'SERVER_NAME': 'lingon-catalogix-se-2.local', 'REMOTE_PORT': '57309', 'wsgi.url_scheme': 'http', 'SERVER_PORT': '8087', 'HTTP_HOST': '127.0.0.1:8087', 'wsgi.multithread': True, 'HTTP_ACCEPT': 'application/xml,application/xhtml+xml,text/html;q=0.9,' 'text/plain;q=0.8,image/png,*/*;q=0.5', 'wsgi.version': (1, 0), 'wsgi.run_once': False, 'wsgi.multiprocess': False, 'HTTP_ACCEPT_LANGUAGE': 'en-us', 'HTTP_ACCEPT_ENCODING': 'gzip, deflate' } trans_name_policy = NameIDPolicy(format=NAMEID_FORMAT_TRANSIENT, allow_create="true") AUTHN = { "class_ref": INTERNETPROTOCOLPASSWORD, "authn_auth": "http://www.example.com/login" } class TestSP(): def setup_class(self): self.sp = make_plugin("rem", saml_conf="server_conf") self.server = Server(config_file="idp_conf") def teardown_class(self): self.server.close()
def test_co_static_attributes(self, frontend, context, internal_response, idp_conf, sp_conf): # Use the frontend and context fixtures to dynamically create the # proxy IdP server that would be created during a flow. idp_server = frontend._create_co_virtual_idp(context) # Use the context fixture to find the CO name and the backend name # and then use those to dynamically update the ipd_conf fixture. co_name = frontend._get_co_name(context) backend_name = context.target_backend idp_conf = frontend._add_endpoints_to_config(idp_conf, co_name, backend_name) idp_conf = frontend._add_entity_id(context, idp_conf, co_name) # Use a utility function to serialize the idp_conf IdP configuration # fixture to a string and then dynamically update the sp_conf # SP configuration fixture with the metadata. idp_metadata_str = create_metadata_from_config_dict(idp_conf) sp_conf["metadata"]["inline"].append(idp_metadata_str) sp_config = SPConfig().load(sp_conf, metadata_construction=False) # Use the updated sp_config fixture to generate a fake SP and then # use the fake SP to generate an authentication request aimed at the # proxy CO virtual IdP. fakesp = FakeSP(sp_config) destination, auth_req = fakesp.make_auth_req( idp_server.config.entityid, nameid_format=None, relay_state="relay_state", subject=None, ) # Update the context with the authentication request. context.request = auth_req # Create the response arguments necessary for the IdP to respond to # the authentication request, update the request state and with it # the context, and then use the frontend fixture and the # internal_response fixture to handle the authentication response # and generate a response from the proxy IdP to the SP. resp_args = { "name_id_policy": NameIDPolicy(format=NAMEID_FORMAT_TRANSIENT), "in_response_to": None, "destination": sp_config.endpoint("assertion_consumer_service", binding=BINDING_HTTP_REDIRECT)[0], "sp_entity_id": sp_conf["entityid"], "binding": BINDING_HTTP_REDIRECT } request_state = frontend._create_state_data(context, resp_args, "") context.state[frontend.name] = request_state frontend.handle_authn_response(context, internal_response) # Verify that the frontend added the CO static SAML attributes to the # internal response. for attr, value in self.CO_STATIC_SAML_ATTRIBUTES.items(): assert internal_response.attributes[attr] == value
def test_basic_flow(): sp = Saml2Client(config_file="servera_conf") with closing(Server(config_file="idp_all_conf")) as idp: # -------- @IDP ------------- relay_state = "FOO" # -- dummy request --- orig_req = AuthnRequest(issuer=sp._issuer(), name_id_policy=NameIDPolicy( allow_create="true", format=NAMEID_FORMAT_TRANSIENT)) # == Create an AuthnRequest response name_id = idp.ident.transient_nameid("id12", sp.config.entityid) binding, destination = idp.pick_binding("assertion_consumer_service", entity_id=sp.config.entityid) resp = idp.create_authn_response( { "eduPersonEntitlement": "Short stop", "surName": "Jeter", "givenName": "Derek", "mail": "*****@*****.**", "title": "The man" }, "id-123456789", destination, sp.config.entityid, name_id=name_id, authn=AUTHN) hinfo = idp.apply_binding(binding, "%s" % resp, destination, relay_state) # --------- @SP ------------- xmlstr = get_msg(hinfo, binding) aresp = sp.parse_authn_request_response(xmlstr, binding, {resp.in_response_to: "/"}) # == Look for assertion X asid = aresp.assertion.id binding, destination = sp.pick_binding("assertion_id_request_service", entity_id=idp.config.entityid) hinfo = sp.apply_binding(binding, asid, destination) # ---------- @IDP ------------ aid = get_msg(hinfo, binding, response=False) # == construct response resp = idp.create_assertion_id_request_response(aid) hinfo = idp.apply_binding(binding, "%s" % resp, None, "", response=True) # ----------- @SP ------------- xmlstr = get_msg(hinfo, binding, response=True) final = sp.parse_assertion_id_request_response(xmlstr, binding) print final.response assert isinstance(final.response, Assertion)