diff options
| author | Roland Hedberg <roland.hedberg@adm.umu.se> | 2013-05-09 11:38:12 +0200 |
|---|---|---|
| committer | Roland Hedberg <roland.hedberg@adm.umu.se> | 2013-05-09 11:38:12 +0200 |
| commit | a432390da2fa549019f121c02dc48ed04b8d724d (patch) | |
| tree | 05469af1ce5a5f487bbb935fd0d1d9f1f19dcff3 | |
| parent | ce1c2c95fa8e325743f2bec643d08e4f362f3ced (diff) | |
| download | pysaml2-a432390da2fa549019f121c02dc48ed04b8d724d.tar.gz | |
Made things work after the last merge.
| -rw-r--r-- | src/saml2/assertion.py | 46 | ||||
| -rw-r--r-- | src/saml2/sigver.py | 32 | ||||
| -rw-r--r-- | tests/idp_conf_ec.py | 10 | ||||
| -rw-r--r-- | tests/test_20_assertion.py | 21 | ||||
| -rw-r--r-- | tests/test_31_config.py | 159 | ||||
| -rw-r--r-- | tests/test_37_entity_categories.py | 10 |
6 files changed, 161 insertions, 117 deletions
diff --git a/src/saml2/assertion.py b/src/saml2/assertion.py index 3bde2cd8..d8e82595 100644 --- a/src/saml2/assertion.py +++ b/src/saml2/assertion.py @@ -97,8 +97,11 @@ def filter_on_attributes(ava, required=None, optional=None): found = False nform = "" for nform in ["friendly_name", "name"]: - if nform in attr: + try: _fn = _match(attr[nform], ava) + except KeyError: + pass + else: if _fn: try: values = [av["text"] for av in attr["attribute_value"]] @@ -239,6 +242,8 @@ def filter_attribute_value_assertions(ava, attribute_restrictions=None): else: if _rests is None: continue + if isinstance(vals, basestring): + vals = [vals] rvals = [] for restr in _rests: for val in vals: @@ -289,6 +294,8 @@ class Policy(object): self._restrictions = restrictions.copy() for who, spec in self._restrictions.items(): + if spec is None: + continue try: items = spec["entity_categories"] except KeyError: @@ -311,14 +318,14 @@ class Policy(object): if restr is None: continue + _are = {} for key, values in restr.items(): if not values: - spec["attribute_restrictions"][key.lower()] = None + _are[key.lower()] = None continue - spec["attribute_restrictions"][key.lower()] = \ - [re.compile(value) for value in values] - + _are[key.lower()] = [re.compile(value) for value in values] + spec["attribute_restrictions"] = _are logger.debug("policy restrictions: %s" % self._restrictions) return self._restrictions @@ -430,20 +437,21 @@ class Policy(object): for attr in attrs: restrictions[attr] = None - try: - ecs = mds.entity_categories(sp_entity_id) - except KeyError: - pass - else: - for ec in ecs: - for ec_map in ec_maps: - try: - attrs = ec_map[ec] - except KeyError: - pass - else: - for attr in attrs: - restrictions[attr] = None + if mds: + try: + ecs = mds.entity_categories(sp_entity_id) + except KeyError: + pass + else: + for ec in ecs: + for ec_map in ec_maps: + try: + attrs = ec_map[ec] + except KeyError: + pass + else: + for attr in attrs: + restrictions[attr] = None return restrictions diff --git a/src/saml2/sigver.py b/src/saml2/sigver.py index 029e250f..d5cdfea4 100644 --- a/src/saml2/sigver.py +++ b/src/saml2/sigver.py @@ -72,7 +72,7 @@ def signed(item): return False -def _get_xmlsec_binary(paths=None): +def get_xmlsec_binary(paths=None): """ Tries to find the xmlsec1 binary. @@ -107,6 +107,7 @@ def _get_xmlsec_binary(paths=None): raise Exception("Can't find %s" % bin_name) + def _get_xmlsec_cryptobackend(path=None, search_paths=None, debug=False): """ Initialize a CryptoBackendXmlSec1 crypto backend. @@ -114,7 +115,7 @@ def _get_xmlsec_cryptobackend(path=None, search_paths=None, debug=False): This function is now internal to this module. """ if path is None: - path=_get_xmlsec_binary(paths=search_paths) + path = get_xmlsec_binary(paths=search_paths) return