0001-tests-use-dummy-metadata-from-lasso-starts-tests-of-.patch
tests/idp-private-key.pem | ||
---|---|---|
1 |
-----BEGIN RSA PRIVATE KEY----- |
|
2 |
MIIEowIBAAKCAQEAzTofHpWAdhH3BR/+1lVVNGRVY2qH3H4+8cDaofg5gy6oazgB |
|
3 |
/qVTZixm+euZF1wVa/T5SR0CBeFF4JYBmC0HWl39b2bqoNGV0ILLKyjDrE88pHP+ |
|
4 |
k5PBFeb98zRAY95fPDOPfgFc4g64W76fvri8qfXx3665UATOTXnvqnFOnilA/Ml9 |
|
5 |
00ust5Dy/IKyGgVT4xgm2nVQD6HYmg7Rjyga/LBtTEeKgc3k++fM5t8AzhdoNCiG |
|
6 |
Z/Ez1RztanjEoBzWdSrmHAGsemMUxFLPpQJ8yglIYiL7fEkyQ0KMvRcTDk0pVzmN |
|
7 |
EqTNKQ3mPwpMz+TWM8+wMc9FjNtZaGc213omWQIDAQABAoIBAEPj5keHzWdBqiXX |
|
8 |
38WnlPgv+M9afndCjDANTEYoh14OIUjWzlIe/ufd6HLkrVA89hkwgQbewbyQOT2C |
|
9 |
YiSlQLl0PlKMCTIKIzVHD07HvXNTAwykEqNfTZChSYEa1/Ixre+MXvugF8nwdKxk |
|
10 |
8xN0qXTQF6OXeVYvQNAAdng743YON4ubqKlEezIwnfG/jcoZrGkiTpx+k1JXJsZN |
|
11 |
4dHKFP12RRhUTGjaOkBo41w8GNKQLFpy1vqAOYMyi1SJcrwpAu3H0iQug9SylQaM |
|
12 |
bFjt8j/m13gu3zXIJbi8xbyg3nqpxl9dxcZG/cDA9z2tLu/h3G3nPq7CXvkZxmjl |
|
13 |
ePvOCwECgYEA9zbwYMtd8tT3PHtrCtjwkfxV0dvMmfNw/rRT4ShWtKLmgX+K9nz/ |
|
14 |
T4qpbehz4z7OvsLjQ6Bt6wjMNMw9SEBeEMyDVTpmzSD2PowARegmeLX4CsilqHHl |
|
15 |
/AMYUtywEQ2f65/CWPiMIt8mLnEyJ/dsyVLpuzGUNNt34Yaqpu2qXnUCgYEA1IUy |
|
16 |
PObmTh3I8ZyESyGhbu2TYs0A8Zy6eTIAv0ijOIpmUykzjE5pR9sB3nYEd4GTHPEv |
|
17 |
hF6SWfNIDDr83TqThJYzkFyXMCxiVLH55U42wlsvwp4jTnOI3K/7Y7U/lEmBlgcl |
|
18 |
JbIIv1t9okg3+Kuu4i7iB6JR89cSO/Wfcdu/c9UCgYAHE5eF7cxeqyH4pT/HK7aX |
|
19 |
NzXtr/EHZySQ5fCQvWrd+NvIUTJVI/ba/AklkEXg92dLpqCCyxDabYIK8N3AN7d5 |
|
20 |
m6EWy3kt3geueqt3VNHlGrBi/qNfUwNWV3BWzuJrWox9XjFeAp9gUCrzoWHiKv7+ |
|
21 |
NFVkemLXsICaABTaemsqEQKBgQDJJ4n1u1gieG7Kwqs1sg9rP9RRoFlUWFTogjvS |
|
22 |
0p4r1lQkQstX8qAUM2gBeROhSjRFIMUpNZqxKWT4rpzJibg3tzP3YKx6HIi2Qf+W |
|
23 |
3AFY1ZbPT397sj/JI4l/Rv93DFxr9TdkBq/g8GhqQpE3/sj5rgaj0zBe7SOFPWg+ |
|
24 |
DRGaQQKBgEEcSF5KmpIHnhi3WlfGiEtx3kcD63orKME0YYA5BM6wnmRT4QiSw+qj |
|
25 |
i7ljrKGSbmdMFC3ArM42/k2lXYpVLsYWmyaRYSgbdowxLM1XxDJMFIPR2uG6N+vi |
|
26 |
HzWkRxi2SXKU42vfs5eA0itHvQP2DfUx8VuvtwVbOxDGgntYia70 |
|
27 |
-----END RSA PRIVATE KEY----- |
tests/metadata.xml | ||
---|---|---|
1 | 1 |
<?xml version="1.0"?> |
2 |
<ns0:EntityDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" entityID="https://cresson.entrouvert.org/idp/saml2/metadata"><ns0:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><ns0:KeyDescriptor><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIIC+TCCAeGgAwIBAgIJAJqAKDUDlSinMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV |
|
3 |
BAMMCHdob2NhcmVzMB4XDTE0MDUyNzE0MzE0OVoXDTI0MDUyNDE0MzE0OVowEzER |
|
4 |
MA8GA1UEAwwId2hvY2FyZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB |
|
5 |
AQDrUFQGviUE+unV4afJQiRUPp4/D+Ltvuw59BuJwdNEWHA2vchhnwDLlp3RWKaf |
|
6 |
SWBJift55C4ybQKn5AEe6FHlIapJPvNqYnVP+0IgUFJmrxTWG9IT/5ZvJS0yer/O |
|
7 |
