From 5497278fab59361c5b6bc5d3c17407128b924b9a Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 30 Mar 2015 11:42:10 -0400
Subject: IdP-initiated logout for current user

Perform Single Logout for the current user when a logout is initiated
in the IdP.

A fake initial session is created. In the current logout code the
initial logout requestor holds the final redirect URL. In this case
it redirects back to the root IdP page.

https://fedorahosted.org/ipsilon/ticket/87

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Nathan Kinder <nkinder@redhat.com>
---
 tests/testlogout.py | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 77 insertions(+)

(limited to 'tests/testlogout.py')

diff --git a/tests/testlogout.py b/tests/testlogout.py
index b192739..5018066 100755
--- a/tests/testlogout.py
+++ b/tests/testlogout.py
@@ -291,3 +291,80 @@ if __name__ == '__main__':
         print >> sys.stderr, " ERROR: %s" % repr(e)
         sys.exit(1)
     print " SUCCESS"
+
+    # Test IdP-initiated logout
+    print "testlogout: Access SP Protected Area of SP1...",
+    try:
+        page = sess.fetch_page(idpname, 'http://127.0.0.11:45081/sp/')
+        page.expected_value('text()', 'WORKS!')
+    except ValueError, e:
+        print >> sys.stderr, " ERROR: %s" % repr(e)
+        sys.exit(1)
+    print " SUCCESS"
+
+    print "testlogout: Access SP Protected Area of SP2...",
+    try:
+        page = sess.fetch_page(idpname, 'http://127.0.0.10:45082/sp/')
+        page.expected_value('text()', 'WORKS!')
+    except ValueError, e:
+        print >> sys.stderr, " ERROR: %s" % repr(e)
+        sys.exit(1)
+    print " SUCCESS"
+
+    print "testlogout: Access the IdP...",
+    try:
+        page = sess.fetch_page(idpname, 'http://127.0.0.10:45080/%s' % idpname)
+        page.expected_value('//div[@id="welcome"]/p/text()',
+                            'Welcome %s!' % user)
+    except ValueError, e:
+        print >> sys.stderr, " ERROR: %s" % repr(e)
+        sys.exit(1)
+    print " SUCCESS"
+
+    print "testlogout: IdP-initiated logout ...",
+    try:
+        page = sess.fetch_page(idpname,
+                               'http://127.0.0.10:45080/%s/logout' % idpname)
+        page.expected_value('//div[@id="content"]/p/a/text()', 'Log In')
+    except ValueError, e:
+        print >> sys.stderr, " ERROR: %s" % repr(e)
+        sys.exit(1)
+    print " SUCCESS"
+
+    print "testlogout: Ensure logout of SP1 ...",
+    try:
+        ensure_logout(sess, idpname, 'http://127.0.0.11:45081/sp/')
+    except ValueError, e:
+        print >> sys.stderr, " ERROR: %s" % repr(e)
+        sys.exit(1)
+    print " SUCCESS"
+
+    print "testlogout: Ensure logout of SP2 ...",
+    try:
+        ensure_logout(sess, idpname, 'http://127.0.0.10:45082/sp/')
+    except ValueError, e:
+        print >> sys.stderr, " ERROR: %s" % repr(e)
+        sys.exit(1)
+    print " SUCCESS"
+
+    print "testlogout: Access the IdP...",
+    try:
+        page = sess.fetch_page(idpname,
+                               'http://127.0.0.10:45080/%s/login' % idpname)
+        page.expected_value('//div[@id="welcome"]/p/text()',
+                            'Welcome %s!' % user)
+    except ValueError, e:
+        print >> sys.stderr, " ERROR: %s" % repr(e)
+        sys.exit(1)
+    print " SUCCESS"
+
+    print "testlogout: IdP-initiated logout with no SP sessions...",
+    try:
+        page = sess.fetch_page(idpname,
+                               'http://127.0.0.10:45080/%s/logout' % idpname)
+        page.expected_value('//div[@id="logout"]/p//text()',
+                            'Successfully logged out.')
+    except ValueError, e:
+        print >> sys.stderr, " ERROR: %s" % repr(e)
+        sys.exit(1)
+    print " SUCCESS"
-- 
cgit