diff --git a/tests/integration/README b/tests/integration/README new file mode 100644 index 00000000..5375a297 --- /dev/null +++ b/tests/integration/README @@ -0,0 +1,15 @@ +README for Lasso Integration Tests +================================== + +Requirements: + - twill (no Debian packages) + - nose (apt-get install python-nose) + - Authentic & LCS from Subversion and CVS + +Default configuration is to look for apps in their installation directories, +but it is also possible to run tests without installing anything. Example +of a config file is in tests/config.py.example (must be renamed to config.py to +be effective). + +Tests are run with nosetests from this directory. + diff --git a/tests/integration/private-key.pem b/tests/integration/private-key.pem new file mode 100644 index 00000000..0904a342 --- /dev/null +++ b/tests/integration/private-key.pem @@ -0,0 +1,27 @@ +0: idp-jks.keystore +1: lasso +2: changeit +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDIaGi1U6OYD4+VqfRshS6W+WQd +cy/ahimaeTnLddKdScwGT5I+QCkYHC+zl1rI4jqRygBVtVhI4tf8ts//QFyIkavJqUVWCyjKfU+k +4I6yPvgRjzLm4BV4N/I7AcGKBcp8dkzv6MOQGeHz6gABD27bT3RZeEfVaccLadqD0ouH+W8cxOY5 +1KY0e39sPrZOsprO9aeoRkpj5WO5v8XBq7rcwlcVLJaQTo9CMnMdQR+oMIsN3vwGtozJoPxt+WpJ +p8qPSTWcGPSxbfE9Tyjr0/Tx5Dh0pXDATvQ/b4p1mRbW3IYpR1sztwwRmDQDQ+Ogc6ySNsian3F3 +ANiD9thpbqvdAgMBAAECggEALsb4EcLo/3g6WoOl8qKPglvJu3oEZGxGT7EWBWCF/YKZJavzBaay +MNd7Zt7gKN1tMFRHCbpfVfvk0C7Xk8uxDYt63oItFe1a4xCmw2RKyl4aRvb2uZ76Q+pDFvTM+Otr +HOv7/0+EPiFcdTNcNuMkS/pavPtvQOgEtqxJfdVqDh2HnYfIBx7ex7oI5tE1Tag3bx8dpfYThENr +XfC04cBkprUreqhFX8TGX2kaWViCo4psfWue+zTYuBhxsu4HfxtgboKM0EqWvh89955KxQ9K1BXu +jUXPO0Ai6lpNlWrXsJ0KP6Mf9crzGN8OLuCU3dC/rzDzpddNoO6ATVy0NP8dYQKBgQDwcDw8aWBN +nxoUttizKBXQq5QpSU0+Bot3E8O97/ETnCZjyGtNuB0vUqqZY9mFmFu/y8medR86FRSA9nbNA57L +4oCb7sCgdOq9zC2QM3BfTeaTXQkFS8QuwfuBzIFdANVufnsZZ74e65a/Ae1zAZQqr1uFE8igwDs7 +JyVggv7pZQKBgQDVYOrF6hyFUuClFXUScvvT8H8NUpwtE5VGJI1pw2pzdHVJ6G5YBdPbAQcgY9Kb +jOjtEOnL+XQL2VSKIy9/6uWS6w5Utq01v95BmjIB5VJ/6W36dKL0bsdq3DR1HChTV2VqOlSSpXuQ +YzzVQEh4YQ8tiozlIFYQDZv5LLzS/tTNGQKBgQDU88MWCorGFP1njU6+1ukDaYQPUSH9ppRNgg7j +IinWIX4K8I7BRilrKX953erhnUDdzaOkGb3vlo4Tbrdn+yXhFJquATdQplzmf3l3d2e2sWtf542+ +yA1ZEGwu2S9WbQ+cDp/+r1i/UA+y2wUw0Bwn9ipL4mrWnYuYZ6J+KWeW1QKBgFZyMEtEYI+nFvnq +qoZx7RJdMav9FuawM166ekwp7lueB9KMhv/ERKNKVE/MAUwhl1BL9Nw9UMVoI/be8GR7jsypzCGH +7L6E4A9l3/KirHzD3lmEnWw34TSqx9nWMYQqOR0DSrYqste5TLD8nR+f+t0xb4l4Q0W3rcQSWuGE +ekQpAoGBAOKuwo0CGKgErHnlI2m1FhP7uCVCYKU1WZL1Jxvzktym9EzuiQfNKP8i7ahftIOAwZsL +tB/ZoENp38zgLUHfoJ7DUFrv7N6npWy7DQenHr7EqxuV+S4b5Qex2S7hg1EGaIr7TP1VuYJM/Sfs +YkOXUr/24CxZ3GyaVYN+Kr/HZg/i +-----END PRIVATE KEY----- diff --git a/tests/integration/public-key.pem b/tests/integration/public-key.pem new file mode 100644 index 00000000..4c440c9c --- /dev/null +++ b/tests/integration/public-key.pem @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGhotVOjmA+Plan0bIUu +lvlkHXMv2oYpmnk5y3XSnUnMBk+SPkApGBwvs5dayOI6kcoAVbVYSOLX/LbP/0Bc +iJGryalFVgsoyn1PpOCOsj74EY8y5uAVeDfyOwHBigXKfHZM7+jDkBnh8+oAAQ9u +2090WXhH1WnHC2nag9KLh/lvHMTmOdSmNHt/bD62TrKazvWnqEZKY+Vjub/Fwau6 +3MJXFSyWkE6PQjJzHUEfqDCLDd78BraMyaD8bflqSafKj0k1nBj0sW3xPU8o69P0 +8eQ4dKVwwE70P2+KdZkW1tyGKUdbM7cMEZg0A0PjoHOskjbImp9xdwDYg/bYaW6r +3QIDAQAB +-----END PUBLIC KEY----- diff --git a/tests/integration/saml2/__init__.py b/tests/integration/saml2/__init__.py new file mode 100644 index 00000000..41f79377 --- /dev/null +++ b/tests/integration/saml2/__init__.py @@ -0,0 +1,50 @@ +import sys +import os +import signal +import subprocess +import time +import twill + +AUTHENTIC_SRCDIR = '/usr/local/src/authentic' +AUTHENTICCTL = '/usr/sbin/authenticctl.py' +AUTHENTIC_DATA_DIR = '/usr/share/authentic/' +LCSCTL = '/usr/sbin/lcsctl.py' +LCS_DATADIR = '/usr/share/lcs/' + +try: + from config import * +except ImportError: + pass + +pids = [] + +def setup(): + if not os.path.exists(AUTHENTIC_SRCDIR): + print >> sys.stderr, 'Authentic source dir (%s) does not exist' % AUTHENTIC_SRCDIR + print >> sys.stderr, 'Create it or edit tests/config.py to match your local installation' + sys.exit(1) + + os.mkdir('/tmp/.tests') + sp = subprocess.Popen([AUTHENTICCTL, 'start', + '--app-dir', '/tmp/.tests/authentictests', + '--data-dir', AUTHENTIC_DATADIR, + '--extra', os.path.join(AUTHENTIC_SRCDIR, 'extra', 'conformance'), + '--port', '10001', '--http', '--silent']) + pids.append(sp.pid) + sp = subprocess.Popen([LCSCTL, 'start', + '--app-dir', '/tmp/.tests/lcstests', + '--data-dir', LCS_DATADIR, + '--port', '10002', '--http', '--silent']) + pids.append(sp.pid) + + time.sleep(2) # let process bind ports + + twill.commands.reset_browser() + twill.set_output(file('/dev/null', 'w')) + + +def teardown(): + for pid in pids: + os.kill(pid, signal.SIGTERM) + os.system('rm -rf /tmp/.tests/') + diff --git a/tests/integration/saml2/config.py.example b/tests/integration/saml2/config.py.example new file mode 100644 index 00000000..dd7d8b15 --- /dev/null +++ b/tests/integration/saml2/config.py.example @@ -0,0 +1,10 @@ +import os + +AUTHENTIC_SRCDIR = '/home/fred/src/eo/authentic/' +AUTHENTICCTL = os.path.join(AUTHENTIC_SRCDIR, 'authenticctl.py') +AUTHENTIC_DATADIR = os.path.join(AUTHENTIC_SRCDIR, 'data') + +LCS_SRCDIR = '/home/fred/src/eo/lasso-conformance-sp/' +LCSCTL = os.path.join(LCS_SRCDIR, 'lcsctl.py') +LCS_DATADIR = os.path.join(LCS_SRCDIR, 'data') + diff --git a/tests/integration/saml2/test_00_config.py b/tests/integration/saml2/test_00_config.py new file mode 100644 index 00000000..1ff286c1 --- /dev/null +++ b/tests/integration/saml2/test_00_config.py @@ -0,0 +1,54 @@ +import twill + +def test_config_authentic(): + '''Setting up Authentic metadata''' + twill.execute_string(''' +go http://localhost:10001/admin/settings/idp +formfile 1 privatekey private-key.pem +formfile 1 publickey public-key.pem +submit''') + +def test_create_users(): + '''Creating Authentic user''' + twill.execute_string(''' +go http://localhost:10001/admin/identities/new +fv 1 name Fred +fv 1 roles$element0 Administrator +fv 1 username fred +fv 1 password fred +submit submit''') + +def test_config_lcs(): + '''Setting up LCS metadata''' + twill.execute_string(''' +go http://localhost:10002/admin/settings/identification/ +fv 1 methods$elementidp true +submit +go http://localhost:10002/admin/settings/identification/idp/sp +formfile 1 privatekey private-key.pem +formfile 1 publickey public-key.pem +submit''') + +def test_config_authentic_providers(): + '''Adding LCS as service provider in Authentic''' + twill.execute_string(''' +go http://localhost:10001/login +fv 1 username fred +fv 1 password fred +submit + +go http://localhost:10001/admin/settings/liberty_providers/new_remote +showforms +fv 1 metadata_url http://localhost:10002/saml/metadata +submit +''') + +def test_config_lcs_providers(): + '''Adding Authentic as identity provider in LCS''' + twill.execute_string(''' +go