tests: use dummy metadata from lasso, starts tests of SSO/SLO (fixes #11476)
This commit is contained in:
parent
80c748820a
commit
958cb65acd
|
@ -0,0 +1,27 @@
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIIEowIBAAKCAQEAzTofHpWAdhH3BR/+1lVVNGRVY2qH3H4+8cDaofg5gy6oazgB
|
||||||
|
/qVTZixm+euZF1wVa/T5SR0CBeFF4JYBmC0HWl39b2bqoNGV0ILLKyjDrE88pHP+
|
||||||
|
k5PBFeb98zRAY95fPDOPfgFc4g64W76fvri8qfXx3665UATOTXnvqnFOnilA/Ml9
|
||||||
|
00ust5Dy/IKyGgVT4xgm2nVQD6HYmg7Rjyga/LBtTEeKgc3k++fM5t8AzhdoNCiG
|
||||||
|
Z/Ez1RztanjEoBzWdSrmHAGsemMUxFLPpQJ8yglIYiL7fEkyQ0KMvRcTDk0pVzmN
|
||||||
|
EqTNKQ3mPwpMz+TWM8+wMc9FjNtZaGc213omWQIDAQABAoIBAEPj5keHzWdBqiXX
|
||||||
|
38WnlPgv+M9afndCjDANTEYoh14OIUjWzlIe/ufd6HLkrVA89hkwgQbewbyQOT2C
|
||||||
|
YiSlQLl0PlKMCTIKIzVHD07HvXNTAwykEqNfTZChSYEa1/Ixre+MXvugF8nwdKxk
|
||||||
|
8xN0qXTQF6OXeVYvQNAAdng743YON4ubqKlEezIwnfG/jcoZrGkiTpx+k1JXJsZN
|
||||||
|
4dHKFP12RRhUTGjaOkBo41w8GNKQLFpy1vqAOYMyi1SJcrwpAu3H0iQug9SylQaM
|
||||||
|
bFjt8j/m13gu3zXIJbi8xbyg3nqpxl9dxcZG/cDA9z2tLu/h3G3nPq7CXvkZxmjl
|
||||||
|
ePvOCwECgYEA9zbwYMtd8tT3PHtrCtjwkfxV0dvMmfNw/rRT4ShWtKLmgX+K9nz/
|
||||||
|
T4qpbehz4z7OvsLjQ6Bt6wjMNMw9SEBeEMyDVTpmzSD2PowARegmeLX4CsilqHHl
|
||||||
|
/AMYUtywEQ2f65/CWPiMIt8mLnEyJ/dsyVLpuzGUNNt34Yaqpu2qXnUCgYEA1IUy
|
||||||
|
PObmTh3I8ZyESyGhbu2TYs0A8Zy6eTIAv0ijOIpmUykzjE5pR9sB3nYEd4GTHPEv
|
||||||
|
hF6SWfNIDDr83TqThJYzkFyXMCxiVLH55U42wlsvwp4jTnOI3K/7Y7U/lEmBlgcl
|
||||||
|
JbIIv1t9okg3+Kuu4i7iB6JR89cSO/Wfcdu/c9UCgYAHE5eF7cxeqyH4pT/HK7aX
|
||||||
|
NzXtr/EHZySQ5fCQvWrd+NvIUTJVI/ba/AklkEXg92dLpqCCyxDabYIK8N3AN7d5
|
||||||
|
m6EWy3kt3geueqt3VNHlGrBi/qNfUwNWV3BWzuJrWox9XjFeAp9gUCrzoWHiKv7+
|
||||||
|
NFVkemLXsICaABTaemsqEQKBgQDJJ4n1u1gieG7Kwqs1sg9rP9RRoFlUWFTogjvS
|
||||||
|
0p4r1lQkQstX8qAUM2gBeROhSjRFIMUpNZqxKWT4rpzJibg3tzP3YKx6HIi2Qf+W
|
||||||
|
3AFY1ZbPT397sj/JI4l/Rv93DFxr9TdkBq/g8GhqQpE3/sj5rgaj0zBe7SOFPWg+
|
||||||
|
DRGaQQKBgEEcSF5KmpIHnhi3WlfGiEtx3kcD63orKME0YYA5BM6wnmRT4QiSw+qj
|
||||||
|
i7ljrKGSbmdMFC3ArM42/k2lXYpVLsYWmyaRYSgbdowxLM1XxDJMFIPR2uG6N+vi
|
||||||
|
HzWkRxi2SXKU42vfs5eA0itHvQP2DfUx8VuvtwVbOxDGgntYia70
|
||||||
|
-----END RSA PRIVATE KEY-----
|
|
@ -1,17 +1,108 @@
|
||||||
<?xml version="1.0"?>
|
<?xml version="1.0"?>
|
||||||
<ns0:EntityDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" entityID="https://cresson.entrouvert.org/idp/saml2/metadata"><ns0:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><ns0:KeyDescriptor><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIIC+TCCAeGgAwIBAgIJAJqAKDUDlSinMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
|
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
|
||||||
BAMMCHdob2NhcmVzMB4XDTE0MDUyNzE0MzE0OVoXDTI0MDUyNDE0MzE0OVowEzER
|
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
|
||||||
MA8GA1UEAwwId2hvY2FyZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
|
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
|
||||||
AQDrUFQGviUE+unV4afJQiRUPp4/D+Ltvuw59BuJwdNEWHA2vchhnwDLlp3RWKaf
|
entityID="http://idp5/metadata">
|
||||||
SWBJift55C4ybQKn5AEe6FHlIapJPvNqYnVP+0IgUFJmrxTWG9IT/5ZvJS0yer/O
