def test_make_soap_envelope():
envelope = ElementTree.Element('')
envelope.tag = '{%s}Envelope' % NAMESPACE
body = ElementTree.Element('')
body.tag = '{%s}Body' % NAMESPACE
envelope.append(body)
request = samlp.AuthnRequest()
request.become_child_element_of(body)
assert envelope.tag == '{%s}Envelope' % NAMESPACE
assert len(envelope) == 1
body = envelope[0]
assert body.tag == '{%s}Body' % NAMESPACE
assert len(body) == 1
saml_part = body[0]
assert saml_part.tag == '{%s}AuthnRequest' % SAMLP_NAMESPACE
"is_passive":None,
"protocol_binding":None,
"assertion_consumer_service_index":None,
"assertion_consumer_service_url":None,
"attribute_consuming_service_index":None,
"provider_name":None,
#saml.Issuer
"issuer":{},
#ds.Signature
"signature":{},
#Extensions
"extensions":{},
"id":None,
"version":None,
"issue_instant":None,
"destination":None,
"consent":None,
#text=None,
#extension_elements=None,
#extension_attributes=None,
}
request = samlp.AuthnRequest(
id= query_id,
version= VERSION,
issue_instant= instant(),
assertion_consumer_service_url= service_url,
protocol_binding= binding
)
def setup_class(self):
self.ar = samlp.AuthnRequest()
def authn_request(self,
query_id,
destination,
service_url,
spentityid,
my_name="",
vorg="",
scoping=None,
log=None,
sign=None,
binding=BINDING_HTTP_POST,
nameid_format=saml.NAMEID_FORMAT_TRANSIENT,
**kwargs):
""" Creates an authentication request.
:param query_id: The identifier for this request
:param destination: Where the request should be sent.
:param service_url: Where the reply should be sent.
:param spentityid: The entity identifier for this service.
:param my_name: The name of this service.
:param vorg: The vitual organization the service belongs to.
:param scoping: The scope of the request
:param log: A service to which logs should be written
:param sign: Whether the request should be signed or not.
:param binding: The protocol to use for the Response !!
:return: <samlp:AuthnRequest> instance
added: we want additional kw arguments, namely is_passive
"""
request = samlp.AuthnRequest(
id=query_id,
version=VERSION,
issue_instant=instant(),
assertion_consumer_service_url=service_url,
protocol_binding=binding,
**kwargs)
if destination:
request.destination = destination
if my_name:
request.provider_name = my_name
if scoping:
request.scoping = scoping
# Profile stuff, should be configurable
if nameid_format == saml.NAMEID_FORMAT_TRANSIENT:
name_id_policy = samlp.NameIDPolicy(allow_create="true",
format=nameid_format)
else:
name_id_policy = samlp.NameIDPolicy(format=nameid_format)
if vorg:
try:
name_id_policy.sp_name_qualifier = vorg
name_id_policy.format = saml.NAMEID_FORMAT_PERSISTENT
except KeyError:
pass
if sign is None:
sign = self.authn_requests_signed
if sign:
request.signature = pre_signature_part(request.id,
self.sec.my_cert, 1)
to_sign = [(class_name(request), request.id)]
else:
to_sign = []
request.name_id_policy = name_id_policy
request.issuer = self._issuer(spentityid)
logger.info("REQUEST: %s" % request)
return signed_instance_factory(request, self.sec, to_sign)