093I5HTqthgcByIAj2L4R3oW21HNCojT4WZDYjG6RAxRFU/10BYY1ILe1SPAMXqc |
|
8 |
99QC5fy2sZEJ/Cyd2Vlt1kAQ1+BZSZCL3vvdLfVRKjKZn2yYp8XbSplAZxB+b/iM |
|
9 |
duSQHtLaRsV5tizPCdftXECaDn1FKqK0JmcolHFBsfOH2x7I8XEljO/DR/Oy4kzv |
|
10 |
/cLdZB5fft4+nCqwLzI7fcRFAgMBAAGjUDBOMB0GA1UdDgQWBBSFV52hDdxJAdbM |
|
11 |
Nht32j7+PyFbKTAfBgNVHSMEGDAWgBSFV52hDdxJAdbMNht32j7+PyFbKTAMBgNV |
|
12 |
HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCoNxpm99qip4nROCedBIbZnqWj |
|
13 |
EkqHRLvIsm+oxf4Ctc6x/N1d2ngEygfT1xf5N5V221XTOgLCkuqi5r0/T6EB7U9y |
|
14 |
6ACfVJQmvNaPbFmn2J9rNIAPYPj2cengSZyL3mWyrkPFLj5TsgT98GASX9iThhds |
|
15 |
Nq6btZUL9ZUq8v3O7Y1uruMHJAACim4eYBjsCXaF7diKYaftFiwZWy1+3IQzUhmg |
|
16 |
Ov4KR9P9bb+W/43i7zAYmdUrBr31/amEvGHoco7cO2bp43/1H8fFOcnkX0wRdN/k |
|
17 |
r/hRVIsfeC6ss1NPDu/KzbRVVn5p9qKK6YVqqT3QapnQELgajEfhxpgY7AQx</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns0:KeyDescriptor><ns0:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://cresson.entrouvert.org/idp/saml2/artifact" index="0" /><ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://cresson.entrouvert.org/idp/saml2/slo" ResponseLocation="https://cresson.entrouvert.org/idp/saml2/slo_return" /><ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://cresson.entrouvert.org/idp/saml2/slo" ResponseLocation="https://cresson.entrouvert.org/idp/saml2/slo_return" /><ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://cresson.entrouvert.org/idp/saml2/slo/soap" /><ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://cresson.entrouvert.org/idp/saml2/sso" /><ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://cresson.entrouvert.org/idp/saml2/sso" /></ns0:IDPSSODescriptor></ns0:EntityDescriptor> |
|
2 |
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" |
|
3 |
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" |
|
4 |
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" |
|
5 |
entityID="http://idp5/metadata"> |
|
6 |
<IDPSSODescriptor |
|
7 |
WantAuthnRequestsSigned="true" |
|
8 |
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> |
|
9 |
<KeyDescriptor use="signing"> |
|
10 |
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> |
|
11 |
<ds:X509Data><ds:X509Certificate> |
|
12 |
MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEP |
|
13 |
MA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczETMBEGA1UEChMKRW50cm91 |
|
14 |
dmVydDEPMA0GA1UEAxMGRGFtaWVuMB4XDTA2MTAyNzA5MDc1NFoXDTExMTAyNjA5 |
|
15 |
MDc1NFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMF |
|
16 |
UGFyaXMxEzARBgNVBAoTCkVudHJvdXZlcnQxDzANBgNVBAMTBkRhbWllbjCCASIw |
|
17 |
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM06Hx6VgHYR9wUf/tZVVTRkVWNq |
|
18 |
h9x+PvHA2qH4OYMuqGs4Af6lU2YsZvnrmRdcFWv0+UkdAgXhReCWAZgtB1pd/W9m |
|
19 |
6qDRldCCyysow6xPPKRz/pOTwRXm/fM0QGPeXzwzj34BXOIOuFu+n764vKn18d+u |
