PR#88: Use TLS for test suite - ipsilon

tests/attrs.py

file modified

+5 -7

		`@@ -24,7 +24,6 @@`
		`'admin_user': '${TEST_USER}',`
		`'system_user': '${TEST_USER}',`
		`'instance': '${NAME}',`
		`- 'secure': 'no',`
		`'testauth': 'yes',`
		`'pam': 'no',`
		`'gssapi': 'no',`
		`@@ -38,9 +37,8 @@`
		`'SAML2_HTTPDIR': '${TESTDIR}/${NAME}/saml2'}`


		`- sp_a = {'hostname': '${ADDRESS}:${PORT}',`
		`- 'saml_idp_metadata': 'http://127.0.0.10:45080/idp1/saml2/metadata',`
		`- 'saml_secure_setup': 'False',`
		`+ sp_a = {'hostname': '${ADDRESS}',`
		`+ 'saml_idp_metadata': 'https://127.0.0.10:45080/idp1/saml2/metadata',`
		`'saml_auth': '/sp',`
		`'httpd_user': '${TEST_USER}'}`

		`@@ -110,8 +108,8 @@`
		`user = pwd.getpwuid(os.getuid())[0]`

		`sess = HttpSessions()`
		`- sess.add_server(idpname, 'http://127.0.0.10:45080', user, 'ipsilon')`
		`- sess.add_server(spname, 'http://127.0.0.11:45081')`
		`+ sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'ipsilon')`
		`+ sess.add_server(spname, 'https://127.0.0.11:45081')`

		`print "attrs: Authenticate to IDP ...",`
		`try:`
		`@@ -132,7 +130,7 @@`
		`print "attrs: Access SP Protected Area Variables...",`
		`try:`
		`page = sess.fetch_page(idpname,`
		`- 'http://127.0.0.11:45081/sp/index.shtml')`
		`+ 'https://127.0.0.11:45081/sp/index.shtml')`
		`page.expected_value('text()', 'Test User %s' % user)`
		`except ValueError, e:`
		`print >> sys.stderr, " ERROR: %s" % repr(e)`

tests/blobs/openid_app.py

file modified

+14 -3

		`@@ -5,20 +5,31 @@`
		`import cherrypy`
		`import os`
		`import pwd`
		`+ import ssl`

		`+ from openid.fetchers import setDefaultFetcher, Urllib2Fetcher`
		`from openid.consumer import consumer`
		`from openid.extensions import sreg, ax`
		`from openid_teams import teams`

		`sys.stdout = sys.stderr`

		`+ # This is an ugly hack to make python-openid not check the certs`
		`+ setDefaultFetcher(Urllib2Fetcher())`
		`+ try:`
		`+ _create_unverified_https_context = ssl._create_unverified_context`
		`+ except AttributeError:`
		`+ pass`
		`+ else:`
		`+ ssl._create_default_https_context = _create_unverified_https_context`
		`+`

		`class OpenIDApp(object):`
		`def index(self, extensions):`
		`self.extensions = extensions == 'YES'`
		`oidconsumer = consumer.Consumer(dict(), None)`
		`try:`
		`- request = oidconsumer.begin('http://127.0.0.10:45080/idp1/')`
		`+ request = oidconsumer.begin('https://127.0.0.10:45080/idp1/')`
		`except Exception as ex:`
		`return 'ERROR: %s' % ex`

		`@@ -60,8 +71,8 @@`
		`return 'ERROR: Cancelled'`
		`elif info.status == consumer.SUCCESS:`
		`username = pwd.getpwuid(os.getuid())[0]`
		`- expected_identifier = 'http://127.0.0.10:45080/idp1/openid/id/%s/'\`
		`- % username`
		`+ expected_identifier = 'https://127.0.0.10:45080/idp1/openid/' + \`
		`+ 'id/%s/' % username`
		`if expected_identifier != display_identifier:`
		`return 'ERROR: Wrong id returned: %s != %s' % (`
		`expected_identifier,`

tests/dbupgrades.py

file modified

+1 -2

		`@@ -25,7 +25,6 @@`
		`'admin_user': '${TEST_USER}',`
		`'system_user': '${TEST_USER}',`
		`'instance': '${NAME}',`
		`- 'secure': 'no',`
		`'testauth': 'yes',`
		`'pam': 'no',`
		`'gssapi': 'no',`
		`@@ -138,7 +137,7 @@`
		`user = pwd.getpwuid(os.getuid())[0]`

		`sess = HttpSessions()`
		`- sess.add_server(idpname, 'http://%s' % url, user,`
		`+ sess.add_server(idpname, 'https://%s' % url, user,`
		`'ipsilon')`

		`print "dbupgrades: From v%s: Authenticate to IDP ..." % from_version,`

tests/fconf.py

file modified

+8 -10

		`@@ -34,7 +34,6 @@`
		`'admin_user': '${TEST_USER}',`
		`'system_user': '${TEST_USER}',`
		`'instance': '${NAME}',`
		`- 'secure': 'no',`
		`'testauth': 'yes',`
		`'pam': 'no',`
		`'gssapi': 'no',`
		`@@ -54,7 +53,7 @@`
		`saml2 idp certificate file = ${TESTDIR}/lib/${NAME}/saml2/idp.pem`
		`saml2 idp nameid salt = ${IDPSALT}`
		`[saml2_data]`
		`- 811d0231-9362-46c9-a105-a01a64818904 id = http://${SPADDR}:${SPPORT}/saml2`
		`+ 811d0231-9362-46c9-a105-a01a64818904 id = https://${SPADDR}:${SPPORT}/saml2`
		`811d0231-9362-46c9-a105-a01a64818904 type = SP`
		`811d0231-9362-46c9-a105-a01a64818904 name = ${SPNAME}`
		`811d0231-9362-46c9-a105-a01a64818904 metadata = ${SPMETA}`
		`@@ -66,9 +65,8 @@`
		`'SAML2_HTTPDIR': '${TESTDIR}/${NAME}/saml2'}`


		`- sp_a = {'hostname': '${ADDRESS}:${PORT}',`
		`+ sp_a = {'hostname': '${ADDRESS}',`
		`'saml_idp_metadata': '${TESTDIR}/lib/idp1/saml2/metadata.xml',`
		`- 'saml_secure_setup': 'False',`
		`'saml_auth': '/sp',`
		`'httpd_user': '${TEST_USER}'}`

		`@@ -97,11 +95,11 @@`
		`def fixup_idp_conf(testdir):`

		`with open(os.path.join(testdir, spname, 'saml2',`
		`- '%s:%s' % (spaddr, spport), 'metadata.xml')) as f:`
		`+ '%s' % spaddr, 'metadata.xml')) as f:`
		`spmeta = f.read()`
		`spmeta = spmeta.replace("\n", "")`

