class TestIdentifier(): def setup_class(self): self.ident = Identifier("foobar.db") def test_persistent_nameid(self): sp_id = "urn:mace:umu.se:sp" nameid = self.ident.persistent_nameid(sp_id, "abcd0001") remote_id = nameid.text.strip() print remote_id print self.ident.map local = self.ident.local_name(sp_id, remote_id) assert local == "abcd0001" assert self.ident.local_name(sp_id, "pseudo random string") is None assert self.ident.local_name(sp_id+":x", remote_id) is None # Always get the same nameid2 = self.ident.persistent_nameid(sp_id, "abcd0001") assert nameid.text.strip() == nameid2.text.strip() def test_transient_nameid(self): sp_id = "urn:mace:umu.se:sp" nameid = self.ident.transient_nameid(sp_id, "abcd0001") remote_id = nameid.text.strip() print remote_id print self.ident.map local = self.ident.local_name(sp_id, remote_id) assert local == "abcd0001" assert self.ident.local_name(sp_id, "pseudo random string") is None assert self.ident.local_name(sp_id+":x", remote_id) is None # Getting a new, means really getting a new ! nameid2 = self.ident.transient_nameid(sp_id, "abcd0001") assert nameid.text.strip() != nameid2.text.strip() def teardown_class(self): if os.path.exists("foobar.db"): os.unlink("foobar.db")
def create_authn_response(session_id, identity=dict(), sign=True): config = IdPConfig() config.load(idp_config) idp_server = Server(config=config) idp_server.ident = Identifier(auth.AuthDictCache(dict(), '_ident')) authn_response = str( idp_server.authn_response( identity=identity, in_response_to=session_id, destination='https://foo.example.com/sp/acs', sp_entity_id='https://foo.example.com/sp/metadata', name_id_policy=None, userid='Irrelevent', sign=sign, instance=True)) response = samlp.response_from_string(authn_response) return response.assertion[0].subject.name_id.text, authn_response
def auth_response(identity, in_response_to, sp_conf): """Generates a fresh signed authentication response""" sp_entity_id = sp_conf.entityid idp_entity_id = sp_conf.idps().keys()[0] acs = sp_conf.endpoint('assertion_consumer_service')[0] issuer = saml.Issuer(text=idp_entity_id, format=saml.NAMEID_FORMAT_ENTITY) response = response_factory(issuer=issuer, in_response_to=in_response_to, destination=acs, status=success_status_factory()) idp_conf = IdPConfig() name_form = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri" idp_conf.load({ 'entityid': idp_entity_id, 'xmlsec_binary': sp_conf.xmlsec_binary, 'attribute_map_dir': os.path.join(BASEDIR, 'attribute-maps'), 'service': { 'idp': { 'endpoints': tuple(), 'policy': { 'default': { "lifetime": { "minutes": 15 }, "attribute_restrictions": None, "name_form": name_form, } } }, }, 'key_file': os.path.join(BASEDIR, 'idpcert.key'), 'cert_file': os.path.join(BASEDIR, 'idpcert.pem'), 'metadata': { 'local': [os.path.join(BASEDIR, 'sp_metadata.xml')], }, }) server = Server("", idp_conf) server.ident = Identifier(FakeDb()) userid = 'irrelevant' response = server.authn_response(identity, in_response_to, acs, sp_entity_id, None, userid) return '\n'.join(response)
def setup_class(self): self.id = Identifier("subject.db", CONFIG.vorg)
class TestIdentifier(): def setup_class(self): self.id = Identifier("subject.db", CONFIG.vorg) def test_persistent_1(self): policy = Policy({ "default": { "name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "nameid_format": NAMEID_FORMAT_PERSISTENT, "attribute_restrictions": { "surName": [".*berg"], } } }) nameid = self.id.construct_nameid(policy, "foobar", "urn:mace:example.com:sp:1") assert _eq(nameid.keys(), [ 'text', 'sp_provided_id', 'sp_name_qualifier', 'name_qualifier', 'format' ]) assert _eq(nameid.keyswv(), ['format', 'text', 'sp_name_qualifier']) assert nameid.sp_name_qualifier == "urn:mace:example.com:sp:1" assert nameid.format == NAMEID_FORMAT_PERSISTENT nameid_2 = self.id.construct_nameid(policy, "foobar", "urn:mace:example.com:sp:1") assert nameid != nameid_2 assert nameid.text == nameid_2.text def test_transient_1(self): policy = Policy({ "default": { "name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "nameid_format": NAMEID_FORMAT_TRANSIENT, "attribute_restrictions": { "surName": [".