def _create_assertion(self, issuer, signature, subject, authn_statement,
attribute_statement):
"""Create an object that represents a SAML Assertion.
<ns0:Assertion
ID="35daed258ba647ba8962e9baff4d6a46"
IssueInstant="2014-06-11T15:45:58Z"
Version="2.0">
<ns0:Issuer> ... </ns0:Issuer>
<ns1:Signature> ... </ns1:Signature>
<ns0:Subject> ... </ns0:Subject>
<ns0:AuthnStatement> ... </ns0:AuthnStatement>
<ns0:AttributeStatement> ... </ns0:AttributeStatement>
</ns0:Assertion>
:returns: XML <Assertion> object
"""
assertion = saml.Assertion()
assertion.id = self.assertion_id
assertion.issue_instant = utils.isotime()
assertion.version = '2.0'
assertion.issuer = issuer
assertion.signature = signature
assertion.subject = subject
assertion.authn_statement = authn_statement
assertion.attribute_statement = attribute_statement
return assertion
def assertion_factory(**kwargs):
assertion = saml.Assertion(version=VERSION,
id=sid(),
issue_instant=instant())
for key, val in kwargs.items():
setattr(assertion, key, val)
return assertion
def create_authn_query_response(self, subject, session_index=None,
requested_context=None, in_response_to=None,
issuer=None, sign_response=False,
status=None, sign_alg=None, digest_alg=None,
**kwargs):
"""
A successful <Response> will contain one or more assertions containing
authentication statements.
:return:
"""
margs = self.message_args()
asserts = []
for statement in self.session_db.get_authn_statements(
subject.name_id, session_index, requested_context):
asserts.append(saml.Assertion(authn_statement=statement,
subject=subject, **margs))
if asserts:
args = {"assertion": asserts}
else:
args = {}
return self._response(in_response_to, "", status, issuer,
sign_response, to_sign=[], sign_alg=sign_alg,
digest_alg=digest_alg, **args)
def testAccessors(self):
"""Test for Response accessors"""
self.response.id = "response id"
self.response.in_response_to = "request id"
self.response.version = saml2.VERSION
self.response.issue_instant = "2007-09-14T01:05:02Z"
self.response.destination = "http://www.example.com/Destination"
self.response.consent = saml.CONSENT_UNSPECIFIED
self.response.issuer = saml.Issuer()
self.response.signature = ds.Signature()
self.response.extensions = samlp.Extensions()
self.response.status = samlp.Status()
self.response.assertion.append(saml.Assertion())
self.response.encrypted_assertion.append(saml.EncryptedAssertion())
new_response = samlp.response_from_string(self.response.to_string())
assert new_response.id == "response id"
assert new_response.in_response_to == "request id"
assert new_response.version == saml2.VERSION
assert new_response.issue_instant == "2007-09-14T01:05:02Z"
assert new_response.destination == "http://www.example.com/Destination"
assert new_response.consent == saml.CONSENT_UNSPECIFIED
assert isinstance(new_response.issuer, saml.Issuer)
assert isinstance(new_response.signature, ds.Signature)
assert isinstance(new_response.extensions, samlp.Extensions)
assert isinstance(new_response.status, samlp.Status)
assert isinstance(new_response.assertion[0], saml.Assertion)
assert isinstance(new_response.encrypted_assertion[0],
saml.EncryptedAssertion)
def sign_assertion(self, statement, **kwargs):
"""Sign a SAML assertion.
See sign_statement() for the kwargs.
:param statement: The statement to be signed
:return: The signed statement
"""
return self.sign_statement(statement, class_name(saml.Assertion()),
**kwargs)
def sign_assertion_using_xmlsec(self,
statement,
key=None,
key_file=None,
nodeid=None,
id_attr=""):
"""Sign a SAML assertion using xmlsec.
:param statement: The statement to be signed
:param key: The key to be used for the signing, either this or
:param key_file: The file where the key can be found
:return: The signed statement
"""
return self.sign_statement_using_xmlsec(statement,
class_name(saml.Assertion()),
key,
key_file,
nodeid,
id_attr=id_attr)
def test_valid_instance():
attr_statem = saml.AttributeStatement()
text = [
"value of test attribute",
"value1 of test attribute",
"value2 of test attribute",
"value1 of test attribute2",
"value2 of test attribute2",
]
attr_statem.attribute.append(saml.Attribute())
attr_statem.attribute.append(saml.Attribute())
attr_statem.attribute[0].name = "testAttribute"
attr_statem.attribute[0].name_format = saml.NAME_FORMAT_URI
attr_statem.attribute[0].friendly_name = "test attribute"
attr_statem.attribute[0].attribute_value.append(saml.AttributeValue())
attr_statem.attribute[0].attribute_value[0].text = text[0]
attr_statem.attribute[1].name = "testAttribute2"
attr_statem.attribute[1].name_format = saml.NAME_FORMAT_UNSPECIFIED
attr_statem.attribute[1].friendly_name = text[2]
attr_statem.attribute[1].attribute_value.append(saml.AttributeValue())
attr_statem.attribute[1].attribute_value[0].text = text[2]
assert valid_instance(attr_statem)
response = samlp.Response()
response.id = "response id"
response.in_response_to = "request id"
response.version = saml2.VERSION
response.issue_instant = "2007-09-14T01:05:02Z"
response.destination = "http://www.example.com/Destination"
response.consent = saml.CONSENT_UNSPECIFIED
response.issuer = saml.Issuer()
response.status = samlp.Status()
response.assertion.append(saml.Assertion())
with raises(MustValueError):
valid_instance(response)
def sign_assertion_using_xmlsec(self, statement, **kwargs):
""" Deprecated function. See sign_assertion(). """
return self.sign_statement(statement, class_name(saml.Assertion()),
**kwargs)
