITY_ID, trusted_roots=ANCHOR, authority_hints=['https://ntnu.no'], entity_type='openid_relying_party', opponent_entity_type='openid_provider') self.rp_federation_entity.collector = DummyCollector( trusted_roots=ANCHOR, root_dir=ROOT_DIR) self.rp_federation_entity.keyjar.import_jwks(read_info( os.path.join(ROOT_DIR, 'foodle.uninett.no'), 'foodle.uninett.no', 'jwks'), issuer_id=ENTITY_ID) # add the federation part to the service context entity.client_get( "service_context").federation_entity = self.rp_federation_entity # The RP has/supports 3 services self.service = { 'discovery': FedProviderInfoDiscovery(entity.client_get), 'registration': Registration(entity.client_get), 'authorization': FedAuthorization(entity.client_get, conf={"request_object_expires_in": 300}), } # and now for the OP op_entity_id = "https://op.ntnu.no" conf = { "issuer": op_entity_id, "httpc_param": { 'verify': False, "timeout": 2 }, "password": "******", "token_expires_in": 600, "grant_expires_in": 300, "refresh_token_expires_in": 86400, "verify_ssl": False, "cookie_handler": { "class": CookieHandler, "kwargs": { "keys": { "key_defs": COOKIE_KEYDEFS }, "name": { "session": "oidc_op", "register": "oidc_op_reg", "session_management": "oidc_op_sman" } }, }, "endpoint": { 'provider_info': { 'path': '.well-known/openid-federation', 'class': provider_config.ProviderConfiguration, 'kwargs': { 'client_authn_method': None } }, 'registration': { 'path': 'fed_registration', 'class': registration.Registration, 'kwargs': { 'client_authn_method': None } }, 'authorization': { 'path': 'authorization', 'class': authorization.Authorization, 'kwargs': { "response_modes_supported": ['query', 'fragment', 'form_post'], "claims_parameter_supported": True, "request_parameter_supported": True, "request_uri_parameter_supported": True, "client_authn_method": ['request_param'] } } }, "keys": { "private_path": "own/jwks.json", "uri_path": "static/jwks.json", "key_defs": KEYSPEC }, "authentication": { "anon": { 'acr': UNSPECIFIED, "class": NoAuthn, "kwargs": { "user": "******" } } }, 'template_dir': 'template', "claims_interface": { "class": "oidcop.session.claims.ClaimsInterface", "kwargs": {} }, 'add_on': { "automatic_registration": { "function": "fedservice.op.add_on.automatic_registration.add_support", "kwargs": { "new_id": False, # default False 'client_registration_authn_methods_supported': { "ar": ['request_object'] }, 'where': ['authorization'] } } } } server = Server(conf) self.registration_endpoint = server.server_get("endpoint", "registration") self.authorization_endpoint = server.server_get( "endpoint", "authorization") self.provider_endpoint = server.server_get("endpoint", "provider_config") # === Federation stuff ======= federation_entity = FederationEntity( op_entity_id, trusted_roots=ANCHOR, authority_hints=['https://ntnu.no'], entity_type='openid_relying_party', httpd=Publisher(ROOT_DIR), opponent_entity_type='openid_relying_party') federation_entity.keyjar.import_jwks(read_info( os.path.join(ROOT_DIR, 'op.ntnu.no'), 'op.ntnu.no', 'jwks'), issuer_id=op_entity_id) federation_entity.collector = DummyCollector(httpd=Publisher(ROOT_DIR), trusted_roots=ANCHOR, root_dir=ROOT_DIR) self.registration_endpoint.server_get( "endpoint_context").federation_entity = federation_entity
from fedservice.op.provider_config import ProviderConfiguration from tests.utils import DummyCollector from tests.utils import Publisher BASE_PATH = os.path.abspath(os.path.dirname(__file__)) ROOT_DIR = os.path.join(BASE_PATH, 'base_data') KEYSPEC = [ {"type": "RSA", "use": ["sig"]}, {"type": "EC", "crv": "P-256", "use": ["sig"]}, ] ENTITY_ID = 'https://op.ntnu.no' ANCHOR = {'https://feide.no': read_info(os.path.join(ROOT_DIR, 'feide.no'), "feide.no", "jwks")} class TestEndpoint(object): @pytest.fixture(autouse=True) def create_endpoint(self): conf = { "issuer": ENTITY_ID, "password": "******", "token_expires_in": 600, "grant_expires_in": 300, "refresh_token_expires_in": 86400, "verify_ssl": False, "claims_interface": {"class": "oidcop.session.claims.ClaimsInterface", "kwargs": {}}, 'keys': { 'key_defs': KEYSPEC,