3 # Copyright (C) 2015 Ipsilon project Contributors, for license see COPYING
5 from helpers.common import IpsilonTestBase # pylint: disable=relative-import
6 from helpers.http import HttpSessions # pylint: disable=relative-import
10 from string import Template
13 idp_g = {'TEMPLATES': '${TESTDIR}/templates/install',
14 'CONFDIR': '${TESTDIR}/etc',
15 'DATADIR': '${TESTDIR}/lib',
16 'HTTPDCONFD': '${TESTDIR}/${NAME}/conf.d',
17 'STATICDIR': '${ROOTDIR}',
18 'BINDIR': '${ROOTDIR}/ipsilon',
19 'WSGI_SOCKET_PREFIX': '${TESTDIR}/${NAME}/logs/wsgi'}
22 idp_a = {'hostname': '${ADDRESS}:${PORT}',
23 'admin_user': '${TEST_USER}',
24 'system_user': '${TEST_USER}',
25 'instance': '${NAME}',
31 'server_debugging': 'True'}
34 sp_g = {'HTTPDCONFD': '${TESTDIR}/${NAME}/conf.d',
35 'SAML2_TEMPLATE': '${TESTDIR}/templates/install/saml2/sp.conf',
36 'SAML2_CONFFILE': '${TESTDIR}/${NAME}/conf.d/ipsilon-saml.conf',
37 'SAML2_HTTPDIR': '${TESTDIR}/${NAME}/saml2'}
40 sp_a = {'hostname': '${ADDRESS}:${PORT}',
41 'saml_idp_metadata': 'http://127.0.0.10:45080/idp1/saml2/metadata',
42 'saml_secure_setup': 'False',
44 'httpd_user': '${TEST_USER}'}
47 sp_b = {'hostname': '${ADDRESS}:${PORT}',
48 'saml_idp_metadata': 'http://127.0.0.10:45080/idp1/saml2/metadata',
49 'saml_secure_setup': 'False',
50 'no_saml_soap_logout': 'True',
52 'httpd_user': '${TEST_USER}'}
85 def fixup_sp_httpd(httpdir):
88 Alias /sp ${HTTPDIR}/sp
90 <Directory ${HTTPDIR}/sp>
94 Alias /open ${HTTPDIR}/open
96 <Directory ${HTTPDIR}/open>
100 logged_out = """Logged out"""
102 t = Template(location)
103 text = t.substitute({'HTTPDIR': httpdir})
104 with open(httpdir + '/conf.d/ipsilon-saml.conf', 'a') as f:
107 os.mkdir(httpdir + '/sp')
108 with open(httpdir + '/sp/index.html', 'w') as f:
110 os.mkdir(httpdir + '/open')
111 with open(httpdir + '/open/logged_out.html', 'w') as f:
115 def ensure_logout(session, idp_name, sp_url):
117 Fetch the secure page without following redirects. If we get
118 a 303 then we should be redirected to the IDP for authentication
119 which means we aren't logged in.
121 Returns nothing or raises exception on error
124 logout_page = session.fetch_page(idp_name, sp_url,
125 follow_redirect=False)
126 if logout_page.result.status_code != 303:
127 raise ValueError('Still logged into url')
134 class IpsilonTest(IpsilonTestBase):
137 super(IpsilonTest, self).__init__('testlogout', __file__)
139 def setup_servers(self, env=None):
140 print "Installing IDP server"
144 idp = self.generate_profile(idp_g, idp_a, name, addr, port)
145 conf = self.setup_idp_server(idp, name, addr, port, env)
147 print "Starting IDP's httpd server"
148 self.start_http_server(conf, env)
150 for spdata in splist:
151 nameid = spdata['nameid']
152 addr = spdata['addr']
153 port = spdata['port']
154 print "Installing SP server %s" % nameid
156 # Configure sp3 and sp4 for only HTTP Redirect to test
157 # that a mix of SOAP and HTTP Redirect will play nice
159 if nameid in ['sp3', 'sp4']:
160 sp_prof = self.generate_profile(
161 sp_g, sp_b, nameid, addr, str(port), nameid
164 sp_prof = self.generate_profile(
165 sp_g, sp_a, nameid, addr, str(port), nameid
167 conf = self.setup_sp_server(sp_prof, nameid, addr, str(port), env)
168 fixup_sp_httpd(os.path.dirname(conf))
170 print "Starting SP's httpd server"
171 self.start_http_server(conf, env)
174 if __name__ == '__main__':
177 user = pwd.getpwuid(os.getuid())[0]
179 sess = HttpSessions()
180 sess.add_server(idpname, 'http://127.0.0.10:45080', user, 'ipsilon')
182 spname = sp['nameid']
183 spurl = 'http://%s:%s' % (sp['addr'], sp['port'])
184 sess.add_server(spname, spurl)
186 print "testlogout: Authenticate to IDP ...",
188 sess.auth_to_idp(idpname)
189 except Exception, e: # pylint: disable=broad-except
190 print >> sys.stderr, " ERROR: %s" % repr(e)
195 spname = sp['nameid']
196 print "testlogout: Add SP Metadata for %s to IDP ..." % spname,
198 sess.add_sp_metadata(idpname, spname)
199 except Exception, e: # pylint: disable=broad-except
200 print >> sys.stderr, " ERROR: %s" % repr(e)
204 print "testlogout: Logout without logging into SP ...",
206 page = sess.fetch_page(idpname, '%s/%s?%s' % (
207 'http://127.0.0.11:45081', 'saml2/logout',
208 'ReturnTo=http://127.0.0.11:45081/open/logged_out.html'))
209 page.expected_value('text()', 'Logged out')
210 except ValueError, e:
211 print >> sys.stderr, " ERROR: %s" % repr(e)
215 print "testlogout: Access SP Protected Area ...",
217 page = sess.fetch_page(idpname, 'http://127.0.0.11:45081/sp/')
218 page.expected_value('text()', 'WORKS!')