|
<IDPSSODescriptor
|
||||||
093I5HTqthgcByIAj2L4R3oW21HNCojT4WZDYjG6RAxRFU/10BYY1ILe1SPAMXqc
|
WantAuthnRequestsSigned="true"
|
||||||
99QC5fy2sZEJ/Cyd2Vlt1kAQ1+BZSZCL3vvdLfVRKjKZn2yYp8XbSplAZxB+b/iM
|
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
||||||
duSQHtLaRsV5tizPCdftXECaDn1FKqK0JmcolHFBsfOH2x7I8XEljO/DR/Oy4kzv
|
<KeyDescriptor use="signing">
|
||||||
/cLdZB5fft4+nCqwLzI7fcRFAgMBAAGjUDBOMB0GA1UdDgQWBBSFV52hDdxJAdbM
|
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||||
Nht32j7+PyFbKTAfBgNVHSMEGDAWgBSFV52hDdxJAdbMNht32j7+PyFbKTAMBgNV
|
<ds:X509Data><ds:X509Certificate>
|
||||||
HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCoNxpm99qip4nROCedBIbZnqWj
|
MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEP
|
||||||
EkqHRLvIsm+oxf4Ctc6x/N1d2ngEygfT1xf5N5V221XTOgLCkuqi5r0/T6EB7U9y
|
MA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczETMBEGA1UEChMKRW50cm91
|
||||||
6ACfVJQmvNaPbFmn2J9rNIAPYPj2cengSZyL3mWyrkPFLj5TsgT98GASX9iThhds
|
dmVydDEPMA0GA1UEAxMGRGFtaWVuMB4XDTA2MTAyNzA5MDc1NFoXDTExMTAyNjA5
|
||||||
Nq6btZUL9ZUq8v3O7Y1uruMHJAACim4eYBjsCXaF7diKYaftFiwZWy1+3IQzUhmg
|
MDc1NFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMF
|
||||||
Ov4KR9P9bb+W/43i7zAYmdUrBr31/amEvGHoco7cO2bp43/1H8fFOcnkX0wRdN/k
|
UGFyaXMxEzARBgNVBAoTCkVudHJvdXZlcnQxDzANBgNVBAMTBkRhbWllbjCCASIw
|
||||||
r/hRVIsfeC6ss1NPDu/KzbRVVn5p9qKK6YVqqT3QapnQELgajEfhxpgY7AQx</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns0:KeyDescriptor><ns0:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://cresson.entrouvert.org/idp/saml2/artifact" index="0" /><ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://cresson.entrouvert.org/idp/saml2/slo" ResponseLocation="https://cresson.entrouvert.org/idp/saml2/slo_return" /><ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://cresson.entrouvert.org/idp/saml2/slo" ResponseLocation="https://cresson.entrouvert.org/idp/saml2/slo_return" /><ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://cresson.entrouvert.org/idp/saml2/slo/soap" /><ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://cresson.entrouvert.org/idp/saml2/sso" /><ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://cresson.entrouvert.org/idp/saml2/sso" /></ns0:IDPSSODescriptor></ns0:EntityDescriptor>
|
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM06Hx6VgHYR9wUf/tZVVTRkVWNq
|
||||||
|
h9x+PvHA2qH4OYMuqGs4Af6lU2YsZvnrmRdcFWv0+UkdAgXhReCWAZgtB1pd/W9m
|
||||||
|
6qDRldCCyysow6xPPKRz/pOTwRXm/fM0QGPeXzwzj34BXOIOuFu+n764vKn18d+u
|
||||||
|
uVAEzk1576pxTp4pQPzJfdNLrLeQ8vyCshoFU+MYJtp1UA+h2JoO0Y8oGvywbUxH
|
||||||
|
ioHN5PvnzObfAM4XaDQohmfxM9Uc7Wp4xKAc1nUq5hwBrHpjFMRSz6UCfMoJSGIi
|
||||||
|
+3xJMkNCjL0XEw5NKVc5jRKkzSkN5j8KTM/k1jPPsDHPRYzbWWhnNtd6JlkCAwEA
|
||||||
|
AaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0
|
||||||
|
ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFP2WWMDShux3iF74+SoO1xf6qhqaMB8G
|
||||||
|
A1UdIwQYMBaAFGjl6TRXbQDHzSlZu+e8VeBaZMB5MA0GCSqGSIb3DQEBBQUAA4IB
|
||||||
|
AQAZ/imK7UMognXbs5RfSB8cMW6iNAI+JZqe9XWjvtmLfIIPbHM96o953SiFvrvQ
