tests: use dummy metadata from lasso, starts tests of SSO/SLO (fixes #11476)

This commit is contained in:
Benjamin Dauvergne 2016-06-20 17:25:38 +02:00
parent 80c748820a
commit 958cb65acd
9 changed files with 312 additions and 26 deletions

27
tests/idp-private-key.pem Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAzTofHpWAdhH3BR/+1lVVNGRVY2qH3H4+8cDaofg5gy6oazgB
/qVTZixm+euZF1wVa/T5SR0CBeFF4JYBmC0HWl39b2bqoNGV0ILLKyjDrE88pHP+
k5PBFeb98zRAY95fPDOPfgFc4g64W76fvri8qfXx3665UATOTXnvqnFOnilA/Ml9
00ust5Dy/IKyGgVT4xgm2nVQD6HYmg7Rjyga/LBtTEeKgc3k++fM5t8AzhdoNCiG
Z/Ez1RztanjEoBzWdSrmHAGsemMUxFLPpQJ8yglIYiL7fEkyQ0KMvRcTDk0pVzmN
EqTNKQ3mPwpMz+TWM8+wMc9FjNtZaGc213omWQIDAQABAoIBAEPj5keHzWdBqiXX
38WnlPgv+M9afndCjDANTEYoh14OIUjWzlIe/ufd6HLkrVA89hkwgQbewbyQOT2C
YiSlQLl0PlKMCTIKIzVHD07HvXNTAwykEqNfTZChSYEa1/Ixre+MXvugF8nwdKxk
8xN0qXTQF6OXeVYvQNAAdng743YON4ubqKlEezIwnfG/jcoZrGkiTpx+k1JXJsZN
4dHKFP12RRhUTGjaOkBo41w8GNKQLFpy1vqAOYMyi1SJcrwpAu3H0iQug9SylQaM
bFjt8j/m13gu3zXIJbi8xbyg3nqpxl9dxcZG/cDA9z2tLu/h3G3nPq7CXvkZxmjl
ePvOCwECgYEA9zbwYMtd8tT3PHtrCtjwkfxV0dvMmfNw/rRT4ShWtKLmgX+K9nz/
T4qpbehz4z7OvsLjQ6Bt6wjMNMw9SEBeEMyDVTpmzSD2PowARegmeLX4CsilqHHl
/AMYUtywEQ2f65/CWPiMIt8mLnEyJ/dsyVLpuzGUNNt34Yaqpu2qXnUCgYEA1IUy
PObmTh3I8ZyESyGhbu2TYs0A8Zy6eTIAv0ijOIpmUykzjE5pR9sB3nYEd4GTHPEv
hF6SWfNIDDr83TqThJYzkFyXMCxiVLH55U42wlsvwp4jTnOI3K/7Y7U/lEmBlgcl
JbIIv1t9okg3+Kuu4i7iB6JR89cSO/Wfcdu/c9UCgYAHE5eF7cxeqyH4pT/HK7aX
NzXtr/EHZySQ5fCQvWrd+NvIUTJVI/ba/AklkEXg92dLpqCCyxDabYIK8N3AN7d5
m6EWy3kt3geueqt3VNHlGrBi/qNfUwNWV3BWzuJrWox9XjFeAp9gUCrzoWHiKv7+
NFVkemLXsICaABTaemsqEQKBgQDJJ4n1u1gieG7Kwqs1sg9rP9RRoFlUWFTogjvS
0p4r1lQkQstX8qAUM2gBeROhSjRFIMUpNZqxKWT4rpzJibg3tzP3YKx6HIi2Qf+W
3AFY1ZbPT397sj/JI4l/Rv93DFxr9TdkBq/g8GhqQpE3/sj5rgaj0zBe7SOFPWg+
DRGaQQKBgEEcSF5KmpIHnhi3WlfGiEtx3kcD63orKME0YYA5BM6wnmRT4QiSw+qj
i7ljrKGSbmdMFC3ArM42/k2lXYpVLsYWmyaRYSgbdowxLM1XxDJMFIPR2uG6N+vi
HzWkRxi2SXKU42vfs5eA0itHvQP2DfUx8VuvtwVbOxDGgntYia70
-----END RSA PRIVATE KEY-----

