def test_from_local_nest_eduPersonTargetedID_in_NameID(self):
ava = {"edupersontargetedid": ["test value1", "test value2"]}
attributes = from_local(self.acs, ava, URI_NF)
assert len(attributes) == 1
assert len(attributes[0].attribute_value) == 2
assert attributes[0].attribute_value[0].extension_elements[0].text == "test value1"
assert attributes[0].attribute_value[1].extension_elements[0].text == "test value2"
def test_from_local_nest_eduPersonTargetedID_in_NameID(self):
ava = {"edupersontargetedid": ["test value1", "test value2"]}
attributes = from_local(self.acs, ava, URI_NF)
assert len(attributes) == 1
assert len(attributes[0].attribute_value) == 2
assert attributes[0].attribute_value[0].extension_elements[0].text == "test value1"
assert attributes[0].attribute_value[1].extension_elements[0].text == "test value2"
def test_from_local_nest_eduPersonTargetedID_in_NameID(self):
ava = {"edupersontargetedid": "test value"}
attributes = from_local(self.acs, ava, URI_NF)
assert len(attributes) == 1
assert len(attributes[0].attribute_value) == 1
assert attributes[0].attribute_value[0].text == NameID(
format=NAMEID_FORMAT_PERSISTENT,
text="test value").to_string().decode("utf-8")
def construct(self, sp_entity_id, in_response_to, consumer_url,
name_id, attrconvs, policy, issuer, authn_class=None,
authn_auth=None, authn_decl=None, encrypt=None,
sec_context=None):
""" Construct the Assertion
:param sp_entity_id: The entityid of the SP
:param in_response_to: An identifier of the message, this message is
a response to
:param consumer_url: The intended consumer of the assertion
:param name_id: An NameID instance
:param attrconvs: AttributeConverters
:param policy: The policy that should be adhered to when replying
:param issuer: Who is issuing the statement
:param authn_class: The authentication class
:param authn_auth: The authentication instance
:param authn_decl:
:param encrypt: Whether to encrypt parts or all of the Assertion
:param sec_context: The security context used when encrypting
:return: An Assertion instance
"""
attr_statement = saml.AttributeStatement(attribute=from_local(
attrconvs, self,
policy.get_name_form(sp_entity_id)))
if encrypt == "attributes":
for attr in attr_statement.attribute:
enc = sec_context.encrypt(text="%s" % attr)
encd = xmlenc.encrypted_data_from_string(enc)
encattr = saml.EncryptedAttribute(encrypted_data=encd)
attr_statement.encrypted_attribute.append(encattr)
attr_statement.attribute = []
# start using now and for some time
conds = policy.conditions(sp_entity_id)
return assertion_factory(
issuer=issuer,
attribute_statement = attr_statement,
authn_statement = self._authn_statement(authn_class, authn_auth,
authn_decl),
conditions = conds,
subject=factory( saml.Subject,
name_id=name_id,
subject_confirmation=factory( saml.SubjectConfirmation,
method=saml.SUBJECT_CONFIRMATION_METHOD_BEARER,
subject_confirmation_data=factory(
saml.SubjectConfirmationData,
in_response_to=in_response_to,
recipient=consumer_url,
not_on_or_after=policy.not_on_or_after(
sp_entity_id)))),
)
def construct(self, sp_entity_id, in_response_to, consumer_url,
name_id, attrconvs, policy, issuer, authn_class=None,
authn_auth=None, authn_decl=None, encrypt=None,
sec_context=None):
""" Construct the Assertion
:param sp_entity_id: The entityid of the SP
:param in_response_to: An identifier of the message, this message is
a response to
:param consumer_url: The intended consumer of the assertion
:param name_id: An NameID instance
:param attrconvs: AttributeConverters
:param policy: The policy that should be adhered to when replying
