def test_create_class_from_xml_string_nameid():
kl = create_class_from_xml_string(NameID, ITEMS[NameID][0])
assert kl != None
assert kl.format == "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
assert kl.sp_provided_id == "sp provided id"
assert kl.text.strip() == "*****@*****.**"
assert _eq(kl.keyswv(), ['sp_provided_id', 'format', 'text'])
assert class_name(kl) == "urn:oasis:names:tc:SAML:2.0:assertion:NameID"
assert _eq(kl.keys(), ['sp_provided_id', 'sp_name_qualifier',
'name_qualifier', 'format', 'text'])
kl = create_class_from_xml_string(NameID, ITEMS[NameID][1])
assert kl != None
assert kl.format == "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
assert kl.sp_name_qualifier == "https://foo.example.com/sp"
assert kl.text.strip() == "_1632879f09d08ea5ede2dc667cbed7e429ebc4335c"
assert _eq(kl.keyswv(), ['sp_name_qualifier', 'format', 'text'])
assert class_name(kl) == "urn:oasis:names:tc:SAML:2.0:assertion:NameID"
kl = create_class_from_xml_string(NameID, ITEMS[NameID][2])
assert kl != None
assert kl.format == "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
assert kl.name_qualifier == "http://authentic.example.com/saml/metadata"
assert kl.sp_name_qualifier == "http://auth.example.com/saml/metadata"
assert kl.text.strip() == "test"
assert _eq(kl.keyswv(), ['sp_name_qualifier', 'format', 'name_qualifier',
'text'])
assert class_name(kl) == "urn:oasis:names:tc:SAML:2.0:assertion:NameID"
def test_create_class_from_xml_string_xxe():
xml = """<?xml version="1.0"?>
<!DOCTYPE lolz [
<!ENTITY lol "lol">
<!ELEMENT lolz (#PCDATA)>
<!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">
]>
<lolz>&lol1;</lolz>
"""
with raises(EntitiesForbidden) as err:
create_class_from_xml_string(NameID, xml)
def test_subject_confirmation_with_extension():
kl = create_class_from_xml_string(SubjectConfirmation,
SUBJECT_CONFIRMATION_WITH_MEMBER_EXTENSION)
assert kl != None
print(kl.__dict__)
assert kl.extension_attributes == {}
assert kl.method == "urn:oasis:names:tc:SAML:2.0:cm:bearer"
name_id = kl.name_id
assert _eq(name_id.keyswv(), ['format', 'name_qualifier', 'text'])
assert name_id.format == "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
assert name_id.name_qualifier == "http://authentic.example.com/saml/metadata"
assert name_id.text.strip() == "*****@*****.**"
subject_confirmation_data = kl.subject_confirmation_data
assert _eq(subject_confirmation_data.keyswv(), ['not_on_or_after',
'recipient',
'in_response_to'])
assert subject_confirmation_data.recipient == \
"http://auth.example.com/saml/proxySingleSignOnRedirect"
assert subject_confirmation_data.not_on_or_after == "2010-02-17T17:02:38Z"
assert subject_confirmation_data.in_response_to == \
"_59B3A01B03334032C31E434C63F89E3E"
assert len(kl.extension_elements) == 1
ee = kl.extension_elements[0]
assert ee.tag == "Trustlevel"
assert ee.namespace == "urn:mace:example.com:saml:assertion"
assert ee.text.strip() == "Excellent"
def test_to_fro_string_1():
kl = create_class_from_xml_string(SubjectConfirmation,
SUBJECT_CONFIRMATION_WITH_MEMBER_EXTENSION)
txt = kl.to_string()
cpy = create_class_from_xml_string(SubjectConfirmation, txt)
print(kl.__dict__)
print(cpy.__dict__)
assert kl.text.strip() == cpy.text.strip()
assert _eq(kl.keyswv(), cpy.keyswv())
assert len(kl.extension_elements) == len(cpy.extension_elements)
klee = kl.extension_elements[0]
cpyee = cpy.extension_elements[0]
assert klee.text.strip() == cpyee.text.strip()
assert klee.tag == cpyee.tag
assert klee.namespace == cpyee.namespace
def test_create_class_from_xml_string_subject_locality():
kl = create_class_from_xml_string(SubjectLocality, ITEMS[SubjectLocality])
assert kl != None
assert _eq(kl.keyswv(), ['address', "dns_name"])
assert kl.address == "127.0.0.1"
assert kl.dns_name == "localhost"
assert class_name(
kl) == "urn:oasis:names:tc:SAML:2.0:assertion:SubjectLocality"
def test_create_class_from_xml_string_subject_confirmation_data():
kl = create_class_from_xml_string(SubjectConfirmationData,
ITEMS[SubjectConfirmationData])
assert kl != None
assert _eq(kl.keyswv(), ['in_response_to', 'not_on_or_after',
'not_before', 'recipient'])
assert kl.in_response_to == "_1683146e27983964fbe7bf8f08961108d166a652e5"
assert kl.not_on_or_after == "2010-02-18T13:52:13.959Z"
assert kl.not_before == "2010-01-16T12:00:00Z"
assert kl.recipient == "http://192.168.0.10/saml/sp"
assert class_name(kl) == \
"urn:oasis:names:tc:SAML:2.0:assertion:SubjectConfirmationData"
def test_nameid_with_extension():
kl = create_class_from_xml_string(NameID, NAMEID_WITH_ATTRIBUTE_EXTENSION)
assert kl != None
