[Tests/python] add test case for WebSSO with providers using encrypted keys
This commit is contained in:
parent
8198294c55
commit
950565e5a2
|
|
@ -43,6 +43,16 @@ except NameError:
|
|||
srcdir = os.environ.get('TOP_SRCDIR', '.')
|
||||
dataDir = '%s/tests/data' % srcdir
|
||||
|
||||
def server(local_name, remote_role, remote_name):
|
||||
pwd = os.path.join(dataDir, local_name, 'password')
|
||||
password = None
|
||||
if os.path.exists(pwd):
|
||||
password = file(pwd).read()
|
||||
s = lasso.Server(os.path.join(dataDir, local_name, 'metadata.xml'),
|
||||
os.path.join(dataDir, local_name, 'private-key.pem'),
|
||||
password)
|
||||
s.addProvider(remote_role, os.path.join(dataDir, remote_name, 'metadata.xml'))
|
||||
return s
|
||||
|
||||
class ServerTestCase(unittest.TestCase):
|
||||
def test01(self):
|
||||
|
|
@ -210,7 +220,6 @@ class LoginTestCase(unittest.TestCase):
|
|||
|
||||
def test05(self):
|
||||
'''SAMLv2 Authn request emitted and received using Artifact binding'''
|
||||
|
||||
sp = lasso.Server(
|
||||
os.path.join(dataDir, 'sp5-saml2/metadata.xml'),
|
||||
os.path.join(dataDir, 'sp5-saml2/private-key.pem'))
|
||||
|
|
@ -241,10 +250,28 @@ class LoginTestCase(unittest.TestCase):
|
|||
try:
|
||||
idp_login.processResponseMsg(sp_login2.msgBody)
|
||||
except:
|
||||
print idp_login.response
|
||||
raise
|
||||
assert isinstance(idp_login.request, lasso.Samlp2AuthnRequest)
|
||||
|
||||
def test_06(self):
|
||||
'''Login test between SP and IdP with encrypted private keys'''
|
||||
sp_server = server('sp7-saml2', lasso.PROVIDER_ROLE_IDP, 'idp7-saml2')
|
||||
idp_server = server('idp7-saml2', lasso.PROVIDER_ROLE_SP, 'sp7-saml2')
|
||||
|
||||
sp_login = lasso.Login(sp_server)
|
||||
sp_login.initAuthnRequest()
|
||||
sp_login.request.protocolBinding = lasso.SAML2_METADATA_BINDING_POST;
|
||||
sp_login.buildAuthnRequestMsg()
|
||||
idp_login = lasso.Login(idp_server)
|
||||
idp_login.setSignatureVerifyHint(lasso.PROFILE_SIGNATURE_VERIFY_HINT_FORCE)
|
||||
idp_login.processAuthnRequestMsg(sp_login.msgUrl.split('?')[1])
|
||||
idp_login.validateRequestMsg(True, True)
|
||||
idp_login.buildAssertion("None", "None", "None", "None", "None")
|
||||
idp_login.buildAuthnResponseMsg()
|
||||
sp_login.setSignatureVerifyHint(lasso.PROFILE_SIGNATURE_VERIFY_HINT_FORCE)
|
||||
sp_login.processAuthnResponseMsg(idp_login.msgBody)
|
||||
sp_login.acceptSso()
|
||||
|
||||
class LogoutTestCase(unittest.TestCase):
|
||||
def test01(self):
|
||||
"""SP logout without session and identity; testing initRequest."""
