From b307a0014571a3a682c6f65c5a99dcaaaec57128 Mon Sep 17 00:00:00 2001 From: Emmanuel Raviart Date: Fri, 6 Aug 2004 12:29:43 +0000 Subject: [PATCH] An early commit of the new Python test. It is not clean yet, but the light will be green again :-) --- python/tests/login_tests.py | 1402 ++++++++++++++++++++++------------- 1 file changed, 893 insertions(+), 509 deletions(-) diff --git a/python/tests/login_tests.py b/python/tests/login_tests.py index a211ceb6..112b7e25 100644 --- a/python/tests/login_tests.py +++ b/python/tests/login_tests.py @@ -36,46 +36,569 @@ sys.path.insert(0, '../.libs') import lasso -class TestCase(unittest.TestCase): - def generateIdpServer(self): - idpServer = lasso.Server.new_from_dump(self.generateIdpServerDump()) - return idpServer +# FIXME: Replace principal with client in most methods. +# FIXME: Rename webUser to userAccount. - def generateIdpServerDump(self): - idpServer = lasso.Server.new( + +class HttpRequest(object): + client = None # Principal or web site sending the request. + body = None + header = None + method = None # "GET" or "POST" or "PUT" or... + url = None + + def __init__(self, client, method, url, body = None): + self.client = client + self.method = method + self.url = url + if body: + self.body = body + + def ask(self): + webSite = self.client.internet.getWebSite(self.url) + return webSite.doHttpRequest(self) + + +class HttpResponse(object): + body = None + header = None + statusCode = None # 200 or... + statusMessage = None + + def __init__(self, statusCode, statusMessage = None, body = None): + self.statusCode = statusCode + if statusMessage: + self.statusMessage = statusMessage + if body: + self.body = body + + +class Internet(object): + webSites = None + + def __init__(self): + self.webSites = {} + + def addWebSite(self, webSite): + self.webSites[webSite.url] = webSite + + def getWebSite(self, url): + for webSiteUrl, webSite in self.webSites.iteritems(): + if url.startswith(webSiteUrl): + return webSite + raise Exception("Unknown web site: %s" % url) + + +class WebClient(object): + internet = None + keyring = None + webSessionIds = None # Simulate the cookies, stored in user's navigator, and containing the + # IDs of sessions already opened by the user. + + def __init__(self, internet): + self.internet = internet + self.keyring = {} + self.webSessionIds = {} + + def redirect(self, url): + webSite = self.internet.getWebSite(url) + return webSite.doHttpRequest(HttpRequest(self, "GET", url)) + + +class Principal(WebClient): + """Simulation of a user and its web navigator""" + + name = None # The user name + + def __init__(self, internet, name): + WebClient.__init__(self, internet) + self.name = name + + +class Simulation(object): + test = None # The testing instance + + def __init__(self, test): + self.test = test + + def fail(self, msg = None): + return self.test.fail(msg) + + def failIf(self, expr, msg = None): + return self.test.failIf(expr, msg) + + def failIfAlmostEqual(self, first, second, places = 7, msg = None): + return self.test.failIfAlmostEqual(first, second, places, msg) + + def failIfEqual(self, first, second, msg = None): + return self.test.failIfEqual(first, second, msg) + + def failUnless(self, expr, msg = None): + return self.test.failUnless(expr, msg) + + def failUnlessAlmostEqual(self, first, second, places = 7, msg = None): + return self.test.failUnlessAlmostEqual(first, second, places, msg) + + def failUnlessRaises(self, excClass, callableObj, *args, **kwargs): + return self.test.failUnlessRaises(self, excClass, callableObj, *args, **kwargs) + + def failUnlessEqual(self, first, second, msg = None): + return self.test.failUnlessEqual(first, second, msg) + + +class WebSession(object): + """Simulation of session of a web site""" + + expirationTime = None # A sample session variable + loginDump = None # Used only by some identity providers + uniqueId = None # The session number + sessionDump = None + webUserId = None # ID of logged user. + + def __init__(self, uniqueId): + self.uniqueId = uniqueId + + +class WebUser(object): + """Simulation of user of a web site""" + + identityDump = None + language = 'fr' # A sample user variable + uniqueId = None # The user name is used as an ID in this simulation. + + def __init__(self, uniqueId): + self.uniqueId = uniqueId + + +class WebSite(WebClient, Simulation): + """Simulation of a web site""" + + lastWebSessionId = 0 + providerId = None # The Liberty providerID of this web site + serverDump = None + url = None # The main URL of web site + webUserIdsByNameIdentifier = None + webUsers = None + webSessionIdsByNameIdentifier = None + webSessions = None + + def __init__(self, test, internet, url): + Simulation.__init__(self, test) + WebClient.__init__(self, internet) + self.url = url + self.webUserIdsByNameIdentifier = {} + self.webUsers = {} + self.webSessionIdsByNameIdentifier = {} + self.webSessions = {} + self.internet.addWebSite(self) + + def addWebUser(self, name): + self.webUsers[name] = WebUser(name) + + def createWebSession(self, client): + self.lastWebSessionId += 1 + webSession = WebSession(self.lastWebSessionId) + self.webSessions[self.lastWebSessionId] = webSession + client.webSessionIds[self.url] = self.lastWebSessionId + return webSession + + def doHttpRequest(self, httpRequest): + url = httpRequest.url + if url.startswith(self.url): + url = url[len(self.url):] + methodName = url.split("?", 1)[0].replace("/", "") + method = getattr(self, methodName) + return method(httpRequest) + + def extractQueryFromUrl(self, url): + return url.split("?", 1)[1] + + def getIdentityDump(self, principal): + webSession = self.getWebSession(principal) + webUser = self.getWebUserFromWebSession(webSession) + if webUser is None: + return None + return webUser.identityDump + + def getServer(self): + return lasso.Server.new_from_dump(self.serverDump) + + def getSessionDump(self, principal): + webSession = self.getWebSession(principal) + if webSession is None: + return None + return webSession.sessionDump + + def getWebSession(self, principal): + webSessionId = principal.webSessionIds.get(self.url, None) + if webSessionId is None: + # The user has no web session opened on this site. + return None + return self.webSessions.get(webSessionId, None) + + def getWebSessionFromNameIdentifier(self, nameIdentifier): + webSessionId = self.webSessionIdsByNameIdentifier.get(nameIdentifier, None) + if webSessionId is None: + # The user has no federation on this site or has no authentication assertion for this + # federation. + return None + return self.webSessions.get(webSessionId, None) + + def getWebUserFromNameIdentifier(self, nameIdentifier): + webUserId = self.webUserIdsByNameIdentifier.get(nameIdentifier, None) + if webUserId is None: + # The user has no federation on this site. + return None + return self.webUsers.get(webUserId, None) + + def getWebUserFromWebSession(self, webSession): + if webSession is None: + return None + webUserId = webSession.webUserId + if webUserId is None: + # The user has no account on this site. + return None + return self.webUsers.get(webUserId, None) + + +class IdpSite(WebSite): + soapResponseMsgs = None + + def __init__(self, test, internet, url): + WebSite.