0001-check_hobo-delete-orphan-idp-from-configuration-5438.patch
tests/idp2_metadata.xml | ||
---|---|---|
1 |
<?xml version="1.0"?> |
|
2 |
<ns0:EntityDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" entityID="http://authentic2.example.net/idp/saml2/metadata"> |
|
3 |
<ns0:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> |
|
4 |
<ns0:KeyDescriptor> |
|
5 |
<ns1:KeyInfo> |
|
6 |
<ns1:X509Data> |
|
7 |
<ns1:X509Certificate>MIIDKTCCAhGgAwIBAgIUAZvHckWYsjUA9g5NoWeVThoHiPcwDQYJKoZIhvcNAQEL BQAwJDEiMCAGA1UEAwwZYXV0aGVudGljLmRldi5wdWJsaWsubG92ZTAeFw0yMTEx MDIxMzEwMTRaFw0zMTExMDIxMzEwMTRaMCQxIjAgBgNVBAMMGWF1dGhlbnRpYy5k ZXYucHVibGlrLmxvdmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+ vkmsB8DpBfDiwWOmRPD8I5e+Lhi6sb70T1y23ZvZ7PDBmPO0KQ96qp1BANOEWOVV OkCjwXgJg1NqdbnmqEEZyVYFvPw67nzPRaFVSCoBqIheTfY6yfUlFyFHNDXlhhXE FqL2WFUa7ANmPIVQMDo8vXOh8L33Ks5UJXKNpEIlNYJfOpxxo5xrJ+lcmrLqfdzk 7lBRuO1qm9a4jcI5ehwTU76PdMj6PjhH6NO5DfV3Fhe0/ovIXI0cjCUM1jMn4zhb G7hY4uWCYoGtI9czKUoP05++BtEX0hlJm3auHVD6a0iXsa5AXm9QWMfG5OCdRxNx SPsbJrZgSaH3QbRSkXvlAgMBAAGjUzBRMB0GA1UdDgQWBBR1TZp46wgtXoQyEwkX 8gyokc6GtzAfBgNVHSMEGDAWgBR1TZp46wgtXoQyEwkX8gyokc6GtzAPBgNVHRMB Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCZ9EDUHQBZsCk0keM31UO7IvwU dRvcaJwBABfjPl1RbolW1F997qUYjVaZXLRIduGBy9pIdEu9PYdpg4WT/lEa4JCV k7C1QJ6bio1GI0nTzVhbmd2Z1yr87ymEya95irlmdHiLA30CvyhDe6y5IlWiuUKG ol4u40DgzA9jS+qR9RHg4wwxDIixKV3XLQxiChM4sF2SlJdqpPgzlPFH7nqgHP4Q LUtSr0wmKf9DdwiI6QsgN2GLG9n15oU9kmAgezOW0N8p+VBAP+eK4sbVIDfUcvx4 8Nj/JyI1gCNZRTRCLHGs1KnDDQ0EtMCPtWlGO0kDypg4vgwm1lxdW2+xB7ym</ns1:X509Certificate> |
|
8 |
</ns1:X509Data> |
|
9 |
</ns1:KeyInfo> |
|
10 |
</ns0:KeyDescriptor> |
|
11 |
<ns0:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://authentic2.example.net/idp/saml2/artifact" index="0"/> |
|
12 |
<ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://authentic2.example.net/idp/saml2/slo" ResponseLocation="http://authentic2.example.net/idp/saml2/slo_return"/> |
|
13 |
<ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://authentic2.example.net/idp/saml2/slo" ResponseLocation="http://authentic2.example.net/idp/saml2/slo_return"/> |
|
14 |
<ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://authentic2.example.net/idp/saml2/slo/soap"/> |
|
15 |
<ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://authentic2.example.net/idp/saml2/sso"/> |
|
16 |
<ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://authentic2.example.net/idp/saml2/sso"/> |
|
17 |
</ns0:IDPSSODescriptor> |
|
18 |
</ns0:EntityDescriptor> |
tests/test_hobo.py | ||
---|---|---|
363 | 363 |
# with real metadata |
364 | 364 |
hobo_cmd.configure_authentication_methods(service, pub) |
365 | 365 | |
366 |
assert len(pub.cfg['idp'].keys()) == 1 |
|
366 |
idp_keys = list(pub.cfg['idp'].keys()) |
|
367 |
assert len(idp_keys) == 1 |
|
368 |
assert pub.cfg['idp'][idp_keys[0]]['metadata_url'] == 'http://authentic.example.net/idp/saml2/metadata' |
|
367 | 369 |
assert pub.cfg['saml_identities']['registration-url'] |
368 | 370 |
