0001-tests-use-dummy-metadata-from-lasso-starts-tests-of-.patch
| tests/idp-private-key.pem | ||
|---|---|---|
| 1 |
-----BEGIN RSA PRIVATE KEY----- |
|
| 2 |
MIIEowIBAAKCAQEAzTofHpWAdhH3BR/+1lVVNGRVY2qH3H4+8cDaofg5gy6oazgB |
|
| 3 |
/qVTZixm+euZF1wVa/T5SR0CBeFF4JYBmC0HWl39b2bqoNGV0ILLKyjDrE88pHP+ |
|
| 4 |
k5PBFeb98zRAY95fPDOPfgFc4g64W76fvri8qfXx3665UATOTXnvqnFOnilA/Ml9 |
|
| 5 |
00ust5Dy/IKyGgVT4xgm2nVQD6HYmg7Rjyga/LBtTEeKgc3k++fM5t8AzhdoNCiG |
|
| 6 |
Z/Ez1RztanjEoBzWdSrmHAGsemMUxFLPpQJ8yglIYiL7fEkyQ0KMvRcTDk0pVzmN |
|
| 7 |
EqTNKQ3mPwpMz+TWM8+wMc9FjNtZaGc213omWQIDAQABAoIBAEPj5keHzWdBqiXX |
|
| 8 |
38WnlPgv+M9afndCjDANTEYoh14OIUjWzlIe/ufd6HLkrVA89hkwgQbewbyQOT2C |
|
| 9 |
YiSlQLl0PlKMCTIKIzVHD07HvXNTAwykEqNfTZChSYEa1/Ixre+MXvugF8nwdKxk |
|
| 10 |
8xN0qXTQF6OXeVYvQNAAdng743YON4ubqKlEezIwnfG/jcoZrGkiTpx+k1JXJsZN |
|
| 11 |
4dHKFP12RRhUTGjaOkBo41w8GNKQLFpy1vqAOYMyi1SJcrwpAu3H0iQug9SylQaM |
|
| 12 |
bFjt8j/m13gu3zXIJbi8xbyg3nqpxl9dxcZG/cDA9z2tLu/h3G3nPq7CXvkZxmjl |
|
| 13 |
ePvOCwECgYEA9zbwYMtd8tT3PHtrCtjwkfxV0dvMmfNw/rRT4ShWtKLmgX+K9nz/ |
|
| 14 |
T4qpbehz4z7OvsLjQ6Bt6wjMNMw9SEBeEMyDVTpmzSD2PowARegmeLX4CsilqHHl |
|
| 15 |
/AMYUtywEQ2f65/CWPiMIt8mLnEyJ/dsyVLpuzGUNNt34Yaqpu2qXnUCgYEA1IUy |
|
| 16 |
PObmTh3I8ZyESyGhbu2TYs0A8Zy6eTIAv0ijOIpmUykzjE5pR9sB3nYEd4GTHPEv |
|
| 17 |
hF6SWfNIDDr83TqThJYzkFyXMCxiVLH55U42wlsvwp4jTnOI3K/7Y7U/lEmBlgcl |
|
| 18 |
JbIIv1t9okg3+Kuu4i7iB6JR89cSO/Wfcdu/c9UCgYAHE5eF7cxeqyH4pT/HK7aX |
|
| 19 |
NzXtr/EHZySQ5fCQvWrd+NvIUTJVI/ba/AklkEXg92dLpqCCyxDabYIK8N3AN7d5 |
|
| 20 |
m6EWy3kt3geueqt3VNHlGrBi/qNfUwNWV3BWzuJrWox9XjFeAp9gUCrzoWHiKv7+ |
|
| 21 |
NFVkemLXsICaABTaemsqEQKBgQDJJ4n1u1gieG7Kwqs1sg9rP9RRoFlUWFTogjvS |
|
| 22 |
0p4r1lQkQstX8qAUM2gBeROhSjRFIMUpNZqxKWT4rpzJibg3tzP3YKx6HIi2Qf+W |
|
| 23 |
3AFY1ZbPT397sj/JI4l/Rv93DFxr9TdkBq/g8GhqQpE3/sj5rgaj0zBe7SOFPWg+ |
|
| 24 |
DRGaQQKBgEEcSF5KmpIHnhi3WlfGiEtx3kcD63orKME0YYA5BM6wnmRT4QiSw+qj |
|
| 25 |
i7ljrKGSbmdMFC3ArM42/k2lXYpVLsYWmyaRYSgbdowxLM1XxDJMFIPR2uG6N+vi |
|
| 26 |
HzWkRxi2SXKU42vfs5eA0itHvQP2DfUx8VuvtwVbOxDGgntYia70 |
|
| 27 |
-----END RSA PRIVATE KEY----- |
|
| tests/metadata.xml | ||
|---|---|---|
| 1 | 1 |
<?xml version="1.0"?> |
| 2 |
<ns0:EntityDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" entityID="https://cresson.entrouvert.org/idp/saml2/metadata"><ns0:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><ns0:KeyDescriptor><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIIC+TCCAeGgAwIBAgIJAJqAKDUDlSinMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV |
|
| 3 |
BAMMCHdob2NhcmVzMB4XDTE0MDUyNzE0MzE0OVoXDTI0MDUyNDE0MzE0OVowEzER |
|
| 4 |
MA8GA1UEAwwId2hvY2FyZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB |
|
| 5 |
AQDrUFQGviUE+unV4afJQiRUPp4/D+Ltvuw59BuJwdNEWHA2vchhnwDLlp3RWKaf |
|
| 6 |
SWBJift55C4ybQKn5AEe6FHlIapJPvNqYnVP+0IgUFJmrxTWG9IT/5ZvJS0yer/O |
|
| 7 |
