entrouvert
/
lasso
16
0
Fork 0
Code Issues Pull Requests Releases Activity

Python binding now raises exceptions instead of returning error codes. 

Close bug #237.
This commit is contained in:
Emmanuel Raviart 2004-08-04 19:55:17 +00:00
parent 3e411cc8ef
commit 6f48cba5e8
2 changed files with 170 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

198
python/lasso.py
View File

@ -39,16 +39,24 @@ _initialized = False
class Error(Exception):
code = None # Use negative error codes for binding specific errors.
msg = None
functionName = None
def __init__(self, msg=None):
if msg is not None:
self.msg = msg
def __init__(self, functionName):
self.functionName = functionName
def __str__(self):
return repr(self.msg)
class ErrorUnknown(Error):
def __init__(self, code, functionName):
ErrorUnknown.__init__(functionName)
self.code = code
def __str__(self):
return 'Unknown error number %d in Lasso function %s' % (self.code, self.functionName)
class ErrorLassoAlreadyInitialized(Error):
code = -1
msg = 'Lasso already initialized'
@ -61,17 +69,18 @@ class ErrorLassoNotInitialized(Error):
class ErrorInstanceCreationFailed(Error):
code = -3
functionName = None
def __init__(self, functionName):
self.functionName = functionName
def __str__(self, functionName):
return 'Instance creation failed in Lasso function %s()' % self.functionName
def newError(code, functionName):
# FIXME: Use proper ErrorClass, when Lasso will have well defined error codes.
return ErrorUnknown(code, functionName)
################################################################################
# Functions
# Initialization
################################################################################
@ -932,8 +941,9 @@ class Server:
new_from_dump = classmethod(new_from_dump)
def add_provider(self, metadata, public_key=None, certificate=None):
return lassomod.server_add_provider(self, metadata,
public_key, certificate)
errorCode = lassomod.server_add_provider(self, metadata, public_key, certificate)
if errorCode:
raise newError(errorCode, 'lasso_server_add_provider')
def dump(self):
return lassomod.server_dump(self)
@ -1075,16 +1085,24 @@ class Profile:
return lassomod.profile_is_session_dirty(self)
def set_identity(self, identity):
return lassomod.profile_set_identity(self, identity)
errorCode = lassomod.profile_set_identity(self, identity)
if errorCode:
raise newError(errorCode, 'lasso_profile_set_identity')
def set_identity_from_dump(self, dump):
return lassomod.profile_set_identity_from_dump(self, dump)
errorCode = lassomod.profile_set_identity_from_dump(self, dump)
if errorCode:
raise newError(errorCode, 'lasso_profile_set_identity_from_dump')
def set_session(self, session):
return lassomod.profile_set_session(self, session)
errorCode = lassomod.profile_set_session(self, session)
if errorCode:
raise newError(errorCode, 'lasso_profile_set_session')
def set_session_from_dump(self, dump):
return lassomod.profile_set_session_from_dump(self, dump)
errorCode = lassomod.profile_set_session_from_dump(self, dump)
if errorCode:
raise newError(errorCode, 'lasso_profile_set_session_from_dump')
## login
loginProtocolProfileBrwsArt = 1
@ -1145,51 +1163,70 @@ class Login(Profile):
new_from_dump = classmethod(new_from_dump)
def accept_sso(self):
return lassomod.login_accept_sso(self)
errorCode = lassomod.login_accept_sso(self)
if errorCode:
raise newError(errorCode, 'lasso_login_accept_sso')
def build_artifact_msg(self, authentication_result, authenticationMethod,
reauthenticateOnOrAfter, method):
return lassomod.login_build_artifact_msg(self, authentication_result,
authenticationMethod,
reauthenticateOnOrAfter,
method)
errorCode = lassomod.login_build_artifact_msg(
self, authentication_result, authenticationMethod, reauthenticateOnOrAfter, method)
if errorCode:
raise newError(errorCode, 'lasso_login_build_artifact_msg')
def build_authn_request_msg(self):
return lassomod.login_build_authn_request_msg(self)
errorCode = lassomod.login_build_authn_request_msg(self)
if errorCode:
raise newError(errorCode, 'lasso_login_build_authn_request_msg')
def build_authn_response_msg(self, authentication_result, authenticationMethod,
reauthenticateOnOrAfter):
return lassomod.login_build_authn_response_msg(self, authentication_result,
authenticationMethod,
reauthenticateOnOrAfter)
errorCode = lassomod.login_build_authn_response_msg(
