本文整理汇总了Python中saml2.server.Server.response_args方法的典型用法代码示例。如果您正苦于以下问题:Python Server.response_args方法的具体用法?Python Server.response_args怎么用?Python Server.response_args使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类saml2.server.Server的用法示例。
在下文中一共展示了Server.response_args方法的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_flow
# 需要导入模块: from saml2.server import Server [as 别名]
# 或者: from saml2.server.Server import response_args [as 别名]
def test_flow():
sp = Saml2Client(config_file="servera_conf")
idp1 = Server(config_file="idp_conf_mdb")
idp2 = Server(config_file="idp_conf_mdb")
# clean out database
idp1.ident.mdb.db.drop()
# -- dummy request ---
req_id, orig_req = sp.create_authn_request(idp1.config.entityid)
# == Create an AuthnRequest response
rinfo = idp1.response_args(orig_req, [BINDING_HTTP_POST])
# name_id = idp1.ident.transient_nameid("id12", rinfo["sp_entity_id"])
resp = idp1.create_authn_response(
{
"eduPersonEntitlement": "Short stop",
"surName": "Jeter",
"givenName": "Derek",
"mail": "[email protected]",
"title": "The man",
},
userid="jeter",
authn=AUTHN,
**rinfo
)
# What's stored away is the assertion
a_info = idp2.session_db.get_assertion(resp.assertion.id)
# Make sure what I got back from MongoDB is the same as I put in
assert a_info["assertion"] == resp.assertion
# By subject
nid = resp.assertion.subject.name_id
_assertion = idp2.session_db.get_assertions_by_subject(nid)
assert len(_assertion) == 1
assert _assertion[0] == resp.assertion
nids = idp2.ident.find_nameid("jeter")
assert len(nids) == 1示例2: TestServer1
# 需要导入模块: from saml2.server import Server [as 别名]
# 或者: from saml2.server.Server import response_args [as 别名]
#.........这里部分代码省略.........
_dict = parse_qs(htargs["headers"][0][1].split('?')[1])
print(_dict)
try:
self.server.parse_authn_request(_dict["SAMLRequest"][0], binding)
status = None
except OtherError as oe:
print(oe.args)
status = s_utils.error_status_factory(oe)
assert status
print(status)
assert _eq(status.keyswv(), ["status_code", "status_message"])
assert status.status_message.text == 'Not destined for me!'
status_code = status.status_code
assert _eq(status_code.keyswv(), ["status_code", "value"])
assert status_code.value == samlp.STATUS_RESPONDER
assert status_code.status_code.value == samlp.STATUS_UNKNOWN_PRINCIPAL
def test_parse_ok_request(self):
req_id, authn_request = self.client.create_authn_request(
message_id="id1", destination="http://localhost:8088/sso")
print(authn_request)
binding = BINDING_HTTP_REDIRECT
htargs = self.client.apply_binding(binding, "%s" % authn_request,
"http://www.example.com", "abcd")
_dict = parse_qs(htargs["headers"][0][1].split('?')[1])
print(_dict)
req = self.server.parse_authn_request(_dict["SAMLRequest"][0], binding)
# returns a dictionary
print(req)
resp_args = self.server.response_args(req.message, [BINDING_HTTP_POST])
assert resp_args["destination"] == "http://lingon.catalogix.se:8087/"
assert resp_args["in_response_to"] == "id1"
name_id_policy = resp_args["name_id_policy"]
assert _eq(name_id_policy.keyswv(), ["format", "allow_create"])
assert name_id_policy.format == saml.NAMEID_FORMAT_TRANSIENT
assert resp_args[
"sp_entity_id"] == "urn:mace:example.com:saml:roland:sp"
def test_sso_response_with_identity(self):
name_id = self.server.ident.transient_nameid(
"https://example.com/sp", "id12")
resp = self.server.create_authn_response(
{
"eduPersonEntitlement": "Short stop",
"sn": "Jeter",
"givenName": "Derek",
"mail": "[email protected]",
"title": "The man"
},
"id12", # in_response_to
"http://localhost:8087/", # destination
"https://example.com/sp", # sp_entity_id
name_id=name_id,
authn=AUTHN
)
print(resp.keyswv())
assert _eq(resp.keyswv(), ['status', 'destination', 'assertion',
'in_response_to', 'issue_instant',
'version', 'id', 'issuer'])
assert resp.destination == "http://localhost:8087/"