View File

@ -1,17 +1,108 @@
<?xml version="1.0"?>
<ns0:EntityDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" entityID="https://cresson.entrouvert.org/idp/saml2/metadata"><ns0:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><ns0:KeyDescriptor><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIIC+TCCAeGgAwIBAgIJAJqAKDUDlSinMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
BAMMCHdob2NhcmVzMB4XDTE0MDUyNzE0MzE0OVoXDTI0MDUyNDE0MzE0OVowEzER
MA8GA1UEAwwId2hvY2FyZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDrUFQGviUE+unV4afJQiRUPp4/D+Ltvuw59BuJwdNEWHA2vchhnwDLlp3RWKaf
SWBJift55C4ybQKn5AEe6FHlIapJPvNqYnVP+0IgUFJmrxTWG9IT/5ZvJS0yer/O
093I5HTqthgcByIAj2L4R3oW21HNCojT4WZDYjG6RAxRFU/10BYY1ILe1SPAMXqc
99QC5fy2sZEJ/Cyd2Vlt1kAQ1+BZSZCL3vvdLfVRKjKZn2yYp8XbSplAZxB+b/iM
duSQHtLaRsV5tizPCdftXECaDn1FKqK0JmcolHFBsfOH2x7I8XEljO/DR/Oy4kzv
/cLdZB5fft4+nCqwLzI7fcRFAgMBAAGjUDBOMB0GA1UdDgQWBBSFV52hDdxJAdbM
Nht32j7+PyFbKTAfBgNVHSMEGDAWgBSFV52hDdxJAdbMNht32j7+PyFbKTAMBgNV
HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCoNxpm99qip4nROCedBIbZnqWj
EkqHRLvIsm+oxf4Ctc6x/N1d2ngEygfT1xf5N5V221XTOgLCkuqi5r0/T6EB7U9y
6ACfVJQmvNaPbFmn2J9rNIAPYPj2cengSZyL3mWyrkPFLj5TsgT98GASX9iThhds
Nq6btZUL9ZUq8v3O7Y1uruMHJAACim4eYBjsCXaF7diKYaftFiwZWy1+3IQzUhmg
Ov4KR9P9bb+W/43i7zAYmdUrBr31/amEvGHoco7cO2bp43/1H8fFOcnkX0wRdN/k
r/hRVIsfeC6ss1NPDu/KzbRVVn5p9qKK6YVqqT3QapnQELgajEfhxpgY7AQx</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns0:KeyDescriptor><ns0:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://cresson.entrouvert.org/idp/saml2/artifact" index="0" /><ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://cresson.entrouvert.org/idp/saml2/slo" ResponseLocation="https://cresson.entrouvert.org/idp/saml2/slo_return" /><ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://cresson.entrouvert.org/idp/saml2/slo" ResponseLocation="https://cresson.entrouvert.org/idp/saml2/slo_return" /><ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://cresson.entrouvert.org/idp/saml2/slo/soap" /><ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://cresson.entrouvert.org/idp/saml2/sso" /><ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://cresson.entrouvert.org/idp/saml2/sso" /></ns0:IDPSSODescriptor></ns0:EntityDescriptor>
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
entityID="http://idp5/metadata">
<IDPSSODescriptor
WantAuthnRequestsSigned="true"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data><ds:X509Certificate>
MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEP
MA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczETMBEGA1UEChMKRW50cm91
dmVydDEPMA0GA1UEAxMGRGFtaWVuMB4XDTA2MTAyNzA5MDc1NFoXDTExMTAyNjA5
MDc1NFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMF
UGFyaXMxEzARBgNVBAoTCkVudHJvdXZlcnQxDzANBgNVBAMTBkRhbWllbjCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM06Hx6VgHYR9wUf/tZVVTRkVWNq
h9x+PvHA2qH4OYMuqGs4Af6lU2YsZvnrmRdcFWv0+UkdAgXhReCWAZgtB1pd/W9m
6qDRldCCyysow6xPPKRz/pOTwRXm/fM0QGPeXzwzj34BXOIOuFu+n764vKn18d+u
uVAEzk1576pxTp4pQPzJfdNLrLeQ8vyCshoFU+MYJtp1UA+h2JoO0Y8oGvywbUxH
ioHN5PvnzObfAM4XaDQohmfxM9Uc7Wp4xKAc1nUq5hwBrHpjFMRSz6UCfMoJSGIi
+3xJMkNCjL0XEw5NKVc5jRKkzSkN5j8KTM/k1jPPsDHPRYzbWWhnNtd6JlkCAwEA
AaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0
ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFP2WWMDShux3iF74+SoO1xf6qhqaMB8G
A1UdIwQYMBaAFGjl6TRXbQDHzSlZu+e8VeBaZMB5MA0GCSqGSIb3DQEBBQUAA4IB
AQAZ/imK7UMognXbs5RfSB8cMW6iNAI+JZqe9XWjvtmLfIIPbHM96o953SiFvrvQ
BZjGmmPMK3UH29cjzDx1R/RQaYTyMrHyTePLh3BMd5mpJ/9eeJCSxPzE2ECqWRUa
pkjukecFXqmRItwgTxSIUE9QkpzvuQRb268PwmgroE0mwtiREADnvTFkLkdiEMew