self, authentication_result, authenticationMethod, reauthenticateOnOrAfter)
if errorCode:
raise newError(errorCode, 'lasso_login_build_authn_response_msg')
def build_request_msg(self):
return lassomod.login_build_request_msg(self)
errorCode = lassomod.login_build_request_msg(self)
if errorCode:
raise newError(errorCode, 'lasso_login_build_request_msg')
def dump(self):
return lassomod.login_dump(self)
def init_authn_request(self, remote_providerID):
return lassomod.login_init_authn_request(self, remote_providerID)
errorCode = lassomod.login_init_authn_request(self, remote_providerID)
if errorCode:
raise newError(errorCode, 'lasso_login_init_authn_request')
def init_from_authn_request_msg(self, authn_request_msg, authn_request_method):
return lassomod.login_init_from_authn_request_msg(self, authn_request_msg,
authn_request_method)
errorCode = lassomod.login_init_from_authn_request_msg(
self, authn_request_msg, authn_request_method)
if errorCode:
raise newError(errorCode, 'lasso_login_init_from_authn_request_msg')
def init_request(self, response_msg, response_method):
return lassomod.login_init_request(self, response_msg, response_method)
errorCode = lassomod.login_init_request(self, response_msg, response_method)
if errorCode:
raise newError(errorCode, 'lasso_login_init_request')
def must_authenticate(self):
return lassomod.login_must_authenticate(self)
def process_authn_response_msg(self, authn_response_msg):
return lassomod.login_process_authn_response_msg(self, authn_response_msg)
errorCode = lassomod.login_process_authn_response_msg(self, authn_response_msg)
if errorCode:
raise newError(errorCode, 'lasso_login_process_authn_response_msg')
def process_request_msg(self, request_msg):
return lassomod.login_process_request_msg(self, request_msg)
errorCode = lassomod.login_process_request_msg(self, request_msg)
if errorCode:
raise newError(errorCode, 'lasso_login_process_request_msg')
def process_response_msg(self, response_msg):
return lassomod.login_process_response_msg(self, response_msg)
errorCode = lassomod.login_process_response_msg(self, response_msg)
if errorCode:
raise newError(errorCode, 'lasso_login_process_response_msg')
providerTypeNone = 0
@ -1233,10 +1270,14 @@ class Logout(Profile):
new = classmethod(new)
def build_request_msg(self):
return lassomod.logout_build_request_msg(self)
errorCode = lassomod.logout_build_request_msg(self)
if errorCode:
raise newError(errorCode, 'lasso_logout_build_request_msg')
def build_response_msg(self):
return lassomod.logout_build_response_msg(self)
errorCode = lassomod.logout_build_response_msg(self)
if errorCode:
raise newError(errorCode, 'lasso_logout_build_response_msg')
def destroy(self):
lassomod.logout_destroy(self);
@ -1245,16 +1286,24 @@ class Logout(Profile):
return lassomod.logout_get_next_providerID(self);
def init_request(self, remote_providerID = None):
return lassomod.logout_init_request(self, remote_providerID);
errorCode = lassomod.logout_init_request(self, remote_providerID);
if errorCode:
raise newError(errorCode, 'lasso_logout_init_request')
def process_request_msg(self, request_msg, request_method):
return lassomod.logout_process_request_msg(self, request_msg, request_method);
errorCode = lassomod.logout_process_request_msg(self, request_msg, request_method);
if errorCode:
raise newError(errorCode, 'lasso_logout_process_request_msg')
def validate_request(self):
return lassomod.logout_validate_request(self);
errorCode = lassomod.logout_validate_request(self);
if errorCode:
raise newError(errorCode, 'lasso_logout_validate_request')
def process_response_msg(self, response_msg, response_method):
return lassomod.logout_process_response_msg(self, response_msg, response_method);
errorCode = lassomod.logout_process_response_msg(self, response_msg, response_method);
if errorCode:
raise newError(errorCode, 'lasso_logout_process_response_msg')
class FederationTermination(Profile):
"""\brief Short desc
@ -1292,19 +1341,28 @@ class FederationTermination(Profile):
new = classmethod(new)
def build_notification_msg(self):
return lassomod.federation_termination_build_notification_msg(self)
errorCode = lassomod.federation_termination_build_notification_msg(self)
if errorCode:
raise newError(errorCode, 'lasso_federation_termination_build_notification_msg')
def destroy(self):
lassomod.federation_termination_destroy(self)