		`- idpuri = "http://%s:%s/%s" % (idpaddr, idpport, idpname)`
		`+ idpuri = "https://%s:%s/%s" % (idpaddr, idpport, idpname)`

		`idpsalt = uuid.uuid4().hex`
		`t = Template(idp_file_conf)`
		`@@ -155,12 +153,12 @@`
		`user = pwd.getpwuid(os.getuid())[0]`

		`sess = HttpSessions()`
		`- sess.add_server(idpname, 'http://127.0.0.10:45080', user, 'ipsilon')`
		`- sess.add_server(spname, 'http://127.0.0.11:45081')`
		`+ sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'ipsilon')`
		`+ sess.add_server(spname, 'https://127.0.0.11:45081')`

		`print "fconf: Access IdP Homepage ... ",`
		`try:`
		`- page = sess.fetch_page(idpname, 'http://127.0.0.10:45080/idp1/')`
		`+ page = sess.fetch_page(idpname, 'https://127.0.0.10:45080/idp1/')`
		`page.expected_value('//title/text()', 'Ipsilon')`
		`except ValueError, e:`
		`print >> sys.stderr, " ERROR: %s" % repr(e)`
		`@@ -169,7 +167,7 @@`

		`print "fconf: Access SP Protected Area ...",`
		`try:`
		`- page = sess.fetch_page(idpname, 'http://127.0.0.11:45081/sp/')`
		`+ page = sess.fetch_page(idpname, 'https://127.0.0.11:45081/sp/')`
		`page.expected_value('text()', 'WORKS!')`
		`except ValueError, e:`
		`print >> sys.stderr, " ERROR: %s" % repr(e)`

tests/helpers/common.py

file modified

+64 -1

		`@@ -97,9 +97,45 @@`
		`os.mkdir(os.path.join(self.testdir, 'lib', test.name))`
		`os.mkdir(os.path.join(self.testdir, 'log'))`
		`os.mkdir(os.path.join(self.testdir, 'cache'))`
		`+ self.setup_ca()`
		`+`
		`+ def setup_ca(self):`
		`+ # Prepare the cert stuff for this run`
		`+ os.mkdir(os.path.join(self.testdir, 'certs'))`
		`+ cmd = ['openssl', 'req', '-newkey', 'rsa:1024', '-days', '10',`
		`+ '-x509', '-nodes', '-subj', '/CN=Ipsilon Test CA',`
		`+ '-keyout', os.path.join(self.testdir, 'certs', 'root.key.pem'),`
		`+ '-out', os.path.join(self.testdir, 'certs', 'root.cert.pem')]`
		`+ subprocess.check_call(cmd)`
		`+ open(os.path.join(self.testdir, 'certs', 'db'), 'w').close()`
		`+`
		`+ with open(os.path.join(self.testdir, 'certs', 'serial'), 'w') as ser:`
		`+ ser.write('000b')`
		`+`
		`+ with open(os.path.join(self.testdir, 'certs',`
		`+ 'openssl.conf'), 'w') as conf:`
		`+ conf.write("""[ ca ]`
		`+ default_ca = myca`
		`+ [ myca ]`
		`+ database = %(certdir)s/db`
		`+ serial = %(certdir)s/serial`
		`+ x509_extensions = myca_extensions`
		`+ policy = myca_policy`
		`+ [ myca_policy ]`
		`+ commonName = supplied`
		`+ [ alt_names ]`
		`+ [ alt_names ]`
		`+ DNS.1 = ${ENV::ADDR}`
		`+ [ myca_extensions ]`
		`+ subjectKeyIdentifier = hash`
		`+ subjectAltName = @alt_names`
		`+ basicConstraints = CA:false""" % {'certdir': os.path.join(self.testdir,`
		`+ 'certs')})`

		`def generate_profile(self, global_opts, args_opts, name, addr, port,`
		`nameid='unspecified'):`
		`+ args_opts['port'] = port`
		`+`
		`newconf = ConfigParser.ConfigParser()`
		`newconf.add_section('globals')`
		`for k in global_opts:`
		`@@ -137,13 +173,38 @@`
		`t = Template(f.read())`
		`text = t.substitute({'HTTPROOT': httpdir,`
		`'HTTPADDR': addr,`
		`- 'HTTPPORT': port})`
		`+ 'HTTPPORT': port,`
		`+ 'NAME': name,`
		`+ 'CERTROOT': os.path.join(self.testdir,`
		`+ 'certs')})`
		`filename = os.path.join(httpdir, 'httpd.conf')`
		`with open(filename, 'w+') as f:`
		`f.write(text)`

		`+ certpath = os.path.join(self.testdir, 'certs', '%s.pem' % name)`
		`+ keypath = os.path.join(self.testdir, 'certs', '%s.key' % name)`
		`+ self.generate_cert(name, addr, certpath, keypath)`
		`+`
		`return filename`

		`+ def generate_cert(self, name, addr, certpath, keypath):`
		`+ # Generate certs for this setup`
		`+ cmd = ['openssl', 'req', '-newkey', 'rsa:1024', '-nodes',`
		`+ '-out', '%s.csr' % certpath,`
		`+ '-keyout', keypath,`
		`+ '-subj', '/CN=Ipsilon Test %s' % name]`
		`+ subprocess.check_call(cmd)`
		`+ cmd = ['openssl', 'ca', '-batch', '-notext', '-days', '2',`
		`+ '-md', 'sha1',`
		`+ '-subj', '/CN=Ipsilon Test %s' % name,`
		`+ '-outdir', os.path.join(self.testdir, 'certs'),`
		`+ '-keyfile', os.path.join(self.testdir, 'certs', 'root.key.pem'),`
		`+ '-cert', os.path.join(self.testdir, 'certs', 'root.cert.pem'),`
		`+ '-config', os.path.join(self.testdir, 'certs', 'openssl.conf'),`
		`+ '-in', '%s.csr' % certpath,`
		`+ '-out', certpath]`
		`+ subprocess.check_call(cmd, env={'ADDR': addr})`
		`+`
		`def setup_idp_server(self, profile, name, addr, port, env):`
		`http_conf_file = self.setup_http(name, addr, port)`
		`cmd = [os.path.join(self.rootdir,`
		`@@ -175,6 +236,8 @@`
		`def start_http_server(self, conf, env):`
		`env['MALLOC_CHECK_'] = '3'`
		`env['MALLOC_PERTURB_'] = str(random.randint(0, 32767) % 255 + 1)`
		`+ env['REQUESTS_CA_BUNDLE'] = os.path.join(self.testdir, 'certs',`
		`+ 'root.cert.pem')`
		`p = subprocess.Popen(['/usr/sbin/httpd', '-DFOREGROUND', '-f', conf],`
		`env=env, preexec_fn=os.setsid)`
		`self.processes.append(p)`

tests/helpers/http.py

file modified

+1 -1

		`@@ -354,7 +354,7 @@`
		`'visible': True,`
		`'description': desc,`
		`'image': 'Zm9v',`
		`- 'splink': 'http://test.example.com/secret/',`
		`+ 'splink': 'https://test.example.com/secret/',`
		`}`
		`headers['content-type'] = 'application/x-www-form-urlencoded'`
		`url = '%s/%s/rest/providers/saml2/SPS/%s' % (idpuri, idp, desc)`

tests/httpd.conf

file modified

+7 -2

		`@@ -1,6 +1,5 @@`
		`ServerRoot "${HTTPROOT}"`
		`- ServerName idp.ipsilon.dev`
		`- Listen ${HTTPADDR}:${HTTPPORT}`
		`+ ServerName ${NAME}.ipsilon.dev`

