diff --git a/README b/README
index c9bc481..a06e1e9 100644
--- a/README
+++ b/README
@@ -82,19 +82,6 @@ metadata file of the identity provider or if it starts with a slash
the absolute path toward a metadata file. All other keys are override
of generic settings.
-MELLON_FEDERATIONS
-------------------
-
-A list of dictionaries, only one key 'FEDERATION' is mandatory in those
-dictionaries. It should contain the local path or the remote URL for the
-metadata file describing the SAML-based federation to be loaded in mellon. Both
-relative and absolute paths are supported.
-Additional parameters can be given as key/value pairs in the dictionaries, on
-a similar basis as the aforementioned MELLON_IDENTITY_PROVIDERS config.
-For each dictionary describing a federation, these parameters will apply to
-any successfully-loaded provider belonging to that federation.
-These parameters also override the global settings.
-
MELLON_PUBLIC_KEYS
------------------
diff --git a/mellon/adapters.py b/mellon/adapters.py
index 8f3f93a..bbf56e1 100644
--- a/mellon/adapters.py
+++ b/mellon/adapters.py
@@ -9,12 +9,8 @@ import requests.exceptions
from django.core.exceptions import PermissionDenied
from django.contrib import auth
from django.contrib.auth.models import Group
-from django.utils.text import slugify
from . import utils, app_settings, models
-from mellon.federation_utils import idp_metadata_store, url2filename, \
- idp_metadata_extract_entity_id, idp_metadata_is_cached, \
- idp_metadata_load, idp_settings_store, idp_settings_load
class UserCreationError(Exception):
@@ -27,60 +23,15 @@ class DefaultAdapter(object):
def get_idp(self, entity_id):
'''Find the first IdP definition matching entity_id'''
- idp = None
- if idp_metadata_is_cached(entity_id):
- metadata_content = idp_metadata_load(entity_id)
- entity_id = idp_metadata_extract_entity_id(metadata_content)
- idp = {'METADATA': metadata_content,
- 'ENTITY_ID': entity_id}
- else:
- for extra_idp in self.get_identity_providers_setting():
- if extra_idp.get('ENTITY_ID') == entity_id or \
- idp_metadata_extract_entity_id(extra_idp) == entity_id:
- idp = extra_idp.copy()
-
- extra_idp_settings = idp_settings_load(entity_id)
- if extra_idp_settings and idp:
- idp.update(extra_idp_settings)
- return idp
+ for idp in self.get_idps():
+ if entity_id == idp['ENTITY_ID']:
+ return idp
def get_identity_providers_setting(self):
- for federation_data in self.get_federations():
- if not isinstance(federation_data, dict) or \
- 'FEDERATION' not in federation_data:
- continue
- fed_extra_attrs = federation_data.copy()
- fed_content = fed_extra_attrs.pop('FEDERATION')
- fed_filepath, _ = utils.get_federation_metadata(fed_content)
-
- try:
- tree = ET.parse(fed_filepath)
- root = tree.getroot()
- for child in root:
- provider = {}
- entity_id = idp_metadata_extract_entity_id(ET.tostring(child))
- if not entity_id:
- continue
- provider['METADATA'] = idp_metadata_store(ET.tostring(child))
- provider.update({'ENTITY_ID': entity_id})
- provider.update(fed_extra_attrs)
- idp_settings_store(provider)
- yield provider
- except:
- self.logger.error('Couldn\'t load federation metadata file %r',
- fed_filepath)
- continue
-
- for extra_provider in app_settings.IDENTITY_PROVIDERS:
- yield extra_provider
-
- def get_federations(self):
- for federation in getattr(app_settings, 'FEDERATIONS', []):
- yield federation
+ return app_settings.IDENTITY_PROVIDERS
def get_idps(self):
for i, idp in enumerate(self.get_identity_providers_setting()):
- entity_id = idp.get('ENTITY_ID')
if 'METADATA_URL' in idp and 'METADATA' not in idp:
verify_ssl_certificate = utils.get_setting(
idp, 'VERIFY_SSL_CERTIFICATE')
@@ -92,17 +43,28 @@ class DefaultAdapter(object):
u'retrieval of metadata URL %r failed with error %s for %d-th idp',
idp['METADATA_URL'], e, i)
continue
- md_content = response.content
- if not entity_id:
- entity_id = idp_metadata_extract_entity_id(md_content)
- idp['METADATA'] = idp_metadata_store(md_content)
- elif not idp.get('METADATA'):
+ idp['METADATA'] = response.content
+ elif 'METADATA' in idp:
+ if idp['METADATA'].startswith('/'):
+ idp['METADATA'] = file(idp['METADATA']).read()
+ else:
self.logger.error(u'missing METADATA or METADATA_URL in %d-th idp', i)
continue
- # load federation-specific configuration
- extra_idp_settings = idp_settings_load(entity_id)
- if extra_idp_settings:
- idp.update(idp_settings_load(entity_id))
+ if 'ENTITY_ID' not in idp:
+ try:
+ doc = ET.fromstring(idp['METADATA'])
+ except (TypeError, ET.ParseError):
+ self.logger.error(u'METADATA of %d-th idp is invalid', i)
+ continue
+ if doc.tag != '{%s}EntityDescriptor' % lasso.SAML2_METADATA_HREF:
+ self.logger.error(u'METADATA of %d-th idp has no EntityDescriptor root tag', i)
+ continue
+
+ if not 'entityID' in doc.attrib:
+ self.logger.error(
+ u'METADATA of %d-th idp has no entityID attribute on its root tag', i)
+ continue
+ idp['ENTITY_ID'] = doc.attrib['entityID']
yield idp
def authorize(self, idp, saml_attributes):
diff --git a/mellon/app_settings.py b/mellon/app_settings.py
index 3558d14..aeeab73 100644
--- a/mellon/app_settings.py
+++ b/mellon/app_settings.py
@@ -36,32 +36,16 @@ class AppSettings(object):
'LOGIN_URL': 'mellon_login',
'LOGOUT_URL': 'mellon_logout',
'ARTIFACT_RESOLVE_TIMEOUT': 10.0,
- 'FEDERATIONS': [],
}
- @property
- def FEDERATIONS(self):
- from django.conf import settings
- if settings.hasattr('MELLON_FEDERATIONS'):
- federations = settings.MELLON_FEDERATIONS
- if isinstance(federations, dict):
- federations = [federations]
- return federations
-
@property
def IDENTITY_PROVIDERS(self):
from django.conf import settings
- idps = []
try:
- if hasattr(settings, 'MELLON_IDENTITY_PROVIDERS'):
- idps = settings.MELLON_IDENTITY_PROVIDERS
- elif not hasattr(settings, 'MELLON_FEDERATIONS'):
- raise AttributeError
+ idps = settings.MELLON_IDENTITY_PROVIDERS
except AttributeError:
from django.core.exceptions import ImproperlyConfigured
- raise ImproperlyConfigured('Either the MELLON_IDENTITY_PROVIDERS '
- 'or the MELLON_FEDERATIONS settings '
- 'are mandatory')
+ raise ImproperlyConfigured('The MELLON_IDENTITY_PROVIDERS setting is mandatory')
if isinstance(idps, dict):
idps = [idps]
return idps
diff --git a/mellon/federation_utils.py b/mellon/federation_utils.py
deleted file mode 100644
index 2484c1a..0000000
--- a/mellon/federation_utils.py
+++ /dev/null
@@ -1,221 +0,0 @@
-import fcntl
-import json
-import lasso
-import logging
-import tempfile
-from datetime import timedelta
-
-from django.utils.text import slugify
-from datetime import datetime
-
-import requests
-from xml.etree import ElementTree as ET
-import os
-import hashlib
-import os.path
-
-from django.core.files.storage import default_storage
-
-
-def truncate_unique(s, length=250):
- if len(s) < length:
- return s
- md5 = hashlib.md5(s.encode('ascii')).hexdigest()
- # we should be the first and last characters from the URL
- l = (length - len(md5)) / 2 - 2 # four additional characters
- assert l > 20
- return s[:l] + '...' + s[-l:] + '_' + md5
-
-
-def url2filename(url):
- return truncate_unique(slugify(url), 230)
-
-
-def load_federation_cache(url):
- logger = logging.getLogger(__name__)
- try:
- filename = url2filename(url)
- path = os.path.join('metadata-cache', filename)
-
- unix_path = default_storage.path(path)
- if not os.path.exists('metadata-cache'):
- os.makedirs('metadata-cache')
- f = open(unix_path, 'w')
- try:
- fcntl.lockf(f, fcntl.LOCK_EX | fcntl.LOCK_NB)
- except IOError:
- return
- else:
- with tempfile.NamedTemporaryFile(dir=os.path.dirname(unix_path), delete=False) as temp:
- try:
- # increase modified time by one hour to prevent too many updates
- st = os.stat(unix_path)
- os.utime(unix_path, (st.st_atime, st.st_mtime + 3600))
- response = requests.get(url)
- response.raise_for_status()
- temp.write(response.content)
- temp.flush()
- os.rename(temp.name, unix_path)
- except:
- logger.error('Could\'nt fetch %r', url)
- os.unlink(temp.name)
- finally:
- fcntl.lockf(f, fcntl.LOCK_UN)
- finally:
- f.close()
- except OSError:
- logger.exception(u"could create the intermediary 'metadata-cache' "
- "folder")
- return
- except:
- logger.exception(u'failed to load federation from %s', url)
-
-
-def get_federation_from_url(url, update_cache=False):
- logger = logging.getLogger(__name__)
- filename = url2filename(url)
- path = os.path.join('metadata-cache', filename)
- if not default_storage.exists(path) or update_cache or \
- default_storage.created_time(path) < datetime.now() - timedelta(days=1):
- load_federation_cache(url)
- else:
- logger.warning('federation %s has not been loaded', url)
- return path
-
-
-def idp_metadata_filepath(entity_id):
- filename = url2filename(entity_id)
- return os.path.join('./metadata-cache', filename)
-
-
-def idp_settings_filepath(entity_id):
- filename = url2filename(entity_id) + "_settings.json"
- return os.path.join('./metadata-cache', filename)
-
-
-def idp_metadata_is_cached(entity_id):
- filepath = idp_metadata_filepath(entity_id)
- if not default_storage.exists(filepath):
- return False
- return True
-
-
-def idp_metadata_is_file(metadata):
- # XXX too restrictive (e.g. 'metadata/http-somemetadataserver-com-md00.xml'
- # could be a file too...)
- # On the opposite, `if "http://" in metadata or "https://" in metadata:" is
- # equally restrictive.
- # Using a URLValidator doesn't seem adequate either.