def init_notification(self, remote_providerID = None):
return lassomod.federation_termination_init_notification(self, remote_providerID)
errorCode = lassomod.federation_termination_init_notification(self, remote_providerID)
if errorCode:
raise newError(errorCode, 'lasso_federation_termination_init_notification')
def load_notification_msg(self, notification_msg, notification_method):
return lassomod.federation_termination_load_notification_msg(self, notification_msg, notification_method)
errorCode = lassomod.federation_termination_load_notification_msg(
self, notification_msg, notification_method)
if errorCode:
raise newError(errorCode, 'lasso_federation_termination_load_notification_msg')
def process_notification(self):
return lassomod.federation_termination_process_notification(self)
errorCode = lassomod.federation_termination_process_notification(self)
if errorCode:
raise newError(errorCode, 'lasso_federation_termination_process_notification')
class RegisterNameIdentifier:
@ -1338,22 +1396,33 @@ class RegisterNameIdentifier:
new = classmethod(new)
def build_request_msg(self):
return lassomod.register_name_identifier_build_request_msg(self)
errorCode = lassomod.register_name_identifier_build_request_msg(self)
if errorCode:
raise newError(errorCode, 'lasso_register_name_identifier_build_request_msg')
def build_response_msg(self):
return lassomod.register_name_identifier_build_response_msg(self)
errorCode = lassomod.register_name_identifier_build_response_msg(self)
if errorCode:
raise newError(errorCode, 'lasso_register_name_identifier_build_response_msg')
def destroy(self):
pass
def init_request(self, remote_providerID):
return lassomod.register_name_identifier_init_request(self, remote_providerID)
errorCode = lassomod.register_name_identifier_init_request(self, remote_providerID)
if errorCode:
raise newError(errorCode, 'lasso_register_name_identifier_init_request')
def process_request(self):
return lassomod.register_name_identifier_process_request(self)
errorCode = lassomod.register_name_identifier_process_request(self)
if errorCode:
raise newError(errorCode, 'lasso_register_name_identifier_process_request')
def process_response_msg(self, response_msg, response_method):
return lassomod.register_name_identifier_process_response_msg(self, response_msg, response_method)
errorCode = lassomod.register_name_identifier_process_response_msg(
self, response_msg, response_method)
if errorCode:
raise newError(errorCode, 'lasso_register_name_identifier_process_response_msg')
class Lecp:
"""\brief Short desc
@ -1388,31 +1457,48 @@ class Lecp:
new = classmethod(new)
def build_authn_request_envelope_msg(self):
return lassomod.lecp_build_authn_request_envelope_msg(self)
errorCode = lassomod.lecp_build_authn_request_envelope_msg(self)
if errorCode:
raise newError(errorCode, 'lasso_lecp_build_authn_request_envelope_msg')
def build_authn_response_envelope_msg(self):
return lassomod.lecp_build_authn_response_envelope_msg(self)
errorCode = lassomod.lecp_build_authn_response_envelope_msg(self)
if errorCode:
raise newError(errorCode, 'lasso_lecp_build_authn_response_envelope_msg')
def build_authn_request_msg(self):
return lassomod.lecp_build_authn_request_msg(self)
errorCode = lassomod.lecp_build_authn_request_msg(self)
if errorCode:
raise newError(errorCode, 'lasso_lecp_build_authn_request_msg')
def build_authn_response_msg(self):
return lassomod.lecp_build_authn_response_msg(self)
errorCode = lassomod.lecp_build_authn_response_msg(self)
if errorCode:
raise newError(errorCode, 'lasso_lecp_build_authn_response_msg')
def destroy(self):
lassomod.lecp_destroy(self)
def init_authn_request(self, remote_providerID):
return lassomod.lecp_init_authn_request(self, remote_providerID)
errorCode = lassomod.lecp_init_authn_request(self, remote_providerID)
if errorCode:
raise newError(errorCode, 'lasso_lecp_init_authn_request')
def init_from_authn_request_msg(self, authn_request_msg, authn_request_method):
return lassomod.lecp_init_from_authn_request_msg(self, authn_request_msg, authn_request_method)
errorCode = lassomod.lecp_init_from_authn_request_msg(
self, authn_request_msg, authn_request_method)
if errorCode:
raise newError(errorCode, 'lasso_lecp_init_from_authn_request_msg')
def process_authn_request_envelope_msg(self, request_msg):
return lassomod.lecp_process_authn_request_envelope_msg(self, request_msg)
