def setUp(self): super(AuthenticateviaADFSTests, self).setUp() self.deprecations.expect_deprecations() self.conf_fixture = self.useFixture(config.Config()) conf.register_conf_options(self.conf_fixture.conf, group=self.GROUP) self.session = session.Session(session=requests.Session()) self.IDENTITY_PROVIDER = 'adfs' self.IDENTITY_PROVIDER_URL = ('http://adfs.local/adfs/service/trust/13' '/usernamemixed') self.FEDERATION_AUTH_URL = '%s/%s' % ( self.TEST_URL, 'OS-FEDERATION/identity_providers/adfs/protocols/saml2/auth') self.SP_ENDPOINT = 'https://openstack4.local/Shibboleth.sso/ADFS' self.adfsplugin = saml2.ADFSUnscopedToken( self.TEST_URL, self.IDENTITY_PROVIDER, self.IDENTITY_PROVIDER_URL, self.SP_ENDPOINT, self.TEST_USER, self.TEST_TOKEN) self.ADFS_SECURITY_TOKEN_RESPONSE = _load_xml( 'ADFS_RequestSecurityTokenResponse.xml') self.ADFS_FAULT = _load_xml('ADFS_fault.xml')
# authentication method in keystoneclient IDENTITY_PROVIDER_URL = ("https://adfs.local/adfs/services/trust/13/" "usernamemixed") # Magic URL we are sending out assertion SERVICE_PROVIDER_ENDPOINT = ("https://keystone.local:5000/Shibboleth.sso/ADFS") # Place where unscoped federated token can be retrieved SERVICE_PROVIDER_URL = ("https://keystone.local/v3/OS-FEDERATION/" "identity_providers/%{IDP}s/protocols/saml2/auth") SERVICE_PROVIDER_URL = SERVICE_PROVIDER_URL % {'IDP': IDENTITY_PROVIDER} AUTH_URL = 'https://keystone.local:5000/v3' saml2plugin = saml2.ADFSUnscopedToken(AUTH_URL, IDENTITY_PROVIDER, IDENTITY_PROVIDER_URL, SERVICE_PROVIDER_ENDPOINT, username='******', password='******') s = session.Session(auth=None, verify=False, session=requests.Session()) token = saml2plugin.get_auth_ref(s) # Scope the token scopeTokenplugin = saml2.Saml2ScopedToken(AUTH_URL, token.auth_token, project_id=VALID_PROJECT_ID) scoped_token = scopeTokenplugin.get_auth_ref(s) print scoped_token