|
||||||
|
BZjGmmPMK3UH29cjzDx1R/RQaYTyMrHyTePLh3BMd5mpJ/9eeJCSxPzE2ECqWRUa
|
||||||
|
pkjukecFXqmRItwgTxSIUE9QkpzvuQRb268PwmgroE0mwtiREADnvTFkLkdiEMew
|
||||||
|
fiYxZfJJLPBqwlkw/7f1SyzXoPXnz5QbNwDmrHelga6rKSprYKb3pueqaIe8j/AP
|
||||||
|
NC1/bzp8cGOcJ88BD5+Ny6qgPVCrMLE5twQumJ12V3SvjGNtzFBvg2c/9S5OmVqR
|
||||||
|
LlTxKnCrWAXftSm1rNtewTsF
|
||||||
|
</ds:X509Certificate></ds:X509Data>
|
||||||
|
</ds:KeyInfo>
|
||||||
|
</KeyDescriptor>
|
||||||
|
<KeyDescriptor use="encryption">
|
||||||
|
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||||
|
<ds:KeyValue>
|
||||||
|
MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEP
|
||||||
|
MA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczETMBEGA1UEChMKRW50cm91
|
||||||
|
dmVydDEPMA0GA1UEAxMGRGFtaWVuMB4XDTA2MTAyNzA5MDc1NFoXDTExMTAyNjA5
|
||||||
|
MDc1NFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMF
|
||||||
|
UGFyaXMxEzARBgNVBAoTCkVudHJvdXZlcnQxDzANBgNVBAMTBkRhbWllbjCCASIw
|
||||||
|
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM06Hx6VgHYR9wUf/tZVVTRkVWNq
|
||||||
|
h9x+PvHA2qH4OYMuqGs4Af6lU2YsZvnrmRdcFWv0+UkdAgXhReCWAZgtB1pd/W9m
|
||||||
|
6qDRldCCyysow6xPPKRz/pOTwRXm/fM0QGPeXzwzj34BXOIOuFu+n764vKn18d+u
|
||||||
|
uVAEzk1576pxTp4pQPzJfdNLrLeQ8vyCshoFU+MYJtp1UA+h2JoO0Y8oGvywbUxH
|
||||||
|
ioHN5PvnzObfAM4XaDQohmfxM9Uc7Wp4xKAc1nUq5hwBrHpjFMRSz6UCfMoJSGIi
|
||||||
|
+3xJMkNCjL0XEw5NKVc5jRKkzSkN5j8KTM/k1jPPsDHPRYzbWWhnNtd6JlkCAwEA
|
||||||
|
AaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0
|
||||||
|
ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFP2WWMDShux3iF74+SoO1xf6qhqaMB8G
|
||||||
|
A1UdIwQYMBaAFGjl6TRXbQDHzSlZu+e8VeBaZMB5MA0GCSqGSIb3DQEBBQUAA4IB
|
||||||
|
AQAZ/imK7UMognXbs5RfSB8cMW6iNAI+JZqe9XWjvtmLfIIPbHM96o953SiFvrvQ
|
||||||
|
BZjGmmPMK3UH29cjzDx1R/RQaYTyMrHyTePLh3BMd5mpJ/9eeJCSxPzE2ECqWRUa
|
||||||
|
pkjukecFXqmRItwgTxSIUE9QkpzvuQRb268PwmgroE0mwtiREADnvTFkLkdiEMew
|
||||||
|
fiYxZfJJLPBqwlkw/7f1SyzXoPXnz5QbNwDmrHelga6rKSprYKb3pueqaIe8j/AP
|
||||||
|
NC1/bzp8cGOcJ88BD5+Ny6qgPVCrMLE5twQumJ12V3SvjGNtzFBvg2c/9S5OmVqR
|
||||||
|
LlTxKnCrWAXftSm1rNtewTsF
|
||||||
|
</ds:KeyValue>
|
||||||
|
</ds:KeyInfo>
|
||||||
|
</KeyDescriptor>
|
||||||
|
|
||||||
|
<ArtifactResolutionService isDefault="true" index="0"
|
||||||
|
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
|
||||||
|
Location="http://idp5/artifact" />
|
||||||
|
<SingleLogoutService
|
||||||
|
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
|
||||||
|
Location="http://idp5/singleLogoutSOAP" />
|
||||||
|
<SingleLogoutService
|
||||||
|
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
|
||||||
|
Location="http://idp5/singleLogout"
|
||||||
|
ResponseLocation="http://idp5/singleLogoutReturn" />
|
||||||
|
<ManageNameIDService
|
||||||
|
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
|
||||||
|
Location="http://idp5/manageNameIdSOAP" />
|
||||||
|
<ManageNameIDService
|
||||||
|
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
|
||||||
|
Location="http://idp5/manageNameId"
|
||||||
|
