pax_global_header00006660000000000000000000000064141055175610014517gustar00rootroot0000000000000052 comment=c84af25048554c8f13d94f9fa1544b30a51e78c1 python3-saml-1.12.0/000077500000000000000000000000001410551756100141365ustar00rootroot00000000000000python3-saml-1.12.0/.github/000077500000000000000000000000001410551756100154765ustar00rootroot00000000000000python3-saml-1.12.0/.github/workflows/000077500000000000000000000000001410551756100175335ustar00rootroot00000000000000python3-saml-1.12.0/.github/workflows/python-package.yml000066400000000000000000000032241410551756100231710ustar00rootroot00000000000000# This workflow will install Python dependencies, run tests and lint with a variety of Python versions # For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions name: Python package on: [push, pull_request] jobs: test: runs-on: ubuntu-latest strategy: fail-fast: false matrix: python-version: [2.7,3.5,3.6,3.7, 3.8,3.9] steps: - uses: actions/checkout@v2 - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v2 with: python-version: ${{ matrix.python-version }} - uses: actions/cache@v2 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('**/setup.py') }} restore-keys: | ${{ runner.os }}-pip- - name: Install dependencies run: | sudo apt-get update -qq sudo apt-get install -qq swig python-dev libxml2-dev libxmlsec1-dev make install-req make install-test - name: Test run: make pytest lint: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - uses: actions/setup-python@v2 with: python-version: 3.9 - uses: actions/cache@v2 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('**/setup.py') }} restore-keys: | ${{ runner.os }}-pip- - name: Install dependencies run: | sudo apt-get update -qq sudo apt-get install -qq swig python-dev libxml2-dev libxmlsec1-dev make install-req make install-test - name: Run linters run: | make pycodestyle make flake8 python3-saml-1.12.0/.gitignore000066400000000000000000000004761410551756100161350ustar00rootroot00000000000000*~ .#* ## the next line needs to start with a backslash to avoid looking like ## a comment \#*# *.pyc *.pyo .*.swp __pycache_ /parts /.installed.cfg /develop-eggs /*.eg *.egg-info /eggs /.eggs /build /dist /venv .coverage .pypirc /.idea .mypy_cache/ .pytest_cache *.key *.crt *.pem settings.py advanced_settings.py python3-saml-1.12.0/.travis.yml000066400000000000000000000011761410551756100162540ustar00rootroot00000000000000language: python python: - '2.7' - '3.5' - '3.6' - '3.7' - '3.8' - '3.9' matrix: include: - python: '3.7' dist: xenial # required for Python >= 3.7 (travis-ci/travis-ci#9069) install: - sudo apt-get update -qq - sudo apt-get install -qq swig python-dev libxml2-dev libxmlsec1-dev - 'travis_retry pip install .' - 'travis_retry pip install -e ".[test]"' script: - 'coverage run --source=src/onelogin/saml2 --rcfile=tests/coverage.rc setup.py test' - 'coverage report -m --rcfile=tests/coverage.rc' # - 'pylint src/onelogin/saml2 --rcfile=tests/pylint.rc' - 'flake8 .' after_success: 'coveralls' python3-saml-1.12.0/LICENSE000066400000000000000000000020501410551756100151400ustar00rootroot00000000000000Copyright (c) 2010-2021 OneLogin, Inc. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. python3-saml-1.12.0/MANIFEST.in000066400000000000000000000002261410551756100156740ustar00rootroot00000000000000include README.md include LICENSE recursive-include src *.py recursive-include src *.xsd recursive-exclude * __pycache__ recursive-exclude * *.py[co] python3-saml-1.12.0/Makefile000066400000000000000000000015221410551756100155760ustar00rootroot00000000000000PIP=pip FLAKE8=flake8 PYTEST=pytest PYCODESTYLE=pycodestyle COVERAGE=coverage COVERAGE_CONFIG=tests/coverage.rc PEP8_CONFIG=tests/pep8.rc MAIN_SOURCE=src/onelogin/saml2 DEMOS=demo-django demo-flask demo-tornado demo_pyramid TESTS=tests/src/OneLogin/saml2_tests SOURCES=$(MAIN_SOURCE) $(DEMOS) $(TESTS) install-req: $(PIP) install --upgrade 'setuptools<45.0.0' $(PIP) install . install-test: $(PIP) install -e ".[test]" pytest: $(COVERAGE) run --source $(MAIN_SOURCE) --rcfile=$(COVERAGE_CONFIG) -m pytest $(COVERAGE) report -m --rcfile=$(COVERAGE_CONFIG) pycodestyle: $(PYCODESTYLE) --ignore=E501,E731,W504 $(SOURCES) --config=$(PEP8_CONFIG) flake8: $(FLAKE8) $(SOURCES) clean: rm -rf .pytest_cache/ rm -rf .eggs/ find . -type d -name "__pycache__" -exec rm -r {} + find . -type d -name "*.egg-info" -exec rm -r {} + rm .coverage python3-saml-1.12.0/README.md000066400000000000000000002217151410551756100154250ustar00rootroot00000000000000# OneLogin's SAML Python Toolkit (compatible with Python3) [![Build Status](https://api.travis-ci.org/onelogin/python3-saml.png?branch=master)](http://travis-ci.org/onelogin/python3-saml) [![Coverage Status](https://coveralls.io/repos/github/onelogin/python3-saml/badge.svg?branch=master)](https://coveralls.io/github/onelogin/python3-saml?branch=master) [![PyPi Version](https://img.shields.io/pypi/v/python3-saml.svg)](https://pypi.python.org/pypi/python3-saml) ![Python versions](https://img.shields.io/pypi/pyversions/python3-saml.svg) Add SAML support to your Python software using this library. Forget those complicated libraries and use the open source library provided and supported by OneLogin Inc. This version supports Python3. There is a separate version that only support Python2: [python-saml](https://github.com/onelogin/python-saml) #### Warning #### Version 1.8.0 sets strict mode active by default Update ``python3-saml`` to ``1.5.0``, this version includes security improvements for preventing XEE and Xpath Injections. Update ``python3-saml`` to ``1.4.0``, this version includes a fix for the [CVE-2017-11427](https://www.cvedetails.com/cve/CVE-2017-11427/) vulnerability. This version also changes how the calculate fingerprint method works, and will expect as input a formatted X.509 certificate. Update ``python3-saml`` to ``1.2.6`` that adds the use defusedxml that will prevent XEE and other attacks based on the abuse of XML. (CVE-2017-9672) Update ``python3-saml`` to ``>= 1.2.1``, ``1.2.0`` had a bug on signature validation process (when using ``wantAssertionsSigned`` and ``wantMessagesSigned``). [CVE-2016-1000251](https://github.com/distributedweaknessfiling/DWF-Database-Artifacts/blob/master/DWF/2016/1000251/CVE-2016-1000251.json) ``1.2.0`` version includes a security patch that contains extra validations that will prevent signature wrapping attacks. ``python3-saml < v1.2.0`` is vulnerable and allows signature wrapping! #### Security Guidelines #### If you believe you have discovered a security vulnerability in this toolkit, please report it at https://www.onelogin.com/security with a description. We follow responsible disclosure guidelines, and will work with you to quickly find a resolution. Why add SAML support to my software? ------------------------------------ SAML is an XML-based standard for web browser single sign-on and is defined by the OASIS Security Services Technical Committee. The standard has been around since 2002, but lately it is becoming popular due its advantages: * **Usability** - One-click access from portals or intranets, deep linking, password elimination and automatically renewing sessions make life easier for the user. * **Security** - Based on strong digital signatures for authentication and integrity, SAML is a secure single sign-on protocol that the largest and most security conscious enterprises in the world rely on. * **Speed** - SAML is fast. One browser redirect is all it takes to securely sign a user into an application. * **Phishing Prevention** - If you don’t have a password for an app, you can’t be tricked into entering it on a fake login page. * **IT Friendly** - SAML simplifies life for IT because it centralizes authentication, provides greater visibility and makes directory integration easier. * **Opportunity** - B2B cloud vendor should support SAML to facilitate the integration of their product. General Description ------------------- OneLogin's SAML Python toolkit lets you turn your Python application into a SP (Service Provider) that can be connected to an IdP (Identity Provider). **Supports:** * SSO and SLO (SP-Initiated and IdP-Initiated). * Assertion and nameId encryption. * Assertion signatures. * Message signatures: ``AuthNRequest``, ``LogoutRequest``, ``LogoutResponses``. * Enable an Assertion Consumer Service endpoint. * Enable a Single Logout Service endpoint. * Publish the SP metadata (which can be signed). **Key Features:** * **saml2int** - Implements the SAML 2.0 Web Browser SSO Profile. * **Session-less** - Forget those common conflicts between the SP and the final app, the toolkit delegate session in the final app. * **Easy to use** - Programmer will be allowed to code high-level and low-level programming, 2 easy to use APIs are available. * **Tested** - Thoroughly tested. * **Popular** - OneLogin's customers use it. Add easy support to your Django/Flask web projects. Installation ------------ ### Dependencies ### * python 2.7 // python 3.6 * [xmlsec](https://pypi.python.org/pypi/xmlsec) Python bindings for the XML Security Library. * [isodate](https://pypi.python.org/pypi/isodate) An ISO 8601 date/time/ duration parser and formatter Review the ``setup.py`` file to know the version of the library that ``python3-saml`` is using ### Code ### #### Option 1. Download from GitHub #### The toolkit is hosted on GitHub. You can download it from: * Latest release: https://github.com/onelogin/python3-saml/releases/latest * Master repo: https://github.com/onelogin/python3-saml/tree/master Copy the core of the library ``(src/onelogin/saml2 folder)`` and merge the ``setup.py`` inside the Python application. (Each application has its structure so take your time to locate the Python SAML toolkit in the best place). #### Option 2. Download from pypi #### The toolkit is hosted in pypi, you can find the ``python3-saml`` package at https://pypi.python.org/pypi/python3-saml You can install it executing: ``` $ pip install python3-saml ``` If you want to know how a project can handle python packages review this [guide](https://packaging.python.org/en/latest/tutorial.html) and review this [sampleproject](https://github.com/pypa/sampleproject) Security Warning ---------------- In production, the **strict** parameter MUST be set as **"true"**. Otherwise your environment is not secure and will be exposed to attacks. In production also we highly recommend to register on the settings the IdP certificate instead of using the fingerprint method. The fingerprint, is a hash, so at the end is open to a collision attack that can end on a signature validation bypass. Other SAML toolkits deprecated that mechanism, we maintain it for compatibility and also to be used on test environment. Getting Started --------------- ### Knowing the toolkit ### The new OneLogin SAML Toolkit contains different folders (``certs``, ``lib``, ``demo-django``, ``demo-flask`` and ``tests``) and some files. Let's start describing them: #### src #### This folder contains the heart of the toolkit, **onelogin/saml2** folder contains the new version of the classes and methods that are described in a later section. #### demo-django #### This folder contains a Django project that will be used as demo to show how to add SAML support to the Django Framework. **demo** is the main folder of the Django project (with its ``settings.py``, ``views.py``, ``urls.py``), **templates** is the Django templates of the project and **saml** is a folder that contains the ``certs`` folder that could be used to store the X.509 public and private key, and the SAML toolkit settings (``settings.json`` and ``advanced_settings.json``). ***Notice about certs*** SAML requires a X.509 cert to sign and encrypt elements like ``NameID``, ``Message``, ``Assertion``, ``Metadata``. If our environment requires sign or encrypt support, the certs folder may contain the X.509 cert and the private key that the SP will use: * sp.crt The public cert of the SP * sp.key The private key of the SP Or also we can provide those data in the setting file at the ``x509cert`` and the ``privateKey`` JSON parameters of the ``sp`` element. Sometimes we could need a signature on the metadata published by the SP, in this case we could use the X.509 cert previously mentioned or use a new X.509 cert: ``metadata.crt`` and ``metadata.key``. Use ``sp_new.crt`` if you are in a key rollover process and you want to publish that X.509 certificate on Service Provider metadata. If you want to create self-signed certs, you can do it at the https://www.samltool.com/self_signed_certs.php service, or using the command: ```bash openssl req -new -x509 -days 3652 -nodes -out sp.crt -keyout sp.key ``` #### demo-flask #### This folder contains a Flask project that will be used as demo to show how to add SAML support to the Flask Framework. ``index.py`` is the main Flask file that has all the code, this file uses the templates stored at the ``templates`` folder. In the ``saml`` folder we found the ``certs`` folder to store the X.509 public and private key, and the SAML toolkit settings (``settings.json`` and ``advanced_settings.json``). #### demo_pyramid #### This folder contains a Pyramid project that will be used as demo to show how to add SAML support to the [Pyramid Web Framework](http://docs.pylonsproject.org/projects/pyramid/en/latest/). ``\_\_init__.py`` is the main file that configures the app and its routes, ``views.py`` is where all the logic and SAML handling takes place, and the templates are stored in the ``templates`` folder. The ``saml`` folder is the same as in the other two demos. #### demo-tornado #### This folder contains a Tornado project that will be used as demo to show how to add SAML support to the Tornado Framework. ``views.py`` (with its ``settings.py``) is the main Flask file that has all the code, this file uses the templates stored at the ``templates`` folder. In the ``saml`` folder we found the ``certs`` folder to store the X.509 public and private key, and the SAML toolkit settings (``settings.json`` and ``advanced_settings.json``). It requires python3.5 (it's using tornado 6.0.3) #### setup.py #### Setup script is the centre of all activity in building, distributing, and installing modules. Read more at https://pythonhosted.org/an_example_pypi_project/setuptools.html #### tests #### Contains the unit test of the toolkit. In order to execute the test you only need to load the virtualenv with the toolkit installed on it and execute: ``` python setup.py test ``` The previous line will run the tests for the whole toolkit. You can also run the tests for a specific module. To do so for the auth module you would have to execute this: ``` python setup.py test --test-suite tests.src.OneLogin.saml2_tests.auth_test.OneLogin_Saml2_Auth_Test ``` With the ``--test-suite`` parameter you can specify the module to test. You'll find all the module available and their class names at ``tests/src/OneLogin/saml2_tests/``. ### How It Works ### #### Settings #### First of all we need to configure the toolkit. The SP's info, the IdP's info, and in some cases, configure advanced security issues like signatures and encryption. There are two ways to provide the settings information: * Use a ``settings.json`` file that we should locate in any folder, but indicates its path with the ``custom_base_path`` parameter. * Use a JSON object with the setting data and provide it directly to the constructor of the class (if your toolkit integation requires certs, remember to provide the ``custom_base_path`` as part of the settings or as a parameter in the constructor). In the demo-django and in the demo-flask folders you will find a ``saml`` folder, inside there is a ``certs`` folder and a ``settings.json`` and ``advanced_settings.json`` file. Those files contain the settings for the SAML toolkit. Copy them in your project and set the correct values. This is the ``settings.json`` file: ```javascript { // If strict is True, then the Python Toolkit will reject unsigned // or unencrypted messages if it expects them to be signed or encrypted. // Also it will reject the messages if the SAML standard is not strictly // followed. Destination, NameId, Conditions ... are validated too. "strict": true, // Enable debug mode (outputs errors). "debug": true, // Service Provider Data that we are deploying. "sp": { // Identifier of the SP entity (must be a URI) "entityId": "https:///metadata/", // Specifies info about where and how the message MUST be // returned to the requester, in this case our SP. "assertionConsumerService": { // URL Location where the from the IdP will be returned "url": "https:///?acs", // SAML protocol binding to be used when returning the // message. OneLogin Toolkit supports this endpoint for the // HTTP-POST binding only. "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" }, // Specifies info about where and how the message MUST be sent. "singleLogoutService": { // URL Location where the from the IdP will be sent (IdP-initiated logout) "url": "https:///?sls", // URL Location where the from the IdP will sent (SP-initiated logout, reply) // OPTIONAL: only specify if different from url parameter //"responseUrl": "https:///?sls", // SAML protocol binding to be used when returning the // message. OneLogin Toolkit supports the HTTP-Redirect binding // only for this endpoint. "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" }, // If you need to specify requested attributes, set a // attributeConsumingService. nameFormat, attributeValue and // friendlyName can be ommited "attributeConsumingService": { // OPTIONAL: only specifiy if SP requires this. // index is an integer which identifies the attributeConsumingService used // to the SP. OneLogin toolkit supports configuring only one attributeConsumingService // but in certain cases the SP requires a different value. Defaults to '1'. // "index": '1', "serviceName": "SP test", "serviceDescription": "Test Service", "requestedAttributes": [ { "name": "", "isRequired": false, "nameFormat": "", "friendlyName": "", "attributeValue": [] } ] }, // Specifies the constraints on the name identifier to be used to // represent the requested subject. // Take a look on src/onelogin/saml2/constants.py to see the NameIdFormat that are supported. "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", // Usually X.509 cert and privateKey of the SP are provided by files placed at // the certs folder. But we can also provide them with the following parameters "x509cert": "", "privateKey": "" /* * Key rollover * If you plan to update the SP X.509cert and privateKey * you can define here the new X.509cert and it will be * published on the SP metadata so Identity Providers can * read them and get ready for rollover. */ // 'x509certNew': '', }, // Identity Provider Data that we want connected with our SP. "idp": { // Identifier of the IdP entity (must be a URI) "entityId": "https://app.onelogin.com/saml/metadata/", // SSO endpoint info of the IdP. (Authentication Request protocol) "singleSignOnService": { // URL Target of the IdP where the Authentication Request Message // will be sent. "url": "https://app.onelogin.com/trust/saml2/http-post/sso/", // SAML protocol binding to be used when returning the // message. OneLogin Toolkit supports the HTTP-Redirect binding // only for this endpoint. "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" }, // SLO endpoint info of the IdP. "singleLogoutService": { // URL Location where the from the IdP will be sent (IdP-initiated logout) "url": "https://app.onelogin.com/trust/saml2/http-redirect/slo/", // URL Location where the from the IdP will sent (SP-initiated logout, reply) // OPTIONAL: only specify if different from url parameter "responseUrl": "https://app.onelogin.com/trust/saml2/http-redirect/slo_return/", // SAML protocol binding to be used when returning the // message. OneLogin Toolkit supports the HTTP-Redirect binding // only for this endpoint. "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" }, // Public X.509 certificate of the IdP "x509cert": "" /* * Instead of using the whole X.509cert you can use a fingerprint in order to * validate a SAMLResponse (but you still need the X.509cert to validate LogoutRequest and LogoutResponse using the HTTP-Redirect binding). * But take in mind that the algortithm for the fingerprint should be as strong as the algorithm in a normal certificate signature * (e.g. SHA256 or strong) * * (openssl x509 -noout -fingerprint -in "idp.crt" to generate it, * or add for example the -sha256 , -sha384 or -sha512 parameter) * * If a fingerprint is provided, then the certFingerprintAlgorithm is required in order to * let the toolkit know which algorithm was used. Possible values: sha1, sha256, sha384 or sha512 * 'sha1' is the default value. * * Notice that if you want to validate any SAML Message sent by the HTTP-Redirect binding, you * will need to provide the whole X.509cert. */ // "certFingerprint": "", // "certFingerprintAlgorithm": "sha1", /* In some scenarios the IdP uses different certificates for * signing/encryption, or is under key rollover phase and * more than one certificate is published on IdP metadata. * In order to handle that the toolkit offers that parameter. * (when used, 'X.509cert' and 'certFingerprint' values are * ignored). */ // 'x509certMulti': { // 'signing': [ // '' // ], // 'encryption': [ // '' // ] // } } } ``` In addition to the required settings data (idp, sp), extra settings can be defined in `advanced_settings.json`: ```javascript { // Security settings "security": { /** signatures and encryptions offered **/ // Indicates that the nameID of the sent by this SP // will be encrypted. "nameIdEncrypted": false, // Indicates whether the messages sent by this SP // will be signed. [Metadata of the SP will offer this info] "authnRequestsSigned": false, // Indicates whether the messages sent by this SP // will be signed. "logoutRequestSigned": false, // Indicates whether the messages sent by this SP // will be signed. "logoutResponseSigned": false, /* Sign the Metadata false || true (use sp certs) || { "keyFileName": "metadata.key", "certFileName": "metadata.crt" } */ "signMetadata": false, /** signatures and encryptions required **/ // Indicates a requirement for the , // and elements received by this SP to be signed. "wantMessagesSigned": false, // Indicates a requirement for the elements received by // this SP to be signed. [Metadata of the SP will offer this info] "wantAssertionsSigned": false, // Indicates a requirement for the // elements received by this SP to be encrypted. "wantAssertionsEncrypted": false, // Indicates a requirement for the NameID element on the SAMLResponse // received by this SP to be present. "wantNameId": true, // Indicates a requirement for the NameID received by // this SP to be encrypted. "wantNameIdEncrypted": false, // Indicates a requirement for the AttributeStatement element "wantAttributeStatement": true, // Authentication context. // Set to false and no AuthContext will be sent in the AuthNRequest, // Set true or don't present this parameter and you will get an AuthContext 'exact' 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' // Set an array with the possible auth context values: array ('urn:oasis:names:tc:SAML:2.0:ac:classes:Password', 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509'), "requestedAuthnContext": true, // Allows the authn comparison parameter to be set, defaults to 'exact' if the setting is not present. "requestedAuthnContextComparison": "exact", // Set to true to check that the AuthnContext(s) received match(es) the requested. "failOnAuthnContextMismatch": false, // In some environment you will need to set how long the published metadata of the Service Provider gonna be valid. // is possible to not set the 2 following parameters (or set to null) and default values will be set (2 days, 1 week) // Provide the desire TimeStamp, for example 2015-06-26T20:00:00Z "metadataValidUntil": null, // Provide the desire Duration, for example PT518400S (6 days) "metadataCacheDuration": null, // If enabled, URLs with single-label-domains will // be allowed and not rejected by the settings validator (Enable it under Docker/Kubernetes/testing env, not recommended on production) "allowSingleLabelDomains": false, // Algorithm that the toolkit will use on signing process. Options: // 'http://www.w3.org/2000/09/xmldsig#rsa-sha1' // 'http://www.w3.org/2000/09/xmldsig#dsa-sha1' // 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' // 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384' // 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512' "signatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", // Algorithm that the toolkit will use on digest process. Options: // 'http://www.w3.org/2000/09/xmldsig#sha1' // 'http://www.w3.org/2001/04/xmlenc#sha256' // 'http://www.w3.org/2001/04/xmldsig-more#sha384' // 'http://www.w3.org/2001/04/xmlenc#sha512' 'digestAlgorithm': "http://www.w3.org/2001/04/xmlenc#sha256", // Specify if you want the SP to view assertions with duplicated Name or FriendlyName attributes to be valid // Defaults to false if not specified 'allowRepeatAttributeName': false }, // Contact information template, it is recommended to suply a // technical and support contacts. "contactPerson": { "technical": { "givenName": "technical_name", "emailAddress": "technical@example.com" }, "support": { "givenName": "support_name", "emailAddress": "support@example.com" } }, // Organization information template, the info in en_US lang is // recomended, add more if required. "organization": { "en-US": { "name": "sp_test", "displayname": "SP test", "url": "http://sp.example.com" } } } ``` In the ``security`` section, you can set the way that the SP will handle the messages and assertions. Contact the admin of the IdP and ask them what the IdP expects, and decide what validations will handle the SP and what requirements the SP will have and communicate them to the IdP's admin too. Once we know what kind of data could be configured, let's talk about the way settings are handled within the toolkit. The settings files described (``settings.json`` and ``advanced_settings.json``) are loaded by the toolkit if not other dict with settings info is provided in the constructors of the toolkit. Let's see some examples. ```python # Initializes toolkit with settings.json & advanced_settings.json files. auth = OneLogin_Saml2_Auth(req) # or settings = OneLogin_Saml2_Settings() # Initializes toolkit with settings.json & advanced_settings.json files from a custom base path. custom_folder = '/var/www/django-project' auth = OneLogin_Saml2_Auth(req, custom_base_path=custom_folder) # or settings = OneLogin_Saml2_Settings(custom_base_path=custom_folder) # Initializes toolkit with the dict provided. auth = OneLogin_Saml2_Auth(req, settings_data) # or settings = OneLogin_Saml2_Settings(settings_data) ``` You can declare the ``settings_data`` in the file that contains the constructor execution or locate them in any file and load the file in order to get the dict available as we see in the following example: ```python filename = "/var/www/django-project/custom_settings.json" # The custom_settings.json contains a json_data_file = open(filename, 'r') # settings_data dict. settings_data = json.load(json_data_file) json_data_file.close() auth = OneLogin_Saml2_Auth(req, settings_data) ``` #### Metadata Based Configuration The method above requires a little extra work to manually specify attributes about the IdP. (And your SP application) There's an easier method -- use a metadata exchange. Metadata is just an XML file that defines the capabilities of both the IdP and the SP application. It also contains the X.509 public key certificates which add to the trusted relationship. The IdP administrator can also configure custom settings for an SP based on the metadata. Using ````parse_remote```` IdP metadata can be obtained and added to the settings without further ado. Take in mind that the OneLogin_Saml2_IdPMetadataParser class does not validate in any way the URL that is introduced in order to be parsed. Usually the same administrator that handles the Service Provider also sets the URL to the IdP, which should be a trusted resource. But there are other scenarios, like a SAAS app where the administrator of the app delegates this functionality to other users. In this case, extra precaution should be taken in order to validate such URL inputs and avoid attacks like SSRF. `` idp_data = OneLogin_Saml2_IdPMetadataParser.parse_remote('https://example.com/auth/saml2/idp/metadata') `` You can specify a timeout in seconds for metadata retrieval, without it is not guaranteed that the request will complete `` idp_data = OneLogin_Saml2_IdPMetadataParser.parse_remote('https://example.com/auth/saml2/idp/metadata', timeout=5) `` If the Metadata contains several entities, the relevant ``EntityDescriptor`` can be specified when retrieving the settings from the ``IdpMetadataParser`` by its ``entityId`` value: ``idp_data = OneLogin_Saml2_IdPMetadataParser.parse_remote(https://example.com/metadatas, entity_id='idp_entity_id')`` #### How load the library #### In order to use the toolkit library you need to import the file that contains the class that you will need on the top of your python file. ``` python from onelogin.saml2.auth import OneLogin_Saml2_Auth from onelogin.saml2.settings import OneLogin_Saml2_Settings from onelogin.saml2.utils import OneLogin_Saml2_Utils ``` #### The Request #### Building a ``OneLogin\_Saml2\_Auth`` object requires a ``request`` parameter: ```python auth = OneLogin_Saml2_Auth(req) ``` This parameter has the following scheme: ```python req = { "http_host": "", "script_name": "", "get_data": "", "post_data": "", # Advanced request options "https": "", "request_uri": "", "query_string": "", "validate_signature_from_qs": False, "lowercase_urlencoding": False } ``` Each Python framework builds its own ``request`` object, you may map its data to match what the SAML toolkit expects. Let`s see some examples: ```python def prepare_from_django_request(request): return { 'http_host': request.META['HTTP_HOST'], 'script_name': request.META['PATH_INFO'], 'get_data': request.GET.copy(), 'post_data': request.POST.copy() } def prepare_from_flask_request(request): url_data = urlparse(request.url) return { 'http_host': request.netloc, 'script_name': request.path, 'get_data': request.args.copy(), 'post_data': request.form.copy() } ``` An explanation of some advanced request parameters: * `https` - Defaults to ``off``. Set this to ``on`` if you receive responses over HTTPS. * `request_uri` - The path where your SAML server receives requests. Set this if requests are not received at the server's root. * `query_string` - Set this with additional query parameters that should be passed to the request endpoint. * `validate_signature_from_qs` - If `True`, use `query_string` to validate request and response signatures. Otherwise, use `get_data`. Defaults to `False`. Note that when using `get_data`, query parameters need to be url-encoded for validation. By default we use upper-case url-encoding. Some IdPs, notably Microsoft AD, use lower-case url-encoding, which makes signature validation to fail. To fix this issue, either pass `query_string` and set `validate_signature_from_qs` to `True`, which works for all IdPs, or set `lowercase_urlencoding` to `True`, which only works for AD. #### Initiate SSO #### In order to send an ``AuthNRequest`` to the IdP: ```python from onelogin.saml2.auth import OneLogin_Saml2_Auth req = prepare_request_for_toolkit(request) auth = OneLogin_Saml2_Auth(req) # Constructor of the SP, loads settings.json # and advanced_settings.json auth.login() # Method that builds and sends the AuthNRequest ``` The ``AuthNRequest`` will be sent signed or unsigned based on the security info of the ``advanced_settings.json`` file (i.e. ``authnRequestsSigned``). The IdP will then return the SAML Response to the user's client. The client is then forwarded to the **Assertion Consumer Service (ACS)** of the SP with this information. We can set a ``return_to`` url parameter to the login function and that will be converted as a ``RelayState`` parameter: ```python target_url = 'https://example.com' auth.login(return_to=target_url) ``` The login method can recieve 3 more optional parameters: * ``force_authn`` When ``true``, the ``AuthNReuqest`` will set the ``ForceAuthn='true'`` * ``is_passive`` When true, the ``AuthNReuqest`` will set the ``Ispassive='true'`` * ``set_nameid_policy`` When true, the ``AuthNReuqest`` will set a ``nameIdPolicy`` element. If a match on the future ``SAMLResponse`` ID and the ``AuthNRequest`` ID to be sent is required, that ``AuthNRequest`` ID must to be extracted and stored for future validation, we can get that ID by ``auth.get_last_request_id()`` #### The SP Endpoints #### Related to the SP there are 3 important endpoints: The metadata view, the ACS view and the SLS view. The toolkit provides examples of those views in the demos, but let's see an example. ***SP Metadata*** This code will provide the XML metadata file of our SP, based on the info that we provided in the settings files. ```python req = prepare_request_for_toolkit(request) auth = OneLogin_Saml2_Auth(req) saml_settings = auth.get_settings() metadata = saml_settings.get_sp_metadata() errors = saml_settings.validate_metadata(metadata) if len(errors) == 0: print(metadata) else: print("Error found on Metadata: %s" % (', '.join(errors))) ``` The ``get_sp_metadata`` will return the metadata signed or not based on the security info of the ``advanced_settings.json`` (``signMetadata``). Before the XML metadata is exposed, a check takes place to ensure that the info to be provided is valid. Instead of using the Auth object, you can directly use ``` saml_settings = OneLogin_Saml2_Settings(settings=None, custom_base_path=None, sp_validation_only=True) ``` to get the settings object and with the ``sp_validation_only=True`` parameter we will avoid the IdP settings validation. ***Assertion Consumer Service (ACS)*** This code handles the SAML response that the IdP forwards to the SP through the user's client. ```python req = prepare_request_for_toolkit(request) auth = OneLogin_Saml2_Auth(req) auth.process_response() errors = auth.get_errors() if not errors: if auth.is_authenticated(): request.session['samlUserdata'] = auth.get_attributes() if 'RelayState' in req['post_data'] and OneLogin_Saml2_Utils.get_self_url(req) != req['post_data']['RelayState']: auth.redirect_to(req['post_data']['RelayState']) else: for attr_name in request.session['samlUserdata'].keys(): print('%s ==> %s' % (attr_name, '|| '.join(request.session['samlUserdata'][attr_name]))) else: print('Not authenticated') else: print("Error when processing SAML Response: %s %s" % (', '.join(errors), auth.get_last_error_reason())) ``` The SAML response is processed and then checked that there are no errors. It also verifies that the user is authenticated and stored the userdata in session. At that point there are 2 possible alternatives: * If no ``RelayState`` is provided, we could show the user data in this view or however we wanted. * If ``RelayState`` is provided, a redirection takes place. Notice that we saved the user data in the session before the redirection to have the user data available at the ``RelayState`` view. In order to retrieve attributes we use: ```python attributes = auth.get_attributes(); ``` With this method we get a dict with all the user data provided by the IdP in the assertion of the SAML response. If we execute print attributes we could get: ```python { "cn": ["Jhon"], "sn": ["Doe"], "mail": ["Doe"], "groups": ["users", "members"] } ``` Each attribute name can be used as a key to obtain the value. Every attribute is a list of values. A single-valued attribute is a listy of a single element. The following code is equivalent: ```python attributes = auth.get_attributes(); print(attributes['cn']) print(auth.get_attribute('cn')) ``` Before trying to get an attribute, check that the user is authenticated. If the user isn't authenticated, an empty dict will be returned. For example, if we call to ``get_attributes`` before a ``auth.process_response``, the ``get_attributes()`` will return an empty dict. ***Single Logout Service (SLS)*** This code handles the Logout Request and the Logout Responses. ```python delete_session_callback = lambda: request.session.flush() url = auth.process_slo(delete_session_cb=delete_session_callback) errors = auth.get_errors() if len(errors) == 0: if url is not None: return redirect(url) else: print("Sucessfully Logged out") else: print("Error when processing SLO: %s %s" % (', '.join(errors), auth.get_last_error_reason())) ``` If the SLS endpoints receives a Logout Response, the response is validated and the session could be closed, using the callback. ```python # Part of the process_slo method logout_response = OneLogin_Saml2_Logout_Response(self.__settings, self.__request_data['get_data']['SAMLResponse']) if not logout_response.is_valid(self.__request_data, request_id): self.__errors.append('invalid_logout_response') elif logout_response.get_status() != OneLogin_Saml2_Constants.STATUS_SUCCESS: self.__errors.append('logout_not_success') elif not keep_local_session: OneLogin_Saml2_Utils.delete_local_session(delete_session_cb) ``` If the SLS endpoints receives an Logout Request, the request is validated, the session is closed and a Logout Response is sent to the SLS endpoint of the IdP. ```python # Part of the process_slo method request = OneLogin_Saml2_Utils.decode_base64_and_inflate(self.__request_data['get_data']['SAMLRequest']) if not OneLogin_Saml2_Logout_Request.is_valid(self.__settings, request, self.__request_data): self.__errors.append('invalid_logout_request') else: if not keep_local_session: OneLogin_Saml2_Utils.delete_local_session(delete_session_cb) in_response_to = request.id response_builder = OneLogin_Saml2_Logout_Response(self.__settings) response_builder.build(in_response_to) logout_response = response_builder.get_response() parameters = {'SAMLResponse': logout_response} if 'RelayState' in self.__request_data['get_data']: parameters['RelayState'] = self.__request_data['get_data']['RelayState'] security = self.__settings.get_security_data() if 'logoutResponseSigned' in security and security['logoutResponseSigned']: parameters['SigAlg'] = OneLogin_Saml2_Constants.RSA_SHA1 parameters['Signature'] = self.build_response_signature(logout_response, parameters.get('RelayState', None)) return self.redirect_to(self.get_slo_url(), parameters) ``` If we don't want that ``process_slo`` to destroy the session, pass a ``true`` parameter to the ``process_slo`` method: ```python keepLocalSession = true auth.process_slo(keep_local_session=keepLocalSession); ``` #### Initiate SLO #### In order to send a Logout Request to the IdP: The Logout Request will be sent signed or unsigned based on the security info of the ``advanced_settings.json`` (``logoutRequestSigned``). The IdP will return the Logout Response through the user's client to the Single Logout Service (SLS) of the SP. We can set a ``return_to`` url parameter to the logout function and that will be converted as a ``RelayState`` parameter: ```python target_url = 'https://example.com' auth.logout(return_to=target_url) ``` Also there are another 5 optional parameters that can be set: * ``name_id``: That will be used to build the ``LogoutRequest``. If no ``name_id`` parameter is set and the auth object processed a SAML Response with a ``NameId``, then this ``NameId`` will be used. * ``session_index``: ``SessionIndex`` that identifies the session of the user. * ``nq``: IDP Name Qualifier. * ``name_id_format``: The ``NameID`` Format that will be set in the ``LogoutRequest``. * ``spnq``: The ``NameID SP NameQualifier`` will be set in the ``LogoutRequest``. If no ``name_id`` is provided, the ``LogoutRequest`` will contain a ``NameID`` with the entity Format. If ``name_id`` is provided and no ``name_id_format`` is provided, the ``NameIDFormat`` of the settings will be used. If a match on the ``LogoutResponse`` ID and the ``LogoutRequest`` ID to be sent is required, that ``LogoutRequest`` ID must to be extracted and stored for future validation, we can get that ID by: ```python auth.get_last_request_id() ``` #### Example of a view that initiates the SSO request and handles the response (is the acs target) #### We can code a unique file that initiates the SSO process, handle the response, get the attributes, initiate the SLO and processes the logout response. Note: Review the demos, in a later section we explain the demo use case further in detail. ```python req = prepare_request_for_toolkit(request) # Process the request and build the request dict that # the toolkit expects auth = OneLogin_Saml2_Auth(req) # Initialize the SP SAML instance if 'sso' in request.args: # SSO action (SP-SSO initited). Will send an AuthNRequest to the IdP return redirect(auth.login()) elif 'sso2' in request.args: # Another SSO init action return_to = '%sattrs/' % request.host_url # but set a custom RelayState URL return redirect(auth.login(return_to)) elif 'slo' in request.args: # SLO action. Will sent a Logout Request to IdP nameid = request.session['samlNameId'] nameid_format = request.session['samlNameIdFormat'] nameid_nq = request.session['samlNameIdNameQualifier'] nameid_spnq = request.session['samlNameIdSPNameQualifier'] session_index = request.session['samlSessionIndex'] return redirect(auth.logout(None, nameid, session_index, nameid_nq, nameid_format, nameid_spnq)) elif 'acs' in request.args: # Assertion Consumer Service auth.process_response() # Process the Response of the IdP errors = auth.get_errors() # This method receives an array with the errors if len(errors) == 0: # that could took place during the process if not auth.is_authenticated(): # This check if the response was ok and the user msg = "Not authenticated" # data retrieved or not (user authenticated) else: request.session['samlUserdata'] = auth.get_attributes() # Retrieves user data request.session['samlNameId'] = auth.get_nameid() request.session['samlNameIdFormat'] = auth.get_nameid_format() request.session['samlNameIdNameQualifier'] = auth.get_nameid_nq() request.session['samlNameIdSPNameQualifier'] = auth.get_nameid_spnq() request.session['samlSessionIndex'] = auth.get_session_index() self_url = OneLogin_Saml2_Utils.get_self_url(req) if 'RelayState' in request.form and self_url != request.form['RelayState']: return redirect(auth.redirect_to(request.form['RelayState'])) # Redirect if there is a relayState else: # If there is user data we save that to print it later. msg = '' for attr_name in request.session['samlUserdata'].keys(): msg += '%s ==> %s' % (attr_name, '|| '.join(request.session['samlUserdata'][attr_name])) elif 'sls' in request.args: # Single Logout Service delete_session_callback = lambda: session.clear() # Obtain session clear callback url = auth.process_slo(delete_session_cb=delete_session_callback) # Process the Logout Request & Logout Response errors = auth.get_errors() # Retrieves possible validation errors if len(errors) == 0: if url is not None: return redirect(url) else: msg = "Sucessfully logged out" if len(errors) == 0: print(msg) else: print(', '.join(errors)) ``` ### SP Key rollover ### If you plan to update the SP ``x509cert`` and ``privateKey`` you can define the new ``x509cert`` as ``settings['sp']['x509certNew']`` and it will be published on the SP metadata so Identity Providers can read them and get ready for rollover. ### IdP with multiple certificates ### In some scenarios the IdP uses different certificates for signing/encryption, or is under key rollover phase and more than one certificate is published on IdP metadata. In order to handle that the toolkit offers the ``settings['idp']['x509certMulti']`` parameter. When that parameter is used, ``x509cert`` and ``certFingerprint`` values will be ignored by the toolkit. The ``x509certMulti`` is an array with 2 keys: - ``signing``: An array of certs that will be used to validate IdP signature - ``encryption``: An array with one unique cert that will be used to encrypt data to be sent to the IdP. ### Replay attacks ### In order to avoid replay attacks, you can store the ID of the SAML messages already processed, to avoid processing them twice. Since the Messages expires and will be invalidated due that fact, you don't need to store those IDs longer than the time frame that you currently accepting. Get the ID of the last processed message/assertion with the ``get_last_message_id/get_last_assertion_id`` method of the ``Auth`` object. ### Main classes and methods ### Described below are the main classes and methods that can be invoked from the SAML2 library. #### OneLogin_Saml2_Auth - auth.py #### Main class of OneLogin Python Toolkit * `__init__` Initializes the SP SAML instance. * ***login*** Initiates the SSO process. * ***logout*** Initiates the SLO process. * ***process_response*** Process the SAML Response sent by the IdP. * ***process_slo*** Process the SAML Logout Response / Logout Request sent by the IdP. * ***redirect_to*** Redirects the user to the url past by parameter or to the url that we defined in our SSO Request. * ***is_authenticated*** Checks if the user is authenticated or not. * ***get_attributes*** Returns the set of SAML attributes. * ***get_attribute*** Returns the requested SAML attribute. * ***get_nameid*** Returns the ``nameID``. * ***get_session_index*** Gets the ``SessionIndex`` from the ``AuthnStatement``. * ***get_session_expiration*** Gets the ``SessionNotOnOrAfter`` from the ``AuthnStatement``. * ***get_errors*** Returns a list with code errors if something went wrong. * ***get_last_error_reason*** Returns the reason of the last error * ***get_sso_url*** Gets the SSO url. * ***get_slo_url*** Gets the SLO url. * ***get_last_request_id*** The ID of the last Request SAML message generated (``AuthNRequest``, ``LogoutRequest``). * ***get_last_authn_contexts*** Returns the list of authentication contexts sent in the last SAML Response. * ***build_request_signature*** Builds the Signature of the SAML Request. * ***build_response_signature*** Builds the Signature of the SAML Response. * ***get_settings*** Returns the settings info. * ***set_strict*** Set the strict mode active/disable. * ***get_last_request_xml*** Returns the most recently-constructed/processed XML SAML request (``AuthNRequest``, ``LogoutRequest``) * ***get_last_response_xml*** Returns the most recently-constructed/processed XML SAML response (``SAMLResponse``, ``LogoutResponse``). If the SAMLResponse had an encrypted assertion, decrypts it. * ***get_last_message_id*** The ID of the last Response SAML message processed. * ***get_last_assertion_id*** The ID of the last assertion processed. * ***get_last_assertion_not_on_or_after*** The ``NotOnOrAfter`` value of the valid ``SubjectConfirmationData`` node (if any) of the last assertion processed (is only calculated with strict = true) #### OneLogin_Saml2_Auth - authn_request.py #### SAML 2 Authentication Request class * `__init__` This class handles an ``AuthNRequest``. It builds an ``AuthNRequest`` object. * ***get_request*** Returns unsigned ``AuthnRequest``. * ***get_id*** Returns the ``AuthNRequest`` ID. * ***get_xml*** Returns the XML that will be sent as part of the request. #### OneLogin_Saml2_Response - response.py #### SAML 2 Authentication Response class * `__init__` Constructs the SAML Response object. * ***is_valid*** Determines if the SAML Response is valid. Includes checking of the signature by a certificate. * ***check_status*** Check if the status of the response is success or not * ***get_audiences*** Gets the audiences * ***get_issuers*** Gets the issuers (from message and from assertion) * ***get_nameid_data*** Gets the NameID Data provided by the SAML Response from the IdP (returns a dict) * ***get_nameid*** Gets the NameID provided by the SAML Response from the IdP (returns a string) * ***get_session_not_on_or_after*** Gets the ``SessionNotOnOrAfter`` from the ``AuthnStatement`` * ***get_session_index*** Gets the ``SessionIndex`` from the ``AuthnStatement`` * ***get_attributes*** Gets the Attributes from the ``AttributeStatement`` element. * ***validate_num_assertions*** Verifies that the document only contains a single Assertion (encrypted or not) * ***validate_timestamps*** Verifies