def test05SamlAttributeQuery(self): if self.skipTests: return # Prepare a client query attributeQuery = AttributeQuery() attributeQuery.version = SAMLVersion(SAMLVersion.VERSION_20) attributeQuery.id = str(uuid4()) attributeQuery.issueInstant = datetime.utcnow() attributeQuery.issuer = Issuer() attributeQuery.issuer.format = Issuer.X509_SUBJECT attributeQuery.issuer.value = '/O=ESG/OU=NCAR/CN=Gateway' attributeQuery.subject = Subject() attributeQuery.subject.nameID = NameID() attributeQuery.subject.nameID.format = ESGFSamlNamespaces.NAMEID_FORMAT attributeQuery.subject.nameID.value = TestUserDatabase.OPENID_URI emailAddressAttribute = Attribute() emailAddressAttribute.name = ESGFSamlNamespaces.EMAILADDRESS_ATTRNAME emailAddressAttribute.nameFormat = "InvalidFormat" emailAddressAttribute.friendlyName = "EmailAddress" attributeQuery.attributes.append(emailAddressAttribute) authzAttribute = Attribute() authzAttribute.name = TestUserDatabase.ATTRIBUTE_NAMES[0] authzAttribute.nameFormat = XSStringAttributeValue.DEFAULT_FORMAT authzAttribute.friendlyName = "authz" attributeQuery.attributes.append(authzAttribute) # Add the response - the interface will populate with an assertion as # appropriate samlResponse = Response() samlResponse.issueInstant = datetime.utcnow() samlResponse.id = str(uuid4()) samlResponse.issuer = Issuer() # Initialise to success status but reset on error samlResponse.status = Status() samlResponse.status.statusCode = StatusCode() samlResponse.status.statusMessage = StatusMessage() samlResponse.status.statusCode.value = StatusCode.SUCCESS_URI # Nb. SAML 2.0 spec says issuer format must be omitted samlResponse.issuer.value = "CEDA" samlResponse.inResponseTo = attributeQuery.id # Set up the interface object # Define queries for SAML attribute names samlAttribute2SqlQuery = { ESGFSamlNamespaces.FIRSTNAME_ATTRNAME: self.__class__.SAML_FIRSTNAME_SQLQUERY, ESGFSamlNamespaces.LASTNAME_ATTRNAME: self.__class__.SAML_LASTNAME_SQLQUERY, ESGFSamlNamespaces.EMAILADDRESS_ATTRNAME: self.__class__.SAML_EMAILADDRESS_SQLQUERY, TestUserDatabase.ATTRIBUTE_NAMES[0]: self.__class__.SAML_ATTRIBUTES_SQLQUERY } attributeInterface = SQLAlchemyAttributeInterface( samlAttribute2SqlQuery=samlAttribute2SqlQuery) attributeInterface.connectionString = TestUserDatabase.DB_CONNECTION_STR attributeInterface.samlValidRequestorDNs = ( '/O=STFC/OU=CEDA/CN=AuthorisationService', '/O=ESG/OU=NCAR/CN=Gateway') attributeInterface.setProperties(samlAssertionLifetime=28800.) attributeInterface.samlSubjectSqlQuery = ( SQLAlchemyAttributeInterfaceTestCase.SAML_SUBJECT_SQLQUERY) # Make the query attributeInterface.getAttributes(attributeQuery, samlResponse)