summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2015-07-13 16:32:02 -0400
committerPatrick Uiterwijk <puiterwijk@redhat.com>2015-07-16 15:05:01 +0200
commita8114162c2449ba64d266f19943e7999287a69da (patch)
treedaccfec2caa19eeb73077738fb82b7fe6952baa3
parentbc0c308174c5697e283be238c624922b2dc6d236 (diff)
downloadipsilon-a8114162c2449ba64d266f19943e7999287a69da.tar.gz
ipsilon-a8114162c2449ba64d266f19943e7999287a69da.tar.xz
ipsilon-a8114162c2449ba64d266f19943e7999287a69da.zip
Refactor SP generation to simplify logout testing
This adds the ability to quickly and easily add more SPs as needed to test more complex logout scenarios. Create five SP's, two of which support only HTTP-Redirect to ensure that logout works in a mixed environment. https://fedorahosted.org/ipsilon/ticket/59 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
-rwxr-xr-xtests/testlogout.py207
1 files changed, 110 insertions, 97 deletions
diff --git a/tests/testlogout.py b/tests/testlogout.py
index dad1019..efc4934 100755
--- a/tests/testlogout.py
+++ b/tests/testlogout.py
@@ -44,17 +44,42 @@ sp_a = {'hostname': '${ADDRESS}:${PORT}',
'httpd_user': '${TEST_USER}'}
-sp2_g = {'HTTPDCONFD': '${TESTDIR}/${NAME}/conf.d',
- 'SAML2_TEMPLATE': '${TESTDIR}/templates/install/saml2/sp.conf',
- 'SAML2_CONFFILE': '${TESTDIR}/${NAME}/conf.d/ipsilon-saml.conf',
- 'SAML2_HTTPDIR': '${TESTDIR}/${NAME}/saml2'}
+sp_b = {'hostname': '${ADDRESS}:${PORT}',
+ 'saml_idp_metadata': 'http://127.0.0.10:45080/idp1/saml2/metadata',
+ 'saml_secure_setup': 'False',
+ 'no_saml_soap_logout': 'True',
+ 'saml_auth': '/sp',
+ 'httpd_user': '${TEST_USER}'}
-sp2_a = {'hostname': '${ADDRESS}:${PORT}',
- 'saml_idp_metadata': 'http://127.0.0.10:45080/idp1/saml2/metadata',
- 'saml_secure_setup': 'False',
- 'saml_auth': '/sp',
- 'httpd_user': '${TEST_USER}'}
+# Global list of SP's
+splist = [
+ {
+ 'nameid': 'sp1',
+ 'addr': '127.0.0.11',
+ 'port': '45081',
+ },
+ {
+ 'nameid': 'sp2',
+ 'addr': '127.0.0.11',
+ 'port': '45082',
+ },
+ {
+ 'nameid': 'sp3',
+ 'addr': '127.0.0.11',
+ 'port': '45083',
+ },
+ {
+ 'nameid': 'sp4',
+ 'addr': '127.0.0.11',
+ 'port': '45084',
+ },
+ {
+ 'nameid': 'sp5',
+ 'addr': '127.0.0.11',
+ 'port': '45085',
+ },
+]
def fixup_sp_httpd(httpdir):
@@ -87,7 +112,7 @@ Alias /open ${HTTPDIR}/open
f.write(logged_out)
-def ensure_logout(session, idp_name, spurl):
+def ensure_logout(session, idp_name, sp_url):
"""
Fetch the secure page without following redirects. If we get
a 303 then we should be redirected to the IDP for authentication
@@ -96,7 +121,7 @@ def ensure_logout(session, idp_name, spurl):
Returns nothing or raises exception on error
"""
try:
- logout_page = session.fetch_page(idp_name, spurl,
+ logout_page = session.fetch_page(idp_name, sp_url,
follow_redirect=False)
if logout_page.result.status_code != 303:
raise ValueError('Still logged into url')
@@ -122,40 +147,41 @@ class IpsilonTest(IpsilonTestBase):
print "Starting IDP's httpd server"
self.start_http_server(conf, env)
- print "Installing SP server"
- name = 'sp1'
- addr = '127.0.0.11'
- port = '45081'
- sp = self.generate_profile(sp_g, sp_a, name, addr, port)
- conf = self.setup_sp_server(sp, name, addr, port, env)
- fixup_sp_httpd(os.path.dirname(conf))
-
- print "Starting SP's httpd server"
- self.start_http_server(conf, env)
-
- print "Installing second SP server"
- name = 'sp2'
- addr = '127.0.0.10'
- port = '45082'
- sp2 = self.generate_profile(sp2_g, sp2_a, name, addr, port)
- conf = self.setup_sp_server(sp2, name, addr, port, env)
- fixup_sp_httpd(os.path.dirname(conf))
-
- print "Starting SP's httpd server"
- self.start_http_server(conf, env)
+ for spdata in splist:
+ nameid = spdata['nameid']
+ addr = spdata['addr']
+ port = spdata['port']
+ print "Installing SP server %s" % nameid
+
+ # Configure sp3 and sp4 for only HTTP Redirect to test
+ # that a mix of SOAP and HTTP Redirect will play nice
+ # together.
