diff options
Diffstat (limited to 'keystone_tempest_plugin/services/identity/v3/saml2_client.py')
-rw-r--r-- | keystone_tempest_plugin/services/identity/v3/saml2_client.py | 92 |
1 files changed, 0 insertions, 92 deletions
diff --git a/keystone_tempest_plugin/services/identity/v3/saml2_client.py b/keystone_tempest_plugin/services/identity/v3/saml2_client.py deleted file mode 100644 index b70a389..0000000 --- a/keystone_tempest_plugin/services/identity/v3/saml2_client.py +++ /dev/null | |||
@@ -1,92 +0,0 @@ | |||
1 | # Copyright 2016 Red Hat, Inc. | ||
2 | # | ||
3 | # Licensed under the Apache License, Version 2.0 (the "License"); you may | ||
4 | # not use this file except in compliance with the License. You may obtain | ||
5 | # a copy of the License at | ||
6 | # | ||
7 | # http://www.apache.org/licenses/LICENSE-2.0 | ||
8 | # | ||
9 | # Unless required by applicable law or agreed to in writing, software | ||
10 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
11 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
12 | # License for the specific language governing permissions and limitations | ||
13 | # under the License. | ||
14 | |||
15 | from lxml import etree | ||
16 | import requests | ||
17 | |||
18 | |||
19 | class Saml2Client(object): | ||
20 | |||
21 | ECP_SP_EMPTY_REQUEST_HEADERS = { | ||
22 | 'Accept': 'text/html, application/vnd.paos+xml', | ||
23 | 'PAOS': ('ver="urn:liberty:paos:2003-08";"urn:oasis:names:tc:' | ||
24 | 'SAML:2.0:profiles:SSO:ecp"') | ||
25 | } | ||
26 | |||
27 | ECP_SP_SAML2_REQUEST_HEADERS = {'Content-Type': 'application/vnd.paos+xml'} | ||
28 | |||
29 | def __init__(self): | ||
30 | self.reset_session() | ||
31 | |||
32 | def reset_session(self): | ||
33 | self.session = requests.Session() | ||
34 | |||
35 | def _idp_auth_url(self, keystone_v3_endpoint, idp_id, protocol_id): | ||
36 | subpath = 'OS-FEDERATION/identity_providers/%s/protocols/%s/auth' % ( | ||
37 | idp_id, protocol_id) | ||
38 | return '%s/%s' % (keystone_v3_endpoint, subpath) | ||
39 | |||
40 | def send_service_provider_request(self, keystone_v3_endpoint, | ||
41 | idp_id, protocol_id): | ||
42 | return self.session.get( | ||
43 | self._idp_auth_url(keystone_v3_endpoint, idp_id, protocol_id), | ||
44 | headers=self.ECP_SP_EMPTY_REQUEST_HEADERS | ||
45 | ) | ||
46 | |||
47 | def _prepare_sp_saml2_authn_response(self, saml2_idp_authn_response, | ||
48 | relay_state): | ||
49 | # Replace the header contents of the Identity Provider response with | ||
50 | # the relay state initially sent by the Service Provider. The response | ||
51 | # is a SOAP envelope with the following structure: | ||
52 | # | ||
53 | # <S:Envelope | ||
54 | # <S:Header> | ||
55 | # ... | ||
56 | # </S:Header> | ||
57 | # <S:Body> | ||
58 | # ... | ||
59 | # </S:Body> | ||
60 | # </S:Envelope> | ||
61 | saml2_idp_authn_response[0][0] = relay_state | ||
62 | |||
63 | def send_identity_provider_authn_request(self, saml2_authn_request, | ||
64 | idp_url, username, password): | ||
65 | |||
66 | saml2_authn_request.remove(saml2_authn_request[0]) | ||
67 | return self.session.post( | ||
68 | idp_url, | ||
69 | headers={'Content-Type': 'text/xml'}, | ||
70 | data=etree.tostring(saml2_authn_request), | ||
71 | auth=(username, password) | ||
72 | ) | ||
73 | |||
74 | def send_service_provider_saml2_authn_response( | ||
75 | self, saml2_idp_authn_response, relay_state, idp_consumer_url): | ||
76 | |||
77 | self._prepare_sp_saml2_authn_response( | ||
78 | saml2_idp_authn_response, relay_state) | ||
79 | |||
80 | return self.session.post( | ||
81 | idp_consumer_url, | ||
82 | headers=self.ECP_SP_SAML2_REQUEST_HEADERS, | ||
83 | data=etree.tostring(saml2_idp_authn_response), | ||
84 | # Do not follow HTTP redirect | ||
85 | allow_redirects=False | ||
86 | ) | ||
87 | |||
88 | def send_service_provider_unscoped_token_request(self, sp_url): | ||
89 | return self.session.get( | ||
90 | sp_url, | ||
91 | headers=self.ECP_SP_SAML2_REQUEST_HEADERS | ||
92 | ) | ||