- if metadata.startswith('/') or metadata.startswith('./'):
- return True
-
-
-def idp_metadata_needs_refresh(entity_id, update_cache=False):
- filepath = idp_metadata_filepath(entity_id)
- if not default_storage.exists(filepath) or update_cache or \
- default_storage.created_time(filepath) < datetime.now() - timedelta(days=1):
- return True
- return False
-
-
-def idp_settings_needs_refresh(entity_id, update_cache=False):
- filepath = idp_settings_filepath(entity_id)
- if not default_storage.exists(filepath) or update_cache or \
- default_storage.created_time(filepath) < datetime.now() - timedelta(days=1):
- return True
- return False
-
-
-def idp_metadata_store(metadata_content):
- entity_id = idp_metadata_extract_entity_id(metadata_content)
- if not entity_id:
- return
- logger = logging.getLogger(__name__)
- filepath = idp_metadata_filepath(entity_id)
- if idp_metadata_needs_refresh(entity_id):
- with open(filepath, 'w') as f:
- try:
- fcntl.lockf(f, fcntl.LOCK_EX | fcntl.LOCK_NB)
- f.write(metadata_content)
- fcntl.lockf(f, fcntl.LOCK_UN)
- except:
- logger.error('Couldn\'t store metadata for EntityID %r',
- entity_id)
- return
- return filepath
-
-
-def idp_metadata_load(entity_id):
- logger = logging.getLogger(__name__)
- filepath = idp_metadata_filepath(entity_id)
- if default_storage.exists(filepath):
- logger.info('Loading metadata for EntityID %r', entity_id)
- with open(filepath, 'r') as f:
- return f.read()
- else:
- logger.warning('No metadata file for EntityID %r', entity_id)
-
-
-def idp_settings_store(idp):
- """
- Stores an IDP settings when loaded from a federation.
- """
- logger = logging.getLogger(__name__)
- entity_id = idp.get('ENTITY_ID')
- filepath = idp_settings_filepath(entity_id)
- idp_settings = {}
-
- if not entity_id:
- return
-
- for key, value in idp.items():
- if key not in ('METADATA', 'ENTITY_ID'):
- idp_settings.update({key: value})
-
- if idp_settings_needs_refresh(entity_id) and idp_settings:
- with open(filepath, 'w') as f:
- try:
- fcntl.lockf(f, fcntl.LOCK_EX | fcntl.LOCK_NB)
- f.write(json.dumps(idp_settings))
- fcntl.lockf(f, fcntl.LOCK_UN)
- except:
- logger.error('Couldn\'t store settings for EntityID %r',
- entity_id)
- return
- return filepath
-
-
-def idp_settings_load(entity_id):
- logger = logging.getLogger(__name__)
- filepath = idp_settings_filepath(entity_id)
- if default_storage.exists(filepath):
- logger.info('Loading JSON settings for EntityID %r', entity_id)
- with open(filepath, 'r') as f:
- try:
- idp_settings = json.loads(f.read())
- except:
- logger.warning('Couldn\'t load JSON settings for EntityID %r',
- entity_id)
- else:
- return idp_settings
- else:
- logger.warning('No JSON settings file for EntityID %r', entity_id)
-
-
-def idp_metadata_extract_entity_id(metadata_content):
- logger = logging.getLogger(__name__)
- try:
- doc = ET.fromstring(metadata_content)
- except (TypeError, ET.ParseError):
- logger.error(u'METADATA of idp %r is invalid', metadata_content)
- return
- if doc.tag != '{%s}EntityDescriptor' % lasso.SAML2_METADATA_HREF:
- logger.error(u'METADATA of idp %r has no EntityDescriptor root tag',
- metadata_content)
- return
- if not 'entityID' in doc.attrib:
- logger.error(
- u'METADATA of idp %r has no entityID attribute on its root tag',
- metadata_content)
- return
- return doc.attrib['entityID']
diff --git a/mellon/utils.py b/mellon/utils.py
index 48fe391..90464c1 100644
--- a/mellon/utils.py
+++ b/mellon/utils.py
@@ -5,18 +5,14 @@ from functools import wraps
import isodate
from django.contrib import auth
-from django.core.exceptions import ValidationError
from django.core.urlresolvers import reverse
-from django.core.validators import URLValidator
from django.template.loader import render_to_string
-from django.utils.text import slugify
from django.utils.timezone import make_aware, now, make_naive, is_aware, get_default_timezone
from django.conf import settings
from django.utils.six.moves.urllib.parse import urlparse
import lasso
from . import app_settings
-from federation_utils import get_federation_from_url, idp_metadata_is_file
def create_metadata(request):
@@ -52,71 +48,44 @@ SERVERS = {}
def create_server(request):
logger = logging.getLogger(__name__)
root = request.build_absolute_uri('/')
- metadata = create_metadata(request)
- if app_settings.PRIVATE_KEY:
- private_key = app_settings.PRIVATE_KEY
- private_key_password = app_settings.PRIVATE_KEY_PASSWORD
- elif app_settings.PRIVATE_KEYS:
- private_key = app_settings.PRIVATE_KEYS[0]
- private_key_password = None
- if isinstance(private_key, (tuple, list)):
- private_key_password = private_key[1]
- private_key = private_key[0]
- else: # no signature
- private_key = None
- private_key_password = None
- server = lasso.Server.newFromBuffers(metadata, private_key_content=private_key,
- private_key_password=private_key_password)
- server.setEncryptionPrivateKeyWithPassword(private_key, private_key_password)
- private_keys = app_settings.PRIVATE_KEYS
- # skip first key if it is already loaded
- if not app_settings.PRIVATE_KEY:
- private_keys = app_settings.PRIVATE_KEYS[1:]
- for key in private_keys:
- password = None
- if isinstance(key, (tuple, list)):
- password = key[1]
- key = key[0]
- server.setEncryptionPrivateKeyWithPassword(key, password)
- for idp in get_idps():
- try:
- metadata = idp.get('METADATA')
- if idp_metadata_is_file(metadata):
- with open(metadata, 'r') as f:
- metadata = f.read()
- server.addProviderFromBuffer(lasso.PROVIDER_ROLE_IDP, metadata)
- except lasso.Error, e:
- logger.error(u'bad metadata in idp %r', idp)
- logger.debug(u'lasso error: %s', e)
- except IOError, e:
- logger.warning('No such metadata file: %r', metadata)
- continue
- return server
-
-
-def get_federation_metadata(federation):
- logger = logging.getLogger(__name__)
- fedmd = None
- pemcert = None
- if (isinstance(federation, tuple) and len(federation) == 2):
- logger.info('Loading local cert-based federation %r',
- federation)
- if federation[1].endswith('.pem'):
- fedmd = federation[0]
- pemcert = federation[1]
- else:
- urlval = URLValidator()
- try:
- urlval(federation)
- except ValidationError as e:
- logger.info('Loading file-based federation %s',
- federation)
- fedmd = federation
- else:
- logger.info('Fetching and loading url-based federation %s',
- federation)
- fedmd = get_federation_from_url(federation)
- return (fedmd, pemcert)
+ cache = getattr(settings, '_MELLON_SERVER_CACHE', {})
+ if root not in cache:
+ metadata = create_metadata(request)
+ if app_settings.PRIVATE_KEY:
+ private_key = app_settings.PRIVATE_KEY
+ private_key_password = app_settings.PRIVATE_KEY_PASSWORD
+ elif app_settings.PRIVATE_KEYS:
+ private_key = app_settings.PRIVATE_KEYS[0]
+ private_key_password = None
+ if isinstance(private_key, (tuple, list)):
+ private_key_password = private_key[1]
+ private_key = private_key[0]
+ else: # no signature
+ private_key = None
+ private_key_password = None
+ server = lasso.Server.newFromBuffers(metadata, private_key_content=private_key,
+ private_key_password=private_key_password)