__init__(self, test, internet, url) + self.soapResponseMsgs = {} + + def singleSignOn(self, httpRequest): + server = self.getServer() + login = lasso.Login.new(server) + identityDump = self.getIdentityDump(httpRequest.client) + if identityDump is not None: + login.set_identity_from_dump(identityDump) + sessionDump = self.getSessionDump(httpRequest.client) + if sessionDump is not None: + login.set_session_from_dump(sessionDump) + authnRequestQuery = self.extractQueryFromUrl(httpRequest.url) + login.init_from_authn_request_msg(authnRequestQuery, lasso.httpMethodRedirect) + + self.failUnless(login.must_authenticate()) # FIXME: To improve. + webSession = self.getWebSession(httpRequest.client) + if webSession is None: + webSession = self.createWebSession(httpRequest.client) + webSession.loginDump = login.dump() + + # A real identity provider using a HTML form to ask user's login & password would store + # idpLoginDump in a session variable and display the HTML login form. + webUserId = httpRequest.client.keyring.get(self.url, None) + userAuthenticated = webUserId in self.webUsers + if userAuthenticated: + webSession.webUserId = webUserId + authenticationMethod = lasso.samlAuthenticationMethodPassword # FIXME + + server = self.getServer() + webSession = self.getWebSession(httpRequest.client) + loginDump = webSession.loginDump + del webSession.loginDump + login = lasso.Login.new_from_dump(server, loginDump) + # Set identity & session in login, because loginDump doesn't contain them. + identityDump = self.getIdentityDump(httpRequest.client) + if identityDump is not None: + login.set_identity_from_dump(identityDump) + sessionDump = self.getSessionDump(httpRequest.client) + if sessionDump is not None: + login.set_session_from_dump(sessionDump) + self.failUnlessEqual(login.protocolProfile, lasso.loginProtocolProfileBrwsArt) # FIXME + login.build_artifact_msg( + userAuthenticated, authenticationMethod, "FIXME: reauthenticateOnOrAfter", + lasso.httpMethodRedirect) + webUser = self.getWebUserFromWebSession(webSession) + if login.is_identity_dirty(): + identityDump = login.get_identity().dump() + self.failUnless(identityDump) + webUser.identityDump = identityDump + self.failUnless(login.is_session_dirty()) + sessionDump = login.get_session().dump() + self.failUnless(sessionDump) + webSession.sessionDump = sessionDump + nameIdentifier = login.nameIdentifier + self.failUnless(nameIdentifier) + self.webUserIdsByNameIdentifier[nameIdentifier] = webUser.uniqueId + self.webSessionIdsByNameIdentifier[nameIdentifier] = webSession.uniqueId + artifact = login.assertionArtifact + self.failUnless(artifact) + soapResponseMsg = login.response_dump + self.failUnless(soapResponseMsg) + self.soapResponseMsgs[artifact] = soapResponseMsg + responseUrl = login.msg_url + self.failUnless(responseUrl) + return httpRequest.client.redirect(responseUrl) + + def soapEndpoint(self, httpRequest): + soapRequestMsg = httpRequest.body + requestType = lasso.get_request_type_from_soap_msg(soapRequestMsg) + if requestType == lasso.requestTypeLogin: + server = self.getServer() + login = lasso.Login.new(server) + login.process_request_msg(soapRequestMsg) + artifact = login.assertionArtifact + self.failUnless(artifact) + soapResponseMsg = self.soapResponseMsgs.get(artifact, None) + if soapResponseMsg is None: + raise Exception("FIXME: Handle the case when artifact is wrong") + return HttpResponse(200, body = soapResponseMsg) + elif requestType == lasso.requestTypeLogout: + server = self.getServer() + logout = lasso.Logout.new(server, lasso.providerTypeIdp) + logout.process_request_msg(soapRequestMsg, lasso.httpMethodSoap) + nameIdentifier = logout.nameIdentifier + self.failUnless(nameIdentifier) + + # Retrieve session dump and identity dump using name identifier. + webSession = self.getWebSessionFromNameIdentifier(nameIdentifier) + if webSession is None: + raise Exception("FIXME: Handle the case when there is no web session") + sessionDump = webSession.sessionDump + if sessionDump is None: + raise Exception( + "FIXME: Handle the case when there is no session dump in web session") + logout.set_session_from_dump(sessionDump) + webUser = self.getWebUserFromNameIdentifier(nameIdentifier) + if webUser is None: + raise Exception("FIXME: Handle the case when there is no web user") + identityDump = webUser.identityDump + if identityDump is None: + raise Exception( + "FIXME: Handle the case when there is no identity dump in web user") + logout.set_identity_from_dump(identityDump) + + logout.validate_request() + self.failIf(logout.is_identity_dirty()) + identity = logout.get_identity() + self.failUnless(identity) + identityDump = identity.dump() + self.failUnless(identityDump) + self.failUnless(logout.is_session_dirty()) + session = logout.get_session() + if session is None: + del webSession.sessionDump + else: + sessionDump = session.dump() + self.failUnless(sessionDump) + webSession.sessionDump = sessionDump + nameIdentifier = logout.nameIdentifier + self.failUnless(nameIdentifier) + del self.webSessionIdsByNameIdentifier[nameIdentifier] + + # Tell each other service provider to logout the user. + otherProviderId = logout.get_next_providerID() + while otherProviderId is not None: + logout.init_request(otherProviderId) + logout.build_request_msg() + + soapEndpoint = logout.msg_url + self.failUnless(soapEndpoint) + soapRequestMsg = logout.msg_body + self.failUnless(soapRequestMsg) + httpResponse = HttpRequest(self, "POST", soapEndpoint, body = soapRequestMsg).ask() + self.failUnlessEqual(httpResponse.statusCode, 200) + logout.process_response_msg(httpResponse.body, lasso.httpMethodSoap) + + otherProviderId = logout.get_next_providerID() + + logout.build_response_msg() + soapResponseMsg = logout.msg_body + self.failUnless(soapResponseMsg) + return HttpResponse(200, body = soapResponseMsg) + else: + raise Exception("Unknown request type: %s" % requestType) + + +class SpSite(WebSite): + idpSite = None # The identity provider, this service provider will use to authenticate users. + + def assertionConsumer(self, httpRequest): + server = self.getServer() + login = lasso.Login.new(server) + responseQuery = self.extractQueryFromUrl(httpRequest.url) + login.init_request(responseQuery, lasso.httpMethodRedirect) + login.build_request_msg() + + soapEndpoint = login.msg_url + self.failUnless(soapEndpoint) + soapRequestMsg = login.msg_body + self.failUnless(soapRequestMsg) + httpResponse = HttpRequest(self, "POST", soapEndpoint, body = soapRequestMsg).ask() + self.failUnlessEqual(httpResponse.statusCode, 200) + login.process_response_msg(httpResponse.body) + nameIdentifier = login.nameIdentifier + self.failUnless(nameIdentifier) + + # Retrieve session dump, using name identifier or else try to use the client web session. + # If session dump exists, give it to Lasso, so that it updates it. + webSession = self.getWebSessionFromNameIdentifier(nameIdentifier) + if webSession is None: + webSession = self.getWebSession(httpRequest.client) + if webSession is not None: + sessionDump = webSession.sessionDump + if sessionDump is not None: + login.set_session_from_dump(sessionDump) + # Retrieve identity dump, using name identifier or else try to retrieve him from web + # session. If identity dump exists, give it to Lasso, so that it updates it. + webUser = self.getWebUserFromNameIdentifier(nameIdentifier) + if webUser is None: + webUser = self.getWebUserFromWebSession(webSession) + if webUser is not None: + identityDump = webUser.identityDump + if identityDump is not None: + login.set_identity_from_dump(sessionDump) + + login.accept_sso() + if webUser is not None and identityDump is None: + self.failUnless(login.is_identity_dirty()) + identity = login.get_identity() + self.failUnless(identity) + identityDump = identity.dump() + self.failUnless(identityDump) + self.failUnless(login.is_session_dirty()) + session = login.get_session() + self.failUnless(session) + sessionDump = session.dump() + self.failUnless(sessionDump) + nameIdentifier = login.nameIdentifier + self.failUnless(nameIdentifier) + + # User is now authenticated. + + # If there was no web session yet, create it. Idem for the web user account. + if webSession is None: + webSession = self.createWebSession(httpRequest.client) + if webUser is None: + # A real service provider would ask user to login locally to create federation. Or it + # would ask user informations to create a local account. + webUserId = httpRequest.client.keyring.get(self.url, None) + userAuthenticated = webUserId in self.webUsers + if not userAuthenticated: + return HttpResponse(401, "Access Unauthorized: User has no account.") + webSession.webUserId = webUserId + webUser = self.webUsers[webUserId] + + # Store the updated identity dump and session dump. + if login.is_identity_dirty(): + webUser.identityDump = identityDump + webSession.sessionDump = sessionDump + self.webUserIdsByNameIdentifier[nameIdentifier] = webUser.uniqueId + self.webSessionIdsByNameIdentifier[nameIdentifier] = webSession.uniqueId + + return HttpResponse(200) + + def loginUsingRedirect(self, httpRequest): + server = self.getServer() + login = lasso.Login.new(server) + login.init_authn_request(self.idpSite.providerId) + self.failUnlessEqual(login.request_type, lasso.messageTypeAuthnRequest) + login.request.set_isPassive(False) + login.request.set_nameIDPolicy(lasso.libNameIDPolicyTypeFederated) + login.request.set_consent(lasso.libConsentObtained) + relayState = "fake" + login.request.set_relayState(relayState) + login.build_authn_request_msg() + authnRequestUrl = login.msg_url + self.failUnless(authnRequestUrl) + return httpRequest.client.redirect(authnRequestUrl) + + def logoutUsingSoap(self, httpRequest): + webSession = self.getWebSession(httpRequest.client) + if webSession is None: + return HttpResponse(401, "Access Unauthorized: User has no session opened.") + webUser = self.getWebUserFromWebSession(webSession) + if webUser is None: + return HttpResponse(401, "Access Unauthorized: User is not logged in.") + + server = self.getServer() + logout = lasso.Logout.new(server, lasso.providerTypeSp) + identityDump = self.getIdentityDump(httpRequest.client) + if identityDump is not None: + logout.set_identity_from_dump(identityDump) + sessionDump = self.getSessionDump(httpRequest.client) + if sessionDump is not None: + logout.set_session_from_dump(sessionDump) + logout.init_request() + logout.build_request_msg() + + soapEndpoint = logout.msg_url + self.failUnless(soapEndpoint) + soapRequestMsg = logout.msg_body + self.failUnless(soapRequestMsg) + httpResponse = HttpRequest(self, "POST", soapEndpoint, body = soapRequestMsg).ask() + self.failUnlessEqual(httpResponse.statusCode, 200) + + logout.process_response_msg(httpResponse.body, lasso.httpMethodSoap) + self.failIf(logout.is_identity_dirty()) + identity = logout.get_identity() + self.failUnless(identity) + identityDump = identity.dump() + self.failUnless(identityDump) + self.failUnless(logout.is_session_dirty()) + session = logout.get_session() + if session is None: + del webSession.sessionDump + else: + sessionDump = session.dump() + self.failUnless(sessionDump) + webSession.sessionDump = sessionDump + nameIdentifier = logout.nameIdentifier + self.failUnless(nameIdentifier) + del self.webSessionIdsByNameIdentifier[nameIdentifier] + + return HttpResponse(200) + + +class TestCase(unittest.TestCase): + def generateIdpSite(self, internet): + site = IdpSite(self, internet, "https://identity-provider/") + site.providerId = "https://identity-provider/metadata" + + server = lasso.Server.new( "../../examples/data/idp-metadata.xml", "../../examples/data/idp-public-key.pem", "../../examples/data/idp-private-key.pem", "../../examples/data/idp-crt.pem", lasso.signatureMethodRsaSha1) - idpServer.add_provider( + server.add_provider( "../../examples/data/sp-metadata.xml", "../../examples/data/sp-public-key.pem", "../../examples/data/ca-crt.pem") - idpServerDump = idpServer.dump() - self.failUnless(idpServerDump) - idpServer.destroy() - return idpServerDump + site.serverDump = server.dump() + self.failUnless(site.serverDump) + server.destroy() - def generateSpServer(self): - spServer = lasso.Server.new_from_dump(self.generateSpServerDump()) - return spServer + site.addWebUser('Chantereau') + site.addWebUser('Clapies') + site.addWebUser('Febvre') + site.addWebUser('Nowicki') + return site - def generateSpServerDump(self): - spServer = lasso.Server.new( + def generateSpSite(self, internet): + site = SpSite(self, internet, "https://service-provider/") + site.providerId = "https://service-provider/metadata" + + server = lasso.Server.new( "../../examples/data/sp-metadata.xml", "../../examples/data/sp-public-key.pem", "../../examples/data/sp-private-key.pem", "../../examples/data/sp-crt.pem", lasso.signatureMethodRsaSha1) - spServer.add_provider( + server.add_provider( "../../examples/data/idp-metadata.xml", "../../examples/data/idp-public-key.pem", "../../examples/data/ca-crt.pem") - spServerDump = spServer.dump() - self.failUnless(spServerDump) - spServer.destroy() - return spServerDump + site.serverDump = server.dump() + self.failUnless(site.serverDump) + server.destroy() + + site.addWebUser('Nicolas') + site.addWebUser('Romain') + site.addWebUser('Valery') + return site def setUp(self): pass @@ -85,513 +608,373 @@ class TestCase(unittest.TestCase): class LoginTestCase(TestCase): - def idpSingleSignOnForRedirect(self, authnRequestQuery, identityDump, sessionDump): - idpServer = self.generateIdpServer() - idpLogin = lasso.Login.new(idpServer) - if identityDump is not None: - idpLogin.set_identity_from_dump(identityDump) - if sessionDump is not None: - idpLogin.set_session_from_dump(sessionDump) - idpLogin.init_from_authn_request_msg( - authnRequestQuery, lasso.httpMethodRedirect) - return idpLogin - - def idpSingleSignOn_part2ForArtifactRedirect( - self, idpLogin, userAuthenticated, authenticationMethod): - idpLogin.build_artifact_msg( - userAuthenticated, authenticationMethod, "FIXME: reauthenticateOnOrAfter", - lasso.httpMethodRedirect) - idpIdentityDump = idpLogin.get_identity().dump() - self.failUnless(idpIdentityDump) - self.failUnless(idpLogin.is_session_dirty()) - idpSessionDump = idpLogin.get_session().dump() - self.failUnless(idpSessionDump) - nameIdentifier = idpLogin.nameIdentifier - self.failUnless(nameIdentifier) - responseUrl = idpLogin.msg_url - self.failUnless(responseUrl) - artifact = idpLogin.assertionArtifact - self.failUnless(artifact) - soapResponseMsg = idpLogin.response_dump - self.failUnless(soapResponseMsg) - return idpLogin - - def idpSoapEndpointForLogin(self, soapRequestMsg): - requestType = lasso.get_request_type_from_soap_msg(soapRequestMsg) - self.failUnlessEqual(requestType, lasso.requestTypeLogin) - idpServer = self.generateIdpServer() - idpLogin = lasso.Login.new(idpServer) - idpLogin.process_request_msg(soapRequestMsg) - artifact = idpLogin.assertionArtifact - self.failUnless(artifact) - return idpLogin - - def idpSoapEndpointForLogout(self, soapRequestMsg): - requestType = lasso.get_request_type_from_soap_msg(soapRequestMsg) - self.failUnlessEqual(requestType, lasso.requestTypeLogout) - idpServer = self.generateIdpServer() - idpLogout = lasso.Logout.new(idpServer, lasso.providerTypeIdp) - idpLogout.process_request_msg(soapRequestMsg, lasso.httpMethodSoap) - nameIdentifier = idpLogout.nameIdentifier - self.failUnless(nameIdentifier) - return