Changeset 7150

Timestamp:

01/07/10 13:08:57 (11 years ago)

Author:

pjkersha

Message:

Incomplete - task 2: XACML-Security Integration

• integrating test_samlinterface from ndg.security version

Location:

TI12-security/trunk/ndg_saml/ndg/saml

Files:

• saml2/binding/soap/client/__init__.py (modified) (2 diffs)
• test/binding/soap/test_samlinterface.py (modified) (28 diffs)

TI12-security/trunk/ndg_saml/ndg/saml/saml2/binding/soap/client/__init__.py

@@ -13 +13 @@
 
 from os import path
-from ConfigParser import ConfigParser
+from ConfigParser import ConfigParser, SafeConfigParser
 
 from ndg.saml.common import SAMLObject
 
-from ndg.security.common.utils.factory import importModuleObject
-from ndg.security.common.utils.configfileparsers import (
-                                                    CaseSensitiveConfigParser)
+from ndg.saml.utils.factory import importModuleObject
 from ndg.soap import SOAPEnvelopeBase
 from ndg.soap.etree import SOAPEnvelope
@@ -223 +221 @@
         if isinstance(cfg, basestring):
             cfgFilePath = path.expandvars(cfg)
-            _cfg = CaseSensitiveConfigParser()
+            _cfg = SafeConfigParser()
+            _cfg.optionxform = str
+
             _cfg.read(cfgFilePath)
             

TI12-security/trunk/ndg_saml/ndg/saml/test/binding/soap/test_samlinterface.py

@@ -1 @@
-"""Attribute Authority SAML Interface unit test package
+"""SAML Generic SOAP Binding Query/Response Interface unit test package
 
 NERC DataGrid Project
@@ -11 +11 @@
 import logging
 logging.basicConfig(level=logging.DEBUG)
+log = logging.getLogger(__name__)
 import unittest
 
@@ -27 +28 @@
 from ndg.saml.xml import XMLConstants
 from ndg.saml.xml.etree import AttributeQueryElementTree, ResponseElementTree
-from ndg.saml.saml2.binding.soap.subjectquery import (
+from ndg.saml.saml2.binding.soap.client.subjectquery import (
     SubjectQuerySOAPBinding, ResponseIssueInstantInvalid, 
     AssertionIssueInstantInvalid, AssertionConditionNotBeforeInvalid, 
@@ -38 +39 @@
 
 class SamlSoapBindingApp(object):
+    """Simple WSGI application to handle SAML Attribute Query/Response
+    """
+    FIRSTNAME_ATTRNAME = "urn:ndg:saml:firstname"
+    LASTNAME_ATTRNAME = "urn:ndg:saml:lastname"
+    EMAILADDRESS_ATTRNAME = "urn:ndg:saml:emailaddress"
+    NAMEID_FORMAT = "urn:ndg:saml:openid"
+    
     def __init__(self):
         self.firstName = "Philip"
@@ -85 +93 @@
         
         for attribute in attributeQuery.attributes:
-            if attribute.name == EsgSamlNamespaces.FIRSTNAME_ATTRNAME:
+            if attribute.name == SamlSoapBindingApp.FIRSTNAME_ATTRNAME:
                 # special case handling for 'FirstName' attribute
                 fnAttribute = Attribute()
@@ -98 +106 @@
                 assertion.attributeStatements[0].attributes.append(fnAttribute)
             
-            elif attribute.name == EsgSamlNamespaces.LASTNAME_ATTRNAME:
+            elif attribute.name == SamlSoapBindingApp.LASTNAME_ATTRNAME:
                 lnAttribute = Attribute()
                 lnAttribute.name = attribute.name
@@ -110 +118 @@
                 assertion.attributeStatements[0].attributes.append(lnAttribute)
                