+ server.setEncryptionPrivateKeyWithPassword(private_key, private_key_password)
+ private_keys = app_settings.PRIVATE_KEYS
+ # skip first key if it is already loaded
+ if not app_settings.PRIVATE_KEY:
+ private_keys = app_settings.PRIVATE_KEYS[1:]
+ for key in private_keys:
+ password = None
+ if isinstance(key, (tuple, list)):
+ password = key[1]
+ key = key[0]
+ server.setEncryptionPrivateKeyWithPassword(key, password)
+ for idp in get_idps():
+ try:
+ server.addProviderFromBuffer(lasso.PROVIDER_ROLE_IDP, idp['METADATA'])
+ except lasso.Error as e:
+ logger.error(u'bad metadata in idp %r', idp['ENTITY_ID'])
+ logger.debug(u'lasso error: %s', e)
+ continue
+ cache[root] = server
+ settings._MELLON_SERVER_CACHE = cache
+ return settings._MELLON_SERVER_CACHE.get(root)
def create_login(request):
@@ -143,13 +112,6 @@ def get_idps():
yield idp
-def get_federations():
- for adapter in get_adapters():
- if hasattr(adapter, 'get_federations'):
- for federation in adapter.get_federations():
- yield federation
-
-
def flatten_datetime(d):
d = d.copy()
for key, value in d.iteritems():
diff --git a/mellon/views.py b/mellon/views.py
index d6d58e9..2ecb0b3 100644
--- a/mellon/views.py
+++ b/mellon/views.py
@@ -342,9 +342,9 @@ class LoginView(ProfileMixin, LogMixin, View):
if idp is None:
return HttpResponseBadRequest('no idp found')
self.profile = login = utils.create_login(request)
- self.log.debug('authenticating to %r', idp.get('ENTITY_ID') or idp['METADATA'])
+ self.log.debug('authenticating to %r', idp['ENTITY_ID'])
try:
- login.initAuthnRequest(idp.get('ENTITY_ID'), lasso.HTTP_METHOD_REDIRECT)
+ login.initAuthnRequest(idp['ENTITY_ID'], lasso.HTTP_METHOD_REDIRECT)
authn_request = login.request
# configure NameID policy
policy = authn_request.nameIdPolicy
diff --git a/setup.py b/setup.py
index 2186277..fb0fc00 100755
--- a/setup.py
+++ b/setup.py
@@ -94,7 +94,6 @@ setup(name="django-mellon",
'django>=1.5,<2.0',
'requests',
'isodate',
- 'pytz',
],
setup_requires=[
'django>=1.5,<2.0',
diff --git a/tests/dummy_md.xml b/tests/dummy_md.xml
deleted file mode 100644
index dc16725..0000000
--- a/tests/dummy_md.xml
+++ /dev/null
@@ -1,367 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-JKdLdd5yGvkFdb1fCAByMMnurIKYhZepRouZfOjIUrg=
-
-
-
-OTexfi8c63TsP1V9j5m6digA2NomUfqBtT8pPKhwdqEDQS5qLh6fxvT+wWkP6JaIhkP8nxwpbArl
-7cUHkRv5ibZzcknIAjXYMhsSTtFQUq89OMcDHtZHG54jiKyHPhu2+XEbvv6DsAYanYC6SHEnGjNG
-opnOEUB2XqeycsvvTQQIuWZEoABTVcKYyk2CW7Ij5EUmPOAPiidtbt8lzrtkV6dwLbkyoEbChAyj
-emrL/oS01aJgT9sQoJxR8lyRMGiZ/BwQqYTareiKwOXLPdGThzsfZXD8de9T1xuysILaAM7sHPJV
-QfrQJm80Zo2MM/GnhJTO9rc4m3kRnRhqmA6qMw==
-
-
-
-
-
-71+vTf66BPgYUF7sm4T++W69qMVyGQn9wNqpBLc6sp53eq/JRTOUD26Yehjsld5qN52Bv2r5QG7o
-4VU123akXUYzupvq1f+tmF9NwYa7MPEPFzCzJHhNXjZNRxcsW1WLW34fhQCm0oak3oSPoNo5qeGi
-jNsTSkgSt1mPH0P8d95af2VJnT6zbrclxvH4emqpT9oGLsWqKWLlIbZ7u1PUjuNVwLHuj909/apm
-C13RBIpV52fey4qey34bnRHdCTknZeN/TJLTJ9hMWzz9TbdjfIFaiF7MeY+OYRXzUJeQuHHMu/2I
-emkoR26mYi6irvmx8AdPcPCwcRKw2Ca4xLhbNw==
-
-AQAB
-
-
-
-
-MIIC9zCCAd+gAwIBAgIEfe6j3jANBgkqhkiG9w0BAQsFADAsMSowKAYDVQQDEyFTQU1MIE1ldGFk
-YXRhIFNpZ25pbmcgQ2VydGlmaWNhdGUwHhcNMTYwNzI5MDczNjM4WhcNMjYwNjA3MDczNjM4WjAs
-MSowKAYDVQQDEyFTQU1MIE1ldGFkYXRhIFNpZ25pbmcgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQDvX69N/roE+BhQXuybhP75br2oxXIZCf3A2qkEtzqynnd6r8lF
-M5QPbph6GOyV3mo3nYG/avlAbujhVTXbdqRdRjO6m+rV/62YX03Bhrsw8Q8XMLMkeE1eNk1HFyxb
-VYtbfh+FAKbShqTehI+g2jmp4aKM2xNKSBK3WY8fQ/x33lp/ZUmdPrNutyXG8fh6aqlP2gYuxaop
-YuUhtnu7U9SO41XAse6P3T39qmYLXdEEilXnZ97Lip7LfhudEd0JOSdl439MktMn2ExbPP1Nt2N8
-gVqIXsx5j45hFfNQl5C4ccy7/Yh6aShHbqZiLqKu+bHwB09w8LBxErDYJrjEuFs3AgMBAAGjITAf
-MB0GA1UdDgQWBBTT88iZzWO+hN9SBUkpx871lmTuLTANBgkqhkiG9w0BAQsFAAOCAQEABoPpODry
-XwiM5jjtqk6veR02FevCKHpZP6Od7Kqcfs6lg5LcQmGUOgpmW3Gg4UMjBYkgARsT2Nsnah1CJqa8
-cjvv8p5KEIhY0hVS8iMJnrb3PDeiFSeP4xSfct/6z/ebV4+QFl22bsm2zpAC6BpFz8+IJ/jAmQzT
-Vob4MAUeQPnwwzm3xz6yanLZx7BK5cfrTCa+hrarNQCboRjXPwiejF8WRCxpgRHH6yNs5QH/Z6o5
-e3tUP7uEpn2Ob+kcLsEMGb9DghkoDAgkHCOZeTy+7hgxt+/T94cLTa58gVtvEOnd0GuL7Vfd+IVd
-XgSard8RfR3OyZlf6M4aSGQA73sskQ==
-
-
-
-
-
-
- https://services.renater.fr/federation/en/metadata_registration_practice_statement
-
-
-
-
- agropolis.fr
-
-
-
- Agropolis International
-
- data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAIAAACQkWg2AAAACXBIWXMAAABIAAAASABGyWs+AAAACXZwQWcAAAAQAAAAEABcxq3DAAACPUlEQVQoz21SPW8TQRR8u7d3ju34Er6UCHACRqK4Bjk0oDSEjiYSBQVS8k9AkWgp+AuUASGEaCASkoPcgARVMF8iTnxJwMFJfL47397u3u6jsGVFwLzmFTN6ozdDEBEAAOD4kiRJsVgkhMA/YMfZzc3NVstnzGq1/KXlJfgf2Ii9XquVZ2YWbi5Io4MsbfPeZK4wRm0AOH6KICIivq2tV6/O5cYLHztbW9FvYTKuZaLk7PjpW+UrJXtspCHGmGazCQBnZ8svtj/0tbAINYhcy1DyThpRhHtztyedwkBDAWBnZ6dSqbzZ+7THu0IraTJplDSZ0JnQ2Y+482jj1cgSRUTHdrhW9fa3SKaxErFKIyUiKaIsjVQaKf5s631HxP1+X2vNwjB0J9zd+OgnD044Ra4lI5ZBw7XqyeRQREciaqe9xoE/K/OFfIENnqBM1uZBqlWBOYxQjYZnqieTThru8zCU3AASIAjIXNellGLePkjCUPICy1mEDAShSg7SqCsTBtQ7WfY3vlarVUYpdUsuAs5PXV7dfpe3HEYtjSbNZJwJoRUi3rl4fSrvfufctm0ySA0RD0V84+WDL1EbCCDCYIDApeKZ+uKK6faDIPA8jw7jIORUbry2eH+5Mu8ARTSAkCPW3QvX6osrE+B8bjQ8zxu2aACDaIwxxuzzsLbbePj88a8k0Mb4vr/2ei3LMoOIiGRU0iGGVuDp6pNz5fNSiKnpac/zgAABMuzSXwIggIjdbrdUKjHGYGQaAAD+AJBJecXxnEvWAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE1LTA3LTIwVDEwOjQ4OjE1KzAyOjAwpWiGMQAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxNS0wNy0yMFQxMDo0ODoxNSswMjowMNQ1Po0AAAAASUVORK5CYII=
- http://www.agropolis.fr
-
- Agropolis International
-
-
-
-
-
-
-
-
- MIIDNzCCAh+gAwIBAgIUYY3sGXwChkj2CRy6QFDvkdj2zlAwDQYJKoZIhvcNAQEF
-BQAwHjEcMBoGA1UEAxMTYWlzaGliLmFncm9wb2xpcy5mcjAeFw0xMzA1MTUxMzM3
-MTJaFw0zMzA1MTUxMzM3MTJaMB4xHDAaBgNVBAMTE2Fpc2hpYi5hZ3JvcG9saXMu
-ZnIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxrDy6lrhIBjcxv16n
-4UJ2cEMYPO4wSmfDwhO6feoSIEuIblYRHE2nQKirMokwD6seF4rbDHyxLXg/ColL
-VLv+0CJteIOZjSCgSN90WzQRrC1Ex5sJfPu6yPEXvW8H1906gEg6ok8rlCIHRGfE
-15pHK5eqxQS5f2n8c2t/Uk33/FBj79/hb3Cd7vE4mdlvReD3AFswC0lV4bPmj3Ka
-KUuMj9xwipwnfWCu6p2/ZJF4M3ADU5grXHJ2Vqmd8DWm5raaObKjYwJddbRBByI8
-bJJLIwAQQmX4Dh4hf1QKlf2oqWPWVQxLQp0erL1U8IWmj1RG8TTH9xOJl6kkEhYq
-Z2gfAgMBAAGjbTBrMEoGA1UdEQRDMEGCE2Fpc2hpYi5hZ3JvcG9saXMuZnKGKmh0
-dHBzOi8vYWlzaGliLmFncm9wb2xpcy5mci9pZHAvc2hpYmJvbGV0aDAdBgNVHQ4E
-FgQU9A7iQ8Qo+t2JCpKuOOV9YBoYs4MwDQYJKoZIhvcNAQEFBQADggEBAG0LOW6I
-F+M8n2NpzyQjfVCJCA6QhWjbXrfemiPJFZGZZb2dVmHof4yCpCUYgHOBoZaXPOlB
-nLYsUWvFZ6V2GELZpLHzHSSrYidieW07qQkh1DwcIYpvtZgLviOtT/tCEGsk925f
-DUoGdeIqpqt54WZcW9+TbKicvjg3JT4BFOQ17bFNwPW+YjTbvsWYxen+e0mRp4vM
-V0yMu2f3bccVhePASSZGL3yod3sJ1dPvlrJO9c35BekhtirolVjZqMQ0AYPVifua
-yIU0dWXsZkAOcBL9kZFbJcYRUIxMgvp8U2Zdv1+ZlwOyXnnWDOOh9wjuT7FAyObU
-ChvjHlgZHkvLwJI=
-
-
-
-
-
-
-
-
-
-
- urn:mace:shibboleth:1.0:nameIdentifier
- urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Agropolis International
- Agropolis International
- http://www.agropolis.fr
-
-
-
-
-
-
- Jean Cerda
- cerda@agropolis.fr
-
-
-
-
-
- Jean-Pierre Allano
- allano@agropolis.fr
-
-
-
-
-
-
-
-
- https://services.renater.fr/federation/en/metadata_registration_practice_statement
-
-
-
-
- vetagro-sup.fr
-
-
-
- Vetagro Sup
-