		`LoadModule access_compat_module modules/mod_access_compat.so`
		`LoadModule actions_module modules/mod_actions.so`
		`@@ -53,6 +52,7 @@`
		`LoadModule socache_memcache_module modules/mod_socache_memcache.so`
		`LoadModule socache_shmcb_module modules/mod_socache_shmcb.so`
		`LoadModule status_module modules/mod_status.so`
		`+ LoadModule ssl_module modules/mod_ssl.so`
		`LoadModule substitute_module modules/mod_substitute.so`
		`LoadModule suexec_module modules/mod_suexec.so`
		`LoadModule unique_id_module modules/mod_unique_id.so`
		`@@ -66,6 +66,11 @@`
		`LoadModule auth_gssapi_module modules/mod_auth_gssapi.so`
		`LoadModule auth_mellon_module modules/mod_auth_mellon.so`

		`+ Listen ${HTTPADDR}:${HTTPPORT} https`
		`+ SSLCertificateFile "${CERTROOT}/${NAME}.pem"`
		`+ SSLCertificateKeyFile "${CERTROOT}/${NAME}.key"`
		`+ SSLEngine on`
		`+`

		`<Directory />`
		`AllowOverride none`

tests/ldap.py

file modified

+5 -7

		`@@ -23,7 +23,6 @@`
		`'admin_user': 'tuser',`
		`'system_user': '${TEST_USER}',`
		`'instance': '${NAME}',`
		`- 'secure': 'no',`
		`'pam': 'no',`
		`'gssapi': 'no',`
		`'ipa': 'no',`
		`@@ -41,9 +40,8 @@`
		`'SAML2_HTTPDIR': '${TESTDIR}/${NAME}/saml2'}`


		`- sp_a = {'hostname': '${ADDRESS}:${PORT}',`
		`- 'saml_idp_metadata': 'http://127.0.0.10:45080/idp1/saml2/metadata',`
		`- 'saml_secure_setup': 'False',`
		`+ sp_a = {'hostname': '${ADDRESS}',`
		`+ 'saml_idp_metadata': 'https://127.0.0.10:45080/idp1/saml2/metadata',`
		`'saml_auth': '/sp',`
		`'httpd_user': '${TEST_USER}'}`

		`@@ -123,8 +121,8 @@`
		`user = 'tuser'`

		`sess = HttpSessions()`
		`- sess.add_server(idpname, 'http://127.0.0.10:45080', user, 'tuser')`
		`- sess.add_server(spname, 'http://127.0.0.11:45081')`
		`+ sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'tuser')`
		`+ sess.add_server(spname, 'https://127.0.0.11:45081')`

		`print "test1: Authenticate to IDP ...",`
		`try:`
		`@@ -145,7 +143,7 @@`
		`print "test1: Access SP Protected Area ...",`
		`try:`
		`page = sess.fetch_page(idpname,`
		`- 'http://127.0.0.11:45081/sp/index.shtml')`
		`+ 'https://127.0.0.11:45081/sp/index.shtml')`
		`page.expected_value('text()', 'Test Group;Test Group 2')`
		`except ValueError, e:`
		`print >> sys.stderr, " ERROR: %s" % repr(e)`

tests/ldapdown.py

file modified

+4 -6

		`@@ -25,7 +25,6 @@`
		`'admin_user': 'tuser',`
		`'system_user': '${TEST_USER}',`
		`'instance': '${NAME}',`
		`- 'secure': 'no',`
		`'pam': 'no',`
		`'gssapi': 'no',`
		`'ipa': 'no',`
		`@@ -43,9 +42,8 @@`
		`'SAML2_HTTPDIR': '${TESTDIR}/${NAME}/saml2'}`


		`- sp_a = {'hostname': '${ADDRESS}:${PORT}',`
		`- 'saml_idp_metadata': 'http://127.0.0.10:45080/idp1/saml2/metadata',`
		`- 'saml_secure_setup': 'False',`
		`+ sp_a = {'hostname': '${ADDRESS}',`
		`+ 'saml_idp_metadata': 'https://127.0.0.10:45080/idp1/saml2/metadata',`
		`'saml_auth': '/sp',`
		`'httpd_user': '${TEST_USER}'}`

		`@@ -124,8 +122,8 @@`
		`user = 'tuser'`

		`sess = HttpSessions()`
		`- sess.add_server(idpname, 'http://127.0.0.10:45080', user, 'tuser')`
		`- sess.add_server(spname, 'http://127.0.0.11:45081')`
		`+ sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'tuser')`
		`+ sess.add_server(spname, 'https://127.0.0.11:45081')`

		`print "ldapdown: Authenticate to IDP with no LDAP backend...",`
		`try:`

tests/openid.py

file modified

+4 -5

		`@@ -24,7 +24,6 @@`
		`'admin_user': '${TEST_USER}',`
		`'system_user': '${TEST_USER}',`
		`'instance': '${NAME}',`
		`- 'secure': 'no',`
		`'testauth': 'yes',`
		`'openid': 'yes',`
		`'openid_extensions': 'Attribute Exchange,Simple Registration,Teams',`
		`@@ -85,8 +84,8 @@`
		`user = pwd.getpwuid(os.getuid())[0]`

		`sess = HttpSessions()`
		`- sess.add_server(idpname, 'http://127.0.0.10:45080', user, 'ipsilon')`
		`- sess.add_server(sp1name, 'http://127.0.0.11:45081')`
		`+ sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'ipsilon')`
		`+ sess.add_server(sp1name, 'https://127.0.0.11:45081')`