|
20 |
uVAEzk1576pxTp4pQPzJfdNLrLeQ8vyCshoFU+MYJtp1UA+h2JoO0Y8oGvywbUxH |
|
21 |
ioHN5PvnzObfAM4XaDQohmfxM9Uc7Wp4xKAc1nUq5hwBrHpjFMRSz6UCfMoJSGIi |
|
22 |
+3xJMkNCjL0XEw5NKVc5jRKkzSkN5j8KTM/k1jPPsDHPRYzbWWhnNtd6JlkCAwEA |
|
23 |
AaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0 |
|
24 |
ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFP2WWMDShux3iF74+SoO1xf6qhqaMB8G |
|
25 |
A1UdIwQYMBaAFGjl6TRXbQDHzSlZu+e8VeBaZMB5MA0GCSqGSIb3DQEBBQUAA4IB |
|
26 |
AQAZ/imK7UMognXbs5RfSB8cMW6iNAI+JZqe9XWjvtmLfIIPbHM96o953SiFvrvQ |
|
27 |
BZjGmmPMK3UH29cjzDx1R/RQaYTyMrHyTePLh3BMd5mpJ/9eeJCSxPzE2ECqWRUa |
|
28 |
pkjukecFXqmRItwgTxSIUE9QkpzvuQRb268PwmgroE0mwtiREADnvTFkLkdiEMew |
|
29 |
fiYxZfJJLPBqwlkw/7f1SyzXoPXnz5QbNwDmrHelga6rKSprYKb3pueqaIe8j/AP |
|
30 |
NC1/bzp8cGOcJ88BD5+Ny6qgPVCrMLE5twQumJ12V3SvjGNtzFBvg2c/9S5OmVqR |
|
31 |
LlTxKnCrWAXftSm1rNtewTsF |
|
32 |
</ds:X509Certificate></ds:X509Data> |
|
33 |
</ds:KeyInfo> |
|
34 |
</KeyDescriptor> |
|
35 |
<KeyDescriptor use="encryption"> |
|
36 |
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> |
|
37 |
<ds:KeyValue> |
|
38 |
MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEP |
|
39 |
MA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczETMBEGA1UEChMKRW50cm91 |
|
40 |
dmVydDEPMA0GA1UEAxMGRGFtaWVuMB4XDTA2MTAyNzA5MDc1NFoXDTExMTAyNjA5 |
|
41 |
MDc1NFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMF |
|
42 |
UGFyaXMxEzARBgNVBAoTCkVudHJvdXZlcnQxDzANBgNVBAMTBkRhbWllbjCCASIw |
|
43 |
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM06Hx6VgHYR9wUf/tZVVTRkVWNq |
|
44 |
h9x+PvHA2qH4OYMuqGs4Af6lU2YsZvnrmRdcFWv0+UkdAgXhReCWAZgtB1pd/W9m |
|
45 |
6qDRldCCyysow6xPPKRz/pOTwRXm/fM0QGPeXzwzj34BXOIOuFu+n764vKn18d+u |
|
46 |
uVAEzk1576pxTp4pQPzJfdNLrLeQ8vyCshoFU+MYJtp1UA+h2JoO0Y8oGvywbUxH |
|
47 |
ioHN5PvnzObfAM4XaDQohmfxM9Uc7Wp4xKAc1nUq5hwBrHpjFMRSz6UCfMoJSGIi |
|
48 |
+3xJMkNCjL0XEw5NKVc5jRKkzSkN5j8KTM/k1jPPsDHPRYzbWWhnNtd6JlkCAwEA |
|
49 |
AaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0 |
|
50 |
ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFP2WWMDShux3iF74+SoO1xf6qhqaMB8G |
|
51 |
A1UdIwQYMBaAFGjl6TRXbQDHzSlZu+e8VeBaZMB5MA0GCSqGSIb3DQEBBQUAA4IB |
|
52 |
AQAZ/imK7UMognXbs5RfSB8cMW6iNAI+JZqe9XWjvtmLfIIPbHM96o953SiFvrvQ |
|
53 |
BZjGmmPMK3UH29cjzDx1R/RQaYTyMrHyTePLh3BMd5mpJ/9eeJCSxPzE2ECqWRUa |
|
54 |
pkjukecFXqmRItwgTxSIUE9QkpzvuQRb268PwmgroE0mwtiREADnvTFkLkdiEMew |
|
55 |
fiYxZfJJLPBqwlkw/7f1SyzXoPXnz5QbNwDmrHelga6rKSprYKb3pueqaIe8j/AP |
|
56 |
NC1/bzp8cGOcJ88BD5+Ny6qgPVCrMLE5twQumJ12V3SvjGNtzFBvg2c/9S5OmVqR |
|
57 |
LlTxKnCrWAXftSm1rNtewTsF |
|
58 |
</ds:KeyValue> |
|
59 |
</ds:KeyInfo> |
|
60 |
</KeyDescriptor> |
|
61 | ||
62 |
<ArtifactResolutionService isDefault="true" index="0" |
|
63 |