- data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAABIAAAASABGyWs+AAAACXZwQWcAAAAQAAAAEABcxq3DAAAB/klEQVQ4y2NkQAP///+X+/jxI/PO7dujP3/7kf7v778ffDzciw2MDFaqq6t/Y2RkfIysngndAEZGxkezZ8/25xEQqVDTs5eRVrNU4RQUL7x9+7YtumasBjAwMDBISIgbcvBKct998p7h1fvfDKyc4nz//jF6yjAwSBNlwM+fP3/9/PmT4dbl4wysrCwMf//9Z/r7959UcFISD1EGPH107xgfD9sbTg52hrcvHjDw87Aw/Pz+7tLEefNuEmWAm6ffxvu3Ll4zMjZleHz/KsO7lw+f3bh+czs2tVgNsLS0fPfs4b3VnKy//wrycW84e2L/uobmtg0MpIKurt6N////Z8jPzxcnWTMDAwPD79//tbq7+9bhU8OMTfD//8cMP79L1X/8tjxMQYHXT0Uh88aBgyuvEW3Aly+8ntw8jLU3bx20cnH/xPz2jTyvk9OGpTt3NhIOxP//GRgkJGR8tPVeyElIvWA4dfIqg57Bff0nD+eHExULIb5dqkYmYgYm5r8YPH3vMzx//omBk+edpI4+vxVRBnz5zPqbi4vt7a9fv//9+cvAYG79jIGZmZWBg4NJiCgDdh4sfHD/7u9j714Z/BYWiGBQVkxjePNK8+erV5+uYDOABTMM/nP09y9Z8+OHgNjli9ahf//++8vGwrlAS0tp/v///7kYGRm/IasHAIVTy8DG/VpJAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE1LTA3LTIwVDEwOjUwOjA5KzAyOjAwfDtz7wAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxNS0wNy0yMFQxMDo1MDowOSswMjowMA1my1MAAAAASUVORK5CYII=
- http://www.vetagro-sup.fr
-
- Vetagro Sup
-
-
-
-
-
-
-
-
- MIIDPDCCAiSgAwIBAgIVAL9PsuadPSIZcMHNxlK/oevezmzWMA0GCSqGSIb3DQEB
-BQUAMB8xHTAbBgNVBAMTFGFtYnJlLnZldGFncm8tc3VwLmZyMB4XDTEyMTEwODEw
-MTQwNFoXDTMyMTEwODEwMTQwNFowHzEdMBsGA1UEAxMUYW1icmUudmV0YWdyby1z
-dXAuZnIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc/ptfpmkomwmT
-4RsID+1Ce1dX0eUjcLgSOZN8hVpHWLag2ERWkpmvB5aK7BAFcI5i//Gk80tAiasu
-JtlZhBnEw54aTJRGpyL2CVkHyl6SMRxprIi1Ji67IoGqEgUeGaheAxo+tG5e1WSc
-bIbldcSKdwvjAV+7HSB4C6NqLsAzJH25++yaRH2uf2LTD0TDzNR9Q2hVj/VyYWR+
-K3HWI1Snjn/i7aFfZZhYmBkwHuQOaPhwCM+khikg5XicMsxUhHCMi93UgHGIsdkr
-IEGj4xydBTUKsLaykeuFS8EgXbWwCLGkeX76w8xDoFIpnppU/yFd9v7Zg3EBfn4p
-kTW3GdIjAgMBAAGjbzBtMEwGA1UdEQRFMEOCFGFtYnJlLnZldGFncm8tc3VwLmZy
-hitodHRwczovL2FtYnJlLnZldGFncm8tc3VwLmZyL2lkcC9zaGliYm9sZXRoMB0G
-A1UdDgQWBBTPTqWkVHrHXFjmxMWkNt/sp2h5ozANBgkqhkiG9w0BAQUFAAOCAQEA
-FvXMtfBUmRZCzz8CjanGzr1TBUPmnkrKci5AtkseKw9YlfUmBXTHB01y697nYq6m
-RB6KhvfW212h9CF0IOEEjoadgDhXqGYhq8PnAOtT4Ty3XDy8SbRh8aQWfvnfSngv
-FdpHRiSpj5UXXuT5zTtkf59h58XKtEfCkMbUzvdOgUobJzpD0WISmQHPQnx+Neg6
-9j7oMRrDiZjS39Om8Imu9xvsnddDM3PlsDBIsvrr1o7K5iLkEdR1YYX0ZNDbiFuw
-QXXl2dwQPB8KrScPUvCe57slU2gFQvvIBzjQysxC6V6TPSuM3A/ee56lACuB3jKj
-oYkHQc5Gj/1rSMLmu9aLMg==
-
-
-
-
-
-
-
-
-
-
- urn:mace:shibboleth:1.0:nameIdentifier
- urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Vetagro Sup
- Vetagro Sup
- http://www.vetagro-sup.fr
-
-
-
-
-
-
- Nicolas Aulas
- nicolas.aulas@vetagro-sup.fr
-
-
-
-
-
-
-
-
-
-
- https://services.renater.fr/federation/en/metadata_registration_practice_statement
-
-
-
-
- insa-strasbourg.fr
-
-
-
- INSA Strasbourg
-
- data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAMAAAAoLQ9TAAAAq1BMVEXeAACEhoTWz87nQTn3oqXnIBjvgnvWlpT/5+fnEAjvZWOltrXnNDH3mpT/9/fnCAD/4+fvioz3x8bnVVL3qq3nKCnvkpTnHBjvcXP3sq3vgoT/7+/nFBDnODH3mpz////nDAj3z87vlpTveXv3vr3nAACMmpznRUL3pqXnJCHnFAj/+//nDADvjoz3y87vXVr3rq3nLCnvdXP3srXvhoT/8/fvODH3npz3lpQaie6kAAAACXBIWXMAAABIAAAASABGyWs+AAAACXZwQWcAAAAQAAAAEABcxq3DAAAAe0lEQVQY053OwQqCQBhF4VM22VSMMWrFGP2kkIpUQ1nz/m8Ws20TeFeHb3WRnzEBBjO8xRjZrURi0TFiy+UITjTpjIKaOndZuDSGxF0j9G1+e7CuLN1nE2F7VI28tAoqMMezP1ieFOOp7RPueBXKSqdnMq8Wg66nPP0LX4uIG4jEwJ0sAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE1LTA3LTIwVDEwOjQ5OjA0KzAyOjAwIHfmJQAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxNS0wNy0yMFQxMDo0OTowNCswMjowMFEqXpkAAAAASUVORK5CYII=
- http://www.insa-strasbourg.fr
-
- INSA Strasbourg
-
-
-
-
-
-
-
-
- MIIDUDCCAjigAwIBAgIVAIbX8U0uAqAhuXm1jWxiFpggtDTDMA0GCSqGSIb3DQEB
-CwUAMCQxIjAgBgNVBAMMGXNvdWZyZS5pbnNhLXN0cmFzYm91cmcuZnIwHhcNMTYw
-OTI3MTIzNjIxWhcNMzYwOTI3MTIzNjIxWjAkMSIwIAYDVQQDDBlzb3VmcmUuaW5z
-YS1zdHJhc2JvdXJnLmZyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
-sEE02sLRPAG5N81DMHEeGpI2MYF8yG/RiwH07cFIlLqgV80ewOmi0FWPYijxMb8A
-bmx0RwUMvJBVI6WMxtT9fykhID20k8rWOuYOzvaynzVqCktqVgKoEAxP1PFE9b0n
-iGKFprjjNl9ZD90GOUsxbAO7yXG9Q4WBa/eThl6XkUvNkSaZp5hcdWrgcAdsae3q
-iD/uxFa38NXNNeRLGyfxjd2K5qYSzbwBza9s9TOq1+pfw7sxu3/4BnfQ0RLGO6co
-4tH4Mufh0ome4cyYk4pvW5DOd1AznxDb8HpqvE0zwEsa69c/FDX0akgFZydmc77a
-j6USn6JKjjbO49yGtG1gVQIDAQABo3kwdzAdBgNVHQ4EFgQUjzMsxZYiokPYxper
-9zadM8J0F0kwVgYDVR0RBE8wTYIZc291ZnJlLmluc2Etc3RyYXNib3VyZy5mcoYw
-aHR0cHM6Ly9zb3VmcmUuaW5zYS1zdHJhc2JvdXJnLmZyL2lkcC9zaGliYm9sZXRo
-MA0GCSqGSIb3DQEBCwUAA4IBAQBFJKsiS3yfWuDB/E+iqQ0TuQJzL5+JIcloN0dw
-BFxW3VZOju15zeQ7LwRBg9S4SGLMPJU+LM1lvr68cK9brut/FjF51SETIXEeCWo3
-7+PIqgOCzraLNinmpU/OtN8ENalOPvpS6Jvbd23qB2t+IqOtZ+j15b0Yq4/on1E3
-W2F9CVzKpe4EwmmtCPQbe7U1wvhgFylEx797pex8veWs79YSYwqvcKMh79dzl8Fo
-/CgsO5pDrfKmc6SGMkByq75dZj+PqhZDzZ9EFTxbrXOTaS08VRN6a5Rh2iYRnGxq
-yZl66tPcaIm5PHgOEmu5X4lPkUoY+Jt36Gj3SGCbYt8qH5S0
-
-
-
-
-
-
-
-
-
-
-
-
- MIIDXDCCAkSgAwIBAgIVAKI+qiqDCk9wTTqn7OVAoZrvj/CpMA0GCSqGSIb3DQEB
-BQUAMCcxJTAjBgNVBAMTHGFudGltb2luZS5pbnNhLXN0cmFzYm91cmcuZnIwHhcN
-MTQwMTEzMTAzOTU4WhcNMzQwMTEzMTAzOTU4WjAnMSUwIwYDVQQDExxhbnRpbW9p
-bmUuaW5zYS1zdHJhc2JvdXJnLmZyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEAtuM8lRjlVjjmrHq9VtguaOMQL+Wd99BiOs56kL3Mbctg1FwH69LYThCW
-6dOz6WJg/jU/naF7jEikXKc71xGyu7Ph7Iqa9S5hoXXAT8u/0q2nZDeTOraJqKe1
-FMF2RzXhEEMyQO3CiKNK9b+tbKoNZS7FQCixMZklWZPt4EcEKd6jyRq1WYX3dpnb
-r9I/aCdhtK/PGvGe5gKTDoTR2HKyWKJTc/obf8x/vlYIEwiaGgdlqI2KiBE0x48n
-zQdP6XVi3T8ZWbnkLmCfgJtP2C8PtEJuwDRAy0Z9N4DSwvxn5YCVYgBLSi0TLa10
-B/lUqqBezZrTrA9p9Lt8JtGXW5YGHwIDAQABo38wfTBcBgNVHREEVTBTghxhbnRp
-bW9pbmUuaW5zYS1zdHJhc2JvdXJnLmZyhjNodHRwczovL2FudGltb2luZS5pbnNh
-LXN0cmFzYm91cmcuZnIvaWRwL3NoaWJib2xldGgwHQYDVR0OBBYEFLFkjPZUc9JY
-qrWjldJ/iGGkKAt4MA0GCSqGSIb3DQEBBQUAA4IBAQBSk/wU1mRn4VF2ifmy261K
-DK7uX+t1H1hh8S38fKSFU7HoNXJTV3vQnmBOpYIGC1gtvmb+qjqpNtikU2zO84Gq
-Q0bXHxYF2d9RUP89mKaFxE5uNcXFmlOA3ChZY3pMT5zwAPI/T60tGrex7zci7OLn
-JDAQj/q4Yk9ejx6JTFggQSCCVh+oV/SDIMd2p5AY6H3mto3b6XCk7Lssa8a/D30k
-pEkZnhTKdN82eRyynuOR7UDU4tasV4d7Mi/j53f5ihnRcsvwh/pYodjoVYY8cEcZ
-JLnAXYF8coSwh8UN4D/0NHsvTuSOFQc85hGrqacMsvxiQiw9mv01AX5+A5YLEbVQ
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- urn:mace:shibboleth:1.0:nameIdentifier
- urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- INSA Strasbourg
- INSA Strasbourg
- http://www.insa-strasbourg.fr
-
-
-
-
-
-
- Lahsen BOUZID
- lahsen.bouzid@insa-strasbourg.fr
-
-
-
-
-
- Simon SCHERRER
- simon.scherrer@insa-strasbourg.fr
-
-
-
-
-
-
diff --git a/tests/federation-sample.xml b/tests/federation-sample.xml
deleted file mode 100644
index 6102c46..0000000
--- a/tests/federation-sample.xml
+++ /dev/null
@@ -1,557 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-JKdLdd5yGvkFdb1fCAByMMnurIKYhZepRouZfOjIUrg=
-
-
-
-OTexfi8c63TsP1V9j5m6digA2NomUfqBtT8pPKhwdqEDQS5qLh6fxvT+wWkP6JaIhkP8nxwpbArl
-7cUHkRv5ibZzcknIAjXYMhsSTtFQUq89OMcDHtZHG54jiKyHPhu2+XEbvv6DsAYanYC6SHEnGjNG
-opnOEUB2XqeycsvvTQQIuWZEoABTVcKYyk2CW7Ij5EUmPOAPiidtbt8lzrtkV6dwLbkyoEbChAyj
-emrL/oS01aJgT9sQoJxR8lyRMGiZ/BwQqYTareiKwOXLPdGThzsfZXD8de9T1xuysILaAM7sHPJV
-QfrQJm80Zo2MM/GnhJTO9rc4m3kRnRhqmA6qMw==
-
-
-
-
-
-71+vTf66BPgYUF7sm4T++W69qMVyGQn9wNqpBLc6sp53eq/JRTOUD26Yehjsld5qN52Bv2r5QG7o
-4VU123akXUYzupvq1f+tmF9NwYa7MPEPFzCzJHhNXjZNRxcsW1WLW34fhQCm0oak3oSPoNo5qeGi
-jNsTSkgSt1mPH0P8d95af2VJnT6zbrclxvH4emqpT9oGLsWqKWLlIbZ7u1PUjuNVwLHuj909/apm
-C13RBIpV52fey4qey34bnRHdCTknZeN/TJLTJ9hMWzz9TbdjfIFaiF7MeY+OYRXzUJeQuHHMu/2I
-emkoR26mYi6irvmx8AdPcPCwcRKw2Ca4xLhbNw==
-
-AQAB
-
-
-
-
-MIIC9zCCAd+gAwIBAgIEfe6j3jANBgkqhkiG9w0BAQsFADAsMSowKAYDVQQDEyFTQU1MIE1ldGFk