errorCode = lassomod.lecp_process_authn_request_envelope_msg(self, request_msg)
if errorCode:
raise newError(errorCode, 'lasso_lecp_process_authn_request_envelope_msg')
def process_authn_response_envelope_msg(self, response_msg):
return lassomod.lecp_process_authn_response_envelope_msg(self, response_msg)
errorCode = lassomod.lecp_process_authn_response_envelope_msg(self, response_msg)
if errorCode:
raise newError(errorCode, 'lasso_lecp_process_authn_response_envelope_msg')
if not _initialized:

87
python/tests/login_tests.py
View File

@ -39,7 +39,6 @@ import lasso
class TestCase(unittest.TestCase):
def generateIdpServer(self):
idpServer = lasso.Server.new_from_dump(self.generateIdpServerDump())
self.failUnless(idpServer)
return idpServer
def generateIdpServerDump(self):
@ -49,12 +48,10 @@ class TestCase(unittest.TestCase):
"../../examples/data/idp-private-key.pem",
"../../examples/data/idp-crt.pem",
lasso.signatureMethodRsaSha1)
self.failUnless(idpServer)
errorCode = idpServer.add_provider(
idpServer.add_provider(
"../../examples/data/sp-metadata.xml",
"../../examples/data/sp-public-key.pem",
"../../examples/data/ca-crt.pem")
self.failUnlessEqual(errorCode, 0)
idpServerDump = idpServer.dump()
self.failUnless(idpServerDump)
idpServer.destroy()
@ -62,7 +59,6 @@ class TestCase(unittest.TestCase):
def generateSpServer(self):
spServer = lasso.Server.new_from_dump(self.generateSpServerDump())
self.failUnless(spServer)
return spServer
def generateSpServerDump(self):
@ -72,12 +68,10 @@ class TestCase(unittest.TestCase):
"../../examples/data/sp-private-key.pem",
"../../examples/data/sp-crt.pem",
lasso.signatureMethodRsaSha1)
self.failUnless(spServer)
errorCode = spServer.add_provider(
spServer.add_provider(
"../../examples/data/idp-metadata.xml",
"../../examples/data/idp-public-key.pem",
"../../examples/data/ca-crt.pem")
self.failUnlessEqual(errorCode, 0)
spServerDump = spServer.dump()
self.failUnless(spServerDump)
spServer.destroy()
@ -94,22 +88,19 @@ class LoginTestCase(TestCase):
def idpSingleSignOnForRedirect(self, authnRequestQuery, identityDump, sessionDump):
idpServer = self.generateIdpServer()
idpLogin = lasso.Login.new(idpServer)
self.failUnless(idpLogin)
if identityDump is not None:
idpLogin.set_identity_from_dump(identityDump)
if sessionDump is not None:
idpLogin.set_session_from_dump(sessionDump)
errorCode = idpLogin.init_from_authn_request_msg(
idpLogin.init_from_authn_request_msg(
authnRequestQuery, lasso.httpMethodRedirect)
self.failUnlessEqual(errorCode, 0)
return idpLogin
def idpSingleSignOn_part2ForArtifactRedirect(
self, idpLogin, userAuthenticated, authenticationMethod):
errorCode = idpLogin.build_artifact_msg(
idpLogin.build_artifact_msg(
userAuthenticated, authenticationMethod, "FIXME: reauthenticateOnOrAfter",
lasso.httpMethodRedirect)
self.failUnlessEqual(errorCode, 0)
idpIdentityDump = idpLogin.get_identity().dump()
self.failUnless(idpIdentityDump)
self.failUnless(idpLogin.is_session_dirty())
@ -130,9 +121,7 @@ class LoginTestCase(TestCase):
self.failUnlessEqual(requestType, lasso.requestTypeLogin)
idpServer = self.generateIdpServer()
idpLogin = lasso.Login.new(idpServer)
self.failUnless(idpLogin)
errorCode = idpLogin.process_request_msg(soapRequestMsg)
self.failUnlessEqual(errorCode, 0)
idpLogin.process_request_msg(soapRequestMsg)
artifact = idpLogin.assertionArtifact
self.failUnless(artifact)
return idpLogin
@ -142,9 +131,7 @@ class LoginTestCase(TestCase):
self.failUnlessEqual(requestType, lasso.requestTypeLogout)
idpServer = self.generateIdpServer()
idpLogout = lasso.Logout.new(idpServer, lasso.providerTypeIdp)
self.failUnless(idpLogout)
errorCode = idpLogout.process_request_msg(soapRequestMsg, lasso.httpMethodSoap)
self.failUnlessEqual(errorCode, 0)
idpLogout.process_request_msg(soapRequestMsg, lasso.httpMethodSoap)
nameIdentifier = idpLogout.nameIdentifier
self.failUnless(nameIdentifier)
return idpLogout
@ -154,8 +141,7 @@ class LoginTestCase(TestCase):
idpLogout.set_identity_from_dump(identityDump)
if sessionDump is not None:
idpLogout.set_session_from_dump(sessionDump)
errorCode = idpLogout.validate_request()
self.failUnlessEqual(errorCode, 0)
idpLogout.validate_request()
idpIdentityDump = idpLogout.get_identity().dump()
self.failUnless(idpIdentityDump)
self.failUnless(idpLogout.is_session_dirty())
@ -167,8 +153,7 @@ class LoginTestCase(TestCase):