093I5HTqthgcByIAj2L4R3oW21HNCojT4WZDYjG6RAxRFU/10BYY1ILe1SPAMXqc |
|
| 8 |
99QC5fy2sZEJ/Cyd2Vlt1kAQ1+BZSZCL3vvdLfVRKjKZn2yYp8XbSplAZxB+b/iM |
|
| 9 |
duSQHtLaRsV5tizPCdftXECaDn1FKqK0JmcolHFBsfOH2x7I8XEljO/DR/Oy4kzv |
|
| 10 |
/cLdZB5fft4+nCqwLzI7fcRFAgMBAAGjUDBOMB0GA1UdDgQWBBSFV52hDdxJAdbM |
|
| 11 |
Nht32j7+PyFbKTAfBgNVHSMEGDAWgBSFV52hDdxJAdbMNht32j7+PyFbKTAMBgNV |
|
| 12 |
HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCoNxpm99qip4nROCedBIbZnqWj |
|
| 13 |
EkqHRLvIsm+oxf4Ctc6x/N1d2ngEygfT1xf5N5V221XTOgLCkuqi5r0/T6EB7U9y |
|
| 14 |
6ACfVJQmvNaPbFmn2J9rNIAPYPj2cengSZyL3mWyrkPFLj5TsgT98GASX9iThhds |
|
| 15 |
Nq6btZUL9ZUq8v3O7Y1uruMHJAACim4eYBjsCXaF7diKYaftFiwZWy1+3IQzUhmg |
|
| 16 |
Ov4KR9P9bb+W/43i7zAYmdUrBr31/amEvGHoco7cO2bp43/1H8fFOcnkX0wRdN/k |
|
| 17 |
r/hRVIsfeC6ss1NPDu/KzbRVVn5p9qKK6YVqqT3QapnQELgajEfhxpgY7AQx</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns0:KeyDescriptor><ns0:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://cresson.entrouvert.org/idp/saml2/artifact" index="0" /><ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://cresson.entrouvert.org/idp/saml2/slo" ResponseLocation="https://cresson.entrouvert.org/idp/saml2/slo_return" /><ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://cresson.entrouvert.org/idp/saml2/slo" ResponseLocation="https://cresson.entrouvert.org/idp/saml2/slo_return" /><ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://cresson.entrouvert.org/idp/saml2/slo/soap" /><ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://cresson.entrouvert.org/idp/saml2/sso" /><ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://cresson.entrouvert.org/idp/saml2/sso" /></ns0:IDPSSODescriptor></ns0:EntityDescriptor> |
|
| 2 |
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" |
|
| 3 |
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" |
|
| 4 |
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" |
|
| 5 |
entityID="http://idp5/metadata"> |
|
| 6 |
<IDPSSODescriptor |
|
| 7 |
WantAuthnRequestsSigned="true" |
|
| 8 |
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> |
|
| 9 |
<KeyDescriptor use="signing"> |
|
| 10 |
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> |
|
| 11 |
<ds:X509Data><ds:X509Certificate> |
|
| 12 |
MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEP |
|
| 13 |
MA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczETMBEGA1UEChMKRW50cm91 |
|
| 14 |
dmVydDEPMA0GA1UEAxMGRGFtaWVuMB4XDTA2MTAyNzA5MDc1NFoXDTExMTAyNjA5 |
|
| 15 |
MDc1NFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMF |
|
| 16 |
UGFyaXMxEzARBgNVBAoTCkVudHJvdXZlcnQxDzANBgNVBAMTBkRhbWllbjCCASIw |
|
| 17 |
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM06Hx6VgHYR9wUf/tZVVTRkVWNq |
|
| 18 |
h9x+PvHA2qH4OYMuqGs4Af6lU2YsZvnrmRdcFWv0+UkdAgXhReCWAZgtB1pd/W9m |
|
| 19 |
6qDRldCCyysow6xPPKRz/pOTwRXm/fM0QGPeXzwzj34BXOIOuFu+n764vKn18d+u |
|
| 20 |