that the document is valid according to Conditions Element * ***get_error*** After execute a validation process, if fails this method returns the cause * ***get_xml_document*** Returns the SAML Response document (If contains an encrypted assertion, decrypts it). * ***get_id*** the ID of the response * ***get_assertion_id*** the ID of the assertion in the response * ***get_assertion_not_on_or_after*** the ``NotOnOrAfter`` value of the valid ``SubjectConfirmationData`` if any #### OneLogin_Saml2_LogoutRequest - logout_request.py #### SAML 2 Logout Request class * `__init__` Constructs the Logout Request object. * ***get_request*** Returns the Logout Request deflated, base64-encoded. * ***get_id*** Returns the ID of the Logout Request. (If you have the object you can access to the id attribute) * ***get_nameid_data*** Gets the NameID Data of the the Logout Request (returns a dict). * ***get_nameid*** Gets the NameID of the Logout Request Message (returns a string). * ***get_issuer*** Gets the Issuer of the Logout Request Message. * ***get_session_indexes*** Gets the ``SessionIndexes`` from the Logout Request. * ***is_valid*** Checks if the Logout Request recieved is valid. * ***get_error*** After execute a validation process, if fails this method returns the cause. * ***get_xml*** Returns the XML that will be sent as part of the request or that was received at the SP #### OneLogin_Saml2_LogoutResponse - logout_response.py #### SAML 2 Logout Response class * `__init__` Constructs a Logout Response object. * ***get_issuer*** Gets the Issuer of the Logout Response Message * ***get_status*** Gets the Status of the Logout Response. * ***is_valid*** Determines if the SAML ``LogoutResponse`` is valid * ***build*** Creates a Logout Response object. * ***get_response*** Returns a Logout Response object. * ***get_error*** After execute a validation process, if fails this method returns the cause. * ***get_xml*** Returns the XML that will be sent as part of the response or that was received at the SP #### OneLogin_Saml2_Settings - settings.py #### Configuration of the OneLogin Python Toolkit * `__init__` Initializes the settings: Sets the paths of the different folders and Loads settings info from settings file or array/object provided. * ***check_settings*** Checks the settings info. * ***check_idp_settings*** Checks the IdP settings info. * ***check_sp_settings*** Checks the SP settings info. * ***get_errors*** Returns an array with the errors, the array is empty when the settings is ok. * ***get_sp_metadata*** Gets the SP metadata. The XML representation. * ***validate_metadata*** Validates an XML SP Metadata. * ***get_base_path*** Returns base path. * ***get_cert_path*** Returns cert path. * ***get_lib_path*** Returns lib path. * ***get_ext_lib_path*** Returns external lib path. * ***get_schemas_path*** Returns schema path. * ***check_sp_certs*** Checks if the X.509 certs of the SP exists and are valid. * ***get_sp_key*** Returns the X.509 private key of the SP. * ***get_sp_cert*** Returns the X.509 public cert of the SP. * ***get_sp_cert_new*** Returns the future X.509 public cert of the SP. * ***get_idp_cert*** Returns the X.509 public cert of the IdP. * ***get_sp_data*** Gets the SP data. * ***get_idp_data*** Gets the IdP data. * ***get_security_data*** Gets security data. * ***get_contacts*** Gets contacts data. * ***get_organization*** Gets organization data. * ***format_idp_cert*** Formats the IdP cert. * ***format_idp_cert_multi*** Formats all registered IdP certs. * ***format_sp_cert*** Formats the SP cert. * ***format_sp_cert_new*** Formats the SP cert new. * ***format_sp_key*** Formats the private key. * ***set_strict*** Activates or deactivates the strict mode. * ***is_strict*** Returns if the ``strict`` mode is active. * ***is_debug_active*** Returns if the debug is active. #### OneLogin_Saml2_Metadata - metadata.py #### A class that contains functionality related to the metadata of the SP * ***builder*** Generates the metadata of the SP based on the settings. * ***sign_metadata*** Signs the metadata with the key/cert provided. * ***add_x509_key_descriptors*** Adds the X.509 descriptors (sign/encryption) to the metadata #### OneLogin_Saml2_Utils - utils.py #### Auxiliary class that contains several methods * ***decode_base64_and_inflate*** Base64 decodes and then inflates according to RFC1951. * ***deflate_and_base64_encode*** Deflates and the base64 encodes a string. * ***format_cert*** Returns a X.509 cert (adding header & footer if required). * ***format_private_key*** Returns a private key (adding header & footer if required). * ***redirect*** Executes a redirection to the provided url (or return the target url). * ***get_self_url_host*** Returns the protocol + the current host + the port (if different than common ports). * ***get_self_host*** Returns the current host. * ***is_https*** Checks if https or http. * ***get_self_url_no_query*** Returns the URL of the current host + current view. * ***get_self_routed_url_no_query*** Returns the routed URL of the current host + current view. * ***get_self_url*** Returns the URL of the current host + current view + query. * ***generate_unique_id*** Generates an unique string (used for example as ID for assertions). * ***parse_time_to_SAML*** Converts a UNIX timestamp to SAML2 timestamp on the form yyyy-mm-ddThh:mm:ss(\.s+)?Z. * ***parse_SAML_to_time*** Converts a SAML2 timestamp on the form yyyy-mm-ddThh:mm:ss(\.s+)?Z to a UNIX timestamp. * ***now*** Returns unix timestamp of actual time. * ***parse_duration*** Interprets a ISO8601 duration value relative to a given timestamp. * ***get_expire_time*** Compares 2 dates and returns the earliest. * ***delete_local_session*** Deletes the local session. * ***calculate_X.509_fingerprint*** Calculates the fingerprint of a X.509 cert. * ***format_finger_print*** Formates a fingerprint. * ***generate_name_id*** Generates a nameID. * ***get_status*** Gets Status from a Response. * ***decrypt_element*** Decrypts an encrypted element. * ***write_temp_file*** Writes some content into a temporary file and returns it. * ***add_sign*** Adds signature key and senders certificate to an element (Message or Assertion). * ***validate_sign*** Validates a signature (Message or Assertion). * ***validate_binary_sign*** Validates signed bynary data (Used to validate GET Signature). #### OneLogin_Saml2_XML- xml_utils.py #### A class that contains methods to handle XMLs * ***to_string*** Serialize an element to an encoded string representation of its XML tree. * ***to_etree*** Parses an XML document or fragment from a string. * ***validate_xml*** Validates a xml against a schema * ***query*** Extracts nodes that match the query from the Element * ***extract_tag_text*** #### OneLogin_Saml2_IdPMetadataParser - idp_metadata_parser.py #### A class that contains methods to obtain and parse metadata from IdP * ***get_metadata*** Get the metadata XML from the provided URL * ***parse_remote*** Get the metadata XML from the provided URL and parse it, returning a dict with extracted data * ***parse*** Parse the Identity Provider metadata and returns a dict with extracted data * ***merge_settings*** Will update the settings with the provided new settings data extracted from the IdP metadata For more info, look at the source code. Each method is documented and details about what does and how to use it are provided. Make sure to also check the doc folder where HTML documentation about the classes and methods is provided. Demos included in the toolkit ----------------------------- The toolkit includes 3 demos to teach how use the toolkit (A Django, Flask and a Tornado project), take a look on it. Demos require that SP and IdP are well configured before test it, so edit the settings files. Notice that each python framework has it own way to handle routes/urls and process request, so focus on how it deployed. New demos using other python frameworks are welcome as a contribution. ### Getting Started ### We said that this toolkit includes a Django application demo and a Flask application demo, let's see how fast is it to deploy them. ***Virtualenv*** The use of a [virtualenv](http://virtualenv.readthedocs.org/en/latest/) is highly recommended. Virtualenv helps isolating the python enviroment used to run the toolkit. You can find more details and an installation guide in the [official documentation](http://virtualenv.readthedocs.org/en/latest/). Once you have your virtualenv ready and loaded, then you can install the toolkit on it in development mode executing this: ``` python setup.py develop ``` Using this method of deployment the toolkit files will be linked instead of copied, so if you make changes on them you won't need to reinstall the toolkit. If you want install it in a normal mode, execute: ``` python setup.py install ``` ### Demo Flask ### You'll need a virtualenv with the toolkit installed on it. To run the demo you need to install the requirements first. Load your virtualenv and execute: ``` pip install -r demo-flask/requirements.txt ``` This will install flask and its dependencies. Once it has finished, you have to complete the configuration of the toolkit. You'll find it at `demo-flask/settings.json` Now, with the virtualenv loaded, you can run the demo like this: ``` cd demo-flask python index.py ``` You'll have the demo running at http://localhost:8000 #### Content #### The flask project contains: * ***index.py*** Is the main flask file, where or the SAML handle take place. * ***templates***. Is the folder where flask stores the templates of the project. It was implemented a base.html template that is extended by index.html and attrs.html, the templates of our simple demo that shows messages, user attributes when available and login and logout links. * ***saml*** Is a folder that contains the 'certs' folder that could be used to store the X.509 public and private key, and the saml toolkit settings (settings.json and advanced_settings.json). #### SP setup #### The Onelogin's Python Toolkit allows you to provide the settings info in 2 ways: Settings files or define a setting dict. In the ``demo-flask``, it uses the first method. In the ``index.py`` file we define the ``app.config['SAML_PATH']``, that will target to the ``saml`` folder. We require it in order to load the settings files. First we need to edit the ``saml/settings.json`` file, configure the SP part and review the metadata of the IdP and complete the IdP info. Later edit the ``saml/advanced_settings.json`` files and configure the how the toolkit will work. Check the settings section of this document if you have any doubt. #### IdP setup #### Once the SP is configured, the metadata of the SP is published at the ``/metadata`` url. Based on that info, configure the IdP. #### How it works #### 1. First time you access to the main view (http://localhost:8000), you can select to login and return to the same view or login and be redirected to ``/?attrs`` (attrs view). 2. When you click: 2.1 in the first link, we access to ``/?sso`` (index view). An ``AuthNRequest`` is sent to the IdP, we authenticate at the IdP and then a Response is sent through the user's client to the SP, specifically the Assertion Consumer Service view: ``/?acs``. Notice that a ``RelayState`` parameter is set to the url that initiated the process, the index view. 2.2 in the second link we access to ``/?attrs`` (attrs view), we will expetience have the same process described at 2.1 with the diference that as ``RelayState`` is set the ``attrs`` url. 3. The SAML Response is processed in the ACS ``/?acs``, if the Response is not valid, the process stops here and a message is shown. Otherwise we are redirected to the ``RelayState`` view. a) / or b) ``/?attrs`` 4. We are logged in the app and the user attributes are showed. At this point, we can test the single log out functionality. The single log out functionality could be tested by 2 ways. 5.1 SLO Initiated by SP. Click on the ``logout`` link at the SP, after that a Logout Request is sent to the IdP, the session at the IdP is closed and replies through the client to the SP with a Logout Response (sent to the Single Logout Service endpoint). The SLS endpoint ``/?sls`` of the SP process the Logout Response and if is valid, close the user session of the local app. Notice that the SLO Workflow starts and ends at the SP. 5.2 SLO Initiated by IdP. In this case, the action takes place on the IdP side, the logout process is initiated at the IdP, sends a Logout Request to the SP (SLS endpoint, ``/?sls``). The SLS endpoint of the SP process the Logout Request and if is valid, close the session of the user at the local app and send a Logout Response to the IdP (to the SLS endpoint of the IdP). The IdP receives the Logout Response, process it and close the session at of the IdP. Notice that the SLO Workflow starts and ends at the IdP. Notice that all the SAML Requests and Responses are handled at a unique view (index) and how GET parameters are used to know the action that must be done. ### Demo Tornado ### You'll need a virtualenv with the toolkit installed on it. First of all you need some packages, execute: ``` apt-get install libxml2-dev libxmlsec1-dev libxmlsec1-openssl ``` To run the demo you need to install the requirements first. Load your virtualenv and execute: ``` pip install -r demo-tornado/requirements.txt ``` This will install tornado and its dependencies. Once it has finished, you have to complete the configuration of the toolkit. You'll find it at `demo-tornado/saml/settings.json` Now, with the virtualenv loaded, you can run the demo like this: ``` cd demo-tornado python views.py ``` You'll have the demo running at http://localhost:8000 #### Content #### The tornado project contains: * ***views.py*** Is the main flask file, where or the SAML handle take place. * ***settings.py*** Contains the base path and the path where is located the ``saml`` folder and the ``template`` folder * ***templates***. Is the folder where tornado stores the templates of the project. It was implemented a base.html template that is extended by index.html and attrs.html, the templates of our simple demo that shows messages, user attributes when available and login and logout links. * ***saml*** Is a folder that contains the 'certs' folder that could be used to store the X.509 public and private key, and the saml toolkit settings (settings.json and advanced_settings.json). #### SP setup #### The Onelogin's Python Toolkit allows you to provide the settings info in 2 ways: Settings files or define a setting dict. In the ``demo-tornado``, it uses the first method. In the ``settings.py`` file we define the ``SAML_PATH``, that will target to the ``saml`` folder. We require it in order to load the settings files. First we need to edit the ``saml/settings.json`` file, configure the SP part and review the metadata of the IdP and complete the IdP info. Later edit the ``saml/advanced_settings.json`` files and configure the how the toolkit will work. Check the settings section of this document if you have any doubt. #### IdP setup #### Once the SP is configured, the metadata of the SP is published at the ``/metadata`` url. Based on that info, configure the IdP. #### How it works #### 1. First time you access to the main view (http://localhost:8000), you can select to login and return to the same view or login and be redirected to ``/?attrs`` (attrs view). 2. When you click: 2.1 in the first link, we access to ``/?sso`` (index view). An ``AuthNRequest`` is sent to the IdP, we authenticate at the IdP and then a Response is sent through the user's client to the SP, specifically the Assertion Consumer Service view: ``/?acs``. Notice that a ``RelayState`` parameter is set to the url that initiated the process, the index view. 2.2 in the second link we access to ``/?attrs`` (attrs view), we will expetience have the same process described at 2.1 with the diference that as ``RelayState`` is set the ``attrs`` url. 3. The SAML Response is processed in the ACS ``/?acs``, if the Response is not valid, the process stops here and a message is shown. Otherwise we are redirected to the ``RelayState`` view. a) / or b) ``/?attrs`` 4. We are logged in the app and the user attributes are showed. At this point, we can test the single log out functionality. The single log out functionality could be tested by 2 ways. 5.1 SLO Initiated by SP. Click on the ``logout`` link at the SP, after that a Logout Request is sent to the IdP, the session at the IdP is closed and replies through the client to the SP with a Logout Response (sent to the Single Logout Service endpoint). The SLS endpoint ``/?sls`` of the SP process the Logout Response and if is valid, close the user session of the local app. Notice that the SLO Workflow starts and ends at the SP. 5.2 SLO Initiated by IdP. In this case, the action takes place on the IdP side, the logout process is initiated at the IdP, sends a Logout Request to the SP (SLS endpoint, ``/?sls``). The SLS endpoint of the SP process the Logout Request and if is valid, close the session of the user at the local app and send a Logout Response to the IdP (to the SLS endpoint of the IdP). The IdP receives the Logout Response, process it and close the session at of the IdP. Notice that the SLO Workflow starts and ends at the IdP. Notice that all the SAML Requests and Responses are handled at a unique view (index) and how GET parameters are used to know the action that must be done. ### Demo Django ### You'll need a virtualenv with the toolkit installed on it. To run the demo you need to install the requirements first. Load your virtualenv and execute: ``` pip install -r demo-django/requirements.txt ``` This will install django and its dependencies. Once it has finished, you have to complete the configuration of the toolkit. Later, with the virtualenv loaded, you can run the demo like this: ``` cd demo-django python manage.py runserver 0.0.0.0:8000 ``` You'll have the demo running at http://localhost:8000. Note that many of the configuration files expect HTTPS. This is not required by the demo, as replacing these SP URLs with HTTP will work just fine. HTTPS is however highly encouraged, and left as an exercise for the reader for their specific needs. If you want to integrate a production django application, take a look on this SAMLServiceProviderBackend that uses our toolkit to add SAML support: https://github.com/KristianOellegaard/django-saml-service-provider #### Content #### The django project contains: * ***manage.py***. A file that is automatically created in each Django project. Is a thin wrapper around django-admin.py that takes care of putting the project’s package on ``sys.path`` and sets the ``DJANGO_SETTINGS_MODULE`` environment variable. * ***saml*** Is a folder that contains the 'certs' folder that could be used to store the X.509 public and private key, and the saml toolkit settings (``settings.json`` and ``advanced_settings.json``). * ***demo*** Is the main folder of the django project, that contains the typical files: * ***settings.py*** Contains the default parameters of a django project except the ``SAML_FOLDER`` parameter, that may contain the path where is located the ``saml`` folder. * ***urls.py*** A file that define url routes. In the demo we defined ``'/'`` that is related to the index view, ``'/attrs'`` that is related with the attrs view and ``'/metadata'``, related to the metadata view. * ***views.py*** This file contains the views of the django project and some aux methods. * ***wsgi.py*** A file that let as deploy django using WSGI, the Python standard for web servers and applications. * ***templates***. Is the folder where django stores the templates of the project. It was implemented a ``base.html`` template that is extended by ``index.html`` and ``attrs.html``, the templates of our simple demo that shows messages, user attributes when available and login and logout links. #### SP setup #### The Onelogin's Python Toolkit allows you to provide the settings info in 2 ways: settings files or define a setting dict. In the demo-django it used the first method. After set the ``SAML_FOLDER`` in the ``demo/settings.py``, the settings of the Python toolkit will be loaded on the Django web. First we need to edit the ``saml/settings.json``, configure the SP part and review the metadata of the IdP and complete the IdP info. Later edit the ``saml/advanced_settings.json`` files and configure the how the toolkit will work. Check the settings section of this document if you have any doubt. #### IdP setup #### Once the SP is configured, the metadata of the SP is published at the ``/metadata`` url. Based on that info, configure the IdP. #### How it works #### This demo works very similar to the ``flask-demo`` (We did it intentionally). ### Getting up and running on Heroku ### Getting ``python3-saml`` up and running on Heroku will require some extra legwork: ``python3-saml`` depends on ``python-xmlsec`` which depends on headers from the ``xmlsec1-dev`` Linux package to install correctly. First you will need to add the ```apt``` buildpack to your build server: ``` heroku buildpacks:add --index=1 -a your-app heroku-community/apt heroku buildpacks:add --index=2 -a your-app heroku/python ``` You can confirm the buildpacks have been added in the correct order with ```heroku buildpacks -a your-app```, you should see the apt buildpack first followed by the Python buildpack. Then add an ```Aptfile``` into the root of your repository containing the ```libxmlsec1-dev``` package, the file should look like: ``` libxmlsec1-dev ``` Finally, add ``python3-saml`` to your ``requirements.txt`` and ```git push``` to trigger a build. ### Demo Pyramid ### Unlike the other two projects, you don't need a pre-existing virtualenv to get up and running here, since Pyramid comes from the [buildout](http://www.buildout.org/en/latest/) school of thought. To run the demo you need to install Pyramid, the requirements, etc.: ``` cd demo_pyramid python3 -m venv env env/bin/pip install --upgrade pip setuptools env/bin/pip install -e ".[testing]" ``` If you want to make sure the tests pass, run: ``` env/bin/pytest ``` Next, edit the settings in `demo_pyramid/saml/settings.json`. (Pyramid runs on port 6543 by default.) Now you can run the demo like this: ``` env/bin/pserve development.ini ``` If that worked, the demo is now running at http://localhost:6543. #### Content #### The Pyramid project contains: * ***\_\_init__.py*** is the main Pyramid file that configures the app and its routes. * ***views.py*** is where all the SAML handling takes place. * ***templates*** is the folder where Pyramid stores the templates of the project. It was implemented a ``layout.jinja2`` template that is extended by ``index.jinja2`` and ``attrs.jinja2``, the templates of our simple demo that shows messages, user attributes when available and login and logout links. * ***saml*** is a folder that contains the 'certs' folder that could be used to store the X.509 public and private key, and the saml toolkit settings (``settings.json`` and ``advanced_settings.json``). #### SP setup #### The Onelogin's Python Toolkit allows you to provide the settings info in 2 ways: settings files or define a setting dict. In ``demo_pyramid`` the first method is used. In the ``views.py`` file we define the ``SAML_PATH``, which will target the ``saml`` folder. We require it in order to load the settings files. First we need to edit the ``saml/settings.json``, configure the SP part and review the metadata of the IdP and complete the IdP info. Later edit the ``saml/advanced_settings.json`` files and configure the how the toolkit will work. Check the settings section of this document if you have any doubt. #### IdP setup #### Once the SP is configured, the metadata of the SP is published at the ``/metadata`` url. Based on that info, configure the IdP. #### How it works #### 1. First time you access to the main view (http://localhost:6543), you can select to login and return to the same view or login and be redirected to ``/?attrs`` (attrs view). 2. When you click: 2.1 in the first link, we access to ``/?sso`` (index view). An ``AuthNRequest`` is sent to the IdP, we authenticate at the IdP and then a Response is sent through the user's client to the SP, specifically the Assertion Consumer Service view: ``/?acs``. Notice that a ``RelayState`` parameter is set to the url that initiated the process, the index view. 2.2 in the second link we access to ``/?attrs`` (attrs view), we will experience the same process described at 2.1 with the diference that as ``RelayState`` is set the ``attrs`` url. 3. The SAML Response is processed in the ACS ``/?acs``, if the Response is not valid, the process stops here and a message is shown. Otherwise we are redirected to the ``RelayState`` view. a) ``/`` or b) ``/?attrs`` 4. We are logged in the app and the user attributes are showed. At this point, we can test the single log out functionality. The single log out funcionality could be tested by 2 ways. 5.1 SLO Initiated by SP. Click on the "logout" link at the SP, after that a Logout Request is sent to the IdP, the session at the IdP is closed and replies through the client to the SP with a Logout Response (sent to the Single Logout Service endpoint). The SLS endpoint /?sls of the SP process the Logout Response and if is valid, close the user session of the local app. Notice that the SLO Workflow starts and ends at the SP. 5.2 SLO Initiated by IdP. In this case, the action takes place on the IdP side, the logout process is initiated at the IdP, sends a Logout Request to the SP (SLS endpoint, /?sls). The SLS endpoint of the SP process the Logout Request and if is valid, close the session of the user at the local app and send a Logout Response to the IdP (to the SLS endpoint of the IdP). The IdP receives the Logout Response, process it and close the session at of the IdP. Notice that the SLO Workflow starts and ends at the IdP. Notice that all the SAML Requests and Responses are handled at a unique view (index) and how GET parameters are used to know the action that must be done. python3-saml-1.12.0/changelog.md000066400000000000000000000240141410551756100164100ustar00rootroot00000000000000# python3-saml changelog ### 1.12.0 (Aug 13, 2021) * [#276](https://github.com/onelogin/python3-saml/pull/276) Deprecate server_port from request data dictionary ### 1.11.0 (Jul 23, 2021) * [#261](https://github.com/onelogin/python3-saml/pull/261) Allow duplicate named attributes, controlled by a new setting * [#268](https://github.com/onelogin/python3-saml/pull/268) Make the redirect scheme matcher case-insensitive * [#256](https://github.com/onelogin/python3-saml/pull/256) Improve signature validation process. Add an option to use query string for validation * [#259](https://github.com/onelogin/python3-saml/pull/259) Add get metadata timeout * [#246](https://github.com/onelogin/python3-saml/pull/246) Add the ability to change the ProtocolBinding in the authn request. * [#248](https://github.com/onelogin/python3-saml/pull/248) Move storing the response data into its own method in the Auth class * Remove the dependency on defusedxml * [#241](https://github.com/onelogin/python3-saml/pull/241) Improve AttributeConsumingService support * Update expired dates from test responses * Migrate from Travis to Github Actions ### 1.10.1 (Jan 27, 2021) * Fix bug on LogoutRequest class, get_idp_slo_response_url was used instead get_idp_slo_url ### 1.10.0 (Jan 14, 2021) * Added custom lxml parser based on the one defined at xmldefused. Parser will ignore comments and processing instructions and by default have deactivated huge_tree, DTD and access to external documents * Destination URL Comparison is now case-insensitive for netloc * Support single-label-domains as valid. New security parameter allowSingleLabelDomains * Added get_idp_sso_url, get_idp_slo_url and get_idp_slo_response_url methods to the Settings class and use it in the toolkit * [#212](https://github.com/onelogin/python3-saml/pull/212) Overridability enhancements. Made classes overridable by subclassing. Use of classmethods instead staticmethods * Add get_friendlyname_attributes support * Remove external lib method get_ext_lib_path. Add set_cert_path in order to allow set the cert path in a different folder than the toolkit * Add sha256 instead sha1 algorithm for sign/digest as recommended value on documentation and settings * [#178](https://github.com/onelogin/python3-saml/pull/178) Support for adding idp.crt from filesystem * Add samlUserdata to demo-flask session * Fix autoreloading in demo-tornado ### 1.9.0 (Nov 20, 2019) * Allow any number of decimal places for seconds on SAML datetimes * Fix failOnAuthnContextMismatch code * Improve signature validation when no reference uri * Update demo versions. Improve them and add Tornado demo. ### 1.8.0 (Sep 11, 2019) * Set true as the default value for strict setting * [#152](https://github.com/onelogin/python3-saml/pull/152/files) Don't clean xsd and xsi namespaces * Drop python3.4 support due lxml. See lxml 4.4.0 (2019-07-27) ### 1.7.0 (Jul 02, 2019) * Adjusted acs endpoint to extract NameQualifier and SPNameQualifier from SAMLResponse. Adjusted single logout service to provide NameQualifier and SPNameQualifier to logout method. Add getNameIdNameQualifier to Auth and SamlResponse. Extend logout method from Auth and LogoutRequest constructor to support SPNameQualifier parameter. Align LogoutRequest constructor with SAML specs * Added get_in_response_to method to Response and LogoutResponse classes * Update defusexml dependency ### 1.6.0 (Apr 10, 2019) * Add support for Subjects on AuthNRequests by the new name_id_value_req parameter * [#127](https://github.com/onelogin/python3-saml/pull/127) Fix for SLO when XML specifies encoding * [#126](https://github.com/onelogin/python3-saml/pull/126) Fixed setting NameFormat attribute for AttributeValue tags ### 1.5.0 (Jan 29, 2019) * Security improvements. Use of tagid to prevent XPath injection. Disable DTD on fromstring defusedxml method * [#97](https://github.com/onelogin/python3-saml/pull/97) Check that the response has all of the AuthnContexts that we provided * Adapt renders from Django demo for Django 1.11 version * Update pylint dependency to 1.9.1 * If debug enable, print reason for the SAMLResponse invalidation * Fix DSA constant * [#106](https://github.com/onelogin/python3-saml/pull/106) Support NameID children inside of AttributeValue elements * Start using flake8 for code quality ### 1.4.1 (Apr 25, 2018) * Add ID to EntityDescriptor before sign it on add_sign method. * Update defusedxml, coveralls and coverage dependencies * Update copyright and license reference ### 1.4.0 (Feb 27, 2018) * Fix vulnerability [CVE-2017-11427](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11427). Process text of nodes properly, ignoring comments * Improve how fingerprint is calcultated * Fix issue with LogoutRequest rejected by ADFS due NameID with unspecified format instead no format attribute * Fix signature position in the SP metadata * [#80](https://github.com/onelogin/python3-saml/pull/80) Preserve xmlns:xs namespace when signing and serializing responses * Redefine NSMAP constant * Updated Django demo (Django 1.11). ### 1.3.0 (Sep 15, 2017) * Improve decrypt method, Add an option to decrypt an element in place or copy it before decryption. * [#63](https://github.com/onelogin/python3-saml/pull/63) Be able to get at the auth object the last processed ID (response/assertion) and the last generated ID, as well as the NotOnOrAfter value of the valid SubjectConfirmationData in the processed SAMLResponse * On a LogoutRequest if the NameIdFormat is entity, NameQualifier and SPNameQualifier will be ommited. If the NameIdFormat is not entity and a NameQualifier is provided, then the SPNameQualifier will be also added. * Reset errorReason attribute of the auth object before each Process method * [#65](https://github.com/onelogin/python3-saml/pull/65) Fix issue on getting multiple certs when only sign or encryption certs ### 1.2.6 (Jun 15, 2017) * Use defusedxml that will prevent XEE and other attacks based on the abuse on XMLs. (CVE-2017-9672) ### 1.2.5 (Jun 2, 2017) * Fix issue related with multicers (multicerts were not used on response validation) ### 1.2.4 (May 18, 2017) * Publish KeyDescriptor[use=encryption] only when required * [#57](https://github.com/onelogin/python3-saml/pull/57) Be able to register future SP x509cert on the settings and publish it on SP metadata * [#57](https://github.com/onelogin/python3-saml/pull/57) Be able to register more than 1 Identity Provider x509cert, linked with an specific use (signing or encryption * [#57](https://github.com/onelogin/python3-saml/pull/57) Allow metadata to be retrieved from source containing data of multiple entities * [#57](https://github.com/onelogin/python3-saml/pull/57) Adapt IdP XML metadata parser to take care of multiple IdP certtificates and be able to inject the data obtained on the settings. * Be able to relax SSL Certificate verification when retrieving idp metadata * Checking the status of response before assertion count * Allows underscores in URL hosts * Add a Pyramid demo * Be able to provide a NameIDFormat to LogoutRequest * Add DigestMethod support. Add sign_algorithm and digest_algorithm par ameters to sign_metadata and add_sign. * Validate serial number as string to work around libxml2 limitation * Make the Issuer on the Response Optional * Fixed bug with formated cert fingerprints ### 1.2.3 (January 15, 2017) * Fix p3 compatibility ### 1.2.2 (January 11, 2017) * [#37](https://github.com/onelogin/python3-saml/pull/37) Add option to raise response validation exceptions * [#42](https://github.com/onelogin/python3-saml/pull/42) Optionally raise detailed exceptions vs. returning False. Implement a more specific exception class for handling some validation errors. Improve/Fix tests. Add support for retrieving the last ID of the generated AuthNRequest / LogoutRequest. Add hooks to retrieve last-sent and last-received requests and responses * Improved inResponse validation on Responses * Add the ability to extract the specific certificate from IdP metadata when several defined * Fix Invalid True attribute value in Metadata XML * [#35](https://github.com/onelogin/python3-saml/pull/35) Fix typos and json sample code in documentation ### 1.2.1 (October 18, 2016) * [#30](https://github.com/onelogin/python3-saml/pull/30) Bug on signature checks ### 1.2.0 (October 14, 2016) * Several security improvements: * Conditions element required and unique. * AuthnStatement element required and unique. * SPNameQualifier must math the SP EntityID * Reject saml:Attribute element with same “Name” attribute * Reject empty nameID * Require Issuer element. (Must match IdP EntityID). * Destination value can't be blank (if present must match ACS URL). * Check that the EncryptedAssertion element only contains 1 Assertion element. * Improve Signature validation process * Document the wantAssertionsEncrypted parameter * Support multiple attributeValues on RequestedAttribute * Fix AttributeConsumingService ### 1.1.4 (Jun 27, 2016) * Change the decrypt assertion process. * Add 2 extra validations to prevent Signature wrapping attacks. ### 1.1.3 (Jun 02, 2016) * Fix Metadata XML (RequestedAttribute) * Fix Windows specific Unix date formatting bug. * Fix SHA384 Constant URI * Refactor of settings.py to make it a little more readable. * Bugfix for ADFS lowercase signatures * READMEs suggested wrong cert name ### 1.1.2 (May 14, 2016) * Allow AuthnRequest with no NameIDPolicy. * Remove NameId requirement on SAMLResponse, now requirement depends on setting * Use python-xmlsec 0.6.0 * Make idp settings optional * Fix Organization element on SP metadata. Minor style code fix * Add debug parameter to decrypt method * Support AttributeConsumingService * Improve AuthNRequest format * Fix unspecified NameID * Make deflate process when retrieving built SAML messages optional * Not compare Assertion InResponseTo if not found * [#15](https://github.com/onelogin/python3-saml/pull/15) Passing NameQualifier through to logout request * Improve documentation * [#12](https://github.com/onelogin/python3-saml/pull/12) Add information about getting the demos up and running on Heroku ### 1.1.1 (Mar 17, 2016) * Make AttributeStatements requirement optional python3-saml-1.12.0/demo-django/000077500000000000000000000000001410551756100163225ustar00rootroot00000000000000python3-saml-1.12.0/demo-django/demo/000077500000000000000000000000001410551756100172465ustar00rootroot00000000000000python3-saml-1.12.0/demo-django/demo/__init__.py000066400000000000000000000000001410551756100213450ustar00rootroot00000000000000python3-saml-1.12.0/demo-django/demo/settings.py000066400000000000000000000046771410551756100214760ustar00rootroot00000000000000""" Django settings for demo project. For more information on this file, see https://docs.djangoproject.com/en/1.6/topics/settings/ For the full list of settings and their values, see https://docs.djangoproject.com/en/1.6/ref/settings/ """ # Build paths inside the project like this: os.path.join(BASE_DIR, ...) import os BASE_DIR = os.path.dirname(os.path.dirname(__file__)) # Quick-start development settings - unsuitable for production # See https://docs.djangoproject.com/en/1.6/howto/deployment/checklist/ # SECURITY WARNING: keep the secret key used in production secret! SECRET_KEY = '0c7216)gs^ne$%3+je20zuo+g0&^6yb@e68qdr!^!r0hmb-6y+' # SECURITY WARNING: don't run with debug turned on in production! DEBUG = True ALLOWED_HOSTS = [] # Application definition INSTALLED_APPS = ( 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', ) MIDDLEWARE = ( 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', # 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', ) ROOT_URLCONF = 'demo.urls' WSGI_APPLICATION = 'demo.wsgi.application' # Database # https://docs.djangoproject.com/en/1.6/ref/settings/#databases # DATABASES = { # 'default': { # 'ENGINE': 'django.db.backends.sqlite3', # 'NAME': os.path.join(BASE_DIR, 'db.sqlite3'), # } # } # Internationalization # https://docs.djangoproject.com/en/1.6/topics/i18n/ LANGUAGE_CODE = 'en-us' TIME_ZONE = 'UTC' USE_I18N = True USE_L10N = True USE_TZ = True STATIC_URL = '/static/' SAML_FOLDER = os.path.join(BASE_DIR, 'saml') SESSION_ENGINE = 'django.contrib.sessions.backends.file' TEMPLATES = [ { 'BACKEND': 'django.template.backends.django.DjangoTemplates', 'DIRS': [os.path.join(BASE_DIR, 'templates')], 'APP_DIRS': True, 'OPTIONS': { 'debug': True, 'context_processors': [ 'django.template.context_processors.debug', 'django.template.context_processors.request', 'django.contrib.auth.context_processors.auth', 'django.contrib.messages.context_processors.messages', ], }, }, ] python3-saml-1.12.0/demo-django/demo/urls.py000066400000000000000000000004301410551756100206020ustar00rootroot00000000000000from django.conf.urls import url from django.contrib import admin from .views import attrs, index, metadata admin.autodiscover() urlpatterns = [ url(r'^$', index, name='index'), url(r'^attrs/$', attrs, name='attrs'), url(r'^metadata/$', metadata, name='metadata'), ] python3-saml-1.12.0/demo-django/demo/views.py000066400000000000000000000137571410551756100207720ustar00rootroot00000000000000from django.conf import settings from django.urls import reverse from django.http import (HttpResponse, HttpResponseRedirect, HttpResponseServerError) from django.shortcuts import render from onelogin.saml2.auth import OneLogin_Saml2_Auth from onelogin.saml2.settings import OneLogin_Saml2_Settings from onelogin.saml2.utils import OneLogin_Saml2_Utils def init_saml_auth(req): auth = OneLogin_Saml2_Auth(req, custom_base_path=settings.SAML_FOLDER) return auth def prepare_django_request(request): # If server is behind proxys or balancers use the HTTP_X_FORWARDED fields result = { 'https': 'on' if request.is_secure() else 'off', 'http_host': request.META['HTTP_HOST'], 'script_name': request.META['PATH_INFO'], 'get_data': request.GET.copy(), # Uncomment if using ADFS as IdP, https://github.com/onelogin/python-saml/pull/144 # 'lowercase_urlencoding': True, 'post_data': request.POST.copy() } return result def index(request): req = prepare_django_request(request) auth = init_saml_auth(req) errors = [] error_reason = None not_auth_warn = False success_slo = False attributes = False paint_logout = False if 'sso' in req['get_data']: return HttpResponseRedirect(auth.login()) # If AuthNRequest ID need to be stored in order to later validate it, do instead # sso_built_url = auth.login() # request.session['AuthNRequestID'] = auth.get_last_request_id() # return HttpResponseRedirect(sso_built_url) elif 'sso2' in req['get_data']: return_to = OneLogin_Saml2_Utils.get_self_url(req) + reverse('attrs') return HttpResponseRedirect(auth.login(return_to)) elif 'slo' in req['get_data']: name_id = session_index = name_id_format = name_id_nq = name_id_spnq = None if 'samlNameId' in request.session: name_id = request.session['samlNameId'] if 'samlSessionIndex' in request.session: session_index = request.session['samlSessionIndex'] if 'samlNameIdFormat' in request.session: name_id_format = request.session['samlNameIdFormat'] if 'samlNameIdNameQualifier' in request.session: name_id_nq = request.session['samlNameIdNameQualifier'] if 'samlNameIdSPNameQualifier' in request.session: name_id_spnq = request.session['samlNameIdSPNameQualifier'] return HttpResponseRedirect(auth.logout(name_id=name_id, session_index=session_index, nq=name_id_nq, name_id_format=name_id_format, spnq=name_id_spnq)) # If LogoutRequest ID need to be stored in order to later validate it, do instead # slo_built_url = auth.logout(name_id=name_id, session_index=session_index) # request.session['LogoutRequestID'] = auth.get_last_request_id() # return HttpResponseRedirect(slo_built_url) elif 'acs' in req['get_data']: request_id = None if 'AuthNRequestID' in request.session: request_id = request.session['AuthNRequestID'] auth.process_response(request_id=request_id) errors = auth.get_errors() not_auth_warn = not auth.is_authenticated() if not errors: if 'AuthNRequestID' in request.session: del request.session['AuthNRequestID'] request.session['samlUserdata'] = auth.get_attributes() request.session['samlNameId'] = auth.get_nameid() request.session['samlNameIdFormat'] = auth.get_nameid_format() request.session['samlNameIdNameQualifier'] = auth.get_nameid_nq() request.session['samlNameIdSPNameQualifier'] = auth.get_nameid_spnq() request.session['samlSessionIndex'] = auth.get_session_index() if 'RelayState' in req['post_data'] and OneLogin_Saml2_Utils.get_self_url(req) != req['post_data']['RelayState']: return HttpResponseRedirect(auth.redirect_to(req['post_data']['RelayState'])) elif auth.get_settings().is_debug_active(): error_reason = auth.get_last_error_reason() elif 'sls' in req['get_data']: request_id = None if 'LogoutRequestID' in request.session: request_id = request.session['LogoutRequestID'] dscb = lambda: request.session.flush() url = auth.process_slo(request_id=request_id, delete_session_cb=dscb) errors = auth.get_errors() if len(errors) == 0: if url is not None: return HttpResponseRedirect(url) else: success_slo = True elif auth.get_settings().is_debug_active(): error_reason = auth.get_last_error_reason() if 'samlUserdata' in request.session: paint_logout = True if len(request.session['samlUserdata']) > 0: attributes = request.session['samlUserdata'].items() return render(request, 'index.html', {'errors': errors, 'error_reason': error_reason, 'not_auth_warn': not_auth_warn, 'success_slo': success_slo, 'attributes': attributes, 'paint_logout': paint_logout}) def attrs(request): paint_logout = False attributes = False if 'samlUserdata' in request.session: paint_logout = True if len(request.session['samlUserdata']) > 0: attributes = request.session['samlUserdata'].items() return render(request, 'attrs.html', {'paint_logout': paint_logout, 'attributes': attributes}) def metadata(request): # req = prepare_django_request(request) # auth = init_saml_auth(req) # saml_settings = auth.get_settings() saml_settings = OneLogin_Saml2_Settings(settings=None, custom_base_path=settings.SAML_FOLDER, sp_validation_only=True) metadata = saml_settings.get_sp_metadata() errors = saml_settings.validate_metadata(metadata) if len(errors) == 0: resp = HttpResponse(content=metadata, content_type='text/xml') else: resp = HttpResponseServerError(content=', '.join(errors)) return resp python3-saml-1.12.0/demo-django/demo/wsgi.py000066400000000000000000000006151410551756100205730ustar00rootroot00000000000000""" WSGI config for demo project. It exposes the WSGI callable as a module-level variable named ``application``. For more information on this file, see https://docs.djangoproject.com/en/1.6/howto/deployment/wsgi/ """ import os os.environ.setdefault("DJANGO_SETTINGS_MODULE", "demo.settings") from django.core.wsgi import get_wsgi_application # noqa: E402 application = get_wsgi_application() python3-saml-1.12.0/demo-django/manage.py000077500000000000000000000003671410551756100201350ustar00rootroot00000000000000#!/usr/bin/env python import os import sys if __name__ == "__main__": os.environ.setdefault("DJANGO_SETTINGS_MODULE", "demo.settings") from django.core.management import execute_from_command_line execute_from_command_line(sys.argv) python3-saml-1.12.0/demo-django/requirements.txt000066400000000000000000000000351410551756100216040ustar00rootroot00000000000000Django==1.11.29 python3-saml python3-saml-1.12.0/demo-django/saml/000077500000000000000000000000001410551756100172565ustar00rootroot00000000000000python3-saml-1.12.0/demo-django/saml/advanced_settings.json000066400000000000000000000020151410551756100236340ustar00rootroot00000000000000{ "security": { "nameIdEncrypted": false, "authnRequestsSigned": false, "logoutRequestSigned": false, "logoutResponseSigned": false, "signMetadata": false, "wantMessagesSigned": false, "wantAssertionsSigned": false, "wantNameId" : true, "wantNameIdEncrypted": false, "wantAssertionsEncrypted": false, "allowSingleLabelDomains": false, "signatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", "digestAlgorithm": "http://www.w3.org/2001/04/xmlenc#sha256" }, "contactPerson": { "technical": { "givenName": "technical_name", "emailAddress": "technical@example.com" }, "support": { "givenName": "support_name", "emailAddress": "support@example.com" } }, "organization": { "en-US": { "name": "sp_test", "displayname": "SP test", "url": "http://sp.example.com" } } }python3-saml-1.12.0/demo-django/saml/certs/000077500000000000000000000000001410551756100203765ustar00rootroot00000000000000python3-saml-1.12.0/demo-django/saml/certs/README000066400000000000000000000005771410551756100212670ustar00rootroot00000000000000Take care of this folder that could contain private key. Be sure that this folder never is published. Onelogin Python Toolkit expects that certs for the SP could be stored in this folder as: * sp.key Private Key * sp.crt Public cert * sp_new.crt Future Public cert Also you can use other cert to sign the metadata of the SP using the: * metadata.key * metadata.crt python3-saml-1.12.0/demo-django/saml/settings.json000066400000000000000000000022221410551756100220070ustar00rootroot00000000000000{ "strict": true, "debug": true, "sp": { "entityId": "https:///metadata/", "assertionConsumerService": { "url": "https:///?acs", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" }, "singleLogoutService": { "url": "https:///?sls", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" }, "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", "x509cert": "", "privateKey": "" }, "idp": { "entityId": "https://app.onelogin.com/saml/metadata/", "singleSignOnService": { "url": "https://app.onelogin.com/trust/saml2/http-post/sso/", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" }, "singleLogoutService": { "url": "https://app.onelogin.com/trust/saml2/http-redirect/slo/", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" }, "x509cert": "" } }python3-saml-1.12.0/demo-django/templates/000077500000000000000000000000001410551756100203205ustar00rootroot00000000000000python3-saml-1.12.0/demo-django/templates/attrs.html000066400000000000000000000015331410551756100223450ustar00rootroot00000000000000{% extends "base.html" %} {% block content %} {% if paint_logout %} {% if attributes %}

