| |
@@ -44,17 +44,42 @@
|
| |
'httpd_user': '${TEST_USER}'}
|
| |
|
| |
|
| |
- sp2_g = {'HTTPDCONFD': '${TESTDIR}/${NAME}/conf.d',
|
| |
- 'SAML2_TEMPLATE': '${TESTDIR}/templates/install/saml2/sp.conf',
|
| |
- 'SAML2_CONFFILE': '${TESTDIR}/${NAME}/conf.d/ipsilon-saml.conf',
|
| |
- 'SAML2_HTTPDIR': '${TESTDIR}/${NAME}/saml2'}
|
| |
+ sp_b = {'hostname': '${ADDRESS}:${PORT}',
|
| |
+ 'saml_idp_metadata': 'http://127.0.0.10:45080/idp1/saml2/metadata',
|
| |
+ 'saml_secure_setup': 'False',
|
| |
+ 'no_saml_soap_logout': 'True',
|
| |
+ 'saml_auth': '/sp',
|
| |
+ 'httpd_user': '${TEST_USER}'}
|
| |
|
| |
|
| |
- sp2_a = {'hostname': '${ADDRESS}:${PORT}',
|
| |
- 'saml_idp_metadata': 'http://127.0.0.10:45080/idp1/saml2/metadata',
|
| |
- 'saml_secure_setup': 'False',
|
| |
- 'saml_auth': '/sp',
|
| |
- 'httpd_user': '${TEST_USER}'}
|
| |
+ # Global list of SP's
|
| |
+ splist = [
|
| |
+ {
|
| |
+ 'nameid': 'sp1',
|
| |
+ 'addr': '127.0.0.11',
|
| |
+ 'port': '45081',
|
| |
+ },
|
| |
+ {
|
| |
+ 'nameid': 'sp2',
|
| |
+ 'addr': '127.0.0.11',
|
| |
+ 'port': '45082',
|
| |
+ },
|
| |
+ {
|
| |
+ 'nameid': 'sp3',
|
| |
+ 'addr': '127.0.0.11',
|
| |
+ 'port': '45083',
|
| |
+ },
|
| |
+ {
|
| |
+ 'nameid': 'sp4',
|
| |
+ 'addr': '127.0.0.11',
|
| |
+ 'port': '45084',
|
| |
+ },
|
| |
+ {
|
| |
+ 'nameid': 'sp5',
|
| |
+ 'addr': '127.0.0.11',
|
| |
+ 'port': '45085',
|
| |
+ },
|
| |
+ ]
|
| |
|
| |
|
| |
def fixup_sp_httpd(httpdir):
|
| |
@@ -87,7 +112,7 @@
|
| |
f.write(logged_out)
|
| |
|
| |
|
| |
- def ensure_logout(session, idp_name, spurl):
|
| |
+ def ensure_logout(session, idp_name, sp_url):
|
| |
"""
|
| |
Fetch the secure page without following redirects. If we get
|
| |
a 303 then we should be redirected to the IDP for authentication
|
| |
@@ -96,7 +121,7 @@
|
| |
Returns nothing or raises exception on error
|
| |
"""
|
| |
try:
|
| |
- logout_page = session.fetch_page(idp_name, spurl,
|
| |
+ logout_page = session.fetch_page(idp_name, sp_url,
|
| |
follow_redirect=False)
|
| |
if logout_page.result.status_code != 303:
|
| |
raise ValueError('Still logged into url')
|
| |
@@ -122,40 +147,41 @@
|
| |
print "Starting IDP's httpd server"
|
| |
self.start_http_server(conf, env)
|
| |
|
| |
- print "Installing SP server"
|
| |
- name = 'sp1'
|
| |
- addr = '127.0.0.11'
|
| |
- port = '45081'
|
| |
- sp = self.generate_profile(sp_g, sp_a, name, addr, port)
|
| |
- conf = self.setup_sp_server(sp, name, addr, port, env)
|
| |
- fixup_sp_httpd(os.path.dirname(conf))
|
| |
-
|
| |
- print "Starting SP's httpd server"
|
| |
- self.start_http_server(conf, env)
|
| |
-
|
| |
- print "Installing second SP server"
|
| |
- name = 'sp2'
|
| |
- addr = '127.0.0.10'
|
| |
- port = '45082'
|
| |
- sp2 = self.generate_profile(sp2_g, sp2_a, name, addr, port)
|
| |
- conf = self.setup_sp_server(sp2, name, addr, port, env)
|
| |
- fixup_sp_httpd(os.path.dirname(conf))
|
| |
-
|
| |
- print "Starting SP's httpd server"
|
| |
- self.start_http_server(conf, env)
|
| |
+ for spdata in splist:
|
| |
+ nameid = spdata['nameid']
|
| |
+ addr = spdata['addr']
|
| |
+ port = spdata['port']
|
| |
+ print "Installing SP server %s" % nameid
|
| |
+
|
| |
+ # Configure sp3 and sp4 for only HTTP Redirect to test
|
| |
+ # that a mix of SOAP and HTTP Redirect will play nice
|
| |
+ # together.