CryptoBackendXmlSec1(path, debug=debug) @@ -144,7 +145,6 @@ class DecryptError(Exception): # -------------------------------------------------------------------------- - def _make_vals(val, klass, seccont, klass_inst=None, prop=None, part=False, base64encode=False, elements_to_sign=None): """ @@ -173,7 +173,8 @@ def _make_vals(val, klass, seccont, klass_inst=None, prop=None, part=False, except ValueError: if not part: cis = [_make_vals(sval, klass, seccont, klass_inst, prop, - True, base64encode, elements_to_sign) for sval in val] + True, base64encode, elements_to_sign) for sval + in val] setattr(klass_inst, prop, cis) else: raise @@ -485,6 +486,7 @@ def sha1_digest(msg): class Signer(object): """Abstract base class for signing algorithms.""" + def sign(self, msg, key): """Sign ``msg`` with ``key`` and return the signature.""" raise NotImplementedError @@ -544,6 +546,7 @@ def verify_redirect_signature(info, cert): else: raise Unsupported("Signature algorithm: %s" % info["SigAlg"]) + LOG_LINE = 60 * "=" + "\n%s\n" + 60 * "-" + "\n%s" + 60 * "=" LOG_LINE_2 = 60 * "=" + "\n%s\n%s\n" + 60 * "-" + "\n%s" + 60 * "=" @@ -588,7 +591,6 @@ def read_cert_from_file(cert_file, cert_type): class CryptoBackend(): - def __init__(self, debug=False): self.debug = debug @@ -620,7 +622,7 @@ class CryptoBackendXmlSec1(CryptoBackend): def __init__(self, xmlsec_binary, **kwargs): CryptoBackend.__init__(self, **kwargs) - assert(isinstance(xmlsec_binary, basestring)) + assert (isinstance(xmlsec_binary, basestring)) self.xmlsec = xmlsec_binary def version(self): @@ -637,7 +639,7 @@ class CryptoBackendXmlSec1(CryptoBackend): com_list = [self.xmlsec, "--encrypt", "--pubkey-cert-pem", recv_key, "--session-key", key_type, "--xml-data", fil, - ] + ] (_stdout, _stderr, output) = self._run_xmlsec(com_list, [template], exception=DecryptError, @@ -650,7 +652,7 @@ class CryptoBackendXmlSec1(CryptoBackend): com_list = [self.xmlsec, "--decrypt", "--privkey-pem", key_file, "--id-attr:%s" % ID_ATTR, ENC_KEY_CLASS, - ] + ] (_stdout, _stderr, output) = self._run_xmlsec(com_list, [fil], exception=DecryptError, @@ -677,7 +679,7 @@ class CryptoBackendXmlSec1(CryptoBackend): "--privkey-pem", key_file, "--id-attr:%s" % id_attr, class_name, #"--store-signatures" - ] + ] if node_id: com_list.extend(["--node-id", node_id]) @@ -767,6 +769,7 @@ class CryptoBackendXmlSec1(CryptoBackend): ntf.seek(0) return p_out, p_err, ntf.read() + class CryptoBackendXMLSecurity(CryptoBackend): """ CryptoBackend implementation using pyXMLSecurity to sign and verify @@ -804,6 +807,7 @@ class CryptoBackendXMLSecurity(CryptoBackend): """ import xmlsec import lxml.etree + xml = xmlsec.parse_xml(statement) signed = xmlsec.sign(xml, key_file) return lxml.etree.tostring(signed, xml_declaration=True) @@ -825,12 +829,14 @@ class CryptoBackendXMLSecurity(CryptoBackend): if cert_type != "pem": raise Unsupported("Only PEM certs supported here") import xmlsec + xml = xmlsec.parse_xml(signedtext) try: return xmlsec.verify(xml, cert_file) except xmlsec.XMLSigException: return False + def security_context(conf, debug=None): """ Creates a security context based on the configuration @@ -852,8 +858,8 @@ def security_context(conf, debug=None): if conf.crypto_backend == 'xmlsec1': xmlsec_binary = conf.xmlsec_binary if not xmlsec_binary: - xmlsec_binary = _get_xmlsec_binary() - # verify that xmlsec is where it's supposed to be + xmlsec_binary = get_xmlsec_binary() + # verify that xmlsec is where it's supposed to be if not os.path.exists(xmlsec_binary): #if not os.access(, os.F_OK): raise Exception( @@ -864,7 +870,7 @@ def security_context(conf, debug=None): crypto = CryptoBackendXMLSecurity(debug=debug) else: raise Exception('Unknown crypto_backend %s' % ( - repr(conf.crypto_backend))) + repr(conf.crypto_backend))) return SecurityContext(crypto, conf.key_file, cert_file=conf.cert_file, metadata=metadata, @@ -957,7 +963,7 @@ class SecurityContext(object): cert_type=cert_type, node_name=node_name, node_id=node_id, id_attr=id_attr, - ) + ) def _check_signature(self, decoded_xml, item, node_name=NODE_NAME, origdoc=None, id_attr="", must=False): diff --git a/tests/idp_conf_ec.py b/tests/idp_conf_ec.py index 683c21d4..39b343cf 100644 --- a/tests/idp_conf_ec.py +++ b/tests/idp_conf_ec.py @@ -1,8 +1,12 @@ -from saml2 import BINDING_SOAP, BINDING_HTTP_REDIRECT, BINDING_HTTP_POST -from saml2.saml import NAMEID_FORMAT_PERSISTENT +from saml2.sigver import get_xmlsec_binary +from saml2 import BINDING_SOAP +from saml2 import BINDING_HTTP_REDIRECT +from saml2 import BINDING_HTTP_POST from saml2.saml import NAME_FORMAT_URI -from pathutils import full_path, xmlsec_path +from pathutils import full_path + +xmlsec_path = get_xmlsec_binary(["/opt/local/bin"]) BASE = "http://localhost:8088" diff --git a/tests/test_20_assertion.py b/tests/test_20_assertion.py index be04b45a..3aed04c3 100644 --- a/tests/test_20_assertion.py +++ b/tests/test_20_assertion.py @@ -172,15 +172,15 @@ def test_ava_filter_2(): "surName": "Jeter", "mail": "derek@example.com"} - raises(Exception, policy.filter, ava, 'urn:mace:umu.se:saml:roland:sp', - [mail], [gn, sn]) + raises(MissingValue, policy.filter, ava, 'urn:mace:umu.se:saml:roland:sp', + None, [mail], [gn, sn]) ava = {"givenName": "Derek", "surName": "Jeter"} # it wasn't there to begin with raises(Exception, policy.filter, ava, 'urn:mace:umu.se:saml:roland:sp', - [gn, sn, mail]) + None, [gn, sn, mail]) def test_filter_attribute_value_assertions_0(AVA): @@ -643,7 +643,7 @@ def test_req_opt(): 'uid': 'rohe0002', 'edupersonaffiliation': 'staff'} sp_entity_id = "urn:mace:example.com:saml:curt:sp" - fava = policy.filter(ava, sp_entity_id, req, opt) + fava = policy.filter(ava, sp_entity_id, None, req, opt) assert fava @@ -736,19 +736,20 @@ def test_filter_ava_5(): "default": { "lifetime": {"minutes": 15}, #"attribute_restrictions": None # means all I have - "entity_categories": ["swami", "edugain"] + "entity_categories": ["swamid", "edugain"] } }) ava = {"givenName": ["Derek"], "surName": ["Jeter"], "mail": ["derek@nyy.mlb.com", "dj@example.com"]} - # No restrictions apply - ava = policy.filter(ava, "urn:mace:example.com:saml:curt:sp", [], []) + ava = policy.filter(ava, "urn:mace:example.com:saml:curt:sp", None, [], []) - assert _eq(ava.keys(), ['mail', 'givenName', 'surName']) - assert _eq(ava["mail"], ["derek@nyy.mlb.com", "dj@example.com"]) + # using entity_categories means there *always* are restrictions + # in this case the only allowed attribute is eduPersonTargetedID + # which isn't available in the ava hence zip is returned. + assert ava == {} if __name__ == "__main__": - test_assertion_with_noop_attribute_conv()
\ No newline at end of file + test_filter_ava_5()
