def testResponseNoOutstandingAuthnRequestExtraction(self): from pas.plugins.suisseid.tests.utils import MockRequest plugin = self.createPlugin() plugin.changeConfiguration('', 'http://nohost/', '', '', '', '', '', xmlsec_binary, os.path.join(path, 'data', 'metadata.xml')) request = MockRequest() # There are no outstanding AuthnRequesta request.SESSION['suisseid'] = {} # Create a SAML2 response response = '%s' % self.createIdpResponse() signed_response = self.sign_response(response) encoded_response = base64.b64encode(signed_response) request.form['SAMLResponse'] = encoded_response request.environ['REQUEST_METHOD'] = 'POST' request.stdin = StringIO(urllib.urlencode({'SAMLResponse' : encoded_response})) creds = plugin.extractCredentials(request) self.assertEquals(creds, None)
def testResponseExtraction(self): from pas.plugins.suisseid.tests.utils import MockRequest plugin = self.createPlugin() plugin.changeConfiguration('', 'http://nohost/', '', '', '', '', '', '/usr/local/bin/xmlsec1', os.path.join(path, 'data', 'metadata.xml')) request = MockRequest() # There has to be an outstanding AuthnRequest request.SESSION['suisseid'] = { '2aaaeb7692471eb4ba00d5546877a7fd' : '' } # Create a SAML2 response response = '%s' % self.createIdpResponse('2aaaeb7692471eb4ba00d5546877a7fd') signed_response = self.sign_response(response) encoded_response = base64.b64encode(signed_response) request.form['SAMLResponse'] = encoded_response request.environ['REQUEST_METHOD'] = 'POST' request.stdin = StringIO(urllib.urlencode({'SAMLResponse' : encoded_response})) creds = plugin.extractCredentials(request) self.assertEquals(creds['login'], '1234-1234-1234-1234')
def testResponseManipulatedExtraction(self): from pas.plugins.suisseid.tests.utils import MockRequest plugin = self.createPlugin() plugin.changeConfiguration('', 'http://nohost/', '', '', '', '', '', xmlsec_binary, os.path.join(path, 'data', 'metadata.xml')) request = MockRequest() # There has to be an outstanding AuthnRequest request.SESSION['suisseid'] = { '2aaaeb7692471eb4ba00d5546877a7fd' : '' } # Create a SAML2 response response = '%s' % self.createIdpResponse('2aaaeb7692471eb4ba00d5546877a7fd') signed_response = self.sign_response(response) # Response has been manipulated by third party (suisseID number changed). signed_response = signed_response.replace('1234-1234-1234-1234', '1234-1234-1234-1235') encoded_response = base64.b64encode(signed_response) request.form['SAMLResponse'] = encoded_response request.environ['REQUEST_METHOD'] = 'POST' request.stdin = StringIO(urllib.urlencode({'SAMLResponse' : encoded_response})) from saml2.sigver import SignatureError self.assertRaises(SignatureError, plugin.extractCredentials, request)
def testResponseAuthnFailedExtraction(self): from pas.plugins.suisseid.tests.utils import MockRequest plugin = self.createPlugin() plugin.changeConfiguration('', 'http://nohost/', '', '', '', '', '', xmlsec_binary, os.path.join(path, 'data', 'metadata.xml')) request = MockRequest() # There has to be an outstanding AuthnRequest request.SESSION['suisseid'] = { '2aaaeb7692471eb4ba00d5546877a7fd' : '' } # Create a SAML2 response response = self.createIdpResponse('2aaaeb7692471eb4ba00d5546877a7fd') from saml2.samlp import StatusCode, STATUS_AUTHN_FAILED response.status.status_code = StatusCode(value=STATUS_AUTHN_FAILED) response = '%s' % response signed_response = self.sign_response(response) encoded_response = base64.b64encode(signed_response) request.form['SAMLResponse'] = encoded_response request.environ['REQUEST_METHOD'] = 'POST' request.stdin = StringIO(urllib.urlencode({'SAMLResponse' : encoded_response})) creds = plugin.extractCredentials(request) self.assertEquals(creds, None)