Merge pull request #409 from johanlundberg/name_id_policy_allow_create_from_conf
Allow to configuration option name_id_format_allow_create for sp config
This commit is contained in:
commit
47e1b34f6c
|
@ -207,7 +207,7 @@ class Base(Entity):
|
|||
nameid_format=None,
|
||||
service_url_binding=None, message_id=0,
|
||||
consent=None, extensions=None, sign=None,
|
||||
allow_create=False, sign_prepare=False, sign_alg=None,
|
||||
allow_create=None, sign_prepare=False, sign_alg=None,
|
||||
digest_alg=None, **kwargs):
|
||||
""" Creates an authentication request.
|
||||
|
||||
|
@ -288,10 +288,15 @@ class Base(Entity):
|
|||
args["name_id_policy"] = kwargs["name_id_policy"]
|
||||
del kwargs["name_id_policy"]
|
||||
except KeyError:
|
||||
if allow_create:
|
||||
allow_create = "true"
|
||||
else:
|
||||
allow_create = "false"
|
||||
if allow_create is None:
|
||||
allow_create = self.config.getattr("name_id_format_allow_create", "sp")
|
||||
if allow_create is None:
|
||||
allow_create = "false"
|
||||
else:
|
||||
if allow_create is True:
|
||||
allow_create = "true"
|
||||
else:
|
||||
allow_create = "false"
|
||||
|
||||
if nameid_format == "":
|
||||
name_id_policy = None
|
||||
|
|
|
@ -73,6 +73,7 @@ SP_ARGS = [
|
|||
"allow_unsolicited",
|
||||
"ecp",
|
||||
"name_id_format",
|
||||
"name_id_format_allow_create",
|
||||
"logout_requests_signed",
|
||||
"requested_attribute_name_format"
|
||||
]
|
||||
|
@ -187,6 +188,7 @@ class Config(object):
|
|||
self.contact_person = None
|
||||
self.name_form = None
|
||||
self.name_id_format = None
|
||||
self.name_id_format_allow_create = None
|
||||
self.virtual_organization = None
|
||||
self.logger = None
|
||||
self.only_use_keys_in_metadata = True
|
||||
|
|
|
@ -0,0 +1,64 @@
|
|||
from pathutils import full_path
|
||||
from pathutils import xmlsec_path
|
||||
|
||||
CONFIG = {
|
||||
"entityid": "urn:mace:example.com:saml:roland:sp",
|
||||
"name": "urn:mace:example.com:saml:roland:sp",
|
||||
"description": "My own SP",
|
||||
"service": {
|
||||
"sp": {
|
||||
"endpoints": {
|
||||
"assertion_consumer_service": [
|
||||
"http://lingon.catalogix.se:8087/"],
|
||||
},
|
||||
"required_attributes": ["surName", "givenName", "mail"],
|
||||
"optional_attributes": ["title"],
|
||||
"idp": ["urn:mace:example.com:saml:roland:idp"],
|
||||
"name_id_format": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
|
||||
"name_id_format_allow_create": "true"
|
||||
}
|
||||
},
|
||||
"debug": 1,
|
||||
"key_file": full_path("test.key"),
|
||||
"cert_file": full_path("test.pem"),
|
||||
"encryption_keypairs": [{"key_file": full_path("test_1.key"), "cert_file": full_path("test_1.crt")},
|
||||
{"key_file": full_path("test_2.key"), "cert_file": full_path("test_2.crt")}],
|
||||
"ca_certs": full_path("cacerts.txt"),
|
||||
"xmlsec_binary": xmlsec_path,
|
||||
"metadata": [{
|
||||
"class": "saml2.mdstore.MetaDataFile",
|
||||
"metadata": [(full_path("idp.xml"), ), (full_path("vo_metadata.xml"), )],
|
||||
}],
|
||||
"virtual_organization": {
|
||||
"urn:mace:example.com:it:tek": {
|
||||
"nameid_format": "urn:oid:1.3.6.1.4.1.1466.115.121.1.15-NameID",
|
||||
"common_identifier": "umuselin",
|
||||
}
|
||||
},
|
||||
"subject_data": "subject_data.db",
|
||||
"accepted_time_diff": 60,
|
||||
"attribute_map_dir": full_path("attributemaps"),
|
||||
"valid_for": 6,
|
||||
"organization": {
|
||||
"name": ("AB Exempel", "se"),
|
||||
"display_name": ("AB Exempel", "se"),
|
||||
"url": "http://www.example.org",
|
||||
},
|
||||
"contact_person": [{
|
||||
"given_name": "Roland",
|
||||
"sur_name": "Hedberg",
|
||||
"telephone_number": "+46 70 100 0000",
|
||||
"email_address": ["tech@eample.com",
|
||||
"tech@example.org"],
|
||||
"contact_type": "technical"
|
||||
},
|
||||
],
|
||||
"logger": {
|
||||
"rotating": {
|
||||
"filename": full_path("sp.log"),
|
||||
"maxBytes": 100000,
|
||||
"backupCount": 5,
|
||||
},
|
||||
"loglevel": "info",
|
||||
}
|
||||
}
|
|
@ -280,6 +280,26 @@ class TestClient:
|
|||
assert nid_policy.allow_create == "false"
|
||||
assert nid_policy.format == saml.NAMEID_FORMAT_TRANSIENT
|
||||
|
||||
def test_create_auth_request_nameid_policy_allow_create(self):
|
||||
conf = config.SPConfig()
|
||||
conf.load_file("sp_conf_nameidpolicy")
|
||||
client = Saml2Client(conf)
|
||||
ar_str = "%s" % client.create_authn_request(
|
||||
"http://www.example.com/sso", message_id="id1")[1]
|
||||
|
||||
ar = samlp.authn_request_from_string(ar_str)
|
||||
print(ar)
|
||||
assert ar.assertion_consumer_service_url == ("http://lingon.catalogix"
|
||||
".se:8087/")
|
||||
assert ar.destination == "http://www.example.com/sso"
|
||||
assert ar.protocol_binding == BINDING_HTTP_POST
|
||||
assert ar.version == "2.0"
|
||||
assert ar.provider_name == "urn:mace:example.com:saml:roland:sp"
|
||||
assert ar.issuer.text == "urn:mace:example.com:saml:roland:sp"
|
||||
nid_policy = ar.name_id_policy
|
||||
assert nid_policy.allow_create == "true"
|
||||
assert nid_policy.format == saml.NAMEID_FORMAT_PERSISTENT
|
||||
|
||||
def test_create_auth_request_vo(self):
|
||||
assert list(self.client.config.vorg.keys()) == [
|
||||
"urn:mace:example.com:it:tek"]
|
||||
|
|
|
@ -2,3 +2,4 @@ mock==2.0.0
|
|||
pymongo==3.0.1
|
||||
pytest==3.0.3
|
||||
responses==0.5.0
|
||||
pyasn1==0.2.3
|
||||
|
|
Loading…
Reference in New Issue