Ignore:
Timestamp:
17/02/10 14:45:28 (10 years ago)
Author:
pjkersha
Message:
  • Fixes to SAML Attribute Query client.
  • Work query to ESG Authz service
  • fixes for MyProxy? SAML callout
Location:
TI12-security/trunk/NDGSecurity/python
Files:
9 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/NDGSecurity/python/Tests/esg_integration/test_soapauthzdecisioninterface.py

    r6577 r6584  
    1919from saml.saml2.core import StatusCode, DecisionType, Action 
    2020from saml.xml.etree import ResponseElementTree 
     21from ndg.security.common.utils.etree import prettyPrint 
    2122from ndg.security.common.saml_utils.binding.soap.authzdecisionquery import (  
    2223                                        AuthzDecisionQuerySslSOAPBinding) 
     
    5152        binding.sslCACertDir = EsgAuthzServiceTestCase.CA_DIR 
    5253 
     54        # Add tolerance of 1 second for clock skew either side of issue instant 
     55        # and not before / notOnOrAfter times 
     56        binding.clockSkewTolerance = 1 
     57         
    5358        response = binding.send(uri=EsgAuthzServiceTestCase.AUTHZ_SERVICE_URI) 
    5459        samlResponseElem = ResponseElementTree.toXML(response) 
     
    6065 
    6166 
    62         self.assert_(samlResponse.status.statusCode.value == \ 
     67        self.assert_(response.status.statusCode.value == \ 
    6368                     StatusCode.SUCCESS_URI) 
    64         self.assert_(samlResponse.inResponseTo == query.id) 
    65         self.assert_(samlResponse.assertions[0].subject.nameID.value == \ 
    66                      query.subject.nameID.value) 
    67         self.assert_(samlResponse.assertions[0]) 
    68         self.assert_(samlResponse.assertions[0].authzDecisionStatements[0]) 
    69         self.assert_(samlResponse.assertions[0].authzDecisionStatements[0 
     69        self.assert_(response.inResponseTo == binding.query.id) 
     70        self.assert_(response.assertions[0]) 
     71        self.assert_(response.assertions[0].subject.nameID.value == \ 
     72                     binding.query.subject.nameID.value) 
     73        self.assert_(response.assertions[0].authzDecisionStatements[0]) 
     74        self.assert_(response.assertions[0].authzDecisionStatements[0 
    7075                                            ].decision == DecisionType.PERMIT) 
    7176         
  • TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/saml_utils/binding/soap/__init__.py

    r6578 r6584  
    3939class SOAPBinding(object): 
    4040    '''Client SAML SOAP Binding''' 
     41    SOAP_ACTION = 'http://www.oasis-open.org/committees/security' 
     42     
    4143    REQUEST_ENVELOPE_CLASS_OPTNAME = 'requestEnvelopeClass' 
    4244    RESPONSE_ENVELOPE_CLASS_OPTNAME = 'responseEnvelopeClass' 
     
    7779         
    7880        self.client = UrlLib2SOAPClient() 
     81        self.client.httpHeader['SOAPAction'] = SOAPBinding.SOAP_ACTION 
    7982         
    8083        # Configurable envelope classes 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/saml_utils/binding/soap/attributequery.py

    r6578 r6584  
    4444     
    4545    __PRIVATE_ATTR_PREFIX = "__" 
    46     __slots__ = (__PRIVATE_ATTR_PREFIX + QUERY_ATTRIBUTES_ATTRNAME,) 
     46    __slots__ = () 
    4747 
    4848    SERIALISE_KW = 'serialise' 
     
    6565         
    6666        super(AttributeQuerySOAPBinding, self).__init__(**kw) 
    67         self.__queryAttributes = TypedList(Attribute) 
    6867             
    6968    def __setattr__(self, name, value): 
     
    9594              
    9695    def _getQueryAttributes(self): 
    97         return self.__queryAttributes 
     96        return self.query.attributes 
    9897 
    9998    def _setQueryAttributes(self, value): 
    10099        if not isinstance(value, TypedList) and value.elementType != Attribute: 
    101100            raise TypeError('Expecting TypedList(Attribute) type for ' 
    102                             '"queryAttributes"; got %r instead' % type(value))  
     101                            '"queryAttributes"; got %r instead' % type(value)) 
    103102         
    104         self.__queryAttributes = value 
    105      
     103        # Remove all previously set items and add new ones  
     104        del self.query.attributes[:] 
     105        for attribute in value: 
     106            self.query.attributes.append(attribute) 
     107   
    106108    queryAttributes = property(_getQueryAttributes,  
    107109                               _setQueryAttributes,  
    108110                               doc="List of attributes to query from the " 
    109111                                   "Attribute Authority") 
    110 # 
    111 #    def _createQuery(self): 
    112 #        """ Create a SAML attribute query""" 
    113 #        attributeQuery = super(AttributeQuerySOAPBinding, self)._createQuery( 
    114 #                                                                AttributeQuery) 
    115 #        # Add list of attributes to query                       
    116 #        for attribute in self.queryAttributes: 
    117 #            attributeQuery.attributes.append(attribute) 
    118 #             
    119 #        return attributeQuery  
    120112 
    121113     
  • TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/saml_utils/binding/soap/subjectquery.py

    r6578 r6584  
    263263         
    264264        # Check Query ID matches the query ID the service received 
    265         if response.inResponseTo != query.id: 
     265        if response.inResponseTo != self.query.id: 
    266266            msg = ('Response in-response-to ID %r, doesn\'t match the original ' 
    267267                   'query ID, %r' % (response.inResponseTo, query.id)) 
     