*berg"], } } }) nameid = self.id.construct_nameid(policy, "foobar", "urn:mace:example.com:sp:1") assert _eq(nameid.keyswv(), ['text', 'format', 'sp_name_qualifier']) assert nameid.format == NAMEID_FORMAT_TRANSIENT def test_vo_1(self): policy = Policy({ "default": { "name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "nameid_format": NAMEID_FORMAT_PERSISTENT, "attribute_restrictions": { "surName": [".*berg"], } } }) name_id_policy = samlp.name_id_policy_from_string(NAME_ID_POLICY_1) print name_id_policy print self.id.voconf nameid = self.id.construct_nameid(policy, "foobar", "urn:mace:example.com:sp:1", {"uid": "foobar01"}, name_id_policy) print nameid assert _eq(nameid.keyswv(), ['text', 'sp_name_qualifier', 'format']) assert nameid.sp_name_qualifier == 'http://vo.example.org/biomed' assert nameid.format == 'urn:oid:2.16.756.1.2.5.1.1.1-NameID' assert nameid.text == "foobar01" def test_vo_2(self): policy = Policy({ "default": { "name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "nameid_format": NAMEID_FORMAT_PERSISTENT, "attribute_restrictions": { "surName": [".*berg"], } } }) name_id_policy = samlp.name_id_policy_from_string(NAME_ID_POLICY_2) nameid = self.id.construct_nameid(policy, "foobar", "urn:mace:example.com:sp:1", {"uid": "foobar01"}, name_id_policy) assert _eq(nameid.keyswv(), ['text', 'sp_name_qualifier', 'format']) assert nameid.sp_name_qualifier == 'http://vo.example.org/design' assert nameid.format == NAMEID_FORMAT_PERSISTENT assert nameid.text == "foobar01"
def setup_class(self): self.id = Identifier("subject.db", CONFIG.virtual_organization)
class TestIdentifier: def setup_class(self): self.id = Identifier("subject.db", CONFIG.vorg) def test_persistent_1(self): policy = Policy( { "default": { "name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "nameid_format": NAMEID_FORMAT_PERSISTENT, "attribute_restrictions": {"surName": [".*berg"]}, } } ) nameid = self.id.construct_nameid(policy, "foobar", "urn:mace:example.com:sp:1") assert _eq(nameid.keys(), ["text", "sp_provided_id", "sp_name_qualifier", "name_qualifier", "format"]) assert _eq(nameid.keyswv(), ["format", "text", "sp_name_qualifier"]) assert nameid.sp_name_qualifier == "urn:mace:example.com:sp:1" assert nameid.format == NAMEID_FORMAT_PERSISTENT nameid_2 = self.id.construct_nameid(policy, "foobar", "urn:mace:example.com:sp:1") assert nameid != nameid_2 assert nameid.text == nameid_2.text def test_transient_1(self): policy = Policy( { "default": { "name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "nameid_format": NAMEID_FORMAT_TRANSIENT, "attribute_restrictions": {"surName": [".*berg"]}, } } ) nameid = self.id.construct_nameid(policy, "foobar", "urn:mace:example.com:sp:1") assert _eq(nameid.keyswv(), ["text", "format", "sp_name_qualifier"]) assert nameid.format == NAMEID_FORMAT_TRANSIENT def test_vo_1(self): policy = Policy( { "default": { "name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "nameid_format": NAMEID_FORMAT_PERSISTENT, "attribute_restrictions": {"surName": [".*berg"]}, } } ) name_id_policy = samlp.name_id_policy_from_string(NAME_ID_POLICY_1) print name_id_policy print self.id.voconf nameid = self.id.construct_nameid( policy, "foobar", "urn:mace:example.com:sp:1", {"uid": "foobar01"}, name_id_policy ) print nameid assert _eq(nameid.keyswv(), ["text", "sp_name_qualifier", "format"]) assert nameid.sp_name_qualifier == "http://vo.example.org/biomed" assert nameid.format == "urn:oid:2.16.756.1.2.5.1.1.1-NameID" assert nameid.text == "foobar01" def test_vo_2(self): policy = Policy( { "default": { "name_form": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "nameid_format": NAMEID_FORMAT_PERSISTENT, "attribute_restrictions": {"surName": [".*berg"]}, } } ) name_id_policy = samlp.name_id_policy_from_string(NAME_ID_POLICY_2) nameid = self.id.construct_nameid( policy, "foobar", "urn:mace:example.com:sp:1", {"uid": "foobar01"}, name_id_policy ) assert _eq(nameid.keyswv(), ["text", "sp_name_qualifier", "format"]) assert nameid.sp_name_qualifier == "http://vo.example.org/design" assert nameid.format == NAMEID_FORMAT_PERSISTENT assert nameid.text == "foobar01"
def setup_class(self): self.ident = Identifier("foobar.db")