|
||||
|
|
@ -434,7 +461,6 @@ class LogoutTestCase(unittest.TestCase):
|
|||
|
||||
node = lasso.Samlp2LogoutRequest.newFromXmlNode(content)
|
||||
assert isinstance(node, lasso.Samlp2LogoutRequest)
|
||||
print node.sessionIndex
|
||||
assert node.sessionIndex == 'id3'
|
||||
assert node.sessionIndexes == ('id1', 'id2', 'id3')
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,2 @@
|
|||
MAINTAINERCLEANFILES = Makefile.in
|
||||
EXTRA_DIST = metadata.xml private-key.pem
|
||||
|
|
@ -0,0 +1,108 @@
|
|||
<?xml version="1.0"?>
|
||||
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
|
||||
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
|
||||
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
|
||||
entityID="http://idp5/metadata">
|
||||
<IDPSSODescriptor
|
||||
WantAuthnRequestsSigned="true"
|
||||
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
||||
<KeyDescriptor use="signing">
|
||||
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<ds:X509Data><ds:X509Certificate>
|
||||
MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEP
|
||||
MA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczETMBEGA1UEChMKRW50cm91
|
||||
dmVydDEPMA0GA1UEAxMGRGFtaWVuMB4XDTA2MTAyNzA5MDc1NFoXDTExMTAyNjA5
|
||||
MDc1NFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMF
|
||||
UGFyaXMxEzARBgNVBAoTCkVudHJvdXZlcnQxDzANBgNVBAMTBkRhbWllbjCCASIw
|
||||
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM06Hx6VgHYR9wUf/tZVVTRkVWNq
|
||||
h9x+PvHA2qH4OYMuqGs4Af6lU2YsZvnrmRdcFWv0+UkdAgXhReCWAZgtB1pd/W9m
|
||||
6qDRldCCyysow6xPPKRz/pOTwRXm/fM0QGPeXzwzj34BXOIOuFu+n764vKn18d+u
|
||||
uVAEzk1576pxTp4pQPzJfdNLrLeQ8vyCshoFU+MYJtp1UA+h2JoO0Y8oGvywbUxH
|
||||
ioHN5PvnzObfAM4XaDQohmfxM9Uc7Wp4xKAc1nUq5hwBrHpjFMRSz6UCfMoJSGIi
|
||||
+3xJMkNCjL0XEw5NKVc5jRKkzSkN5j8KTM/k1jPPsDHPRYzbWWhnNtd6JlkCAwEA
|
||||
AaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0
|
||||
ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFP2WWMDShux3iF74+SoO1xf6qhqaMB8G
|
||||
A1UdIwQYMBaAFGjl6TRXbQDHzSlZu+e8VeBaZMB5MA0GCSqGSIb3DQEBBQUAA4IB
|
||||
AQAZ/imK7UMognXbs5RfSB8cMW6iNAI+JZqe9XWjvtmLfIIPbHM96o953SiFvrvQ
|
||||
BZjGmmPMK3UH29cjzDx1R/RQaYTyMrHyTePLh3BMd5mpJ/9eeJCSxPzE2ECqWRUa
|
||||
pkjukecFXqmRItwgTxSIUE9QkpzvuQRb268PwmgroE0mwtiREADnvTFkLkdiEMew
|
||||
fiYxZfJJLPBqwlkw/7f1SyzXoPXnz5QbNwDmrHelga6rKSprYKb3pueqaIe8j/AP
|
||||
NC1/bzp8cGOcJ88BD5+Ny6qgPVCrMLE5twQumJ12V3SvjGNtzFBvg2c/9S5OmVqR
|
||||
LlTxKnCrWAXftSm1rNtewTsF
|
||||
</ds:X509Certificate></ds:X509Data>
|
||||
</ds:KeyInfo>
|
||||
</KeyDescriptor>
|
||||
<KeyDescriptor use="encryption">
|
||||
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<ds:KeyValue>
|
||||
MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEP
|
||||
MA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczETMBEGA1UEChMKRW50cm91
|
||||
dmVydDEPMA0GA1UEAxMGRGFtaWVuMB4XDTA2MTAyNzA5MDc1NFoXDTExMTAyNjA5
|
||||
MDc1NFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMF
|
