Skip to content

Commit 155910d

Browse files
Merge pull request #842 from johanlundberg/lundberg_swamid_esi
Implement entity category MyAcademicID-ESI for SWAMID
2 parents b32fe90 + e311ae8 commit 155910d

File tree

3 files changed

+148
-0
lines changed

3 files changed

+148
-0
lines changed

src/saml2/entity_category/swamid.py

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -58,11 +58,14 @@
5858
'schacHomeOrganizationType',
5959
]
6060

61+
MYACADEMICID_ESI = ['schacPersonalUniqueCode']
62+
6163
# These give you access to information
6264
RESEARCH_AND_EDUCATION = 'http://www.swamid.se/category/research-and-education' # Deprecated from 2021-03-31
6365
SFS_1993_1153 = 'http://www.swamid.se/category/sfs-1993-1153' # Deprecated from 2021-03-31
6466
RESEARCH_AND_SCHOLARSHIP = 'http://refeds.org/category/research-and-scholarship'
6567
COCO = 'http://www.geant.net/uri/dataprotection-code-of-conduct/v1'
68+
ESI = 'https://myacademicid.org/entity-categories/esi'
6669

6770
# presently these don't by themself
6871
EU = 'http://www.swamid.se/category/eu-adequate-protection' # Deprecated from 2021-03-31
@@ -77,6 +80,8 @@
7780
(RESEARCH_AND_EDUCATION, HEI): NAME + STATIC_ORG_INFO + OTHER,
7881
RESEARCH_AND_SCHOLARSHIP: R_AND_S,
7982
COCO: GEANT_COCO,
83+
ESI: MYACADEMICID_ESI,
84+
(ESI, COCO): MYACADEMICID_ESI + GEANT_COCO,
8085
}
8186