idpLogout - - def idpSoapEndpointForLogout_part2(self, idpLogout, identityDump, sessionDump): - if identityDump is not None: - idpLogout.set_identity_from_dump(identityDump) - if sessionDump is not None: - idpLogout.set_session_from_dump(sessionDump) - idpLogout.validate_request() - idpIdentityDump = idpLogout.get_identity().dump() - self.failUnless(idpIdentityDump) - self.failUnless(idpLogout.is_session_dirty()) - idpSessionDump = idpLogout.get_session().dump() - # After logout, idpSession can be None or still contain other assertions. - # self.failUnless(idpSessionDump) - - # There is no other service provider from which the user must be logged out. - # FIXME: Handle the case where there are authentication assertions for other service - # providers. - self.failUnlessEqual(idpLogout.get_next_providerID(), None) - idpLogout.build_response_msg() - soapResponseMsg = idpLogout.msg_body - self.failUnless(soapResponseMsg) - return idpLogout - - def spAssertionConsumerForRedirect(self, responseQuery): - spServer = self.generateSpServer() - spLogin = lasso.Login.new(spServer) - spLogin.init_request(responseQuery, lasso.httpMethodRedirect) - spLogin.build_request_msg() - soapEndpoint = spLogin.msg_url - self.failUnless(soapEndpoint) - soapRequestMsg = spLogin.msg_body - self.failUnless(soapRequestMsg) - return spLogin - - def spAssertionConsumer_part2(self, spLogin, soapResponseMsg): - spLogin.process_response_msg(soapResponseMsg) - nameIdentifier = spLogin.nameIdentifier - self.failUnless(nameIdentifier) - return spLogin - - def spAssertionConsumer_part3(self, spLogin, identityDump, sessionDump): - if identityDump is not None: - spLogin.set_identity_from_dump(identityDump) - if sessionDump is not None: - spLogin.set_session_from_dump(sessionDump) - spLogin.accept_sso() - spIdentity = spLogin.get_identity() - self.failUnless(spIdentity) - spIdentityDump = spIdentity.dump() - self.failUnless(spIdentityDump) - self.failUnless(spLogin.is_session_dirty()) - spSession = spLogin.get_session() - self.failUnless(spSession) - spSessionDump = spSession.dump() - self.failUnless(spSessionDump) - authenticationMethod = spSession.get_authentication_method() - self.failUnless(authenticationMethod) - return spLogin - - def spLoginForRedirect(self): - spServer = self.generateSpServer() - spLogin = lasso.Login.new(spServer) - spLogin.init_authn_request( - "https://identity-provider:1998/liberty-alliance/metadata") - self.failUnlessEqual(spLogin.request_type, lasso.messageTypeAuthnRequest) - spLogin.request.set_isPassive(False) - spLogin.request.set_nameIDPolicy(lasso.libNameIDPolicyTypeFederated) - spLogin.request.set_consent(lasso.libConsentObtained) - relayState = "fake" - spLogin.request.set_relayState(relayState) - spLogin.build_authn_request_msg() - authnRequestUrl = spLogin.msg_url - self.failUnless(authnRequestUrl) - return spLogin - - def spLogoutForSoap(self, spIdentityDump, spSessionDump): - spServer = self.generateSpServer() - spLogout = lasso.Logout.new(spServer, lasso.providerTypeSp) - if spIdentityDump is not None: - spLogout.set_identity_from_dump(spIdentityDump) - if spSessionDump is not None: - spLogout.set_session_from_dump(spSessionDump) - spLogout.init_request() - spLogout.build_request_msg() - soapEndpoint = spLogout.msg_url - self.failUnless(soapEndpoint) - soapRequestMsg = spLogout.msg_body - self.failUnless(soapRequestMsg) - return spLogout - - def spLogoutForSoap_part2(self, spLogout, soapResponseMsg): - spLogout.process_response_msg(soapResponseMsg, lasso.httpMethodSoap) - self.failIf(spLogout.is_identity_dirty()) - spIdentity = spLogout.get_identity() - self.failUnless(spIdentity) - spIdentityDump = spIdentity.dump() - self.failUnless(spIdentityDump) - self.failUnless(spLogout.is_session_dirty()) - spSession = spLogout.get_session() - return spLogout - def test01_generateServers(self): - """Generate identity and service provider server contexts""" - self.generateIdpServer() - self.generateSpServer() - - def test02_spLogin(self): """Service provider initiated login using HTTP redirect""" - spLogin = self.spLoginForRedirect() - # A real service provider would issue a HTTPS redirect to spLogin.msg_url. + internet = Internet() + idpSite = self.generateIdpSite(internet) + spSite = self.generateSpSite(internet) + spSite.idpSite = idpSite + principal = Principal(internet, "Romain Chantereau") + principal.keyring[idpSite.url] = "Chantereau" + principal.keyring[spSite.url] = "Romain" + httpResponse = spSite.doHttpRequest(HttpRequest(principal, "GET", "/loginUsingRedirect")) + self.failUnlessEqual(httpResponse.statusCode, 200) + httpResponse = spSite.doHttpRequest(HttpRequest(principal, "GET", "/logoutUsingSoap")) + self.failUnlessEqual(httpResponse.statusCode, 200) - # Identity provider single sign-on, for a user having no federation. - authnRequestQuery = spLogin.msg_url.split("?", 1)[1] - idpLogin = self.idpSingleSignOnForRedirect(authnRequestQuery, None, None) - self.failUnless(idpLogin.must_authenticate()) - idpLoginDump = idpLogin.dump() - # A real identity provider using a HTML form to ask user's login & password would store - # idpLoginDump in a session variable and display the HTML login form. +## def test02_spLogin(self): +## """Service provider initiated login using HTTP redirect""" - userAuthenticated = True - authenticationMethod = lasso.samlAuthenticationMethodPassword - idpServer = self.generateIdpServer() - idpLogin = lasso.Login.new_from_dump(idpServer, idpLoginDump) - self.failUnlessEqual(idpLogin.protocolProfile, lasso.loginProtocolProfileBrwsArt) - idpLogin = self.idpSingleSignOn_part2ForArtifactRedirect( - idpLogin, userAuthenticated, authenticationMethod) - # The user had no Liberty federation before, so identity must be dirty. - self.failUnless(idpLogin.is_identity_dirty()) - idpIdentityDump = idpLogin.get_identity().dump() - idpSessionDump = idpLogin.get_session().dump() - nameIdentifier = idpLogin.nameIdentifier - artifact = idpLogin.assertionArtifact - soapResponseMsg = idpLogin.response_dump - # A real identity provider would store idpIdentityDump in user record and store - # idpSessionDump in session variables or user record. - # It would then index its user record and its session using nameIdentifier. - # It would also store soapResponseMsg and index it using artifact. - # It would optionally create a web session (using cookie, ...). - # And finally, it would issue a HTTPS redirect to idpLogin.msg_url. +## spLogin = self.spLoginForRedirect() +## # A real service provider would issue a HTTPS redirect to spLogin.msg_url. - # Service provider assertion consumer. - responseQuery = idpLogin.msg_url.split("?", 1)[1] - spLogin = self.spAssertionConsumerForRedirect(responseQuery) - # A real service provider would issue a SOAP HTTPS request containing spLogin.msg_body to - # spLogin.msg_url. +## # Identity provider single sign-on, for a user having no federation. +## authnRequestQuery = spLogin.msg_url.split("?", 1)[1] +## idpLogin = self.idpSingleSignOnForRedirect(authnRequestQuery, None, None) +## self.failUnless(idpLogin.must_authenticate()) +## idpLoginDump = idpLogin.dump() +## # A real identity provider using a HTML form to ask user's login & password would store +## # idpLoginDump in a session variable and display the HTML login form. - # Identity provider SOAP endpoint. - idpLogin = self.idpSoapEndpointForLogin(spLogin.msg_body) - # A real identity provider would retrieve soapResponseMsg using spLogin.assertionArtifact - # and return it as SOAP