||||
UGFyaXMxEzARBgNVBAoTCkVudHJvdXZlcnQxDzANBgNVBAMTBkRhbWllbjCCASIw
|
||||
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM06Hx6VgHYR9wUf/tZVVTRkVWNq
|
||||
h9x+PvHA2qH4OYMuqGs4Af6lU2YsZvnrmRdcFWv0+UkdAgXhReCWAZgtB1pd/W9m
|
||||
6qDRldCCyysow6xPPKRz/pOTwRXm/fM0QGPeXzwzj34BXOIOuFu+n764vKn18d+u
|
||||
uVAEzk1576pxTp4pQPzJfdNLrLeQ8vyCshoFU+MYJtp1UA+h2JoO0Y8oGvywbUxH
|
||||
ioHN5PvnzObfAM4XaDQohmfxM9Uc7Wp4xKAc1nUq5hwBrHpjFMRSz6UCfMoJSGIi
|
||||
+3xJMkNCjL0XEw5NKVc5jRKkzSkN5j8KTM/k1jPPsDHPRYzbWWhnNtd6JlkCAwEA
|
||||
AaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0
|
||||
ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFP2WWMDShux3iF74+SoO1xf6qhqaMB8G
|
||||
A1UdIwQYMBaAFGjl6TRXbQDHzSlZu+e8VeBaZMB5MA0GCSqGSIb3DQEBBQUAA4IB
|
||||
AQAZ/imK7UMognXbs5RfSB8cMW6iNAI+JZqe9XWjvtmLfIIPbHM96o953SiFvrvQ
|
||||
BZjGmmPMK3UH29cjzDx1R/RQaYTyMrHyTePLh3BMd5mpJ/9eeJCSxPzE2ECqWRUa
|
||||
pkjukecFXqmRItwgTxSIUE9QkpzvuQRb268PwmgroE0mwtiREADnvTFkLkdiEMew
|
||||
fiYxZfJJLPBqwlkw/7f1SyzXoPXnz5QbNwDmrHelga6rKSprYKb3pueqaIe8j/AP
|
||||
NC1/bzp8cGOcJ88BD5+Ny6qgPVCrMLE5twQumJ12V3SvjGNtzFBvg2c/9S5OmVqR
|
||||
LlTxKnCrWAXftSm1rNtewTsF
|
||||
</ds:KeyValue>
|
||||
</ds:KeyInfo>
|
||||
</KeyDescriptor>
|
||||
|
||||
<ArtifactResolutionService isDefault="true" index="0"
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
|
||||
Location="http://idp5/artifact" />
|
||||
<SingleLogoutService
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
|
||||
Location="http://idp5/singleLogoutSOAP" />
|
||||
<SingleLogoutService
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
|
||||
Location="http://idp5/singleLogout"
|
||||
ResponseLocation="http://idp5/singleLogoutReturn" />
|
||||
<ManageNameIDService
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
|
||||
Location="http://idp5/manageNameIdSOAP" />
|
||||
<ManageNameIDService
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
|
||||
Location="http://idp5/manageNameId"
|
||||
ResponseLocation="http://idp5/manageNameIdReturn" />
|
||||
<SingleSignOnService
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
|
||||
Location="http://idp5/singleSignOn" />
|
||||
<SingleSignOnService
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
|
||||
Location="http://idp5/singleSignOnSOAP" />
|
||||
</IDPSSODescriptor>
|
||||
<AuthnAuthorityDescriptor
|
||||
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
||||
<AuthnQueryService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://idp6/authnQueryService"/>
|
||||
<AssertionIDRequestService Binding="urn:oasis:names:tc:SAML:2.0:bindings:URI" Location="http://idp6/authnAuthAssertionIDRequestService"/>
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
|
||||
</AuthnAuthorityDescriptor>
|
||||
<PDPDescriptor
|
||||
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
||||
<AuthzService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://idp6/authzService"/>
|
||||
