summaryrefslogtreecommitdiff
path: root/tests
Commit message (Collapse)AuthorAgeFilesLines
* Update behaviour of subject-id requirements entity attributeIvan Kanakarakis2023-02-141-5/+18
| | | | | | When the subject-id requiment is "any", both the subject-id and pairwise-id should be processsed. Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Disable REFEDS Access entity categories for SwamidJohan Lundberg2022-12-231-0/+5
| | | | | Turns out the implementation of no aggregation ECs was not quite what was needed to comply with the policy for these.
* cleanupJohan Lundberg2022-12-091-1/+0
|
* add test for requested subject idJohan Lundberg2022-12-092-1/+21
|
* add tests for no aggregation entity categoriesJohan Lundberg2022-12-074-0/+385
|
* Clean up remaining legacy `try: except ImportError:` blocksAarni Koskela2022-11-156-45/+2
|
* Run flynt -tc + black + isortAarni Koskela2022-11-1510-418/+418
|
* Run flynt + black + isortAarni Koskela2022-11-1529-237/+207
|
* Run autoflake --remove-all-unused-imports --ignore-init-module-imports + ↵Aarni Koskela2022-11-1524-53/+11
| | | | black + isort
* Run pyupgrade --py36-plus + black + isortAarni Koskela2022-11-1536-98/+54
|
* Format code with black and isortIvan Kanakarakis2022-10-0197-6855/+6097
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* build: Split dependencies into optional groupsIvan Kanakarakis2022-10-011-6/+0
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Fix logout test to expect data based on the given bindingIvan Kanakarakis2022-09-231-10/+6
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Add missing test fileIvan Kanakarakis2022-08-231-0/+0
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Fix test with latest xmlschemaIvan Kanakarakis2022-08-232-8/+4
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Update test cases with schema validation testsIvan Kanakarakis2022-08-1012-34/+191
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Fix saml2.mdstore.MetadataStore::sbibmd_scopes as shibmd_scopesIvan Kanakarakis2022-06-211-4/+4
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Add partial supprot for xs:date AttributeValue typeIvan Kanakarakis2022-06-081-0/+10
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Fallback to xs:string for AttributeValue xs typesIvan Kanakarakis2022-06-081-4/+8
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Cover other requests calls with http_client_timeoutXiao Zhu2022-04-193-4/+14
|
* update testsXiao Zhu2022-04-193-3/+10
|
* Add tests for cert chainsIvan Kanakarakis2022-04-183-0/+158
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Refactor certificate loadingIvan Kanakarakis2022-04-182-8/+10
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Load certificates using cryptographyJohn Paraskevopoulos2022-04-186-4/+65
| | | | | | | | | | | | | - Use cryptography.x509 load_pem_x509_certificate or load_der_x509_certificate depending on the cert type. This ensures 1) the certificate is a valid certificate 2) trailing newlines and whitespaces will be ignored - Ignore cer/crt as certificate type since these are file extensions and do not guarrantee the certificate encoding. Uses "pem" as default type for backwards compatibility. Only other valid option is "der". Everything else falls back to "pem". Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* assertion policy filter: Fallback to match a known attribute or return its nameIvan Kanakarakis2022-04-101-5/+45
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Replace mock with unittest.mockIvan Kanakarakis2022-04-103-5/+4
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Restrict pymongo to v3Ivan Kanakarakis2022-03-041-1/+1
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* correct swamid entity category setup for ESI and COCOJohan Lundberg2021-12-152-7/+21
| | | | updated test to reflect current usecase
* implement entity category https://myacademicid.org/entity-categories/esi for ↵Johan Lundberg2021-12-072-0/+143
| | | | swamid
* Adding test case for signed SOAP LogoutRequestsMaximilian Heuwes2021-11-221-0/+57
|
* Verify signed logout requests with the redirect bindingIvan Kanakarakis2021-11-161-12/+70
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Small refactorIvan Kanakarakis2021-11-161-3/+4
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* 633: Support for redirect binding signature check using query param valuesVishal Kadam2021-11-151-2/+90
|
* Ouput the according KeyName in encrypted answerClément Hallet2021-11-023-6/+51
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Add new config option requested_authn_contextIvan Kanakarakis2021-10-203-25/+60
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Adds configuration directive for RequestedAuthnContext #806Gagan Deep2021-10-191-3/+11
| | | | Closes #806
* Handle KeyError when retrieving SessionIndexAndrew Wason2021-09-101-0/+24
| | | | | This was broken in commit b69e92585 Fixes https://github.com/IdentityPython/pysaml2/issues/826
* Improve signature checksIvan Kanakarakis2021-06-201-25/+24
| | | | | | | | - Enforce allowed canonicalization methods - Enforce allowed transform aglorithms - Ensure the Object element is absent Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Do not embed the cert in the EncryptedData elementIvan Kanakarakis2021-05-181-1/+1
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* [Strengthen Encryption] PySAML2 Encrypted Assertions now works with ↵peppelinux2021-05-181-2/+2
| | | | | | | Shibboleth SP 3 - Fixed: "ERROR Shibboleth.SSO.SAML2 [6] [default]: failed to decrypt assertion: Unable to resolve any key decryption keys." - Fixed: "WARN XMLTooling.Decrypter [7] [default]: XMLSecurity exception while decrypting key: XSECAlgorithmMapper::mapURIToHandler - URI http://www.w3.org/2001/04/xmlenc#rsa-1_5 disallowed by whitelist/blacklist policy"
* Add shibmd_scopes metadata extractorIvan Kanakarakis2021-05-182-16/+68
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Merge pull request #801 from ErwinJunge/response-issuer-noneIvan Kanakarakis2021-05-181-26/+54
|\ | | | | Issuer in a Response is optional
| * Format codeIvan Kanakarakis2021-05-181-38/+43
| | | | | | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
| * Response issuer can be NoneErwin Junge2021-05-051-0/+23
| |
* | Always use base64.encodebytes; base64.encodestring has been droppedDirk Mueller2021-04-261-2/+3
|/ | | | Signed-off-by: Dirk Mueller <dirk@dmllr.de>
* Try to get the friendlyName of the required RequestedAttribute else derive ↵Ivan Kanakarakis2021-04-181-8/+17
| | | | | | it using the canonical Name Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Bandaid for crash when friendlyName is not set in metadataJohan Lundberg2021-04-162-3/+137
|
* tests: Do not hardcode the namespace prefix for encrypted assertionsIvan Kanakarakis2021-03-071-5/+9
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Raise SAMLError when metadata file cannot be parsedIvan Kanakarakis2021-03-072-0/+14
| | | | Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
* Merge pull request from GHSA-f4g9-h89h-jgv9Ivan Kanakarakis2021-01-207-13/+297
|\ | | | | Validate XML documents before verifying the signature
View Lorry Controller Status