-            elif attribute.name == EsgSamlNamespaces.EMAILADDRESS_ATTRNAME:
+            elif attribute.name == SamlSoapBindingApp.EMAILADDRESS_ATTRNAME:
                 emailAddressAttribute = Attribute()
                 emailAddressAttribute.name = attribute.name
@@ -124 +132 @@
         
         samlResponse.assertions.append(assertion)
-        
-        # Add mapping for ESG Group/Role Attribute Value to enable ElementTree
-        # Attribute Value factory to render the XML output
-        toXMLTypeMap = {
-            XSGroupRoleAttributeValue: XSGroupRoleAttributeValueElementTree
-        }
-
         
         samlResponse.status = Status()
@@ -142 +143 @@
                                             customToXMLTypeMap=toXMLTypeMap)
         xml = ElementTree.tostring(samlResponseElem)
+        log.debug('Sending response to query:\n%s', xml)
         
         # Create SOAP response and attach the SAML Response payload
@@ -156 +158 @@
 
         
-class SamlAttributeAuthorityInterfaceTestCase(BaseTestCase):
-    """TODO: test SAML Attribute Authority interface"""
+class SamlAttributeQueryTestCase(unittest.TestCase):
+    """Test the SAML SOAP binding using an Attribute Query as an example"""
     thisDir = os.path.dirname(os.path.abspath(__file__))
     RESPONSE = '''\
@@ -205 +207 @@
         self.app = paste.fixture.TestApp(wsgiApp)
          
-        BaseTestCase.__init__(self, *args, **kwargs)
+        unittest.TestCase.__init__(self, *args, **kwargs)
         
     def test01AttributeQuery(self):
@@ -221 +223 @@
         attributeQuery.subject = Subject()  
         attributeQuery.subject.nameID = NameID()
-        attributeQuery.subject.nameID.format = EsgSamlNamespaces.NAMEID_FORMAT
+        attributeQuery.subject.nameID.format = SamlSoapBindingApp.NAMEID_FORMAT
         attributeQuery.subject.nameID.value = \
                                     "https://openid.localhost/philip.kershaw"
@@ -227 +229 @@
         # special case handling for 'FirstName' attribute
         fnAttribute = Attribute()
-        fnAttribute.name = EsgSamlNamespaces.FIRSTNAME_ATTRNAME
+        fnAttribute.name = SamlSoapBindingApp.FIRSTNAME_ATTRNAME
         fnAttribute.nameFormat = "http://www.w3.org/2001/XMLSchema#string"
         fnAttribute.friendlyName = "FirstName"
@@ -235 +237 @@
         # special case handling for 'LastName' attribute
         lnAttribute = Attribute()
-        lnAttribute.name = EsgSamlNamespaces.LASTNAME_ATTRNAME
+        lnAttribute.name = SamlSoapBindingApp.LASTNAME_ATTRNAME
         lnAttribute.nameFormat = "http://www.w3.org/2001/XMLSchema#string"
         lnAttribute.friendlyName = "LastName"
@@ -243 +245 @@
         # special case handling for 'LastName' attribute
         emailAddressAttribute = Attribute()
-        emailAddressAttribute.name = EsgSamlNamespaces.EMAILADDRESS_ATTRNAME
+        emailAddressAttribute.name = SamlSoapBindingApp.EMAILADDRESS_ATTRNAME
         emailAddressAttribute.nameFormat = XMLConstants.XSD_NS+"#"+\
                                     XSStringAttributeValue.TYPE_LOCAL_NAME
@@ -314 +316 @@
         attributeQuery.subject = Subject()  
         attributeQuery.subject.nameID = NameID()
-        attributeQuery.subject.nameID.format = EsgSamlNamespaces.NAMEID_FORMAT
+        attributeQuery.subject.nameID.format = SamlSoapBindingApp.NAMEID_FORMAT
         attributeQuery.subject.nameID.value = \
                             "https://esg.prototype.ucar.edu/myopenid/testUser"
@@ -320 +322 @@
         # special case handling for 'FirstName' attribute
         fnAttribute = Attribute()
-        fnAttribute.name = EsgSamlNamespaces.FIRSTNAME_ATTRNAME
+        fnAttribute.name = SamlSoapBindingApp.FIRSTNAME_ATTRNAME
         fnAttribute.nameFormat = "http://www.w3.org/2001/XMLSchema#string"
         fnAttribute.friendlyName = "FirstName"
@@ -328 +330 @@
         # special case handling for 'LastName' attribute
         lnAttribute = Attribute()
-        lnAttribute.name = EsgSamlNamespaces.LASTNAME_ATTRNAME
+        lnAttribute.name = SamlSoapBindingApp.LASTNAME_ATTRNAME
         lnAttribute.nameFormat = "http://www.w3.org/2001/XMLSchema#string"
         lnAttribute.friendlyName = "LastName"
@@ -336 +338 @@
         # special case handling for 'LastName' attribute
         emailAddressAttribute = Attribute()
-        emailAddressAttribute.name = EsgSamlNamespaces.EMAILADDRESS_ATTRNAME
+        emailAddressAttribute.name = SamlSoapBindingApp.EMAILADDRESS_ATTRNAME
         emailAddressAttribute.nameFormat = XMLConstants.XSD_NS+"#"+\
                                     XSStringAttributeValue.TYPE_LOCAL_NAME
@@ -365 +367 @@
             self.fail('Expecting "Response" element in SOAP body')
             