-YXRhIFNpZ25pbmcgQ2VydGlmaWNhdGUwHhcNMTYwNzI5MDczNjM4WhcNMjYwNjA3MDczNjM4WjAs
-MSowKAYDVQQDEyFTQU1MIE1ldGFkYXRhIFNpZ25pbmcgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQDvX69N/roE+BhQXuybhP75br2oxXIZCf3A2qkEtzqynnd6r8lF
-M5QPbph6GOyV3mo3nYG/avlAbujhVTXbdqRdRjO6m+rV/62YX03Bhrsw8Q8XMLMkeE1eNk1HFyxb
-VYtbfh+FAKbShqTehI+g2jmp4aKM2xNKSBK3WY8fQ/x33lp/ZUmdPrNutyXG8fh6aqlP2gYuxaop
-YuUhtnu7U9SO41XAse6P3T39qmYLXdEEilXnZ97Lip7LfhudEd0JOSdl439MktMn2ExbPP1Nt2N8
-gVqIXsx5j45hFfNQl5C4ccy7/Yh6aShHbqZiLqKu+bHwB09w8LBxErDYJrjEuFs3AgMBAAGjITAf
-MB0GA1UdDgQWBBTT88iZzWO+hN9SBUkpx871lmTuLTANBgkqhkiG9w0BAQsFAAOCAQEABoPpODry
-XwiM5jjtqk6veR02FevCKHpZP6Od7Kqcfs6lg5LcQmGUOgpmW3Gg4UMjBYkgARsT2Nsnah1CJqa8
-cjvv8p5KEIhY0hVS8iMJnrb3PDeiFSeP4xSfct/6z/ebV4+QFl22bsm2zpAC6BpFz8+IJ/jAmQzT
-Vob4MAUeQPnwwzm3xz6yanLZx7BK5cfrTCa+hrarNQCboRjXPwiejF8WRCxpgRHH6yNs5QH/Z6o5
-e3tUP7uEpn2Ob+kcLsEMGb9DghkoDAgkHCOZeTy+7hgxt+/T94cLTa58gVtvEOnd0GuL7Vfd+IVd
-XgSard8RfR3OyZlf6M4aSGQA73sskQ==
-
-
-
-
-
-
- https://services.renater.fr/federation/en/metadata_registration_practice_statement
-
-
-
-
- access-check.edugain.org
-
-
-
- eduGAIN Access Check
-
- data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAIAAACQkWg2AAAACXBIWXMAAABIAAAASABGyWs+AAAACXZwQWcAAAAQAAAAEABcxq3DAAABbUlEQVQoz52RPW4UQRCFv6ru6fnZNSxCJuVKpFwAicR3IUI+AakvhQhI7JU8M/1T3QQzsg1sAhWV3qtPVaonfPrCX9W+fpTP3y7otzceGJKJxCiujpVUkCv0+m3K967hixUfWgWSHwAPxG6UqtIFbEFHGoCqR721BX+wirO8LVGg+a6amEXXjqxhM5ZxNFPvX1Odocn5ZwB7HCn4hWI42wxD6KWUBVfIZxXd9J2zNhHFmro2Gx3QPKSReGCiV40ESM/A1NcxTDnn7HvLFViXBRZ6MKJnmwaktca/lFzO4fZG7n5e0D9cK4DjFI69yrGbwvhqP7KWp7kR99QrQAn3cW5N5/SQ1rivDgdUCUegFfkDkKF26TG7FijzZoS0sM7kM7D6gncvgG5d7cEdu6wN+v3R/cRwQgaAdnA2vACQvn9Tk6NNqjtwjis1Iyp4JOpafwvu3ZAYa3TV2fBjBnjfe8uLKErOZLk6fU//lcMvhuSrh7MzMwcAAAAldEVYdGRhdGU6Y3JlYXRlADIwMTUtMDctMjBUMTA6NTA6MTErMDI6MDCDfj0WAAAAJXRFWHRkYXRlOm1vZGlmeQAyMDE1LTA3LTIwVDEwOjUwOjExKzAyOjAw8iOFqgAAAABJRU5ErkJggg==
- http://www.renater.fr
- eduGAIN Access Check allows administrators of a Service Provider (SP) registered in eduGAIN to create test accounts with different profiles to validate the behaviour and test federated login. The test accounts can only be used to access own services.
- eduGAIN Access Check
- eduGAIN Access Check allows administrators of a Service Provider (SP) registered in eduGAIN to create test accounts with different profiles to validate the behaviour and test federated login. The test accounts can only be used to access own services.
-
-
-
-
-
-
-
- MIID2zCCAsOgAwIBAgIJAJpdV2MFitUqMA0GCSqGSIb3DQEBBQUAMIGDMQswCQYD
-VQQGEwJGUjEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MQ4wDAYDVQQKDAVHRUFOVDEd
-MBsGA1UEAwwUdGVzdC1pZHAuZWR1Z2Fpbi5vcmcxLjAsBgkqhkiG9w0BCQEWH3Rl
-c3RpZHBhY2NvdW50bWFuYWdlckBnZWFudC5uZXQwHhcNMTQxMjE4MTAxODU5WhcN
-MjQxMjE3MTAxODU5WjCBgzELMAkGA1UEBhMCRlIxFTATBgNVBAcMDERlZmF1bHQg
-Q2l0eTEOMAwGA1UECgwFR0VBTlQxHTAbBgNVBAMMFHRlc3QtaWRwLmVkdWdhaW4u
-b3JnMS4wLAYJKoZIhvcNAQkBFh90ZXN0aWRwYWNjb3VudG1hbmFnZXJAZ2VhbnQu
-bmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo48FFP0P/81e3WHb
-U91F/TYDZC/JypEqO2XQNH50baXpk2JrJFVFOWdgdK6qWHsLznuxngRsfOasAaVA
-Ob1Bf3g2xgPUd2htSLxds+o/Y24DOM6ZairxbWJk2rOvLhJFchlrcNWCpMtUCkfJ
-xmqGmeo93XAud5byj3wQ1NuH2o8rjTPAkMgQdr8D2b8EG1NYEH00AqRlXZTFCWGL
-KDEuZwyta6vgMQYT4K6UF/F+HWF2wzbmVgRTHguJ0rzNqz6t+9CtLkhyZO+/57Ro
-4U0ikshVWkUOENPKCnB1t+ebs/AsNozbIGA/HcdtwUwDgIowv/K0hdnLDC1vz6/S
-F3rnGQIDAQABo1AwTjAdBgNVHQ4EFgQUgWN9jmJxOEHYU5m8D0atl895HxowHwYD
-VR0jBBgwFoAUgWN9jmJxOEHYU5m8D0atl895HxowDAYDVR0TBAUwAwEB/zANBgkq
-hkiG9w0BAQUFAAOCAQEAXvlBHMaBK6m0PQNanTqGBRdRAFt8Xkr5texD5mPTmS/7
-nqnxlN0orqYWGCaARmQE+T77EB2a2n9g2s130pUXwJxcbUwIOdPKH6CMKEHT/512
-bndJXQ3DyhkuVSLtRFOdfleIhi8qUkNC9FWxM4jDHDTTQtNEHnCjFxlhxw+ri5QJ
-AVKpH9MkcuIkM6Jx+QhNwTDwCRIJffoDOH420yR5EWx/sQ4tjKQGiFOPv/WHFjXd
-LqHU+X8ErzxeNmUHHST6pHePWRCMtoPTdCPhEroJhou6NMHh8ylQOIVHt6gggc7r
-kUWMUybDUxPp49qMeNkdKqFPby2aW7ouKRoOXuxZhg==
-
-
-
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-
-
-
-
-
-
-
-
-
-
-
-
-
- eduGAIN Access Check
- eduGAIN Access Check
- http://www.renater.fr
-
-
-
-
-
- edugain-integration@geant.net
-
-
-
-
-
-
- https://services.renater.fr/federation/en/metadata_registration_practice_statement
-
-
-
-
- agropolis.fr
-
-
-
- Agropolis International
-
- data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAIAAACQkWg2AAAACXBIWXMAAABIAAAASABGyWs+AAAACXZwQWcAAAAQAAAAEABcxq3DAAACPUlEQVQoz21SPW8TQRR8u7d3ju34Er6UCHACRqK4Bjk0oDSEjiYSBQVS8k9AkWgp+AuUASGEaCASkoPcgARVMF8iTnxJwMFJfL47397u3u6jsGVFwLzmFTN6ozdDEBEAAOD4kiRJsVgkhMA/YMfZzc3NVstnzGq1/KXlJfgf2Ii9XquVZ2YWbi5Io4MsbfPeZK4wRm0AOH6KICIivq2tV6/O5cYLHztbW9FvYTKuZaLk7PjpW+UrJXtspCHGmGazCQBnZ8svtj/0tbAINYhcy1DyThpRhHtztyedwkBDAWBnZ6dSqbzZ+7THu0IraTJplDSZ0JnQ2Y+482jj1cgSRUTHdrhW9fa3SKaxErFKIyUiKaIsjVQaKf5s631HxP1+X2vNwjB0J9zd+OgnD044Ra4lI5ZBw7XqyeRQREciaqe9xoE/K/OFfIENnqBM1uZBqlWBOYxQjYZnqieTThru8zCU3AASIAjIXNellGLePkjCUPICy1mEDAShSg7SqCsTBtQ7WfY3vlarVUYpdUsuAs5PXV7dfpe3HEYtjSbNZJwJoRUi3rl4fSrvfufctm0ySA0RD0V84+WDL1EbCCDCYIDApeKZ+uKK6faDIPA8jw7jIORUbry2eH+5Mu8ARTSAkCPW3QvX6osrE+B8bjQ8zxu2aACDaIwxxuzzsLbbePj88a8k0Mb4vr/2ei3LMoOIiGRU0iGGVuDp6pNz5fNSiKnpac/zgAABMuzSXwIggIjdbrdUKjHGYGQaAAD+AJBJecXxnEvWAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE1LTA3LTIwVDEwOjQ4OjE1KzAyOjAwpWiGMQAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxNS0wNy0yMFQxMDo0ODoxNSswMjowMNQ1Po0AAAAASUVORK5CYII=
- http://www.agropolis.fr
-
- Agropolis International
-
-
-
-
-
-
-
-
- MIIDNzCCAh+gAwIBAgIUYY3sGXwChkj2CRy6QFDvkdj2zlAwDQYJKoZIhvcNAQEF
-BQAwHjEcMBoGA1UEAxMTYWlzaGliLmFncm9wb2xpcy5mcjAeFw0xMzA1MTUxMzM3
-MTJaFw0zMzA1MTUxMzM3MTJaMB4xHDAaBgNVBAMTE2Fpc2hpYi5hZ3JvcG9saXMu
-ZnIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxrDy6lrhIBjcxv16n
-4UJ2cEMYPO4wSmfDwhO6feoSIEuIblYRHE2nQKirMokwD6seF4rbDHyxLXg/ColL
-VLv+0CJteIOZjSCgSN90WzQRrC1Ex5sJfPu6yPEXvW8H1906gEg6ok8rlCIHRGfE
-15pHK5eqxQS5f2n8c2t/Uk33/FBj79/hb3Cd7vE4mdlvReD3AFswC0lV4bPmj3Ka
-KUuMj9xwipwnfWCu6p2/ZJF4M3ADU5grXHJ2Vqmd8DWm5raaObKjYwJddbRBByI8
-bJJLIwAQQmX4Dh4hf1QKlf2oqWPWVQxLQp0erL1U8IWmj1RG8TTH9xOJl6kkEhYq
-Z2gfAgMBAAGjbTBrMEoGA1UdEQRDMEGCE2Fpc2hpYi5hZ3JvcG9saXMuZnKGKmh0
-dHBzOi8vYWlzaGliLmFncm9wb2xpcy5mci9pZHAvc2hpYmJvbGV0aDAdBgNVHQ4E
-FgQU9A7iQ8Qo+t2JCpKuOOV9YBoYs4MwDQYJKoZIhvcNAQEFBQADggEBAG0LOW6I
-F+M8n2NpzyQjfVCJCA6QhWjbXrfemiPJFZGZZb2dVmHof4yCpCUYgHOBoZaXPOlB
-nLYsUWvFZ6V2GELZpLHzHSSrYidieW07qQkh1DwcIYpvtZgLviOtT/tCEGsk925f
-DUoGdeIqpqt54WZcW9+TbKicvjg3JT4BFOQ17bFNwPW+YjTbvsWYxen+e0mRp4vM
-V0yMu2f3bccVhePASSZGL3yod3sJ1dPvlrJO9c35BekhtirolVjZqMQ0AYPVifua
-yIU0dWXsZkAOcBL9kZFbJcYRUIxMgvp8U2Zdv1+ZlwOyXnnWDOOh9wjuT7FAyObU
-ChvjHlgZHkvLwJI=
-
-
-
-
-
-
-
-
-
-
- urn:mace:shibboleth:1.0:nameIdentifier
- urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Agropolis International
- Agropolis International
- http://www.agropolis.fr
-
-
-
-
-
-
- Jean Cerda
- cerda@agropolis.fr
-
-
-
-
-
- Jean-Pierre Allano
- allano@agropolis.fr
-
-
-
-
-
-
-
-
- https://services.renater.fr/federation/en/metadata_registration_practice_statement
-
-
-
-
- vetagro-sup.fr
-
-
-
- Vetagro Sup
-
