unit tests for attributeConsumingService

Author: Jimmy John

tests/settings/settings4.json

@@ -0,0 +1,85 @@
+{
+    "strict": false,
+    "debug": false,
+    "custom_base_path": "../../../tests/data/customPath/",
+    "sp": {
+        "entityId": "http://pytoolkit.com:8000/metadata/",
+        "assertionConsumerService": {
+            "url": "http://pytoolkit.com:8000/?acs"
+        },
+        "attributeConsumingService": [
+            {
+                "isDefault": false,
+                "serviceName": "Test Service",
+                "serviceDescription": "Test Service",
+                "requestedAttributes": [ {
+                        "name": "urn:oid:2.5.4.42",
+                        "nameFormat": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
+                        "friendlyName": "givenName",
+                        "isRequired": false
+                    },
+                    {
+                        "name": "urn:oid:2.5.4.4",
+                        "nameFormat": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
+                        "friendlyName": "sn",
+                        "isRequired": false
+                    },
+                    {
+                        "name": "urn:oid:2.16.840.1.113730.3.1.241",
+                        "nameFormat": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
+                        "friendlyName": "displayName",
+                        "isRequired": false
+                    },
+                    {
+                        "name": "urn:oid:0.9.2342.19200300.100.1.3",
+                        "nameFormat": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
+                        "friendlyName": "mail",
+                        "isRequired": false
+                    },
+                    {
+                        "name": "urn:oid:0.9.2342.19200300.100.1.1",
+                        "nameFormat": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
+                        "friendlyName": "uid",
+                        "isRequired": false
+                    }
+                ]
+            }
+        ],
+        "singleLogoutService": {
+            "url": "http://pytoolkit.com:8000/?sls"
+        },
+        "NameIDFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified"
+    },
+    "idp": {
+        "entityId": "https://pitbulk.no-ip.org/simplesaml/saml2/idp/metadata.php",
+        "singleSignOnService": {
+            "url": "http://pitbulk.no-ip.org/SSOService.php"
+        },
+        "singleLogoutService": {
+            "url": "http://pitbulk.no-ip.org/SingleLogoutService.php"
+        },
+        "x509cert": "MIICbDCCAdWgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBTMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRgwFgYDVQQDDA9pZHAuZXhhbXBsZS5jb20wHhcNMTQwOTIzMTIyNDA4WhcNNDIwMjA4MTIyNDA4WjBTMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRgwFgYDVQQDDA9pZHAuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOWA+YHU7cvPOrBOfxCscsYTJB+kH3MaA9BFrSHFS+KcR6cw7oPSktIJxUgvDpQbtfNcOkE/tuOPBDoech7AXfvH6d7Bw7xtW8PPJ2mB5Hn/HGW2roYhxmfh3tR5SdwN6i4ERVF8eLkvwCHsNQyK2Ref0DAJvpBNZMHCpS24916/AgMBAAGjUDBOMB0GA1UdDgQWBBQ77/qVeiigfhYDITplCNtJKZTM8DAfBgNVHSMEGDAWgBQ77/qVeiigfhYDITplCNtJKZTM8DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAJO2j/1uO80E5C2PM6Fk9mzerrbkxl7AZ/mvlbOn+sNZE+VZ1AntYuG8ekbJpJtG1YfRfc7EA9mEtqvv4dhv7zBy4nK49OR+KpIBjItWB5kYvrqMLKBa32sMbgqqUqeF1ENXKjpvLSuPdfGJZA3dNa/+Dyb8GGqWe707zLyc5F8m"
+    },
+    "security": {
+        "authnRequestsSigned": false,
+        "wantAssertionsSigned": false,
+        "signMetadata": false
+    },
+    "contactPerson": {
+        "technical": {
+            "givenName": "technical_name",
+            "emailAddress": "technical@example.com"
+        },
+        "support": {
+            "givenName": "support_name",
+            "emailAddress": "support@example.com"
+        }
+    },
+    "organization": {
+        "en-US": {
+            "name": "sp_test",
+            "displayname": "SP test",
+            "url": "http://sp.example.com"
+        }
+    }
+}

tests/src/OneLogin/saml2_tests/authn_request_test.py

@@ -19,8 +19,8 @@
 
 
 class OneLogin_Saml2_Authn_Request_Test(unittest.TestCase):
-    def loadSettingsJSON(self):
-        filename = join(dirname(dirname(dirname(dirname(__file__)))), 'settings', 'settings1.json')
+    def loadSettingsJSON(self, filename='settings1.json'):
+        filename = join(dirname(dirname(dirname(dirname(__file__)))), 'settings', filename)
         if exists(filename):
             stream = open(filename, 'r')
             settings = json.load(stream)
@@ -260,6 +260,26 @@ def testCreateEncSAMLRequest(self):
         self.assertRegexpMatches(inflated, 'Format="urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted"')
         self.assertRegexpMatches(inflated, 'ProviderName="SP prueba"')
 