+ if nameid in ['sp3', 'sp4']:
+ sp_prof = self.generate_profile(
+ sp_g, sp_b, nameid, addr, str(port), nameid
+ )
+ else:
+ sp_prof = self.generate_profile(
+ sp_g, sp_a, nameid, addr, str(port), nameid
+ )
+ conf = self.setup_sp_server(sp_prof, nameid, addr, str(port), env)
+ fixup_sp_httpd(os.path.dirname(conf))
+
+ print "Starting SP's httpd server"
+ self.start_http_server(conf, env)
if __name__ == '__main__':
idpname = 'idp1'
- spname = 'sp1'
- sp2name = 'sp2'
user = pwd.getpwuid(os.getuid())[0]
sess = HttpSessions()
sess.add_server(idpname, 'http://127.0.0.10:45080', user, 'ipsilon')
- sess.add_server(spname, 'http://127.0.0.11:45081')
- sess.add_server(sp2name, 'http://127.0.0.10:45082')
+ for sp in splist:
+ spname = sp['nameid']
+ spurl = 'http://%s:%s' % (sp['addr'], sp['port'])
+ sess.add_server(spname, spurl)
print "testlogout: Authenticate to IDP ...",
try:
@@ -165,21 +191,15 @@ if __name__ == '__main__':
sys.exit(1)
print " SUCCESS"
- print "testlogout: Add SP Metadata to IDP ...",
- try:
- sess.add_sp_metadata(idpname, spname)
- except Exception, e: # pylint: disable=broad-except
- print >> sys.stderr, " ERROR: %s" % repr(e)
- sys.exit(1)
- print " SUCCESS"
-
- print "testlogout: Add second SP Metadata to IDP ...",
- try:
- sess.add_sp_metadata(idpname, sp2name)
- except Exception, e: # pylint: disable=broad-except
- print >> sys.stderr, " ERROR: %s" % repr(e)
- sys.exit(1)
- print " SUCCESS"
+ for sp in splist:
+ spname = sp['nameid']
+ print "testlogout: Add SP Metadata for %s to IDP ..." % spname,
+ try:
+ sess.add_sp_metadata(idpname, spname)
+ except Exception, e: # pylint: disable=broad-except
+ print >> sys.stderr, " ERROR: %s" % repr(e)
+ sys.exit(1)
+ print " SUCCESS"
print "testlogout: Logout without logging into SP ...",
try:
@@ -231,50 +251,43 @@ if __name__ == '__main__':
sys.exit(1)
print " SUCCESS"
- print "testlogout: Access SP Protected Area of SP1...",
- try:
- page = sess.fetch_page(idpname, 'http://127.0.0.11:45081/sp/')
- page.expected_value('text()', 'WORKS!')