- data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAABIAAAASABGyWs+AAAACXZwQWcAAAAQAAAAEABcxq3DAAAB/klEQVQ4y2NkQAP///+X+/jxI/PO7dujP3/7kf7v778ffDzciw2MDFaqq6t/Y2RkfIysngndAEZGxkezZ8/25xEQqVDTs5eRVrNU4RQUL7x9+7YtumasBjAwMDBISIgbcvBKct998p7h1fvfDKyc4nz//jF6yjAwSBNlwM+fP3/9/PmT4dbl4wysrCwMf//9Z/r7959UcFISD1EGPH107xgfD9sbTg52hrcvHjDw87Aw/Pz+7tLEefNuEmWAm6ffxvu3Ll4zMjZleHz/KsO7lw+f3bh+czs2tVgNsLS0fPfs4b3VnKy//wrycW84e2L/uobmtg0MpIKurt6N////Z8jPzxcnWTMDAwPD79//tbq7+9bhU8OMTfD//8cMP79L1X/8tjxMQYHXT0Uh88aBgyuvEW3Aly+8ntw8jLU3bx20cnH/xPz2jTyvk9OGpTt3NhIOxP//GRgkJGR8tPVeyElIvWA4dfIqg57Bff0nD+eHExULIb5dqkYmYgYm5r8YPH3vMzx//omBk+edpI4+vxVRBnz5zPqbi4vt7a9fv//9+cvAYG79jIGZmZWBg4NJiCgDdh4sfHD/7u9j714Z/BYWiGBQVkxjePNK8+erV5+uYDOABTMM/nP09y9Z8+OHgNjli9ahf//++8vGwrlAS0tp/v///7kYGRm/IasHAIVTy8DG/VpJAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE1LTA3LTIwVDEwOjUwOjA5KzAyOjAwfDtz7wAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxNS0wNy0yMFQxMDo1MDowOSswMjowMA1my1MAAAAASUVORK5CYII=
- http://www.vetagro-sup.fr
-
- Vetagro Sup
-
-
-
-
-
-
-
-
- MIIDPDCCAiSgAwIBAgIVAL9PsuadPSIZcMHNxlK/oevezmzWMA0GCSqGSIb3DQEB
-BQUAMB8xHTAbBgNVBAMTFGFtYnJlLnZldGFncm8tc3VwLmZyMB4XDTEyMTEwODEw
-MTQwNFoXDTMyMTEwODEwMTQwNFowHzEdMBsGA1UEAxMUYW1icmUudmV0YWdyby1z
-dXAuZnIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc/ptfpmkomwmT
-4RsID+1Ce1dX0eUjcLgSOZN8hVpHWLag2ERWkpmvB5aK7BAFcI5i//Gk80tAiasu
-JtlZhBnEw54aTJRGpyL2CVkHyl6SMRxprIi1Ji67IoGqEgUeGaheAxo+tG5e1WSc
-bIbldcSKdwvjAV+7HSB4C6NqLsAzJH25++yaRH2uf2LTD0TDzNR9Q2hVj/VyYWR+
-K3HWI1Snjn/i7aFfZZhYmBkwHuQOaPhwCM+khikg5XicMsxUhHCMi93UgHGIsdkr
-IEGj4xydBTUKsLaykeuFS8EgXbWwCLGkeX76w8xDoFIpnppU/yFd9v7Zg3EBfn4p
-kTW3GdIjAgMBAAGjbzBtMEwGA1UdEQRFMEOCFGFtYnJlLnZldGFncm8tc3VwLmZy
-hitodHRwczovL2FtYnJlLnZldGFncm8tc3VwLmZyL2lkcC9zaGliYm9sZXRoMB0G
-A1UdDgQWBBTPTqWkVHrHXFjmxMWkNt/sp2h5ozANBgkqhkiG9w0BAQUFAAOCAQEA
-FvXMtfBUmRZCzz8CjanGzr1TBUPmnkrKci5AtkseKw9YlfUmBXTHB01y697nYq6m
-RB6KhvfW212h9CF0IOEEjoadgDhXqGYhq8PnAOtT4Ty3XDy8SbRh8aQWfvnfSngv
-FdpHRiSpj5UXXuT5zTtkf59h58XKtEfCkMbUzvdOgUobJzpD0WISmQHPQnx+Neg6
-9j7oMRrDiZjS39Om8Imu9xvsnddDM3PlsDBIsvrr1o7K5iLkEdR1YYX0ZNDbiFuw
-QXXl2dwQPB8KrScPUvCe57slU2gFQvvIBzjQysxC6V6TPSuM3A/ee56lACuB3jKj
-oYkHQc5Gj/1rSMLmu9aLMg==
-
-
-
-
-
-
-
-
-
-
- urn:mace:shibboleth:1.0:nameIdentifier
- urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Vetagro Sup
- Vetagro Sup
- http://www.vetagro-sup.fr
-
-
-
-
-
-
- Nicolas Aulas
- nicolas.aulas@vetagro-sup.fr
-
-
-
-
-
-
-
-
-
-
- https://services.renater.fr/federation/en/metadata_registration_practice_statement
-
-
-
-
- insa-strasbourg.fr
-
-
-
- INSA Strasbourg
-
- data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAMAAAAoLQ9TAAAAq1BMVEXeAACEhoTWz87nQTn3oqXnIBjvgnvWlpT/5+fnEAjvZWOltrXnNDH3mpT/9/fnCAD/4+fvioz3x8bnVVL3qq3nKCnvkpTnHBjvcXP3sq3vgoT/7+/nFBDnODH3mpz////nDAj3z87vlpTveXv3vr3nAACMmpznRUL3pqXnJCHnFAj/+//nDADvjoz3y87vXVr3rq3nLCnvdXP3srXvhoT/8/fvODH3npz3lpQaie6kAAAACXBIWXMAAABIAAAASABGyWs+AAAACXZwQWcAAAAQAAAAEABcxq3DAAAAe0lEQVQY053OwQqCQBhF4VM22VSMMWrFGP2kkIpUQ1nz/m8Ws20TeFeHb3WRnzEBBjO8xRjZrURi0TFiy+UITjTpjIKaOndZuDSGxF0j9G1+e7CuLN1nE2F7VI28tAoqMMezP1ieFOOp7RPueBXKSqdnMq8Wg66nPP0LX4uIG4jEwJ0sAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE1LTA3LTIwVDEwOjQ5OjA0KzAyOjAwIHfmJQAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxNS0wNy0yMFQxMDo0OTowNCswMjowMFEqXpkAAAAASUVORK5CYII=
- http://www.insa-strasbourg.fr
-
- INSA Strasbourg
-
-
-
-
-
-
-
-
- MIIDUDCCAjigAwIBAgIVAIbX8U0uAqAhuXm1jWxiFpggtDTDMA0GCSqGSIb3DQEB
-CwUAMCQxIjAgBgNVBAMMGXNvdWZyZS5pbnNhLXN0cmFzYm91cmcuZnIwHhcNMTYw
-OTI3MTIzNjIxWhcNMzYwOTI3MTIzNjIxWjAkMSIwIAYDVQQDDBlzb3VmcmUuaW5z
-YS1zdHJhc2JvdXJnLmZyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
-sEE02sLRPAG5N81DMHEeGpI2MYF8yG/RiwH07cFIlLqgV80ewOmi0FWPYijxMb8A
-bmx0RwUMvJBVI6WMxtT9fykhID20k8rWOuYOzvaynzVqCktqVgKoEAxP1PFE9b0n
-iGKFprjjNl9ZD90GOUsxbAO7yXG9Q4WBa/eThl6XkUvNkSaZp5hcdWrgcAdsae3q
-iD/uxFa38NXNNeRLGyfxjd2K5qYSzbwBza9s9TOq1+pfw7sxu3/4BnfQ0RLGO6co
-4tH4Mufh0ome4cyYk4pvW5DOd1AznxDb8HpqvE0zwEsa69c/FDX0akgFZydmc77a
-j6USn6JKjjbO49yGtG1gVQIDAQABo3kwdzAdBgNVHQ4EFgQUjzMsxZYiokPYxper
-9zadM8J0F0kwVgYDVR0RBE8wTYIZc291ZnJlLmluc2Etc3RyYXNib3VyZy5mcoYw
-aHR0cHM6Ly9zb3VmcmUuaW5zYS1zdHJhc2JvdXJnLmZyL2lkcC9zaGliYm9sZXRo
-MA0GCSqGSIb3DQEBCwUAA4IBAQBFJKsiS3yfWuDB/E+iqQ0TuQJzL5+JIcloN0dw
-BFxW3VZOju15zeQ7LwRBg9S4SGLMPJU+LM1lvr68cK9brut/FjF51SETIXEeCWo3
-7+PIqgOCzraLNinmpU/OtN8ENalOPvpS6Jvbd23qB2t+IqOtZ+j15b0Yq4/on1E3
-W2F9CVzKpe4EwmmtCPQbe7U1wvhgFylEx797pex8veWs79YSYwqvcKMh79dzl8Fo
-/CgsO5pDrfKmc6SGMkByq75dZj+PqhZDzZ9EFTxbrXOTaS08VRN6a5Rh2iYRnGxq
-yZl66tPcaIm5PHgOEmu5X4lPkUoY+Jt36Gj3SGCbYt8qH5S0
-
-
-
-
-
-
-
-
-
-
-
-
- MIIDXDCCAkSgAwIBAgIVAKI+qiqDCk9wTTqn7OVAoZrvj/CpMA0GCSqGSIb3DQEB
-BQUAMCcxJTAjBgNVBAMTHGFudGltb2luZS5pbnNhLXN0cmFzYm91cmcuZnIwHhcN
-MTQwMTEzMTAzOTU4WhcNMzQwMTEzMTAzOTU4WjAnMSUwIwYDVQQDExxhbnRpbW9p
-bmUuaW5zYS1zdHJhc2JvdXJnLmZyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEAtuM8lRjlVjjmrHq9VtguaOMQL+Wd99BiOs56kL3Mbctg1FwH69LYThCW
-6dOz6WJg/jU/naF7jEikXKc71xGyu7Ph7Iqa9S5hoXXAT8u/0q2nZDeTOraJqKe1
-FMF2RzXhEEMyQO3CiKNK9b+tbKoNZS7FQCixMZklWZPt4EcEKd6jyRq1WYX3dpnb
-r9I/aCdhtK/PGvGe5gKTDoTR2HKyWKJTc/obf8x/vlYIEwiaGgdlqI2KiBE0x48n
-zQdP6XVi3T8ZWbnkLmCfgJtP2C8PtEJuwDRAy0Z9N4DSwvxn5YCVYgBLSi0TLa10
-B/lUqqBezZrTrA9p9Lt8JtGXW5YGHwIDAQABo38wfTBcBgNVHREEVTBTghxhbnRp
-bW9pbmUuaW5zYS1zdHJhc2JvdXJnLmZyhjNodHRwczovL2FudGltb2luZS5pbnNh
-LXN0cmFzYm91cmcuZnIvaWRwL3NoaWJib2xldGgwHQYDVR0OBBYEFLFkjPZUc9JY
-qrWjldJ/iGGkKAt4MA0GCSqGSIb3DQEBBQUAA4IBAQBSk/wU1mRn4VF2ifmy261K
-DK7uX+t1H1hh8S38fKSFU7HoNXJTV3vQnmBOpYIGC1gtvmb+qjqpNtikU2zO84Gq
-Q0bXHxYF2d9RUP89mKaFxE5uNcXFmlOA3ChZY3pMT5zwAPI/T60tGrex7zci7OLn
-JDAQj/q4Yk9ejx6JTFggQSCCVh+oV/SDIMd2p5AY6H3mto3b6XCk7Lssa8a/D30k
-pEkZnhTKdN82eRyynuOR7UDU4tasV4d7Mi/j53f5ihnRcsvwh/pYodjoVYY8cEcZ
-JLnAXYF8coSwh8UN4D/0NHsvTuSOFQc85hGrqacMsvxiQiw9mv01AX5+A5YLEbVQ
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- urn:mace:shibboleth:1.0:nameIdentifier
- urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- INSA Strasbourg
- INSA Strasbourg
- http://www.insa-strasbourg.fr
-
-
-
-
-
-
- Lahsen BOUZID
- lahsen.bouzid@insa-strasbourg.fr
-
-
-
-
-
- Simon SCHERRER
- simon.scherrer@insa-strasbourg.fr
-
-
-
-
-
-
-
-
-
-
-
-
-MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEP
-MA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczETMBEGA1UEChMKRW50cm91
-dmVydDEPMA0GA1UEAxMGRGFtaWVuMB4XDTA2MTAyNzA5MDc1NFoXDTExMTAyNjA5
-MDc1NFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMF
-UGFyaXMxEzARBgNVBAoTCkVudHJvdXZlcnQxDzANBgNVBAMTBkRhbWllbjCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM06Hx6VgHYR9wUf/tZVVTRkVWNq
-h9x+PvHA2qH4OYMuqGs4Af6lU2YsZvnrmRdcFWv0+UkdAgXhReCWAZgtB1pd/W9m
-6qDRldCCyysow6xPPKRz/pOTwRXm/fM0QGPeXzwzj34BXOIOuFu+n764vKn18d+u
-uVAEzk1576pxTp4pQPzJfdNLrLeQ8vyCshoFU+MYJtp1UA+h2JoO0Y8oGvywbUxH
-ioHN5PvnzObfAM4XaDQohmfxM9Uc7Wp4xKAc1nUq5hwBrHpjFMRSz6UCfMoJSGIi
-+3xJMkNCjL0XEw5NKVc5jRKkzSkN5j8KTM/k1jPPsDHPRYzbWWhnNtd6JlkCAwEA
-AaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0
-ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFP2WWMDShux3iF74+SoO1xf6qhqaMB8G
-A1UdIwQYMBaAFGjl6TRXbQDHzSlZu+e8VeBaZMB5MA0GCSqGSIb3DQEBBQUAA4IB
-AQAZ/imK7UMognXbs5RfSB8cMW6iNAI+JZqe9XWjvtmLfIIPbHM96o953SiFvrvQ