uVAEzk1576pxTp4pQPzJfdNLrLeQ8vyCshoFU+MYJtp1UA+h2JoO0Y8oGvywbUxH |
|
| 21 |
ioHN5PvnzObfAM4XaDQohmfxM9Uc7Wp4xKAc1nUq5hwBrHpjFMRSz6UCfMoJSGIi |
|
| 22 |
+3xJMkNCjL0XEw5NKVc5jRKkzSkN5j8KTM/k1jPPsDHPRYzbWWhnNtd6JlkCAwEA |
|
| 23 |
AaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0 |
|
| 24 |
ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFP2WWMDShux3iF74+SoO1xf6qhqaMB8G |
|
| 25 |
A1UdIwQYMBaAFGjl6TRXbQDHzSlZu+e8VeBaZMB5MA0GCSqGSIb3DQEBBQUAA4IB |
|
| 26 |
AQAZ/imK7UMognXbs5RfSB8cMW6iNAI+JZqe9XWjvtmLfIIPbHM96o953SiFvrvQ |
|
| 27 |
BZjGmmPMK3UH29cjzDx1R/RQaYTyMrHyTePLh3BMd5mpJ/9eeJCSxPzE2ECqWRUa |
|
| 28 |
pkjukecFXqmRItwgTxSIUE9QkpzvuQRb268PwmgroE0mwtiREADnvTFkLkdiEMew |
|
| 29 |
fiYxZfJJLPBqwlkw/7f1SyzXoPXnz5QbNwDmrHelga6rKSprYKb3pueqaIe8j/AP |
|
| 30 |
NC1/bzp8cGOcJ88BD5+Ny6qgPVCrMLE5twQumJ12V3SvjGNtzFBvg2c/9S5OmVqR |
|
| 31 |
LlTxKnCrWAXftSm1rNtewTsF |
|
| 32 |
</ds:X509Certificate></ds:X509Data> |
|
| 33 |
</ds:KeyInfo> |
|
| 34 |
</KeyDescriptor> |
|
| 35 |
<KeyDescriptor use="encryption"> |
|
| 36 |
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> |
|
| 37 |
<ds:KeyValue> |
|
| 38 |
MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEP |
|
| 39 |
MA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczETMBEGA1UEChMKRW50cm91 |
|
| 40 |
dmVydDEPMA0GA1UEAxMGRGFtaWVuMB4XDTA2MTAyNzA5MDc1NFoXDTExMTAyNjA5 |
|
| 41 |
MDc1NFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMF |
|
| 42 |
UGFyaXMxEzARBgNVBAoTCkVudHJvdXZlcnQxDzANBgNVBAMTBkRhbWllbjCCASIw |
|
| 43 |
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM06Hx6VgHYR9wUf/tZVVTRkVWNq |
|
| 44 |
h9x+PvHA2qH4OYMuqGs4Af6lU2YsZvnrmRdcFWv0+UkdAgXhReCWAZgtB1pd/W9m |
|
| 45 |
6qDRldCCyysow6xPPKRz/pOTwRXm/fM0QGPeXzwzj34BXOIOuFu+n764vKn18d+u |
|
| 46 |
uVAEzk1576pxTp4pQPzJfdNLrLeQ8vyCshoFU+MYJtp1UA+h2JoO0Y8oGvywbUxH |
|
| 47 |
ioHN5PvnzObfAM4XaDQohmfxM9Uc7Wp4xKAc1nUq5hwBrHpjFMRSz6UCfMoJSGIi |
|
| 48 |
+3xJMkNCjL0XEw5NKVc5jRKkzSkN5j8KTM/k1jPPsDHPRYzbWWhnNtd6JlkCAwEA |
|
| 49 |
AaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0 |
|
| 50 |
ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFP2WWMDShux3iF74+SoO1xf6qhqaMB8G |
|
| 51 |
A1UdIwQYMBaAFGjl6TRXbQDHzSlZu+e8VeBaZMB5MA0GCSqGSIb3DQEBBQUAA4IB |
|
| 52 |
AQAZ/imK7UMognXbs5RfSB8cMW6iNAI+JZqe9XWjvtmLfIIPbHM96o953SiFvrvQ |
|
| 53 |
BZjGmmPMK3UH29cjzDx1R/RQaYTyMrHyTePLh3BMd5mpJ/9eeJCSxPzE2ECqWRUa |
|
| 54 |
pkjukecFXqmRItwgTxSIUE9QkpzvuQRb268PwmgroE0mwtiREADnvTFkLkdiEMew |
|
| 55 |
fiYxZfJJLPBqwlkw/7f1SyzXoPXnz5QbNwDmrHelga6rKSprYKb3pueqaIe8j/AP |
|
| 56 |
NC1/bzp8cGOcJ88BD5+Ny6qgPVCrMLE5twQumJ12V3SvjGNtzFBvg2c/9S5OmVqR |
|
| 57 |
LlTxKnCrWAXftSm1rNtewTsF |
|
| 58 |
</ds:KeyValue> |
|
| 59 |
</ds:KeyInfo> |
|
| 60 |
</KeyDescriptor> |
|
| 61 | ||
| 62 |
<ArtifactResolutionService isDefault="true" index="0" |
|
| 63 |
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" |
|
| 64 |