fiYxZfJJLPBqwlkw/7f1SyzXoPXnz5QbNwDmrHelga6rKSprYKb3pueqaIe8j/AP
NC1/bzp8cGOcJ88BD5+Ny6qgPVCrMLE5twQumJ12V3SvjGNtzFBvg2c/9S5OmVqR
LlTxKnCrWAXftSm1rNtewTsF
</ds:X509Certificate></ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:KeyValue>
MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEP
MA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczETMBEGA1UEChMKRW50cm91
dmVydDEPMA0GA1UEAxMGRGFtaWVuMB4XDTA2MTAyNzA5MDc1NFoXDTExMTAyNjA5
MDc1NFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMF
UGFyaXMxEzARBgNVBAoTCkVudHJvdXZlcnQxDzANBgNVBAMTBkRhbWllbjCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM06Hx6VgHYR9wUf/tZVVTRkVWNq
h9x+PvHA2qH4OYMuqGs4Af6lU2YsZvnrmRdcFWv0+UkdAgXhReCWAZgtB1pd/W9m
6qDRldCCyysow6xPPKRz/pOTwRXm/fM0QGPeXzwzj34BXOIOuFu+n764vKn18d+u
uVAEzk1576pxTp4pQPzJfdNLrLeQ8vyCshoFU+MYJtp1UA+h2JoO0Y8oGvywbUxH
ioHN5PvnzObfAM4XaDQohmfxM9Uc7Wp4xKAc1nUq5hwBrHpjFMRSz6UCfMoJSGIi
+3xJMkNCjL0XEw5NKVc5jRKkzSkN5j8KTM/k1jPPsDHPRYzbWWhnNtd6JlkCAwEA
AaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0
ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFP2WWMDShux3iF74+SoO1xf6qhqaMB8G
A1UdIwQYMBaAFGjl6TRXbQDHzSlZu+e8VeBaZMB5MA0GCSqGSIb3DQEBBQUAA4IB
AQAZ/imK7UMognXbs5RfSB8cMW6iNAI+JZqe9XWjvtmLfIIPbHM96o953SiFvrvQ
BZjGmmPMK3UH29cjzDx1R/RQaYTyMrHyTePLh3BMd5mpJ/9eeJCSxPzE2ECqWRUa
pkjukecFXqmRItwgTxSIUE9QkpzvuQRb268PwmgroE0mwtiREADnvTFkLkdiEMew
fiYxZfJJLPBqwlkw/7f1SyzXoPXnz5QbNwDmrHelga6rKSprYKb3pueqaIe8j/AP
NC1/bzp8cGOcJ88BD5+Ny6qgPVCrMLE5twQumJ12V3SvjGNtzFBvg2c/9S5OmVqR
LlTxKnCrWAXftSm1rNtewTsF
</ds:KeyValue>
</ds:KeyInfo>
</KeyDescriptor>
<ArtifactResolutionService isDefault="true" index="0"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://idp5/artifact" />
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://idp5/singleLogoutSOAP" />
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://idp5/singleLogout"
ResponseLocation="http://idp5/singleLogoutReturn" />
<ManageNameIDService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://idp5/manageNameIdSOAP" />
<ManageNameIDService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://idp5/manageNameId"
ResponseLocation="http://idp5/manageNameIdReturn" />
<SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://idp5/singleSignOn" />
<SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://idp5/singleSignOnSOAP" />
</IDPSSODescriptor>
<AuthnAuthorityDescriptor
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<AuthnQueryService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://idp6/authnQueryService"/>
<AssertionIDRequestService Binding="urn:oasis:names:tc:SAML:2.0:bindings:URI" Location="http://idp6/authnAuthAssertionIDRequestService"/>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
</AuthnAuthorityDescriptor>
<PDPDescriptor
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<AuthzService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://idp6/authzService"/>
<AssertionIDRequestService Binding="urn:oasis:names:tc:SAML:2.0:bindings:URI" Location="http://idp6/PDPAuthAssertionIDRequestService"/>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:kerberos</NameIDFormat>
</PDPDescriptor>
<AttributeAuthorityDescriptor
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://idp6/attributeService"/>
<AssertionIDRequestService Binding="urn:oasis:names:tc:SAML:2.0:bindings:URI" Location="http://idp6/AttributeAuthAssertionIDRequestService"/>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</NameIDFormat>
</AttributeAuthorityDescriptor>
<Organization>
<OrganizationName xml:lang="en">Entr'ouvert</OrganizationName>
</Organization>
</EntityDescriptor>