+    def testAttributeConsumingService(self):
+        """
+        Tests that the attributeConsumingServiceIndex is present as an attribute
+        """
+
+        saml_settings = self.loadSettingsJSON('settings4.json')
+        settings = OneLogin_Saml2_Settings(saml_settings)
+        settings._OneLogin_Saml2_Settings__organization = {
+            u'en-US': {
+                u'url': u'http://sp.example.com',
+                u'name': u'sp_test'
+            }
+        }
+
+        authn_request = OneLogin_Saml2_Authn_Request(settings)
+        authn_request_encoded = authn_request.get_request()
+        decoded = b64decode(authn_request_encoded)
+        inflated = decompress(decoded, -15)
+
+        self.assertRegexpMatches(inflated, 'AttributeConsumingServiceIndex="1"')
 
 if __name__ == '__main__':
     if is_running_under_teamcity():

tests/src/OneLogin/saml2_tests/metadata_test.py

@@ -19,8 +19,8 @@
 class OneLogin_Saml2_Metadata_Test(unittest.TestCase):
     settings_path = join(dirname(dirname(dirname(dirname(__file__)))), 'settings')
 
-    def loadSettingsJSON(self):
-        filename = join(self.settings_path, 'settings1.json')
+    def loadSettingsJSON(self, filename='settings1.json'):
+        filename = join(self.settings_path, filename)
         if exists(filename):
             stream = open(filename, 'r')
             settings = json.load(stream)
@@ -143,6 +143,36 @@ def testBuilder(self):
         parsed_datetime = strftime(r'%Y-%m-%dT%H:%M:%SZ', datetime_value.timetuple())
         self.assertIn('validUntil="%s"' % parsed_datetime, metadata6)
 
+    def testBuilderAttributeConsumingService(self):
+        settings = OneLogin_Saml2_Settings(self.loadSettingsJSON('settings4.json'))
+        sp_data = settings.get_sp_data()
+        security = settings.get_security_data()
+        organization = settings.get_organization()
+        contacts = settings.get_contacts()
+
+        metadata = OneLogin_Saml2_Metadata.builder(
+            sp_data, security['authnRequestsSigned'],
+            security['wantAssertionsSigned'], None, None, contacts,
+            organization
+        )
+
+        self.assertIn('xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"', metadata)
+        self.assertIn('<md:AttributeConsumingService index="1" isDefault="false"><md:ServiceName \
+xml:lang="en">Test Service</md:ServiceName><md:ServiceDescription xml:lang="en">Test Service\
+</md:ServiceDescription><md:RequestedAttribute Name="urn:oid:2.5.4.42" \
+NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="givenName" \
+isRequired="false"/><md:RequestedAttribute Name="urn:oid:2.5.4.4" \
+NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="sn" \
+isRequired="false"/><md:RequestedAttribute Name="urn:oid:2.16.840.1.113730.3.1.241" \
+NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="displayName" \
+isRequired="false"/><md:RequestedAttribute Name="urn:oid:0.9.2342.19200300.100.1.3" \
+NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="mail" \
+isRequired="false"/><md:RequestedAttribute Name="urn:oid:0.9.2342.19200300.100.1.1" \
+NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="uid" \
+isRequired="false"/></md:AttributeConsumingService>', metadata)
+
+
+
     def testSignMetadata(self):
         """
         Tests the signMetadata method of the OneLogin_Saml2_Metadata

tests/src/OneLogin/saml2_tests/settings_test.py

@@ -298,6 +298,47 @@ def testCheckSettings(self):
             self.assertIn('sp_entityId_not_found', e.message)
             self.assertIn('sp_acs_not_found', e.message)
 
+        #AttributeConsumingService tests
+
+        #serviceName, requestedAttributes are required
+        settings_info['sp']['attributeConsumingService'] = [
+            {
+                "isDefault": False,
+                "serviceDescription": "Test Service"
+            }
+        ]
+        try:
+            OneLogin_Saml2_Settings(settings_info)
+            self.assertTrue(False)
+        except Exception as e:
+            self.assertIn('sp_attributeConsumingService_serviceName_not_found', e.message)
+            self.assertIn('sp_attributeConsumingService_requestedAttributes_not_found', e.message)
+
+        # requestedAttributes/name is required
+        settings_info['sp']['attributeConsumingService'] = [
+            {
+                "isDefault": "False",
+                "serviceName": {},
+                "serviceDescription": ["Test Service"],
+                "requestedAttributes": [ {
+                        "nameFormat": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
+                        "friendlyName": "givenName",
+                        "isRequired": "False"
+                    }
+                ]
+            }
+        ]
+        try:
+            OneLogin_Saml2_Settings(settings_info)
+            self.assertTrue(False)
+        except Exception as e:
+            self.assertIn('sp_attributeConsumingService_requestedAttributes_name_not_found', e.message)
+            self.assertIn('sp_attributeConsumingService_requestedAttributes_isRequired_type_invalid', e.message)
+            self.assertIn('sp_attributeConsumingService_serviceDescription_type_invalid', e.message)
+            self.assertIn('sp_attributeConsumingService_serviceName_type_invalid', e.message)
+            self.assertIn('sp_attributeConsumingService_isDefault_type_invalid', e.message)
+
+
         settings_info['idp']['entityID'] = 'entityId'
         settings_info['idp']['singleSignOnService'] = {}
         settings_info['idp']['singleSignOnService']['url'] = 'invalid_value'