# FIXME: Handle the case where there are authentication assertions for other service
# providers.
self.failUnlessEqual(idpLogout.get_next_providerID(), None)
errorCode = idpLogout.build_response_msg()
self.failUnlessEqual(errorCode, 0)
idpLogout.build_response_msg()
soapResponseMsg = idpLogout.msg_body
self.failUnless(soapResponseMsg)
return idpLogout
@ -176,10 +161,8 @@ class LoginTestCase(TestCase):
def spAssertionConsumerForRedirect(self, responseQuery):
spServer = self.generateSpServer()
spLogin = lasso.Login.new(spServer)
errorCode = spLogin.init_request(responseQuery, lasso.httpMethodRedirect)
self.failUnlessEqual(errorCode, 0)
errorCode = spLogin.build_request_msg()
self.failUnlessEqual(errorCode, 0)
spLogin.init_request(responseQuery, lasso.httpMethodRedirect)
spLogin.build_request_msg()
soapEndpoint = spLogin.msg_url
self.failUnless(soapEndpoint)
soapRequestMsg = spLogin.msg_body
@ -187,8 +170,7 @@ class LoginTestCase(TestCase):
return spLogin
def spAssertionConsumer_part2(self, spLogin, soapResponseMsg):
errorCode = spLogin.process_response_msg(soapResponseMsg)
self.failUnlessEqual(errorCode, 0)
spLogin.process_response_msg(soapResponseMsg)
nameIdentifier = spLogin.nameIdentifier
self.failUnless(nameIdentifier)
return spLogin
@ -198,8 +180,7 @@ class LoginTestCase(TestCase):
spLogin.set_identity_from_dump(identityDump)
if sessionDump is not None:
spLogin.set_session_from_dump(sessionDump)
errorCode = spLogin.accept_sso()
self.failUnlessEqual(errorCode, 0)
spLogin.accept_sso()
spIdentity = spLogin.get_identity()
self.failUnless(spIdentity)
spIdentityDump = spIdentity.dump()
@ -216,18 +197,15 @@ class LoginTestCase(TestCase):
def spLoginForRedirect(self):
spServer = self.generateSpServer()
spLogin = lasso.Login.new(spServer)
self.failUnless(spLogin)
errorCode = spLogin.init_authn_request(
spLogin.init_authn_request(
"https://identity-provider:1998/liberty-alliance/metadata")
self.failUnlessEqual(errorCode, 0)
self.failUnlessEqual(spLogin.request_type, lasso.messageTypeAuthnRequest)
spLogin.request.set_isPassive(False)
spLogin.request.set_nameIDPolicy(lasso.libNameIDPolicyTypeFederated)
spLogin.request.set_consent(lasso.libConsentObtained)
relayState = "fake"
spLogin.request.set_relayState(relayState)
errorCode = spLogin.build_authn_request_msg()
self.failUnlessEqual(errorCode, 0)
spLogin.build_authn_request_msg()
authnRequestUrl = spLogin.msg_url
self.failUnless(authnRequestUrl)
return spLogin
@ -235,15 +213,12 @@ class LoginTestCase(TestCase):
def spLogoutForSoap(self, spIdentityDump, spSessionDump):
spServer = self.generateSpServer()
spLogout = lasso.Logout.new(spServer, lasso.providerTypeSp)
self.failUnless(spLogout)
if spIdentityDump is not None:
spLogout.set_identity_from_dump(spIdentityDump)
if spSessionDump is not None:
spLogout.set_session_from_dump(spSessionDump)
errorCode = spLogout.init_request()
self.failUnlessEqual(errorCode, 0)
errorCode = spLogout.build_request_msg()
self.failUnlessEqual(errorCode, 0)
spLogout.init_request()
spLogout.build_request_msg()
soapEndpoint = spLogout.msg_url
self.failUnless(soapEndpoint)
soapRequestMsg = spLogout.msg_body
@ -251,8 +226,7 @@ class LoginTestCase(TestCase):
return spLogout