:param issuer: Who is issuing the statement
:param authn_class: The authentication class
:param authn_auth: The authentication instance
:param authn_decl:
:param encrypt: Whether to encrypt parts or all of the Assertion
:param sec_context: The security context used when encrypting
:return: An Assertion instance
"""
attr_statement = saml.AttributeStatement(attribute=from_local(
attrconvs, self,
policy.get_name_form(sp_entity_id)))
if encrypt == "attributes":
for attr in attr_statement.attribute:
enc = sec_context.encrypt(text="%s" % attr)
encd = xmlenc.encrypted_data_from_string(enc)
encattr = saml.EncryptedAttribute(encrypted_data=encd)
attr_statement.encrypted_attribute.append(encattr)
attr_statement.attribute = []
# start using now and for some time
conds = policy.conditions(sp_entity_id)
return assertion_factory(
issuer=issuer,
attribute_statement = attr_statement,
authn_statement = self._authn_statement(authn_class, authn_auth,
authn_decl),
conditions = conds,
subject=factory( saml.Subject,
name_id=name_id,
subject_confirmation=factory( saml.SubjectConfirmation,
method=saml.SUBJECT_CONFIRMATION_METHOD_BEARER,
subject_confirmation_data=factory(
saml.SubjectConfirmationData,
in_response_to=in_response_to,
recipient=consumer_url,
not_on_or_after=policy.not_on_or_after(
sp_entity_id)))),
)
def test_from_local_eduPersonTargetedID_with_qualifiers(self):
IDP_ENTITY_ID = "https://some.org/idp"
SP_ENTITY_ID = "https://some.org/sp"
ava = {
"edupersontargetedid": [{
"text": "test value1",
"NameQualifier": IDP_ENTITY_ID,
"SPNameQualifier": SP_ENTITY_ID,
}]
}
attributes = from_local(self.acs, ava, URI_NF)
assert len(attributes) == 1
element = attributes[0].attribute_value[0].extension_elements[0]
assert element.text == "test value1"
assert element.attributes["NameQualifier"] == IDP_ENTITY_ID
assert element.attributes["SPNameQualifier"] == SP_ENTITY_ID
def test_to_attrstat_2(self):
ava = { "givenName": "Roland", "surname": "Hedberg" }
statement = attribute_converter.from_local(self.acs, ava, URI_NF)
assert len(statement) == 2
a0 = statement[0]
a1 = statement[1]
if a0.friendly_name == 'surname':
assert a0.name == 'urn:oid:2.5.4.4'
assert a0.name_format == URI_NF
assert a1.friendly_name == "givenName"
assert a1.name == 'urn:oid:2.5.4.42'
assert a1.name_format == URI_NF
elif a0.friendly_name == 'givenname':
assert a0.name == 'urn:oid:2.5.4.42'
assert a0.name_format == URI_NF
assert a1.friendly_name == "surname"
assert a1.name == 'urn:oid:2.5.4.4'
assert a1.name_format == URI_NF
else:
assert False
def test_to_attrstat_2(self):
ava = { "givenName": "Roland", "surname": "Hedberg" }
statement = attribute_converter.from_local(self.acs, ava, URI_NF)
assert len(statement) == 2
a0 = statement[0]
a1 = statement[1]
if a0.friendly_name == 'surname':
assert a0.name == 'urn:oid:2.5.4.4'
assert a0.name_format == URI_NF
assert a1.friendly_name == "givenName"
assert a1.name == 'urn:oid:2.5.4.42'
assert a1.name_format == URI_NF
elif a0.friendly_name == 'givenname':
assert a0.name == 'urn:oid:2.5.4.42'
assert a0.name_format == URI_NF
assert a1.friendly_name == "surname"
assert a1.name == 'urn:oid:2.5.4.4'
assert a1.name_format == URI_NF
else:
assert False
def test_to_attrstat_1(self):
ava = { "givenName": "Roland", "sn": "Hedberg" }
statement = attribute_converter.from_local(self.acs, ava, BASIC_NF)
assert statement is not None
assert len(statement) == 2
a0 = statement[0]
a1 = statement[1]
if a0.friendly_name == 'sn':
assert a0.name == 'urn:mace:dir:attribute-def:sn'
assert a0.name_format == BASIC_NF
assert a1.friendly_name == "givenName"
assert a1.name == 'urn:mace:dir:attribute-def:givenName'