assert resp.in_response_to == "id12"示例3: test_artifact_flow
# 需要导入模块: from saml2.server import Server [as 别名]
# 或者: from saml2.server.Server import response_args [as 别名]
def test_artifact_flow():
#SP = 'urn:mace:example.com:saml:roland:sp'
sp = Saml2Client(config_file="servera_conf")
idp = Server(config_file="idp_all_conf")
# original request
binding, destination = sp.pick_binding("single_sign_on_service",
entity_id=idp.config.entityid)
relay_state = "RS0"
req = sp.create_authn_request(destination, id="id1")
artifact = sp.use_artifact(req, 1)
binding, destination = sp.pick_binding("single_sign_on_service",
[BINDING_HTTP_ARTIFACT],
entity_id=idp.config.entityid)
hinfo = sp.apply_binding(binding, "%s" % artifact, destination, relay_state)
# ========== @IDP ============
artifact2 = get_msg(hinfo, binding)
assert artifact == artifact2
# The IDP now wants to replace the artifact with the real request
destination = idp.artifact2destination(artifact2, "spsso")
msg = idp.create_artifact_resolve(artifact2, destination, sid())
hinfo = idp.use_soap(msg, destination, None, False)
# ======== @SP ==========
msg = get_msg(hinfo, BINDING_SOAP)
ar = sp.parse_artifact_resolve(msg)
assert ar.artifact.text == artifact
# The SP picks the request out of the repository with the artifact as the key
oreq = sp.artifact[ar.artifact.text]
# Should be the same as req above
# Returns the information over the existing SOAP connection so
# no transport information needed
msg = sp.create_artifact_response(ar, ar.artifact.text)
hinfo = sp.use_soap(msg, destination)
# ========== @IDP ============
msg = get_msg(hinfo, BINDING_SOAP)
# The IDP untangles the request from the artifact resolve response
spreq = idp.parse_artifact_resolve_response(msg)
# should be the same as req above
assert spreq.id == req.id
# That was one way, the Request from the SP
# ---------------------------------------------#
# Now for the other, the response from the IDP
name_id = idp.ident.transient_nameid(sp.config.entityid, "derek")
resp_args = idp.response_args(spreq, [BINDING_HTTP_POST])
response = idp.create_authn_response({"eduPersonEntitlement": "Short stop",
"surName": "Jeter", "givenName": "Derek",
"mail": "[email protected]",
"title": "The man"},
name_id=name_id,
authn=AUTHN,
**resp_args)
print response
# with the response in hand create an artifact
artifact = idp.use_artifact(response, 1)
binding, destination = sp.pick_binding("single_sign_on_service",
[BINDING_HTTP_ARTIFACT],
entity_id=idp.config.entityid)
hinfo = sp.apply_binding(binding, "%s" % artifact, destination, relay_state,
response=True)
# ========== SP =========
artifact3 = get_msg(hinfo, binding)
assert artifact == artifact3
destination = sp.artifact2destination(artifact3, "idpsso")
#.........这里部分代码省略.........
示例4: SamlIDP
# 需要导入模块: from saml2.server import Server [as 别名]
# 或者: from saml2.server.Server import response_args [as 别名]
class SamlIDP(service.Service):
def __init__(self, environ, start_response, conf, cache, incoming):
"""
Constructor for the class.
:param environ: WSGI environ
:param start_response: WSGI start response function
:param conf: The SAML configuration
:param cache: Cache with active sessions
"""
service.Service.__init__(self, environ, start_response)
self.response_bindings = None
self.idp = Server(config=conf, cache=cache)
self.incoming = incoming
def verify_request(self, query, binding):
""" Parses and verifies the SAML Authentication Request
:param query: The SAML authn request, transport encoded
:param binding: Which binding the query came in over
:returns: dictionary
"""
if not query:
logger.info("Missing QUERY")
resp = Unauthorized('Unknown user')
return {"response": resp(self.environ, self.start_response)}
req_info = self.idp.parse_authn_request(query, binding)
logger.info("parsed OK")
_authn_req = req_info.message
logger.debug("%s" % _authn_req)