- except ValueError, e:
- print >> sys.stderr, " ERROR: %s" % repr(e)
- sys.exit(1)
- print " SUCCESS"
-
- print "testlogout: Access SP Protected Area of SP2...",
- try:
- page = sess.fetch_page(idpname, 'http://127.0.0.10:45082/sp/')
- page.expected_value('text()', 'WORKS!')
- except ValueError, e:
- print >> sys.stderr, " ERROR: %s" % repr(e)
- sys.exit(1)
- print " SUCCESS"
-
- print "testlogout: Logout from both ...",
- try:
- page = sess.fetch_page(idpname, '%s/%s?%s' % (
- 'http://127.0.0.11:45081', 'saml2/logout',
- 'ReturnTo=http://127.0.0.11:45081/open/logged_out.html'))
- page.expected_value('text()', 'Logged out')
- except ValueError, e:
- print >> sys.stderr, " ERROR: %s" % repr(e)
- sys.exit(1)
- print " SUCCESS"
-
- print "testlogout: Ensure logout of SP1 ...",
- try:
- ensure_logout(sess, idpname, 'http://127.0.0.11:45081/sp/')
- except ValueError, e:
- print >> sys.stderr, " ERROR: %s" % repr(e)
- sys.exit(1)
- print " SUCCESS"
-
- print "testlogout: Ensure logout of SP2 ...",
- try:
- ensure_logout(sess, idpname, 'http://127.0.0.10:45082/sp/')
- except ValueError, e:
- print >> sys.stderr, " ERROR: %s" % repr(e)
- sys.exit(1)
- print " SUCCESS"
+ # Test logout from each of the SP's in the list to ensure that the
+ # order of logout doesn't matter.
+ for sporder in splist:
+ print "testlogout: Access SP Protected Area of each SP ...",
+ for sp in splist:
+ spname = sp['nameid']
+ spurl = 'http://%s:%s/sp/' % (sp['addr'], sp['port'])
+ try:
+ page = sess.fetch_page(idpname, spurl)
+ page.expected_value('text()', 'WORKS!')
+ except ValueError, e:
+ print >> sys.stderr, " ERROR: %s" % repr(e)
+ sys.exit(1)
+ print " SUCCESS"
+
+ print "testlogout: Initiate logout from %s ..." % sporder['nameid'],
+ try:
+ logouturl = 'http://%s:%s' % (sp['addr'], sp['port'])
+ page = sess.fetch_page(idpname, '%s/%s?%s' % (
+ logouturl, 'saml2/logout',
+ 'ReturnTo=http://127.0.0.11:45081/open/logged_out.html'))
+ page.expected_value('text()', 'Logged out')
+ except ValueError, e:
+ print >> sys.stderr, " ERROR: %s" % repr(e)
+ sys.exit(1)
+ print " SUCCESS"
+
+ print "testlogout: Ensure logout of each SP ...",
+ for sp in splist:
+ spname = sp['nameid']
+ spurl = 'http://%s:%s/sp/' % (sp['addr'], sp['port'])
+ try:
+ ensure_logout(sess, idpname, spurl)
+ except ValueError, e:
+ print >> sys.stderr, " ERROR: %s" % repr(e)
+ sys.exit(1)
+ print " SUCCESS"
# Test IdP-initiated logout
print "testlogout: Access SP Protected Area of SP1...",
@@ -288,7 +301,7 @@ if __name__ == '__main__':
print "testlogout: Access SP Protected Area of SP2...",
try:
- page = sess.fetch_page(idpname, 'http://127.0.0.10:45082/sp/')
+ page = sess.fetch_page(idpname, 'http://127.0.0.11:45082/sp/')
page.expected_value('text()', 'WORKS!')
except ValueError, e:
print >> sys.stderr, " ERROR: %s" % repr(e)
@@ -325,7 +338,7 @@ if __name__ == '__main__':
print "testlogout: Ensure logout of SP2 ...",
try:
- ensure_logout(sess, idpname, 'http://127.0.0.10:45082/sp/')
+ ensure_logout(sess, idpname, 'http://127.0.0.11:45082/sp/')
except ValueError, e:
print >> sys.stderr, " ERROR: %s" % repr(e)
sys.exit(1)