Canonical SSO provider

Merge ~roadmr/canonical-identity-provider:saml-sha2-for-real into canonical-identity-provider:master

  1. Git
  2. lp:~roadmr/canonical-identity-provider
  3. saml-sha2-for-real
  4. Merge into master
Proposed by Daniel Manrique
Status: Merged
Approved by: Daniel Manrique
Approved revision: 8871eb4bedb2ec5b2f36ae493319ce9568f26c51
Merge reported by: Otto Co-Pilot
Merged at revision: not available
Proposed branch: ~roadmr/canonical-identity-provider:saml-sha2-for-real
Merge into: canonical-identity-provider:master
Diff against target: 44 lines (+10/-1)
2 files modified
requirements.txt (+1/-1)
src/ubuntu_sso_saml/tests/test_processors.py (+9/-0)
Reviewer Review Type Date Requested Status
Maximiliano Bertacchini Approve
Review via email: mp+388260@code.launchpad.net

Commit message

Update to saml2idp 0.20 which fixes a bug - and add tests to catch the bug.

To post a comment you must log in.
Revision history for this message
Maximiliano Bertacchini (maxiberta) wrote :

+1

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/requirements.txt b/requirements.txt
2index 7bdedbf..7ca4277 100644
3--- a/requirements.txt
4+++ b/requirements.txt
5@@ -37,7 +37,7 @@ python-openid==2.2.5
6 raven==6.10.0
7 requests==2.23.0
8 requests-oauthlib==0.4.2
9-saml2idp==0.19
10+saml2idp==0.20
11 six==1.10.0
12 ssoclient==2.1.1
13 statsd==3.3.0
14diff --git a/src/ubuntu_sso_saml/tests/test_processors.py b/src/ubuntu_sso_saml/tests/test_processors.py
15index 3144390..6117468 100644
16--- a/src/ubuntu_sso_saml/tests/test_processors.py
17+++ b/src/ubuntu_sso_saml/tests/test_processors.py
18@@ -2040,6 +2040,9 @@ class CanonicalProcessorTestCase(CanonicalProcessorBaseTestCase):
19 samlresponse = get_saml_response(response)
20 # Ensure sha1 mentioned in the assertion
21 self.assertIn("sha1", samlresponse)
22+ # Ensure sha256 or sha512 NOT mentioned in the assertion
23+ self.assertNotIn("sha256", samlresponse)
24+ self.assertNotIn("sha512", samlresponse)
25
26 def test_sha256_in_assertion(self):
27 self.setup_saml_sp(signing_algorithm='sha256')
28@@ -2049,6 +2052,9 @@ class CanonicalProcessorTestCase(CanonicalProcessorBaseTestCase):
29 samlresponse = get_saml_response(response)
30 # Ensure sha256 mentioned in the assertion
31 self.assertIn("sha256", samlresponse)
32+ # Ensure sha1 or 512 NOT mentioned in the assertion
33+ self.assertNotIn("sha1", samlresponse)
34+ self.assertNotIn("sha512", samlresponse)
35
36 def test_sha512_in_assertion(self):
37 self.setup_saml_sp(signing_algorithm='sha512')
38@@ -2058,3 +2064,6 @@ class CanonicalProcessorTestCase(CanonicalProcessorBaseTestCase):
39 samlresponse = get_saml_response(response)
40 # Ensure sha512 mentioned in the assertion
41 self.assertIn("sha512", samlresponse)
42+ # Ensure sha1 or 256 NOT mentioned in the assertion
43+ self.assertNotIn("sha1", samlresponse)
44+ self.assertNotIn("sha256", samlresponse)

Subscribers

People subscribed via source and target branches