diff options
| author | Emmanuel Raviart <eraviart@entrouvert.com> | 2004-08-02 19:01:57 +0000 |
|---|---|---|
| committer | Emmanuel Raviart <eraviart@entrouvert.com> | 2004-08-02 19:01:57 +0000 |
| commit | f964335e9b0116e0b0e810843d24b33bacbf8044 (patch) | |
| tree | 031323a4265f28d54bdc66abc414da5afd8af345 /python | |
| parent | 6a6076e30ae30184f0faae4cf5a119be272850c7 (diff) | |
| download | lasso-f964335e9b0116e0b0e810843d24b33bacbf8044.tar.gz lasso-f964335e9b0116e0b0e810843d24b33bacbf8044.tar.xz lasso-f964335e9b0116e0b0e810843d24b33bacbf8044.zip | |
Added test03, which shows a bug in Lasso: When identity and session already
exist (and must_authenticate() return False), the call to build_artifact_msg
generates:
(process:8083): GLib-GObject-WARNING **: invalid cast from LassoNode' to
LassoSamlNameIdentifier'
(process:8083): lasso-CRITICAL **: file authentication_statement.c: line 84
(lasso_authentication_statement_new): assertion
LASSO_IS_SAML_NAME_IDENTIFIER(idp_identifier)' failed
(process:8083): Lasso-CRITICAL **: 02-08-2004 20:33:59 Failed to build the
AuthenticationStatement element of the Assertion.
and then access to login.nameIdentifier fails.
Diffstat (limited to 'python')
| -rw-r--r-- | python/tests/login_tests.py | 70 |
1 files changed, 69 insertions, 1 deletions
diff --git a/python/tests/login_tests.py b/python/tests/login_tests.py index 26f79cb4..b360d4ce 100644 --- a/python/tests/login_tests.py +++ b/python/tests/login_tests.py @@ -203,7 +203,75 @@ class LoginTestCase(unittest.TestCase): spIdentityContextDump = spLogoutContext.get_identity().dump() self.failUnless(spIdentityContextDump) - + def test03(self): + """Identity Provider single sign-on when identity and session already exist.""" + idpContextDump = self.generateIdentityProviderContextDump() + self.failUnless(idpContextDump) + idpContext = lasso.Server.new_from_dump(idpContextDump) + idpLoginContext = lasso.Login.new(idpContext) + idpIdentityContextDump = """\ +<LassoIdentity><LassoFederations><LassoFederation RemoteProviderID="https://service-provider:2003/liberty-alliance/metadata"><LassoLocalNameIdentifier><saml:NameIdentifier xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" NameQualifier="https://identity-provider:1998/liberty-alliance/metadata" Format="urn:liberty:iff:nameid:federated">NjMxMEMzRTlEMDA4NTNEMEZGNDI1MEM0QzY4NUNBNzY=</saml:NameIdentifier></LassoLocalNameIdentifier></LassoFederation></LassoFederations></LassoIdentity> +""" + self.failUnlessEqual(idpLoginContext.set_identity_from_dump(idpIdentityContextDump), 0) + idpSessionContextDump = """ +<LassoSession><LassoAssertions><LassoAssertion RemoteProviderID="https://service-provider:2003/liberty-alliance/metadata"><lib:Assertion xmlns:lib="urn:liberty:iff:2003-08" AssertionID="Q0QxQzNFRTVGRTZEM0M0RjY2MTZDNTEwOUY4MDQzRTI=" MajorVersion="1" MinorVersion="2" IssueInstance="2004-08-02T18:51:43Z" Issuer="https://identity-provider:1998/liberty-alliance/metadata" InResponseTo="OEQ0OEUzODhGRTdGMEVFMzQ5Q0Q0QzYzQjk4MjUwNjQ="><lib:AuthenticationStatement xmlns:lib="urn:liberty:iff:2003-08" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password" AuthenticationInstant="2004-08-02T18:51:43Z" ReauthenticateOnOrAfter="FIXME: reauthenticateOnOrAfter"><lib:Subject xmlns:lib="urn:liberty:iff:2003-08"><saml:NameIdentifier xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" NameQualifier="https://identity-provider:1998/liberty-alliance/metadata" Format="urn:liberty:iff:nameid:federated">NjMxMEMzRTlEMDA4NTNEMEZGNDI1MEM0QzY4NUNBNzY=</saml:NameIdentifier><lib:IDPProvidedNameIdentifier xmlns:lib="urn:liberty:iff:2003-08" NameQualifier="https://identity-provider:1998/liberty-alliance/metadata" Format="urn:liberty:iff:nameid:federated">NjMxMEMzRTlEMDA4NTNEMEZGNDI1MEM0QzY4NUNBNzY=</lib:IDPProvidedNameIdentifier><saml:SubjectConfirmation xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"><saml:SubjectConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:SubjectConfirmationMethod></saml:SubjectConfirmation></lib:Subject></lib:AuthenticationStatement><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> +<SignedInfo> +<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> +<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> +<Reference> +<Transforms> +<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> +</Transforms> +<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> +<DigestValue>ZRe7eb5JuhgL6W/Le1oMezbEHnA=</DigestValue> +</Reference> +</SignedInfo> +<SignatureValue>CYOtlOvHtpkQsLA87GrtHs1WuoPVXHiPkVsmce2X1+PUslYpKLKp3cuNTVo1Z7+k +Iku+DThYC9EvR7gprVQW2Y3CpCPanWs2A6j21SrlfqGFffpUtOFuiv3L1rfGKjPJ +eMWehfc/SEi3+/JT22RejeYrSA61YLwsfItB7Ie4L0TRuZuxxu++CsidIEu2iv7l +fI79SMn5hF7j/oFU9IODFhCArNLgBiOxA9rnRNvXwRFFmRN3qvdEuXuAZBthRhoa +BRcL2T7tLxIVV+8y1fUjkliV1QgvOeus9g1bib1FLHdzHZ6KNGLPkZiXuM7ZPT1B +G8WStJalTeH81AE7Ol4pcg==</SignatureValue> +<KeyInfo> +<X509Data> +<X509Certificate>MIIDKTCCAhECAQEwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCSVQxDzANBgNV +BAcTBlBvbXBlaTEQMA4GA1UEChMHVmVzdXZpbzEpMCcGA1UEAxMgVmVzdXZpbyBM +aWJlcnR5IEFsbGlhbmNlIFJvb3QgQ0EwHhcNMDQwNDIwMTQwMzQ1WhcNMDUwNDIw +MTQwMzQ1WjBaMQswCQYDVQQGEwJJVDEPMA0GA1UEBxMGUG9tcGVpMR4wHAYDVQQK +ExVJZGVudGl0eSBQcm92aWRlciBJbmMxGjAYBgNVBAMTEWlkZW50aXR5LXByb3Zp +ZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4SGH3FPnhpQ8rCED +RmC+NEkJQ6ZrG1jRL1kNx3wNu1xRZgFPiEDFnu9p/muVQkRAzK4txgC5i0ymwgRZ +uan2yFrdq7Kpc9r0cM1S/q63aQeOMXQszz6G0NIY9DOzdrdlTc2uToBpIPA4a/Tf +NWpMFZ7zGB9ThJ4+S5MAIA6y3SRWYHOqdlwjo/R0P4C3y8wIClgI0ZTdS6/Rkr59 +XC4WRocMzGCSsk+1F1tAZoR77ummLcY4nFkbtawyeRXEUpSpDaxgVEEmvH+/Kqx5 +NhVzeCZkm8szOzMea+QT4Uh3F7GVwY/7+JV23eCGyr2n3EhXgCqw0nnGSGR7vrNl +Ue1oswIDAQABMA0GCSqGSIb3DQEBBAUAA4IBAQAFyYC/V49X7ZNLpYI8jx1TE9X3 +J4c47cCLaxslrhi0/X6nCOEcBckXtbL+ZhIiHfI6PWizHMjTCEkJOYMVOsXyWN73 +XdzfIZVrThQRsYvQZqUH8cZZH3fFg/RyEM3fzlFDsuIxfg7+NIDNmSFbt/YdFL0T +3sB7jYSkKr4buX9ZewdOfRxwN4MZIE32SoBo+UOgNrMM2hcQTStBK09vzJiWQE/4 +aWbZJT9jtBPGWTsMS8g1x9WAmJHV2BpUiSfY39895a5T7kbbqZ3rp7DM9dgLjdXC +jFL7NhzvY02aBTLhm22YOLYnlycKm64NGne+siooDCi5tel2/vcx+e+btX9x</X509Certificate> +</X509Data> +</KeyInfo> +</Signature></lib:Assertion></LassoAssertion></LassoAssertions></LassoSession> +""" + # " <-- Trick for Emacs Python mode. + self.failUnlessEqual(idpLoginContext.set_session_from_dump(idpSessionContextDump), 0) + authnRequestQuery = """NameIDPolicy=federated&IsPassive=false&ProviderID=https%3A%2F%2Fservice-provider%3A2003%2Fliberty-alliance%2Fmetadata&consent=urn%3Aliberty%3Aconsent%3Aobtained&IssueInstance=2004-08-02T20%3A33%3A58Z&MinorVersion=2&MajorVersion=1&RequestID=ODVGNkUyMzY5N0MzOTY4QzZGOUYyNzEwRTJGMUNCQTI%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=fnSL5Mgp%2BV%2FtdUuYQJmFKvFY8eEco6sypmejvP4sD0v5ApywV94mUo6BxE29o1KW%0AGFXiMG7puhTwRSlKDo1vlh5iHNqVfjKcbx2XhfoDfplqLir102dyHxB5GedEQvqw%0AbTFtFrB6SnHi5facrYHCn7b58CxAWv9XW4DIfcVCOSma2OOBCm%2FzzCSiZpOtbRk9%0AveQzace41tDW0XLlbRdWpvwsma0yaYSkqYvTV3hmvgkWS5x9lzcm97oME4ywzwbU%0AJAyG8BkqMFoG7FPjwzR8qh7%2FWi%2BCzxxqfczxSGkUZUmsQdxyxazjhDpt1X8i5fan%0AnaF1vWF3GmS6G4t7mrkItA%3D%3D""" + method = lasso.httpMethodRedirect + self.failUnlessEqual( + idpLoginContext.init_from_authn_request_msg(authnRequestQuery, method), 0) + self.failIf(idpLoginContext.must_authenticate()) + userAuthenticated = True + authenticationMethod = lasso.samlAuthenticationMethodPassword + self.failUnlessEqual(idpLoginContext.protocolProfile, lasso.loginProtocolProfileBrwsArt) + idpLoginContext.build_artifact_msg( + userAuthenticated, authenticationMethod, "FIXME: reauthenticateOnOrAfter", + lasso.httpMethodRedirect) + self.failUnless(idpLoginContext.msg_url) + self.failUnless(idpLoginContext.assertionArtifact) + self.failUnless(idpLoginContext.response_dump) + self.failUnless(idpLoginContext.nameIdentifier) suite1 = unittest.makeSuite(LoginTestCase, 'test') allTests = unittest.TestSuite((suite1,)) |