print(kl.__dict__)
assert kl.format == "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
assert kl.sp_provided_id == "sp provided id"
assert kl.text.strip() == "*****@*****.**"
assert _eq(kl.keyswv(), ['sp_provided_id', 'format',
'extension_attributes', 'text'])
assert class_name(kl) == "urn:oasis:names:tc:SAML:2.0:assertion:NameID"
assert _eq(kl.keys(), ['sp_provided_id', 'sp_name_qualifier',
'name_qualifier', 'format', 'text'])
assert kl.extension_attributes == {
'{urn:mace:example.com:saml:assertion}Foo': 'BAR'}
def test_attribute_element_to_extension_element():
attr = create_class_from_xml_string(Attribute, saml2_data.TEST_ATTRIBUTE)
ee = saml2_tophat.element_to_extension_element(attr)
print(ee.__dict__)
assert ee.tag == "Attribute"
assert ee.namespace == 'urn:oasis:names:tc:SAML:2.0:assertion'
assert _eq(ee.attributes.keys(), ['FriendlyName', 'Name', 'NameFormat'])
assert ee.attributes["FriendlyName"] == 'test attribute'
assert ee.attributes["Name"] == "testAttribute"
assert ee.attributes["NameFormat"] == \
'urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified'
assert len(ee.children) == 2
for child in ee.children:
# children are also extension element instances
assert child.namespace == 'urn:oasis:names:tc:SAML:2.0:assertion'
assert child.tag == "AttributeValue"
def test_create_class_from_xml_string_subject_confirmation():
kl = create_class_from_xml_string(SubjectConfirmation,
ITEMS[SubjectConfirmation])
assert kl != None
assert _eq(kl.keyswv(), ['method', 'name_id',
'subject_confirmation_data'])
assert kl.method == "urn:oasis:names:tc:SAML:2.0:cm:bearer"
name_id = kl.name_id
assert _eq(name_id.keyswv(), ['format', 'name_qualifier', 'text'])
assert name_id.format == "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
assert name_id.name_qualifier == "http://authentic.example.com/saml/metadata"
assert name_id.text.strip() == "*****@*****.**"
subject_confirmation_data = kl.subject_confirmation_data
assert _eq(subject_confirmation_data.keyswv(), ['not_on_or_after',
'recipient',
'in_response_to'])
assert subject_confirmation_data.recipient == \
"http://auth.example.com/saml/proxySingleSignOnRedirect"
assert subject_confirmation_data.not_on_or_after == "2010-02-17T17:02:38Z"
assert subject_confirmation_data.in_response_to == \
"_59B3A01B03334032C31E434C63F89E3E"
assert class_name(kl) == \
"urn:oasis:names:tc:SAML:2.0:assertion:SubjectConfirmation"
def fault_to_from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(FaultTo, xml_string)
def retry_after_from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(RetryAfter, xml_string)
def problem_action_type__soap_action_from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(
ProblemActionType_SoapAction, xml_string)
def action_from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(Action, xml_string)
def security_token_reference_from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(SecurityTokenReference, xml_string)
def faultcode_enum__from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(FaultcodeEnum_, xml_string)
def publication_info_from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(PublicationInfo, xml_string)
def publication_path_from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(PublicationPath, xml_string)
def attributed_uri_type__from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(AttributedURIType_,
xml_string)
def registration_info_from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(RegistrationInfo, xml_string)
def relationship_type__from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(RelationshipType_,
xml_string)
def endpoint_reference_from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(EndpointReference,
xml_string)
def problem_action_from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(ProblemAction, xml_string)
def reference_from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(Reference, xml_string)
def registration_policy_from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(RegistrationPolicy, xml_string)
def key_identifier_from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(KeyIdentifier, xml_string)
def usage_policy_from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(UsagePolicy, xml_string)
def transformation_parameters_from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(TransformationParameters, xml_string)
def reply_to_from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(ReplyTo, xml_string)
def encoded_string__from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(EncodedString_, xml_string)