|
| |
+ if nameid in ['sp3', 'sp4']:
|
| |
+ sp_prof = self.generate_profile(
|
| |
+ sp_g, sp_b, nameid, addr, str(port), nameid
|
| |
+ )
|
| |
+ else:
|
| |
+ sp_prof = self.generate_profile(
|
| |
+ sp_g, sp_a, nameid, addr, str(port), nameid
|
| |
+ )
|
| |
+ conf = self.setup_sp_server(sp_prof, nameid, addr, str(port), env)
|
| |
+ fixup_sp_httpd(os.path.dirname(conf))
|
| |
+
|
| |
+ print "Starting SP's httpd server"
|
| |
+ self.start_http_server(conf, env)
|
| |
|
| |
|
| |
if __name__ == '__main__':
|
| |
|
| |
idpname = 'idp1'
|
| |
- spname = 'sp1'
|
| |
- sp2name = 'sp2'
|
| |
user = pwd.getpwuid(os.getuid())[0]
|
| |
|
| |
sess = HttpSessions()
|
| |
sess.add_server(idpname, 'http://127.0.0.10:45080', user, 'ipsilon')
|
| |
- sess.add_server(spname, 'http://127.0.0.11:45081')
|
| |
- sess.add_server(sp2name, 'http://127.0.0.10:45082')
|
| |
+ for sp in splist:
|
| |
+ spname = sp['nameid']
|
| |
+ spurl = 'http://%s:%s' % (sp['addr'], sp['port'])
|
| |
+ sess.add_server(spname, spurl)
|
| |
|
| |
print "testlogout: Authenticate to IDP ...",
|
| |
try:
|
| |
@@ -165,21 +191,15 @@
|
| |
sys.exit(1)
|
| |
print " SUCCESS"
|
| |
|
| |
- print "testlogout: Add SP Metadata to IDP ...",
|
| |
- try:
|
| |
- sess.add_sp_metadata(idpname, spname)
|
| |
- except Exception, e: # pylint: disable=broad-except
|
| |
- print >> sys.stderr, " ERROR: %s" % repr(e)
|
| |
- sys.exit(1)
|
| |
- print " SUCCESS"
|
| |
-
|
| |
- print "testlogout: Add second SP Metadata to IDP ...",
|
| |
- try:
|
| |
- sess.add_sp_metadata(idpname, sp2name)
|
| |
- except Exception, e: # pylint: disable=broad-except
|
| |
- print >> sys.stderr, " ERROR: %s" % repr(e)
|
| |
- sys.exit(1)
|
| |
- print " SUCCESS"
|
| |
+ for sp in splist:
|
| |
+ spname = sp['nameid']
|
| |
+ print "testlogout: Add SP Metadata for %s to IDP ..." % spname,
|
| |
+ try:
|
| |
+ sess.add_sp_metadata(idpname, spname)
|
| |
+ except Exception, e: # pylint: disable=broad-except
|
| |
+ print >> sys.stderr, " ERROR: %s" % repr(e)
|
| |
+ sys.exit(1)
|
| |
+ print " SUCCESS"
|
| |
|
| |
print "testlogout: Logout without logging into SP ...",
|
| |
try:
|
| |
@@ -231,50 +251,43 @@
|
| |
sys.exit(1)
|
| |
print " SUCCESS"
|
| |
|
| |
- print "testlogout: Access SP Protected Area of SP1...",
|
| |
- try:
|
| |
- page = sess.fetch_page(idpname, 'http://127.0.0.11:45081/sp/')
|
| |
- page.expected_value('text()', 'WORKS!')
|
| |
- except ValueError, e:
|
| |
- print >> sys.stderr, " ERROR: %s" % repr(e)
|
| |
- sys.exit(1)
|
| |
- print " SUCCESS"
|
| |
-
|
| |
- print "testlogout: Access SP Protected Area of SP2...",
|
| |
- try:
|
| |
- page = sess.fetch_page(idpname, 'http://127.0.0.10:45082/sp/')
|
| |
- page.expected_value('text()', 'WORKS!')