22
tests/public-key.pem Normal file
View File

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEP
MA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczETMBEGA1UEChMKRW50cm91
dmVydDEPMA0GA1UEAxMGRGFtaWVuMB4XDTA2MTAyNzA5MDc1NFoXDTExMTAyNjA5
MDc1NFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMF
UGFyaXMxEzARBgNVBAoTCkVudHJvdXZlcnQxDzANBgNVBAMTBkRhbWllbjCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM06Hx6VgHYR9wUf/tZVVTRkVWNq
h9x+PvHA2qH4OYMuqGs4Af6lU2YsZvnrmRdcFWv0+UkdAgXhReCWAZgtB1pd/W9m
6qDRldCCyysow6xPPKRz/pOTwRXm/fM0QGPeXzwzj34BXOIOuFu+n764vKn18d+u
uVAEzk1576pxTp4pQPzJfdNLrLeQ8vyCshoFU+MYJtp1UA+h2JoO0Y8oGvywbUxH
ioHN5PvnzObfAM4XaDQohmfxM9Uc7Wp4xKAc1nUq5hwBrHpjFMRSz6UCfMoJSGIi
+3xJMkNCjL0XEw5NKVc5jRKkzSkN5j8KTM/k1jPPsDHPRYzbWWhnNtd6JlkCAwEA
AaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0
ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFP2WWMDShux3iF74+SoO1xf6qhqaMB8G
A1UdIwQYMBaAFGjl6TRXbQDHzSlZu+e8VeBaZMB5MA0GCSqGSIb3DQEBBQUAA4IB
AQAZ/imK7UMognXbs5RfSB8cMW6iNAI+JZqe9XWjvtmLfIIPbHM96o953SiFvrvQ
BZjGmmPMK3UH29cjzDx1R/RQaYTyMrHyTePLh3BMd5mpJ/9eeJCSxPzE2ECqWRUa
pkjukecFXqmRItwgTxSIUE9QkpzvuQRb268PwmgroE0mwtiREADnvTFkLkdiEMew
fiYxZfJJLPBqwlkw/7f1SyzXoPXnz5QbNwDmrHelga6rKSprYKb3pueqaIe8j/AP
NC1/bzp8cGOcJ88BD5+Ny6qgPVCrMLE5twQumJ12V3SvjGNtzFBvg2c/9S5OmVqR
LlTxKnCrWAXftSm1rNtewTsF
-----END CERTIFICATE-----