Location="http://idp5/artifact" /> |
|
| 65 |
<SingleLogoutService |
|
| 66 |
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" |
|
| 67 |
Location="http://idp5/singleLogoutSOAP" /> |
|
| 68 |
<SingleLogoutService |
|
| 69 |
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" |
|
| 70 |
Location="http://idp5/singleLogout" |
|
| 71 |
ResponseLocation="http://idp5/singleLogoutReturn" /> |
|
| 72 |
<ManageNameIDService |
|
| 73 |
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" |
|
| 74 |
Location="http://idp5/manageNameIdSOAP" /> |
|
| 75 |
<ManageNameIDService |
|
| 76 |
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" |
|
| 77 |
Location="http://idp5/manageNameId" |
|
| 78 |
ResponseLocation="http://idp5/manageNameIdReturn" /> |
|
| 79 |
<SingleSignOnService |
|
| 80 |
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" |
|
| 81 |
Location="http://idp5/singleSignOn" /> |
|
| 82 |
<SingleSignOnService |
|
| 83 |
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" |
|
| 84 |
Location="http://idp5/singleSignOnSOAP" /> |
|
| 85 |
</IDPSSODescriptor> |
|
| 86 |
<AuthnAuthorityDescriptor |
|
| 87 |
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> |
|
| 88 |
<AuthnQueryService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://idp6/authnQueryService"/> |
|
| 89 |
<AssertionIDRequestService Binding="urn:oasis:names:tc:SAML:2.0:bindings:URI" Location="http://idp6/authnAuthAssertionIDRequestService"/> |
|
| 90 |
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat> |
|
| 91 |
</AuthnAuthorityDescriptor> |
|
| 92 |
<PDPDescriptor |
|
| 93 |
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> |
|
| 94 |
<AuthzService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://idp6/authzService"/> |
|
| 95 |
<AssertionIDRequestService Binding="urn:oasis:names:tc:SAML:2.0:bindings:URI" Location="http://idp6/PDPAuthAssertionIDRequestService"/> |
|
| 96 |
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:kerberos</NameIDFormat> |
|
| 97 |
</PDPDescriptor> |
|
| 98 |
<AttributeAuthorityDescriptor |
|
| 99 |
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> |
|
| 100 |
<AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://idp6/attributeService"/> |
|
| 101 |
<AssertionIDRequestService Binding="urn:oasis:names:tc:SAML:2.0:bindings:URI" Location="http://idp6/AttributeAuthAssertionIDRequestService"/> |
|
| 102 |
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</NameIDFormat> |
|
| 103 |
</AttributeAuthorityDescriptor> |
|
| 104 |
<Organization> |
|
| 105 |
<OrganizationName xml:lang="en">Entr'ouvert</OrganizationName> |
|
| 106 |
</Organization> |
|
| 107 | ||
| 108 |
</EntityDescriptor> |
|
| tests/public-key.pem | ||
|---|---|---|
| 1 |
-----BEGIN CERTIFICATE----- |
|
| 2 |
MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEP |
|
| 3 |
MA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczETMBEGA1UEChMKRW50cm91 |