def spLogoutForSoap_part2(self, spLogout, soapResponseMsg):
errorCode = spLogout.process_response_msg(soapResponseMsg, lasso.httpMethodSoap)
self.failUnlessEqual(errorCode, 0)
spLogout.process_response_msg(soapResponseMsg, lasso.httpMethodSoap)
self.failIf(spLogout.is_identity_dirty())
spIdentity = spLogout.get_identity()
self.failUnless(spIdentity)
@ -285,7 +259,6 @@ class LoginTestCase(TestCase):
authenticationMethod = lasso.samlAuthenticationMethodPassword
idpServer = self.generateIdpServer()
idpLogin = lasso.Login.new_from_dump(idpServer, idpLoginDump)
self.failUnless(idpLogin)
self.failUnlessEqual(idpLogin.protocolProfile, lasso.loginProtocolProfileBrwsArt)
idpLogin = self.idpSingleSignOn_part2ForArtifactRedirect(
idpLogin, userAuthenticated, authenticationMethod)
@ -373,7 +346,7 @@ class LoginTestCase(TestCase):
idpIdentityDump = """\
<LassoIdentity><LassoFederations><LassoFederation RemoteProviderID="https://service-provider:2003/liberty-alliance/metadata"><LassoLocalNameIdentifier><saml:NameIdentifier xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" NameQualifier="https://identity-provider:1998/liberty-alliance/metadata" Format="urn:liberty:iff:nameid:federated">NjMxMEMzRTlEMDA4NTNEMEZGNDI1MEM0QzY4NUNBNzY=</saml:NameIdentifier></LassoLocalNameIdentifier></LassoFederation></LassoFederations></LassoIdentity>
""".strip()
self.failUnlessEqual(idpLogin.set_identity_from_dump(idpIdentityDump), 0)
idpLogin.set_identity_from_dump(idpIdentityDump)
idpSessionDump = """
<LassoSession><LassoAssertions><LassoAssertion RemoteProviderID="https://service-provider:2003/liberty-alliance/metadata"><lib:Assertion xmlns:lib="urn:liberty:iff:2003-08" AssertionID="Q0QxQzNFRTVGRTZEM0M0RjY2MTZDNTEwOUY4MDQzRTI=" MajorVersion="1" MinorVersion="2" IssueInstance="2004-08-02T18:51:43Z" Issuer="https://identity-provider:1998/liberty-alliance/metadata" InResponseTo="OEQ0OEUzODhGRTdGMEVFMzQ5Q0Q0QzYzQjk4MjUwNjQ="><lib:AuthenticationStatement xmlns:lib="urn:liberty:iff:2003-08" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password" AuthenticationInstant="2004-08-02T18:51:43Z" ReauthenticateOnOrAfter="FIXME: reauthenticateOnOrAfter"><lib:Subject xmlns:lib="urn:liberty:iff:2003-08"><saml:NameIdentifier xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" NameQualifier="https://identity-provider:1998/liberty-alliance/metadata" Format="urn:liberty:iff:nameid:federated">NjMxMEMzRTlEMDA4NTNEMEZGNDI1MEM0QzY4NUNBNzY=</saml:NameIdentifier><lib:IDPProvidedNameIdentifier xmlns:lib="urn:liberty:iff:2003-08" NameQualifier="https://identity-provider:1998/liberty-alliance/metadata" Format="urn:liberty:iff:nameid:federated">NjMxMEMzRTlEMDA4NTNEMEZGNDI1MEM0QzY4NUNBNzY=</lib:IDPProvidedNameIdentifier><saml:SubjectConfirmation xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"><saml:SubjectConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:SubjectConfirmationMethod></saml:SubjectConfirmation></lib:Subject></lib:AuthenticationStatement><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
@ -417,11 +390,10 @@ jFL7NhzvY02aBTLhm22YOLYnlycKm64NGne+siooDCi5tel2/vcx+e+btX9x</X509Certificate>
</Signature></lib:Assertion></LassoAssertion></LassoAssertions></LassoSession>
""".strip()