You have the following attributes:

{% for attr in attributes %} {% endfor %}
NameValues
{{ attr.0 }}
    {% for val in attr.1 %}
  • {{ val }}
    • {% endfor %}
{% else %} {% endif %} Logout {% else %} Login and access again to this page {% endif %} {% endblock %} python3-saml-1.12.0/demo-django/templates/base.html000066400000000000000000000016101410551756100221160ustar00rootroot00000000000000 A Python SAML Toolkit by OneLogin demo

A Python SAML Toolkit by OneLogin demo

{% block content %}{% endblock %}
python3-saml-1.12.0/demo-django/templates/index.html000066400000000000000000000026051410551756100223200ustar00rootroot00000000000000{% extends "base.html" %} {% block content %} {% if errors %} {% endif %} {% if not_auth_warn %} {% endif %} {% if success_slo %} {% endif %} {% if paint_logout %} {% if attributes %} {% for attr in attributes %} {% endfor %}
NameValues
{{ attr.0 }}
    {% for val in attr.1 %}
  • {{ val }}
    • {% endfor %}
{% else %} {% endif %} Logout {% else %} Login Login and access to attrs page {% endif %} {% endblock %} python3-saml-1.12.0/demo-flask/000077500000000000000000000000001410551756100161605ustar00rootroot00000000000000python3-saml-1.12.0/demo-flask/index.py000066400000000000000000000126041410551756100176440ustar00rootroot00000000000000import os from flask import (Flask, request, render_template, redirect, session, make_response) from urllib.parse import urlparse from onelogin.saml2.auth import OneLogin_Saml2_Auth from onelogin.saml2.utils import OneLogin_Saml2_Utils app = Flask(__name__) app.config['SECRET_KEY'] = 'onelogindemopytoolkit' app.config['SAML_PATH'] = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'saml') def init_saml_auth(req): auth = OneLogin_Saml2_Auth(req, custom_base_path=app.config['SAML_PATH']) return auth def prepare_flask_request(request): # If server is behind proxys or balancers use the HTTP_X_FORWARDED fields return { 'https': 'on' if request.scheme == 'https' else 'off', 'http_host': request.netloc, 'script_name': request.path, 'get_data': request.args.copy(), # Uncomment if using ADFS as IdP, https://github.com/onelogin/python-saml/pull/144 # 'lowercase_urlencoding': True, 'post_data': request.form.copy() } @app.route('/', methods=['GET', 'POST']) def index(): req = prepare_flask_request(request) auth = init_saml_auth(req) errors = [] error_reason = None not_auth_warn = False success_slo = False attributes = False paint_logout = False if 'sso' in request.args: return redirect(auth.login()) # If AuthNRequest ID need to be stored in order to later validate it, do instead # sso_built_url = auth.login() # request.session['AuthNRequestID'] = auth.get_last_request_id() # return redirect(sso_built_url) elif 'sso2' in request.args: return_to = '%sattrs/' % request.host_url return redirect(auth.login(return_to)) elif 'slo' in request.args: name_id = session_index = name_id_format = name_id_nq = name_id_spnq = None if 'samlNameId' in session: name_id = session['samlNameId'] if 'samlSessionIndex' in session: session_index = session['samlSessionIndex'] if 'samlNameIdFormat' in session: name_id_format = session['samlNameIdFormat'] if 'samlNameIdNameQualifier' in session: name_id_nq = session['samlNameIdNameQualifier'] if 'samlNameIdSPNameQualifier' in session: name_id_spnq = session['samlNameIdSPNameQualifier'] return redirect(auth.logout(name_id=name_id, session_index=session_index, nq=name_id_nq, name_id_format=name_id_format, spnq=name_id_spnq)) elif 'acs' in request.args: request_id = None if 'AuthNRequestID' in session: request_id = session['AuthNRequestID'] auth.process_response(request_id=request_id) errors = auth.get_errors() not_auth_warn = not auth.is_authenticated() if len(errors) == 0: if 'AuthNRequestID' in session: del session['AuthNRequestID'] session['samlUserdata'] = auth.get_attributes() session['samlNameId'] = auth.get_nameid() session['samlNameIdFormat'] = auth.get_nameid_format() session['samlNameIdNameQualifier'] = auth.get_nameid_nq() session['samlNameIdSPNameQualifier'] = auth.get_nameid_spnq() session['samlSessionIndex'] = auth.get_session_index() self_url = OneLogin_Saml2_Utils.get_self_url(req) if 'RelayState' in request.form and self_url != request.form['RelayState']: return redirect(auth.redirect_to(request.form['RelayState'])) elif auth.get_settings().is_debug_active(): error_reason = auth.get_last_error_reason() elif 'sls' in request.args: request_id = None if 'LogoutRequestID' in session: request_id = session['LogoutRequestID'] dscb = lambda: session.clear() url = auth.process_slo(request_id=request_id, delete_session_cb=dscb) errors = auth.get_errors() if len(errors) == 0: if url is not None: return redirect(url) else: success_slo = True elif auth.get_settings().is_debug_active(): error_reason = auth.get_last_error_reason() if 'samlUserdata' in session: paint_logout = True if len(session['samlUserdata']) > 0: attributes = session['samlUserdata'].items() return render_template( 'index.html', errors=errors, error_reason=error_reason, not_auth_warn=not_auth_warn, success_slo=success_slo, attributes=attributes, paint_logout=paint_logout ) @app.route('/attrs/') def attrs(): paint_logout = False attributes = False if 'samlUserdata' in session: paint_logout = True if len(session['samlUserdata']) > 0: attributes = session['samlUserdata'].items() return render_template('attrs.html', paint_logout=paint_logout, attributes=attributes) @app.route('/metadata/') def metadata(): req = prepare_flask_request(request) auth = init_saml_auth(req) settings = auth.get_settings() metadata = settings.get_sp_metadata() errors = settings.validate_metadata(metadata) if len(errors) == 0: resp = make_response(metadata, 200) resp.headers['Content-Type'] = 'text/xml' else: resp = make_response(', '.join(errors), 500) return resp if __name__ == "__main__": app.run(host='0.0.0.0', port=8000, debug=True) python3-saml-1.12.0/demo-flask/requirements.txt000066400000000000000000000000131410551756100214360ustar00rootroot00000000000000flask==1.0 python3-saml-1.12.0/demo-flask/saml/000077500000000000000000000000001410551756100171145ustar00rootroot00000000000000python3-saml-1.12.0/demo-flask/saml/advanced_settings.json000066400000000000000000000020151410551756100234720ustar00rootroot00000000000000{ "security": { "nameIdEncrypted": false, "authnRequestsSigned": false, "logoutRequestSigned": false, "logoutResponseSigned": false, "signMetadata": false, "wantMessagesSigned": false, "wantAssertionsSigned": false, "wantNameId" : true, "wantNameIdEncrypted": false, "wantAssertionsEncrypted": false, "allowSingleLabelDomains": false, "signatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", "digestAlgorithm": "http://www.w3.org/2001/04/xmlenc#sha256" }, "contactPerson": { "technical": { "givenName": "technical_name", "emailAddress": "technical@example.com" }, "support": { "givenName": "support_name", "emailAddress": "support@example.com" } }, "organization": { "en-US": { "name": "sp_test", "displayname": "SP test", "url": "http://sp.example.com" } } }python3-saml-1.12.0/demo-flask/saml/certs/000077500000000000000000000000001410551756100202345ustar00rootroot00000000000000python3-saml-1.12.0/demo-flask/saml/certs/README000066400000000000000000000005771410551756100211250ustar00rootroot00000000000000Take care of this folder that could contain private key. Be sure that this folder never is published. Onelogin Python Toolkit expects that certs for the SP could be stored in this folder as: * sp.key Private Key * sp.crt Public cert * sp_new.crt Future Public cert Also you can use other cert to sign the metadata of the SP using the: * metadata.key * metadata.crt python3-saml-1.12.0/demo-flask/saml/settings.json000066400000000000000000000022231410551756100216460ustar00rootroot00000000000000{ "strict": true, "debug": true, "sp": { "entityId": "https:///metadata/", "assertionConsumerService": { "url": "https:///?acs", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" }, "singleLogoutService": { "url": "https:///?sls", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" }, "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", "x509cert": "", "privateKey": "" }, "idp": { "entityId": "https://app.onelogin.com/saml/metadata/", "singleSignOnService": { "url": "https://app.onelogin.com/trust/saml2/http-post/sso/", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" }, "singleLogoutService": { "url": "https://app.onelogin.com/trust/saml2/http-redirect/slo/", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" }, "x509cert": "" } } python3-saml-1.12.0/demo-flask/templates/000077500000000000000000000000001410551756100201565ustar00rootroot00000000000000python3-saml-1.12.0/demo-flask/templates/attrs.html000066400000000000000000000014731410551756100222060ustar00rootroot00000000000000{% extends "base.html" %} {% block content %} {% if paint_logout %} {% if attributes %}

You have the following attributes:

{% for attr in attributes %} {% endfor %}
NameValues
{{ attr.0 }}
    {% for val in attr.1 %}
  • {{ val }}
    • {% endfor %}
{% else %} {% endif %} Logout {% else %} Login and access again to this page {% endif %} {% endblock %} python3-saml-1.12.0/demo-flask/templates/base.html000066400000000000000000000016101410551756100217540ustar00rootroot00000000000000 A Python SAML Toolkit by OneLogin demo

A Python SAML Toolkit by OneLogin demo

{% block content %}{% endblock %}
python3-saml-1.12.0/demo-flask/templates/index.html000066400000000000000000000025131410551756100221540ustar00rootroot00000000000000{% extends "base.html" %} {% block content %} {% if errors %} {% endif %} {% if not_auth_warn %} {% endif %} {% if success_slo %} {% endif %} {% if paint_logout %} {% if attributes %} {% for attr in attributes %} {% endfor %}
NameValues
{{ attr.0 }}
    {% for val in attr.1 %}
  • {{ val }}
    • {% endfor %}
{% else %} {% endif %} Logout {% else %} Login Login and access to attrs page {% endif %} {% endblock %} python3-saml-1.12.0/demo-tornado/000077500000000000000000000000001410551756100165265ustar00rootroot00000000000000python3-saml-1.12.0/demo-tornado/README.md000066400000000000000000000003421410551756100200040ustar00rootroot00000000000000# Tornado Demo # Fully-working tornado-demo. ### About issues ### This is only a demo, some issues about session still remain. Actually the session is global. ### Production ### Remember to disable debugging in production. python3-saml-1.12.0/demo-tornado/Settings.py000066400000000000000000000002201410551756100206720ustar00rootroot00000000000000import os BASE_DIR = os.path.dirname(__file__) SAML_PATH = os.path.join(BASE_DIR, 'saml') TEMPLATE_PATH = os.path.join(BASE_DIR, 'templates') python3-saml-1.12.0/demo-tornado/requirements.txt000066400000000000000000000000171410551756100220100ustar00rootroot00000000000000tornado==6.0.3 python3-saml-1.12.0/demo-tornado/saml/000077500000000000000000000000001410551756100174625ustar00rootroot00000000000000python3-saml-1.12.0/demo-tornado/saml/advanced_settings.json000066400000000000000000000020151410551756100240400ustar00rootroot00000000000000{ "security": { "nameIdEncrypted": false, "authnRequestsSigned": false, "logoutRequestSigned": false, "logoutResponseSigned": false, "signMetadata": false, "wantMessagesSigned": false, "wantAssertionsSigned": false, "wantNameId" : true, "wantNameIdEncrypted": false, "wantAssertionsEncrypted": false, "allowSingleLabelDomains": false, "signatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", "digestAlgorithm": "http://www.w3.org/2001/04/xmlenc#sha256" }, "contactPerson": { "technical": { "givenName": "technical_name", "emailAddress": "technical@example.com" }, "support": { "givenName": "support_name", "emailAddress": "support@example.com" } }, "organization": { "en-US": { "name": "sp_test", "displayname": "SP test", "url": "http://sp.example.com" } } }python3-saml-1.12.0/demo-tornado/saml/certs/000077500000000000000000000000001410551756100206025ustar00rootroot00000000000000python3-saml-1.12.0/demo-tornado/saml/certs/README000066400000000000000000000005771410551756100214730ustar00rootroot00000000000000Take care of this folder that could contain private key. Be sure that this folder never is published. Onelogin Python Toolkit expects that certs for the SP could be stored in this folder as: * sp.key Private Key * sp.crt Public cert * sp_new.crt Future Public cert Also you can use other cert to sign the metadata of the SP using the: * metadata.key * metadata.crt python3-saml-1.12.0/demo-tornado/saml/settings.json000066400000000000000000000022221410551756100222130ustar00rootroot00000000000000{ "strict": true, "debug": true, "sp": { "entityId": "https:///metadata/", "assertionConsumerService": { "url": "https:///?acs", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" }, "singleLogoutService": { "url": "https:///?sls", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" }, "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", "x509cert": "", "privateKey": "" }, "idp": { "entityId": "https://app.onelogin.com/saml/metadata/", "singleSignOnService": { "url": "https://app.onelogin.com/trust/saml2/http-post/sso/", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" }, "singleLogoutService": { "url": "https://app.onelogin.com/trust/saml2/http-redirect/slo/", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" }, "x509cert": "" } }python3-saml-1.12.0/demo-tornado/templates/000077500000000000000000000000001410551756100205245ustar00rootroot00000000000000python3-saml-1.12.0/demo-tornado/templates/attrs.html000066400000000000000000000016531410551756100225540ustar00rootroot00000000000000{% extends "base.html" %} {% block content %} {% if paint_logout %} {% if attributes %}

You have the following attributes:

{% for attr, i in attributes %} {% if i == 0 %} {% end %}
NameValues
{{ attr }}
    {% end %} {% if i == 1 %} {% for val in attr %}
  • {{ val }}
    • {% end %} {% end %}
{% else %} {% end %} Logout {% else %} Login and access again to this page {% end %} {% end %} python3-saml-1.12.0/demo-tornado/templates/base.html000066400000000000000000000016031410551756100223240ustar00rootroot00000000000000 A Python SAML Toolkit by OneLogin demo