27
tests/sp-private-key.pem Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAzTofHpWAdhH3BR/+1lVVNGRVY2qH3H4+8cDaofg5gy6oazgB
/qVTZixm+euZF1wVa/T5SR0CBeFF4JYBmC0HWl39b2bqoNGV0ILLKyjDrE88pHP+
k5PBFeb98zRAY95fPDOPfgFc4g64W76fvri8qfXx3665UATOTXnvqnFOnilA/Ml9
00ust5Dy/IKyGgVT4xgm2nVQD6HYmg7Rjyga/LBtTEeKgc3k++fM5t8AzhdoNCiG
Z/Ez1RztanjEoBzWdSrmHAGsemMUxFLPpQJ8yglIYiL7fEkyQ0KMvRcTDk0pVzmN
EqTNKQ3mPwpMz+TWM8+wMc9FjNtZaGc213omWQIDAQABAoIBAEPj5keHzWdBqiXX
38WnlPgv+M9afndCjDANTEYoh14OIUjWzlIe/ufd6HLkrVA89hkwgQbewbyQOT2C
YiSlQLl0PlKMCTIKIzVHD07HvXNTAwykEqNfTZChSYEa1/Ixre+MXvugF8nwdKxk
8xN0qXTQF6OXeVYvQNAAdng743YON4ubqKlEezIwnfG/jcoZrGkiTpx+k1JXJsZN
4dHKFP12RRhUTGjaOkBo41w8GNKQLFpy1vqAOYMyi1SJcrwpAu3H0iQug9SylQaM
bFjt8j/m13gu3zXIJbi8xbyg3nqpxl9dxcZG/cDA9z2tLu/h3G3nPq7CXvkZxmjl
ePvOCwECgYEA9zbwYMtd8tT3PHtrCtjwkfxV0dvMmfNw/rRT4ShWtKLmgX+K9nz/
T4qpbehz4z7OvsLjQ6Bt6wjMNMw9SEBeEMyDVTpmzSD2PowARegmeLX4CsilqHHl
/AMYUtywEQ2f65/CWPiMIt8mLnEyJ/dsyVLpuzGUNNt34Yaqpu2qXnUCgYEA1IUy
PObmTh3I8ZyESyGhbu2TYs0A8Zy6eTIAv0ijOIpmUykzjE5pR9sB3nYEd4GTHPEv
hF6SWfNIDDr83TqThJYzkFyXMCxiVLH55U42wlsvwp4jTnOI3K/7Y7U/lEmBlgcl
JbIIv1t9okg3+Kuu4i7iB6JR89cSO/Wfcdu/c9UCgYAHE5eF7cxeqyH4pT/HK7aX
NzXtr/EHZySQ5fCQvWrd+NvIUTJVI/ba/AklkEXg92dLpqCCyxDabYIK8N3AN7d5
m6EWy3kt3geueqt3VNHlGrBi/qNfUwNWV3BWzuJrWox9XjFeAp9gUCrzoWHiKv7+
NFVkemLXsICaABTaemsqEQKBgQDJJ4n1u1gieG7Kwqs1sg9rP9RRoFlUWFTogjvS
0p4r1lQkQstX8qAUM2gBeROhSjRFIMUpNZqxKWT4rpzJibg3tzP3YKx6HIi2Qf+W
3AFY1ZbPT397sj/JI4l/Rv93DFxr9TdkBq/g8GhqQpE3/sj5rgaj0zBe7SOFPWg+
DRGaQQKBgEEcSF5KmpIHnhi3WlfGiEtx3kcD63orKME0YYA5BM6wnmRT4QiSw+qj
i7ljrKGSbmdMFC3ArM42/k2lXYpVLsYWmyaRYSgbdowxLM1XxDJMFIPR2uG6N+vi
HzWkRxi2SXKU42vfs5eA0itHvQP2DfUx8VuvtwVbOxDGgntYia70
-----END RSA PRIVATE KEY-----