-BZjGmmPMK3UH29cjzDx1R/RQaYTyMrHyTePLh3BMd5mpJ/9eeJCSxPzE2ECqWRUa
-pkjukecFXqmRItwgTxSIUE9QkpzvuQRb268PwmgroE0mwtiREADnvTFkLkdiEMew
-fiYxZfJJLPBqwlkw/7f1SyzXoPXnz5QbNwDmrHelga6rKSprYKb3pueqaIe8j/AP
-NC1/bzp8cGOcJ88BD5+Ny6qgPVCrMLE5twQumJ12V3SvjGNtzFBvg2c/9S5OmVqR
-LlTxKnCrWAXftSm1rNtewTsF
-
-
-
-
-
-
-MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEP
-MA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczETMBEGA1UEChMKRW50cm91
-dmVydDEPMA0GA1UEAxMGRGFtaWVuMB4XDTA2MTAyNzA5MDc1NFoXDTExMTAyNjA5
-MDc1NFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMF
-UGFyaXMxEzARBgNVBAoTCkVudHJvdXZlcnQxDzANBgNVBAMTBkRhbWllbjCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM06Hx6VgHYR9wUf/tZVVTRkVWNq
-h9x+PvHA2qH4OYMuqGs4Af6lU2YsZvnrmRdcFWv0+UkdAgXhReCWAZgtB1pd/W9m
-6qDRldCCyysow6xPPKRz/pOTwRXm/fM0QGPeXzwzj34BXOIOuFu+n764vKn18d+u
-uVAEzk1576pxTp4pQPzJfdNLrLeQ8vyCshoFU+MYJtp1UA+h2JoO0Y8oGvywbUxH
-ioHN5PvnzObfAM4XaDQohmfxM9Uc7Wp4xKAc1nUq5hwBrHpjFMRSz6UCfMoJSGIi
-+3xJMkNCjL0XEw5NKVc5jRKkzSkN5j8KTM/k1jPPsDHPRYzbWWhnNtd6JlkCAwEA
-AaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0
-ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFP2WWMDShux3iF74+SoO1xf6qhqaMB8G
-A1UdIwQYMBaAFGjl6TRXbQDHzSlZu+e8VeBaZMB5MA0GCSqGSIb3DQEBBQUAA4IB
-AQAZ/imK7UMognXbs5RfSB8cMW6iNAI+JZqe9XWjvtmLfIIPbHM96o953SiFvrvQ
-BZjGmmPMK3UH29cjzDx1R/RQaYTyMrHyTePLh3BMd5mpJ/9eeJCSxPzE2ECqWRUa
-pkjukecFXqmRItwgTxSIUE9QkpzvuQRb268PwmgroE0mwtiREADnvTFkLkdiEMew
-fiYxZfJJLPBqwlkw/7f1SyzXoPXnz5QbNwDmrHelga6rKSprYKb3pueqaIe8j/AP
-NC1/bzp8cGOcJ88BD5+Ny6qgPVCrMLE5twQumJ12V3SvjGNtzFBvg2c/9S5OmVqR
-LlTxKnCrWAXftSm1rNtewTsF
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
-
-
-
-
- urn:oasis:names:tc:SAML:1.1:nameid-format:kerberos
-
-
-
-
- urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
-
-
- Entr'ouvert
-
-
-
-
diff --git a/tests/test_default_adapter.py b/tests/test_default_adapter.py
index e2a6088..8189a39 100644
--- a/tests/test_default_adapter.py
+++ b/tests/test_default_adapter.py
@@ -89,7 +89,7 @@ def test_provision_user_attributes(settings, django_user_model, caplog):
assert user.email == 'test@example.net'
assert user.is_superuser is False
assert user.is_staff is False
- assert len(caplog.records) == 6
+ assert len(caplog.records) == 4
assert 'created new user' in caplog.text
assert 'set field first_name' in caplog.text
assert 'set field last_name' in caplog.text
@@ -102,7 +102,7 @@ def test_provision_user_groups(settings, django_user_model, caplog):
user = SAMLBackend().authenticate(saml_attributes=saml_attributes)
assert user.groups.count() == 3
assert set(user.groups.values_list('name', flat=True)) == set(saml_attributes['group'])
- assert len(caplog.records) == 6
+ assert len(caplog.records) == 4
assert 'created new user' in caplog.text
assert 'adding group GroupA' in caplog.text
assert 'adding group GroupB' in caplog.text
@@ -112,7 +112,7 @@ def test_provision_user_groups(settings, django_user_model, caplog):
user = SAMLBackend().authenticate(saml_attributes=saml_attributes2)
assert user.groups.count() == 2
assert set(user.groups.values_list('name', flat=True)) == set(saml_attributes2['group'])
- assert len(caplog.records) == 9
+ assert len(caplog.records) == 5
assert 'removing group GroupA' in caplog.records[-1].message
@@ -142,7 +142,7 @@ def test_provision_absent_attribute(settings, django_user_model, caplog):
del local_saml_attributes['email']
user = SAMLBackend().authenticate(saml_attributes=local_saml_attributes)
assert not user.email
- assert len(caplog.records) == 6
+ assert len(caplog.records) == 4
assert 'created new user' in caplog.text
assert re.search(r'invalid reference.*email', caplog.text)
assert 'set field first_name' in caplog.text
@@ -160,7 +160,7 @@ def test_provision_long_attribute(settings, django_user_model, caplog):
local_saml_attributes['first_name'] = [('y' * 32)]
user = SAMLBackend().authenticate(saml_attributes=local_saml_attributes)
assert user.first_name == 'y' * 30
- assert len(caplog.records) == 6
+ assert len(caplog.records) == 4
assert 'created new user' in caplog.text
assert 'set field first_name' in caplog.text
assert 'to value %r ' % (u'y' * 30) in caplog.text
diff --git a/tests/test_federations_utils.py b/tests/test_federations_utils.py
deleted file mode 100644
index 5a101e0..0000000
--- a/tests/test_federations_utils.py
+++ /dev/null
@@ -1,39 +0,0 @@
-import os
-import time
-
-from django.utils.text import slugify
-from httmock import HTTMock
-
-from mellon.federation_utils import get_federation_from_url, truncate_unique
-from utils import sample_federation_response
-
-
-def test_mock_fedmd_caching():
- url = u'https://dummy.mdserver/metadata.xml'
- filepath = os.path.join('metadata-cache/', truncate_unique(slugify(url)))
-
- if os.path.isfile(filepath):
- os.remove(filepath)
-
- with HTTMock(sample_federation_response):
- tmp = get_federation_from_url(url)
-
- assert tmp == filepath
-
- st = os.stat(filepath)
-
- assert os.path.isfile(filepath)
- assert st.st_mtime < time.time() + 3600
-
- with HTTMock(sample_federation_response):
- get_federation_from_url(url)
- stnew = os.stat(filepath)
-
- assert stnew.st_ctime == st.st_ctime
- assert stnew.st_mtime == st.st_mtime
-
- storig = os.stat(os.path.join('tests', 'federation-sample.xml'))
-
- assert storig.st_size == st.st_size
-
- os.remove(filepath)
diff --git a/tests/test_sso_slo.py b/tests/test_sso_slo.py
index a5438d5..795e53d 100644
--- a/tests/test_sso_slo.py
+++ b/tests/test_sso_slo.py
@@ -4,8 +4,7 @@ from pytest import fixture
from django.core.urlresolvers import reverse
-from mellon.utils import create_metadata, create_server
-from django.utils.http import urlencode
+from mellon.utils import create_metadata
from httmock import all_requests, HTTMock, response as mock_response
@@ -17,11 +16,6 @@ def idp_metadata():
return open('tests/metadata.xml').read()
-@fixture
-def federation_metadata():
- return './tests/federation-sample.xml'
-
-
@fixture
def idp_private_key():
return open('tests/idp-private-key.pem').read()
@@ -49,30 +43,12 @@ def sp_settings(private_settings, idp_metadata, sp_private_key, public_key):
return private_settings
-@fixture
-def federated_sp_settings(private_settings, federation_metadata, sp_private_key, public_key):
- private_settings.MELLON_FEDERATIONS = [{
- 'FEDERATION': federation_metadata,
- }]
- private_settings.MELLON_PUBLIC_KEYS = [public_key]
- private_settings.MELLON_PRIVATE_KEYS = [sp_private_key]
- private_settings.MELLON_NAME_ID_POLICY_FORMAT = lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT
- private_settings.LOGIN_REDIRECT_URL = '/'
- return private_settings
-
-
@fixture
def sp_metadata(sp_settings, rf):
request = rf.get('/')
return create_metadata(request)
-@fixture
-def federated_sp_metadata(federated_sp_settings, rf):
- request = rf.get('/')
- return create_metadata(request)
-
-
class MockIdp(object):
def __init__(self, idp_metadata, private_key, sp_metadata):
self.server = server = lasso.Server.newFromBuffers(idp_metadata, private_key)
@@ -127,11 +103,6 @@ def idp(sp_settings, idp_metadata, idp_private_key, sp_metadata):