A Python SAML Toolkit by OneLogin demo

{% block content %}{% end %}
python3-saml-1.12.0/demo-tornado/templates/index.html000066400000000000000000000034251410551756100225250ustar00rootroot00000000000000{% extends "base.html" %} {% block content %} {% if errors %} {% end %} {% if not_auth_warn %} {% end %} {% if success_slo %} {% end %} {% if paint_logout %} {% if attributes %} {% for attr in attributes %} {% end %}
NameValues
{{ attr[0] }}
    {% for elem in attr[1] %}
  • {{ elem }}
    • {% end %}
{% else %} {% end %} Logout {% else %} Login Login and access to attrs page {% end %} {% end %} python3-saml-1.12.0/demo-tornado/views.py000066400000000000000000000147721410551756100202500ustar00rootroot00000000000000import tornado.ioloop import tornado.web import Settings import tornado.httpserver import tornado.httputil from onelogin.saml2.auth import OneLogin_Saml2_Auth from onelogin.saml2.utils import OneLogin_Saml2_Utils # Global session info session = {} class Application(tornado.web.Application): def __init__(self): handlers = [ (r"/", IndexHandler), (r"/attrs", AttrsHandler), (r"/metadata", MetadataHandler), ] settings = { "template_path": Settings.TEMPLATE_PATH, "saml_path": Settings.SAML_PATH, "autoreload": True, "debug": True } tornado.web.Application.__init__(self, handlers, **settings) class IndexHandler(tornado.web.RequestHandler): def post(self): req = prepare_tornado_request(self.request) auth = init_saml_auth(req) error_reason = None attributes = False paint_logout = False success_slo = False auth.process_response() errors = auth.get_errors() not_auth_warn = not auth.is_authenticated() if len(errors) == 0: session['samlUserdata'] = auth.get_attributes() session['samlNameId'] = auth.get_nameid() session['samlSessionIndex'] = auth.get_session_index() self_url = OneLogin_Saml2_Utils.get_self_url(req) if 'RelayState' in self.request.arguments and self_url != self.request.arguments['RelayState'][0].decode('utf-8'): return self.redirect(self.request.arguments['RelayState'][0].decode('utf-8')) elif auth.get_settings().is_debug_active(): error_reason = auth.get_last_error_reason() if 'samlUserdata' in session: paint_logout = True if len(session['samlUserdata']) > 0: attributes = session['samlUserdata'].items() self.render('index.html', errors=errors, error_reason=error_reason, not_auth_warn=not_auth_warn, success_slo=success_slo, attributes=attributes, paint_logout=paint_logout) def get(self): req = prepare_tornado_request(self.request) auth = init_saml_auth(req) error_reason = None errors = [] not_auth_warn = False success_slo = False attributes = False paint_logout = False if 'sso' in req['get_data']: print('-sso-') return self.redirect(auth.login()) elif 'sso2' in req['get_data']: print('-sso2-') return_to = '%s/attrs' % self.request.host return self.redirect(auth.login(return_to)) elif 'slo' in req['get_data']: print('-slo-') name_id = None session_index = None if 'samlNameId' in session: name_id = session['samlNameId'] if 'samlSessionIndex' in session: session_index = session['samlSessionIndex'] return self.redirect(auth.logout(name_id=name_id, session_index=session_index)) elif 'acs' in req['get_data']: print('-acs-') auth.process_response() errors = auth.get_errors() not_auth_warn = not auth.is_authenticated() if len(errors) == 0: session['samlUserdata'] = auth.get_attributes() session['samlNameId'] = auth.get_nameid() session['samlSessionIndex'] = auth.get_session_index() self_url = OneLogin_Saml2_Utils.get_self_url(req) if 'RelayState' in self.request.arguments and self_url != self.request.arguments['RelayState'][0].decode('utf-8'): return self.redirect(auth.redirect_to(self.request.arguments['RelayState'][0].decode('utf-8'))) elif auth.get_settings().is_debug_active(): error_reason = auth.get_last_error_reason() elif 'sls' in req['get_data']: print('-sls-') dscb = lambda: session.clear() # clear out the session url = auth.process_slo(delete_session_cb=dscb) errors = auth.get_errors() if len(errors) == 0: if url is not None: return self.redirect(url) else: success_slo = True elif auth.get_settings().is_debug_active(): error_reason = auth.get_last_error_reason() if 'samlUserdata' in session: print('-samlUserdata-') paint_logout = True if len(session['samlUserdata']) > 0: attributes = session['samlUserdata'].items() print("ATTRIBUTES", attributes) self.render('index.html', errors=errors, error_reason=error_reason, not_auth_warn=not_auth_warn, success_slo=success_slo, attributes=attributes, paint_logout=paint_logout) class AttrsHandler(tornado.web.RequestHandler): def get(self): paint_logout = False attributes = False if 'samlUserdata' in session: paint_logout = True if len(session['samlUserdata']) > 0: attributes = session['samlUserdata'].items() self.render('attrs.html', paint_logout=paint_logout, attributes=attributes) class MetadataHandler(tornado.web.RequestHandler): def get(self): req = prepare_tornado_request(self.request) auth = init_saml_auth(req) saml_settings = auth.get_settings() metadata = saml_settings.get_sp_metadata() errors = saml_settings.validate_metadata(metadata) if len(errors) == 0: # resp = HttpResponse(content=metadata, content_type='text/xml') self.set_header('Content-Type', 'text/xml') self.write(metadata) else: # resp = HttpResponseServerError(content=', '.join(errors)) self.write(', '.join(errors)) # return resp def prepare_tornado_request(request): dataDict = {} for key in request.arguments: dataDict[key] = request.arguments[key][0].decode('utf-8') result = { 'https': 'on' if request == 'https' else 'off', 'http_host': request.host, 'script_name': request.path, 'get_data': dataDict, 'post_data': dataDict, 'query_string': request.query } return result def init_saml_auth(req): auth = OneLogin_Saml2_Auth(req, custom_base_path=Settings.SAML_PATH) return auth if __name__ == "__main__": app = Application() http_server = tornado.httpserver.HTTPServer(app) http_server.listen(8000) tornado.ioloop.IOLoop.instance().start() python3-saml-1.12.0/demo_pyramid/000077500000000000000000000000001410551756100166075ustar00rootroot00000000000000python3-saml-1.12.0/demo_pyramid/.coveragerc000066400000000000000000000000661410551756100207320ustar00rootroot00000000000000[run] source = demo_pyramid omit = demo_pyramid/test* python3-saml-1.12.0/demo_pyramid/.gitignore000066400000000000000000000002731410551756100206010ustar00rootroot00000000000000*.egg *.egg-info *.pyc *$py.class *~ .coverage coverage.xml build/ dist/ .tox/ nosetests.xml env*/ tmp/ Data.fs* *.sublime-project *.sublime-workspace .*.sw? .sw? .DS_Store coverage test python3-saml-1.12.0/demo_pyramid/CHANGES.txt000066400000000000000000000000341410551756100204150ustar00rootroot000000000000000.0 --- - Initial version. python3-saml-1.12.0/demo_pyramid/MANIFEST.in000066400000000000000000000002201410551756100203370ustar00rootroot00000000000000include *.txt *.ini *.cfg *.rst recursive-include demo_pyramid *.ico *.png *.css *.gif *.jpg *.pt *.txt *.mak *.mako *.js *.html *.xml *.jinja2 python3-saml-1.12.0/demo_pyramid/README.txt000066400000000000000000000010011410551756100202750ustar00rootroot00000000000000demo_pyramid =============================== Getting Started --------------- - Change directory into your newly created project. cd demo_pyramid - Create a Python virtual environment. python3 -m venv env - Upgrade packaging tools. env/bin/pip install --upgrade pip setuptools - Install the project in editable mode with its testing requirements. env/bin/pip install -e ".[testing]" - Run your project's tests. env/bin/pytest - Run your project. env/bin/pserve development.ini python3-saml-1.12.0/demo_pyramid/demo_pyramid/000077500000000000000000000000001410551756100212605ustar00rootroot00000000000000python3-saml-1.12.0/demo_pyramid/demo_pyramid/__init__.py000066400000000000000000000012041410551756100233660ustar00rootroot00000000000000from pyramid.config import Configurator from pyramid.session import SignedCookieSessionFactory session_factory = SignedCookieSessionFactory('onelogindemopytoolkit') def main(global_config, **settings): """ This function returns a Pyramid WSGI application. """ config = Configurator(settings=settings) config.set_session_factory(session_factory) config.include('pyramid_jinja2') config.add_static_view('static', 'static', cache_max_age=3600) config.add_route('index', '/') config.add_route('attrs', '/attrs/') config.add_route('metadata', '/metadata/') config.scan() return config.make_wsgi_app() python3-saml-1.12.0/demo_pyramid/demo_pyramid/saml/000077500000000000000000000000001410551756100222145ustar00rootroot00000000000000python3-saml-1.12.0/demo_pyramid/demo_pyramid/saml/advanced_settings.json000066400000000000000000000020151410551756100265720ustar00rootroot00000000000000{ "security": { "nameIdEncrypted": false, "authnRequestsSigned": false, "logoutRequestSigned": false, "logoutResponseSigned": false, "signMetadata": false, "wantMessagesSigned": false, "wantAssertionsSigned": false, "wantNameId" : true, "wantNameIdEncrypted": false, "wantAssertionsEncrypted": false, "allowSingleLabelDomains": false, "signatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", "digestAlgorithm": "http://www.w3.org/2001/04/xmlenc#sha256" }, "contactPerson": { "technical": { "givenName": "technical_name", "emailAddress": "technical@example.com" }, "support": { "givenName": "support_name", "emailAddress": "support@example.com" } }, "organization": { "en-US": { "name": "sp_test", "displayname": "SP test", "url": "http://sp.example.com" } } }python3-saml-1.12.0/demo_pyramid/demo_pyramid/saml/certs/000077500000000000000000000000001410551756100233345ustar00rootroot00000000000000python3-saml-1.12.0/demo_pyramid/demo_pyramid/saml/certs/README000066400000000000000000000005771410551756100242250ustar00rootroot00000000000000Take care of this folder that could contain private key. Be sure that this folder never is published. Onelogin Python Toolkit expects that certs for the SP could be stored in this folder as: * sp.key Private Key * sp.crt Public cert * sp_new.crt Future Public cert Also you can use other cert to sign the metadata of the SP using the: * metadata.key * metadata.crt python3-saml-1.12.0/demo_pyramid/demo_pyramid/saml/settings.json000066400000000000000000000022231410551756100247460ustar00rootroot00000000000000{ "strict": true, "debug": true, "sp": { "entityId": "https:///metadata/", "assertionConsumerService": { "url": "https:///?acs", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" }, "singleLogoutService": { "url": "https:///?sls", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" }, "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", "x509cert": "", "privateKey": "" }, "idp": { "entityId": "https://app.onelogin.com/saml/metadata/", "singleSignOnService": { "url": "https://app.onelogin.com/trust/saml2/http-post/sso/", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" }, "singleLogoutService": { "url": "https://app.onelogin.com/trust/saml2/http-redirect/slo/", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" }, "x509cert": "" } } python3-saml-1.12.0/demo_pyramid/demo_pyramid/static/000077500000000000000000000000001410551756100225475ustar00rootroot00000000000000python3-saml-1.12.0/demo_pyramid/demo_pyramid/static/pyramid-16x16.png000066400000000000000000000024471410551756100255140ustar00rootroot00000000000000PNG  IHDRatEXtSoftwareAdobe ImageReadyqe<#iTXtXML:com.adobe.xmp n#IDATxڌM(DQg2i$4Svb!e#dž`llD4PRfA$ % )Q$SgfWs7ν߹9Î6qXqʏb^LGyG_E` t-=^ @/Fw,.JûZY.+8|C1LCHr&c\B+T ΡfiXT#}*8F NgIХIpY'ȁj IDgMɥ'+:2e8^ Od@A><@6| ]peiP.0caAȸƠT ڨ9X8;3T0lS'}JIw3h1ᰊ!' jۯ1+S:wIENDB`python3-saml-1.12.0/demo_pyramid/demo_pyramid/static/pyramid.png000066400000000000000000000311451410551756100247260ustar00rootroot00000000000000PNG  IHDRX AiCCPICC ProfileH wTSϽ7" %z ;HQIP&vDF)VdTG"cE b PQDE݌k 5ޚYg}׺PtX4X\XffGD=HƳ.d,P&s"7C$ E6<~&S2)212 "įl+ɘ&Y4Pޚ%ᣌ\%g|eTI(L0_&l2E9r9hxgIbטifSb1+MxL 0oE%YmhYh~S=zU&ϞAYl/$ZUm@O ޜl^ ' lsk.+7oʿ9V;?#I3eE妧KD d9i,UQ h A1vjpԁzN6p\W p G@ K0ށiABZyCAP8C@&*CP=#t] 4}a ٰ;GDxJ>,_“@FXDBX$!k"EHqaYbVabJ0՘cVL6f3bձX'?v 6-V``[a;p~\2n5׌ &x*sb|! ߏƿ' Zk! $l$T4QOt"y\b)AI&NI$R$)TIj"]&=&!:dGrY@^O$ _%?P(&OJEBN9J@y@yCR nXZOD}J}/G3ɭk{%Oחw_.'_!JQ@SVF=IEbbbb5Q%O@%!BӥyҸM:e0G7ӓ e%e[(R0`3R46i^)*n*|"fLUo՝mO0j&jajj.ϧwϝ_4갺zj=U45nɚ4ǴhZ ZZ^0Tf%9->ݫ=cXgN].[7A\SwBOK/X/_Q>QG[ `Aaac#*Z;8cq>[&IIMST`ϴ kh&45ǢYYF֠9<|y+ =X_,,S-,Y)YXmĚk]c}džjcΦ浭-v};]N"&1=xtv(}'{'IߝY) Σ -rqr.d._xpUەZM׍vm=+KGǔ ^WWbj>:>>>v}/avO8 FV> 2 u/_$\BCv< 5 ]s.,4&yUx~xw-bEDCĻHGKwFGEGME{EEKX,YFZ ={$vrK .3\rϮ_Yq*©L_wד+]eD]cIIIOAu_䩔)3ѩiB%a+]3='/40CiU@ёL(sYfLH$%Y jgGeQn~5f5wugv5k֮\۹Nw]m mHFˍenQQ`hBBQ-[lllfjۗ"^bO%ܒY}WwvwXbY^Ю]WVa[q`id2JjGէ{׿m>PkAma꺿g_DHGGu;776ƱqoC{P38!9 ҝˁ^r۽Ug9];}}_~imp㭎}]/}.{^=}^?z8hc' O*?f`ϳgC/Oϩ+FFGGόzˌㅿ)ѫ~wgbk?Jި9mdwi獵ޫ?cǑOO?w| x&mf2:Y~ pHYs  $iTXtXML:com.adobe.xmp 1 5 72 1 72 200 1 200 2014-01-03T20:01:68 Pixelmator 3.0 ћ7#IDATx ŕǣDpW6Q#&j1n!qfƸD$11ȸ/c&h\Q'(ʌ݈!AI\ \E]{oWuWu[:ԩSKsҳ* L-bŊt@ZfWYeE\y@h kÚF.v`+Fpsx<5P@,@O-)t+irӴ2 +RC9 thZÆ7rFTc@e*n_0G~_94BHQ٩E@,X}lZ;7v&KgA໰ֹUyIVޔʫ>-a_V5&U& 0_+Š+k#Еy#LmM^47ݲ-6\THT/Yω64υdzoσkAV4؟xRa*6=@-,`n*M't4O?&rz=~5)fNEMq ]v@듞D:' ΙeC>~ Y 3б)- eO9|@,'FAY=VX  qi /TO^H9y*0*++a2c:Ҕ qi O1,$=5L@];5yPIrc!`Fp0x*B ҩ(l@p43#|tFNO  3Aq_A}6P@Tm7݁Tѹ1 -@.QFG do* 8Gfo ee΢Fln @x H;/ j ղvC{\휔IZ㤯6*@zP>gPF Wr-PVWdyŬ!W% j%BVF̳"4|]^d(;NEh SS'ę)Q@~Ytt]@8&`J:˾JAwvhž1ߝ C@v2)ArZ5Qi}r[ *:$zHk> (DOhp2h <˱bOhS'uU@)軜kfds&85}*F8pPM&!y,@ELIWy;ĶeUc&0!mVC hz,+W4F BUc`KK8:%Tup6K:Q<0+D R1[faSRø:_+v`HJ?D%,^QO 5Pz+=@G=`M"]]ߌM@*M@%=ZzkfSYr}R!zwBO}`V\:yVCID:ek w~/  Qrl^WQlBmN; >@49-*gbU} <=8er\L]Dmq*S$j&BB1hl4yW}q.=&!i2M.KiN`J'\sfAh,HI(q7yƶD! 'J&=0*K͍j T 5ӻ\d*qozaveϿHh0 y [&>#5Z)^Jo`<r1&'S#j`?Q}y P9GRZ7ξ6|KqI$YZOH^k VA֓:x+Z蛦#@Oh#Q2z{]Zo4PՐ~ L=1UVAKWmEsܽc7]:$Ӏ[s ւ- '\r@0&^Ē -oD˪ET|՛3W|uIRy}9LvjMT"(J̀NELbHyvT%Ai|&R7{A,ױvE$G;zvM MRxiSPz hߊ/QۡOr!Kt9 LvG՝Wo5]ՕҾ>`u_5ޛ@n t4n1!A힨ۑ*Qym ˣqLÓ@n ݆NĞW$ݎ&HEŗg P շ_zVK`b1kq Y`Q|hhB;WvB[-~q2ZM, Qhs1~<6cW79TL$74 +(4$ʤ#z*4H=g?u1fur?b[Ԍ<,JWXcfGDLT-kg}Utfc1O( !]I[w7zdfA=! +Jbn@뀢A"4L]5s!4!2hN++:դAIE3"!C0r].,ҢTE6 ~u"-? Md"Mp5g {,Co!P 07Zno}Tio5=&8)|׋‚2Ei&GM&L%!Eט q>=9ʨÇIÈZ>Ҙ r`M@ZU nffeAZy !Hx-q_JF,4ɮGAm@ /ը' >[NPO„QmJBxϷAic"qȏWMV#< ԜҦl!{QM$%\PMAl ]S,2|1q_7LQj1"iLͼ7+mKzj^or2Ou2^ &!n} #8Fw N>Ҝ?* Dg* "Jk%xi["6T`0l$' d.ՊTW+F GLB'I\I0ȥ<*ӓ UoYwl0hUói},Rhq!@ u@a !'4R|0?P[^tzX? HG?e@] AG0-;!KWA@ rT>@ #&!Z$S3#(e49B,@qG#ڨ8:4M`*WGp7%JC0(3@ 8qX 5 @Xv-d0N#n( :2I'taZ \"4*R7@Bv}_]x{nˣ0 I{x,gw;u(}=/`K HvLpr=hAX& RdGyp?} Q2}RQRzۥAw\zuj%32ej@AD5VWKq&Zqv@{7H-dCAT.?GͰ%^-} ;אSɇ{:<$L]7#"eI0 ٠ճzǀ\QҌ667Lf&Ȩ>Sp_+a2?]W{zXzc 89 \j}EJz Ti %˱uYGT7zKSIإdTa6z( -q3,1dHjӠrv]ZpR _CڪgZ򕻶]7+I~1mjW%)izHlR w${ 8lQ+Bڗ0T-mWCMSC]v):@ݸ/Q@2z{Jk<~\[5cwW,݀O,yM/H/vOJNS 7޴<{? kF,1No _/ vt3w4AZ U-SOvG ݙC ۃ "@xGpY(:Z^'zB +%*ON^]D'0A@6-HϢ@>v>@3PBKW2'~<Ԋ\jL1]Gzk˜ADml'v8@l((x" fpc%#3/t 㪑SoUvC egಁյE&.}҇0%*b}%s,/t8_PTb\XQ)y}qMQU} gY+Pj ]o-##}V"SP~D #o+bF̖5T%4bLo"ݱ-{.AJJ֢,Yic4S^-J D<қ(B Tr ~ҊWsVΉ9Lq2IXs #6J}GԉJ$+zi2KTz(Չtzh\U7,cW51@d<(^T^uơY%@S`cVDwHp t ZԛR='ZjIh ~gP5/PPM@(NrsW#5>@9EK?? :kuj鍺Vi ".K=Kɑ* .p-8*5kT^q?U(yNCK? B?KNVE^9@ݻ&۵ 19-hBc yRxP˻Tl(i.K78:Z445 ܃>Zfᜐhqt.?4mB PH:B>B'R 4Ew݆\U/.H{ϝAV۱@N /*Yi 9or 'MF_`|BF+қl+f|~Mձ:5}Dy(Ҫ\X[Md]M%9 ~#SIIR5;xp x I~.׌]5{?|6 51w a7 =4R*idJۯ}!қ3 9TU6 DJrsA^yqD&${|C!_|1wW^B=ḌR]iRK[O8Z4 Bc:@:4(ћwT5{D76Z;\x 9G!wWt"Lvp(w Rs*qoDif!&~T\·%8Wm !?h"5g ^cC /qЏgβB$CnV$z5-ч_jEƵU:(TЉ% ]%!ɟ6;j0K r :O"AI!n y~+G B;"- ;&OZ` v.bi ;A1`K[@/&]5P@T* -Ҽњh4؇vE^ SQ,]4Nlɴ 2/0]LITk D x 25i-z.,@%x8ˉw!AQ`2Ii 8T- ȇk-34~D։}󑛠EZ(DaPJ*T%d#j½b[HyqXD *Z6 ̙ nnX>$IENDB`python3-saml-1.12.0/demo_pyramid/demo_pyramid/static/theme.css000066400000000000000000000055661410551756100243770ustar00rootroot00000000000000@import url(//fonts.googleapis.com/css?family=Open+Sans:300,400,600,700); body { font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; font-weight: 300; color: #ffffff; background: #bc2131; } h1, h2, h3, h4, h5, h6 { font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; font-weight: 300; } p { font-weight: 300; } .font-normal { font-weight: 400; } .font-semi-bold { font-weight: 600; } .font-bold { font-weight: 700; } .starter-template { margin-top: 250px; } .starter-template .content { margin-left: 10px; } .starter-template .content h1 { margin-top: 10px; font-size: 60px; } .starter-template .content h1 .smaller { font-size: 40px; color: #f2b7bd; } .starter-template .content .lead { font-size: 25px; color: #f2b7bd; } .starter-template .content .lead .font-normal { color: #ffffff; } .starter-template .links { float: right; right: 0; margin-top: 125px; } .starter-template .links ul { display: block; padding: 0; margin: 0; } .starter-template .links ul li { list-style: none; display: inline; margin: 0 10px; } .starter-template .links ul li:first-child { margin-left: 0; } .starter-template .links ul li:last-child { margin-right: 0; } .starter-template .links ul li.current-version { color: #f2b7bd; font-weight: 400; } .starter-template .links ul li a, a { color: #f2b7bd; text-decoration: underline; } .starter-template .links ul li a:hover, a:hover { color: #ffffff; text-decoration: underline; } .starter-template .links ul li .icon-muted { color: #eb8b95; margin-right: 5px; } .starter-template .links ul li:hover .icon-muted { color: #ffffff; } .starter-template .copyright { margin-top: 10px; font-size: 0.9em; color: #f2b7bd; text-transform: lowercase; float: right; right: 0; } @media (max-width: 1199px) { .starter-template .content h1 { font-size: 45px; } .starter-template .content h1 .smaller { font-size: 30px; } .starter-template .content .lead { font-size: 20px; } } @media (max-width: 991px) { .starter-template { margin-top: 0; } .starter-template .logo { margin: 40px auto; } .starter-template .content { margin-left: 0; text-align: center; } .starter-template .content h1 { margin-bottom: 20px; } .starter-template .links { float: none; text-align: center; margin-top: 60px; } .starter-template .copyright { float: none; text-align: center; } } @media (max-width: 767px) { .starter-template .content h1 .smaller { font-size: 25px; display: block; } .starter-template .content .lead { font-size: 16px; } .starter-template .links { margin-top: 40px; } .starter-template .links ul li { display: block; margin: 0; } .starter-template .links ul li .icon-muted { display: none; } .starter-template .copyright { margin-top: 20px; } } python3-saml-1.12.0/demo_pyramid/demo_pyramid/templates/000077500000000000000000000000001410551756100232565ustar00rootroot00000000000000python3-saml-1.12.0/demo_pyramid/demo_pyramid/templates/attrs.jinja2000066400000000000000000000014611410551756100255140ustar00rootroot00000000000000{% extends "layout.jinja2" %} {% block content %} {% if paint_logout %} {% if attributes %}

You have the following attributes:

{% for attr in attributes %} {% endfor %}
NameValues
{{ attr.0 }}
    {% for val in attr.1 %}
  • {{ val }}
    • {% endfor %}
{% else %} {% endif %} Logout {% else %} Login and access again to this page {% endif %} {% endblock %} python3-saml-1.12.0/demo_pyramid/demo_pyramid/templates/index.jinja2000066400000000000000000000031111410551756100254600ustar00rootroot00000000000000{% extends "layout.jinja2" %} {% block content %}

Pyramid Starter project

Welcome to demo_pyramid, a Pyramid application generated by
Cookiecutter.

{% if errors %} {% endif %} {% if not_auth_warn %} {% endif %} {% if success_slo %} {% endif %} {% if paint_logout %} {% if attributes %} {% for attr in attributes %} {% endfor %}
NameValues
{{ attr.0 }}
    {% for val in attr.1 %}
  • {{ val }}
    • {% endfor %}
{% else %} {% endif %} Logout {% else %} Login Login and access to attrs page {% endif %} {% endblock %} python3-saml-1.12.0/demo_pyramid/demo_pyramid/templates/layout.jinja2000066400000000000000000000050541410551756100256760ustar00rootroot00000000000000 Cookiecutter Starter project for the Pyramid Web Framework
{% block content %}

No content

{% endblock content %}
Copyright © Pylons Project
python3-saml-1.12.0/demo_pyramid/demo_pyramid/tests.py000066400000000000000000000013051410551756100227730ustar00rootroot00000000000000import unittest from pyramid import testing class ViewTests(unittest.TestCase): def setUp(self): self.config = testing.setUp() def tearDown(self): testing.tearDown() def test_my_view(self): from .views import my_view request = testing.DummyRequest() info = my_view(request) self.assertEqual(info['project'], 'demo_pyramid') class FunctionalTests(unittest.TestCase): def setUp(self): from demo_pyramid import main app = main({}) from webtest import TestApp self.testapp = TestApp(app) def test_root(self): res = self.testapp.get('/', status=200) self.assertTrue(b'Pyramid' in res.body) python3-saml-1.12.0/demo_pyramid/demo_pyramid/views.py000066400000000000000000000102171410551756100227700ustar00rootroot00000000000000import os from pyramid.httpexceptions import (HTTPFound, HTTPInternalServerError, HTTPOk,) from pyramid.view import view_config from onelogin.saml2.auth import OneLogin_Saml2_Auth from onelogin.saml2.utils import OneLogin_Saml2_Utils SAML_PATH = os.path.join(os.path.dirname(__file__), 'saml') def init_saml_auth(req): auth = OneLogin_Saml2_Auth(req, custom_base_path=SAML_PATH) return auth def prepare_pyramid_request(request): # Uncomment this portion to set the request.scheme # based on the supplied `X-Forwarded` headers. # Useful for running behind reverse proxies or balancers. # # if 'X-Forwarded-Proto' in request.headers: # request.scheme = request.headers['X-Forwarded-Proto'] return { 'https': 'on' if request.scheme == 'https' else 'off', 'http_host': request.host, 'script_name': request.path, 'get_data': request.GET.copy(), # Uncomment if using ADFS as IdP, https://github.com/onelogin/python-saml/pull/144 # 'lowercase_urlencoding': True, 'post_data': request.POST.copy(), } @view_config(route_name='index', renderer='templates/index.jinja2') def index(request): req = prepare_pyramid_request(request) auth = init_saml_auth(req) errors = [] error_reason = "" not_auth_warn = False success_slo = False attributes = False paint_logout = False session = request.session if 'sso' in request.GET: return HTTPFound(auth.login()) elif 'sso2' in request.GET: return_to = '%s/attrs/' % request.host_url return HTTPFound(auth.login(return_to)) elif 'slo' in request.GET: name_id = None session_index = None if 'samlNameId' in session: name_id = session['samlNameId'] if 'samlSessionIndex' in session: session_index = session['samlSessionIndex'] return HTTPFound(auth.logout(name_id=name_id, session_index=session_index)) elif 'acs' in request.GET: auth.process_response() errors = auth.get_errors() not_auth_warn = not auth.is_authenticated() if len(errors) == 0: session['samlUserdata'] = auth.get_attributes() session['samlNameId'] = auth.get_nameid() session['samlSessionIndex'] = auth.get_session_index() self_url = OneLogin_Saml2_Utils.get_self_url(req) if 'RelayState' in request.POST and self_url != request.POST['RelayState']: return HTTPFound(auth.redirect_to(request.POST['RelayState'])) else: error_reason = auth.get_last_error_reason() elif 'sls' in request.GET: dscb = lambda: session.clear() url = auth.process_slo(delete_session_cb=dscb) errors = auth.get_errors() if len(errors) == 0: if url is not None: return HTTPFound(url) else: success_slo = True if 'samlUserdata' in session: paint_logout = True if len(session['samlUserdata']) > 0: attributes = session['samlUserdata'].items() return { 'errors': errors, 'error_reason': error_reason, 'not_auth_warn': not_auth_warn, 'success_slo': success_slo, 'attributes': attributes, 'paint_logout': paint_logout, } @view_config(route_name='attrs', renderer='templates/attrs.jinja2') def attrs(request): paint_logout = False attributes = False session = request.session if 'samlUserdata' in session: paint_logout = True if len(session['samlUserdata']) > 0: attributes = session['samlUserdata'].items() return { 'paint_logout': paint_logout, 'attributes': attributes, } @view_config(route_name='metadata', renderer='html') def metadata(request): req = prepare_pyramid_request(request) auth = init_saml_auth(req) settings = auth.get_settings() metadata = settings.get_sp_metadata() errors = settings.validate_metadata(metadata) if len(errors) == 0: resp = HTTPOk(body=metadata, headers={'Content-Type': 'text/xml'}) else: resp = HTTPInternalServerError(body=', '.join(errors)) return resp python3-saml-1.12.0/demo_pyramid/development.ini000066400000000000000000000021461410551756100216350ustar00rootroot00000000000000### # app configuration # http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/environment.html ### [app:main] use = egg:demo_pyramid pyramid.reload_templates = true pyramid.debug_authorization = false pyramid.debug_notfound = false pyramid.debug_routematch = false pyramid.default_locale_name = en pyramid.includes = pyramid_debugtoolbar # By default, the toolbar only appears for clients from IP addresses # '127.0.0.1' and '::1'. # debugtoolbar.hosts = 127.0.0.1 ::1 ### # wsgi server configuration ### [server:main] use = egg:waitress#main listen = 127.0.0.1:6543 [::1]:6543 ### # logging configuration # http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/logging.html ### [loggers] keys = root, demo_pyramid [handlers] keys = console [formatters] keys = generic [logger_root] level = INFO handlers = console [logger_demo_pyramid] level = DEBUG handlers = qualname = demo_pyramid [handler_console] class = StreamHandler args = (sys.stderr,) level = NOTSET formatter = generic [formatter_generic] format = %(asctime)s %(levelname)-5.5s [%(name)s:%(lineno)s][%(threadName)s] %(message)s python3-saml-1.12.0/demo_pyramid/production.ini000066400000000000000000000016431410551756100215020ustar00rootroot00000000000000### # app configuration # http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/environment.html ### [app:main] use = egg:demo_pyramid pyramid.reload_templates = false pyramid.debug_authorization = false pyramid.debug_notfound = false pyramid.debug_routematch = false pyramid.default_locale_name = en ### # wsgi server configuration ### [server:main] use = egg:waitress#main listen = *:6543 ### # logging configuration # http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/logging.html ### [loggers] keys = root, demo_pyramid [handlers] keys = console [formatters] keys = generic [logger_root] level = WARN handlers = console [logger_demo_pyramid] level = WARN handlers = qualname = demo_pyramid [handler_console] class = StreamHandler args = (sys.stderr,) level = NOTSET formatter = generic [formatter_generic] format = %(asctime)s %(levelname)-5.5s [%(name)s:%(lineno)s][%(threadName)s] %(message)s python3-saml-1.12.0/demo_pyramid/pytest.ini000066400000000000000000000000661410551756100206420ustar00rootroot00000000000000[pytest] testpaths = demo_pyramid python_files = *.py python3-saml-1.12.0/demo_pyramid/setup.py000066400000000000000000000022501410551756100203200ustar00rootroot00000000000000import os from setuptools import setup, find_packages here = os.path.abspath(os.path.dirname(__file__)) with open(os.path.join(here, 'README.txt')) as f: README = f.read() with open(os.path.join(here, 'CHANGES.txt')) as f: CHANGES = f.read() requires = [ 'pyramid', 'pyramid_jinja2', 'pyramid_debugtoolbar', 'waitress', 'xmlsec', 'isodate', 'python3-saml', ] tests_require = [ 'WebTest >= 1.3.1', # py3 compat 'pytest', 'pytest-cov', ] setup( name='demo_pyramid', version='0.0', description='demo_pyramid', long_description=README + '\n\n' + CHANGES, classifiers=[ 'Programming Language :: Python', 'Framework :: Pyramid', 'Topic :: Internet :: WWW/HTTP', 'Topic :: Internet :: WWW/HTTP :: WSGI :: Application', ], author='', author_email='', url='', keywords='web pyramid pylons', packages=find_packages(), include_package_data=True, zip_safe=False, extras_require={ 'testing': tests_require, }, install_requires=requires, entry_points={ 'paste.app_factory': [ 'main = demo_pyramid:main', ], }, ) python3-saml-1.12.0/docs/000077500000000000000000000000001410551756100150665ustar00rootroot00000000000000python3-saml-1.12.0/docs/saml2/000077500000000000000000000000001410551756100161045ustar00rootroot00000000000000python3-saml-1.12.0/docs/saml2/.buildinfo000066400000000000000000000003461410551756100200630ustar00rootroot00000000000000# Sphinx build info version 1 # This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done. config: e10660514f5c62e16e90878c60a15170 tags: fbb0d17656682115ca4d033fb2f83ba1 python3-saml-1.12.0/docs/saml2/_modules/000077500000000000000000000000001410551756100177135ustar00rootroot00000000000000python3-saml-1.12.0/docs/saml2/_modules/index.html000066400000000000000000000072251410551756100217160ustar00rootroot00000000000000 Overview: module code — OneLogin SAML Python library classes and methods

Navigation

All modules for which code is available

Navigation

© Copyright 2014, OneLogin Inc.. Created using Sphinx 1.1.3.
python3-saml-1.12.0/docs/saml2/_modules/saml2/000077500000000000000000000000001410551756100207315ustar00rootroot00000000000000python3-saml-1.12.0/docs/saml2/_modules/saml2/auth.html000066400000000000000000001462621410551756100225730ustar00rootroot00000000000000 saml2.auth — OneLogin SAML Python library classes and methods

Navigation

Source code for saml2.auth

# -*- coding: utf-8 -*-

# Copyright (c) 2010-2018 OneLogin, Inc.
# MIT License

from base64 import b64encode
from urllib import urlencode, quote
from xml.etree.ElementTree import tostring

import dm.xmlsec.binding as xmlsec

from saml2.settings import OneLogin_Saml2_Settings
from saml2.response import OneLogin_Saml2_Response
from saml2.errors import OneLogin_Saml2_Error
from saml2.logout_response import OneLogin_Saml2_Logout_Response
from saml2.constants import OneLogin_Saml2_Constants
from saml2.utils import OneLogin_Saml2_Utils
from saml2.logout_request import OneLogin_Saml2_Logout_Request
from saml2.authn_request import OneLogin_Saml2_Authn_Request



[docs]class OneLogin_Saml2_Auth(object):

    def __init__(self, request_data, old_settings=None):
        """
        Initializes the SP SAML instance.