		`print "openid: Authenticate to IDP ...",`
		`try:`
		`@@ -99,7 +98,7 @@`
		`print "openid: Run OpenID Protocol ...",`
		`try:`
		`page = sess.fetch_page(idpname,`
		`- 'http://127.0.0.11:45081/?extensions=NO')`
		`+ 'https://127.0.0.11:45081/?extensions=NO')`
		`page.expected_value('text()', 'SUCCESS, WITHOUT EXTENSIONS')`
		`except ValueError as e:`
		`print >> sys.stderr, " ERROR: %s" % repr(e)`
		`@@ -109,7 +108,7 @@`
		`print "openid: Run OpenID Protocol with extensions ...",`
		`try:`
		`page = sess.fetch_page(idpname,`
		`- 'http://127.0.0.11:45081/?extensions=YES')`
		`+ 'https://127.0.0.11:45081/?extensions=YES')`
		`page.expected_value('text()', 'SUCCESS, WITH EXTENSIONS')`
		`except ValueError as e:`
		`print >> sys.stderr, " ERROR: %s" % repr(e)`

tests/pgdb.py

file modified

+7 -9

		`@@ -29,7 +29,6 @@`
		`'system_user': '${TEST_USER}',`
		`'instance': '${NAME}',`
		`'openid': 'False',`
		`- 'secure': 'no',`
		`'testauth': 'yes',`
		`'pam': 'no',`
		`'gssapi': 'no',`
		`@@ -43,9 +42,8 @@`
		`'SAML2_HTTPDIR': '${TESTDIR}/${NAME}/saml2'}`


		`- sp_a = {'hostname': '${ADDRESS}:${PORT}',`
		`- 'saml_idp_metadata': 'http://127.0.0.10:45080/idp1/saml2/metadata',`
		`- 'saml_secure_setup': 'False',`
		`+ sp_a = {'hostname': '${ADDRESS}',`
		`+ 'saml_idp_metadata': 'https://127.0.0.10:45080/idp1/saml2/metadata',`
		`'saml_auth': '/sp',`
		`'httpd_user': '${TEST_USER}'}`

		`@@ -127,8 +125,8 @@`
		`user = pwd.getpwuid(os.getuid())[0]`

		`sess = HttpSessions()`
		`- sess.add_server(idpname, 'http://127.0.0.10:45080', user, 'ipsilon')`
		`- sess.add_server(spname, 'http://127.0.0.11:45081')`
		`+ sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'ipsilon')`
		`+ sess.add_server(spname, 'https://127.0.0.11:45081')`

		`print "pgdb: Authenticate to IDP ...",`
		`sys.stdout.flush()`
		`@@ -154,7 +152,7 @@`

		`print "pgdb: Access SP Protected Area ...",`
		`try:`
		`- page = sess.fetch_page(idpname, 'http://127.0.0.11:45081/sp/')`
		`+ page = sess.fetch_page(idpname, 'https://127.0.0.11:45081/sp/')`
		`page.expected_value('text()', 'WORKS!')`
		`except ValueError, e:`
		`print >> sys.stderr, " ERROR: %s" % repr(e)`
		`@@ -164,8 +162,8 @@`
		`print "pgdb: Logout from SP ...",`
		`try:`
		`page = sess.fetch_page(idpname, '%s/%s?%s' % (`
		`- 'http://127.0.0.11:45081', 'saml2/logout',`
		`- 'ReturnTo=http://127.0.0.11:45081/open/logged_out.html'))`
		`+ 'https://127.0.0.11:45081', 'saml2/logout',`
		`+ 'ReturnTo=https://127.0.0.11:45081/open/logged_out.html'))`
		`page.expected_value('text()', 'Logged out')`
		`except ValueError, e:`
		`print >> sys.stderr, " ERROR: %s" % repr(e)`

tests/test1.py

file modified

+11 -14

		`@@ -23,7 +23,6 @@`
		`'admin_user': '${TEST_USER}',`
		`'system_user': '${TEST_USER}',`
		`'instance': '${NAME}',`
		`- 'secure': 'no',`
		`'testauth': 'yes',`
		`'pam': 'no',`
		`'gssapi': 'no',`
		`@@ -37,9 +36,8 @@`
		`'SAML2_HTTPDIR': '${TESTDIR}/${NAME}/saml2'}`


		`- sp_a = {'hostname': '${ADDRESS}:${PORT}',`
		`- 'saml_idp_metadata': 'http://127.0.0.10:45080/idp1/saml2/metadata',`
		`- 'saml_secure_setup': 'False',`
		`+ sp_a = {'hostname': '${ADDRESS}',`
		`+ 'saml_idp_metadata': 'https://127.0.0.10:45080/idp1/saml2/metadata',`
		`'saml_auth': '/sp',`
		`'httpd_user': '${TEST_USER}'}`

		`@@ -48,12 +46,11 @@`
		`'SAML2_CONFFILE': '${TESTDIR}/${NAME}/conf.d/ipsilon-saml.conf',`
		`'SAML2_HTTPDIR': '${TESTDIR}/${NAME}/saml2'}`

		`- sp2_a = {'hostname': '${ADDRESS}:${PORT}',`
		`- 'saml_idp_url': 'http://127.0.0.10:45080/idp1',`
		`+ sp2_a = {'hostname': '${ADDRESS}',`
		`+ 'saml_idp_url': 'https://127.0.0.10:45080/idp1',`
		`'admin_user': '${TEST_USER}',`
		`'admin_password': '${TESTDIR}/pw.txt',`
		`'saml_sp_name': 'sp2-test.example.com',`
		`- 'saml_secure_setup': 'False',`
		`'saml_auth': '/sp',`
		`'httpd_user': '${TEST_USER}'}`

		`@@ -144,9 +141,9 @@`
		`user = pwd.getpwuid(os.getuid())[0]`

		`sess = HttpSessions()`
		`- sess.add_server(idpname, 'http://127.0.0.10:45080', user, 'ipsilon')`
		`- sess.add_server(sp1name, 'http://127.0.0.11:45081')`
		`- sess.add_server(sp2name, 'http://127.0.0.11:45082')`
		`+ sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'ipsilon')`
		`+ sess.add_server(sp1name, 'https://127.0.0.11:45081')`
		`+ sess.add_server(sp2name, 'https://127.0.0.11:45082')`

		`print "test1: Authenticate to IDP ...",`
		`try:`
		`@@ -166,7 +163,7 @@`

		`print "test1: Access first SP Protected Area ...",`
		`try:`
		`- page = sess.fetch_page(idpname, 'http://127.0.0.11:45081/sp/')`
		`+ page = sess.fetch_page(idpname, 'https://127.0.0.11:45081/sp/')`
		`page.expected_value('text()', 'WORKS!')`
		`except ValueError, e:`
		`print >> sys.stderr, " ERROR: %s" % repr(e)`
		`@@ -175,7 +172,7 @@`

		`print "test1: Access second SP Protected Area ...",`
		`try:`
		`- page = sess.fetch_page(idpname, 'http://127.0.0.11:45082/sp/')`
		`+ page = sess.fetch_page(idpname, 'https://127.0.0.11:45082/sp/')`
		`page.expected_value('text()', 'WORKS!')`
		`except ValueError, e:`
		`print >> sys.stderr, " ERROR: %s" % repr(e)`
		`@@ -184,7 +181,7 @@`

