72 |
72 |
sp_meta = self.get_sp_metadata(base_url=base_url)
|
73 |
73 |
idp_meta = self.get_idp_metadata()
|
74 |
74 |
server = lasso.Server.newFromBuffers(sp_meta)
|
|
75 |
server.signatureMethod = lasso.SIGNATURE_METHOD_RSA_SHA256
|
75 |
76 |
server.addProviderFromBuffer(lasso.PROVIDER_ROLE_IDP, idp_meta)
|
76 |
77 |
return server
|
77 |
78 |
|
... | ... | |
213 |
214 |
url_parsed = urlparse.urlparse(login.msgUrl)
|
214 |
215 |
self.assertEqual(url_parsed.path, reverse('a2-idp-saml-sso'),
|
215 |
216 |
'msgUrl should target the sso endpoint')
|
|
217 |
if sign:
|
|
218 |
assert 'rsa-sha256' in login.msgUrl
|
216 |
219 |
return login.msgUrl, login.msgBody, request.id
|
217 |
220 |
|
218 |
221 |
def parse_authn_response(self, saml_response):
|
... | ... | |
291 |
294 |
self.assertIn('SAMLResponse', doc.forms[0].fields)
|
292 |
295 |
saml_response = doc.forms[0].fields['SAMLResponse']
|
293 |
296 |
try:
|
294 |
|
base64.b64decode(saml_response)
|
|
297 |
decoded_saml_response = base64.b64decode(saml_response)
|
295 |
298 |
except TypeError:
|
296 |
299 |
self.fail('SAMLResponse is not base64 encoded: %s'
|
297 |
300 |
% saml_response)
|
|
301 |
assert b'rsa-sha256' in decoded_saml_response
|
298 |
302 |
with self.assertRaises(lasso.ProfileRequestDeniedError):
|
299 |
303 |
assertion = self.parse_authn_response(saml_response)
|
300 |
304 |
elif not authorized_service:
|
... | ... | |
335 |
339 |
self.assertIn('SAMLResponse', doc.forms[0].fields)
|
336 |
340 |
saml_response = doc.forms[0].fields['SAMLResponse']
|
337 |
341 |
try:
|
338 |
|
base64.b64decode(saml_response)
|
|
342 |
decoded_saml_response = base64.b64decode(saml_response)
|
339 |
343 |
except TypeError:
|
340 |
344 |
self.fail('SAMLResponse is not base64 encoded: %s' % saml_response)
|
|
345 |
assert b'rsa-sha256' in decoded_saml_response
|
341 |
346 |
login = self.parse_authn_response(saml_response)
|
342 |
347 |
assertion = login.assertion
|
343 |
348 |
session_not_on_or_after = login.assertion.authnStatement[0].sessionNotOnOrAfter
|
344 |
|
-
|