def attributed_uri_type__from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(AttributedURIType_, xml_string)
def relates_to_from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(RelatesTo, xml_string)
def request_initiator_from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(RequestInitiator, xml_string)
def metadata_type__from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(MetadataType_, xml_string)
def t_usage__from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(TUsage_, xml_string)
def problem_header_q_name_from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(ProblemHeaderQName,
xml_string)
def username_token_from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(UsernameToken, xml_string)
def publication_type__from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(PublicationType_, xml_string)
def from_from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(From, xml_string)
def relationship_type__from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(RelationshipType_, xml_string)
def test_complete_flow():
client = ecp_client.Client("user",
"password",
metadata_file=full_path("idp_all.xml"))
sp = Saml2Client(config_file=dotname("servera_conf"))
with closing(Server(config_file=dotname("idp_all_conf"))) as idp:
IDP_ENTITY_ID = idp.config.entityid
#SP_ENTITY_ID = sp.config.entityid
# ------------ @Client -----------------------------
headers = client.add_paos_headers([])
assert len(headers) == 2
# ------------ @SP -----------------------------
response = DummyResponse(set_list2dict(headers))
assert sp.can_handle_ecp_response(response)
sid, message = sp.create_ecp_authn_request(IDP_ENTITY_ID,
relay_state="XYZ")
# ------------ @Client -----------------------------
respdict = client.parse_soap_message(message)
cargs = client.parse_sp_ecp_response(respdict)
assert isinstance(respdict["body"], AuthnRequest)
assert len(respdict["header"]) == 2
item0 = respdict["header"][0]
assert isinstance(item0, Request) or isinstance(item0, RelayState)
destination = respdict["body"].destination
ht_args = client.apply_binding(BINDING_SOAP, respdict["body"],
destination)
# Time to send to the IDP
# ----------- @IDP -------------------------------
req = idp.parse_authn_request(ht_args["data"], BINDING_SOAP)
assert isinstance(req.message, AuthnRequest)
# create Response and return in the SOAP response
sp_entity_id = req.sender()
name_id = idp.ident.transient_nameid("id12", sp.config.entityid)
binding, destination = idp.pick_binding("assertion_consumer_service",
[BINDING_PAOS],
entity_id=sp_entity_id)
resp = idp.create_ecp_authn_request_response(destination, {
"eduPersonEntitlement": "Short stop",
"surName": "Jeter",
"givenName": "Derek",
"mail": "*****@*****.**",
"title": "The man"
},
req.message.id,
destination,
sp_entity_id,
name_id=name_id,
authn=AUTHN)
# ------------ @Client -----------------------------
# The client got the response from the IDP repackage and send it to the SP
respdict = client.parse_soap_message(resp)
idp_response = respdict["body"]
assert isinstance(idp_response, Response)
assert len(respdict["header"]) == 1
_ecp_response = None
for item in respdict["header"]:
if item.c_tag == "Response" and item.c_namespace == ecp_prof.NAMESPACE:
_ecp_response = item
#_acs_url = _ecp_response.assertion_consumer_service_url
# done phase2 at the client
ht_args = client.use_soap(idp_response, cargs["rc_url"],
[cargs["relay_state"]])
print(ht_args)
# ------------ @SP -----------------------------
respdict = sp.unpack_soap_message(ht_args["data"])
# verify the relay_state
for header in respdict["header"]:
inst = create_class_from_xml_string(RelayState, header)
if isinstance(inst, RelayState):
assert inst.text == "XYZ"
# parse the response
# Explicitly allow unsigned responses for this test
sp.want_response_signed = False
resp = sp.parse_authn_request_response(respdict["body"], None,
{sid: "/"})
print(resp.response)
assert resp.response.destination == "http://lingon.catalogix.se:8087/paos"
assert resp.response.status.status_code.value == STATUS_SUCCESS
def fault_codes_open_enum_type__from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(FaultCodesOpenEnumType_, xml_string)
def originator_key_info_from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(OriginatorKeyInfo,
xml_string)
def username_token_type__username_from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(UsernameTokenType_Username, xml_string)
def recipient_key_info_from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(RecipientKeyInfo,
xml_string)