response. - self.failUnlessEqual(idpLogin.assertionArtifact, artifact) +## userAuthenticated = True +## authenticationMethod = lasso.samlAuthenticationMethodPassword +## idpServer = self.generateIdpServer() +## idpLogin = lasso.Login.new_from_dump(idpServer, idpLoginDump) +## #FIXME: set user and session from dump, because the logindump doesn't contain them. +## self.failUnlessEqual(idpLogin.protocolProfile, lasso.loginProtocolProfileBrwsArt) +## idpLogin = self.idpSingleSignOn_part2ForArtifactRedirect( +## idpLogin, userAuthenticated, authenticationMethod) +## # The user had no Liberty federation before, so identity must be dirty. +## self.failUnless(idpLogin.is_identity_dirty()) +## idpIdentityDump = idpLogin.get_identity().dump() +## idpSessionDump = idpLogin.get_session().dump() +## nameIdentifier = idpLogin.nameIdentifier +## artifact = idpLogin.assertionArtifact +## soapResponseMsg = idpLogin.response_dump +## # A real identity provider would store idpIdentityDump in user record and store +## # idpSessionDump in session variables or user record. +## # It would then index its user record and its session using nameIdentifier. +## # It would also store soapResponseMsg and index it using artifact. +## # It would optionally create a web session (using cookie, ...). +## # And finally, it would issue a HTTPS redirect to idpLogin.msg_url. - # Service provider assertion consumer (part 2: process SOAP response). - spLogin = self.spAssertionConsumer_part2(spLogin, soapResponseMsg) - # A real service provider would search for a user record and a session indexed by - # spLogin.nameIdentifier. - # In this case, we assume that the user has no Liberty federation yet => no identity dump - # and no session dump. - self.failUnlessEqual(spLogin.nameIdentifier, nameIdentifier) - spLogin = self.spAssertionConsumer_part3(spLogin, None, None) - self.failUnless(spLogin.is_identity_dirty()) - spIdentityDump = spLogin.get_identity().dump() - spSession = spLogin.get_session() - spSessionDump = spSession.dump() - authenticationMethod = spSession.get_authentication_method() - self.failUnlessEqual(authenticationMethod, lasso.samlAuthenticationMethodPassword) - # A real service provider would store spIdentityDump in user record and spSessionDump - # in session variables or user record. - # It would then index its user record and its session using nameIdentifier. - # It would create a web session (using cookie, ...). - # And finally, it would display a page saying that Liberty authentication has succeeded. +## # Service provider assertion consumer. +## responseQuery = idpLogin.msg_url.split("?", 1)[1] +## spLogin = self.spAssertionConsumerForRedirect(responseQuery) +## # A real service provider would issue a SOAP HTTPS request containing spLogin.msg_body to +## # spLogin.msg_url. - # Service provider logout using SOAP. - spLogout = self.spLogoutForSoap(spIdentityDump, spSessionDump) - # A real service provider would issue a SOAP HTTPS request containing spLogout.msg_body to - # spLogout.msg_url. +## # Identity provider SOAP endpoint. +## idpLogin = self.idpSoapEndpointForLogin(spLogin.msg_body) +## # A real identity provider would retrieve soapResponseMsg using spLogin.assertionArtifact +## # and return it as SOAP response. +## self.failUnlessEqual(idpLogin.assertionArtifact, artifact) - # Identity provider SOAP endpoint. - idpLogout = self.idpSoapEndpointForLogout(spLogout.msg_body) - self.failUnlessEqual(idpLogout.nameIdentifier, nameIdentifier) - # A real identity provider would retrieve the user record and the session indexed by - # idpLogout.nameIdentifier. +## # Service provider assertion consumer (part 2: process SOAP response). +## spLogin = self.spAssertionConsumer_part2(spLogin, soapResponseMsg) +## # A real service provider would search for a user record and a session indexed by +## # spLogin.nameIdentifier. +## # In this case, we assume that the user has no Liberty federation yet => no identity dump +## # and no session dump. +## self.failUnlessEqual(spLogin.nameIdentifier, nameIdentifier) +## spLogin = self.spAssertionConsumer_part3(spLogin, None, None) +## self.failUnless(spLogin.is_identity_dirty()) +## spIdentityDump = spLogin.get_identity().dump() +## spSession = spLogin.get_session() +## spSessionDump = spSession.dump() +## authenticationMethod = spSession.get_authentication_method() +## self.failUnlessEqual(authenticationMethod, lasso.samlAuthenticationMethodPassword) +## # A real service provider would store spIdentityDump in user record and spSessionDump +## # in session variables or user record. +## # It would then index its user record and its session using nameIdentifier. +## # It would create a web session (using cookie, ...). +## # And finally, it would display a page saying that Liberty authentication has succeeded. + +## # Service provider logout using SOAP. +## spLogout = self.spLogoutForSoap(spIdentityDump, spSessionDump) +## # A real service provider would issue a SOAP HTTPS request containing spLogout.msg_body to +## # spLogout.msg_url. + +## # Identity provider SOAP endpoint. +## idpLogout = self.idpSoapEndpointForLogout(spLogout.msg_body) +## self.failUnlessEqual(idpLogout.nameIdentifier, nameIdentifier) +## # A real identity provider would retrieve the user record and the session indexed by +## # idpLogout.nameIdentifier. - idpLogout = self.idpSoapEndpointForLogout_part2(idpLogout, idpIdentityDump, idpSessionDump) - # A real identity provider would store idpIdentityDump in user record and store or delete - # idpSessionDump in session variables or user record. - # It would then remove the nameIdentifier index to the user record and the session. - # And finally, it would return idpLogout.msg_body as SOAP response. +## idpLogout = self.idpSoapEndpointForLogout_part2(idpLogout, idpIdentityDump, idpSessionDump) +## # A real identity provider would store idpIdentityDump in user record and store or delete +## # idpSessionDump in session variables or user record. +## # It would then remove the nameIdentifier index to the user record and the session. +## # And finally, it would return idpLogout.msg_body as SOAP response. - # Service provider logout (part 2: process SOAP response). - spLogout = self.spLogoutForSoap_part2(spLogout, idpLogout.msg_body) - self.failIf(spLogout.is_identity_dirty()) - spIdentityDump = spLogout.get_identity().dump() - spSession = spLogout.get_session() - # In this case, spSession should be None, but Lasso doesn't implement it yet. - # self.failIf(spSession) - # - # A real service provider would store spIdentityDump in user record and store or delete - # spSessionDump in session variables or user record. - # It would then remove the idpLogout.nameIdentifier index to the user record and the - # session. - # And finally, it would display a page saying that Liberty logout has succeeded. +## # Service provider logout (part 2: process SOAP response). +## spLogout = self.spLogoutForSoap_part2(spLogout, idpLogout.msg_body) +## self.failIf(spLogout.is_identity_dirty()) +## spIdentityDump = spLogout.get_identity().dump() +## spSession = spLogout.get_session() +## # In this case, spSession should be None, but Lasso doesn't implement it yet. +## # self.failIf(spSession) +## # +## # A real service provider would store spIdentityDump in user record and store or delete +## # spSessionDump in session variables or user record. +## # It would then remove the idpLogout.nameIdentifier index to the user record and the +## # session. +## # And finally, it would display a page saying that Liberty logout has succeeded. - def