ResponseLocation="http://idp5/manageNameIdReturn" />
|
||||||
|
<SingleSignOnService
|
||||||
|
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
|
||||||
|
Location="http://idp5/singleSignOn" />
|
||||||
|
<SingleSignOnService
|
||||||
|
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
|
||||||
|
Location="http://idp5/singleSignOnSOAP" />
|
||||||
|
</IDPSSODescriptor>
|
||||||
|
<AuthnAuthorityDescriptor
|
||||||
|
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
||||||
|
<AuthnQueryService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://idp6/authnQueryService"/>
|
||||||
|
<AssertionIDRequestService Binding="urn:oasis:names:tc:SAML:2.0:bindings:URI" Location="http://idp6/authnAuthAssertionIDRequestService"/>
|
||||||
|
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
|
||||||
|
</AuthnAuthorityDescriptor>
|
||||||
|
<PDPDescriptor
|
||||||
|
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
||||||
|
<AuthzService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://idp6/authzService"/>
|
||||||
|
<AssertionIDRequestService Binding="urn:oasis:names:tc:SAML:2.0:bindings:URI" Location="http://idp6/PDPAuthAssertionIDRequestService"/>
|
||||||
|
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:kerberos</NameIDFormat>
|
||||||
|
</PDPDescriptor>
|
||||||
|
<AttributeAuthorityDescriptor
|
||||||
|
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
||||||
|
<AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://idp6/attributeService"/>
|
||||||
|
<AssertionIDRequestService Binding="urn:oasis:names:tc:SAML:2.0:bindings:URI" Location="http://idp6/AttributeAuthAssertionIDRequestService"/>
|
||||||
|
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</NameIDFormat>
|
||||||
|
</AttributeAuthorityDescriptor>
|
||||||
|
<Organization>
|
||||||
|
<OrganizationName xml:lang="en">Entr'ouvert</OrganizationName>
|
||||||
|
</Organization>
|
||||||
|
|
||||||
|
</EntityDescriptor>
|
||||||
|
|
|
@ -0,0 +1,22 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEP
|
||||||
|
MA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczETMBEGA1UEChMKRW50cm91
|
||||||
|
dmVydDEPMA0GA1UEAxMGRGFtaWVuMB4XDTA2MTAyNzA5MDc1NFoXDTExMTAyNjA5
|
||||||
|
MDc1NFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMF
|
||||||
|
UGFyaXMxEzARBgNVBAoTCkVudHJvdXZlcnQxDzANBgNVBAMTBkRhbWllbjCCASIw
|
||||||
|
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM06Hx6VgHYR9wUf/tZVVTRkVWNq
|
||||||
|
h9x+PvHA2qH4OYMuqGs4Af6lU2YsZvnrmRdcFWv0+UkdAgXhReCWAZgtB1pd/W9m
|
||||||
|
6qDRldCCyysow6xPPKRz/pOTwRXm/fM0QGPeXzwzj34BXOIOuFu+n764vKn18d+u
|
||||||
|
uVAEzk1576pxTp4pQPzJfdNLrLeQ8vyCshoFU+MYJtp1UA+h2JoO0Y8oGvywbUxH
|
||||||
|
ioHN5PvnzObfAM4XaDQohmfxM9Uc7Wp4xKAc1nUq5hwBrHpjFMRSz6UCfMoJSGIi
|
||||||
|
+3xJMkNCjL0XEw5NKVc5jRKkzSkN5j8KTM/k1jPPsDHPRYzbWWhnNtd6JlkCAwEA
|
||||||
|
AaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0
|
||||||
|
ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFP2WWMDShux3iF74+SoO1xf6qhqaMB8G
|
||||||
|
A1UdIwQYMBaAFGjl6TRXbQDHzSlZu+e8VeBaZMB5MA0GCSqGSIb3DQEBBQUAA4IB
|
||||||