def security_header_type__from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(SecurityHeaderType_, xml_string)
def agreement_method_type__from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(AgreementMethodType_,
xml_string)
def binary_security_token_from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(BinarySecurityToken, xml_string)
def encryption_property_type__from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(EncryptionPropertyType_,
xml_string)
def embedded_from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(Embedded, xml_string)
def key_size_from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(KeySize, xml_string)
def attributed_string__from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(AttributedString_, xml_string)
def oae_pparams_from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(OAEPparams, xml_string)
def security_from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(Security, xml_string)
def transforms_from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(Transforms, xml_string)
def nonce_from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(Nonce, xml_string)
def cipher_reference_type__from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(CipherReferenceType_,
xml_string)
def password_string__from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(PasswordString_, xml_string)
def encryption_method_from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(EncryptionMethod,
xml_string)
def test_complete_flow():
client = ecp_client.Client("user", "password",
metadata_file=full_path("idp_all.xml"))
sp = Saml2Client(config_file=dotname("servera_conf"))
with closing(Server(config_file=dotname("idp_all_conf"))) as idp:
IDP_ENTITY_ID = idp.config.entityid
#SP_ENTITY_ID = sp.config.entityid
# ------------ @Client -----------------------------
headers = client.add_paos_headers([])
assert len(headers) == 2
# ------------ @SP -----------------------------
response = DummyResponse(set_list2dict(headers))
assert sp.can_handle_ecp_response(response)
sid, message = sp.create_ecp_authn_request(IDP_ENTITY_ID, relay_state="XYZ")
# ------------ @Client -----------------------------
respdict = client.parse_soap_message(message)
cargs = client.parse_sp_ecp_response(respdict)
assert isinstance(respdict["body"], AuthnRequest)
assert len(respdict["header"]) == 2
item0 = respdict["header"][0]
assert isinstance(item0, Request) or isinstance(item0, RelayState)
destination = respdict["body"].destination
ht_args = client.apply_binding(BINDING_SOAP, respdict["body"], destination)
# Time to send to the IDP
# ----------- @IDP -------------------------------
req = idp.parse_authn_request(ht_args["data"], BINDING_SOAP)
assert isinstance(req.message, AuthnRequest)
# create Response and return in the SOAP response
sp_entity_id = req.sender()
name_id = idp.ident.transient_nameid( "id12", sp.config.entityid)
binding, destination = idp.pick_binding("assertion_consumer_service",
[BINDING_PAOS],
entity_id=sp_entity_id)
resp = idp.create_ecp_authn_request_response(
destination, {"eduPersonEntitlement": "Short stop",
"surName": "Jeter",
"givenName": "Derek",
"mail": "*****@*****.**",
"title": "The man"
},
req.message.id, destination, sp_entity_id,
name_id=name_id, authn=AUTHN)
# ------------ @Client -----------------------------
# The client got the response from the IDP repackage and send it to the SP
respdict = client.parse_soap_message(resp)
idp_response = respdict["body"]
assert isinstance(idp_response, Response)
assert len(respdict["header"]) == 1
_ecp_response = None
for item in respdict["header"]:
if item.c_tag == "Response" and item.c_namespace == ecp_prof.NAMESPACE:
_ecp_response = item
#_acs_url = _ecp_response.assertion_consumer_service_url
# done phase2 at the client
ht_args = client.use_soap(idp_response, cargs["rc_url"],
[cargs["relay_state"]])
print(ht_args)
# ------------ @SP -----------------------------
respdict = sp.unpack_soap_message(ht_args["data"])
# verify the relay_state
for header in respdict["header"]:
inst = create_class_from_xml_string(RelayState, header)
if isinstance(inst, RelayState):
assert inst.text == "XYZ"
# parse the response
# Explicitly allow unsigned responses for this test
sp.want_response_signed = False
resp = sp.parse_authn_request_response(respdict["body"], None, {sid: "/"})
print(resp.response)
assert resp.response.destination == "http://lingon.catalogix.se:8087/paos"
assert resp.response.status.status_code.value == STATUS_SUCCESS
def to_from_string(xml_string):
return saml2_tophat.create_class_from_xml_string(To, xml_string)