test03(self): - """Identity provider single sign-on when identity and session already exist.""" - idpServer = self.generateIdpServer() - idpLogin = lasso.Login.new(idpServer) - idpIdentityDump = """\ -NjMxMEMzRTlEMDA4NTNEMEZGNDI1MEM0QzY4NUNBNzY= -""".strip() - idpLogin.set_identity_from_dump(idpIdentityDump) - idpSessionDump = """ -NjMxMEMzRTlEMDA4NTNEMEZGNDI1MEM0QzY4NUNBNzY=NjMxMEMzRTlEMDA4NTNEMEZGNDI1MEM0QzY4NUNBNzY=urn:oasis:names:tc:SAML:1.0:cm:bearer - - - - - - - - -ZRe7eb5JuhgL6W/Le1oMezbEHnA= - - -CYOtlOvHtpkQsLA87GrtHs1WuoPVXHiPkVsmce2X1+PUslYpKLKp3cuNTVo1Z7+k -Iku+DThYC9EvR7gprVQW2Y3CpCPanWs2A6j21SrlfqGFffpUtOFuiv3L1rfGKjPJ -eMWehfc/SEi3+/JT22RejeYrSA61YLwsfItB7Ie4L0TRuZuxxu++CsidIEu2iv7l -fI79SMn5hF7j/oFU9IODFhCArNLgBiOxA9rnRNvXwRFFmRN3qvdEuXuAZBthRhoa -BRcL2T7tLxIVV+8y1fUjkliV1QgvOeus9g1bib1FLHdzHZ6KNGLPkZiXuM7ZPT1B -G8WStJalTeH81AE7Ol4pcg== - - -MIIDKTCCAhECAQEwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCSVQxDzANBgNV -BAcTBlBvbXBlaTEQMA4GA1UEChMHVmVzdXZpbzEpMCcGA1UEAxMgVmVzdXZpbyBM -aWJlcnR5IEFsbGlhbmNlIFJvb3QgQ0EwHhcNMDQwNDIwMTQwMzQ1WhcNMDUwNDIw -MTQwMzQ1WjBaMQswCQYDVQQGEwJJVDEPMA0GA1UEBxMGUG9tcGVpMR4wHAYDVQQK -ExVJZGVudGl0eSBQcm92aWRlciBJbmMxGjAYBgNVBAMTEWlkZW50aXR5LXByb3Zp -ZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4SGH3FPnhpQ8rCED -RmC+NEkJQ6ZrG1jRL1kNx3wNu1xRZgFPiEDFnu9p/muVQkRAzK4txgC5i0ymwgRZ -uan2yFrdq7Kpc9r0cM1S/q63aQeOMXQszz6G0NIY9DOzdrdlTc2uToBpIPA4a/Tf -NWpMFZ7zGB9ThJ4+S5MAIA6y3SRWYHOqdlwjo/R0P4C3y8wIClgI0ZTdS6/Rkr59 -XC4WRocMzGCSsk+1F1tAZoR77ummLcY4nFkbtawyeRXEUpSpDaxgVEEmvH+/Kqx5 -NhVzeCZkm8szOzMea+QT4Uh3F7GVwY/7+JV23eCGyr2n3EhXgCqw0nnGSGR7vrNl -Ue1oswIDAQABMA0GCSqGSIb3DQEBBAUAA4IBAQAFyYC/V49X7ZNLpYI8jx1TE9X3 -J4c47cCLaxslrhi0/X6nCOEcBckXtbL+ZhIiHfI6PWizHMjTCEkJOYMVOsXyWN73 -XdzfIZVrThQRsYvQZqUH8cZZH3fFg/RyEM3fzlFDsuIxfg7+NIDNmSFbt/YdFL0T -3sB7jYSkKr4buX9ZewdOfRxwN4MZIE32SoBo+UOgNrMM2hcQTStBK09vzJiWQE/4 -aWbZJT9jtBPGWTsMS8g1x9WAmJHV2BpUiSfY39895a5T7kbbqZ3rp7DM9dgLjdXC -jFL7NhzvY02aBTLhm22YOLYnlycKm64NGne+siooDCi5tel2/vcx+e+btX9x - - - -""".strip() - # " <-- Trick for Emacs Python mode. - idpLogin.set_session_from_dump(idpSessionDump) - authnRequestQuery = """NameIDPolicy=federated&IsPassive=false&ProviderID=https%3A%2F%2Fservice-provider%3A2003%2Fliberty-alliance%2Fmetadata&consent=urn%3Aliberty%3Aconsent%3Aobtained&IssueInstance=2004-08-02T20%3A33%3A58Z&MinorVersion=2&MajorVersion=1&RequestID=ODVGNkUyMzY5N0MzOTY4QzZGOUYyNzEwRTJGMUNCQTI%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=fnSL5Mgp%2BV%2FtdUuYQJmFKvFY8eEco6sypmejvP4sD0v5ApywV94mUo6BxE29o1KW%0AGFXiMG7puhTwRSlKDo1vlh5iHNqVfjKcbx2XhfoDfplqLir102dyHxB5GedEQvqw%0AbTFtFrB6SnHi5facrYHCn7b58CxAWv9XW4DIfcVCOSma2OOBCm%2FzzCSiZpOtbRk9%0AveQzace41tDW0XLlbRdWpvwsma0yaYSkqYvTV3hmvgkWS5x9lzcm97oME4ywzwbU%0AJAyG8BkqMFoG7FPjwzR8qh7%2FWi%2BCzxxqfczxSGkUZUmsQdxyxazjhDpt1X8i5fan%0AnaF1vWF3GmS6G4t7mrkItA%3D%3D""" - method = lasso.httpMethodRedirect - idpLogin.init_from_authn_request_msg(authnRequestQuery, method) - self.failIf(idpLogin.must_authenticate()) - userAuthenticated = True - authenticationMethod = lasso.samlAuthenticationMethodPassword - self.failUnlessEqual(idpLogin.protocolProfile, lasso.loginProtocolProfileBrwsArt) - idpLogin.build_artifact_msg( - userAuthenticated, authenticationMethod, "FIXME: reauthenticateOnOrAfter", - lasso.httpMethodRedirect) - self.failUnless(idpLogin.msg_url) - self.failUnless(idpLogin.assertionArtifact) - self.failUnless(idpLogin.response_dump) - self.failUnless(idpLogin.nameIdentifier) +## def test03(self): +## """Identity provider single sign-on when identity and session already exist.""" +## idpServer = self.generateIdpServer() +## idpLogin = lasso.Login.new(idpServer) +## idpIdentityDump = """\ +## NjMxMEMzRTlEMDA4NTNEMEZGNDI1MEM0QzY4NUNBNzY= +## """.strip() +## idpLogin.set_identity_from_dump(idpIdentityDump) +## idpSessionDump = """ +## NjMxMEMzRTlEMDA4NTNEMEZGNDI1MEM0QzY4NUNBNzY=NjMxMEMzRTlEMDA4NTNEMEZGNDI1MEM0QzY4NUNBNzY=urn:oasis:names:tc:SAML:1.0:cm:bearer +## +## +## +## +## +## +## +## +## ZRe7eb5JuhgL6W/Le1oMezbEHnA= +## +## +## CYOtlOvHtpkQsLA87GrtHs1WuoPVXHiPkVsmce2X1+PUslYpKLKp3cuNTVo1Z7+k +## Iku+DThYC9EvR7gprVQW2Y3CpCPanWs2A6j21SrlfqGFffpUtOFuiv3L1rfGKjPJ +## eMWehfc/SEi3+/JT22RejeYrSA61YLwsfItB7Ie4L0TRuZuxxu++CsidIEu2iv7l +## fI79SMn5hF7j/oFU9IODFhCArNLgBiOxA9rnRNvXwRFFmRN3qvdEuXuAZBthRhoa +## BRcL2T7tLxIVV+8y1fUjkliV1QgvOeus9g1bib1FLHdzHZ6KNGLPkZiXuM7ZPT1B +## G8WStJalTeH81AE7Ol4pcg== +## +## +## MIIDKTCCAhECAQEwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCSVQxDzANBgNV +## BAcTBlBvbXBlaTEQMA4GA1UEChMHVmVzdXZpbzEpMCcGA1UEAxMgVmVzdXZpbyBM +## aWJlcnR5IEFsbGlhbmNlIFJvb3QgQ0EwHhcNMDQwNDIwMTQwMzQ1WhcNMDUwNDIw +## MTQwMzQ1WjBaMQswCQYDVQQGEwJJVDEPMA0GA1UEBxMGUG9tcGVpMR4wHAYDVQQK +## ExVJZGVudGl0eSBQcm92aWRlciBJbmMxGjAYBgNVBAMTEWlkZW50aXR5LXByb3Zp +## ZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4SGH3FPnhpQ8rCED +## RmC+NEkJQ6ZrG1jRL1kNx3wNu1xRZgFPiEDFnu9p/muVQkRAzK4txgC5i0ymwgRZ +## uan2yFrdq7Kpc9r0cM1S/q63aQeOMXQszz6G0NIY9DOzdrdlTc2uToBpIPA4a/Tf +## NWpMFZ7zGB9ThJ4+S5MAIA6y3SRWYHOqdlwjo/R0P4C3y8wIClgI0ZTdS6/Rkr59 +## XC4WRocMzGCSsk+1F1tAZoR77ummLcY4nFkbtawyeRXEUpSpDaxgVEEmvH+/Kqx5 +## NhVzeCZkm8szOzMea+QT4Uh3F7GVwY/7+JV23eCGyr2n3EhXgCqw0nnGSGR7vrNl +## Ue1oswIDAQABMA0GCSqGSIb3DQEBBAUAA4IBAQAFyYC/V49X7ZNLpYI8jx1TE9X3 +## J4c47cCLaxslrhi0/X6nCOEcBckXtbL+ZhIiHfI6PWizHMjTCEkJOYMVOsXyWN73 +## XdzfIZVrThQRsYvQZqUH8cZZH3fFg/RyEM3fzlFDsuIxfg7+NIDNmSFbt/YdFL0T +## 3sB7jYSkKr4buX9ZewdOfRxwN4MZIE32SoBo+UOgNrMM2hcQTStBK09vzJiWQE/4 +## aWbZJT9jtBPGWTsMS8g1x9WAmJHV2BpUiSfY39895a5T7kbbqZ3rp7DM9dgLjdXC +## jFL7NhzvY02aBTLhm22YOLYnlycKm64NGne+siooDCi5tel2/vcx+e+btX9x +## +## +## +## """.strip() +## # " <-- Trick for Emacs Python mode. +## idpLogin.set_session_from_dump(idpSessionDump) +## authnRequestQuery = """NameIDPolicy=federated&IsPassive=false&ProviderID=https%3A%2F%2Fservice-provider%3A2003%2Fliberty-alliance%2Fmetadata&consent=urn%3Aliberty%3Aconsent%3Aobtained&IssueInstance=2004-08-02T20%3A33%3A58Z&MinorVersion=2&MajorVersion=1&RequestID=ODVGNkUyMzY5N0MzOTY4QzZGOUYyNzEwRTJGMUNCQTI%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=fnSL5Mgp%2BV%2FtdUuYQJmFKvFY8eEco6sypmejvP4sD0v5ApywV94mUo6BxE29o1KW%0AGFXiMG7puhTwRSlKDo1vlh5iHNqVfjKcbx2XhfoDfplqLir102dyHxB5GedEQvqw%0AbTFtFrB6SnHi5facrYHCn7b58CxAWv9XW4DIfcVCOSma2OOBCm%2FzzCSiZpOtbRk9%0AveQzace41tDW0XLlbRdWpvwsma0yaYSkqYvTV3hmvgkWS5x9lzcm97oME4ywzwbU%0AJAyG8BkqMFoG7FPjwzR8qh7%2FWi%2BCzxxqfczxSGkUZUmsQdxyxazjhDpt1X8i5fan%0AnaF1vWF3GmS6G4t7mrkItA%3D%3D""" +## method = lasso.httpMethodRedirect +## idpLogin.init_from_authn_request_msg(authnRequestQuery, method) +## self.failIf(idpLogin.must_authenticate()) +## userAuthenticated = True +## authenticationMethod = lasso.samlAuthenticationMethodPassword +## self.failUnlessEqual(idpLogin.protocolProfile, lasso.loginProtocolProfileBrwsArt) +## idpLogin.build_artifact_msg( +## userAuthenticated, authenticationMethod, "FIXME: reauthenticateOnOrAfter", +## lasso.httpMethodRedirect) +## self.failUnless(idpLogin.msg_url) +## self.failUnless(idpLogin.assertionArtifact) +## self.failUnless(idpLogin.response_dump) +## self.failUnless(idpLogin.nameIdentifier) - def test04(self): - """Identity provider logout.""" - idpServer = self.generateIdpServer() - soapRequestMessage = """\ -https://service-provider:2003/liberty-alliance/metadataQkM3M0M4MTYxREQzNEYwNEI4M0I4MUVERDUyQUUyMjA= - - - - - - - - -NlVszQnxIyPU7zbJYadQmTnFAsI= - - -h0lB2hBstgxlNYnVQ4xzmXIi2APqNxKEEfUqYm3NeGmddbazg0/Y/SdcqLlto9fy -ML34w/TJG7DnCdeUQVxdxhzmJlv3X2U5qDAYh6gX4g36wJCntderC5LtNkZhhTWt -m9NWGszFhCm9nSaGATdj4JGqJNc+LUIt3EvXHDIqQ/LU2g3hxZQ4Hs5Fg9yqRS98 -5CWPtckYcGPcG8kFuTKNos2F4KQPyXJRX0KF+9FbkBX0RsblstzL0CiFUlor4m+R -ejvMcEt/nGCGj7F5mRPYcW3ZxTw4J2wAqS52Tu41fyeKw5SHIJQNmwV25P/hINim -hd2ybn/G3vK2If0+rUjA8Q== - - -MIIDJzCCAg8CAQIwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCSVQxDzANBgNV -BAcTBlBvbXBlaTEQMA4GA1UEChMHVmVzdXZpbzEpMCcGA1UEAxMgVmVzdXZpbyBM -aWJlcnR5IEFsbGlhbmNlIFJvb3QgQ0EwHhcNMDQwNDIwMTQyMDMxWhcNMDUwNDIw -MTQyMDMxWjBYMQswCQYDVQQGEwJJVDEPMA0GA1UEBxMGUG9tcGVpMR0wGwYDVQQK -ExRTZXJ2aWNlIFByb3ZpZGVyIEluYzEZMBcGA1UEAxMQc2VydmljZS1wcm92aWRl -cjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALIjOIroSVwUaMOyFlGL -p6oCDkI14ssZRec/l2Z+p89kwVF+vkyhE7LHkaIgE1RnmPhcudzMCNFc6okpHdtV -yU+GTSXhRN7/BGYBoDpfNpTMP0aUpw/BQOhL+zeb0nSsSf7ejNeKyvR+q5ia+3N4 -dm9vgUPWZk0iN0URMSRxzIA3nEsR+B9JV7BFFyfbBxwLR4Aht667cuSeFnAUnynp -JiHiKF/r5yXk+EKK++8NpjflpJnFVT1mSfj+6iYutiOrgUKgCANsaXr0WomR4oKg -kqzP2DLDwnwi73vUAW4y9CBNk7nDtZJFhUxKa63i1HgHCKNvHfVjvKPz844PnLw/ -CWMCAwEAATANBgkqhkiG9w0BAQQFAAOCAQEAOfAVexQY2ImgBWjcAkGAYfLwMZ2k -8jtQGRgbPuD1DBQ+oZm+Ykuw30orVAo8/S5PcSNdRawOVoTY60oRupGBctoqSzmp -SiBkWOwb4wBZOHfSNRFDS83N0ewHk4FFY6t5NPlhUORC07xl4GaVUb5LjyDKMh2j -RtLaR85lCV8xVvM+jdBzBM2FxOQ0WdhphMjO4gj5ene791iT4PpA69o7wuZ9g728 -CGb/HRUx5EPgbIy52G224ITlQWadD1Z6y4PFTowDjkaRVerjUVRJZ/a5QVNsI4Du -/z71zAbdg4NfTfXjAXHRhEGappHVBROAQFchQ0oKhCTkICN4TUSuodgy/A== - - - -""".strip() - # " <-- Trick for Emacs Python mode. - requestType = lasso.get_request_type_from_soap_msg(soapRequestMessage) - self.failUnlessEqual(requestType, lasso.requestTypeLogout) - idpLogout = lasso.Logout.new(idpServer, lasso.providerTypeIdp) - idpLogout.process_request_msg(soapRequestMessage, lasso.httpMethodSoap) - self.failUnless(idpLogout.nameIdentifier) - idpIdentityDump = """\ -QkM3M0M4MTYxREQzNEYwNEI4M0I4MUVERDUyQUUyMjA= -""".strip() - idpLogout.set_identity_from_dump(idpIdentityDump) - self.failUnlessEqual(idpLogout.get_identity().dump(), idpIdentityDump) - idpSessionDump = """ -QkM3M0M4MTYxREQzNEYwNEI4M0I4MUVERDUyQUUyMjA=QkM3M0M4MTYxREQzNEYwNEI4M0I4MUVERDUyQUUyMjA=urn:oasis:names:tc:SAML:1.0:cm:bearer - - - - - - - - -TqCKQTLsexix/tIqEabjBPcYby8= - - -l96xDhc0/nevhvx79eyYvGknXDJMcykiomKOLMiL0FcxOglaKi/aNOGNA5VdT0mh -EdlAynOOVy9xXphy9kLyXXSMcYV5UMeqCIi0ro5cvMP1xBfEqBHAHaYQR+TXbGdn -bPCkIvGwzLDVr8bvwWnPjHqaXffswlfzjrDYq726Sx37s3UBgcViEVG0HTGe2X+f -Kx2iahOjVLvR9bBWOdsiKNisK3GtZPGFmxIXALg8oZnwJA4JKodzh+o1synKoLn3 -2WigVh7r43LISSkCHx1C7qIK2zFz8YtPtaHa4xfMWT6QwZRngsXRcUcUibWZyoYt -950ly3lp1XkexL0uRXPvKw== - - -MIIDKTCCAhECAQEwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCSVQxDzANBgNV -BAcTBlBvbXBlaTEQMA4GA1UEChMHVmVzdXZpbzEpMCcGA1UEAxMgVmVzdXZpbyBM -aWJlcnR5IEFsbGlhbmNlIFJvb3QgQ0EwHhcNMDQwNDIwMTQwMzQ1WhcNMDUwNDIw -MTQwMzQ1WjBaMQswCQYDVQQGEwJJVDEPMA0GA1UEBxMGUG9tcGVpMR4wHAYDVQQK -ExVJZGVudGl0eSBQcm92aWRlciBJbmMxGjAYBgNVBAMTEWlkZW50aXR5LXByb3Zp -ZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4SGH3FPnhpQ8rCED -RmC+NEkJQ6ZrG1jRL1kNx3wNu1xRZgFPiEDFnu9p/muVQkRAzK4txgC5i0ymwgRZ -uan2yFrdq7Kpc9r0cM1S/q63aQeOMXQszz6G0NIY9DOzdrdlTc2uToBpIPA4a/Tf -NWpMFZ7zGB9ThJ4+S5MAIA6y3SRWYHOqdlwjo/R0P4C3y8wIClgI0ZTdS6/Rkr59 -XC4WRocMzGCSsk+1F1tAZoR77ummLcY4nFkbtawyeRXEUpSpDaxgVEEmvH+/Kqx5 -NhVzeCZkm8szOzMea+QT4Uh3F7GVwY/7+JV23eCGyr2n3EhXgCqw0nnGSGR7vrNl -Ue1oswIDAQABMA0GCSqGSIb3DQEBBAUAA4IBAQAFyYC/V49X7ZNLpYI8jx1TE9X3 -J4c47cCLaxslrhi0/X6nCOEcBckXtbL+ZhIiHfI6PWizHMjTCEkJOYMVOsXyWN73 -XdzfIZVrThQRsYvQZqUH8cZZH3fFg/RyEM3fzlFDsuIxfg7+NIDNmSFbt/YdFL0T -3sB7jYSkKr4buX9ZewdOfRxwN4MZIE32SoBo+UOgNrMM2hcQTStBK09vzJiWQE/4 -aWbZJT9jtBPGWTsMS8g1x9WAmJHV2BpUiSfY39895a5T7kbbqZ3rp7DM9dgLjdXC -jFL7NhzvY02aBTLhm22YOLYnlycKm64NGne+siooDCi5tel2/vcx+e+btX9x - - - -""".strip() - # " <-- Trick for Emacs Python mode. - idpLogout.set_session_from_dump(idpSessionDump) - self.failUnlessEqual(idpLogout.get_session().dump(), idpSessionDump) - idpLogout.validate_request() - self.failIf(idpLogout.is_identity_dirty()) - self.failUnless(idpLogout.is_session_dirty()) - idpSessionDump = idpLogout.get_session().dump() - self.failUnless(idpSessionDump) - self.failIf(idpLogout.get_next_providerID()) - idpLogout.build_response_msg() - soapResponseMsg = idpLogout.msg_body - self.failUnless(soapResponseMsg) - - def test05(self): - """Service provider logout.""" - spServer = self.generateSpServer() - spLogout = lasso.Logout.new(spServer, lasso.providerTypeSp) - - spIdentityDump = """\ -RTE5REZDN0UyMEJEQzA0MDQxRjM3NThCQkFCNERCODQ=RTE5REZDN0UyMEJEQzA0MDQxRjM3NThCQkFCNERCODQ= -""".strip() - spLogout.set_identity_from_dump(spIdentityDump) - - spSessionDump = """\ -RTE5REZDN0UyMEJEQzA0MDQxRjM3NThCQkFCNERCODQ=RTE5REZDN0UyMEJEQzA0MDQxRjM3NThCQkFCNERCODQ=urn:oasis:names:tc:SAML:1.0:cm:bearer - - - - - - - - -8BSywvR2YB/euz8CCEhElQRSiZA= - - -Vg0BM0Z15mFsRxEOhy9oCfXuK/NgQPrgJc2Kf3tE9g/uTnNFGq0YNB5KSlonJLUr -0cZ8D18XlTJrZp22vPCUO44hvL5DDWGTctqJbl+TV3D8qzFlfe8XOPBy3cUSXcYo -E4qR44SnA9iZeRH0t4c3+8lY+BeXoqcglBrpE86B5Ftfb7wvLY0m8fdzPSJneSqq -Z41uh4Wtegq4bqIkUev0nrY1wKHJjkfpKNmcirGTNm0gm8c/Ki9UCgI9g4cknj+F -/UR8LQH/H8u2YSp3w5wiWfcmEfjfoVqa8YoiwWAoRgkKRVwER6iXYdqJ9vF0GFN/ -Bm7OmEnDwF3bc/fruca4Pg== - - -MIIDKTCCAhECAQEwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCSVQxDzANBgNV -BAcTBlBvbXBlaTEQMA4GA1UEChMHVmVzdXZpbzEpMCcGA1UEAxMgVmVzdXZpbyBM -aWJlcnR5IEFsbGlhbmNlIFJvb3QgQ0EwHhcNMDQwNDIwMTQwMzQ1WhcNMDUwNDIw -MTQwMzQ1WjBaMQswCQYDVQQGEwJJVDEPMA0GA1UEBxMGUG9tcGVpMR4wHAYDVQQK -ExVJZGVudGl0eSBQcm92aWRlciBJbmMxGjAYBgNVBAMTEWlkZW50aXR5LXByb3Zp -ZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4SGH3FPnhpQ8rCED -RmC+NEkJQ6ZrG1jRL1kNx3wNu1xRZgFPiEDFnu9p/muVQkRAzK4txgC5i0ymwgRZ -uan2yFrdq7Kpc9r0cM1S/q63aQeOMXQszz6G0NIY9DOzdrdlTc2uToBpIPA4a/Tf -NWpMFZ7zGB9ThJ4+S5MAIA6y3SRWYHOqdlwjo/R0P4C3y8wIClgI0ZTdS6/Rkr59 -XC4WRocMzGCSsk+1F1tAZoR77ummLcY4nFkbtawyeRXEUpSpDaxgVEEmvH+/Kqx5 -NhVzeCZkm8szOzMea+QT4Uh3F7GVwY/7+JV23eCGyr2n3EhXgCqw0nnGSGR7vrNl -Ue1oswIDAQABMA0GCSqGSIb3DQEBBAUAA4IBAQAFyYC/V49X7ZNLpYI8jx1TE9X3 -J4c47cCLaxslrhi0/X6nCOEcBckXtbL+ZhIiHfI6PWizHMjTCEkJOYMVOsXyWN73 -XdzfIZVrThQRsYvQZqUH8cZZH3fFg/RyEM3fzlFDsuIxfg7+NIDNmSFbt/YdFL0T -3sB7jYSkKr4buX9ZewdOfRxwN4MZIE32SoBo+UOgNrMM2hcQTStBK09vzJiWQE/4 -aWbZJT9jtBPGWTsMS8g1x9WAmJHV2BpUiSfY39895a5T7kbbqZ3rp7DM9dgLjdXC -jFL7NhzvY02aBTLhm22YOLYnlycKm64NGne+siooDCi5tel2/vcx+e+btX9x - - - -""".strip() - # " <-- Trick for Emacs Python mode. - spLogout.set_session_from_dump(spSessionDump) - - spLogout.init_request() - spLogout.build_request_msg() - self.failUnless(spLogout.msg_url) - self.failUnless(spLogout.msg_body) - self.failUnless(spLogout.nameIdentifier) - - soapResponseMessage = """\ -https://identity-provider:1998/liberty-alliance/metadata -""".strip() - spLogout.process_response_msg(soapResponseMessage, lasso.httpMethodSoap) - self.failIf(spLogout.is_identity_dirty()) - self.failUnless(spLogout.is_session_dirty()) - spSessionDump = spLogout.get_session().dump() - # self.failIf(spSessionDump) +## def test04(self): +## """Identity provider logout.""" +## idpServer = self.generateIdpServer() +## soapRequestMessage = """\ +## https://service-provider:2003/liberty-alliance/metadataQkM3M0M4MTYxREQzNEYwNEI4M0I4MUVERDUyQUUyMjA= +## +## +## +## +## +## +## +## +## NlVszQnxIyPU7zbJYadQmTnFAsI= +## +## +## h0lB2hBstgxlNYnVQ4xzmXIi2APqNxKEEfUqYm3NeGmddbazg0/Y/SdcqLlto9fy +## ML34w/TJG7DnCdeUQVxdxhzmJlv3X2U5qDAYh6gX4g36wJCntderC5LtNkZhhTWt +## m9NWGszFhCm9nSaGATdj4JGqJNc+LUIt3EvXHDIqQ/LU2g3hxZQ4Hs5Fg9yqRS98 +## 5CWPtckYcGPcG8kFuTKNos2F4KQPyXJRX0KF+9FbkBX0RsblstzL0CiFUlor4m+R +## ejvMcEt/nGCGj7F5mRPYcW3ZxTw4J2wAqS52Tu41fyeKw5SHIJQNmwV25P/hINim +## hd2ybn/G3vK2If0+rUjA8Q== +## +## +## MIIDJzCCAg8CAQIwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCSVQxDzANBgNV +## BAcTBlBvbXBlaTEQMA4GA1UEChMHVmVzdXZpbzEpMCcGA1UEAxMgVmVzdXZpbyBM +## aWJlcnR5IEFsbGlhbmNlIFJvb3QgQ0EwHhcNMDQwNDIwMTQyMDMxWhcNMDUwNDIw +## MTQyMDMxWjBYMQswCQYDVQQGEwJJVDEPMA0GA1UEBxMGUG9tcGVpMR0wGwYDVQQK +## ExRTZXJ2aWNlIFByb3ZpZGVyIEluYzEZMBcGA1UEAxMQc2VydmljZS1wcm92aWRl +## cjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALIjOIroSVwUaMOyFlGL +## p6oCDkI14ssZRec/l2Z+p89kwVF+vkyhE7LHkaIgE1RnmPhcudzMCNFc6okpHdtV +## yU+GTSXhRN7/BGYBoDpfNpTMP0aUpw/BQOhL+zeb0nSsSf7ejNeKyvR+q5ia+3N4 +## dm9vgUPWZk0iN0URMSRxzIA3nEsR+B9JV7BFFyfbBxwLR4Aht667cuSeFnAUnynp +## JiHiKF/r5yXk+EKK++8NpjflpJnFVT1mSfj+6iYutiOrgUKgCANsaXr0WomR4oKg +## kqzP2DLDwnwi73vUAW4y9CBNk7nDtZJFhUxKa63i1HgHCKNvHfVjvKPz844PnLw/ +## CWMCAwEAATANBgkqhkiG9w0BAQQFAAOCAQEAOfAVexQY2ImgBWjcAkGAYfLwMZ2k +## 8jtQGRgbPuD1DBQ+oZm+Ykuw30orVAo8/S5PcSNdRawOVoTY60oRupGBctoqSzmp +## SiBkWOwb4wBZOHfSNRFDS83N0ewHk4FFY6t5NPlhUORC07xl4GaVUb5LjyDKMh2j +## RtLaR85lCV8xVvM+jdBzBM2FxOQ0WdhphMjO4gj5ene791iT4PpA69o7wuZ9g728 +## CGb/HRUx5EPgbIy52G224ITlQWadD1Z6y4PFTowDjkaRVerjUVRJZ/a5QVNsI4Du +## /z71zAbdg4NfTfXjAXHRhEGappHVBROAQFchQ0oKhCTkICN4TUSuodgy/A== +## +## +## +## """.strip() +## # " <-- Trick for Emacs Python mode. +## requestType = lasso.get_request_type_from_soap_msg(soapRequestMessage) +## self.failUnlessEqual(requestType, lasso.requestTypeLogout) +## idpLogout = lasso.Logout.new(idpServer, lasso.providerTypeIdp) +## idpLogout.process_request_msg(soapRequestMessage, lasso.httpMethodSoap) +## self.failUnless(idpLogout.nameIdentifier) +## idpIdentityDump = """\ +## QkM3M0M4MTYxREQzNEYwNEI4M0I4MUVERDUyQUUyMjA= +## """.strip() +## idpLogout.set_identity_from_dump(idpIdentityDump) +## self.failUnlessEqual(idpLogout.get_identity().dump(), idpIdentityDump) +## idpSessionDump = """ +## QkM3M0M4MTYxREQzNEYwNEI4M0I4MUVERDUyQUUyMjA=QkM3M0M4MTYxREQzNEYwNEI4M0I4MUVERDUyQUUyMjA=urn:oasis:names:tc:SAML:1.0:cm:bearer +## +## +## +## +## +## +## +## +## TqCKQTLsexix/tIqEabjBPcYby8= +## +## +## l96xDhc0/nevhvx79eyYvGknXDJMcykiomKOLMiL0FcxOglaKi/aNOGNA5VdT0mh +## EdlAynOOVy9xXphy9kLyXXSMcYV5UMeqCIi0ro5cvMP1xBfEqBHAHaYQR+TXbGdn +## bPCkIvGwzLDVr8bvwWnPjHqaXffswlfzjrDYq726Sx37s3UBgcViEVG0HTGe2X+f +## Kx2iahOjVLvR9bBWOdsiKNisK3GtZPGFmxIXALg8oZnwJA4JKodzh+o1synKoLn3 +## 2WigVh7r43LISSkCHx1C7qIK2zFz8YtPtaHa4xfMWT6QwZRngsXRcUcUibWZyoYt +## 950ly3lp1XkexL0uRXPvKw== +## +## +## MIIDKTCCAhECAQEwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCSVQxDzANBgNV +## BAcTBlBvbXBlaTEQMA4GA1UEChMHVmVzdXZpbzEpMCcGA1UEAxMgVmVzdXZpbyBM +## aWJlcnR5IEFsbGlhbmNlIFJvb3QgQ0EwHhcNMDQwNDIwMTQwMzQ1WhcNMDUwNDIw +## MTQwMzQ1WjBaMQswCQYDVQQGEwJJVDEPMA0GA1UEBxMGUG9tcGVpMR4wHAYDVQQK +## ExVJZGVudGl0eSBQcm92aWRlciBJbmMxGjAYBgNVBAMTEWlkZW50aXR5LXByb3Zp +## ZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4SGH3FPnhpQ8rCED +## RmC+NEkJQ6ZrG1jRL1kNx3wNu1xRZgFPiEDFnu9p/muVQkRAzK4txgC5i0ymwgRZ +## uan2yFrdq7Kpc9r0cM1S/q63aQeOMXQszz6G0NIY9DOzdrdlTc2uToBpIPA4a/Tf +## NWpMFZ7zGB9ThJ4+S5MAIA6y3SRWYHOqdlwjo/R0P4C3y8wIClgI0ZTdS6/Rkr59 +## XC4WRocMzGCSsk+1F1tAZoR77ummLcY4nFkbtawyeRXEUpSpDaxgVEEmvH+/Kqx5 +## NhVzeCZkm8szOzMea+QT4Uh3F7GVwY/7+JV23eCGyr2n3EhXgCqw0nnGSGR7vrNl +## Ue1oswIDAQABMA0GCSqGSIb3DQEBBAUAA4IBAQAFyYC/V49X7ZNLpYI8jx1TE9X3 +## J4c47cCLaxslrhi0/X6nCOEcBckXtbL+ZhIiHfI6PWizHMjTCEkJOYMVOsXyWN73 +## XdzfIZVrThQRsYvQZqUH8cZZH3fFg/RyEM3fzlFDsuIxfg7+NIDNmSFbt/YdFL0T +## 3sB7jYSkKr4buX9ZewdOfRxwN4MZIE32SoBo+UOgNrMM2hcQTStBK09vzJiWQE/4 +## aWbZJT9jtBPGWTsMS8g1x9WAmJHV2BpUiSfY39895a5T7kbbqZ3rp7DM9dgLjdXC +## jFL7NhzvY02aBTLhm22YOLYnlycKm64NGne+siooDCi5tel2/vcx+e+btX9x +## +## +## +## """.strip() +## # " <-- Trick for Emacs Python mode. +## idpLogout.set_session_from_dump(idpSessionDump) +## self.failUnlessEqual(idpLogout.get_session().dump(), idpSessionDump) +## idpLogout.validate_request() +## self.failIf(idpLogout.is_identity_dirty()) +## self.failUnless(idpLogout.is_session_dirty()) +## idpSessionDump = idpLogout.get_session().dump() +## self.failUnless(idpSessionDump) +## self.failIf(idpLogout.get_next_providerID()) +## idpLogout.build_response_msg() +## soapResponseMsg = idpLogout.msg_body +## self.failUnless(soapResponseMsg) ## def test05(self): +## """Service provider logout.""" +## spServer = self.getServer() +## spLogout = lasso.Logout.new(spServer, lasso.providerTypeSp) + +## spIdentityDump = """\ +## RTE5REZDN0UyMEJEQzA0MDQxRjM3NThCQkFCNERCODQ=RTE5REZDN0UyMEJEQzA0MDQxRjM3NThCQkFCNERCODQ= +## """.strip() +## spLogout.set_identity_from_dump(spIdentityDump) + +## spSessionDump = """\ +## RTE5REZDN0UyMEJEQzA0MDQxRjM3NThCQkFCNERCODQ=RTE5REZDN0UyMEJEQzA0MDQxRjM3NThCQkFCNERCODQ=urn:oasis:names:tc:SAML:1.0:cm:bearer +## +## +## +## +## +## +## +## +## 8BSywvR2YB/euz8CCEhElQRSiZA= +## +## +## Vg0BM0Z15mFsRxEOhy9oCfXuK/NgQPrgJc2Kf3tE9g/uTnNFGq0YNB5KSlonJLUr +## 0cZ8D18XlTJrZp22vPCUO44hvL5DDWGTctqJbl+TV3D8qzFlfe8XOPBy3cUSXcYo +## E4qR44SnA9iZeRH0t4c3+8lY+BeXoqcglBrpE86B5Ftfb7wvLY0m8fdzPSJneSqq +## Z41uh4Wtegq4bqIkUev0nrY1wKHJjkfpKNmcirGTNm0gm8c/Ki9UCgI9g4cknj+F +## /UR8LQH/H8u2YSp3w5wiWfcmEfjfoVqa8YoiwWAoRgkKRVwER6iXYdqJ9vF0GFN/ +## Bm7OmEnDwF3bc/fruca4Pg== +## +## +## MIIDKTCCAhECAQEwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCSVQxDzANBgNV +## BAcTBlBvbXBlaTEQMA4GA1UEChMHVmVzdXZpbzEpMCcGA1UEAxMgVmVzdXZpbyBM +## aWJlcnR5IEFsbGlhbmNlIFJvb3QgQ0EwHhcNMDQwNDIwMTQwMzQ1WhcNMDUwNDIw +## MTQwMzQ1WjBaMQswCQYDVQQGEwJJVDEPMA0GA1UEBxMGUG9tcGVpMR4wHAYDVQQK +## ExVJZGVudGl0eSBQcm92aWRlciBJbmMxGjAYBgNVBAMTEWlkZW50aXR5LXByb3Zp +## ZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4SGH3FPnhpQ8rCED +## RmC+NEkJQ6ZrG1jRL1kNx3wNu1xRZgFPiEDFnu9p/muVQkRAzK4txgC5i0ymwgRZ +## uan2yFrdq7Kpc9r0cM1S/q63aQeOMXQszz6G0NIY9DOzdrdlTc2uToBpIPA4a/Tf +## NWpMFZ7zGB9ThJ4+S5MAIA6y3SRWYHOqdlwjo/R0P4C3y8wIClgI0ZTdS6/Rkr59 +## XC4WRocMzGCSsk+1F1tAZoR77ummLcY4nFkbtawyeRXEUpSpDaxgVEEmvH+/Kqx5 +## NhVzeCZkm8szOzMea+QT4Uh3F7GVwY/7+JV23eCGyr2n3EhXgCqw0nnGSGR7vrNl +## Ue1oswIDAQABMA0GCSqGSIb3DQEBBAUAA4IBAQAFyYC/V49X7ZNLpYI8jx1TE9X3 +## J4c47cCLaxslrhi0/X6nCOEcBckXtbL+ZhIiHfI6PWizHMjTCEkJOYMVOsXyWN73 +## XdzfIZVrThQRsYvQZqUH8cZZH3fFg/RyEM3fzlFDsuIxfg7+NIDNmSFbt/YdFL0T +## 3sB7jYSkKr4buX9ZewdOfRxwN4MZIE32SoBo+UOgNrMM2hcQTStBK09vzJiWQE/4 +## aWbZJT9jtBPGWTsMS8g1x9WAmJHV2BpUiSfY39895a5T7kbbqZ3rp7DM9dgLjdXC +## jFL7NhzvY02aBTLhm22YOLYnlycKm64NGne+siooDCi5tel2/vcx+e+btX9x +## +## +## +## """.strip() +## # " <-- Trick for Emacs Python mode. +## spLogout.set_session_from_dump(spSessionDump) + +## spLogout.init_request() +## spLogout.build_request_msg() +## self.failUnless(spLogout.msg_url) +## self.failUnless(spLogout.msg_body) +## self.failUnless(spLogout.nameIdentifier) + +## soapResponseMessage = """\ +## https://identity-provider:1998/liberty-alliance/metadata +## """.strip() +## spLogout.process_response_msg(soapResponseMessage, lasso.httpMethodSoap) +## self.failIf(spLogout.is_identity_dirty()) +## self.failUnless(spLogout.is_session_dirty()) +## spSessionDump = spLogout.get_session().dump() +## # self.failIf(spSessionDump) + +## def test06(self): ## """Service provider LECP login.""" ## # LECP has asked service provider for login. -## spServer = self.generateSpServer() +## spServer = self.getServer() ## # FIXME: Why doesn't lasso.Lecp.new have spServer as argument? ## # spLecp = lasso.Lecp.new(spServer) @@ -602,6 +985,7 @@ jFL7NhzvY02aBTLhm22YOLYnlycKm64NGne+siooDCi5tel2/vcx+e+btX9x ## msg = g_strdup(sp_lecp->msg_body); ## lasso_lecp_destroy(sp_lecp); + suite1 = unittest.makeSuite(LoginTestCase, 'test') allTests = unittest.TestSuite((suite1,))