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" |
|
64 |
Location="http://idp5/artifact" /> |
|
65 |
<SingleLogoutService |
|
66 |
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" |
|
67 |
Location="http://idp5/singleLogoutSOAP" /> |
|
68 |
<SingleLogoutService |
|
69 |
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" |
|
70 |
Location="http://idp5/singleLogout" |
|
71 |
ResponseLocation="http://idp5/singleLogoutReturn" /> |
|
72 |
<ManageNameIDService |
|
73 |
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" |
|
74 |
Location="http://idp5/manageNameIdSOAP" /> |
|
75 |
<ManageNameIDService |
|
76 |
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" |
|
77 |
Location="http://idp5/manageNameId" |
|
78 |
ResponseLocation="http://idp5/manageNameIdReturn" /> |
|
79 |
<SingleSignOnService |
|
80 |
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" |
|
81 |
Location="http://idp5/singleSignOn" /> |
|
82 |
<SingleSignOnService |
|
83 |
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" |
|
84 |
Location="http://idp5/singleSignOnSOAP" /> |
|
85 |
</IDPSSODescriptor> |
|
86 |
<AuthnAuthorityDescriptor |
|
87 |
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> |
|
88 |
<AuthnQueryService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://idp6/authnQueryService"/> |
|
89 |
<AssertionIDRequestService Binding="urn:oasis:names:tc:SAML:2.0:bindings:URI" Location="http://idp6/authnAuthAssertionIDRequestService"/> |
|
90 |
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat> |
|
91 |
</AuthnAuthorityDescriptor> |
|
92 |
<PDPDescriptor |
|
93 |
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> |
|
94 |
<AuthzService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://idp6/authzService"/> |
|
95 |
<AssertionIDRequestService Binding="urn:oasis:names:tc:SAML:2.0:bindings:URI" Location="http://idp6/PDPAuthAssertionIDRequestService"/> |
|
96 |
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:kerberos</NameIDFormat> |
|
97 |
</PDPDescriptor> |
|
98 |
<AttributeAuthorityDescriptor |
|
99 |
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> |
|
100 |
<AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://idp6/attributeService"/> |
|
101 |
<AssertionIDRequestService Binding="urn:oasis:names:tc:SAML:2.0:bindings:URI" Location="http://idp6/AttributeAuthAssertionIDRequestService"/> |
|
102 |
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</NameIDFormat> |
|
103 |
</AttributeAuthorityDescriptor> |
|
104 |
<Organization> |
|
105 |
<OrganizationName xml:lang="en">Entr'ouvert</OrganizationName> |
|
106 |
</Organization> |
|
107 | ||
108 |
</EntityDescriptor> |
tests/public-key.pem | ||
---|---|---|
1 |
-----BEGIN CERTIFICATE----- |
|
2 |
MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEP |
|
3 |
MA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczETMBEGA1UEChMKRW50cm91 |
|
4 |
dmVydDEPMA0GA1UEAxMGRGFtaWVuMB4XDTA2MTAyNzA5MDc1NFoXDTExMTAyNjA5 |
|
5 |
MDc1NFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMF |
|
6 |
UGFyaXMxEzARBgNVBAoTCkVudHJvdXZlcnQxDzANBgNVBAMTBkRhbWllbjCCASIw |
|
7 |
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM06Hx6VgHYR9wUf/tZVVTRkVWNq |
|
8 |
h9x+PvHA2qH4OYMuqGs4Af6lU2YsZvnrmRdcFWv0+UkdAgXhReCWAZgtB1pd/W9m |
|
9 |
6qDRldCCyysow6xPPKRz/pOTwRXm/fM0QGPeXzwzj34BXOIOuFu+n764vKn18d+u |
|
10 |
uVAEzk1576pxTp4pQPzJfdNLrLeQ8vyCshoFU+MYJtp1UA+h2JoO0Y8oGvywbUxH |
|
11 |
ioHN5PvnzObfAM4XaDQohmfxM9Uc7Wp4xKAc1nUq5hwBrHpjFMRSz6UCfMoJSGIi |
|
12 |
+3xJMkNCjL0XEw5NKVc5jRKkzSkN5j8KTM/k1jPPsDHPRYzbWWhnNtd6JlkCAwEA |
|
13 |
AaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0 |
|
14 |
ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFP2WWMDShux3iF74+SoO1xf6qhqaMB8G |
|
15 |
A1UdIwQYMBaAFGjl6TRXbQDHzSlZu+e8VeBaZMB5MA0GCSqGSIb3DQEBBQUAA4IB |
|
16 |
AQAZ/imK7UMognXbs5RfSB8cMW6iNAI+JZqe9XWjvtmLfIIPbHM96o953SiFvrvQ |
|
17 |
BZjGmmPMK3UH29cjzDx1R/RQaYTyMrHyTePLh3BMd5mpJ/9eeJCSxPzE2ECqWRUa |
|
18 |
pkjukecFXqmRItwgTxSIUE9QkpzvuQRb268PwmgroE0mwtiREADnvTFkLkdiEMew |
|
19 |
fiYxZfJJLPBqwlkw/7f1SyzXoPXnz5QbNwDmrHelga6rKSprYKb3pueqaIe8j/AP |
|
20 |
NC1/bzp8cGOcJ88BD5+Ny6qgPVCrMLE5twQumJ12V3SvjGNtzFBvg2c/9S5OmVqR |
|
21 |
LlTxKnCrWAXftSm1rNtewTsF |
|
22 |
-----END CERTIFICATE----- |
tests/sp-private-key.pem | ||
---|---|---|
1 |
-----BEGIN RSA PRIVATE KEY----- |
|
2 |
MIIEowIBAAKCAQEAzTofHpWAdhH3BR/+1lVVNGRVY2qH3H4+8cDaofg5gy6oazgB |
|
3 |
/qVTZixm+euZF1wVa/T5SR0CBeFF4JYBmC0HWl39b2bqoNGV0ILLKyjDrE88pHP+ |
|
4 |
k5PBFeb98zRAY95fPDOPfgFc4g64W76fvri8qfXx3665UATOTXnvqnFOnilA/Ml9 |
|
5 |
00ust5Dy/IKyGgVT4xgm2nVQD6HYmg7Rjyga/LBtTEeKgc3k++fM5t8AzhdoNCiG |
|
6 |
Z/Ez1RztanjEoBzWdSrmHAGsemMUxFLPpQJ8yglIYiL7fEkyQ0KMvRcTDk0pVzmN |
|
7 |
EqTNKQ3mPwpMz+TWM8+wMc9FjNtZaGc213omWQIDAQABAoIBAEPj5keHzWdBqiXX |
|
8 |
38WnlPgv+M9afndCjDANTEYoh14OIUjWzlIe/ufd6HLkrVA89hkwgQbewbyQOT2C |
|
9 |
YiSlQLl0PlKMCTIKIzVHD07HvXNTAwykEqNfTZChSYEa1/Ixre+MXvugF8nwdKxk |
|
10 |
8xN0qXTQF6OXeVYvQNAAdng743YON4ubqKlEezIwnfG/jcoZrGkiTpx+k1JXJsZN |
|
11 |
4dHKFP12RRhUTGjaOkBo41w8GNKQLFpy1vqAOYMyi1SJcrwpAu3H0iQug9SylQaM |
|
12 |
bFjt8j/m13gu3zXIJbi8xbyg3nqpxl9dxcZG/cDA9z2tLu/h3G3nPq7CXvkZxmjl |
|
13 |
ePvOCwECgYEA9zbwYMtd8tT3PHtrCtjwkfxV0dvMmfNw/rRT4ShWtKLmgX+K9nz/ |
|
14 |
T4qpbehz4z7OvsLjQ6Bt6wjMNMw9SEBeEMyDVTpmzSD2PowARegmeLX4CsilqHHl |
|
15 |
/AMYUtywEQ2f65/CWPiMIt8mLnEyJ/dsyVLpuzGUNNt34Yaqpu2qXnUCgYEA1IUy |
|
16 |
PObmTh3I8ZyESyGhbu2TYs0A8Zy6eTIAv0ijOIpmUykzjE5pR9sB3nYEd4GTHPEv |
|
17 |
hF6SWfNIDDr83TqThJYzkFyXMCxiVLH55U42wlsvwp4jTnOI3K/7Y7U/lEmBlgcl |
|
18 |
JbIIv1t9okg3+Kuu4i7iB6JR89cSO/Wfcdu/c9UCgYAHE5eF7cxeqyH4pT/HK7aX |