		`print "test1: Try authentication failure ...",`
		`newsess = HttpSessions()`
		`- newsess.add_server(idpname, 'http://127.0.0.10:45080', user, 'wrong')`
		`+ newsess.add_server(idpname, 'https://127.0.0.10:45080', user, 'wrong')`
		`try:`
		`newsess.auth_to_idp(idpname)`
		`print >> sys.stderr, " ERROR: Authentication should have failed"`
		`@@ -195,7 +192,7 @@`
		`print "test1: Add keyless SP Metadata to IDP ...",`
		`try:`
		`sess.add_metadata(idpname, 'keyless', keyless_metadata)`
		`- page = sess.fetch_page(idpname, 'http://127.0.0.10:45080/idp1/admin/'`
		`+ page = sess.fetch_page(idpname, 'https://127.0.0.10:45080/idp1/admin/'`
		`'providers/saml2/admin')`
		`page.expected_value('//div[@id="row_provider_http://keyless-sp"]/'`
		`'@title',`

tests/testgssapi.py

file modified

+9 -12

		`@@ -24,7 +24,6 @@`
		`'admin_user': '${TEST_USER}',`
		`'system_user': '${TEST_USER}',`
		`'instance': '${NAME}',`
		`- 'secure': 'no',`
		`'testauth': 'yes',`
		`'pam': 'no',`
		`'gssapi': 'yes',`
		`@@ -39,10 +38,9 @@`
		`'SAML2_HTTPDIR': '${TESTDIR}/${NAME}/saml2'}`


		`- sp_a = {'hostname': '${ADDRESS}:${PORT}',`
		`+ sp_a = {'hostname': '${ADDRESS}',`
		`'saml_idp_metadata':`
		`- 'http://%s:45080/idp1/saml2/metadata' % WRAP_HOSTNAME,`
		`- 'saml_secure_setup': 'False',`
		`+ 'https://%s:45080/idp1/saml2/metadata' % WRAP_HOSTNAME,`
		`'saml_auth': '/sp',`
		`'httpd_user': '${TEST_USER}'}`

		`@@ -51,12 +49,11 @@`
		`'SAML2_CONFFILE': '${TESTDIR}/${NAME}/conf.d/ipsilon-saml.conf',`
		`'SAML2_HTTPDIR': '${TESTDIR}/${NAME}/saml2'}`

		`- sp2_a = {'hostname': '${ADDRESS}:${PORT}',`
		`- 'saml_idp_url': 'http://idp.ipsilon.dev:45080/idp1',`
		`+ sp2_a = {'hostname': '${ADDRESS}',`
		`+ 'saml_idp_url': 'https://idp.ipsilon.dev:45080/idp1',`
		`'admin_user': '${TEST_USER}',`
		`'admin_password': '${TESTDIR}/pw.txt',`
		`'saml_sp_name': 'sp2',`
		`- 'saml_secure_setup': 'False',`
		`'saml_auth': '/sp',`
		`'httpd_user': '${TEST_USER}'}`

		`@@ -153,10 +150,10 @@`
		`os.environ[key] = kenv[key]`

		`sess = HttpSessions()`
		`- sess.add_server(idpname, 'http://%s:45080' % WRAP_HOSTNAME, user,`
		`+ sess.add_server(idpname, 'https://%s:45080' % WRAP_HOSTNAME, user,`
		`'ipsilon')`
		`- sess.add_server(sp1name, 'http://127.0.0.11:45081')`
		`- sess.add_server(sp2name, 'http://127.0.0.11:45082')`
		`+ sess.add_server(sp1name, 'https://127.0.0.11:45081')`
		`+ sess.add_server(sp2name, 'https://127.0.0.11:45082')`

		`print "testgssapi: Authenticate to IDP ...",`
		`try:`
		`@@ -176,7 +173,7 @@`

		`print "testgssapi: Access first SP Protected Area ...",`
		`try:`
		`- page = sess.fetch_page(idpname, 'http://127.0.0.11:45081/sp/')`
		`+ page = sess.fetch_page(idpname, 'https://127.0.0.11:45081/sp/')`
		`page.expected_value('text()', 'WORKS!')`
		`except ValueError, e:`
		`print >> sys.stderr, " ERROR: %s" % repr(e)`
		`@@ -185,7 +182,7 @@`

		`print "testgssapi: Access second SP Protected Area ...",`
		`try:`
		`- page = sess.fetch_page(idpname, 'http://127.0.0.11:45082/sp/')`
		`+ page = sess.fetch_page(idpname, 'https://127.0.0.11:45082/sp/')`
		`page.expected_value('text()', 'WORKS!')`
		`except ValueError, e:`
		`print >> sys.stderr, " ERROR: %s" % repr(e)`

tests/testlogout.py

file modified

+27 -29

		`@@ -24,7 +24,6 @@`
		`'admin_user': '${TEST_USER}',`
		`'system_user': '${TEST_USER}',`
		`'instance': '${NAME}',`
		`- 'secure': 'no',`
		`'testauth': 'yes',`
		`'pam': 'no',`
		`'gssapi': 'no',`
		`@@ -38,16 +37,14 @@`
		`'SAML2_HTTPDIR': '${TESTDIR}/${NAME}/saml2'}`


		`- sp_a = {'hostname': '${ADDRESS}:${PORT}',`
		`- 'saml_idp_metadata': 'http://127.0.0.10:45080/idp1/saml2/metadata',`
		`- 'saml_secure_setup': 'False',`
		`+ sp_a = {'hostname': '${ADDRESS}',`
		`+ 'saml_idp_metadata': 'https://127.0.0.10:45080/idp1/saml2/metadata',`
		`'saml_auth': '/sp',`
		`'httpd_user': '${TEST_USER}'}`


		`- sp_b = {'hostname': '${ADDRESS}:${PORT}',`
		`- 'saml_idp_metadata': 'http://127.0.0.10:45080/idp1/saml2/metadata',`
		`- 'saml_secure_setup': 'False',`
		`+ sp_b = {'hostname': '${ADDRESS}',`
		`+ 'saml_idp_metadata': 'https://127.0.0.10:45080/idp1/saml2/metadata',`
		`'no_saml_soap_logout': 'True',`
		`'saml_auth': '/sp',`
		`'httpd_user': '${TEST_USER}'}`
		`@@ -178,10 +175,10 @@`
		`user = pwd.getpwuid(os.getuid())[0]`

		`sess = HttpSessions()`
		`- sess.add_server(idpname, 'http://127.0.0.10:45080', user, 'ipsilon')`
		`+ sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'ipsilon')`
		`for sp in splist:`
		`spname = sp['nameid']`
		`- spurl = 'http://%s:%s' % (sp['addr'], sp['port'])`
		`+ spurl = 'https://%s:%s' % (sp['addr'], sp['port'])`
		`sess.add_server(spname, spurl)`