assert a1.name_format == BASIC_NF
elif a0.friendly_name == 'givenname':
assert a0.name == 'urn:mace:dir:attribute-def:givenName'
assert a0.name_format == BASIC_NF
assert a1.friendly_name == "sn"
assert a1.name == 'urn:mace:dir:attribute-def:sn'
assert a1.name_format == BASIC_NF
else:
assert False
def test_to_attrstat_1(self):
ava = {"givenName": "Roland", "sn": "Hedberg"}
statement = attribute_converter.from_local(self.acs, ava, BASIC_NF)
assert statement is not None
assert len(statement) == 2
a0 = statement[0]
a1 = statement[1]
if a0.friendly_name == 'sn':
assert a0.name == 'urn:mace:dir:attribute-def:sn'
assert a0.name_format == BASIC_NF
assert a1.friendly_name == "givenName"
assert a1.name == 'urn:mace:dir:attribute-def:givenName'
assert a1.name_format == BASIC_NF
elif a0.friendly_name == 'givenName':
assert a0.name == 'urn:mace:dir:attribute-def:givenName'
assert a0.name_format == BASIC_NF
assert a1.friendly_name == "sn"
assert a1.name == 'urn:mace:dir:attribute-def:sn'
assert a1.name_format == BASIC_NF
else:
assert False
def construct(self, sp_entity_id, in_response_to, consumer_url,
name_id, attrconvs, policy, issuer, authn_class=None,
authn_auth=None, authn_decl=None, encrypt=None,
sec_context=None, authn_decl_ref=None, authn_instant="",
subject_locality=""):
""" Construct the Assertion
:param sp_entity_id: The entityid of the SP
:param in_response_to: An identifier of the message, this message is
a response to
:param consumer_url: The intended consumer of the assertion
:param name_id: An NameID instance
:param attrconvs: AttributeConverters
:param policy: The policy that should be adhered to when replying
:param issuer: Who is issuing the statement
:param authn_class: The authentication class
:param authn_auth: The authentication instance
:param authn_decl: An Authentication Context declaration
:param encrypt: Whether to encrypt parts or all of the Assertion
:param sec_context: The security context used when encrypting
:param authn_decl_ref: An Authentication Context declaration reference
:param authn_instant: When the Authentication was performed
:param subject_locality: Specifies the DNS domain name and IP address
for the system from which the assertion subject was apparently
authenticated.
:return: An Assertion instance
"""
if policy:
_name_format = policy.get_name_form(sp_entity_id)
else:
_name_format = NAME_FORMAT_URI
attr_statement = saml.AttributeStatement(attribute=from_local(
attrconvs, self, _name_format))
if encrypt == "attributes":
for attr in attr_statement.attribute:
enc = sec_context.encrypt(text="%s" % attr)
encd = xmlenc.encrypted_data_from_string(enc)
encattr = saml.EncryptedAttribute(encrypted_data=encd)
attr_statement.encrypted_attribute.append(encattr)
attr_statement.attribute = []
# start using now and for some time
conds = policy.conditions(sp_entity_id)
if authn_auth or authn_class or authn_decl or authn_decl_ref:
_authn_statement = authn_statement(authn_class, authn_auth,
authn_decl, authn_decl_ref,
authn_instant,
subject_locality)
else:
_authn_statement = None
_ass = assertion_factory(
issuer=issuer,
conditions=conds,
subject=factory(
saml.Subject,
name_id=name_id,
subject_confirmation=[factory(
saml.SubjectConfirmation,
method=saml.SCM_BEARER,
subject_confirmation_data=factory(
saml.SubjectConfirmationData,
in_response_to=in_response_to,
recipient=consumer_url,
not_on_or_after=policy.not_on_or_after(sp_entity_id)))]
),
)
if _authn_statement:
_ass.authn_statement = [_authn_statement]
if not attr_statement.empty():
_ass.attribute_statement=[attr_statement]
return _ass