|
AQAZ/imK7UMognXbs5RfSB8cMW6iNAI+JZqe9XWjvtmLfIIPbHM96o953SiFvrvQ
|
||||||
|
BZjGmmPMK3UH29cjzDx1R/RQaYTyMrHyTePLh3BMd5mpJ/9eeJCSxPzE2ECqWRUa
|
||||||
|
pkjukecFXqmRItwgTxSIUE9QkpzvuQRb268PwmgroE0mwtiREADnvTFkLkdiEMew
|
||||||
|
fiYxZfJJLPBqwlkw/7f1SyzXoPXnz5QbNwDmrHelga6rKSprYKb3pueqaIe8j/AP
|
||||||
|
NC1/bzp8cGOcJ88BD5+Ny6qgPVCrMLE5twQumJ12V3SvjGNtzFBvg2c/9S5OmVqR
|
||||||
|
LlTxKnCrWAXftSm1rNtewTsF
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -0,0 +1,27 @@
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIIEowIBAAKCAQEAzTofHpWAdhH3BR/+1lVVNGRVY2qH3H4+8cDaofg5gy6oazgB
|
||||||
|
/qVTZixm+euZF1wVa/T5SR0CBeFF4JYBmC0HWl39b2bqoNGV0ILLKyjDrE88pHP+
|
||||||
|
k5PBFeb98zRAY95fPDOPfgFc4g64W76fvri8qfXx3665UATOTXnvqnFOnilA/Ml9
|
||||||
|
00ust5Dy/IKyGgVT4xgm2nVQD6HYmg7Rjyga/LBtTEeKgc3k++fM5t8AzhdoNCiG
|
||||||
|
Z/Ez1RztanjEoBzWdSrmHAGsemMUxFLPpQJ8yglIYiL7fEkyQ0KMvRcTDk0pVzmN
|
||||||
|
EqTNKQ3mPwpMz+TWM8+wMc9FjNtZaGc213omWQIDAQABAoIBAEPj5keHzWdBqiXX
|
||||||
|
38WnlPgv+M9afndCjDANTEYoh14OIUjWzlIe/ufd6HLkrVA89hkwgQbewbyQOT2C
|
||||||
|
YiSlQLl0PlKMCTIKIzVHD07HvXNTAwykEqNfTZChSYEa1/Ixre+MXvugF8nwdKxk
|
||||||
|
8xN0qXTQF6OXeVYvQNAAdng743YON4ubqKlEezIwnfG/jcoZrGkiTpx+k1JXJsZN
|
||||||
|
4dHKFP12RRhUTGjaOkBo41w8GNKQLFpy1vqAOYMyi1SJcrwpAu3H0iQug9SylQaM
|
||||||
|
bFjt8j/m13gu3zXIJbi8xbyg3nqpxl9dxcZG/cDA9z2tLu/h3G3nPq7CXvkZxmjl
|
||||||
|
ePvOCwECgYEA9zbwYMtd8tT3PHtrCtjwkfxV0dvMmfNw/rRT4ShWtKLmgX+K9nz/
|
||||||
|
T4qpbehz4z7OvsLjQ6Bt6wjMNMw9SEBeEMyDVTpmzSD2PowARegmeLX4CsilqHHl
|
||||||
|
/AMYUtywEQ2f65/CWPiMIt8mLnEyJ/dsyVLpuzGUNNt34Yaqpu2qXnUCgYEA1IUy
|
||||||
|
PObmTh3I8ZyESyGhbu2TYs0A8Zy6eTIAv0ijOIpmUykzjE5pR9sB3nYEd4GTHPEv
|
||||||
|
hF6SWfNIDDr83TqThJYzkFyXMCxiVLH55U42wlsvwp4jTnOI3K/7Y7U/lEmBlgcl
|
||||||
|
JbIIv1t9okg3+Kuu4i7iB6JR89cSO/Wfcdu/c9UCgYAHE5eF7cxeqyH4pT/HK7aX
|
||||||
|
NzXtr/EHZySQ5fCQvWrd+NvIUTJVI/ba/AklkEXg92dLpqCCyxDabYIK8N3AN7d5
|
||||||
|
m6EWy3kt3geueqt3VNHlGrBi/qNfUwNWV3BWzuJrWox9XjFeAp9gUCrzoWHiKv7+
|
||||||
|
NFVkemLXsICaABTaemsqEQKBgQDJJ4n1u1gieG7Kwqs1sg9rP9RRoFlUWFTogjvS
|
||||||
|
0p4r1lQkQstX8qAUM2gBeROhSjRFIMUpNZqxKWT4rpzJibg3tzP3YKx6HIi2Qf+W
|
||||||
|
3AFY1ZbPT397sj/JI4l/Rv93DFxr9TdkBq/g8GhqQpE3/sj5rgaj0zBe7SOFPWg+
|
||||||
|
DRGaQQKBgEEcSF5KmpIHnhi3WlfGiEtx3kcD63orKME0YYA5BM6wnmRT4QiSw+qj
|
||||||
|
i7ljrKGSbmdMFC3ArM42/k2lXYpVLsYWmyaRYSgbdowxLM1XxDJMFIPR2uG6N+vi
|
||||||
|
HzWkRxi2SXKU42vfs5eA0itHvQP2DfUx8VuvtwVbOxDGgntYia70
|
||||||
|
-----END RSA PRIVATE KEY-----
|
|
@ -17,7 +17,7 @@ idp = {
|
||||||
saml_attributes = {
|
saml_attributes = {
|
||||||
'name_id_format': lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT,
|
'name_id_format': lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT,
|
||||||
'name_id_content': 'x' * 32,
|
'name_id_content': 'x' * 32,
|
||||||
'issuer': 'https://cresson.entrouvert.org/idp/saml2/metadata',
|
'issuer': 'http://idp5/metadata',
|
||||||
'username': ['foobar'],
|
'username': ['foobar'],
|
||||||
'email': ['test@example.net'],
|
'email': ['test@example.net'],
|
||||||
'first_name': ['Foo'],
|
'first_name': ['Foo'],