8287
ONLY_REQUIRED = {COCO: True}

tests/entity_esi_and_coco_sp.xml

Lines changed: 95 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,95 @@
1+
<?xml version="1.0" encoding="UTF-8"?>
2+
<ns0:EntityDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" entityID="https://esi-coco.example.edu/saml2/metadata/">
3+
<ns0:Extensions>
4+
<mdrpi:RegistrationInfo registrationAuthority="http://geant.example.eu/" registrationInstant="2018-05-10T09:45:00Z" />
5+
<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
6+
<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://macedir.org/entity-category" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
7+
<saml:AttributeValue>https://myacademicid.org/entity-categories/esi</saml:AttributeValue>
8+
<saml:AttributeValue>http://www.geant.net/uri/dataprotection-code-of-conduct/v1</saml:AttributeValue>
9+
</saml:Attribute>
10+
</mdattr:EntityAttributes></ns0:Extensions>
11+
<ns0:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
12+
<ns0:KeyDescriptor use="encryption">
13+
<ns1:KeyInfo>
14+
<ns1:X509Data>
15+
<ns1:X509Certificate>MIIDvDCCAqQCCQDXVjecpE8ibTANBgkqhkiG9w0BAQUFADCBnzELMAkGA1UEBhMC
16+
U0UxEjAQBgNVBAgMCVN0b2NraG9sbTESMBAGA1UEBwwJU3RvY2tob2xtMQ4wDAYD
17+
VQQKDAVFRFVJRDEaMBgGA1UECwwRZWR1aWQuZXhhbXBsZS5jb20xGjAYBgNVBAMM
18+
EWVkdWlkLmV4YW1wbGUuY29tMSAwHgYJKoZIhvcNAQkBFhFlZHVpZEBleGFtcGxl
19+
LmNvbTAeFw0xMzA2MTIxMTU5NTdaFw0yMzA2MTAxMTU5NTdaMIGfMQswCQYDVQQG
20+
EwJTRTESMBAGA1UECAwJU3RvY2tob2xtMRIwEAYDVQQHDAlTdG9ja2hvbG0xDjAM
21+
BgNVBAoMBUVEVUlEMRowGAYDVQQLDBFlZHVpZC5leGFtcGxlLmNvbTEaMBgGA1UE
22+
AwwRZWR1aWQuZXhhbXBsZS5jb20xIDAeBgkqhkiG9w0BCQEWEWVkdWlkQGV4YW1w
23+
bGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwHzXvBlv+DN1
24+
0tV9z6M79RFKJEE1HoBpo/vuQzcIP8SZZNhzwQpYxTVTQ9ocagX1onfJn2ZjoWsi
25+
p45tSMnwLM9a9+UETYAV8O/AUq3gNDp+Mu6sS3smNhdykVR4STscIiP/hWMkZbJ4
26+
4dmJ2ccT3H6VosXR/OIVTjyalanmvMpDb6ZkKqmuQCDvRMii/R0HhbYUCytToDiy
27+
Bxw1tQG946g8pe5RhZxxzmxVwAGwOyDn1dwi+j4wH2eCDyLu8hLanPHNFNiy5hiN
28+
5B40N24V5YixlksgdT0pF46DfkJRrOCsNWHWnMSN+Xvo1oXLRFXEnfsCB1cw0EAp
29+
SMMGX4dhSwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQA8+faeCQVTadTrXpB8jzfE
30+
MJq6+V4oajnWb0LJ5ZZcKSlQZ5sfYJ1385CaXGh60Tg4uhtwTOgpRi1R1cZMLTz9
31+
ST6WPF+2vDJv7dGPuglzyQLvA2fd6BLnyGV6kLUc2XNOyCmD/tWuMvKvW62j4Y3B
32+
XZvRFZZdHNgay4Wgvs8D6wyozWpkWpawXkQ3LqbXO6GChYC4VLru+uJuMKvvKCd/
33+
I125dzkP2nf9zkGV0cil3oIVSBPBtSRTF/M+oZhkHTwoM6hhonRvdOLuvobKfZ2Q
34+
wHyaxzYldWmVC5omkgZeAdCGpJ316GQF8Zwg/yDOUzm4cvGeIESf1Q6ZxBwI6zGE
35+
</ns1:X509Certificate>
36+
</ns1:X509Data>
37+
</ns1:KeyInfo>
38+
</ns0:KeyDescriptor>
39+
<ns0:KeyDescriptor use="signing">
40+
<ns1:KeyInfo>
41+
<ns1:X509Data>
42+
<ns1:X509Certificate>MIIDvDCCAqQCCQDXVjecpE8ibTANBgkqhkiG9w0BAQUFADCBnzELMAkGA1UEBhMC
43+
U0UxEjAQBgNVBAgMCVN0b2NraG9sbTESMBAGA1UEBwwJU3RvY2tob2xtMQ4wDAYD
44+
VQQKDAVFRFVJRDEaMBgGA1UECwwRZWR1aWQuZXhhbXBsZS5jb20xGjAYBgNVBAMM
45+
EWVkdWlkLmV4YW1wbGUuY29tMSAwHgYJKoZIhvcNAQkBFhFlZHVpZEBleGFtcGxl
46+
LmNvbTAeFw0xMzA2MTIxMTU5NTdaFw0yMzA2MTAxMTU5NTdaMIGfMQswCQYDVQQG
47+
EwJTRTESMBAGA1UECAwJU3RvY2tob2xtMRIwEAYDVQQHDAlTdG9ja2hvbG0xDjAM
48+
BgNVBAoMBUVEVUlEMRowGAYDVQQLDBFlZHVpZC5leGFtcGxlLmNvbTEaMBgGA1UE
49+
AwwRZWR1aWQuZXhhbXBsZS5jb20xIDAeBgkqhkiG9w0BCQEWEWVkdWlkQGV4YW1w
50+
bGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwHzXvBlv+DN1
51+
0tV9z6M79RFKJEE1HoBpo/vuQzcIP8SZZNhzwQpYxTVTQ9ocagX1onfJn2ZjoWsi
52+
p45tSMnwLM9a9+UETYAV8O/AUq3gNDp+Mu6sS3smNhdykVR4STscIiP/hWMkZbJ4
53+
4dmJ2ccT3H6VosXR/OIVTjyalanmvMpDb6ZkKqmuQCDvRMii/R0HhbYUCytToDiy
54+
Bxw1tQG946g8pe5RhZxxzmxVwAGwOyDn1dwi+j4wH2eCDyLu8hLanPHNFNiy5hiN
55+
5B40N24V5YixlksgdT0pF46DfkJRrOCsNWHWnMSN+Xvo1oXLRFXEnfsCB1cw0EAp
56+
SMMGX4dhSwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQA8+faeCQVTadTrXpB8jzfE
57+
MJq6+V4oajnWb0LJ5ZZcKSlQZ5sfYJ1385CaXGh60Tg4uhtwTOgpRi1R1cZMLTz9
58+
ST6WPF+2vDJv7dGPuglzyQLvA2fd6BLnyGV6kLUc2XNOyCmD/tWuMvKvW62j4Y3B
59+
XZvRFZZdHNgay4Wgvs8D6wyozWpkWpawXkQ3LqbXO6GChYC4VLru+uJuMKvvKCd/
60+
I125dzkP2nf9zkGV0cil3oIVSBPBtSRTF/M+oZhkHTwoM6hhonRvdOLuvobKfZ2Q
61+
wHyaxzYldWmVC5omkgZeAdCGpJ316GQF8Zwg/yDOUzm4cvGeIESf1Q6ZxBwI6zGE
62+
</ns1:X509Certificate>
63+
</ns1:X509Data>
64+
</ns1:KeyInfo>
65+
</ns0:KeyDescriptor>
66+
<ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://esi-coco.example.edu/saml2/ls/"/>
67+
<ns0:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://esi-coco.example.edu/saml2/acs/" index="1"/>
68+
<!-- Require eduPersonTargetedID -->
69+
<ns0:AttributeConsumingService index="0">
70+
<ns0:ServiceName xml:lang="en">esi-coco-SP</ns0:ServiceName>
71+
<ns0:ServiceDescription xml:lang="en">ESI and COCO SP</ns0:ServiceDescription>
72+
<ns0:RequestedAttribute FriendlyName="eduPersonScopedAffiliation" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
73+
</ns0:AttributeConsumingService>
74+
</ns0:SPSSODescriptor>
75+
<ns0:Organization>
76+
<ns0:OrganizationName xml:lang="es">Example CO</ns0:OrganizationName>
77+
<ns0:OrganizationName xml:lang="en">Example CO</ns0:OrganizationName>
78+
<ns0:OrganizationDisplayName xml:lang="es">Example</ns0:OrganizationDisplayName>
79+
<ns0:OrganizationDisplayName xml:lang="en">Example</ns0:OrganizationDisplayName>
80+
<ns0:OrganizationURL xml:lang="es">http://www.example.edu</ns0:OrganizationURL>
81+
<ns0:OrganizationURL xml:lang="en">http://www.example.com</ns0:OrganizationURL>
82+
</ns0:Organization>
83+
<ns0:ContactPerson contactType="technical">
84+
<ns0:Company>Example CO</ns0:Company>
85+
<ns0:GivenName>Sysadmin</ns0:GivenName>
86+
<ns0:SurName/>
87+
<ns0:EmailAddress>[email protected]</ns0:EmailAddress>
88+
</ns0:ContactPerson>
89+
<ns0:ContactPerson contactType="administrative">
90+
<ns0:Company>Example CO</ns0:Company>
91+
<ns0:GivenName>Admin</ns0:GivenName>
92+
<ns0:SurName>CEO</ns0:SurName>
93+
<ns0:EmailAddress>[email protected]</ns0:EmailAddress>
94+
</ns0:ContactPerson>
95+
</ns0:EntityDescriptor>

