def testLogoutNameIDandSessionIndex(self):
"""
Tests the logout method of the OneLogin_Saml2_Auth class
Case nameID and sessionIndex as parameters.
"""
settings_info = self.loadSettingsJSON()
request_data = self.get_request()
auth = OneLogin_Saml2_Auth(request_data, old_settings=settings_info)
name_id = 'name_id_example'
session_index = 'session_index_example'
target_url = auth.logout(name_id=name_id, session_index=session_index)
parsed_query = parse_qs(urlparse(target_url)[4])
slo_url = settings_info['idp']['singleLogoutService']['url']
self.assertIn(slo_url, target_url)
self.assertIn('SAMLRequest', parsed_query)
logout_request = OneLogin_Saml2_Utils.decode_base64_and_inflate(
parsed_query['SAMLRequest'][0])
name_id_from_request = OneLogin_Saml2_Logout_Request.get_nameid(
logout_request)
sessions_index_in_request = OneLogin_Saml2_Logout_Request.get_session_indexes(
logout_request)
self.assertIn(session_index, sessions_index_in_request)
self.assertEqual(name_id, name_id_from_request)
def testGetSessionIndexes(self):
"""
Tests the get_session_indexes of the OneLogin_Saml2_LogoutRequest
"""
request = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request.xml'))
session_indexes = OneLogin_Saml2_Logout_Request.get_session_indexes(request)
self.assertEqual(len(session_indexes), 0)
dom = parseString(request)
session_indexes_2 = OneLogin_Saml2_Logout_Request.get_session_indexes(dom)
self.assertEqual(len(session_indexes_2), 0)
request_2 = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request_with_sessionindex.xml'))
session_indexes_3 = OneLogin_Saml2_Logout_Request.get_session_indexes(request_2)
self.assertEqual(['_ac72a76526cb6ca19f8438e73879a0e6c8ae5131'], session_indexes_3)
def SAML_process_logout_request(self):
'''
HANDLE BACK CHANNEL LOGOUT POST FROM ASTRA
We recieve this message when the user has logged out
of another control panel, and must end their SAML session.
AN HTTP POST is not supported by the SAML Library, so
we have to manually process it.
'''
current_app.logger.debug(
'SAML_process_logout_request - POST DATA:{0}'.format(
self.saml_req))
saml_data = self.saml_req.get("post_data").get('SAMLRequest', None)
if saml_data is None:
current_app.logger.debug('>>>>>>>> SAML REQUEST NOT FOUND')
return abort(400)
# this is not a url, it uses the pre-loaded saml json settings
settings = OneLogin_Saml2_Settings(current_app.config["saml_settings"])
logout_request = OneLogin_Saml2_Logout_Request(settings, saml_data)
if not logout_request.is_valid({}):
current_app.logger.debug('>>>>>>>> SAML REQUEST IS NOT VALID')
return abort(400)
data = self.SAML_decode_logout_request(saml_data)
for session_index in \
OneLogin_Saml2_Logout_Request.get_session_indexes(data):
current_app.logger.debug(
"*** LOGOUT SESSION: {0}".format(session_index))
self.clear_session(session_index)
saml_response = OneLogin_Saml2_Logout_Response(settings)
saml_response.build(OneLogin_Saml2_Logout_Request.get_id(data))
response = make_response(
urllib.urlencode(
{'SAMLResponse': saml_response.get_response(False)}))
response.headers['Content-Type'] = 'application/x-www-form-urlencoded'
return response
def testLogoutNameIDandSessionIndex(self):
"""
Tests the logout method of the OneLogin_Saml2_Auth class
Case nameID and sessionIndex as parameters.
"""
settings_info = self.loadSettingsJSON()
request_data = self.get_request()
auth = OneLogin_Saml2_Auth(request_data, old_settings=settings_info)
name_id = 'name_id_example'
session_index = 'session_index_example'
target_url = auth.logout(name_id=name_id, session_index=session_index)
parsed_query = parse_qs(urlparse(target_url)[4])
slo_url = settings_info['idp']['singleLogoutService']['url']
self.assertIn(slo_url, target_url)
self.assertIn('SAMLRequest', parsed_query)
logout_request = OneLogin_Saml2_Utils.decode_base64_and_inflate(parsed_query['SAMLRequest'][0])
name_id_from_request = OneLogin_Saml2_Logout_Request.get_nameid(logout_request)
sessions_index_in_request = OneLogin_Saml2_Logout_Request.get_session_indexes(logout_request)
self.assertIn(session_index, sessions_index_in_request)
self.assertEqual(name_id, name_id_from_request)