219 except ValueError, e:
220 print >> sys.stderr, " ERROR: %s" % repr(e)
224 print "testlogout: Logout from SP ...",
226 page = sess.fetch_page(idpname, '%s/%s?%s' % (
227 'http://127.0.0.11:45081', 'saml2/logout',
228 'ReturnTo=http://127.0.0.11:45081/open/logged_out.html'))
229 page.expected_value('text()', 'Logged out')
230 except ValueError, e:
231 print >> sys.stderr, " ERROR: %s" % repr(e)
235 print "testlogout: Try logout again ...",
237 page = sess.fetch_page(idpname, '%s/%s?%s' % (
238 'http://127.0.0.11:45081', 'saml2/logout',
239 'ReturnTo=http://127.0.0.11:45081/open/logged_out.html'))
240 page.expected_value('text()', 'Logged out')
241 except ValueError, e:
242 print >> sys.stderr, " ERROR: %s" % repr(e)
246 print "testlogout: Ensure logout ...",
248 ensure_logout(sess, idpname, 'http://127.0.0.11:45081/sp/')
249 except ValueError, e:
250 print >> sys.stderr, " ERROR: %s" % repr(e)
254 # Test logout from each of the SP's in the list to ensure that the
255 # order of logout doesn't matter.
256 for sporder in splist:
257 print "testlogout: Access SP Protected Area of each SP ...",
259 spname = sp['nameid']
260 spurl = 'http://%s:%s/sp/' % (sp['addr'], sp['port'])
262 page = sess.fetch_page(idpname, spurl)
263 page.expected_value('text()', 'WORKS!')
264 except ValueError, e:
265 print >> sys.stderr, " ERROR: %s" % repr(e)
269 print "testlogout: Initiate logout from %s ..." % sporder['nameid'],
271 logouturl = 'http://%s:%s' % (sp['addr'], sp['port'])
272 page = sess.fetch_page(idpname, '%s/%s?%s' % (
273 logouturl, 'saml2/logout',
274 'ReturnTo=http://127.0.0.11:45081/open/logged_out.html'))
275 page.expected_value('text()', 'Logged out')
276 except ValueError, e:
277 print >> sys.stderr, " ERROR: %s" % repr(e)
281 print "testlogout: Ensure logout of each SP ...",
283 spname = sp['nameid']
284 spurl = 'http://%s:%s/sp/' % (sp['addr'], sp['port'])
286 ensure_logout(sess, idpname, spurl)
287 except ValueError, e:
288 print >> sys.stderr, " ERROR: %s" % repr(e)
292 # Test IdP-initiated logout
293 print "testlogout: Access SP Protected Area of SP1...",
295 page = sess.fetch_page(idpname, 'http://127.0.0.11:45081/sp/')
296 page.expected_value('text()', 'WORKS!')
297 except ValueError, e:
298 print >> sys.stderr, " ERROR: %s" % repr(e)
302 print "testlogout: Access SP Protected Area of SP2...",
304 page = sess.fetch_page(idpname, 'http://127.0.0.11:45082/sp/')
305 page.expected_value('text()', 'WORKS!')
306 except ValueError, e:
307 print >> sys.stderr, " ERROR: %s" % repr(e)
311 print "testlogout: Access the IdP...",
313 page = sess.fetch_page(idpname, 'http://127.0.0.10:45080/%s' % idpname)
314 page.expected_value('//div[@id="welcome"]/p/text()',
315 'Welcome %s!' % user)
316 except ValueError, e:
317 print >> sys.stderr, " ERROR: %s" % repr(e)
321 print "testlogout: IdP-initiated logout ...",
323 page = sess.fetch_page(idpname,
324 'http://127.0.0.10:45080/%s/logout' % idpname)
325 page.expected_value('//div[@id="content"]/p/a/text()', 'Log In')
326 except ValueError, e:
327 print >> sys.stderr, " ERROR: %s" % repr(e)
331 print "testlogout: Ensure logout of SP1 ...",
333 ensure_logout(sess, idpname, 'http://127.0.0.11:45081/sp/')
334 except ValueError, e:
335 print >> sys.stderr, " ERROR: %s" % repr(e)
339 print "testlogout: Ensure logout of SP2 ...",
341 ensure_logout(sess, idpname, 'http://127.0.0.11:45082/sp/')
342 except ValueError, e:
343 print >> sys.stderr, " ERROR: %s" % repr(e)
347 print "testlogout: Access the IdP...",
349 page = sess.fetch_page(idpname,
350 'http://127.0.0.10:45080/%s/login' % idpname)
351 page.expected_value('//div[@id="welcome"]/p/text()',
352 'Welcome %s!' % user)
353 except ValueError, e:
354 print >> sys.stderr, " ERROR: %s" % repr(e)
358 print "testlogout: IdP-initiated logout with no SP sessions...",
360 page = sess.fetch_page(idpname,
361 'http://127.0.0.10:45080/%s/logout' % idpname)
362 page.expected_value('//div[@id="logout"]/p//text()',
363 'Successfully logged out.')
364 except ValueError, e:
365 print >> sys.stderr, " ERROR: %s" % repr(e)