return MockIdp(idp_metadata, idp_private_key, sp_metadata)
-@fixture
-def federated_idp(federated_sp_settings, idp_metadata, idp_private_key, federated_sp_metadata):
- return MockIdp(idp_metadata, idp_private_key, federated_sp_metadata)
-
-
def test_sso_slo(db, app, idp, caplog, sp_settings):
response = app.get(reverse('mellon_login'))
url, body = idp.process_authn_request_redirect(response['Location'])
@@ -200,60 +171,3 @@ def test_sso_artifact(db, app, caplog, sp_settings, idp_metadata, idp_private_ke
assert 'created new user' in caplog.text
assert 'logged in using SAML' in caplog.text
assert response['Location'].endswith(sp_settings.LOGIN_REDIRECT_URL)
-
-
-def test_login_federation(db, app, federated_idp, caplog, federated_sp_settings):
- qs = urlencode({
- 'entityID': 'http://idp5/metadata',
- })
- response = app.get('/login/?' + qs)
- url, body = federated_idp.process_authn_request_redirect(response['Location'])
- assert url.endswith(reverse('mellon_login'))
- response = app.post(reverse('mellon_login'), params={'SAMLResponse': body})
- assert 'created new user' in caplog.text
- assert 'logged in using SAML' in caplog.text
- assert response['Location'].endswith(federated_sp_settings.LOGIN_REDIRECT_URL)
-
-
-def test_sso_artifact_federation(db, app, caplog, federated_sp_settings, idp_metadata, idp_private_key, rf):
- qs = urlencode({
- 'entityID': 'http://idp5/metadata',
- })
- federated_sp_settings.MELLON_DEFAULT_ASSERTION_CONSUMER_BINDING = 'artifact'
- request = rf.get('/')
- federated_sp_metadata = create_metadata(request)
- idp = MockIdp(idp_metadata, idp_private_key, federated_sp_metadata)
- response = app.get('/login/?' + qs)
- url, body = idp.process_authn_request_redirect(response['Location'])
- assert body is None
- assert reverse('mellon_login') in url
- assert 'SAMLart' in url
- acs_artifact_url = url.split('testserver', 1)[1]
- with HTTMock(idp.mock_artifact_resolver()):
- response = app.get(acs_artifact_url)
- assert 'created new user' in caplog.text
- assert 'logged in using SAML' in caplog.text
- assert response['Location'].endswith(federated_sp_settings.LOGIN_REDIRECT_URL)
- # force delog
- app.session.flush()
- assert 'dead artifact' not in caplog.text
- with HTTMock(idp.mock_artifact_resolver()):
- response = app.get(acs_artifact_url)
- # verify retry login was asked
- assert 'dead artifact' in caplog.text
- assert response.status_code == 302
- assert reverse('mellon_login') in url
- response = response.follow()
- url, body = idp.process_authn_request_redirect(response['Location'])
- reset_caplog(caplog)
- # verify caplog has been cleaned
- assert 'created new user' not in caplog.text
- assert body is None
- assert reverse('mellon_login') in url
- assert 'SAMLart' in url
- acs_artifact_url = url.split('testserver', 1)[1]
- with HTTMock(idp.mock_artifact_resolver()):
- response = app.get(acs_artifact_url)
- assert 'created new user' in caplog.text
- assert 'logged in using SAML' in caplog.text
- assert response['Location'].endswith(federated_sp_settings.LOGIN_REDIRECT_URL)
diff --git a/tests/test_utils.py b/tests/test_utils.py
index 80ab9e8..ca73ba6 100644
--- a/tests/test_utils.py
+++ b/tests/test_utils.py
@@ -1,4 +1,3 @@
-import os
import re
import datetime
@@ -7,13 +6,11 @@ import lasso
import requests.exceptions
from httmock import HTTMock
-from mellon.utils import create_server, create_metadata, iso8601_to_datetime, \
- flatten_datetime, get_idp
+from mellon.utils import create_server, create_metadata, iso8601_to_datetime, flatten_datetime
import mellon.utils
from xml_utils import assert_xml_constraints
-from utils import error_500, metadata_response, sample_federation_response, \
- html_response, dummy_md_response
+from utils import error_500, metadata_response
def test_create_server_connection_error(mocker, rf, private_settings, caplog):
@@ -42,48 +39,6 @@ def test_create_server_internal_server_error(mocker, rf, private_settings, caplo
assert 'failed with error' in caplog.text
-def test_load_federation_file(mocker, rf, private_settings, caplog, tmpdir):
- private_settings.MELLON_FEDERATIONS = [
- {'FEDERATION': 'tests/federation-sample.xml'},
- ]
- request = rf.get('/')
- assert 'failed with error' not in caplog.text
- with HTTMock(html_response):
- server = create_server(request)
- assert len(server.providers) == 5
-
-
-def test_load_federation_url(mocker, rf, private_settings, caplog, tmpdir):
- private_settings.MELLON_FEDERATIONS = [
- {'FEDERATION': 'https://dummy.server/metadata.xml'},
- ]
- request = rf.get('/')
- assert 'failed with error' not in caplog.text
- with HTTMock(dummy_md_response):
- server = create_server(request)
- assert len(server.providers) == 3
-
-
-def test_federation_parameters(mocker, rf, private_settings, caplog, tmpdir):
- private_settings.MELLON_FEDERATIONS = [{
- 'FEDERATION': 'tests/federation-sample.xml',
- 'VERIFY_SSL_CERTIFICATE': False,
- 'ERROR_REDIRECT_AFTER_TIMEOUT': 150,
- 'PROVISION': True
- }]
- request = rf.get('/')
- assert 'failed with error' not in caplog.text
- with HTTMock(html_response):
- server = create_server(request)
- assert len(server.providers) == 5
- for entity_id in server.providers.keys():
- idp = get_idp(entity_id)
- assert idp
- assert idp['VERIFY_SSL_CERTIFICATE'] is False
- assert idp['ERROR_REDIRECT_AFTER_TIMEOUT'] == 150
- assert idp['PROVISION'] is True
-
-
def test_create_server_invalid_metadata(mocker, rf, private_settings, caplog):
private_settings.MELLON_IDENTITY_PROVIDERS = [
{
@@ -94,8 +49,8 @@ def test_create_server_invalid_metadata(mocker, rf, private_settings, caplog):
assert not 'failed with error' in caplog.text
with HTTMock(error_500):
create_server(request)
- assert len(caplog.records) == 5
- assert re.search('METADATA.*is invalid|bad metadata in idp', caplog.text)
+ assert len(caplog.records) == 1
+ assert re.search('METADATA.*is invalid', caplog.text)
def test_create_server_invalid_metadata_file(mocker, rf, private_settings, caplog):
@@ -115,11 +70,13 @@ def test_create_server_invalid_metadata_file(mocker, rf, private_settings, caplo
def test_create_server_good_metadata_file(mocker, rf, private_settings, caplog):
private_settings.MELLON_IDENTITY_PROVIDERS = [
{
- 'METADATA': './tests/metadata.xml',
+ 'METADATA': '/xxx',
}
]
request = rf.get('/')
- with HTTMock(html_response):
+ with mock.patch(
+ 'mellon.adapters.file', mock.mock_open(read_data=file('tests/metadata.xml').read()),
+ create=True):
server = create_server(request)
assert 'ERROR' not in caplog.text
assert len(server.providers) == 1
diff --git a/tests/utils.py b/tests/utils.py
index e88e21c..366fe7b 100644
--- a/tests/utils.py
+++ b/tests/utils.py
@@ -16,16 +16,6 @@ def metadata_response(url, request):
return response(200, content=file('tests/metadata.xml').read())
-@all_requests
-def dummy_md_response(url, request):
- return response(200, content=file('tests/dummy_md.xml').read())
-
-
-@all_requests
-def sample_federation_response(url, request):
- return response(200, content=file('tests/federation-sample.xml').read())
-
-
def reset_caplog(cap):
cap.handler.stream.truncate(0)
cap.handler.records = []