		`print "testlogout: Authenticate to IDP ...",`
		`@@ -205,8 +202,8 @@`
		`print "testlogout: Logout without logging into SP ...",`
		`try:`
		`page = sess.fetch_page(idpname, '%s/%s?%s' % (`
		`- 'http://127.0.0.11:45081', 'saml2/logout',`
		`- 'ReturnTo=http://127.0.0.11:45081/open/logged_out.html'))`
		`+ 'https://127.0.0.11:45081', 'saml2/logout',`
		`+ 'ReturnTo=https://127.0.0.11:45081/open/logged_out.html'))`
		`page.expected_value('text()', 'Logged out')`
		`except ValueError, e:`
		`print >> sys.stderr, " ERROR: %s" % repr(e)`
		`@@ -215,7 +212,7 @@`

		`print "testlogout: Access SP Protected Area ...",`
		`try:`
		`- page = sess.fetch_page(idpname, 'http://127.0.0.11:45081/sp/')`
		`+ page = sess.fetch_page(idpname, 'https://127.0.0.11:45081/sp/')`
		`page.expected_value('text()', 'WORKS!')`
		`except ValueError, e:`
		`print >> sys.stderr, " ERROR: %s" % repr(e)`
		`@@ -225,8 +222,8 @@`
		`print "testlogout: Logout from SP ...",`
		`try:`
		`page = sess.fetch_page(idpname, '%s/%s?%s' % (`
		`- 'http://127.0.0.11:45081', 'saml2/logout',`
		`- 'ReturnTo=http://127.0.0.11:45081/open/logged_out.html'))`
		`+ 'https://127.0.0.11:45081', 'saml2/logout',`
		`+ 'ReturnTo=https://127.0.0.11:45081/open/logged_out.html'))`
		`page.expected_value('text()', 'Logged out')`
		`except ValueError, e:`
		`print >> sys.stderr, " ERROR: %s" % repr(e)`
		`@@ -236,8 +233,8 @@`
		`print "testlogout: Try logout again ...",`
		`try:`
		`page = sess.fetch_page(idpname, '%s/%s?%s' % (`
		`- 'http://127.0.0.11:45081', 'saml2/logout',`
		`- 'ReturnTo=http://127.0.0.11:45081/open/logged_out.html'))`
		`+ 'https://127.0.0.11:45081', 'saml2/logout',`
		`+ 'ReturnTo=https://127.0.0.11:45081/open/logged_out.html'))`
		`page.expected_value('text()', 'Logged out')`
		`except ValueError, e:`
		`print >> sys.stderr, " ERROR: %s" % repr(e)`
		`@@ -246,7 +243,7 @@`

		`print "testlogout: Ensure logout ...",`
		`try:`
		`- ensure_logout(sess, idpname, 'http://127.0.0.11:45081/sp/')`
		`+ ensure_logout(sess, idpname, 'https://127.0.0.11:45081/sp/')`
		`except ValueError, e:`
		`print >> sys.stderr, " ERROR: %s" % repr(e)`
		`sys.exit(1)`
		`@@ -258,7 +255,7 @@`
		`print "testlogout: Access SP Protected Area of each SP ...",`
		`for sp in splist:`
		`spname = sp['nameid']`
		`- spurl = 'http://%s:%s/sp/' % (sp['addr'], sp['port'])`
		`+ spurl = 'https://%s:%s/sp/' % (sp['addr'], sp['port'])`
		`try:`
		`page = sess.fetch_page(idpname, spurl)`
		`page.expected_value('text()', 'WORKS!')`
		`@@ -269,10 +266,10 @@`

		`print "testlogout: Initiate logout from %s ..." % sporder['nameid'],`
		`try:`
		`- logouturl = 'http://%s:%s' % (sp['addr'], sp['port'])`
		`+ logouturl = 'https://%s:%s' % (sp['addr'], sp['port'])`
		`page = sess.fetch_page(idpname, '%s/%s?%s' % (`
		`logouturl, 'saml2/logout',`
		`- 'ReturnTo=http://127.0.0.11:45081/open/logged_out.html'))`
		`+ 'ReturnTo=https://127.0.0.11:45081/open/logged_out.html'))`
		`page.expected_value('text()', 'Logged out')`
		`except ValueError, e:`
		`print >> sys.stderr, " ERROR: %s" % repr(e)`
		`@@ -282,7 +279,7 @@`
		`print "testlogout: Ensure logout of each SP ...",`
		`for sp in splist:`
		`spname = sp['nameid']`
		`- spurl = 'http://%s:%s/sp/' % (sp['addr'], sp['port'])`
		`+ spurl = 'https://%s:%s/sp/' % (sp['addr'], sp['port'])`
		`try:`
		`ensure_logout(sess, idpname, spurl)`
		`except ValueError, e:`
		`@@ -293,7 +290,7 @@`
		`# Test IdP-initiated logout`
		`print "testlogout: Access SP Protected Area of SP1...",`
		`try:`
		`- page = sess.fetch_page(idpname, 'http://127.0.0.11:45081/sp/')`
		`+ page = sess.fetch_page(idpname, 'https://127.0.0.11:45081/sp/')`
		`page.expected_value('text()', 'WORKS!')`
		`except ValueError, e:`
		`print >> sys.stderr, " ERROR: %s" % repr(e)`
		`@@ -302,7 +299,7 @@`

		`print "testlogout: Access SP Protected Area of SP2...",`
		`try:`
		`- page = sess.fetch_page(idpname, 'http://127.0.0.11:45082/sp/')`
		`+ page = sess.fetch_page(idpname, 'https://127.0.0.11:45082/sp/')`
		`page.expected_value('text()', 'WORKS!')`
		`except ValueError, e:`
		`print >> sys.stderr, " ERROR: %s" % repr(e)`
		`@@ -311,7 +308,8 @@`

		`print "testlogout: Access the IdP...",`
		`try:`
		`- page = sess.fetch_page(idpname, 'http://127.0.0.10:45080/%s' % idpname)`
		`+ page = sess.fetch_page(idpname,`
		`+ 'https://127.0.0.10:45080/%s' % idpname)`
		`page.expected_value('//div[@id="welcome"]/p/text()',`
		`'Welcome %s!' % user)`
		`except ValueError, e:`
		`@@ -322,7 +320,7 @@`
		`print "testlogout: IdP-initiated logout ...",`
		`try:`
		`page = sess.fetch_page(idpname,`
		`- 'http://127.0.0.10:45080/%s/logout' % idpname)`
		`+ 'https://127.0.0.10:45080/%s/logout' % idpname)`
		`page.expected_value('//div[@id="content"]/p/a/text()', 'Log In')`
		`except ValueError, e:`
		`print >> sys.stderr, " ERROR: %s" % repr(e)`
		`@@ -331,7 +329,7 @@`