        Arguments are:
            * (dict)   old_settings. Setting data
        """
        self.__request_data = request_data
        self.__settings = OneLogin_Saml2_Settings(old_settings)
        self.__attributes = []
        self.__nameid = ''
        self.__authenticated = False
        self.__errors = []


[docs]    def get_settings(self):
        """
        Returns the settings info
        :return: Setting info
        :rtype: OneLogin_Saml2_Setting object
        """
        return self.__settings



[docs]    def set_strict(self, value):
        """
        Set the strict mode active/disable

        :param value:
        :type value: bool
        """
        assert isinstance(value, bool)
        self.__settings.set_strict(value)



[docs]    def process_response(self, request_id=None):
        """
        Process the SAML Response sent by the IdP.

        :param request_id: Is an optional argument. Is the ID of the AuthNRequest sent by this SP to the IdP.
        :type request_id: string

        :raises: OneLogin_Saml2_Error.SAML_RESPONSE_NOT_FOUND, when a POST with a SAMLResponse is not found
        """
        self.__errors = []

        if 'post_data' in self.__request_data and 'SAMLResponse' in self.__request_data['post_data']:
            # AuthnResponse -- HTTP_POST Binding
            response = OneLogin_Saml2_Response(self.__settings, self.__request_data['post_data']['SAMLResponse'])

            if response.is_valid(request_id):
                self.__attributes = response.get_attributes()
                self.__nameid = response.get_nameid()
                self.__authenticated = True
            else:
                self.__errors.append('invalid_response')

        else:
            self.__errors.append('invalid_binding')
            raise OneLogin_Saml2_Error(
                'SAML Response not found, Only supported HTTP_POST Binding',
                OneLogin_Saml2_Error.SAML_RESPONSE_NOT_FOUND
            )



[docs]    def process_slo(self, keep_local_session=False, request_id=None, delete_session_cb=None):
        """
        Process the SAML Logout Response / Logout Request sent by the IdP.

        :param keep_local_session: When false will destroy the local session, otherwise will destroy it
        :type keep_local_session: bool

        :param request_id: The ID of the LogoutRequest sent by this SP to the IdP
        :type request_id: string

        :returns: Redirection url
        """
        self.__errors = []

        if 'get_data' in self.__request_data and 'SAMLResponse' in self.__request_data['get_data']:
            logout_response = OneLogin_Saml2_Logout_Response(self.__settings, self.__request_data['get_data']['SAMLResponse'])
            if not logout_response.is_valid(self.__request_data, request_id):
                self.__errors.append('invalid_logout_response')
            elif logout_response.get_status() != OneLogin_Saml2_Constants.STATUS_SUCCESS:
                self.__errors.append('logout_not_success')
            elif not keep_local_session:
                OneLogin_Saml2_Utils.delete_local_session(delete_session_cb)

        elif 'get_data' in self.__request_data and 'SAMLRequest' in self.__request_data['get_data']:
            request = OneLogin_Saml2_Utils.decode_base64_and_inflate(self.__request_data['get_data']['SAMLRequest'])
            if not OneLogin_Saml2_Logout_Request.is_valid(self.__settings, request, self.__request_data):
                self.__errors.append('invalid_logout_request')
            else:
                if not keep_local_session:
                    OneLogin_Saml2_Utils.delete_local_session(delete_session_cb)

                in_response_to = OneLogin_Saml2_Logout_Request.get_id(request)
                response_builder = OneLogin_Saml2_Logout_Response(self.__settings)
                response_builder.build(in_response_to)
                logout_response = response_builder.get_response()

                parameters = {'SAMLResponse': logout_response}
                if 'RelayState' in self.__request_data['get_data']:
                    parameters['RelayState'] = self.__request_data['get_data']['RelayState']

                security = self.__settings.get_security_data()
                if 'logoutResponseSigned' in security and security['logoutResponseSigned']:
                    signature = self.build_response_signature(logout_response, parameters.get('RelayState', None))
                    parameters['SigAlg'] = OneLogin_Saml2_Constants.RSA_SHA1
                    parameters['Signature'] = signature

                return self.redirect_to(self.get_slo_url(), parameters)

        else:
            self.__errors.append('invalid_binding')
            raise OneLogin_Saml2_Error(
                'SAML LogoutRequest/LogoutResponse not found. Only supported HTTP_REDIRECT Binding',
                OneLogin_Saml2_Error.SAML_LOGOUTMESSAGE_NOT_FOUND
            )



[docs]    def redirect_to(self, url=None, parameters={}):
        """
        Redirects the user to the url past by parameter or to the url that we defined in our SSO Request.

        :param url: The target URL to redirect the user
        :type url: string
        :param parameters: Extra parameters to be passed as part of the url
        :type parameters: dict

        :returns: Redirection url
        """
        if url is None and 'RelayState' in self.__request_data['get_data']:
            url = self.__request_data['get_data']['RelayState']
        return OneLogin_Saml2_Utils.redirect(url, parameters, request_data=self.__request_data)



[docs]    def is_authenticated(self):
        """
        Checks if the user is authenticated or not.

        :returns: True if is authenticated, False if not
        :rtype: bool
        """
        return self.__authenticated



[docs]    def get_attributes(self):
        """
        Returns the set of SAML attributes.

        :returns: SAML attributes
        :rtype: dict
        """
        return self.__attributes



[docs]    def get_nameid(self):
        """
        Returns the nameID.

        :returns: NameID
        :rtype: string
        """
        return self.__nameid



[docs]    def get_errors(self):
        """
        Returns a list with code errors if something went wrong

        :returns: List of errors
        :rtype: list
        """
        return self.__errors



[docs]    def get_attribute(self, name):
        """
        Returns the requested SAML attribute.

        :param name: Name of the attribute
        :type name: string

        :returns: Attribute value if exists or None
        :rtype: string
        """
        assert isinstance(name, basestring)
        value = None
        if name in self.__attributes.keys():
            value = self.__attributes[name]
        return value



[docs]    def login(self, return_to=None):
        """
        Initiates the SSO process.

        :param return_to: Optional argument. The target URL the user should be redirected to after login.
        :type return_to: string

        :returns: Redirection url
        """
        authn_request = OneLogin_Saml2_Authn_Request(self.__settings)

        saml_request = authn_request.get_request()
        parameters = {'SAMLRequest': saml_request}

        if return_to is not None:
            parameters['RelayState'] = return_to
        else:
            parameters['RelayState'] = OneLogin_Saml2_Utils.get_self_url_no_query(self.__request_data)

        security = self.__settings.get_security_data()
        if security.get('authnRequestsSigned', False):
            parameters['SigAlg'] = OneLogin_Saml2_Constants.RSA_SHA1
            parameters['Signature'] = self.build_request_signature(saml_request, parameters['RelayState'])
        return self.redirect_to(self.get_sso_url(), parameters)



[docs]    def logout(self, return_to=None, name_id=None, session_index=None):
        """
        Initiates the SLO process.

        :param return_to: Optional argument. The target URL the user should be redirected to after logout.
        :type return_to: string
        :param name_id: Optional argument. The NameID that will be set in the LogoutRequest.
        :type name_id: string
        :param session_index: Optional argument. SessionIndex that identifies the session of the user.
        :type session_index: string
        :returns: Redirection url
        """
        slo_url = self.get_slo_url()
        if slo_url is None:
            raise OneLogin_Saml2_Error(
                'The IdP does not support Single Log Out',
                OneLogin_Saml2_Error.SAML_SINGLE_LOGOUT_NOT_SUPPORTED
            )

        logout_request = OneLogin_Saml2_Logout_Request(self.__settings)

        saml_request = logout_request.get_request()

        parameters = {'SAMLRequest': logout_request.get_request()}
        if return_to is not None:
            parameters['RelayState'] = return_to
        else:
            parameters['RelayState'] = OneLogin_Saml2_Utils.get_self_url_no_query(self.__request_data)

        security = self.__settings.get_security_data()
        if security.get('logoutRequestSigned', False):
            parameters['SigAlg'] = OneLogin_Saml2_Constants.RSA_SHA1
            parameters['Signature'] = self.build_request_signature(saml_request, parameters['RelayState'])
        return self.redirect_to(slo_url, parameters)



[docs]    def get_sso_url(self):
        """
        Gets the SSO url.

        :returns: An URL, the SSO endpoint of the IdP
        :rtype: string
        """
        idp_data = self.__settings.get_idp_data()
        return idp_data['singleSignOnService']['url']



[docs]    def get_slo_url(self):
        """
        Gets the SLO url.

        :returns: An URL, the SLO endpoint of the IdP
        :rtype: string
        """
        url = None
        idp_data = self.__settings.get_idp_data()
        if 'singleLogoutService' in idp_data.keys() and 'url' in idp_data['singleLogoutService']:
            url = idp_data['singleLogoutService']['url']
        return url



[docs]    def build_request_signature(self, saml_request, relay_state):
        """
        Builds the Signature of the SAML Request.

        :param saml_request: The SAML Request
        :type saml_request: string

        :param relay_state: The target URL the user should be redirected to
        :type relay_state: string
        """
        if not self.__settings.check_sp_certs():
            raise OneLogin_Saml2_Error(
                "Trying to sign the SAML Request but can't load the SP certs",
                OneLogin_Saml2_Error.SP_CERTS_NOT_FOUND
            )

        xmlsec.initialize()

        # Load the key into the xmlsec context
        key = self.__settings.get_sp_key()
        file_key = OneLogin_Saml2_Utils.write_temp_file(key)  # FIXME avoid writing a file

        dsig_ctx = xmlsec.DSigCtx()
        dsig_ctx.signKey = xmlsec.Key.load(file_key.name, xmlsec.KeyDataFormatPem, None)
        file_key.close()
        
        data = {
            'SAMLRequest': quote(saml_request),
            'RelayState': quote(relay_state),
            'SignAlg': quote(OneLogin_Saml2_Constants.RSA_SHA1),
        }
        msg = urlencode(data)
        signature = dsig_ctx.signBinary(msg, xmlsec.TransformRsaSha1)
        return b64encode(signature)



[docs]    def build_response_signature(self, saml_response, relay_state):
        """
        Builds the Signature of the SAML Response.
        :param saml_request: The SAML Response
        :type saml_request: string

        :param relay_state: The target URL the user should be redirected to
        :type relay_state: string
        """
        if not self.__settings.check_sp_certs():
            raise OneLogin_Saml2_Error(
                "Trying to sign the SAML Response but can't load the SP certs",
                OneLogin_Saml2_Error.SP_CERTS_NOT_FOUND
            )

        xmlsec.initialize()

        # Load the key into the xmlsec context
        key = self.__settings.get_sp_key()
        file_key = OneLogin_Saml2_Utils.write_temp_file(key)  # FIXME avoid writing a file

        dsig_ctx = xmlsec.DSigCtx()
        dsig_ctx.signKey = xmlsec.Key.load(file_key.name, xmlsec.KeyDataFormatPem, None)
        file_key.close()

        data = {
            'SAMLResponse': quote(saml_response),
            'RelayState': quote(relay_state),
            'SignAlg': quote(OneLogin_Saml2_Constants.RSA_SHA1),
        }
        msg = urlencode(data)
        import pdb; dbp.set_trace()
        print msg
        data2 = {
            'SAMLResponse': saml_response,
            'RelayState': relay_state,
            'SignAlg': OneLogin_Saml2_Constants.RSA_SHA1,
        }
        msg2 = urlencode(data2)
        print msg2
        signature = dsig_ctx.signBinary(msg, xmlsec.TransformRsaSha1)
        return b64encode(signature)

Navigation

© Copyright 2014, OneLogin Inc.. Created using Sphinx 1.1.3.
python3-saml-1.12.0/docs/saml2/_modules/saml2/authn_request.html000066400000000000000000000320511410551756100245070ustar00rootroot00000000000000 saml2.authn_request — OneLogin SAML Python library classes and methods

Navigation

Source code for saml2.authn_request

# -*- coding: utf-8 -*-

# Copyright (c) 2010-2018 OneLogin, Inc.
# MIT License

from base64 import b64encode
from datetime import datetime
from zlib import compress

from saml2.utils import OneLogin_Saml2_Utils
from saml2.constants import OneLogin_Saml2_Constants



[docs]class OneLogin_Saml2_Authn_Request:

    def __init__(self, settings):
        """
        Constructs the AuthnRequest object.

        Arguments are:
            * (OneLogin_Saml2_Settings)   settings. Setting data
        """
        self.__settings = settings

        sp_data = self.__settings.get_sp_data()
        security = self.__settings.get_security_data()

        uid = OneLogin_Saml2_Utils.generate_unique_id()
        issue_instant = OneLogin_Saml2_Utils.parse_time_to_SAML(
            int(datetime.now().strftime("%s"))
        )

        name_id_policy_format = sp_data['NameIDFormat']
        if 'wantNameIdEncrypted' in security and security['wantNameIdEncrypted']:
            name_id_policy_format = OneLogin_Saml2_Constants.NAMEID_ENCRYPTED

        provider_name_str = ''
        organization_data = settings.get_organization()
        if isinstance(organization_data, dict):
            langs = organization_data.keys()
            if 'en-US' in langs:
                lang = 'en-US'
            else:
                lang = langs[0]
            if 'displayname' in organization_data[lang] and organization_data[lang]['displayname'] is not None:
                provider_name_str = 'ProviderName="%s"' % organization_data[lang]['displayname']

        request = """<samlp:AuthnRequest
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
    ID="%(id)s"
    Version="2.0"
    %(provider_name)s
    IssueInstant="%(issue_instant)s"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    AssertionConsumerServiceURL="%(assertion_url)s">
    <saml:Issuer>%(entity_id)s</saml:Issuer>
    <samlp:NameIDPolicy
        Format="%(name_id_policy)s"
        AllowCreate="true" />
    <samlp:RequestedAuthnContext Comparison="exact">
        <saml:AuthnContextMethodRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextMethodRef>
    </samlp:RequestedAuthnContext>
</samlp:AuthnRequest>""" % {
            'id': uid,
            'provider_name': provider_name_str,
            'issue_instant': issue_instant,
            'assertion_url': sp_data['assertionConsumerService']['url'],
            'entity_id': sp_data['entityId'],
            'name_id_policy': name_id_policy_format,
        }

        self.__authn_request = request


[docs]    def get_request(self):
        """
        Returns unsigned AuthnRequest.
        :return: Unsigned AuthnRequest
        :rtype: str object
        """
        deflated_request = compress(self.__authn_request)[2:-4]
        return b64encode(deflated_request)

Navigation

© Copyright 2014, OneLogin Inc.. Created using Sphinx 1.1.3.
python3-saml-1.12.0/docs/saml2/_modules/saml2/constants.html000066400000000000000000000251721410551756100236420ustar00rootroot00000000000000 saml2.constants — OneLogin SAML Python library classes and methods

Navigation

Source code for saml2.constants

# -*- coding: utf-8 -*-

# Copyright (c) 2010-2018 OneLogin, Inc.
# MIT License



[docs]class OneLogin_Saml2_Constants:
    # Value added to the current time in time condition validations
    ALOWED_CLOCK_DRIFT = 180

    # NameID Formats
    NAMEID_EMAIL_ADDRESS = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
    NAMEID_X509_SUBJECT_NAME = 'urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName'
    NAMEID_WINDOWS_DOMAIN_QUALIFIED_NAME = 'urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName'
    NAMEID_KERBEROS = 'urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos'
    NAMEID_ENTITY = 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity'
    NAMEID_TRANSIENT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
    NAMEID_PERSISTENT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'
    NAMEID_ENCRYPTED = 'urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted'

    # Attribute Name Formats
    ATTRNAME_FORMAT_UNSPECIFIED = 'urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified'
    ATTRNAME_FORMAT_URI = 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'
    ATTRNAME_FORMAT_BASIC = 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic'

    # Namespaces
    NS_SAML = 'urn:oasis:names:tc:SAML:2.0:assertion'
    NS_SAMLP = 'urn:oasis:names:tc:SAML:2.0:protocol'
    NS_SOAP = 'http://schemas.xmlsoap.org/soap/envelope/'
    NS_MD = 'urn:oasis:names:tc:SAML:2.0:metadata'
    NS_XS = 'http://www.w3.org/2001/XMLSchema'
    NS_XSI = 'http://www.w3.org/2001/XMLSchema-instance'
    NS_XENC = 'http://www.w3.org/2001/04/xmlenc#'
    NS_DS = 'http://www.w3.org/2000/09/xmldsig#'

    # Bindings
    BINDING_HTTP_POST = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
    BINDING_HTTP_REDIRECT = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
    BINDING_HTTP_ARTIFACT = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact'
    BINDING_SOAP = 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP'
    BINDING_DEFLATE = 'urn:oasis:names:tc:SAML:2.0:bindings:URL-Encoding:DEFLATE'

    # Auth Context Method
    AC_UNSPECIFIED = 'urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified'
    AC_PASSWORD = 'urn:oasis:names:tc:SAML:2.0:ac:classes:Password'
    AC_X509 = 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509'
    AC_SMARTCARD = 'urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard'
    AC_KERBEROS = 'urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos'

    # Subject Confirmation
    CM_BEARER = 'urn:oasis:names:tc:SAML:2.0:cm:bearer'
    CM_HOLDER_KEY = 'urn:oasis:names:tc:SAML:2.0:cm:holder-of-key'
    CM_SENDER_VOUCHES = 'urn:oasis:names:tc:SAML:2.0:cm:sender-vouches'

    # Status Codes
    STATUS_SUCCESS = 'urn:oasis:names:tc:SAML:2.0:status:Success'
    STATUS_REQUESTER = 'urn:oasis:names:tc:SAML:2.0:status:Requester'
    STATUS_RESPONDER = 'urn:oasis:names:tc:SAML:2.0:status:Responder'
    STATUS_VERSION_MISMATCH = 'urn:oasis:names:tc:SAML:2.0:status:VersionMismatch'
    STATUS_NO_PASSIVE = 'urn:oasis:names:tc:SAML:2.0:status:NoPassive'
    STATUS_PARTIAL_LOGOUT = 'urn:oasis:names:tc:SAML:2.0:status:PartialLogout'
    STATUS_PROXY_COUNT_EXCEEDED = 'urn:oasis:names:tc:SAML:2.0:status:ProxyCountExceeded'

    # Crypto
    RSA_SHA1 = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'

    NSMAP = {
        'samlp': NS_SAMLP,
        'saml': NS_SAML,
        'ds': NS_DS,
        'xenc': NS_XENC
    }

Navigation

© Copyright 2014, OneLogin Inc.. Created using Sphinx 1.1.3.
python3-saml-1.12.0/docs/saml2/_modules/saml2/errors.html000066400000000000000000000162251410551756100231410ustar00rootroot00000000000000 saml2.errors — OneLogin SAML Python library classes and methods

Navigation

Source code for saml2.errors

# -*- coding: utf-8 -*-

# Copyright (c) 2010-2018 OneLogin, Inc.
# MIT License



[docs]class OneLogin_Saml2_Error(Exception):

    # Errors
    SETTINGS_FILE_NOT_FOUND = 0
    SETTINGS_INVALID_SYNTAX = 1
    SETTINGS_INVALID = 2
    METADATA_SP_INVALID = 3
    SP_CERTS_NOT_FOUND = 4
    REDIRECT_INVALID_URL = 5
    PUBLIC_CERT_FILE_NOT_FOUND = 6
    PRIVATE_KEY_FILE_NOT_FOUND = 7
    SAML_RESPONSE_NOT_FOUND = 8
    SAML_LOGOUTMESSAGE_NOT_FOUND = 9
    SAML_LOGOUTREQUEST_INVALID = 10
    SAML_LOGOUTRESPONSE_INVALID = 11
    SAML_SINGLE_LOGOUT_NOT_SUPPORTED = 12

    def __init__(self, message, code=0, errors=None):
        """
        Initializes the Exception instance.

        Arguments are:
            * (str)   message.   Describes the error.
            * (int)   code.      The code error (defined in the error class).
        """
        from saml2.utils import _

        assert isinstance(message, basestring)
        assert isinstance(code, int)

        if errors is not None:
            message = message % errors

        Exception.__init__(self, _(message))
        self.code = code

Navigation

© Copyright 2014, OneLogin Inc.. Created using Sphinx 1.1.3.
python3-saml-1.12.0/docs/saml2/_modules/saml2/logout_request.html000066400000000000000000001200411410551756100246760ustar00rootroot00000000000000 saml2.logout_request — OneLogin SAML Python library classes and methods

Navigation

Source code for saml2.logout_request

# -*- coding: utf-8 -*-

# Copyright (c) 2010-2018 OneLogin, Inc.
# MIT License

from base64 import b64decode
from datetime import datetime
from lxml import etree
from os.path import basename
from urllib import urlencode
from urlparse import parse_qs
from xml.dom.minidom import Document, parseString

import dm.xmlsec.binding as xmlsec

from saml2.constants import OneLogin_Saml2_Constants
from saml2.utils import OneLogin_Saml2_Utils



[docs]class OneLogin_Saml2_Logout_Request:

    def __init__(self, settings,request=None,name_id=None, session_index=None):
        """
        Constructs the Logout Request object.

        Arguments are:
            * (OneLogin_Saml2_Settings)   settings. Setting data
        """
        self.__settings = settings

        sp_data = self.__settings.get_sp_data()
        idp_data = self.__settings.get_idp_data()
        security = self.__settings.get_security_data()

        uid = OneLogin_Saml2_Utils.generate_unique_id()
        name_id_value = OneLogin_Saml2_Utils.generate_unique_id()
        issue_instant = OneLogin_Saml2_Utils.parse_time_to_SAML(int(datetime.now().strftime("%s")))

        key = None
        if 'nameIdEncrypted' in security and security['nameIdEncrypted']:
            key = idp_data['x509cert']

        name_id = OneLogin_Saml2_Utils.generate_name_id(
            name_id_value,
            sp_data['entityId'],
            sp_data['NameIDFormat'],
            key
        )

        logout_request = """<samlp:LogoutRequest
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
    ID="%(id)s"
    Version="2.0"
    IssueInstant="%(issue_instant)s"
    Destination="%(single_logout_url)s">
    <saml:Issuer>%(entity_id)s</saml:Issuer>
    %(name_id)s
</samlp:LogoutRequest>""" % {
            'id': uid,
            'issue_instant': issue_instant,
            'single_logout_url': idp_data['singleLogoutService']['url'],
            'entity_id': sp_data['entityId'],
            'name_id': name_id,
        }

        self.__logout_request = logout_request


[docs]    def get_request(self):
        """
        Returns the Logout Request defated, base64encoded
        :return: Deflated base64 encoded Logout Request
        :rtype: str object
        """
        return OneLogin_Saml2_Utils.deflate_and_base64_encode(self.__logout_request)


    @staticmethod

[docs]    def get_id(request):
        """
        Returns the ID of the Logout Request
        :param request: Logout Request Message
        :type request: string|DOMDocument
        :return: string ID
        :rtype: str object
        """
        if isinstance(request, Document):
            dom = request
        else:
            dom = parseString(request)
        return dom.documentElement.getAttribute('ID')


    @staticmethod

[docs]    def get_name_id_data(request, key=None):
        """
        Gets the NameID Data of the the Logout Request
        :param request: Logout Request Message
        :type request: string|DOMDocument
        :param key: The SP key
        :type key: string
        :return: Name ID Data (Value, Format, NameQualifier, SPNameQualifier)
        :rtype: dict
        """
        if isinstance(request, Document):
            request = request.toxml()
        dom = etree.fromstring(request)
        name_id = None

        encrypted_entries = OneLogin_Saml2_Utils.query(dom, '/samlp:LogoutRequest/saml:EncryptedID')

        if len(encrypted_entries) == 1:
            if key is None:
                raise Exception('Key is required in order to decrypt the NameID')

            elem = parseString(etree.tostring(encrypted_entries[0]))
            encrypted_data_nodes = elem.documentElement.getElementsByTagName('xenc:EncryptedData')
            encrypted_data = encrypted_data_nodes[0]

            xmlsec.initialize()

            # Load the key into the xmlsec context
            file_key = OneLogin_Saml2_Utils.write_temp_file(key)  # FIXME avoid writing a file
            enc_key = xmlsec.Key.load(file_key.name, xmlsec.KeyDataFormatPem, None)
            enc_key.name = basename(file_key.name)
            file_key.close()
            enc_ctx = xmlsec.EncCtx()
            enc_ctx.encKey = enc_key

            name_id = OneLogin_Saml2_Utils.decrypt_element(encrypted_data, enc_ctx)
        else:
            entries = OneLogin_Saml2_Utils.query(dom, '/samlp:LogoutRequest/saml:NameID')
            if len(entries) == 1:
                name_id = entries[0]

        if name_id is None:
            raise Exception('Not NameID found in the Logout Request')

        name_id_data = {
            'Value': name_id.text
        }
        for attr in ['Format', 'SPNameQualifier', 'NameQualifier']:
            if attr in name_id.attrib.keys():
                name_id_data[attr] = name_id.attrib[attr]

        return name_id_data


    @staticmethod

[docs]    def get_name_id(request, key=None):
        """
        Gets the NameID of the Logout Request Message
        :param request: Logout Request Message
        :type request: string|DOMDocument
        :param key: The SP key
        :type key: string
        :return: Name ID Value
        :rtype: string
        """
        name_id = OneLogin_Saml2_Logout_Request.get_name_id_data(request, key)
        return name_id['Value']


    @staticmethod

[docs]    def get_issuer(request):
        """
        Gets the Issuer of the Logout Request Message
        :param request: Logout Request Message
        :type request: string|DOMDocument
        :return: The Issuer
        :rtype: string
        """
        if isinstance(request, Document):
            request = request.toxml()
        dom = etree.fromstring(request)

        issuer = None
        issuer_nodes = OneLogin_Saml2_Utils.query(dom, '/samlp:LogoutRequest/saml:Issuer')
        if len(issuer_nodes) == 1:
            issuer = issuer_nodes[0].text
        return issuer


    @staticmethod

[docs]    def get_session_indexes(request):
        """
        Gets the SessionIndexes from the Logout Request
        :param request: Logout Request Message
        :type request: string|DOMDocument
        :return: The SessionIndex value
        :rtype: list
        """
        if isinstance(request, Document):
            request = request.toxml()
        dom = etree.fromstring(request)

        session_indexes = []
        session_index_nodes = OneLogin_Saml2_Utils.query(dom, '/samlp:LogoutRequest/samlp:SessionIndex')
        for session_index_node in session_index_nodes:
            session_indexes.append(session_index_node.text)
        return session_indexes


    @staticmethod

[docs]    def is_valid(settings, request, get_data, debug=False):
        """
        Checks if the Logout Request recieved is valid
        :param settings: Settings
        :type settings: OneLogin_Saml2_Settings
        :param request: Logout Request Message
        :type request: string|DOMDocument
        :return: If the Logout Request is or not valid
        :rtype: boolean
        """
        try:
            if isinstance(request, Document):
                dom = request
            else:
                dom = parseString(request)

            idp_data = settings.get_idp_data()
            idp_entity_id = idp_data['entityId']

            if settings.is_strict():
                res = OneLogin_Saml2_Utils.validate_xml(dom, 'saml-schema-protocol-2.0.xsd', debug)
                if not isinstance(res, Document):
                    raise Exception('Invalid SAML Logout Request. Not match the saml-schema-protocol-2.0.xsd')

                security = settings.get_security_data()

                current_url = OneLogin_Saml2_Utils.get_self_url_no_query(get_data)

                # Check NotOnOrAfter
                if dom.documentElement.hasAttribute('NotOnOrAfter'):
                    na = OneLogin_Saml2_Utils.parse_SAML_to_time(dom.documentElement.getAttribute('NotOnOrAfter'))
                    if na <= datetime.now():
                        raise Exception('Timing issues (please check your clock settings)')

                # Check destination
                if dom.documentElement.hasAttribute('Destination'):
                    destination = dom.documentElement.getAttribute('Destination')
                    if destination is not None:
                        if current_url not in destination:
                            raise Exception('The LogoutRequest was received at $currentURL instead of $destination')

                # Check issuer
                issuer = OneLogin_Saml2_Logout_Request.get_issuer(dom)
                if issuer is None or issuer != idp_entity_id:
                    raise Exception('Invalid issuer in the Logout Request')

                if security['wantMessagesSigned']:
                    if 'Signature' not in get_data:
                        raise Exception('The Message of the Logout Request is not signed and the SP require it')

            if 'Signature' in get_data:
                if 'SigAlg' not in get_data:
                    sign_alg = OneLogin_Saml2_Constants.RSA_SHA1
                else:
                    sign_alg = get_data['SigAlg']

                if sign_alg != OneLogin_Saml2_Constants.RSA_SHA1:
                    raise Exception('Invalid signAlg in the recieved Logout Request')

                signed_query = 'SAMLRequest=%s' % urlencode(get_data['SAMLRequest'])
                if 'RelayState' in get_data:
                    signed_query = '%s&RelayState=%s' % (signed_query, urlencode(get_data['RelayState']))
                signed_query = '%s&SigAlg=%s' % (signed_query, urlencode(sign_alg))

                if 'x509cert' not in idp_data or idp_data['x509cert'] is None:
                    raise Exception('In order to validate the sign on the Logout Request, the x509cert of the IdP is required')
                cert = idp_data['x509cert']

                xmlsec.initialize()
                objkey = xmlsec.Key.load(cert, xmlsec.KeyDataFormatPem, None)  # FIXME is this right?

                if not objkey.verifySignature(signed_query, b64decode(get_data['Signature'])):
                    raise Exception('Signature validation failed. Logout Request rejected')

            return True
        except Exception as e:
            debug = settings.is_debug_active()
            if debug:
                print(e.strerror)
            return False

Navigation

© Copyright 2014, OneLogin Inc.. Created using Sphinx 1.1.3.
python3-saml-1.12.0/docs/saml2/_modules/saml2/logout_response.html000066400000000000000000000725631410551756100250630ustar00rootroot00000000000000 saml2.logout_response — OneLogin SAML Python library classes and methods

Navigation

Source code for saml2.logout_response

# -*- coding: utf-8 -*-

# Copyright (c) 2010-2018 OneLogin, Inc.
# MIT License

from base64 import b64decode
from datetime import datetime
from lxml import etree
from urllib import quote_plus
from xml.dom.minidom import Document, parseString

import dm.xmlsec.binding as xmlsec

from saml2.constants import OneLogin_Saml2_Constants
from saml2.utils import OneLogin_Saml2_Utils



[docs]class OneLogin_Saml2_Logout_Response():

    def __init__(self, settings, response=None):
        """
        Constructs a Logout Response object (Initialize params from settings
        and if provided load the Logout Response.