-        toSAMLTypeMap = [XSGroupRoleAttributeValueElementTree.factoryMatchFunc]
-        response = ResponseElementTree.fromXML(response.envelope.body.elem[0],
-                                            customToSAMLTypeMap=toSAMLTypeMap)
-        self.assert_(response)
-        
-    def test03ParseResponse(self):
-        response = \
-'''<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
-   <SOAP-ENV:Body>
-      <samlp:Response ID="05680cb2-4973-443d-9d31-7bc99bea87c1" InResponseTo="e3183380-ae82-4285-8827-8c40613842de" IssueInstant="2009-08-17T12:28:37.325Z" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
-         <saml:Issuer Format="urn:esg:issuer" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">ESG-NCAR</saml:Issuer>
-         <samlp:Status>
-            <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
-         </samlp:Status>
-         <saml:Assertion ID="192c67d9-f9cd-457a-9242-999e7b943166" IssueInstant="2009-08-17T12:28:37.347Z" Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
-            <saml:Issuer Format="urn:esg:issuer">ESG-NCAR</saml:Issuer>
-            <saml:Subject>
-               <saml:NameID Format="urn:esg:openid">https://esg.prototype.ucar.edu/myopenid/testUser</saml:NameID>
-            </saml:Subject>
-            <saml:Conditions NotBefore="2009-08-17T12:28:37.347Z" NotOnOrAfter="2009-08-18T12:28:37.347Z" />
-            <saml:AttributeStatement>
-               <saml:Attribute FriendlyName="FirstName" Name="urn:esg:first:name" NameFormat="http://www.w3.org/2001/XMLSchema#string">
-                  <saml:AttributeValue xsi:type="xs:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Test</saml:AttributeValue>
-               </saml:Attribute>
-               <saml:Attribute FriendlyName="LastName" Name="urn:esg:last:name" NameFormat="http://www.w3.org/2001/XMLSchema#string">
-                  <saml:AttributeValue xsi:type="xs:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">User</saml:AttributeValue>
-               </saml:Attribute>
-               <saml:Attribute FriendlyName="EmailAddress" Name="urn:esg:first:email:address" NameFormat="http://www.w3.org/2001/XMLSchema#string">
-                  <saml:AttributeValue xsi:type="xs:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">ejn@ucar.edu</saml:AttributeValue>
-               </saml:Attribute>
-               <saml:Attribute FriendlyName="GroupRole" Name="urn:esg:group:role" NameFormat="groupRole">
-                  <saml:AttributeValue>
-                     <esg:groupRole group="CCSM" role="default" xmlns:esg="http://www.esg.org" />
-                  </saml:AttributeValue>
-                  <saml:AttributeValue>
-                     <esg:groupRole group="Dynamical Core" role="default" xmlns:esg="http://www.esg.org" />
-                  </saml:AttributeValue>
-                  <saml:AttributeValue>
-                     <esg:groupRole group="NARCCAP" role="default" xmlns:esg="http://www.esg.org" />
-                  </saml:AttributeValue>
-               </saml:Attribute>
-            </saml:AttributeStatement>
-         </saml:Assertion>
-      </samlp:Response>
-   </SOAP-ENV:Body>
-</SOAP-ENV:Envelope>'''
-        
-        soapResponse = SOAPEnvelope()
-        
-        responseStream = StringIO()
-        responseStream.write(response)
-        responseStream.seek(0)
-        
-        soapResponse.parse(responseStream)
-        
-        print("Parsed response ...")
-        print(soapResponse.serialize())
-        
-        toSAMLTypeMap = [XSGroupRoleAttributeValueElementTree.factoryMatchFunc]
-        response = ResponseElementTree.fromXML(soapResponse.body.elem[0],
-                                            customToSAMLTypeMap=toSAMLTypeMap)
+        response = ResponseElementTree.fromXML(response.envelope.body.elem[0])
         self.assert_(response)
 