View File

@ -17,7 +17,7 @@ idp = {
saml_attributes = {
'name_id_format': lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT,
'name_id_content': 'x' * 32,
'issuer': 'https://cresson.entrouvert.org/idp/saml2/metadata',
'issuer': 'http://idp5/metadata',
'username': ['foobar'],
'email': ['test@example.net'],
'first_name': ['Foo'],

102
tests/test_sso_slo.py Normal file
View File

@ -0,0 +1,102 @@
import os
import lasso
from pytest import fixture
from django.core.urlresolvers import reverse
from mellon.utils import create_metadata
@fixture
def idp_metadata():
return open('tests/metadata.xml').read()
@fixture
def idp_private_key():
return open('tests/idp-private-key.pem').read()
@fixture
def sp_private_key():
return open('tests/sp-private-key.pem').read()
@fixture
def public_key():
return open('tests/public-key.pem').read()
@fixture
def sp_settings(private_settings, idp_metadata, sp_private_key, public_key):
private_settings.MELLON_IDENTITY_PROVIDERS = [{
'METADATA': idp_metadata,
}]
private_settings.MELLON_PUBLIC_KEYS = [public_key]
private_settings.MELLON_PRIVATE_KEYS = [sp_private_key]
private_settings.MELLON_NAME_ID_POLICY_FORMAT = lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT
private_settings.LOGIN_REDIRECT_URL = '/'
return private_settings
@fixture
def sp_metadata(sp_settings, rf):
request = rf.get('/')
return create_metadata(request)
class MockIdp(object):
def __init__(self, idp_metadata, private_key, sp_metadata):
self.server = server = lasso.Server.newFromBuffers(idp_metadata, private_key)
server.addProviderFromBuffer(lasso.PROVIDER_ROLE_SP, sp_metadata)
def process_authn_request_redirect(self, url, auth_result=True, consent=True):
login = lasso.Login(self.server)
login.processAuthnRequestMsg(url.split('?', 1)[1])
try:
login.validateRequestMsg(auth_result, consent)
except lasso.LoginRequestDeniedError:
login.buildAuthnResponseMsg()
else:
login.buildAssertion(lasso.SAML_AUTHENTICATION_METHOD_PASSWORD,
"FIXME",
"FIXME",
"FIXME",
"FIXME")
login.buildAuthnResponseMsg()
return login.msgUrl, login.msgBody
@fixture
def idp(sp_settings, idp_metadata, idp_private_key, sp_metadata):
return MockIdp(idp_metadata, idp_private_key, sp_metadata)
def test_sso_slo(db, app, idp, caplog, sp_settings):
response = app.get(reverse('mellon_login'))
url, body = idp.process_authn_request_redirect(response['Location'])
assert url.endswith(reverse('mellon_login'))
response = app.post(reverse('mellon_login'), {'SAMLResponse': body})
assert 'created new user' in caplog.text()
assert 'logged in using SAML' in caplog.text()
assert response['Location'].endswith(sp_settings.LOGIN_REDIRECT_URL)
def test_sso(db, app, idp, caplog, sp_settings):
response = app.get(reverse('mellon_login'))
url, body = idp.process_authn_request_redirect(response['Location'])
assert url.endswith(reverse('mellon_login'))
response = app.post(reverse('mellon_login'), {'SAMLResponse': body})
assert 'created new user' in caplog.text()
assert 'logged in using SAML' in caplog.text()
assert response['Location'].endswith(sp_settings.LOGIN_REDIRECT_URL)
def test_sso_request_denied(db, app, idp, caplog, sp_settings):
response = app.get(reverse('mellon_login'))
url, body = idp.process_authn_request_redirect(response['Location'], auth_result=False)
assert url.endswith(reverse('mellon_login'))
response = app.post(reverse('mellon_login'), {'SAMLResponse': body})
assert "status is not success codes: [u'urn:oasis:names:tc:SAML:2.0:status:Responder',\
u'urn:oasis:names:tc:SAML:2.0:status:RequestDenied']" in caplog.text()

