eliott/authentik
1
0
Fork 0
mirror of https://github.com/goauthentik/authentik synced 2026-04-27 01:55:08 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
e7fcfb7e67d5df3e8a8a5da170f18fa4c6b98731
authentik/tests/e2e/test_provider_ws_fed.py
Jens L. a6775bc61e tests: refactor test harness to split apart a single file (#21391) 
* re-instate previously flaky test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* break up big file

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* move geoip data to subdir

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* i am but a weak man

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix ldap disconnect in testing

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* account for mismatched uid due to test server process

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2026-04-05 22:12:52 +02:00

226 lines
8.1 KiB
Python
Raw Blame History

"""test WSFed Provider flow"""
from json import dumps
from selenium.webdriver.common.by import By
from selenium.webdriver.support import expected_conditions as ec
from authentik.blueprints.tests import apply_blueprint, reconcile_app
from authentik.core.models import Application
from authentik.core.tests.utils import create_test_cert
from authentik.enterprise.providers.ws_federation.models import WSFederationProvider
from authentik.flows.models import Flow
from authentik.lib.generators import generate_id
from authentik.providers.saml.models import SAMLPropertyMapping
from tests.decorators import retry
from tests.selenium import SeleniumTestCase
class TestProviderWSFed(SeleniumTestCase):
"""test WS Federation flow"""
def setUp(self):
self.realm = generate_id()
super().setUp()
def setup_client(self, provider: WSFederationProvider, app: Application, **kwargs):
metadata_url = (
self.url(
"authentik_api:wsfederationprovider-metadata",
pk=provider.pk,
)
+ "?download"
)
self.run_container(
image="ghcr.io/beryju/wsfed-test-sp:v0.1.2",
ports={
"8080": "8080",
},
environment={
"WSFED_TEST_SP_WTREALM": self.realm,
"WSFED_TEST_SP_METADATA": metadata_url,
**kwargs,
},
)
@retry()
@apply_blueprint(
"default/flow-default-authentication-flow.yaml",
"default/flow-default-invalidation-flow.yaml",
)
@apply_blueprint(
"default/flow-default-provider-authorization-implicit-consent.yaml",
"default/flow-default-provider-invalidation.yaml",
)
@apply_blueprint(
"system/providers-saml.yaml",
)
@reconcile_app("authentik_crypto")
def test_sp_initiated_implicit(self):
"""test WSFed Provider flow SP-initiated flow (implicit consent)"""
# Bootstrap all needed objects
authorization_flow = Flow.objects.get(
slug="default-provider-authorization-implicit-consent"
)
invalidation_flow = Flow.objects.get(slug="default-provider-invalidation-flow")
provider = WSFederationProvider.objects.create(
name=generate_id(),
acs_url="http://localhost:8080",
audience=self.realm,
authorization_flow=authorization_flow,
invalidation_flow=invalidation_flow,
signing_kp=create_test_cert(),
)
provider.property_mappings.set(SAMLPropertyMapping.objects.all())
provider.save()
app = Application.objects.create(
name="WSFed",
slug=generate_id(),
provider=provider,
)
self.setup_client(provider, app)
self.driver.get("http://localhost:8080")
self.login()
self.wait_for_url("http://localhost:8080/")
body = self.parse_json_content(self.driver.find_element(By.CSS_SELECTOR, "pre"))
snippet = dumps(body, indent=2)[:500].replace("\n", " ")
self.assertEqual(
body.get("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"),
self.user.name,
f"Claim 'name' mismatch at {self.driver.current_url}: {snippet}",
)
self.assertEqual(
body.get("http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"),
self.user.username,
f"Claim 'windowsaccountname' mismatch at {self.driver.current_url}: {snippet}",
)
self.assertEqual(
body.get("http://schemas.goauthentik.io/2021/02/saml/username"),
self.user.username,
f"Claim 'saml/username' mismatch at {self.driver.current_url}: {snippet}",
)
self.assertEqual(
body.get("http://schemas.goauthentik.io/2021/02/saml/uid"),
str(self.user.pk),
f"Claim 'saml/uid' mismatch at {self.driver.current_url}: {snippet}",
)
self.assertEqual(
body.get("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"),
self.user.email,
f"Claim 'emailaddress' mismatch at {self.driver.current_url}: {snippet}",
)
self.assertEqual(
body.get("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"),
self.user.email,
f"Claim 'upn' mismatch at {self.driver.current_url}: {snippet}",
)
self.driver.get("http://localhost:8080/Logout")
should_url = self.url(
"authentik_core:if-flow",
flow_slug=invalidation_flow.slug,
)
self.wait.until(
lambda driver: driver.current_url.startswith(should_url),
f"URL {self.driver.current_url} doesn't match expected URL {should_url}",
)
@retry()
@apply_blueprint(
"default/flow-default-authentication-flow.yaml",
"default/flow-default-invalidation-flow.yaml",
)
@apply_blueprint(
"default/flow-default-provider-authorization-explicit-consent.yaml",
)
@apply_blueprint(
"system/providers-saml.yaml",
)
@reconcile_app("authentik_crypto")
def test_sp_initiated_explicit(self):
"""test WSFed Provider flow SP-initiated flow (explicit consent)"""
# Bootstrap all needed objects
authorization_flow = Flow.objects.get(
slug="default-provider-authorization-explicit-consent"
)
provider = WSFederationProvider.objects.create(
name=generate_id(),
acs_url="http://localhost:8080",
audience=self.realm,
authorization_flow=authorization_flow,
signing_kp=create_test_cert(),
)
provider.property_mappings.set(SAMLPropertyMapping.objects.all())
provider.save()
app = Application.objects.create(
name="WSFed",
slug=generate_id(),
provider=provider,
)
self.setup_client(provider, app)
self.driver.get("http://localhost:8080")
self.login()
self.wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "ak-flow-executor")))
flow_executor = self.get_shadow_root("ak-flow-executor")
consent_stage = self.get_shadow_root("ak-stage-consent", flow_executor)
self.assertIn(
app.name,
consent_stage.find_element(By.CSS_SELECTOR, "[data-test-id='stage-heading']").text,
"Consent stage header mismatch",
)
consent_stage.find_element(
By.CSS_SELECTOR,
"[type=submit]",
).click()
self.wait_for_url("http://localhost:8080/")
body = self.parse_json_content(self.driver.find_element(By.CSS_SELECTOR, "pre"))
snippet = dumps(body, indent=2)[:500].replace("\n", " ")
self.assertEqual(
body.get("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"),
self.user.name,
f"Claim 'name' mismatch at {self.driver.current_url}: {snippet}",
)
self.assertEqual(
body.get("http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"),
self.user.username,
f"Claim 'windowsaccountname' mismatch at {self.driver.current_url}: {snippet}",
)
self.assertEqual(
body.get("http://schemas.goauthentik.io/2021/02/saml/username"),
self.user.username,
f"Claim 'saml/username' mismatch at {self.driver.current_url}: {snippet}",
)
self.assertEqual(
body.get("http://schemas.goauthentik.io/2021/02/saml/uid"),
str(self.user.pk),
f"Claim 'saml/uid' mismatch at {self.driver.current_url}: {snippet}",
)
self.assertEqual(
body.get("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"),
self.user.email,
f"Claim 'emailaddress' mismatch at {self.driver.current_url}: {snippet}",
)
self.assertEqual(
body.get("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"),
self.user.email,
f"Claim 'upn' mismatch at {self.driver.current_url}: {snippet}",
)
Reference in New Issue View Git Blame Copy Permalink