def setUp(self):
super(AuthenticateviaADFSTests, self).setUp()
self.deprecations.expect_deprecations()
self.conf_fixture = self.useFixture(config.Config())
conf.register_conf_options(self.conf_fixture.conf, group=self.GROUP)
self.session = session.Session(session=requests.Session())
self.IDENTITY_PROVIDER = 'adfs'
self.IDENTITY_PROVIDER_URL = ('http://adfs.local/adfs/service/trust/13'
'/usernamemixed')
self.FEDERATION_AUTH_URL = '%s/%s' % (
self.TEST_URL,
'OS-FEDERATION/identity_providers/adfs/protocols/saml2/auth')
self.SP_ENDPOINT = 'https://openstack4.local/Shibboleth.sso/ADFS'
self.adfsplugin = saml2.ADFSUnscopedToken(
self.TEST_URL, self.IDENTITY_PROVIDER, self.IDENTITY_PROVIDER_URL,
self.SP_ENDPOINT, self.TEST_USER, self.TEST_TOKEN)
self.ADFS_SECURITY_TOKEN_RESPONSE = _load_xml(
'ADFS_RequestSecurityTokenResponse.xml')
self.ADFS_FAULT = _load_xml('ADFS_fault.xml')
# authentication method in keystoneclient
IDENTITY_PROVIDER_URL = ("https://adfs.local/adfs/services/trust/13/"
"usernamemixed")
# Magic URL we are sending out assertion
SERVICE_PROVIDER_ENDPOINT = ("https://keystone.local:5000/Shibboleth.sso/ADFS")
# Place where unscoped federated token can be retrieved
SERVICE_PROVIDER_URL = ("https://keystone.local/v3/OS-FEDERATION/"
"identity_providers/%{IDP}s/protocols/saml2/auth")
SERVICE_PROVIDER_URL = SERVICE_PROVIDER_URL % {'IDP': IDENTITY_PROVIDER}
AUTH_URL = 'https://keystone.local:5000/v3'
saml2plugin = saml2.ADFSUnscopedToken(AUTH_URL,
IDENTITY_PROVIDER,
IDENTITY_PROVIDER_URL,
SERVICE_PROVIDER_ENDPOINT,
username='******',
password='******')
s = session.Session(auth=None, verify=False, session=requests.Session())
token = saml2plugin.get_auth_ref(s)
# Scope the token
scopeTokenplugin = saml2.Saml2ScopedToken(AUTH_URL,
token.auth_token,
project_id=VALID_PROJECT_ID)
scoped_token = scopeTokenplugin.get_auth_ref(s)
print scoped_token