|
| |
- except ValueError, e:
|
| |
- print >> sys.stderr, " ERROR: %s" % repr(e)
|
| |
- sys.exit(1)
|
| |
- print " SUCCESS"
|
| |
-
|
| |
- print "testlogout: Logout from both ...",
|
| |
- try:
|
| |
- page = sess.fetch_page(idpname, '%s/%s?%s' % (
|
| |
- 'http://127.0.0.11:45081', 'saml2/logout',
|
| |
- 'ReturnTo=http://127.0.0.11:45081/open/logged_out.html'))
|
| |
- page.expected_value('text()', 'Logged out')
|
| |
- except ValueError, e:
|
| |
- print >> sys.stderr, " ERROR: %s" % repr(e)
|
| |
- sys.exit(1)
|
| |
- print " SUCCESS"
|
| |
-
|
| |
- print "testlogout: Ensure logout of SP1 ...",
|
| |
- try:
|
| |
- ensure_logout(sess, idpname, 'http://127.0.0.11:45081/sp/')
|
| |
- except ValueError, e:
|
| |
- print >> sys.stderr, " ERROR: %s" % repr(e)
|
| |
- sys.exit(1)
|
| |
- print " SUCCESS"
|
| |
-
|
| |
- print "testlogout: Ensure logout of SP2 ...",
|
| |
- try:
|
| |
- ensure_logout(sess, idpname, 'http://127.0.0.10:45082/sp/')
|
| |
- except ValueError, e:
|
| |
- print >> sys.stderr, " ERROR: %s" % repr(e)
|
| |
- sys.exit(1)
|
| |
- print " SUCCESS"
|
| |
+ # Test logout from each of the SP's in the list to ensure that the
|
| |
+ # order of logout doesn't matter.
|
| |
+ for sporder in splist:
|
| |
+ print "testlogout: Access SP Protected Area of each SP ...",
|
| |
+ for sp in splist:
|
| |
+ spname = sp['nameid']
|
| |
+ spurl = 'http://%s:%s/sp/' % (sp['addr'], sp['port'])
|
| |
+ try:
|
| |
+ page = sess.fetch_page(idpname, spurl)
|
| |
+ page.expected_value('text()', 'WORKS!')
|
| |
+ except ValueError, e:
|
| |
+ print >> sys.stderr, " ERROR: %s" % repr(e)
|
| |
+ sys.exit(1)
|
| |
+ print " SUCCESS"
|
| |
+
|
| |
+ print "testlogout: Initiate logout from %s ..." % sporder['nameid'],
|
| |
+ try:
|
| |
+ logouturl = 'http://%s:%s' % (sp['addr'], sp['port'])
|
| |
+ page = sess.fetch_page(idpname, '%s/%s?%s' % (
|
| |
+ logouturl, 'saml2/logout',
|
| |
+ 'ReturnTo=http://127.0.0.11:45081/open/logged_out.html'))
|
| |
+ page.expected_value('text()', 'Logged out')
|
| |
+ except ValueError, e:
|
| |
+ print >> sys.stderr, " ERROR: %s" % repr(e)
|
| |
+ sys.exit(1)
|
| |
+ print " SUCCESS"
|
| |
+
|
| |
+ print "testlogout: Ensure logout of each SP ...",
|
| |
+ for sp in splist:
|
| |
+ spname = sp['nameid']
|
| |
+ spurl = 'http://%s:%s/sp/' % (sp['addr'], sp['port'])
|
| |
+ try:
|
| |
+ ensure_logout(sess, idpname, spurl)
|
| |
+ except ValueError, e:
|
| |
+ print >> sys.stderr, " ERROR: %s" % repr(e)
|
| |
+ sys.exit(1)
|
| |
+ print " SUCCESS"
|
| |
|
| |
# Test IdP-initiated logout
|
| |
print "testlogout: Access SP Protected Area of SP1...",
|
| |
@@ -288,7 +301,7 @@
|
| |
|
| |
print "testlogout: Access SP Protected Area of SP2...",
|
| |
try:
|
| |
- page = sess.fetch_page(idpname, 'http://127.0.0.10:45082/sp/')
|
| |
+ page = sess.fetch_page(idpname, 'http://127.0.0.11:45082/sp/')
|
| |
page.expected_value('text()', 'WORKS!')
|
| |
except ValueError, e:
|
| |
print >> sys.stderr, " ERROR: %s" % repr(e)
|
| |
@@ -325,7 +338,7 @@
|
| |
|
| |
print "testlogout: Ensure logout of SP2 ...",
|
| |
try:
|
| |
- ensure_logout(sess, idpname, 'http://127.0.0.10:45082/sp/')
|
| |
+ ensure_logout(sess, idpname, 'http://127.0.0.11:45082/sp/')
|
| |
except ValueError, e:
|
| |
print >> sys.stderr, " ERROR: %s" % repr(e)
|
| |
sys.exit(1)
|
| |
I don't think this can pass pep8/pylint, does it?
I think it's kinda unclear where indentation starts and ends.