1220
1220
self.assertNotIn('<saml:AudienceRestriction>', samlresponse)
1222
1222
def assert_saml_response_email(self, samlresponse, email):
1223
self.assertIn(email, samlresponse)
1225
def get_request_data(self, compressed=True, has_acs_url=True):
1223
self.assert_nameid(samlresponse, email, "email")
1225
def assert_nameid(self, samlresponse, email, the_format):
1226
# The_format can be "email" or "persistent" currently.
1227
full_format = "urn:oasis:names:tc:SAML:2.0:nameid-format:" + the_format
1228
samlsoup = PyQuery(samlresponse.replace('xmlns:', 'xmlnamespace:'))
1229
nameids = samlsoup.find('NameID')
1230
self.assertEqual(1, len(nameids))
1231
self.assertEqual(full_format, nameids[0].attrib['format'])
1232
self.assertEqual(email, nameids[0].text)
1234
def get_request_data(
1238
nameid_format="emailAddress"):
1226
1239
data = dict(**self.REQUEST_DATA)
1228
1241
'audience': self.AUDIENCE,
1229
1242
'issuer': self.REQUEST_ISSUER,
1230
1243
'relay_state': self.RELAY_STATE,
1244
'nameid_format': nameid_format,
1232
1246
if has_acs_url:
1233
1247
params['acs_url'] = self.ACS_URL
1271
1285
self.assert_successful_saml_response(samlresponse)
1272
1286
self.assert_unrestricted_saml_response(samlresponse)
1288
def test_nameid_honor_custom_format_persistent_requested(self):
1289
# make sure there is a saml config which honors nameid format from
1291
self.setup_saml_sp(honor_authnrequest_nameidpolicy_format=True)
1293
data = self.get_request_data(nameid_format="persistent")
1294
samlresponse = self.do_saml_request(data=data)
1295
self.assert_successful_saml_response(samlresponse)
1296
self.assert_nameid(samlresponse, self.login_email, "persistent")
1298
def test_nameid_dont_honor_custom_format_persistent_requested(self):
1299
self.setup_saml_sp(honor_authnrequest_nameidpolicy_format=False)
1301
data = self.get_request_data(nameid_format="persistent")
1302
samlresponse = self.do_saml_request(data=data)
1303
self.assert_successful_saml_response(samlresponse)
1304
self.assert_nameid(samlresponse, self.login_email, "email")
1306
def test_nameid_honor_custom_format_email_requested(self):
1307
# make sure there is a saml config which honors nameid format from
1309
self.setup_saml_sp(honor_authnrequest_nameidpolicy_format=True)
1311
data = self.get_request_data(nameid_format="email")
1312
samlresponse = self.do_saml_request(data=data)
1313
self.assert_successful_saml_response(samlresponse)
1314
self.assert_nameid(samlresponse, self.login_email, "email")
1316
def test_nameid_dont_honor_custom_format_email_requested(self):
1317
self.setup_saml_sp(honor_authnrequest_nameidpolicy_format=False)
1319
data = self.get_request_data(nameid_format="email")
1320
samlresponse = self.do_saml_request(data=data)
1321
self.assert_successful_saml_response(samlresponse)
1322
self.assert_nameid(samlresponse, self.login_email, "email")
1324
def test_nameid_honor_custom_format_bogus_requested(self):
1325
# make sure there is a saml config which honors nameid format from
1327
self.setup_saml_sp(honor_authnrequest_nameidpolicy_format=True)
1329
data = self.get_request_data(nameid_format="nonexistentandbogus")
1330
samlresponse = self.do_saml_request(data=data)
1331
self.assert_successful_saml_response(samlresponse)
1332
self.assert_nameid(samlresponse, self.login_email, "email")
1334
def test_nameid_dont_honor_custom_format_bogus_requested(self):
1335
self.setup_saml_sp(honor_authnrequest_nameidpolicy_format=False)
1337
data = self.get_request_data(nameid_format="nonexistentandbogus")
1338
samlresponse = self.do_saml_request(data=data)
1339
self.assert_successful_saml_response(samlresponse)
1340
self.assert_nameid(samlresponse, self.login_email, "email")
1274
1342
def test_authnrequest_unknown_sp(self):
1275
1343
data = self.get_request_data()
1276
1344
response = self.client.get('/+saml', data=data, follow=True)