        Arguments are:
            * (OneLogin_Saml2_Settings)   settings. Setting data
            * (string)                    response. An UUEncoded SAML Logout
                                                    response from the IdP.
        """
        self.__settings = settings
        if response is not None:
            self.__logout_response = OneLogin_Saml2_Utils.decode_base64_and_inflate(response)
            self.document = parseString(self.__logout_response)


[docs]    def get_issuer(self):
        """
        Gets the Issuer of the Logout Response Message
        :return: The Issuer
        :rtype: string
        """
        issuer = None
        issuer_nodes = self.__query('/samlp:LogoutResponse/saml:Issuer')
        if len(issuer_nodes) == 1:
            issuer = issuer_nodes[0].text
        return issuer



[docs]    def get_status(self):
        """
        Gets the Status
        :return: The Status
        :rtype: string
        """
        entries = self.__query('/samlp:LogoutResponse/samlp:Status/samlp:StatusCode')
        if len(entries) == 0:
            return None
        status = entries[0].attrib['Value']
        return status



[docs]    def is_valid(self, request_data, request_id=None):
        """
        Determines if the SAML LogoutResponse is valid
        :param request_id: The ID of the LogoutRequest sent by this SP to the IdP
        :type request_id: string
        :return: Returns if the SAML LogoutResponse is or not valid
        :rtype: boolean
        """
        try:
            idp_data = self.__settings.get_idp_data()
            idp_entity_id = idp_data['entityId']
            get_data = request_data['get_data']

            if self.__settings.is_strict():
                res = OneLogin_Saml2_Utils.validate_xml(self.document, 'saml-schema-protocol-2.0.xsd', self.__settings.is_debug_active())
                if not isinstance(res, Document):
                    raise Exception('Invalid SAML Logout Request. Not match the saml-schema-protocol-2.0.xsd')

                security = self.__settings.get_security_data()

                # Check if the InResponseTo of the Logout Response matchs the ID of the Logout Request (requestId) if provided
                if request_id is not None and self.document.documentElement.hasAttribute('InResponseTo'):
                    in_response_to = self.document.documentElement.getAttribute('InResponseTo')
                    if request_id != in_response_to:
                        raise Exception('The InResponseTo of the Logout Response: %s, does not match the ID of the Logout request sent by the SP: %s' % (in_response_to, request_id))

                # Check issuer
                issuer = self.get_issuer()
                if issuer is None or issuer != idp_entity_id:
                    raise Exception('Invalid issuer in the Logout Request')

                current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data)

                # Check destination
                if self.document.documentElement.hasAttribute('Destination'):
                    destination = self.document.documentElement.getAttribute('Destination')
                    if destination is not None:
                        if current_url not in destination:
                            raise Exception('The LogoutRequest was received at $currentURL instead of $destination')

                if security['wantMessagesSigned']:
                    if 'Signature' not in get_data:
                        raise Exception('The Message of the Logout Response is not signed and the SP require it')

            if 'Signature' in get_data:
                if 'SigAlg' not in get_data:
                    sign_alg = OneLogin_Saml2_Constants.RSA_SHA1
                else:
                    sign_alg = get_data['SigAlg']

                if sign_alg != OneLogin_Saml2_Constants.RSA_SHA1:
                    raise Exception('Invalid signAlg in the recieved Logout Response')

                signed_query = 'SAMLResponse=%s' % quote_plus(get_data['SAMLResponse'])
                if 'RelayState' in get_data:
                    signed_query = '%s&RelayState=%s' % (signed_query, quote_plus(get_data['RelayState']))
                signed_query = '%s&SigAlg=%s' % (signed_query, quote_plus(sign_alg))

                if 'x509cert' not in idp_data or idp_data['x509cert'] is None:
                    raise Exception('In order to validate the sign on the Logout Response, the x509cert of the IdP is required')
                cert = idp_data['x509cert']

                xmlsec.initialize()
                objkey = xmlsec.Key.load(cert, xmlsec.KeyDataFormatPem, None)  # FIXME is this right?

                if not objkey.verifySignature(signed_query, b64decode(get_data['Signature'])):
                    raise Exception('Signature validation failed. Logout Response rejected')

            return True
        except Exception as e:
            debug = self.__settings.is_debug_active()
            if debug:
                print(e.strerror)
            return False


    def __query(self, query):
        """
        Extracts a node from the DOMDocument (Logout Response Menssage)
        :param query: Xpath Expresion
        :type query: string
        :return: The queried node
        :rtype: DOMNodeList
        """
        # Switch to lxml for querying
        xml = self.document.toxml()
        return OneLogin_Saml2_Utils.query(etree.fromstring(xml), query)


[docs]    def build(self, in_response_to):
        """
        Creates a Logout Response object.
        :param in_response_to: InResponseTo value for the Logout Response.
        :type in_response_to: string
        """
        sp_data = self.__settings.get_sp_data()
        idp_data = self.__settings.get_idp_data()

        uid = OneLogin_Saml2_Utils.generate_unique_id()
        issue_instant = OneLogin_Saml2_Utils.parse_time_to_SAML(
            int(datetime.now().strftime("%s"))
        )

        logout_response = """<samlp:LogoutResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
                      xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
                      ID="%(id)s"
                      Version="2.0"
                      IssueInstant="%(issue_instant)s"
                      Destination="%(destination)s"
                      InResponseTo="%(in_response_to)s"
>
    <saml:Issuer>%(entity_id)s</saml:Issuer>
    <samlp:Status>
        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
    </samlp:Status>
</samlp:LogoutResponse>""" % {
            'id': uid,
            'issue_instant': issue_instant,
            'destination': idp_data['singleLogoutService']['url'],
            'in_response_to': in_response_to,
            'entity_id': sp_data['entityId'],
        }

        self.__logout_response = logout_response



[docs]    def get_response(self):
        """
        Returns a Logout Response object.
        :return: Logout Response deflated and base64 encoded
        :rtype: string
        """
        return OneLogin_Saml2_Utils.deflate_and_base64_encode(self.__logout_response)

Navigation

© Copyright 2014, OneLogin Inc.. Created using Sphinx 1.1.3.
python3-saml-1.12.0/docs/saml2/_modules/saml2/metadata.html000066400000000000000000000711121410551756100234010ustar00rootroot00000000000000 saml2.metadata — OneLogin SAML Python library classes and methods

Navigation

Source code for saml2.metadata

# -*- coding: utf-8 -*-

# Copyright (c) 2010-2018 OneLogin, Inc.
# MIT License

from time import gmtime, strftime
from datetime import datetime
from xml.dom.minidom import parseString

from saml2.constants import OneLogin_Saml2_Constants
from saml2.utils import OneLogin_Saml2_Utils



[docs]class OneLogin_Saml2_Metadata:

    TIME_VALID = 172800   # 2 days
    TIME_CACHED = 604800  # 1 week

    @staticmethod

[docs]    def builder(sp, authnsign=False, wsign=False, valid_until=None, cache_duration=None, contacts=None, organization=None):
        """
        Build the metadata of the SP

        :param sp: The SP data
        :type sp: string

        :param authnsign: authnRequestsSigned attribute
        :type authnsign: string

        :param wsign: wantAssertionsSigned attribute
        :type wsign: string

        :param valid_until: Metadata's valid time
        :type valid_until: DateTime

        :param cache_duration: Duration of the cache in seconds
        :type cache_duration: Timestamp

        :param contacts: Contacts info
        :type contacts: dict

        :param organization: Organization ingo
        :type organization: dict
        """
        if valid_until is None:
            valid_until = int(datetime.now().strftime("%s")) + OneLogin_Saml2_Metadata.TIME_VALID
        valid_until_time = gmtime(valid_until)
        valid_until_time = strftime(r'%Y-%m-%dT%H:%M:%SZ', valid_until_time)
        if cache_duration is None:
            cache_duration = int(datetime.now().strftime("%s")) + OneLogin_Saml2_Metadata.TIME_CACHED
        if contacts is None:
            contacts = {}
        if organization is None:
            organization = {}

        sls = ''
        if 'singleLogoutService' in sp:
            sls = """<md:SingleLogoutService Binding="%(binding)s"
                                Location="%(location)s" />""" % {
                'binding': sp['singleLogoutService']['binding'],
                'location': sp['singleLogoutService']['url'],
            }

        str_authnsign = 'true' if authnsign else 'false'
        str_wsign = 'true' if wsign else 'false'

        str_organization = ''
        if len(organization) > 0:
            organization_info = []
            for (lang, info) in organization.items():
                organization_info.append("""    <md:Organization>
        <md:OrganizationName xml:lang="%(lang)s">%(name)s</md:OrganizationName>
        <md:OrganizationDisplayName xml:lang="%(lang)s">%(display_name)s</md:OrganizationDisplayName>
        <md:OrganizationURL xml:lang="%(lang)s">%(url)s</md:OrganizationURL>
    </md:Organization>""" % {
                    'lang': lang,
                    'name': info['name'],
                    'display_name': info['displayname'],
                    'url': info['url'],
                })
            str_organization = '\n'.join(organization_info)

        str_contacts = ''
        if len(contacts) > 0:
            contacts_info = []
            for (ctype, info) in contacts.items():
                contacts_info.append("""    <md:ContactPerson contactType="%(type)s">
        <md:GivenName>%(name)s</md:GivenName>
        <md:EmailAddress>%(email)s</md:EmailAddress>
    </md:ContactPerson>""" % {
                    'type': ctype,
                    'name': info['givenName'],
                    'email': info['emailAddress'],
                })
            str_contacts = '\n'.join(contacts_info)

        metadata = """<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
                     validUntil="%(valid)s"
                     cacheDuration="PT%(cache)sS"
                     entityID="%(entity_id)s">
    <md:SPSSODescriptor AuthnRequestsSigned="%(authnsign)s" WantAssertionsSigned="%(wsign)s" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
        <md:NameIDFormat>%(name_id_format)s</md:NameIDFormat>
        <md:AssertionConsumerService Binding="%(binding)s"
                                     Location="%(location)s"
                                     index="1" />
%(sls)s
    </md:SPSSODescriptor>
%(organization)s
%(contacts)s
</md:EntityDescriptor>""" % {
            'valid': valid_until_time,
            'cache': cache_duration,
            'entity_id': sp['entityId'],
            'authnsign': str_authnsign,
            'wsign': str_wsign,
            'name_id_format': sp['NameIDFormat'],
            'binding': sp['assertionConsumerService']['binding'],
            'location': sp['assertionConsumerService']['url'],
            'sls': sls,
            'organization': str_organization,
            'contacts': str_contacts,
        }

        return metadata


    @staticmethod

[docs]    def sign_metadata(metadata, key, cert):
        """
        Sign the metadata with the key/cert provided

        :param metadata: SAML Metadata XML
        :type metadata: string

        :param key: x509 key
        :type key: string

        :param cert: x509 cert
        :type cert: string

        :returns: Signed Metadata
        :rtype: string
        """
        return OneLogin_Saml2_Utils.add_sign(metadata, key, cert)


    @staticmethod

[docs]    def add_x509_key_descriptors(metadata, cert):
        """
        Add the x509 descriptors (sign/encriptation to the metadata
        The same cert will be used for sign/encrypt

        :param metadata: SAML Metadata XML
        :type metadata: string

        :param cert: x509 cert
        :type cert: string

        :returns: Metadata with KeyDescriptors
        :rtype: string
        """
        try:
            xml = parseString(metadata)
        except Exception as e:
            raise Exception('Error parsing metadata. ' + e.message)

        formated_cert = OneLogin_Saml2_Utils.format_cert(cert, False)
        x509_certificate = xml.createElementNS(OneLogin_Saml2_Constants.NS_DS, 'ds:X509Certificate')
        content = xml.createTextNode(formated_cert)
        x509_certificate.appendChild(content)

        key_data = xml.createElementNS(OneLogin_Saml2_Constants.NS_DS, 'ds:X509Data')
        key_data.appendChild(x509_certificate)

        key_info = xml.createElementNS(OneLogin_Saml2_Constants.NS_DS, 'ds:KeyInfo')
        key_info.appendChild(key_data)

        key_descriptor = xml.createElementNS(OneLogin_Saml2_Constants.NS_DS, 'md:KeyDescriptor')

        entity_descriptor = sp_sso_descriptor = xml.getElementsByTagName('md:EntityDescriptor')[0]
        entity_descriptor.setAttribute('xmlns:ds', OneLogin_Saml2_Constants.NS_DS)

        sp_sso_descriptor = xml.getElementsByTagName('md:SPSSODescriptor')[0]
        sp_sso_descriptor.insertBefore(key_descriptor.cloneNode(True), sp_sso_descriptor.firstChild)
        sp_sso_descriptor.insertBefore(key_descriptor.cloneNode(True), sp_sso_descriptor.firstChild)

        signing = xml.getElementsByTagName('md:KeyDescriptor')[0]
        signing.setAttribute('use', 'signing')

        encryption = xml.getElementsByTagName('md:KeyDescriptor')[1]
        encryption.setAttribute('use', 'encryption')

        signing.appendChild(key_info)
        encryption.appendChild(key_info.cloneNode(True))

        return xml.toxml()

Navigation

© Copyright 2014, OneLogin Inc.. Created using Sphinx 1.1.3.
python3-saml-1.12.0/docs/saml2/_modules/saml2/response.html000066400000000000000000001770171410551756100234720ustar00rootroot00000000000000 saml2.response — OneLogin SAML Python library classes and methods

Navigation

Source code for saml2.response

# -*- coding: utf-8 -*-

# Copyright (c) 2010-2018 OneLogin, Inc.
# MIT License

from base64 import b64decode
from copy import deepcopy
from lxml import etree
from os.path import basename
from time import time
import sys
from xml.dom.minidom import Document

import dm.xmlsec.binding as xmlsec

from saml2.constants import OneLogin_Saml2_Constants
from saml2.utils import OneLogin_Saml2_Utils



[docs]class OneLogin_Saml2_Response(object):

    def __init__(self, settings, response):
        """
        Constructs the response object.

        :param settings: The setting info
        :type settings: OneLogin_Saml2_Setting object

        :param response: The base64 encoded, XML string containing the samlp:Response
        :type response: string
        """
        self.__settings = settings
        self.response = b64decode(response)
        self.document = etree.fromstring(self.response)
        self.decrypted_document = None
        self.encrypted = None

        # Quick check for the presence of EncryptedAssertion
        encrypted_assertion_nodes = self.__query('//saml:EncryptedAssertion')
        if encrypted_assertion_nodes:
            decrypted_document = deepcopy(self.document)
            self.encrypted = True
            self.decrypted_document = self.__decrypt_assertion(decrypted_document)


[docs]    def is_valid(self, request_data, request_id=None):
        """
        Constructs the response object.

        :param request_id: Optional argument. The ID of the AuthNRequest sent by this SP to the IdP
        :type request_id: string

        :returns: True if the SAML Response is valid, False if not
        :rtype: bool
        """
        try:
            # Checks SAML version
            if self.document.get('Version', None) != '2.0':
                raise Exception('Unsupported SAML version')

            # Checks that ID exists
            if self.document.get('ID', None) is None:
                raise Exception('Missing ID attribute on SAML Response')

            # Checks that the response only has one assertion
            if not self.validate_num_assertions():
                raise Exception('Multiple assertions are not supported')

            # Checks that the response has the SUCCESS status
            self.check_status()

            idp_data = self.__settings.get_idp_data()
            idp_entityid = idp_data.get('entityId', '')
            sp_data = self.__settings.get_sp_data()
            sp_entityid = sp_data.get('entityId', '')

            sign_nodes = self.__query('//ds:Signature')

            signed_elements = []
            for sign_node in sign_nodes:
                signed_elements.append(sign_node.getparent().tag)

            if self.__settings.is_strict():
                res = OneLogin_Saml2_Utils.validate_xml(etree.tostring(self.document), 'saml-schema-protocol-2.0.xsd', self.__settings.is_debug_active())
                if not isinstance(res, Document):
                    raise Exception('Invalid SAML Response. Not match the saml-schema-protocol-2.0.xsd')

                security = self.__settings.get_security_data()
                current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data)

                # Check if the InResponseTo of the Response matchs the ID of the AuthNRequest (requestId) if provided
                in_response_to = self.document.get('InResponseTo', None)
                if in_response_to and request_id:
                    if in_response_to != request_id:
                        raise Exception('The InResponseTo of the Response: %s, does not match the ID of the AuthNRequest sent by the SP: %s' % (in_response_to, request_id))

                if not self.encrypted and security.get('wantAssertionsEncrypted', False):
                    raise Exception('The assertion of the Response is not encrypted and the SP require it')

                if security.get('wantNameIdEncrypted', False):
                    encrypted_nameid_nodes = self.__query_assertion('/saml:Subject/saml:EncryptedID/xenc:EncryptedData')
                    if not encrypted_nameid_nodes:
                        raise Exception('The NameID of the Response is not encrypted and the SP require it')

                # Checks that there is at least one AttributeStatement
                attribute_statement_nodes = self.__query_assertion('/saml:AttributeStatement')
                if not attribute_statement_nodes:
                    raise Exception('There is no AttributeStatement on the Response')

                # Validates Asserion timestamps
                if not self.validate_timestamps():
                    raise Exception('Timing issues (please check your clock settings)')

                encrypted_attributes_nodes = self.__query_assertion('/saml:AttributeStatement/saml:EncryptedAttribute')
                if encrypted_attributes_nodes:
                    raise Exception('There is an EncryptedAttribute in the Response and this SP not support them')

                # Checks destination
                destination = self.document.get('Destination', None)
                if destination:
                    if destination not in current_url:
                        raise Exception('The response was received at %s instead of %s' % (current_url, destination))

                # Checks audience
                valid_audiences = self.get_audiences()
                if valid_audiences and sp_entityid not in valid_audiences:
                    raise Exception('%s is not a valid audience for this Response' % sp_entityid)

                # Checks the issuers
                issuers = self.get_issuers()
                for issuer in issuers:
                    if not issuer or issuer != idp_entityid:
                        raise Exception('Invalid issuer in the Assertion/Response')

                # Checks the session Expiration
                session_expiration = self.get_session_not_on_or_after()
                if not session_expiration and session_expiration <= time():
                    raise Exception('The attributes have expired, based on the SessionNotOnOrAfter of the AttributeStatement of this Response')

                # Checks the SubjectConfirmation, at least one SubjectConfirmation must be valid
                any_subject_confirmation = False
                subject_confirmation_nodes = self.__query_assertion('/saml:Subject/saml:SubjectConfirmation')

                for scn in subject_confirmation_nodes:
                    method = scn.get('Method', None)
                    if method and method != OneLogin_Saml2_Constants.CM_BEARER:
                        continue
                    scData = scn.find('saml:SubjectConfirmationData', namespaces=OneLogin_Saml2_Constants.NSMAP)
                    if scData is None:
                        continue
                    else:
                        irt = scData.get('InResponseTo', None)
                        if irt != in_response_to:
                            continue
                        recipient = scData.get('Recipient', None)
                        if recipient not in current_url:
                            continue
                        nooa = scData.get('NotOnOrAfter', None)
                        if nooa:
                            parsed_nooa = OneLogin_Saml2_Utils.parse_SAML_to_time(nooa)
                            if parsed_nooa <= time():
                                continue
                        nb = scData.get('NotBefore', None)
                        if nb:
                            parsed_nb = OneLogin_Saml2_Utils.parse_SAML_to_time(nb)
                            if (parsed_nb > time()):
                                continue
                        any_subject_confirmation = True
                        break

                if not any_subject_confirmation:
                    raise Exception('A valid SubjectConfirmation was not found on this Response')

                if security.get('wantAssertionsSigned', False) and 'saml:Assertion' not in signed_elements:
                    raise Exception('The Assertion of the Response is not signed and the SP require it')

                if security.get('wantMessagesSigned', False) and 'samlp:Response' not in signed_elements:
                    raise Exception('The Message of the Response is not signed and the SP require it')

                document_to_validate = None
                if len(signed_elements) > 0:
                    cert = idp_data.get('x509cert', None)
                    fingerprint = idp_data.get('certFingerprint', None)

                    # Only validates the first sign found
                    if 'samlp:Response' in signed_elements:
                        document_to_validate = self.document
                    else:
                        if self.encrypted:
                            document_to_validate = self.decrypted_document
                        else:
                            document_to_validate = self.document

                if document_to_validate is not None:
                    if not OneLogin_Saml2_Utils.validate_sign(document_to_validate, cert, fingerprint):
                        raise Exception('Signature validation failed. SAML Response rejected')
            return True
        except:
            debug = self.__settings.is_debug_active()
            if debug:
                print sys.exc_info()[0]
            return False



[docs]    def check_status(self):
        """
        Check if the status of the response is success or not

        :raises: Exception. If the status is not success
        """
        status = OneLogin_Saml2_Utils.get_status(self.document)
        code = status.get('code', None)
        if code and code != OneLogin_Saml2_Constants.STATUS_SUCCESS:
            splited_code = code.split(':')
            printable_code = splited_code.pop()
            status_exception_msg = 'The status code of the Response was not Success, was %s' % printable_code
            status_msg = status.get('msg', None)
            if status_msg:
                status_exception_msg += ' -> ' + status_msg
            raise Exception(status_exception_msg)



[docs]    def get_audiences(self):
        """
        Gets the audiences

        :returns: The valid audiences for the SAML Response
        :rtype: list
        """
        audiences = []

        audience_nodes = self.__query_assertion('/saml:Conditions/saml:AudienceRestriction/saml:Audience')
        for audience_node in audience_nodes:
            audiences.append(audience_node.text)



[docs]    def get_issuers(self):
        """
        Gets the issuers (from message and from assertion)

        :returns: The issuers
        :rtype: list
        """
        issuers = []

        message_issuer_nodes = self.__query('/samlp:Response/saml:Issuer')
        if message_issuer_nodes:
            issuers.append(message_issuer_nodes[0].text)

        assertion_issuer_nodes = self.__query_assertion('/saml:Issuer')
        if assertion_issuer_nodes:
            issuers.append(assertion_issuer_nodes[0].text)

        return list(set(issuers))



[docs]    def get_nameid_data(self):
        """
        Gets the NameID Data provided by the SAML Response from the IdP

        :returns: Name ID Data (Value, Format, NameQualifier, SPNameQualifier)
        :rtype: dict
        """
        nameid = None
        encrypted_id_data_nodes = self.__query_assertion('/saml:Subject/saml:EncryptedID/xenc:EncryptedData')
        if encrypted_id_data_nodes:
            encrypted_data = encrypted_id_data_nodes[0]

            xmlsec.initialize()

            # Load the key into the xmlsec context
            key = self.__settings.get_sp_key()
            file_key = OneLogin_Saml2_Utils.write_temp_file(key)  # FIXME avoid writing a file
            enc_key = xmlsec.Key.load(file_key.name, xmlsec.KeyDataFormatPem, None)
            enc_key.name = basename(file_key.name)
            file_key.close()
            enc_ctx = xmlsec.EncCtx()
            enc_ctx.encKey = enc_key

            nameid = OneLogin_Saml2_Utils.decrypt_element(encrypted_data, enc_ctx)
        else:
            nameid_nodes = self.__query_assertion('/saml:Subject/saml:NameID')
            if nameid_nodes:
                nameid = nameid_nodes[0]
        if nameid is None:
            raise Exception('Not NameID found in the assertion of the Response')

        nameid_data = {'Value': nameid.text}
        for attr in ['Format', 'SPNameQualifier', 'NameQualifier']:
            value = nameid.get(attr, None)
            if value:
                nameid_data[attr] = value
        return nameid_data



[docs]    def get_nameid(self):
        """
        Gets the NameID provided by the SAML Response from the IdP

        :returns: NameID (value)
        :rtype: string
        """
        nameid_data = self.get_nameid_data()
        return nameid_data['Value']



[docs]    def get_session_not_on_or_after(self):
        """
        Gets the SessionNotOnOrAfter from the AuthnStatement
        Could be used to set the local session expiration

        :returns: The SessionNotOnOrAfter value
        :rtype: time|None
        """
        not_on_or_after = None
        authn_statement_nodes = self.__query_assertion('/saml:AuthnStatement[@SessionNotOnOrAfter]')
        if authn_statement_nodes:
            not_on_or_after = OneLogin_Saml2_Utils.parse_SAML_to_time(authn_statement_nodes[0].get('SessionNotOnOrAfter'))
        return not_on_or_after



[docs]    def get_session_index(self):
        """
        Gets the SessionIndex from the AuthnStatement
        Could be used to be stored in the local session in order
        to be used in a future Logout Request that the SP could
        send to the SP, to set what specific session must be deleted

        :returns: The SessionIndex value
        :rtype: string|None
        """
        session_index = None
        authn_statement_nodes = self.__query_assertion('/saml:AuthnStatement[@SessionIndex]')
        if authn_statement_nodes:
            session_index = authn_statement_nodes[0].get('SessionIndex')
        return session_index



[docs]    def get_attributes(self):
        """
        Gets the Attributes from the AttributeStatement element.
        EncryptedAttributes are not supported
        """
        attributes = {}
        attribute_nodes = self.__query_assertion('/saml:AttributeStatement/saml:Attribute')
        for attribute_node in attribute_nodes:
            attr_name = attribute_node.get('Name')
            values = []
            for attr in attribute_node.iterchildren('{%s}AttributeValue' % OneLogin_Saml2_Constants.NSMAP['saml']):
                values.append(attr.text)
            attributes[attr_name] = values
        return attributes



[docs]    def validate_num_assertions(self):
        """
        Verifies that the document only contains a single Assertion (encrypted or not)

        :returns: True if only 1 assertion encrypted or not
        :rtype: bool
        """
        encrypted_assertion_nodes = self.__query('//saml:EncryptedAssertion')
        assertion_nodes = self.__query('//saml:Assertion')
        return (len(encrypted_assertion_nodes) + len(assertion_nodes)) == 1



[docs]    def validate_timestamps(self):
        """
        Verifies that the document is valid according to Conditions Element

        :returns: True if the condition is valid, False otherwise
        :rtype: bool
        """
        conditions_nodes = self.__query('//saml:Conditions')
        for conditions_node in conditions_nodes:
            nb_attr = conditions_node.get('NotBefore')
            nooa_attr = conditions_node.get('NotOnOrAfter')
            if nb_attr and OneLogin_Saml2_Utils.parse_SAML_to_time(nb_attr) > time() + OneLogin_Saml2_Constants.ALOWED_CLOCK_DRIFT:
                return False
            if nooa_attr and OneLogin_Saml2_Utils.parse_SAML_to_time(nooa_attr) + OneLogin_Saml2_Constants.ALOWED_CLOCK_DRIFT <= time():
                return False
        return True


    def __query_assertion(self, xpath_expr):
        """
        Extracts nodes that match the query from the Assertion

        :param query: Xpath Expresion
        :type query: String

        :returns: The queried nodes
        :rtype: list
        """
        if self.encrypted:
            assertion_expr = '/saml:EncryptedAssertion/saml:Assertion'
        else:
            assertion_expr = '/saml:Assertion'
        signature_expr = '/ds:Signature/ds:SignedInfo/ds:Reference'
        signed_assertion_query = '/samlp:Response' + assertion_expr + signature_expr
        assertion_reference_nodes = self.__query(signed_assertion_query)

        if not assertion_reference_nodes:
            # Check if the message is signed
            signed_message_query = '/samlp:Response' + signature_expr
            message_reference_nodes = self.__query(signed_message_query)
            if message_reference_nodes:
                id = message_reference_nodes[0].get('URI')
                final_query = "/samlp:Response[@ID='%s']/" % id[1:]
            else:
                final_query = "/samlp:Response/"
            final_query += assertion_expr
        else:
            id = assertion_reference_nodes[0].get('URI')
            final_query = '/samlp:Response' + assertion_expr + "[@ID='%s']" % id[1:]
        final_query += xpath_expr
        return self.__query(final_query)

    def __query(self, query):
        """
        Extracts nodes that match the query from the Response

        :param query: Xpath Expresion
        :type query: String

        :returns: The queried nodes
        :rtype: list
        """
        if self.encrypted:
            document = self.decrypted_document
        else:
            document = self.document
        return OneLogin_Saml2_Utils.query(document, query)

    def __decrypt_assertion(self, dom):
        """
        Decrypts the Assertion

        :raises: Exception if no private key available
        :param dom: Encrypted Assertion
        :type dom: Element
        :returns: Decrypted Assertion
        :rtype: Element
        """
        key = self.__settings.get_sp_key()

        if not key:
            raise Exception('No private key available, check settings')

        # TODO Study how decrypt assertion

Navigation

© Copyright 2014, OneLogin Inc.. Created using Sphinx 1.1.3.
python3-saml-1.12.0/docs/saml2/_modules/saml2/settings.html000066400000000000000000002516161410551756100234720ustar00rootroot00000000000000 saml2.settings — OneLogin SAML Python library classes and methods

Navigation

Source code for saml2.settings

# -*- coding: utf-8 -*-

# Copyright (c) 2010-2018 OneLogin, Inc.
# MIT License

from datetime import datetime
import json
import re
from os.path import dirname, exists, join, sep
from xml.dom.minidom import Document

from saml2.constants import OneLogin_Saml2_Constants
from saml2.errors import OneLogin_Saml2_Error
from saml2.metadata import OneLogin_Saml2_Metadata
from saml2.utils import OneLogin_Saml2_Utils


# Regex from Django Software Foundation and individual contributors.
# Released under a BSD 3-Clause License
url_regex = re.compile(
    r'^(?:[a-z0-9\.\-]*)://'  # scheme is validated separately
    r'(?:(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+(?:[A-Z]{2,6}\.?|[A-Z0-9-]{2,}\.?)|'  # domain...
    r'localhost|'  # localhost...
    r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|'  # ...or ipv4
    r'\[?[A-F0-9]*:[A-F0-9:]+\]?)'  # ...or ipv6
    r'(?::\d+)?'  # optional port
    r'(?:/?|[/?]\S+)$', re.IGNORECASE)
url_schemes = ['http', 'https', 'ftp', 'ftps']



[docs]def validate_url(url):
    scheme = url.split('://')[0].lower()
    if scheme not in url_schemes:
        return False
    if not bool(url_regex.search(url)):
        return False
    return True




[docs]class OneLogin_Saml2_Settings:

    def __init__(self, settings=None, custom_base_path=None):
        """
        Initializes the settings:
        - Sets the paths of the different folders
        - Loads settings info from settings file or array/object provided

        :param settings: SAML Toolkit Settings
        :type settings: dict|object
        """
        self.__paths = {}
        self.__strict = False
        self.__debug = False
        self.__sp = {}
        self.__idp = {}
        self.__contacts = {}
        self.__organization = {}
        self.__errors = []

        self.__load_paths(base_path=custom_base_path)
        self.__update_paths(settings)

        if settings is None:
            if not self.__load_settings_from_file():
                raise OneLogin_Saml2_Error(
                    'Invalid file settings: %s',
                    OneLogin_Saml2_Error.SETTINGS_INVALID,
                    ','.join(self.__errors)
                )
            self.__add_default_values()
        elif isinstance(settings, dict):
            if not self.__load_settings_from_dict(settings):
                raise OneLogin_Saml2_Error(
                    'Invalid dict settings: %s',
                    OneLogin_Saml2_Error.SETTINGS_INVALID,
                    ','.join(self.__errors)
                )
        else:
            raise Exception('Unsupported settings object')

        self.format_idp_cert()

    def __load_paths(self, base_path=None):
        """
        Sets the paths of the different folders
        """
        if base_path is None:
            base_path = dirname(dirname(dirname(__file__)))
        base_path += sep
        self.__paths = {
            'base': base_path,
            'cert': base_path + 'certs' + sep,
            'lib': base_path + 'lib' + sep,
            'extlib': base_path + 'extlib' + sep,
        }

    def __update_paths(self, settings):
        """
        Set custom paths if necessary
        """
        if not isinstance(settings, dict):
            return

        if 'custom_base_path' in settings:
            base_path = settings['custom_base_path']
            base_path = join(dirname(__file__), base_path)
            self.__load_paths(base_path)


[docs]    def get_base_path(self):
        """
        Returns base path

        :return: The base toolkit folder path
        :rtype: string
        """
        return self.__paths['base']



[docs]    def get_cert_path(self):
        """
        Returns cert path

        :return: The cert folder path
        :rtype: string
        """
        return self.__paths['cert']



[docs]    def get_lib_path(self):
        """
        Returns lib path

        :return: The library folder path
        :rtype: string
        """
        return self.__paths['lib']



[docs]    def get_ext_lib_path(self):
        """
        Returns external lib path

        :return: The external library folder path
        :rtype: string
        """
        return self.__paths['extlib']



[docs]    def get_schemas_path(self):
        """
        Returns schema path

        :return: The schema folder path
        :rtype: string
        """
        return self.__paths['lib'] + 'schemas/'


    def __load_settings_from_dict(self, settings):
        """
        Loads settings info from a settings Dict

        :param settings: SAML Toolkit Settings
        :type settings: dict

        :returns: True if the settings info is valid
        :rtype: boolean
        """
        errors = self.check_settings(settings)
        if len(errors) == 0:
            self.__errors = []
            self.__sp = settings['sp']
            self.__idp = settings['idp']

            if 'strict' in settings:
                self.__strict = settings['strict']
            if 'debug' in settings:
                self.__debug = settings['debug']
            if 'security' in settings:
                self.__security = settings['security']
            if 'contactPerson' in settings:
                self.__contacts = settings['contactPerson']
            if 'organization' in settings:
                self.__organization = settings['organization']

            self.__add_default_values()
            return True

        self.__errors = errors
        return False

    def __load_settings_from_file(self):
        """
        Loads settings info from the settings json file

        :returns: True if the settings info is valid
        :rtype: boolean
        """
        filename = self.get_base_path() + 'settings.json'

        if not exists(filename):
            raise OneLogin_Saml2_Error(
                'Settings file not found: %s',
                OneLogin_Saml2_Error.SETTINGS_FILE_NOT_FOUND,
                filename
            )

        # In the php toolkit instead of being a json file it is a php file and
        # it is directly included
        json_data = open(filename, 'r')
        settings = json.load(json_data)
        json_data.close()

        advanced_filename = self.get_base_path() + 'advanced_settings.json'
        if exists(advanced_filename):
            json_data = open(advanced_filename, 'r')
            settings.update(json.load(json_data))  # Merge settings
            json_data.close()

        return self.__load_settings_from_dict(settings)

    def __add_default_values(self):
        """
        Add default values if the settings info is not complete
        """
        if 'binding' not in self.__sp['assertionConsumerService']:
            self.__sp['assertionConsumerService']['binding'] = OneLogin_Saml2_Constants.BINDING_HTTP_POST
        if 'singleLogoutService' in self.__sp and 'binding' not in self.__sp['singleLogoutService']:
            self.__sp['singleLogoutService']['binding'] = OneLogin_Saml2_Constants.BINDING_HTTP_REDIRECT

        # Related to nameID
        if 'NameIDFormat' not in self.__sp:
            self.__sp['NameIDFormat'] = OneLogin_Saml2_Constants.NAMEID_PERSISTENT
        if 'nameIdEncrypted' not in self.__security:
            self.__security['nameIdEncrypted'] = False

        # Sign provided
        if 'authnRequestsSigned' not in self.__security:
            self.__security['authnRequestsSigned'] = False
        if 'logoutRequestSigned' not in self.__security:
            self.__security['logoutRequestSigned'] = False
        if 'logoutResponseSigned' not in self.__security:
            self.__security['logoutResponseSigned'] = False
        if 'signMetadata' not in self.__security:
            self.__security['signMetadata'] = False

        # Sign expected
        if 'wantMessagesSigned' not in self.__security:
            self.__security['wantMessagesSigned'] = False
        if 'wantAssertionsSigned' not in self.__security:
            self.__security['wantAssertionsSigned'] = False

        # Encrypt expected
        if 'wantAssertionsEncrypted' not in self.__security:
            self.__security['wantAssertionsEncrypted'] = False
        if 'wantNameIdEncrypted' not in self.__security:
            self.__security['wantNameIdEncrypted'] = False

        if 'x509cert' not in self.__idp:
            self.__idp['x509cert'] = ''
        if 'certFingerprint' not in self.__idp:
            self.__idp['certFingerprint'] = ''


[docs]    def check_settings(self, settings):
        """
        Checks the settings info.