|
19 |
NzXtr/EHZySQ5fCQvWrd+NvIUTJVI/ba/AklkEXg92dLpqCCyxDabYIK8N3AN7d5 |
|
20 |
m6EWy3kt3geueqt3VNHlGrBi/qNfUwNWV3BWzuJrWox9XjFeAp9gUCrzoWHiKv7+ |
|
21 |
NFVkemLXsICaABTaemsqEQKBgQDJJ4n1u1gieG7Kwqs1sg9rP9RRoFlUWFTogjvS |
|
22 |
0p4r1lQkQstX8qAUM2gBeROhSjRFIMUpNZqxKWT4rpzJibg3tzP3YKx6HIi2Qf+W |
|
23 |
3AFY1ZbPT397sj/JI4l/Rv93DFxr9TdkBq/g8GhqQpE3/sj5rgaj0zBe7SOFPWg+ |
|
24 |
DRGaQQKBgEEcSF5KmpIHnhi3WlfGiEtx3kcD63orKME0YYA5BM6wnmRT4QiSw+qj |
|
25 |
i7ljrKGSbmdMFC3ArM42/k2lXYpVLsYWmyaRYSgbdowxLM1XxDJMFIPR2uG6N+vi |
|
26 |
HzWkRxi2SXKU42vfs5eA0itHvQP2DfUx8VuvtwVbOxDGgntYia70 |
|
27 |
-----END RSA PRIVATE KEY----- |
tests/test_default_adapter.py | ||
---|---|---|
17 | 17 |
saml_attributes = { |
18 | 18 |
'name_id_format': lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT, |
19 | 19 |
'name_id_content': 'x' * 32, |
20 |
'issuer': 'https://cresson.entrouvert.org/idp/saml2/metadata',
|
|
20 |
'issuer': 'http://idp5/metadata',
|
|
21 | 21 |
'username': ['foobar'], |
22 | 22 |
'email': ['test@example.net'], |
23 | 23 |
'first_name': ['Foo'], |
tests/test_sso_slo.py | ||
---|---|---|
1 |
import os |
|
2 |
import lasso |
|
3 | ||
4 |
from pytest import fixture |
|
5 | ||
6 |
from django.core.urlresolvers import reverse |
|
7 | ||
8 |
from mellon.utils import create_metadata |
|
9 | ||
10 | ||
11 |
@fixture |
|
12 |
def idp_metadata(): |
|
13 |
return open('tests/metadata.xml').read() |
|
14 | ||
15 | ||
16 |
@fixture |
|
17 |
def idp_private_key(): |
|
18 |
return open('tests/idp-private-key.pem').read() |
|
19 | ||
20 | ||
21 |
@fixture |
|
22 |
def sp_private_key(): |
|
23 |
return open('tests/sp-private-key.pem').read() |
|
24 | ||
25 | ||
26 |
@fixture |
|
27 |
def public_key(): |
|
28 |
return open('tests/public-key.pem').read() |
|
29 | ||
30 | ||
31 |
@fixture |
|
32 |
def sp_settings(private_settings, idp_metadata, sp_private_key, public_key): |
|
33 |
private_settings.MELLON_IDENTITY_PROVIDERS = [{ |
|
34 |
'METADATA': idp_metadata, |
|
35 |
}] |
|
36 |
private_settings.MELLON_PUBLIC_KEYS = [public_key] |
|
37 |
private_settings.MELLON_PRIVATE_KEYS = [sp_private_key] |
|
38 |
private_settings.MELLON_NAME_ID_POLICY_FORMAT = lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT |
|
39 |
private_settings.LOGIN_REDIRECT_URL = '/' |
|
40 |
return private_settings |
|
41 | ||
42 | ||
43 |
@fixture |
|
44 |
def sp_metadata(sp_settings, rf): |
|
45 |
request = rf.get('/') |
|
46 |
return create_metadata(request) |
|
47 | ||
48 | ||
49 |
class MockIdp(object): |
|
50 |
def __init__(self, idp_metadata, private_key, sp_metadata): |
|
51 |
self.server = server = lasso.Server.newFromBuffers(idp_metadata, private_key) |
|
52 |
server.addProviderFromBuffer(lasso.PROVIDER_ROLE_SP, sp_metadata) |
|
53 | ||