|
||||||
|
|
|
@ -0,0 +1,102 @@
|
||||||
|
import os
|
||||||
|
import lasso
|
||||||
|
|
||||||
|
from pytest import fixture
|
||||||
|
|
||||||
|
from django.core.urlresolvers import reverse
|
||||||
|
|
||||||
|
from mellon.utils import create_metadata
|
||||||
|
|
||||||
|
|
||||||
|
@fixture
|
||||||
|
def idp_metadata():
|
||||||
|
return open('tests/metadata.xml').read()
|
||||||
|
|
||||||
|
|
||||||
|
@fixture
|
||||||
|
def idp_private_key():
|
||||||
|
return open('tests/idp-private-key.pem').read()
|
||||||
|
|
||||||
|
|
||||||
|
@fixture
|
||||||
|
def sp_private_key():
|
||||||
|
return open('tests/sp-private-key.pem').read()
|
||||||
|
|
||||||
|
|
||||||
|
@fixture
|
||||||
|
def public_key():
|
||||||
|
return open('tests/public-key.pem').read()
|
||||||
|
|
||||||
|
|
||||||
|
@fixture
|
||||||
|
def sp_settings(private_settings, idp_metadata, sp_private_key, public_key):
|
||||||
|
private_settings.MELLON_IDENTITY_PROVIDERS = [{
|
||||||
|
'METADATA': idp_metadata,
|
||||||
|
}]
|
||||||
|
private_settings.MELLON_PUBLIC_KEYS = [public_key]
|
||||||
|
private_settings.MELLON_PRIVATE_KEYS = [sp_private_key]
|
||||||
|
private_settings.MELLON_NAME_ID_POLICY_FORMAT = lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT
|
||||||
|
private_settings.LOGIN_REDIRECT_URL = '/'
|
||||||
|
return private_settings
|
||||||
|
|
||||||
|
|
||||||
|
@fixture
|
||||||
|
def sp_metadata(sp_settings, rf):
|
||||||
|
request = rf.get('/')
|
||||||
|
return create_metadata(request)
|
||||||
|
|
||||||
|
|
||||||
|
class MockIdp(object):
|
||||||
|
def __init__(self, idp_metadata, private_key, sp_metadata):
|
||||||
|
self.server = server = lasso.Server.newFromBuffers(idp_metadata, private_key)
|
||||||
|
server.addProviderFromBuffer(lasso.PROVIDER_ROLE_SP, sp_metadata)
|
||||||
|
|
||||||
|
def process_authn_request_redirect(self, url, auth_result=True, consent=True):
|
||||||
|
login = lasso.Login(self.server)
|
||||||
|
login.processAuthnRequestMsg(url.split('?', 1)[1])
|
||||||
|
try:
|
||||||
|
login.validateRequestMsg(auth_result, consent)
|
||||||
|
except lasso.LoginRequestDeniedError:
|
||||||
|
login.buildAuthnResponseMsg()
|
||||||
|
else:
|
||||||
|
login.buildAssertion(lasso.SAML_AUTHENTICATION_METHOD_PASSWORD,
|
||||||
|
"FIXME",
|
||||||
|
"FIXME",
|
||||||
|
"FIXME",
|
||||||
|
"FIXME")
|
||||||
|
login.buildAuthnResponseMsg()
|
||||||
|
return login.msgUrl, login.msgBody
|
||||||
|
|
||||||
|
|
||||||
|
@fixture
|
||||||
|
def idp(sp_settings, idp_metadata, idp_private_key, sp_metadata):
|
||||||
|
return MockIdp(idp_metadata, idp_private_key, sp_metadata)
|
||||||
|
|
||||||
|
|
||||||
|
def test_sso_slo(db, app, idp, caplog, sp_settings):
|
||||||
|
response = app.get(reverse('mellon_login'))
|
||||||
|
url, body = idp.process_authn_request_redirect(response['Location'])
|
||||||
|
assert url.endswith(reverse('mellon_login'))
|
||||||
|
response = app.post(reverse('mellon_login'), {'SAMLResponse': body})
|
||||||
|
assert 'created new user' in caplog.text()
|
||||||