        :param settings: Dict with settings data
        :type settings: dict

        :returns: Errors found on the settings data
        :rtype: list
        """
        assert isinstance(settings, dict)

        errors = []
        if not isinstance(settings, dict) or len(settings) == 0:
            errors.append('invalid_syntax')
            return errors

        if 'idp' not in settings or len(settings['idp']) == 0:
            errors.append('idp_not_found')
        else:
            idp = settings['idp']
            if 'entityId' not in idp or len(idp['entityId']) == 0:
                errors.append('idp_entityId_not_found')

            if ('singleSignOnService' not in idp or
                'url' not in idp['singleSignOnService'] or
                    len(idp['singleSignOnService']['url']) == 0):
                errors.append('idp_sso_not_found')
            elif not validate_url(idp['singleSignOnService']['url']):
                errors.append('idp_sso_url_invalid')

            if ('singleLogoutService' in idp and
                'url' in idp['singleLogoutService'] and
                len(idp['singleLogoutService']['url']) > 0 and
                    not validate_url(idp['singleLogoutService']['url'])):
                errors.append('idp_slo_url_invalid')

        if 'sp' not in settings or len(settings['sp']) == 0:
            errors.append('sp_not_found')
        else:
            sp = settings['sp']
            security = {}
            if 'security' in settings:
                security = settings['security']

            if 'entityId' not in sp or len(sp['entityId']) == 0:
                errors.append('sp_entityId_not_found')

            if ('assertionConsumerService' not in sp or
                'url' not in sp['assertionConsumerService'] or
                    len(sp['assertionConsumerService']['url']) == 0):
                errors.append('sp_acs_not_found')
            elif not validate_url(sp['assertionConsumerService']['url']):
                errors.append('sp_acs_url_invalid')

            if ('singleLogoutService' in sp and
                'url' in sp['singleLogoutService'] and
                len(sp['singleLogoutService']['url']) > 0 and
                    not validate_url(sp['singleLogoutService']['url'])):
                errors.append('sp_sls_url_invalid')

            if 'signMetadata' in security and isinstance(security['signMetadata'], dict):
                if ('keyFileName' not in security['signMetadata'] or
                        'certFileName' not in security['signMetadata']):
                    errors.append('sp_signMetadata_invalid')

            if ((('authnRequestsSigned' in security and security['authnRequestsSigned']) or
                 ('logoutRequestSigned' in security and security['logoutRequestSigned']) or
                 ('logoutResponseSigned' in security and security['logoutResponseSigned']) or
                 ('wantAssertionsEncrypted' in security and security['wantAssertionsEncrypted']) or
                 ('wantNameIdEncrypted' in security and security['wantNameIdEncrypted'])) and
                    not self.check_sp_certs()):
                errors.append('sp_cert_not_found_and_required')

            exists_X509 = ('idp' in settings and
                           'x509cert' in settings['idp'] and
                           len(settings['idp']['x509cert']) > 0)
            exists_fingerprint = ('idp' in settings and
                                  'certFingerprint' in settings['idp'] and
                                  len(settings['idp']['certFingerprint']) > 0)
            if ((('wantAssertionsSigned' in security and security['wantAssertionsSigned']) or
                 ('wantMessagesSigned' in security and security['wantMessagesSigned'])) and
                    not(exists_X509 or exists_fingerprint)):
                errors.append('idp_cert_or_fingerprint_not_found_and_required')
            if ('nameIdEncrypted' in security and security['nameIdEncrypted']) and not exists_X509:
                errors.append('idp_cert_not_found_and_required')

        if 'contactPerson' in settings:
            types = settings['contactPerson'].keys()
            valid_types = ['technical', 'support', 'administrative', 'billing', 'other']
            for t in types:
                if t not in valid_types:
                    errors.append('contact_type_invalid')
                    break

            for t in settings['contactPerson']:
                contact = settings['contactPerson'][t]
                if (('givenName' not in contact or len(contact['givenName']) == 0) or
                        ('emailAddress' not in contact or len(contact['emailAddress']) == 0)):
                    errors.append('contact_not_enought_data')
                    break

        if 'organization' in settings:
            for o in settings['organization']:
                organization = settings['organization'][o]
                if (('name' not in organization or len(organization['name']) == 0) or
                    ('displayname' not in organization or len(organization['displayname']) == 0) or
                        ('url' not in organization or len(organization['url']) == 0)):
                    errors.append('organization_not_enought_data')
                    break

        return errors



[docs]    def check_sp_certs(self):
        """
        Checks if the x509 certs of the SP exists and are valid.

        :returns: If the x509 certs of the SP exists and are valid
        :rtype: boolean
        """
        key = self.get_sp_key()
        cert = self.get_sp_cert()
        return key is not None and cert is not None



[docs]    def get_sp_key(self):
        """
        Returns the x509 private key of the SP.

        :returns: SP private key
        :rtype: string
        """
        key = None
        key_file = self.__paths['cert'] + 'sp.key'

        if exists(key_file):
            f = open(key_file, 'r')
            key = f.read()
            f.close()

        return key



[docs]    def get_sp_cert(self):
        """
        Returns the x509 public cert of the SP.

        :returns: SP public cert
        :rtype: string
        """
        cert = None
        cert_file = self.__paths['cert'] + 'sp.crt'

        if exists(cert_file):
            f = open(cert_file, 'r')
            cert = f.read()
            f.close()

        return cert



[docs]    def get_idp_data(self):
        """
        Gets the IdP data.

        :returns: IdP info
        :rtype: dict
        """
        return self.__idp



[docs]    def get_sp_data(self):
        """
        Gets the SP data.

        :returns: SP info
        :rtype: dict
        """
        return self.__sp



[docs]    def get_security_data(self):
        """
        Gets security data.

        :returns: Security info
        :rtype: dict
        """
        return self.__security



[docs]    def get_contacts(self):
        """
        Gets contact data.

        :returns: Contacts info
        :rtype: dict
        """
        return self.__contacts



[docs]    def get_organization(self):
        """
        Gets organization data.

        :returns: Organization info
        :rtype: dict
        """
        return self.__organization



[docs]    def get_sp_metadata(self):
        """
        Gets the SP metadata. The XML representation.

        :returns: SP metadata (xml)
        :rtype: string
        """
        metadata = OneLogin_Saml2_Metadata.builder(
            self.__sp, self.__security['authnRequestsSigned'],
            self.__security['wantAssertionsSigned'], None, None,
            self.get_contacts(), self.get_organization()
        )
        cert = self.get_sp_cert()
        if cert is not None:
            metadata = OneLogin_Saml2_Metadata.add_x509_key_descriptors(metadata, cert)

        # Sign metadata
        if 'signMetadata' in self.__security and self.__security['signMetadata'] is not False:
            if self.__security['signMetadata'] is True:
                key_file_name = 'sp.key'
                cert_file_name = 'sp.crt'
            else:
                if ('keyFileName' not in self.__security['signMetadata'] or
                        'certFileName' not in self.__security['signMetadata']):
                    raise OneLogin_Saml2_Error(
                        'Invalid Setting: signMetadata value of the sp is not valid',
                        OneLogin_Saml2_Error.SETTINGS_INVALID_SYNTAX
                    )
                key_file_name = self.__security['signMetadata']['keyFileName']
                cert_file_name = self.__security['signMetadata']['certFileName']
            key_metadata_file = self.__paths['cert'] + key_file_name
            cert_metadata_file = self.__paths['cert'] + cert_file_name

            if not exists(key_metadata_file):
                raise OneLogin_Saml2_Error(
                    'Private key file not found: %s',
                    OneLogin_Saml2_Error.PRIVATE_KEY_FILE_NOT_FOUND,
                    key_metadata_file
                )

            if not exists(cert_metadata_file):
                raise OneLogin_Saml2_Error(
                    'Public cert file not found: %s',
                    OneLogin_Saml2_Error.PUBLIC_CERT_FILE_NOT_FOUND,
                    cert_metadata_file
                )

            f = open(key_metadata_file, 'r')
            key_metadata = f.read()
            f.close()
            f = open(cert_metadata_file, 'r')
            cert_metadata = f.read()
            f.close()
            metadata = OneLogin_Saml2_Metadata.sign_metadata(metadata, key_metadata, cert_metadata)

        return metadata



[docs]    def validate_metadata(self, xml):
        """
        Validates an XML SP Metadata.

        :param xml: Metadata's XML that will be validate
        :type xml: string

        :returns: The list of found errors
        :rtype: list
        """

        assert isinstance(xml, basestring)

        if len(xml) == 0:
            raise Exception('Empty string supplied as input')

        errors = []
        res = OneLogin_Saml2_Utils.validate_xml(xml, 'saml-schema-metadata-2.0.xsd', self.__debug)
        if not isinstance(res, Document):
            errors.append(res)
        else:
            dom = res
            element = dom.documentElement
            if element.tagName != 'md:EntityDescriptor':
                errors.append('noEntityDescriptor_xml')
            else:
                valid_until = cache_duration = expire_time = None

                if element.hasAttribute('validUntil'):
                    valid_until = OneLogin_Saml2_Utils.parse_SAML_to_time(element.getAttribute('validUntil'))
                if element.hasAttribute('cacheDuration'):
                    cache_duration = element.getAttribute('cacheDuration')

                expire_time = OneLogin_Saml2_Utils.get_expire_time(cache_duration, valid_until)
                if expire_time is not None and int(datetime.now().strftime('%s')) > int(expire_time):
                    errors.append('expired_xml')

        return errors



[docs]    def format_idp_cert(self):
        """
        Formats the IdP cert.
        """
        if self.__idp['x509cert'] is not None:
            self.__idp['x509cert'] = OneLogin_Saml2_Utils.format_cert(self.__idp['x509cert'])



[docs]    def get_errors(self):
        """
        Returns an array with the errors, the array is empty when the settings is ok.

        :returns: Errors
        :rtype: list
        """
        return self.__errors



[docs]    def set_strict(self, value):
        """
        Activates or deactivates the strict mode.

        :param xml: Strict parameter
        :type xml: boolean
        """
        assert isinstance(value, bool)

        self.__strict = value



[docs]    def is_strict(self):
        """
        Returns if the 'strict' mode is active.

        :returns: Strict parameter
        :rtype: boolean
        """
        return self.__strict



[docs]    def is_debug_active(self):
        """
        Returns if the debug is active.

        :returns: Debug parameter
        :rtype: boolean
        """
        return self.__debug

Navigation

© Copyright 2014, OneLogin Inc.. Created using Sphinx 1.1.3.
python3-saml-1.12.0/docs/saml2/_modules/saml2/utils.html000066400000000000000000002530371410551756100227710ustar00rootroot00000000000000 saml2.utils — OneLogin SAML Python library classes and methods

Navigation

Source code for saml2.utils

# -*- coding: utf-8 -*-

# Copyright (c) 2010-2018 OneLogin, Inc.
# MIT License

import base64
from datetime import datetime
import calendar
from hashlib import sha1
from isodate import parse_duration as duration_parser
from lxml import etree
from lxml.etree import ElementBase
from os.path import basename, dirname, join
import re
from sys import stderr
from tempfile import NamedTemporaryFile
from textwrap import wrap
from urllib import quote_plus
from uuid import uuid4
from xml.dom.minidom import Document, parseString, Element
from xml.etree.ElementTree import tostring
import zlib

import dm.xmlsec.binding as xmlsec
from dm.xmlsec.binding.tmpl import EncData, Signature
from M2Crypto import X509

from saml2.constants import OneLogin_Saml2_Constants
from saml2.errors import OneLogin_Saml2_Error


def _(msg):
    # Fixme Add i18n support
    return msg



[docs]class OneLogin_Saml2_Utils:

    @staticmethod

[docs]    def decode_base64_and_inflate(value):
        """ base64 decodes and then inflates according to RFC1951
        :param value: a deflated and encoded string
        :return: the string after decoding and inflating
        """

        return zlib.decompress(base64.b64decode(value), -15)


    @staticmethod

[docs]    def deflate_and_base64_encode(value):
        """
        Deflates and the base64 encodes a string
        :param value: The string to deflate and encode
        :return: The deflated and encoded string
        """
        return base64.b64encode(zlib.compress(value)[2:-4])


    @staticmethod

[docs]    def validate_xml(xml, schema, debug=False):
        """
        """
        assert (isinstance(xml, basestring) or isinstance(xml, Document))
        assert isinstance(schema, basestring)

        if isinstance(xml, Document):
            xml = xml.toxml()

        # Switch to lxml for schema validation
        try:
            dom = etree.fromstring(xml)
        except Exception:
            return 'unloaded_xml'

        schema_file = join(dirname(__file__), 'schemas', schema)
        f = open(schema_file, 'r')
        schema_doc = etree.parse(f)
        f.close()
        xmlschema = etree.XMLSchema(schema_doc)

        if not xmlschema.validate(dom):
            xml_errors = [xmlschema.error_log]
            if debug:
                stderr.write('Errors validating the metadata')
                stderr.write(':\n\n')
                for error in xml_errors:
                    stderr.write('%s\n' % error.message)

            return 'invalid_xml'

        return parseString(etree.tostring(dom))


    @staticmethod

[docs]    def format_cert(cert, heads=True):
        """
        Returns a x509 cert (adding header & footer if required).

        :param cert: A x509 unformated cert
        :type: string

        :param heads: True if we want to include head and footer
        :type: boolean

        :returns: Formated cert
        :rtype: string
        """
        x509_cert = cert.replace('\x0D', '')
        x509_cert = x509_cert.replace('\r', '')
        x509_cert = x509_cert.replace('\n', '')
        if len(x509_cert) > 0:
            x509_cert = x509_cert.replace('-----BEGIN CERTIFICATE-----', '')
            x509_cert = x509_cert.replace('-----END CERTIFICATE-----', '')
            x509_cert = x509_cert.replace(' ', '')

            if heads:
                x509_cert = '-----BEGIN CERTIFICATE-----\n' + '\n'.join(wrap(x509_cert, 64)) + '\n-----END CERTIFICATE-----\n'

        return x509_cert


    @staticmethod

[docs]    def redirect(url, parameters={}, request_data={}):
        """
        Executes a redirection to the provided url (or return the target url).

        :param url: The target url
        :type: string

        :param parameters: Extra parameters to be passed as part of the url
        :type: dict

        :param request_data: The request as a dict
        :type: dict

        :returns: Url
        :rtype: string
        """
        assert isinstance(url, basestring)
        assert isinstance(parameters, dict)

        if url.startswith('/'):
            url = '%s%s' % (OneLogin_Saml2_Utils.get_self_url_host(request_data), url)

        # Verify that the URL is to a http or https site.
        if re.search('^https?://', url) is None:
            raise OneLogin_Saml2_Error(
                'Redirect to invalid URL: ' + url,
                OneLogin_Saml2_Error.REDIRECT_INVALID_URL
            )

        # Add encoded parameters
        if url.find('?') < 0:
            param_prefix = '?'
        else:
            param_prefix = '&'

        for name, value in parameters.items():

            if value is None:
                param = urlencode(name)
            elif isinstance(value, list):
                param = ''
                for val in value:
                    param += quote_plus(name) + '[]=' + quote_plus(val) + '&'
                if len(param) > 0:
                    param = param[0:-1]
            else:
                param = quote_plus(name) + '=' + quote_plus(value)

            url += param_prefix + param
            param_prefix = '&'

        return url


    @staticmethod

[docs]    def get_self_url_host(request_data):
        """
        Returns the protocol + the current host + the port (if different than
        common ports).

        :param request_data: The request as a dict
        :type: dict

        :return: Url
        :rtype: string
        """
        current_host = OneLogin_Saml2_Utils.get_self_host(request_data)
        port = ''
        if OneLogin_Saml2_Utils.is_https(request_data):
            protocol = 'https'
        else:
            protocol = 'http'

        if 'server_port' in request_data:
            port_number = request_data['server_port']
            port = ':' + port_number

            if protocol == 'http' and port_number == '80':
                port = ''
            elif protocol == 'https' and port_number == '443':
                port = ''

        return '%s://%s%s' % (protocol, current_host, port)


    @staticmethod

[docs]    def get_self_host(request_data):
        """
        Returns the current host.

        :param request_data: The request as a dict
        :type: dict

        :return: The current host
        :rtype: string
        """
        if 'http_host' in request_data:
            current_host = request_data['http_host']
        elif 'server_name' in request_data:
            current_host = request_data['server_name']
        else:
            raise Exception('No hostname defined')

        if ':' in current_host:
            current_host_data = current_host.split(':')
            possible_port = current_host_data[-1]
            try:
                possible_port = float(possible_port)
                current_host = current_host_data[0]
            except ValueError:
                current_host = ':'.join(current_host_data)

        return current_host


    @staticmethod

[docs]    def is_https(request_data):
        """
        Checks if https or http.

        :param request_data: The request as a dict
        :type: dict

        :return: False if https is not active
        :rtype: boolean
        """
        is_https = 'https' in request_data and request_data['https'] != 'off'
        is_https = is_https or ('server_port' in request_data and request_data['server_port'] == '443')
        return is_https


    @staticmethod

[docs]    def get_self_url_no_query(request_data):
        """
        Returns the URL of the current host + current view.

        :param request_data: The request as a dict
        :type: dict

        :return: The url of current host + current view
        :rtype: string
        """
        self_url_host = OneLogin_Saml2_Utils.get_self_url_host(request_data)
        script_name = request_data['script_name']
        if script_name[0] != '/':
            script_name = '/' + script_name
        self_url_host += script_name
        if 'path_info' in request_data:
            self_url_host += request_data['path_info']

        return self_url_host


    @staticmethod

[docs]    def get_self_url(request_data):
        """
        Returns the URL of the current host + current view + query.

        :param request_data: The request as a dict
        :type: dict

        :return: The url of current host + current view + query
        :rtype: string
        """
        self_url_host = OneLogin_Saml2_Utils.get_self_url_host(request_data)

        request_uri = ''
        if 'request_uri' in request_data:
            request_uri = request_data['request_uri']
            if not request_uri.startswith('/'):
                match = re.search('^https?://[^/]*(/.*)', request_uri)
                if match is not None:
                    request_uri = match.groups()[0]

        return self_url_host + request_uri


    @staticmethod

[docs]    def generate_unique_id():
        """
        Generates an unique string (used for example as ID for assertions).

        :return: A unique string
        :rtype: string
        """
        return 'ONELOGIN_%s' % sha1(uuid4().hex).hexdigest()


    @staticmethod

[docs]    def parse_time_to_SAML(time):
        """
        Converts a UNIX timestamp to SAML2 timestamp on the form
        yyyy-mm-ddThh:mm:ss(\.s+)?Z.

        :param time: The time we should convert (DateTime).
        :type: string

        :return: SAML2 timestamp.
        :rtype: string
        """
        data = datetime.utcfromtimestamp(float(time))
        return data.strftime('%Y-%m-%dT%H:%M:%SZ')


    @staticmethod

[docs]    def parse_SAML_to_time(timestr):
        """
        Converts a SAML2 timestamp on the form yyyy-mm-ddThh:mm:ss(\.s+)?Z
        to a UNIX timestamp. The sub-second part is ignored.

        :param time: The time we should convert (SAML Timestamp).
        :type: string

        :return: Converted to a unix timestamp.
        :rtype: int
        """
        try:
            data = datetime.strptime(timestr, '%Y-%m-%dT%H:%M:%SZ')
        except ValueError:
            data = datetime.strptime(timestr, '%Y-%m-%dT%H:%M:%S.%fZ')
        return calendar.timegm(data.utctimetuple())


    @staticmethod

[docs]    def parse_duration(duration, timestamp=None):
        """
        Interprets a ISO8601 duration value relative to a given timestamp.

        :param duration: The duration, as a string.
        :type: string

        :param timestamp: The unix timestamp we should apply the duration to.
                          Optional, default to the current time.
        :type: string

        :return: The new timestamp, after the duration is applied.
        :rtype: int
        """
        assert isinstance(duration, basestring)
        assert (timestamp is None or isinstance(timestamp, int))

        timedelta = duration_parser(duration)
        if timestamp is None:
            data = datetime.utcnow() + timedelta
        else:
            data = datetime.utcfromtimestamp(timestamp) + timedelta
        return calendar.timegm(data.utctimetuple())


    @staticmethod

[docs]    def get_expire_time(cache_duration=None, valid_until=None):
        """
        Compares 2 dates and returns the earliest.

        :param cache_duration: The duration, as a string.
        :type: string

        :param valid_until: The valid until date, as a string or as a timestamp
        :type: string

        :return: The expiration time.
        :rtype: int
        """
        expire_time = None

        if cache_duration is not None:
            expire_time = OneLogin_Saml2_Utils.parse_duration(cache_duration)

        if valid_until is not None:
            if isinstance(valid_until, int):
                valid_until_time = valid_until
            else:
                valid_until_time = OneLogin_Saml2_Utils.parse_SAML_to_time(valid_until)
            if expire_time is None or expire_time > valid_until_time:
                expire_time = valid_until_time

        if expire_time is not None:
            return '%d' % expire_time
        return None


    @staticmethod

[docs]    def query(dom, query, context=None):
        """
        Extracts nodes that match the query from the Element

        :param dom: The root of the lxml objet
        :type: Element

        :param query: Xpath Expresion
        :type: string

        :param context: Context Node
        :type: DOMElement

        :returns: The queried nodes
        :rtype: list
        """
        if context is None:
            return dom.xpath(query, namespaces=OneLogin_Saml2_Constants.NSMAP)
        else:
            return context.xpath(query, namespaces=OneLogin_Saml2_Constants.NSMAP)


    @staticmethod

[docs]    def delete_local_session(callback=None):
        """
        Deletes the local session.
        """

        if callback is not None:
            callback()


    @staticmethod

[docs]    def calculate_x509_fingerprint(x509_cert):
        """
        Calculates the fingerprint of a x509cert.

        :param x509_cert: x509 cert
        :type: string

        :returns: Formated fingerprint
        :rtype: string
        """
        assert isinstance(x509_cert, basestring)

        lines = x509_cert.split('\n')
        data = ''

        for line in lines:
            # Remove '\r' from end of line if present.
            line = line.rstrip()
            if line == '-----BEGIN CERTIFICATE-----':
                # Delete junk from before the certificate.
                data = ''
            elif line == '-----END CERTIFICATE-----':
                # Ignore data after the certificate.
                break
            elif line == '-----BEGIN PUBLIC KEY-----' or line == '-----BEGIN RSA PRIVATE KEY-----':
                # This isn't an X509 certificate.
                return None
            else:
                # Append the current line to the certificate data.
                data += line
        # "data" now contains the certificate as a base64-encoded string. The
        # fingerprint of the certificate is the sha1-hash of the certificate.
        return sha1(base64.b64decode(data)).hexdigest().lower()


    @staticmethod

[docs]    def format_finger_print(fingerprint):
        """
        Formates a fingerprint.

        :param fingerprint: fingerprint
        :type: string

        :returns: Formated fingerprint
        :rtype: string
        """
        formated_fingerprint = fingerprint.replace(':', '')
        return formated_fingerprint.lower()


    @staticmethod

[docs]    def generate_name_id(value, sp_nq, sp_format, key=None):
        """
        Generates a nameID.

        :param value: fingerprint
        :type: string

        :param sp_nq: SP Name Qualifier
        :type: string

        :param sp_format: SP Format
        :type: string

        :param key: SP Key to encrypt the nameID
        :type: string

        :returns: DOMElement | XMLSec nameID
        :rtype: string
        """
        doc = Document()

        name_id = doc.createElement('saml:NameID')
        name_id.setAttribute('SPNameQualifier', sp_nq)
        name_id.setAttribute('Format', sp_format)
        name_id.appendChild(doc.createTextNode(value))

        doc.appendChild(name_id)

        if key is not None:
            xmlsec.initialize()

            # Load the private key
            mngr = xmlsec.KeysMngr()
            key = OneLogin_Saml2_Utils.format_cert(key, heads=False)
            file_key = OneLogin_Saml2_Utils.write_temp_file(key)
            key_data = xmlsec.Key.load(file_key.name, xmlsec.KeyDataFormatPem, None)
            key_data.name = key_name = basename(file_key.name)
            mngr.addKey(key_data)
            file_key.close()

            # Prepare for encryption
            enc_data = EncData(xmlsec.TransformAes128Cbc, type=xmlsec.TypeEncElement)
            enc_data.ensureCipherValue()
            key_info = enc_data.ensureKeyInfo()
            enc_key = key_info.addEncryptedKey(xmlsec.TransformRsaPkcs1)
            enc_key.ensureCipherValue()
            enc_key_info = enc_key.ensureKeyInfo()
            enc_key_info.addKeyName(key_name)

            # Encrypt!
            enc_ctx = xmlsec.EncCtx(mngr)
            enc_ctx.enc_key = xmlsec.Key.generate(xmlsec.KeyDataAes, 128, xmlsec.KeyDataTypeSession)
            ed = enc_ctx.encryptXml(enc_data, doc.getroot())

            # Build XML with encrypted data
            newdoc = Document()
            encrypted_id = newdoc.createElement('saml:EncryptedID')
            newdoc.appendChild(encrypted_id)
            encrypted_id.appendChild(encrypted_id.ownerDocument.importNode(ed, True))

            return newdoc.saveXML(encrypted_id)
        else:
            return doc.saveXML(name_id)


    @staticmethod

[docs]    def get_status(dom):
        """
        Gets Status from a Response.

        :param dom: The Response as XML
        :type: Document

        :returns: The Status, an array with the code and a message.
        :rtype: dict
        """
        status = {}

        status_entry = OneLogin_Saml2_Utils.query(dom, '/samlp:Response/samlp:Status')
        if len(status_entry) == 0:
            raise Exception('Missing Status on response')

        code_entry = OneLogin_Saml2_Utils.query(dom, '/samlp:Response/samlp:Status/samlp:StatusCode', status_entry[0])
        if len(code_entry) == 0:
            raise Exception('Missing Status Code on response')
        code = code_entry[0].values()[0]
        status['code'] = code

        message_entry = OneLogin_Saml2_Utils.query(dom, '/samlp:Response/samlp:Status/samlp:StatusMessage', status_entry[0])
        if len(message_entry) == 0:
            status['msg'] = ''
        else:
            status['msg'] = message_entry[0].text

        return status


    @staticmethod

[docs]    def decrypt_element(encrypted_data, enc_ctx):
        """
        Decrypts an encrypted element.

        :param encrypted_data: The encrypted data.
        :type: DOMElement

        :param enc_ctx: The encryption context.
        :type: Encryption Context

        :returns: The decrypted element.
        :rtype: DOMElement
        """
        if isinstance(encrypted_data, Element):
            # Minidom element
            encrypted_data = etree.fromstring(encrypted_data.toxml())

        decrypted = enc_ctx.decrypt(encrypted_data)
        if isinstance(decrypted, ElementBase):
            # lxml element, decrypted xml data
            return tostring(decrypted.getroottree())
        else:
            # decrypted binary data
            return decrypted


    @staticmethod

[docs]    def write_temp_file(content):
        """
        Writes some content into a temporary file and returns it.

        :param content: The file content
        :type: string

        :returns: The temporary file
        :rtype: file-like object
        """
        f = NamedTemporaryFile(delete=True)
        f.file.write(content)
        f.file.flush()
        return f


    @staticmethod

[docs]    def add_sign(xml, key, cert):
        """
        Adds signature key and senders certificate to an element (Message or
        Assertion).

        :param xml: The element we should sign
        :type: string | Document

        :param key: The private key
        :type: string

        :param cert: The public
        :type: string
        """
        if isinstance(xml, Document):
            dom = xml
        else:
            if xml == '':
                raise Exception('Empty string supplied as input')

            try:
                dom = parseString(xml)
            except Exception:
                raise Exception('Error parsing xml string')

        xmlsec.initialize()

        # TODO the key and cert could be file descriptors instead
        # Load the private key.
        file_key = OneLogin_Saml2_Utils.write_temp_file(key)
        sign_key = xmlsec.Key.load(file_key.name, xmlsec.KeyDataFormatPem, None)
        file_key.close()
        # Add the certificate to the signature.
        file_cert = OneLogin_Saml2_Utils.write_temp_file(cert)
        sign_key.loadCert(file_cert.name, xmlsec.KeyDataFormatPem)
        file_cert.close()

        # Get the EntityDescriptor node we should sign.
        root_node = dom.firstChild

        # Sign the metadata with our private key.
        signature = Signature(xmlsec.TransformExclC14N, xmlsec.TransformRsaSha1)
        ref = signature.addReference(xmlsec.TransformSha1)
        ref.addTransform(xmlsec.TransformEnveloped)

        key_info = signature.ensureKeyInfo()
        key_info.addX509Data()

        dsig_ctx = xmlsec.DSigCtx()
        dsig_ctx.signKey = sign_key
        dsig_ctx.sign(signature)

        signature = tostring(signature).replace('ns0:', 'ds:').replace(':ns0', ':ds')
        signature = parseString(signature).firstChild

        insert_before = root_node.getElementsByTagName('saml:Issuer')
        if len(insert_before) > 0:
            insert_before = insert_before[0].nextSibling
        else:
            insert_before = root_node.firstChild.nextSibling.nextSibling
        root_node.insertBefore(signature, insert_before)

        return dom.toxml()


    @staticmethod

[docs]    def validate_sign(xml, cert=None, fingerprint=None):
        """
        Validates a signature (Message or Assertion).

        :param xml: The element we should validate
        :type: string | Document

        :param cert: The pubic cert
        :type: string

        :param fingerprint: The fingerprint of the public cert
        :type: string
        """
        if isinstance(xml, Document):
            dom = etree.fromstring(xml.toxml())
        else:
            if xml == '':
                raise Exception('Empty string supplied as input')

            try:
                dom = etree.fromstring(xml)
            except Exception:
                raise Exception('Error parsing xml string')

        xmlsec.initialize()

        # Find signature in the dom
        signature_node = OneLogin_Saml2_Utils.query(dom, 'ds:Signature')[0]

        # Prepare context and load cert into it
        dsig_ctx = xmlsec.DSigCtx()
        sign_cert = X509.load_cert_string(str(cert), X509.FORMAT_PEM)
        pub_key = sign_cert.get_pubkey().get_rsa()
        sign_key = xmlsec.Key.loadMemory(pub_key.as_pem(cipher=None),
                                         xmlsec.KeyDataFormatPem)
        dsig_ctx.signKey = sign_key