\ No newline at end of file diff --git a/tests/test_31_config.py b/tests/test_31_config.py index 20b5170a..34cda4ae 100644 --- a/tests/test_31_config.py +++ b/tests/test_31_config.py @@ -14,29 +14,31 @@ from saml2 import root_logger from pathutils import dotname, full_path sp1 = { - "entityid" : "urn:mace:umu.se:saml:roland:sp", + "entityid": "urn:mace:umu.se:saml:roland:sp", "service": { "sp": { - "endpoints" : { - "assertion_consumer_service" : ["http://lingon.catalogix.se:8087/"], + "endpoints": { + "assertion_consumer_service": [ + "http://lingon.catalogix.se:8087/"], }, "name": "test", - "idp" : { - "urn:mace:example.com:saml:roland:idp": {'single_sign_on_service': - {'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect': - 'http://localhost:8088/sso/'}}, + "idp": { + "urn:mace:example.com:saml:roland:idp": { + 'single_sign_on_service': + {'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect': + 'http://localhost:8088/sso/'}}, } } }, - "key_file" : full_path("test.key"), - "cert_file" : full_path("test.pem"), - "metadata": { - "local": [full_path("metadata.xml"), + "key_file": full_path("test.key"), + "cert_file": full_path("test.pem"), + "metadata": { + "local": [full_path("metadata.xml"), full_path("urn-mace-swami.se-swamid-test-1.0-metadata.xml")], }, - "virtual_organization" : { - "coip":{ - "nameid_format" : "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "virtual_organization": { + "coip": { + "nameid_format": "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", "common_identifier": "eduPersonPrincipalName", "attribute_auth": [ "https://coip-test.sunet.se/idp/shibboleth", @@ -48,17 +50,18 @@ sp1 = { } sp2 = { - "entityid" : "urn:mace:umu.se:saml:roland:sp", - "name" : "Rolands SP", + "entityid": "urn:mace:umu.se:saml:roland:sp", + "name": "Rolands SP", "service": { "sp": { - "endpoints" : { - "assertion_consumer_service" : ["http://lingon.catalogix.se:8087/"], + "endpoints": { + "assertion_consumer_service": [ + "http://lingon.catalogix.se:8087/"], }, "required_attributes": ["surName", "givenName", "mail"], "optional_attributes": ["title"], "idp": { - "" : "https://example.com/saml2/idp/SSOService.php", + "": "https://example.com/saml2/idp/SSOService.php", } } }, @@ -66,12 +69,12 @@ sp2 = { } IDP1 = { - "entityid" : "urn:mace:umu.se:saml:roland:idp", - "name" : "Rolands IdP", + "entityid": "urn:mace:umu.se:saml:roland:idp", + "name": "Rolands IdP", "service": { "idp": { "endpoints": { - "single_sign_on_service" : ["http://localhost:8088/"], + "single_sign_on_service": ["http://localhost:8088/"], }, "policy": { "default": { @@ -90,15 +93,16 @@ IDP1 = { } IDP2 = { - "entityid" : "urn:mace:umu.se:saml:roland:idp", - "name" : "Rolands IdP", + "entityid": "urn:mace:umu.se:saml:roland:idp", + "name": "Rolands IdP", "service": { "idp": { "endpoints": { - "single_sign_on_service" : ["http://localhost:8088/"], - "single_logout_service" : [("http://localhost:8088/", BINDING_HTTP_REDIRECT)], + "single_sign_on_service": ["http://localhost:8088/"], + "single_logout_service": [ + ("http://localhost:8088/", BINDING_HTTP_REDIRECT)], }, - "policy":{ + "policy": { "default": { "attribute_restrictions": { "givenName": None, @@ -115,41 +119,42 @@ IDP2 = { } PDP = { - "entityid" : "http://example.org/pysaml2/pdp", - "name" : "Rolands PdP", + "entityid": "http://example.org/pysaml2/pdp", + "name": "Rolands PdP", "service": { "pdp": { "endpoints": { - "authz_service" : [("http://example.org/pysaml2/pdp/authz", + "authz_service": [("http://example.org/pysaml2/pdp/authz", BINDING_SOAP)], }, } }, - "key_file" : full_path("test.key"), - "cert_file" : full_path("test.pem"), + "key_file": full_path("test.key"), + "cert_file": full_path("test.pem"), "organization": { "name": "Exempel AB", - "display_name": [("Exempel AB","se"),("Example Co.","en")], - "url":"http://www.example.com/roland", + "display_name": [("Exempel AB", "se"), ("Example Co.", "en")], + "url": "http://www.example.com/roland", }, "contact_person": [{ - "given_name":"John", - "sur_name": "Smith", - "email_address": ["john.smith@example.com"], - "contact_type": "technical", - }, + "given_name": "John", + "sur_name": "Smith", + "email_address": ["john.smith@example.com"], + "contact_type": "technical", + }, ], } ECP_SP = { - "entityid" : "urn:mace:umu.se:saml:roland:ecpsp", - "name" : "Rolands ECP_SP", + "entityid": "urn:mace:umu.se:saml:roland:ecpsp", + "name": "Rolands ECP_SP", "service": { "sp": { - "endpoints" : { - "assertion_consumer_service" : ["http://lingon.catalogix.se:8087/"], + "endpoints": { + "assertion_consumer_service": [ + "http://lingon.catalogix.se:8087/"], }, - "ecp" : { + "ecp": { "130.239.": "http://example.com/idp", } } @@ -157,9 +162,11 @@ ECP_SP = { #"xmlsec_binary" : "/opt/local/bin/xmlsec1", } -def _eq(l1,l2): + +def _eq(l1, l2): return set(l1) == set(l2) + def test_1(): c = SPConfig().load(sp1) c.context = "sp" @@ -173,11 +180,13 @@ def test_1(): assert len(c._sp_idp) == 1 assert c._sp_idp.keys() == ["urn:mace:example.com:saml:roland:idp"] assert c._sp_idp.values() == [{'single_sign_on_service': - {'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect': - 'http://localhost:8088/sso/'}}] + { + 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect': + 'http://localhost:8088/sso/'}}] assert c.only_use_keys_in_metadata + def test_2(): c = SPConfig().load(sp2) c.context = "sp" @@ -192,20 +201,22 @@ def test_2(): assert len(c._sp_idp) == 1 assert c._sp_idp.keys() == [""] - assert c._sp_idp.values() == ["https://example.com/saml2/idp/SSOService.php"] + assert c._sp_idp.values() == [ + "https://example.com/saml2/idp/SSOService.php"] assert c.only_use_keys_in_metadata is True - + + def test_minimum(): minimum = { - "entityid" : "urn:mace:example.com:saml:roland:sp", + "entityid": "urn:mace:example.com:saml:roland:sp", "service": { "sp": { - "endpoints" : { - "assertion_consumer_service" : ["http://sp.example.org/"], + "endpoints": { + "assertion_consumer_service": ["http://sp.example.org/"], }, - "name" : "test", + "name": "test", "idp": { - "" : "https://example.com/idp/SSOService.php", + "": "https://example.com/idp/SSOService.php", }, } }, @@ -216,7 +227,8 @@ def test_minimum(): c.context = "sp" assert c is not None - + + def test_idp_1(): c = IdPConfig().load(IDP1) c.context = "idp" @@ -224,8 +236,10 @@ def test_idp_1(): print c assert c.endpoint("single_sign_on_service")[0] == 'http://localhost:8088/' - attribute_restrictions = c.getattr("policy","idp").get_attribute_restriction("") - assert attribute_restrictions["eduPersonAffiliation"][0].match("staff") + attribute_restrictions = c.getattr("policy", + "idp").get_attribute_restriction("") + assert attribute_restrictions["edupersonaffiliation"][0].match("staff") + def test_idp_2(): c = IdPConfig().load(IDP2) @@ -235,11 +249,13 @@ def test_idp_2(): assert c.endpoint("single_logout_service", BINDING_SOAP) == [] assert c.endpoint("single_logout_service", - BINDING_HTTP_REDIRECT) == ["http://localhost:8088/"] + BINDING_HTTP_REDIRECT) == ["http://localhost:8088/"] + + attribute_restrictions = c.getattr("policy", + "idp").get_attribute_restriction("") + assert attribute_restrictions["edupersonaffiliation"][0].match("staff") + - attribute_restrictions = c.getattr("policy","idp").get_attribute_restriction("") - assert attribute_restrictions["eduPersonAffiliation"][0].match("staff") - def test_wayf(): c = SPConfig().load_file("server_conf") c.context = "sp" @@ -255,7 +271,7 @@ def test_wayf(): assert root_logger.level == logging.INFO assert len(root_logger.handlers) == 1 assert isinstance(root_logger.handlers[0], - logging.handlers.RotatingFileHandler) + logging.handlers.RotatingFileHandler) handler = root_logger.handlers[0] assert handler.backupCount == 5 try: @@ -266,6 +282,7 @@ def test_wayf(): assert root_logger.name == "saml2" assert root_logger.level == 20 + def test_conf_syslog(): c = SPConfig().load_file("server_conf_syslog") c.context = "sp" @@ -273,7 +290,7 @@ def test_conf_syslog(): # otherwise the logger setting is not changed root_logger.level = logging.NOTSET root_logger.handlers = [] - + print c.logger c.setup_logger() @@ -281,7 +298,7 @@ def test_conf_syslog(): assert root_logger.level == logging.INFO assert len(root_logger.handlers) == 1 assert isinstance(root_logger.handlers[0], - logging.handlers.SysLogHandler) + logging.handlers.SysLogHandler) handler = root_logger.handlers[0] print handler.__dict__ assert handler.facility == "local3" @@ -307,11 +324,13 @@ def test_3(): assert cnf.metadata is not None assert cnf.attribute_converters is not None + def test_sp(): cnf = SPConfig() cnf.load_file(dotname("sp_1_conf")) assert cnf.endpoint("assertion_consumer_service") == \ - ["http://lingon.catalogix.se:8087/"] + ["http://lingon.catalogix.se:8087/"] + def test_dual(): cnf = Config().load_file(dotname("idp_sp_conf")) @@ -322,16 +341,18 @@ def test_dual(): assert idpe assert spe != idpe + def test_ecp(): cnf = SPConfig() cnf.load(ECP_SP) assert cnf.endpoint("assertion_consumer_service") == \ - ["http://lingon.catalogix.se:8087/"] + ["http://lingon.catalogix.se:8087/"] eid = cnf.ecp_endpoint("130.239.16.3") assert eid == "http://example.com/idp" eid = cnf.ecp_endpoint("130.238.20.20") assert eid is None + def test_assertion_consumer_service(): c = IdPConfig() c.load_file(dotname("idp_conf")) @@ -342,4 +363,8 @@ def test_assertion_consumer_service(): entity_id = "https://www.zimride.com/shibboleth" acs = c.metadata.assertion_consumer_service(entity_id) assert len(acs) == 1 - assert acs[0]["location"] == 'https://www.zimride.com/Shibboleth.sso/SAML2/POST' + assert acs[0][ + "location"] == 'https://www.zimride.com/Shibboleth.sso/SAML2/POST' + +if __name__ == "__main__": + test_idp_1()
\ No newline at end of file diff --git a/tests/test_37_entity_categories.py b/tests/test_37_entity_categories.py index 09c03249..7a532ebc 100644 --- a/tests/test_37_entity_categories.py +++ b/tests/test_37_entity_categories.py @@ -50,12 +50,12 @@ def test_filter_ava(): } }) - ava = {"givenName": ["Derek"], "surname": ["Jeter"], + ava = {"givenName": ["Derek"], "sn": ["Jeter"], "email": ["derek@nyy.mlb.com", "dj@example.com"], "c": ["USA"]} ava = policy.filter(ava, "https://connect.sunet.se/shibboleth", MDS) - assert _eq(ava.keys(), ['email', 'givenName', 'surname', 'c']) + assert _eq(ava.keys(), ['email', 'givenName', 'sn', 'c']) assert _eq(ava["email"], ["derek@nyy.mlb.com", "dj@example.com"]) @@ -68,7 +68,7 @@ def test_filter_ava2(): } }) - ava = {"givenName": ["Derek"], "surname": ["Jeter"], + ava = {"givenName": ["Derek"], "sn": ["Jeter"], "email": ["derek@nyy.mlb.com"], "c": ["USA"], "eduPersonTargetedID": "foo!bar!xyz"} @@ -92,7 +92,7 @@ def test_filter_ava3(): disable_ssl_certificate_validation=True) mds.imp({"local": [full_path("entity_cat_sfs_hei.xml")]}) - ava = {"givenName": ["Derek"], "surname": ["Jeter"], + ava = {"givenName": ["Derek"], "sn": ["Jeter"], "email": ["derek@nyy.mlb.com"], "c": ["USA"], "eduPersonTargetedID": "foo!bar!xyz", "norEduPersonNIN": "19800101134"} @@ -105,7 +105,7 @@ def test_filter_ava3(): def test_idp_policy_filter(): idp = Server("idp_conf_ec") - ava = {"givenName": ["Derek"], "surname": ["Jeter"], + ava = {"givenName": ["Derek"], "sn": ["Jeter"], "email": ["derek@nyy.mlb.com"], "c": ["USA"], "eduPersonTargetedID": "foo!bar!xyz", "norEduPersonNIN": "19800101134"} |