Skip to content

Commit 937c866

Browse files
mheuwesc00kiemon5ter
mheuwes
authored and
c00kiemon5ter
committed
Adding test case for signed SOAP LogoutRequests
1 parent 48ec85d commit 937c866

File tree

1 file changed

+57
-0
lines changed

1 file changed

+57
-0
lines changed

tests/test_50_server.py

Lines changed: 57 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
from saml2.sigver import make_temp, DecryptError, EncryptError, CertificateError
1313
from saml2.assertion import Policy
1414
from saml2.authn_context import INTERNETPROTOCOLPASSWORD
15+
from saml2.response import IncorrectlySigned
1516
from saml2.saml import NameID, NAMEID_FORMAT_TRANSIENT
1617
from saml2.samlp import response_from_string
1718

@@ -32,6 +33,7 @@
3233
from saml2.soap import make_soap_enveloped_saml_thingy
3334
from saml2 import BINDING_HTTP_POST
3435
from saml2 import BINDING_HTTP_REDIRECT
36+
from saml2 import BINDING_SOAP
3537
from saml2.time_util import instant
3638

3739
from pytest import raises
@@ -2245,10 +2247,65 @@ def test_slo_soap(self):
22452247
self.server.ident.close()
22462248

22472249
with closing(Server("idp_soap_conf")) as idp:
2250+
request = idp.parse_logout_request(saml_soap)
2251+
assert request
2252+
2253+
idp.config.setattr("idp", "want_authn_requests_signed", True)
2254+
assert idp.config.getattr("want_authn_requests_signed", "idp")
2255+
2256+
with raises(IncorrectlySigned):
2257+
# check unsigned requests over SOAP to fail
2258+
request = idp.parse_logout_request(saml_soap)
2259+
assert not request
2260+
2261+
idp.ident.close()
2262+
2263+
def test_slo_soap_signed(self):
2264+
soon = time_util.in_a_while(days=1)
2265+
sinfo = {
2266+
"name_id": nid,
2267+
"issuer": "urn:mace:example.com:saml:roland:idp",
2268+
"not_on_or_after": soon,
2269+
"user": {
2270+
"givenName": "Leo",
2271+
"sn": "Laport",
2272+
}
2273+
}
2274+
2275+
sp = client.Saml2Client(config_file="server_conf")
2276+
sp.users.add_information_about_person(sinfo)
2277+
2278+
req_id, logout_request = sp.create_logout_request(
2279+
name_id=nid, destination="http://localhost:8088/slo",
2280+
issuer_entity_id="urn:mace:example.com:saml:roland:idp",
2281+
reason="I'm tired of this", sign=True, sign_alg=ds.SIG_RSA_SHA512,
2282+
digest_alg=ds.DIGEST_SHA512,
2283+
)
2284+
2285+
saml_soap = sp.apply_binding(BINDING_SOAP, logout_request, sign=False)
2286+
saml_soap = saml_soap["data"]
2287+
self.server.ident.close()
2288+
2289+
with closing(Server("idp_soap_conf")) as idp:
2290+
idp.config.setattr("idp", "want_authn_requests_signed", True)
2291+
assert idp.config.getattr("want_authn_requests_signed", "idp")
2292+
2293+
with raises(IncorrectlySigned):
2294+
# idp_soap_conf has invalid certificate for sp
2295+
request = idp.parse_logout_request(saml_soap)
2296+
assert not request
2297+
2298+
idp.ident.close()
2299+
2300+
with closing(Server("idp_conf_verify_cert")) as idp:
2301+
idp.config.setattr("idp", "want_authn_requests_signed", True)
2302+
assert idp.config.getattr("want_authn_requests_signed", "idp")
2303+
22482304
request = idp.parse_logout_request(saml_soap)
22492305
idp.ident.close()
22502306
assert request
22512307

2308+
22522309
# ------------------------------------------------------------------------
22532310

22542311

0 commit comments

Comments
 (0)