		`print "testlogout: Ensure logout of SP1 ...",`
		`try:`
		`- ensure_logout(sess, idpname, 'http://127.0.0.11:45081/sp/')`
		`+ ensure_logout(sess, idpname, 'https://127.0.0.11:45081/sp/')`
		`except ValueError, e:`
		`print >> sys.stderr, " ERROR: %s" % repr(e)`
		`sys.exit(1)`
		`@@ -339,7 +337,7 @@`

		`print "testlogout: Ensure logout of SP2 ...",`
		`try:`
		`- ensure_logout(sess, idpname, 'http://127.0.0.11:45082/sp/')`
		`+ ensure_logout(sess, idpname, 'https://127.0.0.11:45082/sp/')`
		`except ValueError, e:`
		`print >> sys.stderr, " ERROR: %s" % repr(e)`
		`sys.exit(1)`
		`@@ -348,7 +346,7 @@`
		`print "testlogout: Access the IdP...",`
		`try:`
		`page = sess.fetch_page(idpname,`
		`- 'http://127.0.0.10:45080/%s/login' % idpname)`
		`+ 'https://127.0.0.10:45080/%s/login' % idpname)`
		`page.expected_value('//div[@id="welcome"]/p/text()',`
		`'Welcome %s!' % user)`
		`except ValueError, e:`
		`@@ -359,7 +357,7 @@`
		`print "testlogout: IdP-initiated logout with no SP sessions...",`
		`try:`
		`page = sess.fetch_page(idpname,`
		`- 'http://127.0.0.10:45080/%s/logout' % idpname)`
		`+ 'https://127.0.0.10:45080/%s/logout' % idpname)`
		`page.expected_value('//div[@id="logout"]/p//text()',`
		`'Successfully logged out.')`
		`except ValueError, e:`

tests/testmapping.py

file modified

+4 -6

		`@@ -27,7 +27,6 @@`
		`'admin_user': '${TEST_USER}',`
		`'system_user': '${TEST_USER}',`
		`'instance': '${NAME}',`
		`- 'secure': 'no',`
		`'testauth': 'yes',`
		`'pam': 'no',`
		`'gssapi': 'no',`
		`@@ -41,9 +40,8 @@`
		`'SAML2_HTTPDIR': '${TESTDIR}/${NAME}/saml2'}`


		`- sp_a = {'hostname': '${ADDRESS}:${PORT}',`
		`- 'saml_idp_metadata': 'http://127.0.0.10:45080/idp1/saml2/metadata',`
		`- 'saml_secure_setup': 'False',`
		`+ sp_a = {'hostname': '${ADDRESS}',`
		`+ 'saml_idp_metadata': 'https://127.0.0.10:45080/idp1/saml2/metadata',`
		`'saml_auth': '/sp',`
		`'saml_nameid': '${NAMEID}',`
		`'httpd_user': '${TEST_USER}'}`
		`@@ -167,12 +165,12 @@`
		`idpname = 'idp1'`
		`user = pwd.getpwuid(os.getuid())[0]`
		`sp = sp_list[0]`
		`- spurl = 'http://%s:%s' % (sp['addr'], sp['port'])`
		`+ spurl = 'https://%s:%s' % (sp['addr'], sp['port'])`

		`# Set global mapping and allowed attributes, then test fetch from`
		`# SP.`
		`sess = HttpSessions()`
		`- sess.add_server(idpname, 'http://127.0.0.10:45080', user, 'ipsilon')`
		`+ sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'ipsilon')`
		`sess.add_server(sp['name'], spurl)`

		`print "testmapping: Authenticate to IDP ...",`

tests/testnameid.py

file modified

+9 -11

		`@@ -28,7 +28,6 @@`
		`'admin_user': '${TEST_USER}',`
		`'system_user': '${TEST_USER}',`
		`'instance': '${NAME}',`
		`- 'secure': 'no',`
		`'testauth': 'yes',`
		`'pam': 'no',`
		`'gssapi': 'yes',`
		`@@ -43,10 +42,9 @@`
		`'SAML2_HTTPDIR': '${TESTDIR}/${NAME}/saml2'}`


		`- sp_a = {'hostname': '${ADDRESS}:${PORT}',`
		`- 'saml_idp_metadata': 'http://%s:45080/idp1/saml2/metadata' %`
		`+ sp_a = {'hostname': '${ADDRESS}',`
		`+ 'saml_idp_metadata': 'https://%s:45080/idp1/saml2/metadata' %`
		`WRAP_HOSTNAME,`
		`- 'saml_secure_setup': 'False',`
		`'saml_auth': '/sp',`
		`'saml_nameid': '${NAMEID}',`
		`'httpd_user': '${TEST_USER}'}`
		`@@ -192,9 +190,9 @@`
		`for sp in sp_list:`
		`krb = False`
		`spname = sp['nameid']`
		`- spurl = 'http://%s:%s' % (sp['addr'], sp['port'])`
		`+ spurl = 'https://%s:%s' % (sp['addr'], sp['port'])`
		`sess = HttpSessions()`
		`- sess.add_server(idpname, 'http://%s:45080' % WRAP_HOSTNAME, user,`
		`+ sess.add_server(idpname, 'https://%s:45080' % WRAP_HOSTNAME, user,`
		`'ipsilon')`
		`sess.add_server(spname, spurl)`

		`@@ -246,7 +244,7 @@`

		`print "testnameid: Try authentication failure ...",`
		`newsess = HttpSessions()`
		`- newsess.add_server(idpname, 'http://%s:45080' % WRAP_HOSTNAME,`
		`+ newsess.add_server(idpname, 'https://%s:45080' % WRAP_HOSTNAME,`
		`user, 'wrong')`
		`try:`
		`newsess.auth_to_idp(idpname)`
		`@@ -258,7 +256,7 @@`
		`# Ensure that transient names change with each authentication`
		`sp = get_sp_by_nameid(sp_list, 'transient')`
		`spname = sp['nameid']`
		`- spurl = 'http://%s:%s' % (sp['addr'], sp['port'])`
		`+ spurl = 'https://%s:%s' % (sp['addr'], sp['port'])`

		`print ""`
		`print "testnameid: Testing NameID format %s ..." % spname`
		`@@ -266,7 +264,7 @@`
		`ids = []`
		`for i in xrange(4):`
		`sess = HttpSessions()`
		`- sess.add_server(idpname, 'http://%s:45080' % WRAP_HOSTNAME,`
		`+ sess.add_server(idpname, 'https://%s:45080' % WRAP_HOSTNAME,`
		`user, 'ipsilon')`
		`sess.add_server(spname, spurl)`
		`print "testnameid: Authenticate to IDP ...",`
		`@@ -316,7 +314,7 @@`
		`# Ensure that persistent names remain the same with each authentication`
		`sp = get_sp_by_nameid(sp_list, 'persistent')`
		`spname = sp['nameid']`
		`- spurl = 'http://%s:%s' % (sp['addr'], sp['port'])`
		`+ spurl = 'https://%s:%s' % (sp['addr'], sp['port'])`