|
| 4 |
dmVydDEPMA0GA1UEAxMGRGFtaWVuMB4XDTA2MTAyNzA5MDc1NFoXDTExMTAyNjA5 |
|
| 5 |
MDc1NFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMF |
|
| 6 |
UGFyaXMxEzARBgNVBAoTCkVudHJvdXZlcnQxDzANBgNVBAMTBkRhbWllbjCCASIw |
|
| 7 |
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM06Hx6VgHYR9wUf/tZVVTRkVWNq |
|
| 8 |
h9x+PvHA2qH4OYMuqGs4Af6lU2YsZvnrmRdcFWv0+UkdAgXhReCWAZgtB1pd/W9m |
|
| 9 |
6qDRldCCyysow6xPPKRz/pOTwRXm/fM0QGPeXzwzj34BXOIOuFu+n764vKn18d+u |
|
| 10 |
uVAEzk1576pxTp4pQPzJfdNLrLeQ8vyCshoFU+MYJtp1UA+h2JoO0Y8oGvywbUxH |
|
| 11 |
ioHN5PvnzObfAM4XaDQohmfxM9Uc7Wp4xKAc1nUq5hwBrHpjFMRSz6UCfMoJSGIi |
|
| 12 |
+3xJMkNCjL0XEw5NKVc5jRKkzSkN5j8KTM/k1jPPsDHPRYzbWWhnNtd6JlkCAwEA |
|
| 13 |
AaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0 |
|
| 14 |
ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFP2WWMDShux3iF74+SoO1xf6qhqaMB8G |
|
| 15 |
A1UdIwQYMBaAFGjl6TRXbQDHzSlZu+e8VeBaZMB5MA0GCSqGSIb3DQEBBQUAA4IB |
|
| 16 |
AQAZ/imK7UMognXbs5RfSB8cMW6iNAI+JZqe9XWjvtmLfIIPbHM96o953SiFvrvQ |
|
| 17 |
BZjGmmPMK3UH29cjzDx1R/RQaYTyMrHyTePLh3BMd5mpJ/9eeJCSxPzE2ECqWRUa |
|
| 18 |
pkjukecFXqmRItwgTxSIUE9QkpzvuQRb268PwmgroE0mwtiREADnvTFkLkdiEMew |
|
| 19 |
fiYxZfJJLPBqwlkw/7f1SyzXoPXnz5QbNwDmrHelga6rKSprYKb3pueqaIe8j/AP |
|
| 20 |
NC1/bzp8cGOcJ88BD5+Ny6qgPVCrMLE5twQumJ12V3SvjGNtzFBvg2c/9S5OmVqR |
|
| 21 |
LlTxKnCrWAXftSm1rNtewTsF |
|
| 22 |
-----END CERTIFICATE----- |
|
| tests/sp-private-key.pem | ||
|---|---|---|
| 1 |
-----BEGIN RSA PRIVATE KEY----- |
|
| 2 |
MIIEowIBAAKCAQEAzTofHpWAdhH3BR/+1lVVNGRVY2qH3H4+8cDaofg5gy6oazgB |
|
| 3 |
/qVTZixm+euZF1wVa/T5SR0CBeFF4JYBmC0HWl39b2bqoNGV0ILLKyjDrE88pHP+ |
|
| 4 |
k5PBFeb98zRAY95fPDOPfgFc4g64W76fvri8qfXx3665UATOTXnvqnFOnilA/Ml9 |
|
| 5 |
00ust5Dy/IKyGgVT4xgm2nVQD6HYmg7Rjyga/LBtTEeKgc3k++fM5t8AzhdoNCiG |
|
| 6 |
Z/Ez1RztanjEoBzWdSrmHAGsemMUxFLPpQJ8yglIYiL7fEkyQ0KMvRcTDk0pVzmN |
|
| 7 |
EqTNKQ3mPwpMz+TWM8+wMc9FjNtZaGc213omWQIDAQABAoIBAEPj5keHzWdBqiXX |
|
| 8 |
38WnlPgv+M9afndCjDANTEYoh14OIUjWzlIe/ufd6HLkrVA89hkwgQbewbyQOT2C |
|
| 9 |
YiSlQLl0PlKMCTIKIzVHD07HvXNTAwykEqNfTZChSYEa1/Ixre+MXvugF8nwdKxk |
|
| 10 |
8xN0qXTQF6OXeVYvQNAAdng743YON4ubqKlEezIwnfG/jcoZrGkiTpx+k1JXJsZN |
|
| 11 |
4dHKFP12RRhUTGjaOkBo41w8GNKQLFpy1vqAOYMyi1SJcrwpAu3H0iQug9SylQaM |
|
| 12 |
bFjt8j/m13gu3zXIJbi8xbyg3nqpxl9dxcZG/cDA9z2tLu/h3G3nPq7CXvkZxmjl |
|
| 13 |
ePvOCwECgYEA9zbwYMtd8tT3PHtrCtjwkfxV0dvMmfNw/rRT4ShWtKLmgX+K9nz/ |
|
| 14 |
T4qpbehz4z7OvsLjQ6Bt6wjMNMw9SEBeEMyDVTpmzSD2PowARegmeLX4CsilqHHl |
|
| 15 |
/AMYUtywEQ2f65/CWPiMIt8mLnEyJ/dsyVLpuzGUNNt34Yaqpu2qXnUCgYEA1IUy |
|
| 16 |
PObmTh3I8ZyESyGhbu2TYs0A8Zy6eTIAv0ijOIpmUykzjE5pR9sB3nYEd4GTHPEv |
|
| 17 |
hF6SWfNIDDr83TqThJYzkFyXMCxiVLH55U42wlsvwp4jTnOI3K/7Y7U/lEmBlgcl |
|
| 18 |
JbIIv1t9okg3+Kuu4i7iB6JR89cSO/Wfcdu/c9UCgYAHE5eF7cxeqyH4pT/HK7aX |
|
| 19 |
NzXtr/EHZySQ5fCQvWrd+NvIUTJVI/ba/AklkEXg92dLpqCCyxDabYIK8N3AN7d5 |