|
assert 'logged in using SAML' in caplog.text()
|
||||||
|
assert response['Location'].endswith(sp_settings.LOGIN_REDIRECT_URL)
|
||||||
|
|
||||||
|
|
||||||
|
def test_sso(db, app, idp, caplog, sp_settings):
|
||||||
|
response = app.get(reverse('mellon_login'))
|
||||||
|
url, body = idp.process_authn_request_redirect(response['Location'])
|
||||||
|
assert url.endswith(reverse('mellon_login'))
|
||||||
|
response = app.post(reverse('mellon_login'), {'SAMLResponse': body})
|
||||||
|
assert 'created new user' in caplog.text()
|
||||||
|
assert 'logged in using SAML' in caplog.text()
|
||||||
|
assert response['Location'].endswith(sp_settings.LOGIN_REDIRECT_URL)
|
||||||
|
|
||||||
|
|
||||||
|
def test_sso_request_denied(db, app, idp, caplog, sp_settings):
|
||||||
|
response = app.get(reverse('mellon_login'))
|
||||||
|
url, body = idp.process_authn_request_redirect(response['Location'], auth_result=False)
|
||||||
|
assert url.endswith(reverse('mellon_login'))
|
||||||
|
response = app.post(reverse('mellon_login'), {'SAMLResponse': body})
|
||||||
|
assert "status is not success codes: [u'urn:oasis:names:tc:SAML:2.0:status:Responder',\
|
||||||
|
u'urn:oasis:names:tc:SAML:2.0:status:RequestDenied']" in caplog.text()
|
|
@ -170,7 +170,7 @@ def test_sp_initiated_login(private_settings, client):
|
||||||
response = client.get('/login/?next=%2Fwhatever')
|
response = client.get('/login/?next=%2Fwhatever')
|
||||||
assert response.status_code == 302
|
assert response.status_code == 302
|
||||||
params = parse_qs(urlparse(response['Location']).query)
|
params = parse_qs(urlparse(response['Location']).query)
|
||||||
assert response['Location'].startswith('https://cresson.entrouvert.org/idp/saml2/sso?')
|
assert response['Location'].startswith('http://idp5/singleSignOn?')
|
||||||
assert set(params.keys()) == set(['SAMLRequest', 'RelayState'])
|
assert set(params.keys()) == set(['SAMLRequest', 'RelayState'])
|
||||||
assert len(params['SAMLRequest']) == 1
|
assert len(params['SAMLRequest']) == 1
|
||||||
assert base64.b64decode(params['SAMLRequest'][0])
|
assert base64.b64decode(params['SAMLRequest'][0])
|
||||||
|
@ -182,13 +182,13 @@ def test_sp_initiated_login_chosen(private_settings, client):
|
||||||
'METADATA': open('tests/metadata.xml').read(),
|
'METADATA': open('tests/metadata.xml').read(),
|
||||||
}]
|
}]
|
||||||
qs = urlencode({
|
qs = urlencode({
|
||||||
'entityID': 'https://cresson.entrouvert.org/idp/saml2/metadata',
|
'entityID': 'http://idp5/metadata',
|
||||||
'next': '/whatever',
|
'next': '/whatever',
|
||||||
})
|
})
|
||||||
response = client.get('/login/?' + qs)
|
response = client.get('/login/?' + qs)
|
||||||
assert response.status_code == 302
|
assert response.status_code == 302
|
||||||
params = parse_qs(urlparse(response['Location']).query)
|
params = parse_qs(urlparse(response['Location']).query)
|
||||||
assert response['Location'].startswith('https://cresson.entrouvert.org/idp/saml2/sso?')
|
assert response['Location'].startswith('http://idp5/singleSignOn?')