		`print ""`
		`print "testnameid: Testing NameID format %s ..." % spname`
		`@@ -324,7 +322,7 @@`
		`ids = []`
		`for i in xrange(4):`
		`sess = HttpSessions()`
		`- sess.add_server(idpname, 'http://%s:45080' % WRAP_HOSTNAME,`
		`+ sess.add_server(idpname, 'https://%s:45080' % WRAP_HOSTNAME,`
		`user, 'ipsilon')`
		`sess.add_server(spname, spurl)`
		`print "testnameid: Authenticate to IDP ...",`

tests/testrest.py

file modified

+10 -14

		`@@ -24,7 +24,6 @@`
		`'admin_user': '${TEST_USER}',`
		`'system_user': '${TEST_USER}',`
		`'instance': '${NAME}',`
		`- 'secure': 'no',`
		`'testauth': 'yes',`
		`'pam': 'no',`
		`'gssapi': 'no',`
		`@@ -38,9 +37,8 @@`
		`'SAML2_HTTPDIR': '${TESTDIR}/${NAME}/saml2'}`


		`- sp_a = {'hostname': '${ADDRESS}:${PORT}',`
		`- 'saml_idp_metadata': 'http://127.0.0.10:45080/idp1/saml2/metadata',`
		`- 'saml_secure_setup': 'False',`
		`+ sp_a = {'hostname': '${ADDRESS}',`
		`+ 'saml_idp_metadata': 'https://127.0.0.10:45080/idp1/saml2/metadata',`
		`'saml_auth': '/sp',`
		`'httpd_user': '${TEST_USER}'}`

		`@@ -51,9 +49,8 @@`
		`'SAML2_HTTPDIR': '${TESTDIR}/${NAME}/saml2'}`


		`- sp2_a = {'hostname': '${ADDRESS}:${PORT}',`
		`- 'saml_idp_metadata': 'http://127.0.0.10:45080/idp1/saml2/metadata',`
		`- 'saml_secure_setup': 'False',`
		`+ sp2_a = {'hostname': '${ADDRESS}',`
		`+ 'saml_idp_metadata': 'https://127.0.0.10:45080/idp1/saml2/metadata',`
		`'saml_auth': '/sp',`
		`'httpd_user': '${TEST_USER}'}`

		`@@ -63,9 +60,8 @@`
		`'SAML2_HTTPDIR': '${TESTDIR}/${NAME}/saml2'}`


		`- sp3_a = {'hostname': '${ADDRESS}:${PORT}',`
		`- 'saml_idp_metadata': 'http://127.0.0.10:45080/idp1/saml2/metadata',`
		`- 'saml_secure_setup': 'False',`
		`+ sp3_a = {'hostname': '${ADDRESS}',`
		`+ 'saml_idp_metadata': 'https://127.0.0.10:45080/idp1/saml2/metadata',`
		`'saml_auth': '/sp',`
		`'httpd_user': '${TEST_USER}'}`

		`@@ -150,10 +146,10 @@`
		`user = pwd.getpwuid(os.getuid())[0]`

		`sess = HttpSessions()`
		`- sess.add_server(idpname, 'http://127.0.0.10:45080', user, 'ipsilon')`
		`- sess.add_server(spname, 'http://127.0.0.11:45081')`
		`- sess.add_server(sp2name, 'http://127.0.0.10:45082')`
		`- sess.add_server(sp3name, 'http://127.0.0.10:45083')`
		`+ sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'ipsilon')`
		`+ sess.add_server(spname, 'https://127.0.0.11:45081')`
		`+ sess.add_server(sp2name, 'https://127.0.0.10:45082')`
		`+ sess.add_server(sp3name, 'https://127.0.0.10:45083')`

		`print "testrest: Authenticate to IDP ...",`
		`try:`

tests/trans.py

file modified

+7 -9

		`@@ -24,7 +24,6 @@`
		`'admin_user': '${TEST_USER}',`
		`'system_user': '${TEST_USER}',`
		`'instance': '${NAME}',`
		`- 'secure': 'no',`
		`'testauth': 'yes',`
		`'pam': 'no',`
		`'gssapi': 'no',`
		`@@ -38,9 +37,8 @@`
		`'SAML2_HTTPDIR': '${TESTDIR}/${NAME}/saml2'}`


		`- sp_a = {'hostname': '${ADDRESS}:${PORT}',`
		`- 'saml_idp_metadata': 'http://127.0.0.10:45080/idp1/saml2/metadata',`
		`- 'saml_secure_setup': 'False',`
		`+ sp_a = {'hostname': '${ADDRESS}',`
		`+ 'saml_idp_metadata': 'https://127.0.0.10:45080/idp1/saml2/metadata',`
		`'saml_auth': '/sp',`
		`'httpd_user': '${TEST_USER}'}`

		`@@ -103,8 +101,8 @@`
		`print "trans: Add SP Metadata to IDP ...",`
		`try:`
		`sess = HttpSessions()`
		`- sess.add_server(idpname, 'http://127.0.0.10:45080', user, 'ipsilon')`
		`- sess.add_server(spname, 'http://127.0.0.11:45081')`
		`+ sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'ipsilon')`
		`+ sess.add_server(spname, 'https://127.0.0.11:45081')`
		`sess.auth_to_idp(idpname)`
		`sess.add_sp_metadata(idpname, spname)`
		`except Exception, e: # pylint: disable=broad-except`
		`@@ -115,9 +113,9 @@`
		`print "trans: Access SP Protected Area ...",`
		`try:`
		`sess = HttpSessions()`
		`- sess.add_server(idpname, 'http://127.0.0.10:45080', user, 'ipsilon')`
		`- sess.add_server(spname, 'http://127.0.0.11:45081')`
		`- page = sess.fetch_page(idpname, 'http://127.0.0.11:45081/sp/')`
		`+ sess.add_server(idpname, 'https://127.0.0.10:45080', user, 'ipsilon')`
		`+ sess.add_server(spname, 'https://127.0.0.11:45081')`
		`+ page = sess.fetch_page(idpname, 'https://127.0.0.11:45081/sp/')`
		`page.expected_value('text()', 'WORKS!')`
		`except ValueError, e:`
		`print >> sys.stderr, " ERROR: %s" % repr(e)`

ipsilon

#88 Use TLS for test suite

Merged 7 years ago by puiterwijk. Opened 7 years ago by puiterwijk.

puiterwijk/ipsilon testsuite-ssl into master

Metadata

Changes Summary 18

ipsilon

Source Code

#88 Use TLS for test suite Merged 7 years ago by puiterwijk. Opened 7 years ago by puiterwijk. puiterwijk/ipsilon testsuite-ssl into master

Metadata

Changes Summary 18

#88 Use TLS for test suite

Merged 7 years ago by puiterwijk. Opened 7 years ago by puiterwijk.

puiterwijk/ipsilon testsuite-ssl into master