@@ -441 +383 @@
         print(soapResponse.serialize())
         
-        toSAMLTypeMap = [XSGroupRoleAttributeValueElementTree.factoryMatchFunc]
-        response = ResponseElementTree.fromXML(soapResponse.body.elem[0],
-                                            customToSAMLTypeMap=toSAMLTypeMap)
+        response = ResponseElementTree.fromXML(soapResponse.body.elem[0])
         return response
         
@@ -455 +395 @@
                                                             seconds=60*60*8))
         }
-        responseStr = SamlAttributeAuthorityInterfaceTestCase.RESPONSE % \
+        responseStr = self.__class__.RESPONSE % \
                                                                         respDict
         response = self._parseResponse(responseStr)
@@ -471 +411 @@
                                                             seconds=60*60*8))
         }
-        responseStr = SamlAttributeAuthorityInterfaceTestCase.RESPONSE % \
+        responseStr = self.__class__.RESPONSE % \
                                                                     respDict
         response = self._parseResponse(responseStr)
@@ -491 +431 @@
                                                             seconds=60*60*8))
         }
-        responseStr = SamlAttributeAuthorityInterfaceTestCase.RESPONSE % \
+        responseStr = self.__class__.RESPONSE % \
                                                                     respDict
         response = self._parseResponse(responseStr)
@@ -510 +450 @@
                                                             seconds=60*60*8))
         }
-        responseStr = SamlAttributeAuthorityInterfaceTestCase.RESPONSE % \
+        responseStr = self.__class__.RESPONSE % \
                                                                     respDict
         response = self._parseResponse(responseStr)
@@ -530 +470 @@
                                                             seconds=60*60*8))
         }
-        responseStr = SamlAttributeAuthorityInterfaceTestCase.RESPONSE % \
+        responseStr = self.__class__.RESPONSE % \
                                                                     respDict
         response = self._parseResponse(responseStr)
@@ -550 +490 @@
                                                             seconds=60*60*8))
         }
-        responseStr = SamlAttributeAuthorityInterfaceTestCase.RESPONSE % \
+        responseStr = self.__class__.RESPONSE % \
                                                                     respDict
         response = self._parseResponse(responseStr)
@@ -574 +514 @@
                                                             seconds=60*60*8))
         }
-        responseStr = SamlAttributeAuthorityInterfaceTestCase.RESPONSE % \
-                                                                    respDict
+        responseStr = self.__class__.RESPONSE % respDict
         response = self._parseResponse(responseStr)
         binding = SubjectQuerySOAPBinding()