summaryrefslogtreecommitdiff
path: root/keystone_tempest_plugin/services/identity/v3/saml2_client.py
diff options
context:
space:
mode:
Diffstat (limited to 'keystone_tempest_plugin/services/identity/v3/saml2_client.py')
-rw-r--r--keystone_tempest_plugin/services/identity/v3/saml2_client.py92
1 files changed, 0 insertions, 92 deletions
diff --git a/keystone_tempest_plugin/services/identity/v3/saml2_client.py b/keystone_tempest_plugin/services/identity/v3/saml2_client.py
deleted file mode 100644
index b70a389..0000000
--- a/keystone_tempest_plugin/services/identity/v3/saml2_client.py
+++ /dev/null
@@ -1,92 +0,0 @@
1# Copyright 2016 Red Hat, Inc.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
15from lxml import etree
16import requests
17
18
19class Saml2Client(object):
20
21 ECP_SP_EMPTY_REQUEST_HEADERS = {
22 'Accept': 'text/html, application/vnd.paos+xml',
23 'PAOS': ('ver="urn:liberty:paos:2003-08";"urn:oasis:names:tc:'
24 'SAML:2.0:profiles:SSO:ecp"')
25 }
26
27 ECP_SP_SAML2_REQUEST_HEADERS = {'Content-Type': 'application/vnd.paos+xml'}
28
29 def __init__(self):
30 self.reset_session()
31
32 def reset_session(self):
33 self.session = requests.Session()
34
35 def _idp_auth_url(self, keystone_v3_endpoint, idp_id, protocol_id):
36 subpath = 'OS-FEDERATION/identity_providers/%s/protocols/%s/auth' % (
37 idp_id, protocol_id)
38 return '%s/%s' % (keystone_v3_endpoint, subpath)
39
40 def send_service_provider_request(self, keystone_v3_endpoint,
41 idp_id, protocol_id):
42 return self.session.get(
43 self._idp_auth_url(keystone_v3_endpoint, idp_id, protocol_id),
44 headers=self.ECP_SP_EMPTY_REQUEST_HEADERS
45 )
46
47 def _prepare_sp_saml2_authn_response(self, saml2_idp_authn_response,
48 relay_state):
49 # Replace the header contents of the Identity Provider response with
50 # the relay state initially sent by the Service Provider. The response
51 # is a SOAP envelope with the following structure:
52 #
53 # <S:Envelope
54 # <S:Header>
55 # ...
56 # </S:Header>
57 # <S:Body>
58 # ...
59 # </S:Body>
60 # </S:Envelope>
61 saml2_idp_authn_response[0][0] = relay_state
62
63 def send_identity_provider_authn_request(self, saml2_authn_request,
64 idp_url, username, password):
65
66 saml2_authn_request.remove(saml2_authn_request[0])
67 return self.session.post(
68 idp_url,
69 headers={'Content-Type': 'text/xml'},
70 data=etree.tostring(saml2_authn_request),
71 auth=(username, password)
72 )
73
74 def send_service_provider_saml2_authn_response(
75 self, saml2_idp_authn_response, relay_state, idp_consumer_url):
76
77 self._prepare_sp_saml2_authn_response(
78 saml2_idp_authn_response, relay_state)
79
80 return self.session.post(
81 idp_consumer_url,
82 headers=self.ECP_SP_SAML2_REQUEST_HEADERS,
83 data=etree.tostring(saml2_idp_authn_response),
84 # Do not follow HTTP redirect
85 allow_redirects=False
86 )
87
88 def send_service_provider_unscoped_token_request(self, sp_url):
89 return self.session.get(
90 sp_url,
91 headers=self.ECP_SP_SAML2_REQUEST_HEADERS
92 )