# " <-- Trick for Emacs Python mode.
self.failUnlessEqual(idpLogin.set_session_from_dump(idpSessionDump), 0)
idpLogin.set_session_from_dump(idpSessionDump)
authnRequestQuery = """NameIDPolicy=federated&IsPassive=false&ProviderID=https%3A%2F%2Fservice-provider%3A2003%2Fliberty-alliance%2Fmetadata&consent=urn%3Aliberty%3Aconsent%3Aobtained&IssueInstance=2004-08-02T20%3A33%3A58Z&MinorVersion=2&MajorVersion=1&RequestID=ODVGNkUyMzY5N0MzOTY4QzZGOUYyNzEwRTJGMUNCQTI%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=fnSL5Mgp%2BV%2FtdUuYQJmFKvFY8eEco6sypmejvP4sD0v5ApywV94mUo6BxE29o1KW%0AGFXiMG7puhTwRSlKDo1vlh5iHNqVfjKcbx2XhfoDfplqLir102dyHxB5GedEQvqw%0AbTFtFrB6SnHi5facrYHCn7b58CxAWv9XW4DIfcVCOSma2OOBCm%2FzzCSiZpOtbRk9%0AveQzace41tDW0XLlbRdWpvwsma0yaYSkqYvTV3hmvgkWS5x9lzcm97oME4ywzwbU%0AJAyG8BkqMFoG7FPjwzR8qh7%2FWi%2BCzxxqfczxSGkUZUmsQdxyxazjhDpt1X8i5fan%0AnaF1vWF3GmS6G4t7mrkItA%3D%3D"""
method = lasso.httpMethodRedirect
self.failUnlessEqual(
idpLogin.init_from_authn_request_msg(authnRequestQuery, method), 0)
idpLogin.init_from_authn_request_msg(authnRequestQuery, method)
self.failIf(idpLogin.must_authenticate())
userAuthenticated = True
authenticationMethod = lasso.samlAuthenticationMethodPassword
@ -483,14 +455,12 @@ CGb/HRUx5EPgbIy52G224ITlQWadD1Z6y4PFTowDjkaRVerjUVRJZ/a5QVNsI4Du
requestType = lasso.get_request_type_from_soap_msg(soapRequestMessage)
self.failUnlessEqual(requestType, lasso.requestTypeLogout)
idpLogout = lasso.Logout.new(idpServer, lasso.providerTypeIdp)
self.failUnless(idpLogout)
self.failUnlessEqual(
idpLogout.process_request_msg(soapRequestMessage, lasso.httpMethodSoap), 0)
idpLogout.process_request_msg(soapRequestMessage, lasso.httpMethodSoap)
self.failUnless(idpLogout.nameIdentifier)
idpIdentityDump = """\
<LassoIdentity><LassoFederations><LassoFederation RemoteProviderID="https://service-provider:2003/liberty-alliance/metadata"><LassoLocalNameIdentifier><saml:NameIdentifier xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" NameQualifier="https://identity-provider:1998/liberty-alliance/metadata" Format="urn:liberty:iff:nameid:federated">QkM3M0M4MTYxREQzNEYwNEI4M0I4MUVERDUyQUUyMjA=</saml:NameIdentifier></LassoLocalNameIdentifier></LassoFederation></LassoFederations></LassoIdentity>
""".strip()
self.failUnlessEqual(idpLogout.set_identity_from_dump(idpIdentityDump), 0)
idpLogout.set_identity_from_dump(idpIdentityDump)
self.failUnlessEqual(idpLogout.get_identity().dump(), idpIdentityDump)
idpSessionDump = """
<LassoSession><LassoAssertions><LassoAssertion RemoteProviderID="https://service-provider:2003/liberty-alliance/metadata"><lib:Assertion xmlns:lib="urn:liberty:iff:2003-08" AssertionID="QUVENUJCNzRFOUQ3MEZFNEYzNUUwQTA5OTRGMEYzMDg=" MajorVersion="1" MinorVersion="2" IssueInstance="2004-08-03T11:55:55Z" Issuer="https://identity-provider:1998/liberty-alliance/metadata" InResponseTo="N0VEQzE0QUE1NTYwQTAzRjk4Njk3Q0JCRUU0RUZCQkY="><lib:AuthenticationStatement xmlns:lib="urn:liberty:iff:2003-08" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password" AuthenticationInstant="2004-08-03T11:55:55Z" ReauthenticateOnOrAfter="FIXME: reauthenticateOnOrAfter"><lib:Subject xmlns:lib="urn:liberty:iff:2003-08"><saml:NameIdentifier xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" NameQualifier="https://identity-provider:1998/liberty-alliance/metadata" Format="urn:liberty:iff:nameid:federated">QkM3M0M4MTYxREQzNEYwNEI4M0I4MUVERDUyQUUyMjA=</saml:NameIdentifier><lib:IDPProvidedNameIdentifier xmlns:lib="urn:liberty:iff:2003-08" NameQualifier="https://identity-provider:1998/liberty-alliance/metadata" Format="urn:liberty:iff:nameid:federated">QkM3M0M4MTYxREQzNEYwNEI4M0I4MUVERDUyQUUyMjA=</lib:IDPProvidedNameIdentifier><saml:SubjectConfirmation xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"><saml:SubjectConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:SubjectConfirmationMethod></saml:SubjectConfirmation></lib:Subject></lib:AuthenticationStatement><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
@ -535,15 +505,15 @@ jFL7NhzvY02aBTLhm22YOLYnlycKm64NGne+siooDCi5tel2/vcx+e+btX9x</X509Certificate>
</Signature></lib:Assertion></LassoAssertion></LassoAssertions></LassoSession>
""".strip()
# " <-- Trick for Emacs Python mode.
self.failUnlessEqual(idpLogout.set_session_from_dump(idpSessionDump), 0)
idpLogout.set_session_from_dump(idpSessionDump)
self.failUnlessEqual(idpLogout.get_session().dump(), idpSessionDump)
self.failUnlessEqual(idpLogout.validate_request(), 0)
idpLogout.validate_request()
self.failIf(idpLogout.is_identity_dirty())
self.failUnless(idpLogout.is_session_dirty())
idpSessionDump = idpLogout.get_session().dump()
self.failUnless(idpSessionDump)
self.failIf(idpLogout.get_next_providerID())
self.failUnlessEqual(idpLogout.build_response_msg(), 0)
idpLogout.build_response_msg()
soapResponseMsg = idpLogout.msg_body
self.failUnless(soapResponseMsg)
@ -602,8 +572,8 @@ jFL7NhzvY02aBTLhm22YOLYnlycKm64NGne+siooDCi5tel2/vcx+e+btX9x</X509Certificate>
# " <-- Trick for Emacs Python mode.
spLogout.set_session_from_dump(spSessionDump)
self.failUnlessEqual(spLogout.init_request(), 0)
self.failUnlessEqual(spLogout.build_request_msg(), 0)
spLogout.init_request()
spLogout.build_request_msg()
self.failUnless(spLogout.msg_url)
self.failUnless(spLogout.msg_body)
self.failUnless(spLogout.nameIdentifier)
@ -611,8 +581,7 @@ jFL7NhzvY02aBTLhm22YOLYnlycKm64NGne+siooDCi5tel2/vcx+e+btX9x</X509Certificate>
soapResponseMessage = """\
<soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/"><soap-env:Body xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/"><lib:LogoutResponse xmlns:lib="urn:liberty:iff:2003-08" ResponseID="NjcyNDYxQ0FCRTQwMUE0NjE4MzlFQjFDOTI2MTc3NjE=" MajorVersion="1" MinorVersion="2" IssueInstance="2004-08-04T00:03:20Z" InResponseTo="MzNCOTRBMjRCMDExN0MxODc1MUI5NjMwQjlCMTg1NzM=" Recipient="https://service-provider:2003/liberty-alliance/metadata"><lib:ProviderID>https://identity-provider:1998/liberty-alliance/metadata</lib:ProviderID><samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"><samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" Value="Samlp:Success"/></samlp:Status></lib:LogoutResponse></soap-env:Body></soap-env:Envelope>
""".strip()
self.failUnlessEqual(
spLogout.process_response_msg(soapResponseMessage, lasso.httpMethodSoap), 0)
spLogout.process_response_msg(soapResponseMessage, lasso.httpMethodSoap)
self.failIf(spLogout.is_identity_dirty())
self.failUnless(spLogout.is_session_dirty())
spSessionDump = spLogout.get_session().dump()