|
| 20 |
m6EWy3kt3geueqt3VNHlGrBi/qNfUwNWV3BWzuJrWox9XjFeAp9gUCrzoWHiKv7+ |
|
| 21 |
NFVkemLXsICaABTaemsqEQKBgQDJJ4n1u1gieG7Kwqs1sg9rP9RRoFlUWFTogjvS |
|
| 22 |
0p4r1lQkQstX8qAUM2gBeROhSjRFIMUpNZqxKWT4rpzJibg3tzP3YKx6HIi2Qf+W |
|
| 23 |
3AFY1ZbPT397sj/JI4l/Rv93DFxr9TdkBq/g8GhqQpE3/sj5rgaj0zBe7SOFPWg+ |
|
| 24 |
DRGaQQKBgEEcSF5KmpIHnhi3WlfGiEtx3kcD63orKME0YYA5BM6wnmRT4QiSw+qj |
|
| 25 |
i7ljrKGSbmdMFC3ArM42/k2lXYpVLsYWmyaRYSgbdowxLM1XxDJMFIPR2uG6N+vi |
|
| 26 |
HzWkRxi2SXKU42vfs5eA0itHvQP2DfUx8VuvtwVbOxDGgntYia70 |
|
| 27 |
-----END RSA PRIVATE KEY----- |
|
| tests/test_default_adapter.py | ||
|---|---|---|
| 17 | 17 |
saml_attributes = {
|
| 18 | 18 |
'name_id_format': lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT, |
| 19 | 19 |
'name_id_content': 'x' * 32, |
| 20 |
'issuer': 'https://cresson.entrouvert.org/idp/saml2/metadata',
|
|
| 20 |
'issuer': 'http://idp5/metadata',
|
|
| 21 | 21 |
'username': ['foobar'], |
| 22 | 22 |
'email': ['test@example.net'], |
| 23 | 23 |
'first_name': ['Foo'], |
| tests/test_sso_slo.py | ||
|---|---|---|
| 1 |
import os |
|
| 2 |
import lasso |
|
| 3 | ||
| 4 |
from pytest import fixture |
|
| 5 | ||
| 6 |
from django.core.urlresolvers import reverse |
|
| 7 | ||
| 8 |
from mellon.utils import create_metadata |
|
| 9 | ||
| 10 | ||
| 11 |
@fixture |
|
| 12 |
def idp_metadata(): |
|
| 13 |
return open('tests/metadata.xml').read()
|
|
| 14 | ||
| 15 | ||
| 16 |
@fixture |
|
| 17 |
def idp_private_key(): |
|
| 18 |
return open('tests/idp-private-key.pem').read()
|
|
| 19 | ||
| 20 | ||
| 21 |
@fixture |
|
| 22 |
def sp_private_key(): |
|
| 23 |
return open('tests/sp-private-key.pem').read()
|
|
| 24 | ||
| 25 | ||
| 26 |
@fixture |
|
| 27 |
def public_key(): |
|
| 28 |
return open('tests/public-key.pem').read()
|
|
| 29 | ||
| 30 | ||
| 31 |
@fixture |
|
| 32 |
def sp_settings(private_settings, idp_metadata, sp_private_key, public_key): |
|
| 33 |
private_settings.MELLON_IDENTITY_PROVIDERS = [{
|
|
| 34 |
'METADATA': idp_metadata, |
|
| 35 |
}] |
|
| 36 |
private_settings.MELLON_PUBLIC_KEYS = [public_key] |
|
| 37 |
private_settings.MELLON_PRIVATE_KEYS = [sp_private_key] |
|
| 38 |
private_settings.MELLON_NAME_ID_POLICY_FORMAT = lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT |
|
| 39 |
private_settings.LOGIN_REDIRECT_URL = '/' |
|
| 40 |
return private_settings |
|
| 41 | ||
| 42 | ||
| 43 |
@fixture |
|
| 44 |
def sp_metadata(sp_settings, rf): |
|
| 45 |
request = rf.get('/')
|
|
| 46 |
return create_metadata(request) |
|
| 47 | ||
| 48 | ||
| 49 |
class MockIdp(object): |
|
| 50 |
def __init__(self, idp_metadata, private_key, sp_metadata): |
|
| 51 |
self.server = server = lasso.Server.newFromBuffers(idp_metadata, private_key) |
|
| 52 |
server.addProviderFromBuffer(lasso.PROVIDER_ROLE_SP, sp_metadata) |
|
| 53 | ||
| 54 |