<AssertionIDRequestService Binding="urn:oasis:names:tc:SAML:2.0:bindings:URI" Location="http://idp6/PDPAuthAssertionIDRequestService"/>
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:kerberos</NameIDFormat>
|
||||
</PDPDescriptor>
|
||||
<AttributeAuthorityDescriptor
|
||||
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
||||
<AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://idp6/attributeService"/>
|
||||
<AssertionIDRequestService Binding="urn:oasis:names:tc:SAML:2.0:bindings:URI" Location="http://idp6/AttributeAuthAssertionIDRequestService"/>
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</NameIDFormat>
|
||||
</AttributeAuthorityDescriptor>
|
||||
<Organization>
|
||||
<OrganizationName xml:lang="en">Entr'ouvert</OrganizationName>
|
||||
</Organization>
|
||||
|
||||
</EntityDescriptor>
|
||||
|
|
@ -0,0 +1 @@
|
|||
geronimo
|
||||
|
|
@ -0,0 +1,30 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
Proc-Type: 4,ENCRYPTED
|
||||
DEK-Info: AES-256-CBC,41BE9422FBDF1769BFEF03F9116F7A86
|
||||
|
||||
qKrThgVCsCb5Lx/7RIpwuvDZi6gvxEFb33QEjIEWdZ+ad0dkGRvxrIqqj+XvHEeW
|
||||
V57oPO1sFAlgb+zBrGZpqItCAJEqC4NU55SwKZpKUtT0XdlHFRyfORlBwzb0qW/3
|
||||
dZbyhsEm+164MdXsCZiUYS/VAm8b1pYmBIkoPSZMMnPljNYVigRpYttF9dwMYgTQ
|
||||
u/FwRS696qGSyo7ko00P8UbtTLgM+ufkCFNld6uxYphSNXAQyRQz4vQs97emNE58
|
||||
4JB5//0agCOa9qUz14ZQSpM2JyoevMHUOHyjbGJOLsCMPnQEboKvgj0gsZcgP2Ys
|
||||
K4Nf/EQKadBbXpK4olxz50e6ybR0i7nylYsu7YVFyFR9GWbra29OAYEPvQxvBll7
|
||||
RIoZ4hI0ZgBY0qFFcyZbKH94Pqk5w0QSjfkHPcH/WL0UjLb+n59KsIUnmZ3dtiF9
|
||||
9mdE71wq94jOcqibjVmUy3Gyw4COZKTTjq9ptuLBC6fEPxGh6dfpSSV431Wpvpxy
|
||||
OE15vfeT1i/ymH0ckWsQXgUqZ6QTuaTvlu5JpD94Blu7p6Rzj5fxEnLhOtwjXWpq
|
||||
k6MAlS9bKhGbPbnzAqm5HkRypgDaNBPRXZhb9LClB5ysfjZRNdxCWrWusEGEtioQ
|
||||
TdkPsUZ78d8m3u+FvOM2mTVkQBa6sAEl1l8fuOITuaNCYLBIIhyAvJfXRHhOC+zs
|
||||
nvS6DX+3bZupxFJFcMi9fqlmz0QSXj4tKlbHY/xo3dGqQj5BWyibo8tDVhVIYy99
|
||||
zo/t8J0LTfSSCIvoV2gFHSoC7RIJ9Q25L0AV6TQiB2F/7FTeznfd7Tk9ZHokmiED
|
||||
5VAKGRjDmPCZIJr2pbeEmwzs3r/p53JfLyNProv+ljTJLgdFtG1en5A3MsmymR0c
|
||||
LTIxHWZjAwl7ai1yGghzqVYllm+OFjo6LsSusbuQwKs+Bo9qZPCBb10gQGur+ZR8
|
||||
r9Vfd3WV/WMJfi8Ciogd+uXhPzVxf5PyBvZh9vwqXHSB9YLxe+NpAxLxF5OuZmJx
|
||||
VBdTA5y19XUvyucOOxjcJZaZTP6BYADsaUxhQIQHfyUtk6Y7Iwk2Abf4TQIuC5x6
|
||||
XEeRSmbKPCkuKh9L0H4KcK6hmFSyh7AICpUEW7tcMtK9HaZT/K5jsHPkG5q/3GXh
|
||||
ed7e0QaA2Qc0uAvoFgGTPkgE6Nym30R6NUlnHl2T3gK9Ei6fQKdTYPYgRXAKmbNO
|
||||
Wp0cjQ7w1zUNjoxkACX2Br2xm3DhnLVFPj6AWpnCsTtQA3ecgIzvSZugxpr0muP0
|
||||
SIPpBuyko+t0YQjP3DOZxeiLQ5o+3VxI749KfDuaNZsDN7ZPso7Pt1oG34uGgsFl
|
||||
UypVEv+CgzTkepPPqJTWgK5VfNrSK3ev7Is90bpiyjwqywlwYaZUOXBm+wBwUmtH
|
||||
T+lLtw00R5JGolA4I2MCd4PTauzbj30jLYJWLLW8sZcfMgpwnKUNtVwRaDMnOXIA
|
||||
eX0cesfIbMiYF1sgR2Lqar/uqSJf1Kx8xIFdvqYZWsudF0ij4fva4xtCc0bgrnSy
|
||||
lz91YgfF95hTd/qcCiO5GQxScG7umtUZLYmZKqtYKDjCkvtvnGFhqB5Ie21DK6OX
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -1 +1 @@
|
|||
geronimo
|
||||
geronimo
|
||||
Loading…
Reference in New Issue