# Check that I know where to send the reply to.
try:
binding_out, destination = self.idp.pick_binding(
"assertion_consumer_service",
bindings=self.response_bindings,
entity_id=_authn_req.issuer.text, request=_authn_req)
except Exception as err:
logger.error("Couldn't find receiver endpoint: %s" % err)
raise
logger.debug("Binding: %s, destination: %s" % (binding_out,
destination))
resp_args = {}
try:
resp_args = self.idp.response_args(_authn_req)
_resp = None
except UnknownPrincipal as excp:
_resp = self.idp.create_error_response(_authn_req.id,
destination, excp)
except UnsupportedBinding as excp:
_resp = self.idp.create_error_response(_authn_req.id,
destination, excp)
req_args = {}
for key in ["subject", "name_id_policy", "conditions",
"requested_authn_context", "scoping", "force_authn",
"is_passive"]:
try:
val = getattr(_authn_req, key)
except AttributeError:
pass
else:
if val is not None:
req_args[key] = val
return {"resp_args": resp_args, "response": _resp,
"authn_req": _authn_req, "req_args": req_args}
def handle_authn_request(self, binding_in):
"""
Deal with an authentication request
:param binding_in: Which binding was used when receiving the query
:return: A response if an error occurred or session information in a
dictionary
"""
_request = self.unpack(binding_in)
_binding_in = service.INV_BINDING_MAP[binding_in]
try:
_dict = self.verify_request(_request["SAMLRequest"], _binding_in)
except UnknownPrincipal as excp:
logger.error("UnknownPrincipal: %s" % (excp,))
resp = ServiceError("UnknownPrincipal: %s" % (excp,))
return resp(self.environ, self.start_response)
except UnsupportedBinding as excp:
logger.error("UnsupportedBinding: %s" % (excp,))
resp = ServiceError("UnsupportedBinding: %s" % (excp,))
return resp(self.environ, self.start_response)
_binding = _dict["resp_args"]["binding"]
if _dict["response"]: # An error response.
http_args = self.idp.apply_binding(
_binding, "%s" % _dict["response"],
_dict["resp_args"]["destination"],
#.........这里部分代码省略.........
示例5: SamlIDP
# 需要导入模块: from saml2.server import Server [as 别名]
# 或者: from saml2.server.Server import response_args [as 别名]
class SamlIDP(service.Service):
def __init__(self, environ, start_response, conf, cache, incomming, tid1_to_tid2, tid2_to_tid1,
encmsg_to_iv, tid_handler, force_persistant_nameid, force_no_userid_subject_cacheing, idp=None):
"""
Constructor for the class.
:param environ: WSGI environ
:param start_response: WSGI start response function
:param conf: The SAML configuration
:param cache: Cache with active sessions
"""
service.Service.__init__(self, environ, start_response)
self.response_bindings = None
if idp is None:
self.idp = Server(config=conf, cache=cache)
else:
self.idp = idp
self.incomming = incomming
self.tid1_to_tid2 = tid1_to_tid2
self.tid2_to_tid1 = tid2_to_tid1
self.encmsg_to_iv = encmsg_to_iv
self.tid_handler = tid_handler
self.force_persistant_nameid = force_persistant_nameid
self.force_no_userid_subject_cacheing = force_no_userid_subject_cacheing
def verify_request(self, query, binding):
""" Parses and verifies the SAML Authentication Request
:param query: The SAML authn request, transport encoded
:param binding: Which binding the query came in over
:returns: dictionary
"""
if not query:
logger.info("Missing QUERY")
resp = Unauthorized('Unknown user')
return {"response": resp}
req_info = self.idp.parse_authn_request(query, binding)
encrypt_cert = encrypt_cert_from_item(req_info.message)
logger.info("parsed OK")
_authn_req = req_info.message
logger.debug("%s" % _authn_req)
# Check that I know where to send the reply to
try:
binding_out, destination = self.idp.pick_binding(
"assertion_consumer_service",
bindings=self.response_bindings,
entity_id=_authn_req.issuer.text, request=_authn_req)