def process_authn_request_redirect(self, url, auth_result=True, consent=True): |
|
| 55 |
login = lasso.Login(self.server) |
|
| 56 |
login.processAuthnRequestMsg(url.split('?', 1)[1])
|
|
| 57 |
try: |
|
| 58 |
login.validateRequestMsg(auth_result, consent) |
|
| 59 |
except lasso.LoginRequestDeniedError: |
|
| 60 |
login.buildAuthnResponseMsg() |
|
| 61 |
else: |
|
| 62 |
login.buildAssertion(lasso.SAML_AUTHENTICATION_METHOD_PASSWORD, |
|
| 63 |
"FIXME", |
|
| 64 |
"FIXME", |
|
| 65 |
"FIXME", |
|
| 66 |
"FIXME") |
|
| 67 |
login.buildAuthnResponseMsg() |
|
| 68 |
return login.msgUrl, login.msgBody |
|
| 69 | ||
| 70 | ||
| 71 |
@fixture |
|
| 72 |
def idp(sp_settings, idp_metadata, idp_private_key, sp_metadata): |
|
| 73 |
return MockIdp(idp_metadata, idp_private_key, sp_metadata) |
|
| 74 | ||
| 75 | ||
| 76 |
def test_sso_slo(db, app, idp, caplog, sp_settings): |
|
| 77 |
response = app.get(reverse('mellon_login'))
|
|
| 78 |
url, body = idp.process_authn_request_redirect(response['Location']) |
|
| 79 |
assert url.endswith(reverse('mellon_login'))
|
|
| 80 |
response = app.post(reverse('mellon_login'), {'SAMLResponse': body})
|
|
| 81 |
assert 'created new user' in caplog.text() |
|
| 82 |
assert 'logged in using SAML' in caplog.text() |
|
| 83 |
assert response['Location'].endswith(sp_settings.LOGIN_REDIRECT_URL) |
|
| 84 | ||
| 85 | ||
| 86 |
def test_sso(db, app, idp, caplog, sp_settings): |
|
| 87 |
response = app.get(reverse('mellon_login'))
|
|
| 88 |
url, body = idp.process_authn_request_redirect(response['Location']) |
|
| 89 |
assert url.endswith(reverse('mellon_login'))
|
|
| 90 |
response = app.post(reverse('mellon_login'), {'SAMLResponse': body})
|
|
| 91 |
assert 'created new user' in caplog.text() |
|
| 92 |
assert 'logged in using SAML' in caplog.text() |
|
| 93 |
assert response['Location'].endswith(sp_settings.LOGIN_REDIRECT_URL) |
|
| 94 | ||
| 95 | ||
| 96 |
def test_sso_request_denied(db, app, idp, caplog, sp_settings): |
|
| 97 |
response = app.get(reverse('mellon_login'))
|
|
| 98 |
url, body = idp.process_authn_request_redirect(response['Location'], auth_result=False) |
|
| 99 |
assert url.endswith(reverse('mellon_login'))
|
|
| 100 |
response = app.post(reverse('mellon_login'), {'SAMLResponse': body})
|
|
| 101 |
assert "status is not success codes: [u'urn:oasis:names:tc:SAML:2.0:status:Responder',\ |
|
| 102 |
u'urn:oasis:names:tc:SAML:2.0:status:RequestDenied']" in caplog.text() |
|
| tests/test_views.py | ||
|---|---|---|
| 170 | 170 |
response = client.get('/login/?next=%2Fwhatever')
|
| 171 | 171 |
assert response.status_code == 302 |
| 172 | 172 |
params = parse_qs(urlparse(response['Location']).query) |
| 173 |
assert response['Location'].startswith('https://cresson.entrouvert.org/idp/saml2/sso?')
|
|
| 173 |
assert response['Location'].startswith('http://idp5/singleSignOn?')