54 |
def process_authn_request_redirect(self, url, auth_result=True, consent=True): |
|
55 |
login = lasso.Login(self.server) |
|
56 |
login.processAuthnRequestMsg(url.split('?', 1)[1]) |
|
57 |
try: |
|
58 |
login.validateRequestMsg(auth_result, consent) |
|
59 |
except lasso.LoginRequestDeniedError: |
|
60 |
login.buildAuthnResponseMsg() |
|
61 |
else: |
|
62 |
login.buildAssertion(lasso.SAML_AUTHENTICATION_METHOD_PASSWORD, |
|
63 |
"FIXME", |
|
64 |
"FIXME", |
|
65 |
"FIXME", |
|
66 |
"FIXME") |
|
67 |
login.buildAuthnResponseMsg() |
|
68 |
return login.msgUrl, login.msgBody |
|
69 | ||
70 | ||
71 |
@fixture |
|
72 |
def idp(sp_settings, idp_metadata, idp_private_key, sp_metadata): |
|
73 |
return MockIdp(idp_metadata, idp_private_key, sp_metadata) |
|
74 | ||
75 | ||
76 |
def test_sso_slo(db, app, idp, caplog, sp_settings): |
|
77 |
response = app.get(reverse('mellon_login')) |
|
78 |
url, body = idp.process_authn_request_redirect(response['Location']) |
|
79 |
assert url.endswith(reverse('mellon_login')) |
|
80 |
response = app.post(reverse('mellon_login'), {'SAMLResponse': body}) |
|
81 |
assert 'created new user' in caplog.text() |
|
82 |
assert 'logged in using SAML' in caplog.text() |
|
83 |
assert response['Location'].endswith(sp_settings.LOGIN_REDIRECT_URL) |
|
84 | ||
85 | ||
86 |
def test_sso(db, app, idp, caplog, sp_settings): |
|
87 |
response = app.get(reverse('mellon_login')) |
|
88 |
url, body = idp.process_authn_request_redirect(response['Location']) |
|
89 |
assert url.endswith(reverse('mellon_login')) |
|
90 |
response = app.post(reverse('mellon_login'), {'SAMLResponse': body}) |
|
91 |
assert 'created new user' in caplog.text() |
|
92 |
assert 'logged in using SAML' in caplog.text() |
|
93 |
assert response['Location'].endswith(sp_settings.LOGIN_REDIRECT_URL) |
|
94 | ||
95 | ||
96 |
def test_sso_request_denied(db, app, idp, caplog, sp_settings): |
|
97 |
response = app.get(reverse('mellon_login')) |
|
98 |
url, body = idp.process_authn_request_redirect(response['Location'], auth_result=False) |
|
99 |
assert url.endswith(reverse('mellon_login')) |
|
100 |
response = app.post(reverse('mellon_login'), {'SAMLResponse': body}) |
|
101 |
assert "status is not success codes: [u'urn:oasis:names:tc:SAML:2.0:status:Responder',\ |
|
102 |
u'urn:oasis:names:tc:SAML:2.0:status:RequestDenied']" in caplog.text() |
tests/test_views.py | ||
---|---|---|
170 | 170 |
response = client.get('/login/?next=%2Fwhatever') |
171 | 171 |
assert response.status_code == 302 |
172 | 172 |
params = parse_qs(urlparse(response['Location']).query) |
173 |
assert response['Location'].startswith('https://cresson.entrouvert.org/idp/saml2/sso?')
|
|
173 |
assert response['Location'].startswith('http://idp5/singleSignOn?')