View File

@ -170,7 +170,7 @@ def test_sp_initiated_login(private_settings, client):
response = client.get('/login/?next=%2Fwhatever')
assert response.status_code == 302
params = parse_qs(urlparse(response['Location']).query)
assert response['Location'].startswith('https://cresson.entrouvert.org/idp/saml2/sso?')
assert response['Location'].startswith('http://idp5/singleSignOn?')
assert set(params.keys()) == set(['SAMLRequest', 'RelayState'])
assert len(params['SAMLRequest']) == 1
assert base64.b64decode(params['SAMLRequest'][0])
@ -182,13 +182,13 @@ def test_sp_initiated_login_chosen(private_settings, client):
'METADATA': open('tests/metadata.xml').read(),
}]
qs = urlencode({
'entityID': 'https://cresson.entrouvert.org/idp/saml2/metadata',
'entityID': 'http://idp5/metadata',
'next': '/whatever',
})
response = client.get('/login/?' + qs)
assert response.status_code == 302
params = parse_qs(urlparse(response['Location']).query)
assert response['Location'].startswith('https://cresson.entrouvert.org/idp/saml2/sso?')
assert response['Location'].startswith('http://idp5/singleSignOn?')
assert set(params.keys()) == set(['SAMLRequest', 'RelayState'])
assert len(params['SAMLRequest']) == 1
assert base64.b64decode(params['SAMLRequest'][0])
@ -204,7 +204,7 @@ def test_sp_initiated_login_requested_authn_context(private_settings, client):
response = client.get('/login/')
assert response.status_code == 302
params = parse_qs(urlparse(response['Location']).query)
assert response['Location'].startswith('https://cresson.entrouvert.org/idp/saml2/sso?')
assert response['Location'].startswith('http://idp5/singleSignOn?')
assert params.keys() == ['SAMLRequest']
assert len(params['SAMLRequest']) == 1
assert base64.b64decode(params['SAMLRequest'][0])
@ -225,7 +225,7 @@ def test_malfortmed_artifact(private_settings, client, caplog):
@pytest.fixture
def artifact():
entity_id = 'https://cresson.entrouvert.org/idp/saml2/metadata'
entity_id = 'http://idp5/metadata'
token = 'x' * 20
return base64.b64encode('\x00\x04\x00\x00' + hashlib.sha1(entity_id).digest() + token)

16
tests/urls_tests.py Normal file
View File

@ -0,0 +1,16 @@
import django
from django.conf.urls import patterns, url, include
from django.http import HttpResponse
def homepage(request):
return HttpResponse('ok')
urlpatterns = [
url('^', include('mellon.urls')),
url('^$', homepage, name='homepage'),
]
if django.VERSION < (1, 9):
urlpatterns = patterns('', *urlpatterns)

View File

@ -12,9 +12,10 @@ DATABASES = {
}
}
DEBUG = True
SECRET_KEY='xx'
SECRET_KEY = 'xx'
STATIC_URL = '/static/'
INSTALLED_APPS = ('mellon', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions')
INSTALLED_APPS = ('mellon', 'django.contrib.auth',
'django.contrib.contenttypes', 'django.contrib.sessions')
MIDDLEWARE_CLASSES = global_settings.MIDDLEWARE_CLASSES
MIDDLEWARE_CLASSES += (
'django.contrib.sessions.middleware.SessionMiddleware',
@ -23,11 +24,11 @@ MIDDLEWARE_CLASSES += (
AUTHENTICATION_BACKENDS = (
'mellon.backends.SAMLBackend',
)
ROOT_URLCONF = 'mellon.urls'
ROOT_URLCONF = 'urls_tests'
TEMPLATE_DIRS = [
'tests/templates/',
]
if django.VERSION >= (1,8):
if django.VERSION >= (1, 8):
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',