|
|
| 174 | 174 |
assert set(params.keys()) == set(['SAMLRequest', 'RelayState']) |
| 175 | 175 |
assert len(params['SAMLRequest']) == 1 |
| 176 | 176 |
assert base64.b64decode(params['SAMLRequest'][0]) |
| ... | ... | |
| 182 | 182 |
'METADATA': open('tests/metadata.xml').read(),
|
| 183 | 183 |
}] |
| 184 | 184 |
qs = urlencode({
|
| 185 |
'entityID': 'https://cresson.entrouvert.org/idp/saml2/metadata',
|
|
| 185 |
'entityID': 'http://idp5/metadata',
|
|
| 186 | 186 |
'next': '/whatever', |
| 187 | 187 |
}) |
| 188 | 188 |
response = client.get('/login/?' + qs)
|
| 189 | 189 |
assert response.status_code == 302 |
| 190 | 190 |
params = parse_qs(urlparse(response['Location']).query) |
| 191 |
assert response['Location'].startswith('https://cresson.entrouvert.org/idp/saml2/sso?')
|
|
| 191 |
assert response['Location'].startswith('http://idp5/singleSignOn?')
|
|
| 192 | 192 |
assert set(params.keys()) == set(['SAMLRequest', 'RelayState']) |
| 193 | 193 |
assert len(params['SAMLRequest']) == 1 |
| 194 | 194 |
assert base64.b64decode(params['SAMLRequest'][0]) |
| ... | ... | |
| 204 | 204 |
response = client.get('/login/')
|
| 205 | 205 |
assert response.status_code == 302 |
| 206 | 206 |
params = parse_qs(urlparse(response['Location']).query) |
| 207 |
assert response['Location'].startswith('https://cresson.entrouvert.org/idp/saml2/sso?')
|
|
| 207 |
assert response['Location'].startswith('http://idp5/singleSignOn?')
|
|
| 208 | 208 |
assert params.keys() == ['SAMLRequest'] |
| 209 | 209 |
assert len(params['SAMLRequest']) == 1 |
| 210 | 210 |
assert base64.b64decode(params['SAMLRequest'][0]) |
| ... | ... | |
| 225 | 225 | |
| 226 | 226 |
@pytest.fixture |
| 227 | 227 |
def artifact(): |
| 228 |
entity_id = 'https://cresson.entrouvert.org/idp/saml2/metadata'
|
|
| 228 |
entity_id = 'http://idp5/metadata'
|
|
| 229 | 229 |
token = 'x' * 20 |
| 230 | 230 |
return base64.b64encode('\x00\x04\x00\x00' + hashlib.sha1(entity_id).digest() + token)
|
| 231 | 231 | |
| tests/urls_tests.py | ||
|---|---|---|
| 1 |
import django |
|
| 2 | ||
| 3 |
from django.conf.urls import patterns, url, include |
|
| 4 |
from django.http import HttpResponse |
|
| 5 | ||
| 6 | ||
| 7 |
def homepage(request): |
|
| 8 |
return HttpResponse('ok')
|
|
| 9 | ||
| 10 |
urlpatterns = [ |
|
| 11 |
url('^', include('mellon.urls')),
|
|
| 12 |
url('^$', homepage, name='homepage'),
|
|
| 13 |
] |
|
| 14 | ||
| 15 |
if django.VERSION < (1, 9): |
|
| 16 |
urlpatterns = patterns('', *urlpatterns)
|
|
| testsettings.py | ||
|---|---|---|
| 12 | 12 |
} |
| 13 | 13 |
} |
| 14 | 14 |
DEBUG = True |
| 15 |
SECRET_KEY='xx'
|
|
| 15 |
SECRET_KEY = 'xx'
|
|
| 16 | 16 |
STATIC_URL = '/static/' |
| 17 |
INSTALLED_APPS = ('mellon', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions')
|
|
| 17 |
INSTALLED_APPS = ('mellon', 'django.contrib.auth',
|
|
| 18 |
'django.contrib.contenttypes', 'django.contrib.sessions') |
|
| 18 | 19 |
MIDDLEWARE_CLASSES = global_settings.MIDDLEWARE_CLASSES |
| 19 | 20 |
MIDDLEWARE_CLASSES += ( |
| 20 | 21 |
'django.contrib.sessions.middleware.SessionMiddleware', |
| ... | ... | |
| 23 | 24 |
AUTHENTICATION_BACKENDS = ( |
| 24 | 25 |
'mellon.backends.SAMLBackend', |
| 25 | 26 |
) |
| 26 |
ROOT_URLCONF = 'mellon.urls'
|
|
| 27 |
ROOT_URLCONF = 'urls_tests'
|
|
| 27 | 28 |
TEMPLATE_DIRS = [ |
| 28 | 29 |
'tests/templates/', |
| 29 | 30 |
] |
| 30 |
if django.VERSION >= (1,8): |
|
| 31 |
if django.VERSION >= (1, 8):
|
|
| 31 | 32 |
TEMPLATES = [ |
| 32 | 33 |
{
|
| 33 | 34 |
'BACKEND': 'django.template.backends.django.DjangoTemplates', |
| 34 |
- |
|