|
|
174 | 174 |
assert set(params.keys()) == set(['SAMLRequest', 'RelayState']) |
175 | 175 |
assert len(params['SAMLRequest']) == 1 |
176 | 176 |
assert base64.b64decode(params['SAMLRequest'][0]) |
... | ... | |
182 | 182 |
'METADATA': open('tests/metadata.xml').read(), |
183 | 183 |
}] |
184 | 184 |
qs = urlencode({ |
185 |
'entityID': 'https://cresson.entrouvert.org/idp/saml2/metadata',
|
|
185 |
'entityID': 'http://idp5/metadata',
|
|
186 | 186 |
'next': '/whatever', |
187 | 187 |
}) |
188 | 188 |
response = client.get('/login/?' + qs) |
189 | 189 |
assert response.status_code == 302 |
190 | 190 |
params = parse_qs(urlparse(response['Location']).query) |
191 |
assert response['Location'].startswith('https://cresson.entrouvert.org/idp/saml2/sso?')
|
|
191 |
assert response['Location'].startswith('http://idp5/singleSignOn?')
|
|
192 | 192 |
assert set(params.keys()) == set(['SAMLRequest', 'RelayState']) |
193 | 193 |
assert len(params['SAMLRequest']) == 1 |
194 | 194 |
assert base64.b64decode(params['SAMLRequest'][0]) |
... | ... | |
204 | 204 |
response = client.get('/login/') |
205 | 205 |
assert response.status_code == 302 |
206 | 206 |
params = parse_qs(urlparse(response['Location']).query) |
207 |
assert response['Location'].startswith('https://cresson.entrouvert.org/idp/saml2/sso?')
|
|
207 |
assert response['Location'].startswith('http://idp5/singleSignOn?')
|
|
208 | 208 |
assert params.keys() == ['SAMLRequest'] |
209 | 209 |
assert len(params['SAMLRequest']) == 1 |
210 | 210 |
assert base64.b64decode(params['SAMLRequest'][0]) |
... | ... | |
225 | 225 | |
226 | 226 |
@pytest.fixture |
227 | 227 |
def artifact(): |
228 |
entity_id = 'https://cresson.entrouvert.org/idp/saml2/metadata'
|
|
228 |
entity_id = 'http://idp5/metadata'
|
|
229 | 229 |
token = 'x' * 20 |
230 | 230 |
return base64.b64encode('\x00\x04\x00\x00' + hashlib.sha1(entity_id).digest() + token) |
231 | 231 |
tests/urls_tests.py | ||
---|---|---|
1 |
import django |
|
2 | ||
3 |
from django.conf.urls import patterns, url, include |
|
4 |
from django.http import HttpResponse |
|
5 | ||
6 | ||
7 |
def homepage(request): |
|
8 |
return HttpResponse('ok') |
|
9 | ||
10 |
urlpatterns = [ |
|
11 |
url('^', include('mellon.urls')), |
|
12 |
url('^$', homepage, name='homepage'), |
|
13 |
] |
|
14 | ||
15 |
if django.VERSION < (1, 9): |
|
16 |
urlpatterns = patterns('', *urlpatterns) |
testsettings.py | ||
---|---|---|
12 | 12 |
} |
13 | 13 |
} |
14 | 14 |
DEBUG = True |
15 |
SECRET_KEY='xx'
|
|
15 |
SECRET_KEY = 'xx'
|
|
16 | 16 |
STATIC_URL = '/static/' |
17 |
INSTALLED_APPS = ('mellon', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions') |
|
17 |
INSTALLED_APPS = ('mellon', 'django.contrib.auth', |
|
18 |
'django.contrib.contenttypes', 'django.contrib.sessions') |
|
18 | 19 |
MIDDLEWARE_CLASSES = global_settings.MIDDLEWARE_CLASSES |
19 | 20 |
MIDDLEWARE_CLASSES += ( |
20 | 21 |
'django.contrib.sessions.middleware.SessionMiddleware', |
... | ... | |
23 | 24 |
AUTHENTICATION_BACKENDS = ( |
24 | 25 |
'mellon.backends.SAMLBackend', |
25 | 26 |
) |
26 |
ROOT_URLCONF = 'mellon.urls'
|
|
27 |
ROOT_URLCONF = 'urls_tests'
|
|
27 | 28 |
TEMPLATE_DIRS = [ |
28 | 29 |
'tests/templates/', |
29 | 30 |
] |
30 |
if django.VERSION >= (1,8): |
|
31 |
if django.VERSION >= (1, 8):
|
|
31 | 32 |
TEMPLATES = [ |
32 | 33 |
{ |
33 | 34 |
'BACKEND': 'django.template.backends.django.DjangoTemplates', |
34 |
- |