except Exception as err:
logger.error("Couldn't find receiver endpoint: %s" % err)
raise
logger.debug("Binding: %s, destination: %s" % (binding_out,
destination))
resp_args = {}
try:
resp_args = self.idp.response_args(_authn_req)
_resp = None
except UnknownPrincipal as excp:
_resp = self.idp.create_error_response(_authn_req.id,
destination, excp)
except UnsupportedBinding as excp:
_resp = self.idp.create_error_response(_authn_req.id,
destination, excp)
req_args = {}
for key in ["subject", "name_id_policy", "conditions",
"requested_authn_context", "scoping", "force_authn",
"is_passive"]:
try:
val = getattr(_authn_req, key)
except AttributeError:
pass
else:
if val is not None:
req_args[key] = val
return {"resp_args": resp_args, "response": _resp,
"authn_req": _authn_req, "req_args": req_args, "encrypt_cert": encrypt_cert}
def handle_authn_request(self, binding_in):
"""
Deal with an authentication request
:param binding_in: Which binding was used when receiving the query
:return: A response if an error occurred or session information in a
dictionary
"""
_request = self.unpack(binding_in)
_binding_in = service.INV_BINDING_MAP[binding_in]
try:
_dict = self.verify_request(_request["SAMLRequest"], _binding_in)
except UnknownPrincipal as excp:
logger.error("UnknownPrincipal: %s" % (excp,))
resp = ServiceError("UnknownPrincipal: %s" % (excp,))
#.........这里部分代码省略.........
示例6: TestServer1
# 需要导入模块: from saml2.server import Server [as 别名]
# 或者: from saml2.server.Server import response_args [as 别名]
#.........这里部分代码省略.........
_dict = parse_qs(htargs["headers"][0][1].split('?')[1])
print(_dict)
try:
self.server.parse_authn_request(_dict["SAMLRequest"][0], binding)
status = None
except OtherError as oe:
print((oe.args))
status = s_utils.error_status_factory(oe)
assert status
print(status)
assert _eq(status.keyswv(), ["status_code", "status_message"])
assert status.status_message.text == 'Not destined for me!'
status_code = status.status_code
assert _eq(status_code.keyswv(), ["status_code", "value"])
assert status_code.value == samlp.STATUS_RESPONDER
assert status_code.status_code.value == samlp.STATUS_UNKNOWN_PRINCIPAL
def test_parse_ok_request(self):
req_id, authn_request = self.client.create_authn_request(
message_id="id1", destination="http://localhost:8088/sso")
print(authn_request)
binding = BINDING_HTTP_REDIRECT
htargs = self.client.apply_binding(binding, "%s" % authn_request,
"http://www.example.com", "abcd")
_dict = parse_qs(htargs["headers"][0][1].split('?')[1])
print(_dict)
req = self.server.parse_authn_request(_dict["SAMLRequest"][0], binding)
# returns a dictionary
print(req)
resp_args = self.server.response_args(req.message, [BINDING_HTTP_POST])
assert resp_args["destination"] == "http://lingon.catalogix.se:8087/"
assert resp_args["in_response_to"] == "id1"
name_id_policy = resp_args["name_id_policy"]
assert _eq(name_id_policy.keyswv(), ["format", "allow_create"])
assert name_id_policy.format == saml.NAMEID_FORMAT_TRANSIENT
assert resp_args["sp_entity_id"] == "urn:mace:example.com:saml:roland:sp"
def test_sso_response_with_identity(self):
name_id = self.server.ident.transient_nameid(
"urn:mace:example.com:saml:roland:sp", "id12")
resp = self.server.create_authn_response(
{
"eduPersonEntitlement": "Short stop",
"surName": "Jeter",
"givenName": "Derek",
"mail": "[email protected]",
"title": "The man"
},
"id12", # in_response_to
"http://localhost:8087/", # destination
"urn:mace:example.com:saml:roland:sp", # sp_entity_id
name_id=name_id,
authn=AUTHN
)
print((resp.keyswv()))
assert _eq(resp.keyswv(), ['status', 'destination', 'assertion',
'in_response_to', 'issue_instant',
'version', 'id', 'issuer'])
assert resp.destination == "http://localhost:8087/"
assert resp.in_response_to == "id12"
assert resp.status