def test_acr_mapping_per_idp_in_authn_response(self, idp_conf, sp_conf):
expected_loa = "LoA1"
loa = {
"": "http://eidas.europa.eu/LoA/low",
idp_conf["entityid"]: expected_loa
}
base = self.construct_base_url_from_entity_id(idp_conf["entityid"])
conf = {
"idp_config": idp_conf,
"endpoints": ENDPOINTS,
"base": base,
"state_id": "state_id",
"acr_mapping": loa
}
samlfrontend = SamlFrontend(None, INTERNAL_ATTRIBUTES, conf)
samlfrontend.register_endpoints(["foo"])
idp_metadata_str = create_metadata_from_config_dict(
samlfrontend.config)
sp_conf["metadata"]["inline"].append(idp_metadata_str)
fakesp = FakeSP(None,
config=SPConfig().load(sp_conf,
metadata_construction=False))
auth_info = AuthenticationInformation(PASSWORD, "2015-09-30T12:21:37Z",
idp_conf["entityid"])
internal_response = InternalResponse(auth_info=auth_info)
context = Context()
context.state = State()
resp_args = {
"name_id_policy": NameIDPolicy(format=NAMEID_FORMAT_TRANSIENT),
"in_response_to": None,
"destination": "",
"sp_entity_id": None,
"binding": BINDING_HTTP_REDIRECT
}
request_state = samlfrontend.save_state(context, resp_args, "")
context.state.add(conf["state_id"], request_state)
resp = samlfrontend.handle_authn_response(context, internal_response)
resp_dict = parse_qs(urlparse(resp.message).query)
resp = fakesp.parse_authn_request_response(
resp_dict['SAMLResponse'][0], BINDING_HTTP_REDIRECT)
assert len(resp.assertion.authn_statement) == 1
authn_context_class_ref = resp.assertion.authn_statement[
0].authn_context.authn_context_class_ref
assert authn_context_class_ref.text == expected_loa
def test_acr_mapping_per_idp_in_authn_response(self, idp_conf, sp_conf):
expected_loa = "LoA1"
loa = {"": "http://eidas.europa.eu/LoA/low", idp_conf["entityid"]: expected_loa}
base = self.construct_base_url_from_entity_id(idp_conf["entityid"])
conf = {"idp_config": idp_conf, "endpoints": ENDPOINTS, "base": base,
"state_id": "state_id", "acr_mapping": loa}
samlfrontend = SamlFrontend(None, INTERNAL_ATTRIBUTES, conf)
samlfrontend.register_endpoints(["foo"])
idp_metadata_str = create_metadata_from_config_dict(samlfrontend.config)
sp_conf["metadata"]["inline"].append(idp_metadata_str)
fakesp = FakeSP(None, config=SPConfig().load(sp_conf, metadata_construction=False))
auth_info = AuthenticationInformation(PASSWORD, "2015-09-30T12:21:37Z", idp_conf["entityid"])
internal_response = InternalResponse(auth_info=auth_info)
context = Context()
context.state = State()
resp_args = {
"name_id_policy": NameIDPolicy(format=NAMEID_FORMAT_TRANSIENT),
"in_response_to": None,
"destination": "",
"sp_entity_id": None,
"binding": BINDING_HTTP_REDIRECT
}
request_state = samlfrontend.save_state(context, resp_args, "")
context.state.add(conf["state_id"], request_state)
resp = samlfrontend.handle_authn_response(context, internal_response)
resp_dict = parse_qs(urlparse(resp.message).query)
resp = fakesp.parse_authn_request_response(resp_dict['SAMLResponse'][0],
BINDING_HTTP_REDIRECT)
assert len(resp.assertion.authn_statement) == 1
authn_context_class_ref = resp.assertion.authn_statement[
0].authn_context.authn_context_class_ref
assert authn_context_class_ref.text == expected_loa
def test_respect_sp_entity_categories(self, entity_category, expected_attributes, idp_conf, sp_conf):
base = self.construct_base_url_from_entity_id(idp_conf["entityid"])
conf = {"idp_config": idp_conf, "endpoints": ENDPOINTS, "base": base,
"state_id": "state_id"}
internal_attributes = {attr_name: {"saml": [attr_name.lower()]} for attr_name in expected_attributes}
samlfrontend = SamlFrontend(None, dict(attributes=internal_attributes), conf)
samlfrontend.register_endpoints(["foo"])
idp_metadata_str = create_metadata_from_config_dict(samlfrontend.idp_config)
sp_conf["metadata"]["inline"].append(idp_metadata_str)
sp_conf["entity_category"] = entity_category
fakesp = FakeSP(None, config=SPConfig().load(sp_conf, metadata_construction=False))
auth_info = AuthenticationInformation(PASSWORD, "2015-09-30T12:21:37Z", idp_conf["entityid"])
internal_response = InternalResponse(auth_info=auth_info)
user_attributes = {k: "foo" for k in expected_attributes}
user_attributes.update({k: "bar" for k in ["extra", "more", "stuff"]})
internal_response.add_attributes(user_attributes)
context = Context()
context.state = State()
resp_args = {
"name_id_policy": NameIDPolicy(format=NAMEID_FORMAT_TRANSIENT),
"in_response_to": None,
"destination": "",
"sp_entity_id": None,
"binding": BINDING_HTTP_REDIRECT
}
request_state = samlfrontend.save_state(context, resp_args, "")
context.state.add(conf["state_id"], request_state)
resp = samlfrontend.handle_authn_response(context, internal_response)
resp_dict = parse_qs(urlparse(resp.message).query)
resp = fakesp.parse_authn_request_response(resp_dict['SAMLResponse'][0],
BINDING_HTTP_REDIRECT)
assert Counter(resp.ava.keys()) == Counter(expected_attributes)