    275275            msg = ('SAML Attribute Response issueInstant [%s] is after ' 
    276276                   'the current clock time [%s]' %  
    277                    (query.issueInstant, SAMLDateTime.toString(utcNow))) 
     277                   (self.query.issueInstant, SAMLDateTime.toString(utcNow))) 
    278278             
    279279            samlRespError = SubjectQueryResponseError(msg)                   
  • TI12-security/trunk/NDGSecurity/python/ndg_security_common/ndg/security/common/soap/client.py

    r6580 r6584  
    148148    def __init__(self, *arg, **kw): 
    149149        if len(arg) > 0: 
     150            arg = list(arg) 
     151             
    150152            if isinstance(arg[0], dict): 
    151153                arg[0] = [(k.capitalize(), v) for k, v in arg[0].items()] 
    152154            else: 
    153155                arg[0] = [(k.capitalize(), v) for k, v in arg[0]]  
     156                 
     157            arg = tuple(arg) 
    154158         
    155159        kw = dict([(k.capitalize(), v) for k, v in kw.items()]) 
     
    162166         
    163167        super(CapitalizedKeysDict, self).__setitem__(k.capitalize(), v) 
    164          
     168      
     169    def copy(self): 
     170        """Explicit copy implementation to ensure CapitalizedKeysDict return  
     171        type""" 
     172        return CapitalizedKeysDict(self) 
     173     
    165174     
    166175class UrlLib2SOAPClient(SOAPClientBase): 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/wsgi/saml/__init__.py

    r6578 r6584  
    182182    queryInterfaceKeyName = property(fget=_getQueryInterfaceKeyName,  
    183183                                     fset=_setQueryInterfaceKeyName,  
    184                                      doc="environ keyname for Attribute Query " 
     184                                     doc="environ key name for Attribute Query " 
    185185                                         "interface") 
    186186     
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/sitea/site-a.ini

    r6575 r6584  
    104104# SAML SOAP Binding to the Attribute Authority 
    105105[filter:AttributeAuthoritySamlSoapBindingFilter] 
    106 paste.filter_app_factory = ndg.security.server.wsgi.saml.attributeinterface:SOAPAttributeInterfaceMiddleware.filter_app_factory 
     106paste.filter_app_factory = ndg.security.server.wsgi.saml:SOAPQueryInterfaceMiddleware.filter_app_factory 
    107107prefix = saml.soapbinding. 
    108108 
     109saml.soapbinding.serialise = saml.xml.etree:ResponseElementTree.toXML 
     110saml.soapbinding.deserialise = saml.xml.etree:AttributeQueryElementTree.fromXML 
    109111saml.soapbinding.pathMatchList = /AttributeAuthority/saml 
    110112saml.soapbinding.queryInterfaceKeyName = %(attributeQueryInterfaceEnvironKeyName)s 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/myproxy/certificate_extapp/config.ini

    r6062 r6584  
    1313openIdSqlQuery = select openid from users where username = '${username}'      
    1414attributeAuthorityURI = https://localhost:5443/AttributeAuthority/saml 
     15attributeQuery.subjectIdFormat = urn:esg:openid 
    1516attributeQuery.issuerName = /O=Site A/CN=Authorisation Service 
    16 attributeQuery.clockSkew = 0 
     17attributeQuery.clockSkewTolerance = 0 
    1718attributeQuery_queryAttributes.0 = urn:esg:email:address, EmailAddress, http://www.w3.org/2001/XMLSchema#string 
    1819attributeQuery.queryAttributes.roles = urn:siteA:security:authz:1.0:attr, , http://www.w3.org/2001/XMLSchema#string 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/myproxy/certificate_extapp/test_saml_attribute_assertion.py

    r6064 r6584  
    2222from sqlalchemy.orm import sessionmaker 
    2323 
     24from ndg.security.common.saml_utils.esg import EsgSamlNamespaces 
    2425from ndg.security.test.unit import BaseTestCase 
    2526from ndg.security.server.myproxy.certificate_extapp.saml_attribute_assertion \ 
     
    5354        myProxyCertExtApp.attributeQuery.issuerName = \ 
    5455                                        "/CN=Authorisation Service/O=Site A" 
     56        myProxyCertExtApp.attributeQuery.subjectIdFormat = \ 
     57                                        EsgSamlNamespaces.NAMEID_FORMAT                                 
    5558        myProxyCertExtApp.attributeQuery.subjectID = \ 
    5659                                        CertExtAppTestCase.OPENID_URI 
     
    8386        myProxyCertExtApp.attributeQuery.issuerName = \ 
    8487                            "/CN=Authorisation Service/O=Site A" 
    85                                          
     88 
     89        myProxyCertExtApp.attributeQuery.subjectIdFormat = \ 
     90                                        EsgSamlNamespaces.NAMEID_FORMAT                                         
    8691        myProxyCertExtApp.attributeQuery.sslCACertDir = \ 
    8792                                                CertExtAppTestCase.CACERT_DIR 
Note: See TracChangeset for help on using the changeset viewer.