|
||||||
assert set(params.keys()) == set(['SAMLRequest', 'RelayState'])
|
assert set(params.keys()) == set(['SAMLRequest', 'RelayState'])
|
||||||
assert len(params['SAMLRequest']) == 1
|
assert len(params['SAMLRequest']) == 1
|
||||||
assert base64.b64decode(params['SAMLRequest'][0])
|
assert base64.b64decode(params['SAMLRequest'][0])
|
||||||
|
@ -204,7 +204,7 @@ def test_sp_initiated_login_requested_authn_context(private_settings, client):
|
||||||
response = client.get('/login/')
|
response = client.get('/login/')
|
||||||
assert response.status_code == 302
|
assert response.status_code == 302
|
||||||
params = parse_qs(urlparse(response['Location']).query)
|
params = parse_qs(urlparse(response['Location']).query)
|
||||||
assert response['Location'].startswith('https://cresson.entrouvert.org/idp/saml2/sso?')
|
assert response['Location'].startswith('http://idp5/singleSignOn?')
|
||||||
assert params.keys() == ['SAMLRequest']
|
assert params.keys() == ['SAMLRequest']
|
||||||
assert len(params['SAMLRequest']) == 1
|
assert len(params['SAMLRequest']) == 1
|
||||||
assert base64.b64decode(params['SAMLRequest'][0])
|
assert base64.b64decode(params['SAMLRequest'][0])
|
||||||
|
@ -225,7 +225,7 @@ def test_malfortmed_artifact(private_settings, client, caplog):
|
||||||
|
|
||||||
@pytest.fixture
|
@pytest.fixture
|
||||||
def artifact():
|
def artifact():
|
||||||
entity_id = 'https://cresson.entrouvert.org/idp/saml2/metadata'
|
entity_id = 'http://idp5/metadata'
|
||||||
token = 'x' * 20
|
token = 'x' * 20
|
||||||
return base64.b64encode('\x00\x04\x00\x00' + hashlib.sha1(entity_id).digest() + token)
|
return base64.b64encode('\x00\x04\x00\x00' + hashlib.sha1(entity_id).digest() + token)
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,16 @@
|
||||||
|
import django
|
||||||
|
|
||||||
|
from django.conf.urls import patterns, url, include
|
||||||
|
from django.http import HttpResponse
|
||||||
|
|
||||||
|
|
||||||
|
def homepage(request):
|
||||||
|
return HttpResponse('ok')
|
||||||
|
|
||||||
|
urlpatterns = [
|
||||||
|
url('^', include('mellon.urls')),
|
||||||
|
url('^$', homepage, name='homepage'),
|
||||||
|
]
|
||||||
|
|
||||||
|
if django.VERSION < (1, 9):
|
||||||
|
urlpatterns = patterns('', *urlpatterns)
|
|
@ -12,9 +12,10 @@ DATABASES = {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
DEBUG = True
|
DEBUG = True
|
||||||
SECRET_KEY='xx'
|
SECRET_KEY = 'xx'
|
||||||
STATIC_URL = '/static/'
|
STATIC_URL = '/static/'
|
||||||
INSTALLED_APPS = ('mellon', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions')
|
INSTALLED_APPS = ('mellon', 'django.contrib.auth',
|
||||||
|
'django.contrib.contenttypes', 'django.contrib.sessions')
|
||||||
MIDDLEWARE_CLASSES = global_settings.MIDDLEWARE_CLASSES
|
MIDDLEWARE_CLASSES = global_settings.MIDDLEWARE_CLASSES
|
||||||
MIDDLEWARE_CLASSES += (
|
MIDDLEWARE_CLASSES += (
|
||||||
'django.contrib.sessions.middleware.SessionMiddleware',
|
'django.contrib.sessions.middleware.SessionMiddleware',
|
||||||
|
@ -23,11 +24,11 @@ MIDDLEWARE_CLASSES += (
|
||||||
AUTHENTICATION_BACKENDS = (
|
AUTHENTICATION_BACKENDS = (
|
||||||
'mellon.backends.SAMLBackend',
|
'mellon.backends.SAMLBackend',
|
||||||
)
|
)
|
||||||
ROOT_URLCONF = 'mellon.urls'
|
ROOT_URLCONF = 'urls_tests'
|
||||||
TEMPLATE_DIRS = [
|
TEMPLATE_DIRS = [
|
||||||
'tests/templates/',
|
'tests/templates/',
|
||||||
]
|
]
|
||||||
if django.VERSION >= (1,8):
|
if django.VERSION >= (1, 8):
|
||||||
TEMPLATES = [
|
TEMPLATES = [
|
||||||
{
|
{
|
||||||
'BACKEND': 'django.template.backends.django.DjangoTemplates',
|
'BACKEND': 'django.template.backends.django.DjangoTemplates',
|
||||||
|
|
Loading…
Reference in New Issue