http://localhost:10002/admin/settings/identification/idp/idp/new_remote +showforms +fv 1 metadata_url http://localhost:10001/saml/metadata +submit +''') + diff --git a/tests/integration/saml2/test_01_sso.py b/tests/integration/saml2/test_01_sso.py new file mode 100644 index 00000000..3d4b6cdb --- /dev/null +++ b/tests/integration/saml2/test_01_sso.py @@ -0,0 +1,45 @@ +import twill + +def test_sso_default(): + twill.commands.reset_browser() + twill.execute_string(''' +go http://localhost:10001 +save_html /tmp/haze.html +go http://localhost:10002 +submit +fv 1 username fred +fv 1 password fred +submit +#submit consent +url http://localhost:10002 +find 'Logged in' +''') + +def test_sso_post(): + twill.commands.reset_browser() + twill.execute_string(''' +go http://localhost:10002 +fv 1 binding POST +submit +fv 1 username fred +fv 1 password fred +submit +find 'You should be automaticaly' +submit +url http://localhost:10002 +find 'Logged in' +''') + +def test_sso_idp_initiated(): + twill.commands.reset_browser() + twill.execute_string(''' +go http://localhost:10001 +fv 1 username fred +fv 1 password fred +submit +fv 1 sp http-localhost-10002-saml-metadata +submit sso +url http://localhost:10002 +find 'Logged in' +''') + diff --git a/tests/integration/saml2/test_02_slo.py b/tests/integration/saml2/test_02_slo.py new file mode 100644 index 00000000..b5464d9e --- /dev/null +++ b/tests/integration/saml2/test_02_slo.py @@ -0,0 +1,95 @@ +import twill + +def test_sso_slo_initiated_by_sp_redirect(): + twill.commands.reset_browser() + twill.execute_string(''' +go http://localhost:10002 +submit +fv 1 username fred +fv 1 password fred +submit +url http://localhost:10002 +submit slo-redirect +url http://localhost:10002 +find 'Log on' +go http://localhost:10001 +find password +''') + +def test_sso_slo_initiated_by_sp_soap(): + twill.commands.reset_browser() + twill.execute_string(''' +go http://localhost:10002 +submit +fv 1 username fred +fv 1 password fred +submit +url http://localhost:10002 +submit slo-soap +url http://localhost:10002 +find 'Log on' +go http://localhost:10001 +find password +''') + + + +def test_sso_slo_initiated_by_idp_redirect(): + twill.commands.reset_browser() + twill.execute_string(''' +go http://localhost:10002 +submit +fv 1 username fred +fv 1 password fred +submit +url http://localhost:10002 +go http://localhost:10001 +save_html /tmp/a1.html +fv 2 slo 'Single Logout' +submit 'Single Logout' +url http://localhost:10001 +find password +go http://localhost:10002 +find 'Log on' +''') + +def test_sso_slo_initiated_by_idp_soap(): + twill.commands.reset_browser() + twill.execute_string(''' +go http://localhost:10002 +submit +fv 1 username fred +fv 1 password fred +submit +url http://localhost:10002 +go http://localhost:10001 +save_html /tmp/a1.html +fv 2 binding SOAP +fv 2 slo 'Single Logout' +submit 'Single Logout' +url http://localhost:10001 +find password +go http://localhost:10002 +find 'Log on' +''') + + +def test_sso_idp_initiated_then_slo_sp_soap(): + ### http://bugs.entrouvert.org/rapport-de-bug-pour-la-conformance-saml-2-0/8/ + twill.commands.reset_browser() + twill.execute_string(''' +go http://localhost:10001 +fv 1 username fred +fv 1 password fred +submit +fv 1 sp http-localhost-10002-saml-metadata +submit sso +url http://localhost:10002 +find 'Logged in' +submit slo-soap +url http://localhost:10002 +find 'Log on' +go http://localhost:10001 +find password +''') +