tests/test_37_entity_categories.py

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -278,3 +278,51 @@ def test_filter_ava_required_attributes_with_no_friendly_name():
278278

279279
ava = policy.filter(ava, entity_id, required=required, optional=optional)
280280
assert _eq(list(ava.keys()), ["eduPersonTargetedID"])
281+
282+
283+
def test_filter_ava_esi_coco():
284+
entity_id = "https://esi-coco.example.edu/saml2/metadata/"
285+
mds = MetadataStore(ATTRCONV, sec_config, disable_ssl_certificate_validation=True)
286+
mds.imp(
287+
[
288+
{
289+
"class": "saml2.mdstore.MetaDataFile",
290+
"metadata": [(full_path("entity_esi_and_coco_sp.xml"),)]
291+
}
292+
]
293+
)
294+
295+
policy_conf = {
296+
"default": {
297+
"lifetime": {"minutes": 15},
298+
"entity_categories": ["swamid"]
299+
}
300+
}
301+
policy = Policy(policy_conf, mds)
302+
303+
ava = {
304+
"givenName": ["Test"],
305+
"sn": ["Testsson"],
306+
"mail": ["[email protected]"],
307+
"c": ["SE"],
308+
"schacHomeOrganization": ["example.com"],
309+
"eduPersonScopedAffiliation": ["[email protected]"],
310+
"schacPersonalUniqueCode": [
311+
"urn:schac:personalUniqueCode:int:esi:ladok.se:externtstudentuid-00000000-1111-2222-3333-444444444444"
312+
]
313+
}
314+
315+
ava = policy.filter(ava, entity_id)
316+
317+
assert _eq(list(ava.keys()), [
318+
'mail',
319+
'givenName',
320+
'sn',
321+
'c',
322+
'schacHomeOrganization',
323+
'eduPersonScopedAffiliation',
324+
'schacPersonalUniqueCode'
325+
])
326+
assert _eq(ava["mail"], ["[email protected]"])
327+
assert _eq(ava["schacPersonalUniqueCode"],
328+
["urn:schac:personalUniqueCode:int:esi:ladok.se:externtstudentuid-00000000-1111-2222-3333-444444444444"])

0 commit comments

Comments
 (0)