assert pub.cfg['sp']['idp-manage-user-attributes'] |
369 | 371 |
assert pub.cfg['sp']['idp-manage-roles'] |
370 | 372 |
assert pub.get_site_option('idp_account_url', 'variables').endswith('/accounts/') |
371 | 373 |
assert pub.get_site_option('idp_session_cookie_name') == 'a2-opened-session-5aef2f' |
372 | 374 | |
375 |
# change idp |
|
376 |
new_hobo_json = copy.deepcopy(HOBO_JSON) |
|
377 |
new_authentic_service = { |
|
378 |
'service-id': 'authentic', |
|
379 |
'saml-idp-metadata-url': 'http://authentic2.example.net/idp/saml2/metadata', |
|
380 |
'template_name': '', |
|
381 |
'variables': {}, |
|
382 |
'title': 'Authentic 2', |
|
383 |
'base_url': 'http://authentic2.example.net/', |
|
384 |
'id': 3, |
|
385 |
'slug': 'authentic-2', |
|
386 |
'secret_key': '6789', |
|
387 |
} |
|
388 |
index = None |
|
389 |
for i, service in enumerate(new_hobo_json['services']): |
|
390 |
if service['service-id'] == 'authentic': |
|
391 |
index = i |
|
392 |
break |
|
393 |
new_hobo_json['services'][index] = new_authentic_service |
|
394 |
try: |
|
395 |
hobo_cmd.all_services = new_hobo_json |
|
396 | ||
397 |
hobo_cmd.configure_authentication_methods(service, pub) |
|
398 |
idp_keys = list(pub.cfg['idp'].keys()) |
|
399 |
assert len(idp_keys) == 1 |
|
400 |
# idp changed |
|
401 |
assert ( |
|
402 |
pub.cfg['idp'][idp_keys[0]]['metadata_url'] == 'http://authentic2.example.net/idp/saml2/metadata' |
|
403 |
) |
|
404 |
finally: |
|
405 |
hobo_cmd.all_services = HOBO_JSON |
|
406 | ||
373 | 407 | |
374 | 408 |
def test_deploy(): |
375 | 409 |
cleanup() |
tests/utilities.py | ||
---|---|---|
363 | 363 | |
364 | 364 |
with open(os.path.join(os.path.dirname(__file__), 'idp_metadata.xml')) as fd: |
365 | 365 |
metadata = fd.read() |
366 |
with open(os.path.join(os.path.dirname(__file__), 'idp2_metadata.xml')) as fd: |
|
367 |
metadata2 = fd.read() |
|
368 | ||
366 | 369 |
geojson = { |
367 | 370 |
'features': [ |
368 | 371 |
{ |
... | ... | |
418 | 421 |
), |
419 | 422 |
'http://remote.example.net/connection-error': (None, None, None), |
420 | 423 |
'http://authentic.example.net/idp/saml2/metadata': (200, metadata, None), |
424 |
'http://authentic2.example.net/idp/saml2/metadata': (200, metadata2, None), |
|
421 | 425 |
}.get(base_url, (200, '', {})) |
422 | 426 | |
423 | 427 |
if url.startswith('file://'): |
wcs/ctl/check_hobos.py | ||
---|---|---|
346 | 346 |
# automatically and we don't want to lose our changes. |
347 | 347 |
pub.write_cfg() |
348 | 348 | |
349 |
if 'idp' in pub.cfg: |
|
350 |
idp_urls = [idp['saml-idp-metadata-url'] for idp in idps] |
|
351 |
# clean up configuration |
|
352 |
to_delete = [] |
|
353 |
for idp_key, idp in pub.cfg['idp'].items(): |
|
354 |
if idp['metadata_url'] not in idp_urls: |
|
355 |
to_delete.append(idp_key) |
|
356 |
for idp_key in to_delete: |
|
357 |
del pub.cfg['idp'][idp_key] |
|
358 |
pub.write_cfg() |
|
359 | ||
349 | 360 |
for idp in idps: |
350 | 361 |
if not idp['base_url'].endswith('/'): |
351 | 362 |
idp['base_url'] = idp['base_url'] + '/' |
352 |
- |