        # Verify signature
        dsig_ctx.verify(signature_node)

Navigation

© Copyright 2014, OneLogin Inc.. Created using Sphinx 1.1.3.
python3-saml-1.12.0/docs/saml2/_sources/000077500000000000000000000000001410551756100177265ustar00rootroot00000000000000python3-saml-1.12.0/docs/saml2/_sources/index.txt000066400000000000000000000007251410551756100216020ustar00rootroot00000000000000.. saml2 documentation master file, created by sphinx-quickstart on Thu Oct 23 03:29:00 2014. You can adapt this file completely to your liking, but it should at least contain the root `toctree` directive. Welcome to OneLogin SAML Python library documentation ===================================================== Contents: .. toctree:: :maxdepth: 4 saml2 Indices and tables ================== * :ref:`genindex` * :ref:`modindex` * :ref:`search` python3-saml-1.12.0/docs/saml2/_sources/saml2.txt000066400000000000000000000026221410551756100215070ustar00rootroot00000000000000OneLogin saml2 Module ====================== :mod:`auth` Class ------------------ .. automodule:: saml2.auth :members: :undoc-members: :show-inheritance: :mod:`authn_request` Class --------------------------- .. automodule:: saml2.authn_request :members: :undoc-members: :show-inheritance: :mod:`constants` Class ----------------------- .. automodule:: saml2.constants :members: :undoc-members: :show-inheritance: :mod:`errors` Class -------------------- .. automodule:: saml2.errors :members: :undoc-members: :show-inheritance: :mod:`logout_request` Class ---------------------------- .. automodule:: saml2.logout_request :members: :undoc-members: :show-inheritance: :mod:`logout_response` Class ----------------------------- .. automodule:: saml2.logout_response :members: :undoc-members: :show-inheritance: :mod:`metadata` Class ---------------------- .. automodule:: saml2.metadata :members: :undoc-members: :show-inheritance: :mod:`response` Class ---------------------- .. automodule:: saml2.response :members: :undoc-members: :show-inheritance: :mod:`settings` Class ---------------------- .. automodule:: saml2.settings :members: :undoc-members: :show-inheritance: :mod:`utils` Class ------------------- .. automodule:: saml2.utils :members: :undoc-members: :show-inheritance: python3-saml-1.12.0/docs/saml2/_static/000077500000000000000000000000001410551756100175325ustar00rootroot00000000000000python3-saml-1.12.0/docs/saml2/_static/ajax-loader.gif000066400000000000000000000012411410551756100224060ustar00rootroot00000000000000GIF89aU|NU|l!Created with ajaxload.info! ! NETSCAPE2.0,30Ikc:Nf E1º.`q-[9ݦ9 JkH! ,4N!  DqBQT`1 `LE[|ua C%$*! ,62#+AȐ̔V/cNIBap ̳ƨ+Y2d! ,3b%+2V_ ! 1DaFbR]=08,Ȥr9L! ,2r'+JdL &v`\bThYB)@<&,ȤR! ,3 9tڞ0!.BW1  sa50 m)J! ,2 ٜU]qp`a4AF0` @1Α! ,20IeBԜ) q10ʰPaVڥ ub[;python3-saml-1.12.0/docs/saml2/_static/basic.css000066400000000000000000000204171410551756100213310ustar00rootroot00000000000000/* * basic.css * ~~~~~~~~~ * * Sphinx stylesheet -- basic theme. * * :copyright: Copyright 2007-2011 by the Sphinx team, see AUTHORS. * :license: BSD, see LICENSE for details. * */ /* -- main layout ----------------------------------------------------------- */ div.clearer { clear: both; } /* -- relbar ---------------------------------------------------------------- */ div.related { width: 100%; font-size: 90%; } div.related h3 { display: none; } div.related ul { margin: 0; padding: 0 0 0 10px; list-style: none; } div.related li { display: inline; } div.related li.right { float: right; margin-right: 5px; } /* -- sidebar --------------------------------------------------------------- */ div.sphinxsidebarwrapper { padding: 10px 5px 0 10px; } div.sphinxsidebar { float: left; width: 230px; margin-left: -100%; font-size: 90%; } div.sphinxsidebar ul { list-style: none; } div.sphinxsidebar ul ul, div.sphinxsidebar ul.want-points { margin-left: 20px; list-style: square; } div.sphinxsidebar ul ul { margin-top: 0; margin-bottom: 0; } div.sphinxsidebar form { margin-top: 10px; } div.sphinxsidebar input { border: 1px solid #98dbcc; font-family: sans-serif; font-size: 1em; } div.sphinxsidebar #searchbox input[type="text"] { width: 170px; } div.sphinxsidebar #searchbox input[type="submit"] { width: 30px; } img { border: 0; } /* -- search page ----------------------------------------------------------- */ ul.search { margin: 10px 0 0 20px; padding: 0; } ul.search li { padding: 5px 0 5px 20px; background-image: url(file.png); background-repeat: no-repeat; background-position: 0 7px; } ul.search li a { font-weight: bold; } ul.search li div.context { color: #888; margin: 2px 0 0 30px; text-align: left; } ul.keywordmatches li.goodmatch a { font-weight: bold; } /* -- index page ------------------------------------------------------------ */ table.contentstable { width: 90%; } table.contentstable p.biglink { line-height: 150%; } a.biglink { font-size: 1.3em; } span.linkdescr { font-style: italic; padding-top: 5px; font-size: 90%; } /* -- general index --------------------------------------------------------- */ table.indextable { width: 100%; } table.indextable td { text-align: left; vertical-align: top; } table.indextable dl, table.indextable dd { margin-top: 0; margin-bottom: 0; } table.indextable tr.pcap { height: 10px; } table.indextable tr.cap { margin-top: 10px; background-color: #f2f2f2; } img.toggler { margin-right: 3px; margin-top: 3px; cursor: pointer; } div.modindex-jumpbox { border-top: 1px solid #ddd; border-bottom: 1px solid #ddd; margin: 1em 0 1em 0; padding: 0.4em; } div.genindex-jumpbox { border-top: 1px solid #ddd; border-bottom: 1px solid #ddd; margin: 1em 0 1em 0; padding: 0.4em; } /* -- general body styles --------------------------------------------------- */ a.headerlink { visibility: hidden; } h1:hover > a.headerlink, h2:hover > a.headerlink, h3:hover > a.headerlink, h4:hover > a.headerlink, h5:hover > a.headerlink, h6:hover > a.headerlink, dt:hover > a.headerlink { visibility: visible; } div.body p.caption { text-align: inherit; } div.body td { text-align: left; } .field-list ul { padding-left: 1em; } .first { margin-top: 0 !important; } p.rubric { margin-top: 30px; font-weight: bold; } img.align-left, .figure.align-left, object.align-left { clear: left; float: left; margin-right: 1em; } img.align-right, .figure.align-right, object.align-right { clear: right; float: right; margin-left: 1em; } img.align-center, .figure.align-center, object.align-center { display: block; margin-left: auto; margin-right: auto; } .align-left { text-align: left; } .align-center { text-align: center; } .align-right { text-align: right; } /* -- sidebars -------------------------------------------------------------- */ div.sidebar { margin: 0 0 0.5em 1em; border: 1px solid #ddb; padding: 7px 7px 0 7px; background-color: #ffe; width: 40%; float: right; } p.sidebar-title { font-weight: bold; } /* -- topics ---------------------------------------------------------------- */ div.topic { border: 1px solid #ccc; padding: 7px 7px 0 7px; margin: 10px 0 10px 0; } p.topic-title { font-size: 1.1em; font-weight: bold; margin-top: 10px; } /* -- admonitions ----------------------------------------------------------- */ div.admonition { margin-top: 10px; margin-bottom: 10px; padding: 7px; } div.admonition dt { font-weight: bold; } div.admonition dl { margin-bottom: 0; } p.admonition-title { margin: 0px 10px 5px 0px; font-weight: bold; } div.body p.centered { text-align: center; margin-top: 25px; } /* -- tables ---------------------------------------------------------------- */ table.docutils { border: 0; border-collapse: collapse; } table.docutils td, table.docutils th { padding: 1px 8px 1px 5px; border-top: 0; border-left: 0; border-right: 0; border-bottom: 1px solid #aaa; } table.field-list td, table.field-list th { border: 0 !important; } table.footnote td, table.footnote th { border: 0 !important; } th { text-align: left; padding-right: 5px; } table.citation { border-left: solid 1px gray; margin-left: 1px; } table.citation td { border-bottom: none; } /* -- other body styles ----------------------------------------------------- */ ol.arabic { list-style: decimal; } ol.loweralpha { list-style: lower-alpha; } ol.upperalpha { list-style: upper-alpha; } ol.lowerroman { list-style: lower-roman; } ol.upperroman { list-style: upper-roman; } dl { margin-bottom: 15px; } dd p { margin-top: 0px; } dd ul, dd table { margin-bottom: 10px; } dd { margin-top: 3px; margin-bottom: 10px; margin-left: 30px; } dt:target, .highlighted { background-color: #fbe54e; } dl.glossary dt { font-weight: bold; font-size: 1.1em; } .field-list ul { margin: 0; padding-left: 1em; } .field-list p { margin: 0; } .refcount { color: #060; } .optional { font-size: 1.3em; } .versionmodified { font-style: italic; } .system-message { background-color: #fda; padding: 5px; border: 3px solid red; } .footnote:target { background-color: #ffa; } .line-block { display: block; margin-top: 1em; margin-bottom: 1em; } .line-block .line-block { margin-top: 0; margin-bottom: 0; margin-left: 1.5em; } .guilabel, .menuselection { font-family: sans-serif; } .accelerator { text-decoration: underline; } .classifier { font-style: oblique; } abbr, acronym { border-bottom: dotted 1px; cursor: help; } /* -- code displays --------------------------------------------------------- */ pre { overflow: auto; overflow-y: hidden; /* fixes display issues on Chrome browsers */ } td.linenos pre { padding: 5px 0px; border: 0; background-color: transparent; color: #aaa; } table.highlighttable { margin-left: 0.5em; } table.highlighttable td { padding: 0 0.5em 0 0.5em; } tt.descname { background-color: transparent; font-weight: bold; font-size: 1.2em; } tt.descclassname { background-color: transparent; } tt.xref, a tt { background-color: transparent; font-weight: bold; } h1 tt, h2 tt, h3 tt, h4 tt, h5 tt, h6 tt { background-color: transparent; } .viewcode-link { float: right; } .viewcode-back { float: right; font-family: sans-serif; } div.viewcode-block:target { margin: -1px -10px; padding: 0 10px; } /* -- math display ---------------------------------------------------------- */ img.math { vertical-align: middle; } div.body div.math p { text-align: center; } span.eqno { float: right; } /* -- printout stylesheet --------------------------------------------------- */ @media print { div.document, div.documentwrapper, div.bodywrapper { margin: 0 !important; width: 100%; } div.sphinxsidebar, div.related, div.footer, #top-link { display: none; } }python3-saml-1.12.0/docs/saml2/_static/comment-bright.png000066400000000000000000000066541410551756100231720ustar00rootroot00000000000000PNG  IHDRa OiCCPPhotoshop ICC profilexڝSgTS=BKKoR RB&*! J!QEEȠQ, !{kּ> H3Q5 B.@ $pd!s#~<<+"x M0B\t8K@zB@F&S`cbP-`'{[! eDh;VEX0fK9-0IWfH  0Q){`##xFW<+*x<$9E[-qWW.(I+6aa@.y24x6_-"bbϫp@t~,/;m%h^ uf@Wp~<5j>{-]cK'Xto(hw?G%fIq^D$.Tʳ?D*A, `6B$BB dr`)B(Ͱ*`/@4Qhp.U=pa( Aa!ڈbX#!H$ ɈQ"K5H1RT UH=r9\F;2G1Q= C7F dt1r=6Ыhڏ>C03l0.B8, c˱" VcϱwE 6wB aAHXLXNH $4 7 Q'"K&b21XH,#/{C7$C2'ITFnR#,4H#dk9, +ȅ3![ b@qS(RjJ4e2AURݨT5ZBRQ4u9̓IKhhitݕNWGw Ljg(gwLӋT071oUX**| J&*/Tު UUT^S}FU3S ԖUPSSg;goT?~YYLOCQ_ cx,!k u5&|v*=9C3J3WRf?qtN (~))4L1e\kXHQG6EYAJ'\'GgSSݧ M=:.kDwn^Loy}/TmG X $ <5qo</QC]@Caaᄑ.ȽJtq]zۯ6iܟ4)Y3sCQ? 0k߬~OCOg#/c/Wװwa>>r><72Y_7ȷOo_C#dz%gA[z|!?:eAAA!h쐭!ΑiP~aa~ 'W?pX15wCsDDDޛg1O9-J5*>.j<74?.fYXXIlK9.*6nl {/]py.,:@LN8A*%w% yg"/6шC\*NH*Mz쑼5y$3,幄'L Lݛ:v m2=:1qB!Mggfvˬen/kY- BTZ(*geWf͉9+̳ې7ᒶKW-X潬j9(xoʿܔĹdff-[n ڴ VE/(ۻCɾUUMfeI?m]Nmq#׹=TR+Gw- 6 U#pDy  :v{vg/jBFS[b[O>zG499?rCd&ˮ/~јѡ򗓿m|x31^VwwO| (hSЧc3-bKGD pHYs  tIME 6 B\<IDAT8˅Kh]es1mA`jh[-E(FEaA!bIȐ*BX"؁4)NURZ!Mhjssm؋^-\gg ]o|Ҭ[346>zd ]#8Oݺt{5uIXN!I=@Vf=v1}e>;fvnvxaHrʪJF`D¹WZ]S%S)WAb |0K=So7D~\~q-˟\aMZ,S'*} F`Nnz674U H3Q5 B.@ $pd!s#~<<+"x M0B\t8K@zB@F&S`cbP-`'{[! eDh;VEX0fK9-0IWfH  0Q){`##xFW<+*x<$9E[-qWW.(I+6aa@.y24x6_-"bbϫp@t~,/;m%h^ uf@Wp~<5j>{-]cK'Xto(hw?G%fIq^D$.Tʳ?D*A, `6B$BB dr`)B(Ͱ*`/@4Qhp.U=pa( Aa!ڈbX#!H$ ɈQ"K5H1RT UH=r9\F;2G1Q= C7F dt1r=6Ыhڏ>C03l0.B8, c˱" VcϱwE 6wB aAHXLXNH $4 7 Q'"K&b21XH,#/{C7$C2'ITFnR#,4H#dk9, +ȅ3![ b@qS(RjJ4e2AURݨT5ZBRQ4u9̓IKhhitݕNWGw Ljg(gwLӋT071oUX**| J&*/Tު UUT^S}FU3S ԖUPSSg;goT?~YYLOCQ_ cx,!k u5&|v*=9C3J3WRf?qtN (~))4L1e\kXHQG6EYAJ'\'GgSSݧ M=:.kDwn^Loy}/TmG X $ <5qo</QC]@Caaᄑ.ȽJtq]zۯ6iܟ4)Y3sCQ? 0k߬~OCOg#/c/Wװwa>>r><72Y_7ȷOo_C#dz%gA[z|!?:eAAA!h쐭!ΑiP~aa~ 'W?pX15wCsDDDޛg1O9-J5*>.j<74?.fYXXIlK9.*6nl {/]py.,:@LN8A*%w% yg"/6шC\*NH*Mz쑼5y$3,幄'L Lݛ:v m2=:1qB!Mggfvˬen/kY- BTZ(*geWf͉9+̳ې7ᒶKW-X潬j9(xoʿܔĹdff-[n ڴ VE/(ۻCɾUUMfeI?m]Nmq#׹=TR+Gw- 6 U#pDy  :v{vg/jBFS[b[O>zG499?rCd&ˮ/~јѡ򗓿m|x31^VwwO| (hSЧc3-bKGD pHYs  tIME!,IDAT8e_Hu?}s3y˕U2MvQ֊FE.łĊbE$DDZF5b@Q":2{n.s<_ y?mwV@tR`}Z _# _=_@ w^R%6gC-έ(K>| ${} H3Q5 B.@ $pd!s#~<<+"x M0B\t8K@zB@F&S`cbP-`'{[! eDh;VEX0fK9-0IWfH  0Q){`##xFW<+*x<$9E[-qWW.(I+6aa@.y24x6_-"bbϫp@t~,/;m%h^ uf@Wp~<5j>{-]cK'Xto(hw?G%fIq^D$.Tʳ?D*A, `6B$BB dr`)B(Ͱ*`/@4Qhp.U=pa( Aa!ڈbX#!H$ ɈQ"K5H1RT UH=r9\F;2G1Q= C7F dt1r=6Ыhڏ>C03l0.B8, c˱" VcϱwE 6wB aAHXLXNH $4 7 Q'"K&b21XH,#/{C7$C2'ITFnR#,4H#dk9, +ȅ3![ b@qS(RjJ4e2AURݨT5ZBRQ4u9̓IKhhitݕNWGw Ljg(gwLӋT071oUX**| J&*/Tު UUT^S}FU3S ԖUPSSg;goT?~YYLOCQ_ cx,!k u5&|v*=9C3J3WRf?qtN (~))4L1e\kXHQG6EYAJ'\'GgSSݧ M=:.kDwn^Loy}/TmG X $ <5qo</QC]@Caaᄑ.ȽJtq]zۯ6iܟ4)Y3sCQ? 0k߬~OCOg#/c/Wװwa>>r><72Y_7ȷOo_C#dz%gA[z|!?:eAAA!h쐭!ΑiP~aa~ 'W?pX15wCsDDDޛg1O9-J5*>.j<74?.fYXXIlK9.*6nl {/]py.,:@LN8A*%w% yg"/6шC\*NH*Mz쑼5y$3,幄'L Lݛ:v m2=:1qB!Mggfvˬen/kY- BTZ(*geWf͉9+̳ې7ᒶKW-X潬j9(xoʿܔĹdff-[n ڴ VE/(ۻCɾUUMfeI?m]Nmq#׹=TR+Gw- 6 U#pDy  :v{vg/jBFS[b[O>zG499?rCd&ˮ/~јѡ򗓿m|x31^VwwO| (hSЧc3-bKGD pHYs  tIME 1;VIDAT8ukU?sg4h`G1 RQܸp%Bn"bЍXJ .4V iZ##T;m!4bP~7r>ιbwc;m;oӍAΆ ζZ^/|s{;yR=9(rtVoG1w#_ө{*E&!(LVuoᲵ‘D PG4 :&~*ݳreu: S-,U^E&JY[P!RB ŖޞʖR@_ȐdBfNvHf"2T]R j'B1ddAak/DIJD D2H&L`&L $Ex,6|~_\P $MH`I=@Z||ttvgcЕWTZ'3rje"ܵx9W> mb|byfFRx{w%DZC$wdցHmWnta(M<~;9]C/_;Տ#}o`zSڷ_>:;x컓?yݩ|}~wam-/7=0S5RP"*֯ IENDB`python3-saml-1.12.0/docs/saml2/_static/default.css000066400000000000000000000077101410551756100216750ustar00rootroot00000000000000/* * default.css_t * ~~~~~~~~~~~~~ * * Sphinx stylesheet -- default theme. * * :copyright: Copyright 2007-2011 by the Sphinx team, see AUTHORS. * :license: BSD, see LICENSE for details. * */ @import url("basic.css"); /* -- page layout ----------------------------------------------------------- */ body { font-family: sans-serif; font-size: 100%; background-color: #11303d; color: #000; margin: 0; padding: 0; } div.document { background-color: #1c4e63; } div.documentwrapper { float: left; width: 100%; } div.bodywrapper { margin: 0 0 0 230px; } div.body { background-color: #ffffff; color: #000000; padding: 0 20px 30px 20px; } div.footer { color: #ffffff; width: 100%; padding: 9px 0 9px 0; text-align: center; font-size: 75%; } div.footer a { color: #ffffff; text-decoration: underline; } div.related { background-color: #133f52; line-height: 30px; color: #ffffff; } div.related a { color: #ffffff; } div.sphinxsidebar { } div.sphinxsidebar h3 { font-family: 'Trebuchet MS', sans-serif; color: #ffffff; font-size: 1.4em; font-weight: normal; margin: 0; padding: 0; } div.sphinxsidebar h3 a { color: #ffffff; } div.sphinxsidebar h4 { font-family: 'Trebuchet MS', sans-serif; color: #ffffff; font-size: 1.3em; font-weight: normal; margin: 5px 0 0 0; padding: 0; } div.sphinxsidebar p { color: #ffffff; } div.sphinxsidebar p.topless { margin: 5px 10px 10px 10px; } div.sphinxsidebar ul { margin: 10px; padding: 0; color: #ffffff; } div.sphinxsidebar a { color: #98dbcc; } div.sphinxsidebar input { border: 1px solid #98dbcc; font-family: sans-serif; font-size: 1em; } /* -- hyperlink styles ------------------------------------------------------ */ a { color: #355f7c; text-decoration: none; } a:visited { color: #355f7c; text-decoration: none; } a:hover { text-decoration: underline; } /* -- body styles ----------------------------------------------------------- */ div.body h1, div.body h2, div.body h3, div.body h4, div.body h5, div.body h6 { font-family: 'Trebuchet MS', sans-serif; background-color: #f2f2f2; font-weight: normal; color: #20435c; border-bottom: 1px solid #ccc; margin: 20px -20px 10px -20px; padding: 3px 0 3px 10px; } div.body h1 { margin-top: 0; font-size: 200%; } div.body h2 { font-size: 160%; } div.body h3 { font-size: 140%; } div.body h4 { font-size: 120%; } div.body h5 { font-size: 110%; } div.body h6 { font-size: 100%; } a.headerlink { color: #c60f0f; font-size: 0.8em; padding: 0 4px 0 4px; text-decoration: none; } a.headerlink:hover { background-color: #c60f0f; color: white; } div.body p, div.body dd, div.body li { text-align: justify; line-height: 130%; } div.admonition p.admonition-title + p { display: inline; } div.admonition p { margin-bottom: 5px; } div.admonition pre { margin-bottom: 5px; } div.admonition ul, div.admonition ol { margin-bottom: 5px; } div.note { background-color: #eee; border: 1px solid #ccc; } div.seealso { background-color: #ffc; border: 1px solid #ff6; } div.topic { background-color: #eee; } div.warning { background-color: #ffe4e4; border: 1px solid #f66; } p.admonition-title { display: inline; } p.admonition-title:after { content: ":"; } pre { padding: 5px; background-color: #eeffcc; color: #333333; line-height: 120%; border: 1px solid #ac9; border-left: none; border-right: none; } tt { background-color: #ecf0f3; padding: 0 1px 0 1px; font-size: 0.95em; } th { background-color: #ede; } .warning tt { background: #efc2c2; } .note tt { background: #d6d6d6; } .viewcode-back { font-family: sans-serif; } div.viewcode-block:target { background-color: #f4debf; border-top: 1px solid #ac9; border-bottom: 1px solid #ac9; }python3-saml-1.12.0/docs/saml2/_static/doctools.js000066400000000000000000000152721410551756100217250ustar00rootroot00000000000000/* * doctools.js * ~~~~~~~~~~~ * * Sphinx JavaScript utilities for all documentation. * * :copyright: Copyright 2007-2011 by the Sphinx team, see AUTHORS. * :license: BSD, see LICENSE for details. * */ /** * select a different prefix for underscore */ $u = _.noConflict(); /** * make the code below compatible with browsers without * an installed firebug like debugger if (!window.console || !console.firebug) { var names = ["log", "debug", "info", "warn", "error", "assert", "dir", "dirxml", "group", "groupEnd", "time", "timeEnd", "count", "trace", "profile", "profileEnd"]; window.console = {}; for (var i = 0; i < names.length; ++i) window.console[names[i]] = function() {}; } */ /** * small helper function to urldecode strings */ jQuery.urldecode = function(x) { return decodeURIComponent(x).replace(/\+/g, ' '); } /** * small helper function to urlencode strings */ jQuery.urlencode = encodeURIComponent; /** * This function returns the parsed url parameters of the * current request. Multiple values per key are supported, * it will always return arrays of strings for the value parts. */ jQuery.getQueryParameters = function(s) { if (typeof s == 'undefined') s = document.location.search; var parts = s.substr(s.indexOf('?') + 1).split('&'); var result = {}; for (var i = 0; i < parts.length; i++) { var tmp = parts[i].split('=', 2); var key = jQuery.urldecode(tmp[0]); var value = jQuery.urldecode(tmp[1]); if (key in result) result[key].push(value); else result[key] = [value]; } return result; }; /** * small function to check if an array contains * a given item. */ jQuery.contains = function(arr, item) { for (var i = 0; i < arr.length; i++) { if (arr[i] == item) return true; } return false; }; /** * highlight a given string on a jquery object by wrapping it in * span elements with the given class name. */ jQuery.fn.highlightText = function(text, className) { function highlight(node) { if (node.nodeType == 3) { var val = node.nodeValue; var pos = val.toLowerCase().indexOf(text); if (pos >= 0 && !jQuery(node.parentNode).hasMethod(className)) { var span = document.createElement("span"); span.className = className; span.appendChild(document.createTextNode(val.substr(pos, text.length))); node.parentNode.insertBefore(span, node.parentNode.insertBefore( document.createTextNode(val.substr(pos + text.length)), node.nextSibling)); node.nodeValue = val.substr(0, pos); } } else if (!jQuery(node).is("button, select, textarea")) { jQuery.each(node.childNodes, function() { highlight(this); }); } } return this.each(function() { highlight(this); }); }; /** * Small JavaScript module for the documentation. */ var Documentation = { init : function() { this.fixFirefoxAnchorBug(); this.highlightSearchWords(); this.initIndexTable(); }, /** * i18n support */ TRANSLATIONS : {}, PLURAL_EXPR : function(n) { return n == 1 ? 0 : 1; }, LOCALE : 'unknown', // gettext and ngettext don't access this so that the functions // can safely bound to a different name (_ = Documentation.gettext) gettext : function(string) { var translated = Documentation.TRANSLATIONS[string]; if (typeof translated == 'undefined') return string; return (typeof translated == 'string') ? translated : translated[0]; }, ngettext : function(singular, plural, n) { var translated = Documentation.TRANSLATIONS[singular]; if (typeof translated == 'undefined') return (n == 1) ? singular : plural; return translated[Documentation.PLURALEXPR(n)]; }, addTranslations : function(catalog) { for (var key in catalog.messages) this.TRANSLATIONS[key] = catalog.messages[key]; this.PLURAL_EXPR = new Function('n', 'return +(' + catalog.plural_expr + ')'); this.LOCALE = catalog.locale; }, /** * add context elements like header anchor links */ addContextElements : function() { $('div[id] > :header:first').each(function() { $('\u00B6'). attr('href', '#' + this.id). attr('title', _('Permalink to this headline')). appendTo(this); }); $('dt[id]').each(function() { $('\u00B6'). attr('href', '#' + this.id). attr('title', _('Permalink to this definition')). appendTo(this); }); }, /** * workaround a firefox stupidity */ fixFirefoxAnchorBug : function() { if (document.location.hash && $.browser.mozilla) window.setTimeout(function() { document.location.href += ''; }, 10); }, /** * highlight the search words provided in the url in the text */ highlightSearchWords : function() { var params = $.getQueryParameters(); var terms = (params.highlight) ? params.highlight[0].split(/\s+/) : []; if (terms.length) { var body = $('div.body'); window.setTimeout(function() { $.each(terms, function() { body.highlightText(this.toLowerCase(), 'highlighted'); }); }, 10); $('

' + _('Hide Search Matches') + '

') .appendTo($('#searchbox')); } }, /** * init the domain index toggle buttons */ initIndexTable : function() { var togglers = $('img.toggler').click(function() { var src = $(this).attr('src'); var idnum = $(this).attr('id').substr(7); $('tr.cg-' + idnum).toggle(); if (src.substr(-9) == 'minus.png') $(this).attr('src', src.substr(0, src.length-9) + 'plus.png'); else $(this).attr('src', src.substr(0, src.length-8) + 'minus.png'); }).css('display', ''); if (DOCUMENTATION_OPTIONS.COLLAPSE_INDEX) { togglers.click(); } }, /** * helper function to hide the search marks again */ hideSearchWords : function() { $('#searchbox .highlight-link').fadeOut(300); $('span.highlighted').removeMethod('highlighted'); }, /** * make the url absolute */ makeURL : function(relativeURL) { return DOCUMENTATION_OPTIONS.URL_ROOT + '/' + relativeURL; }, /** * get the current relative url */ getCurrentURL : function() { var path = document.location.pathname; var parts = path.split(/\//); $.each(DOCUMENTATION_OPTIONS.URL_ROOT.split(/\//), function() { if (this == '..') parts.pop(); }); var url = parts.join('/'); return path.substring(url.lastIndexOf('/') + 1, path.length - 1); } }; // quick alias for translations _ = Documentation.gettext; $(document).ready(function() { Documentation.init(); }); python3-saml-1.12.0/docs/saml2/_static/down-pressed.png000066400000000000000000000005601410551756100226530ustar00rootroot00000000000000PNG  IHDRasRGBbKGDC pHYs B(xtIME -vF#IDAT8!OAJ, ++@I vbÿ@W7F HN#48646TMvv޼7Dsax1U q;< E-f)j%po4xF78G>)- EYm4%7YTk-Qa"NWAo-yeq,) Ypt\hqmszG]Nar߶s^l vh\2%0EeRvIENDB`python3-saml-1.12.0/docs/saml2/_static/down.png000066400000000000000000000005531410551756100212120ustar00rootroot00000000000000PNG  IHDRasRGBbKGDC pHYs B(xtIME"U{IDAT8ҡNCAJ, ++@4>/U^,~T&3M^^^PM6ٹs*RJa)eG*W<"F Fg78G>q OIp:sAj5GنyD^+yU:p_%G@D|aOs(yM,"msx:.b@D|`Vٟ۲иeKſ/G!IENDB`python3-saml-1.12.0/docs/saml2/_static/file.png000066400000000000000000000006101410551756100211540ustar00rootroot00000000000000PNG  IHDRabKGD pHYs  tIME  )TIDAT8˭J@Ir('[ "&xYZ X0!i|_@tD] #xjv YNaEi(əy@D&`6PZk$)5%"z.NA#Aba`Vs_3c,2mj [klvy|!Iմy;v "߮a?A7`c^nk?Bg}TЙD# "RD1yER*6MJ3K_Ut8F~IENDB`python3-saml-1.12.0/docs/saml2/_static/jquery.js000066400000000000000000007557471410551756100214400ustar00rootroot00000000000000/*! * jQuery JavaScript Library v1.7.2 * http://jquery.com/ * * Copyright 2011, John Resig * Dual licensed under the MIT or GPL Version 2 licenses. * http://jquery.org/license * * Includes Sizzle.js * http://sizzlejs.com/ * Copyright 2011, The Dojo Foundation * Released under the MIT, BSD, and GPL Licenses. * * Date: Fri Jul 5 14:07:58 UTC 2013 */ (function( window, undefined ) { // Use the correct document accordingly with window argument (sandbox) var document = window.document, navigator = window.navigator, location = window.location; var jQuery = (function() { // Define a local copy of jQuery var jQuery = function( selector, context ) { // The jQuery object is actually just the init constructor 'enhanced' return new jQuery.fn.init( selector, context, rootjQuery ); }, // Map over jQuery in case of overwrite _jQuery = window.jQuery, // Map over the $ in case of overwrite _$ = window.$, // A central reference to the root jQuery(document) rootjQuery, // A simple way to check for HTML strings or ID strings // Prioritize #id over to avoid XSS via location.hash (#9521) quickExpr = /^(?:[^#<]*(<[\w\W]+>)[^>]*$|#([\w\-]*)$)/, // Check if a string has a non-whitespace character in it rnotwhite = /\S/, // Used for trimming whitespace trimLeft = /^\s+/, trimRight = /\s+$/, // Match a standalone tag rsingleTag = /^<(\w+)\s*\/?>(?:<\/\1>)?$/, // JSON RegExp rvalidchars = /^[\],:{}\s]*$/, rvalidescape = /\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g, rvalidtokens = /"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g, rvalidbraces = /(?:^|:|,)(?:\s*\[)+/g, // Useragent RegExp rwebkit = /(webkit)[ \/]([\w.]+)/, ropera = /(opera)(?:.*version)?[ \/]([\w.]+)/, rmsie = /(msie) ([\w.]+)/, rmozilla = /(mozilla)(?:.*? rv:([\w.]+))?/, // Matches dashed string for camelizing rdashAlpha = /-([a-z]|[0-9])/ig, rmsPrefix = /^-ms-/, // Used by jQuery.camelCase as callback to replace() fcamelCase = function( all, letter ) { return ( letter + "" ).toUpperCase(); }, // Keep a UserAgent string for use with jQuery.browser userAgent = navigator.userAgent, // For matching the engine and version of the browser browserMatch, // The deferred used on DOM ready readyList, // The ready event handler DOMContentLoaded, // Save a reference to some core methods toString = Object.prototype.toString, hasOwn = Object.prototype.hasOwnProperty, push = Array.prototype.push, slice = Array.prototype.slice, trim = String.prototype.trim, indexOf = Array.prototype.indexOf, // [[Method]] -> type pairs class2type = {}; jQuery.fn = jQuery.prototype = { constructor: jQuery, init: function( selector, context, rootjQuery ) { var match, elem, ret, doc; // Handle $(""), $(null), or $(undefined) if ( !selector ) { return this; } // Handle $(DOMElement) if ( selector.nodeType ) { this.context = this[0] = selector; this.length = 1; return this; } // The body element only exists once, optimize finding it if ( selector === "body" && !context && document.body ) { this.context = document; this[0] = document.body; this.selector = selector; this.length = 1; return this; } // Handle HTML strings if ( typeof selector === "string" ) { // Are we dealing with HTML string or an ID? if ( selector.charAt(0) === "<" && selector.charAt( selector.length - 1 ) === ">" && selector.length >= 3 ) { // Assume that strings that start and end with <> are HTML and skip the regex check match = [ null, selector, null ]; } else { match = quickExpr.exec( selector ); } // Verify a match, and that no context was specified for #id if ( match && (match[1] || !context) ) { // HANDLE: $(html) -> $(array) if ( match[1] ) { context = context instanceof jQuery ? context[0] : context; doc = ( context ? context.ownerDocument || context : document ); // If a single string is passed in and it's a single tag // just do a createElement and skip the rest ret = rsingleTag.exec( selector ); if ( ret ) { if ( jQuery.isPlainObject( context ) ) { selector = [ document.createElement( ret[1] ) ]; jQuery.fn.attr.call( selector, context, true ); } else { selector = [ doc.createElement( ret[1] ) ]; } } else { ret = jQuery.buildFragment( [ match[1] ], [ doc ] ); selector = ( ret.cacheable ? jQuery.clone(ret.fragment) : ret.fragment ).childNodes; } return jQuery.merge( this, selector ); // HANDLE: $("#id") } else { elem = document.getElementById( match[2] ); // Check parentNode to catch when Blackberry 4.6 returns // nodes that are no longer in the document #6963 if ( elem && elem.parentNode ) { // Handle the case where IE and Opera return items // by name instead of ID if ( elem.id !== match[2] ) { return rootjQuery.find( selector ); } // Otherwise, we inject the element directly into the jQuery object this.length = 1; this[0] = elem; } this.context = document; this.selector = selector; return this; } // HANDLE: $(expr, $(...)) } else if ( !context || context.jquery ) { return ( context || rootjQuery ).find( selector ); // HANDLE: $(expr, context) // (which is just equivalent to: $(context).find(expr) } else { return this.constructor( context ).find( selector ); } // HANDLE: $(function) // Shortcut for document ready } else if ( jQuery.isFunction( selector ) ) { return rootjQuery.ready( selector ); } if ( selector.selector !== undefined ) { this.selector = selector.selector; this.context = selector.context; } return jQuery.makeArray( selector, this ); }, // Start with an empty selector selector: "", // The current version of jQuery being used jquery: "1.7.2", // The default length of a jQuery object is 0 length: 0, // The number of elements contained in the matched element set size: function() { return this.length; }, toArray: function() { return slice.call( this, 0 ); }, // Get the Nth element in the matched element set OR // Get the whole matched element set as a clean array get: function( num ) { return num == null ? // Return a 'clean' array this.toArray() : // Return just the object ( num < 0 ? this[ this.length + num ] : this[ num ] ); }, // Take an array of elements and push it onto the stack // (returning the new matched element set) pushStack: function( elems, name, selector ) { // Build a new jQuery matched element set var ret = this.constructor(); if ( jQuery.isArray( elems ) ) { push.apply( ret, elems ); } else { jQuery.merge( ret, elems ); } // Add the old object onto the stack (as a reference) ret.prevObject = this; ret.context = this.context; if ( name === "find" ) { ret.selector = this.selector + ( this.selector ? " " : "" ) + selector; } else if ( name ) { ret.selector = this.selector + "." + name + "(" + selector + ")"; } // Return the newly-formed element set return ret; }, // Execute a callback for every element in the matched set. // (You can seed the arguments with an array of args, but this is // only used internally.) each: function( callback, args ) { return jQuery.each( this, callback, args ); }, ready: function( fn ) { // Attach the listeners jQuery.bindReady(); // Add the callback readyList.add( fn ); return this; }, eq: function( i ) { i = +i; return i === -1 ? this.slice( i ) : this.slice( i, i + 1 ); }, first: function() { return this.eq( 0 ); }, last: function() { return this.eq( -1 ); }, slice: function() { return this.pushStack( slice.apply( this, arguments ), "slice", slice.call(arguments).join(",") ); }, map: function( callback ) { return this.pushStack( jQuery.map(this, function( elem, i ) { return callback.call( elem, i, elem ); })); }, end: function() { return this.prevObject || this.constructor(null); }, // For internal use only. // Behaves like an Array's method, not like a jQuery method. push: push, sort: [].sort, splice: [].splice }; // Give the init function the jQuery prototype for later instantiation jQuery.fn.init.prototype = jQuery.fn; jQuery.extend = jQuery.fn.extend = function() { var options, name, src, copy, copyIsArray, clone, target = arguments[0] || {}, i = 1, length = arguments.length, deep = false; // Handle a deep copy situation if ( typeof target === "boolean" ) { deep = target; target = arguments[1] || {}; // skip the boolean and the target i = 2; } // Handle case when target is a string or something (possible in deep copy) if ( typeof target !== "object" && !jQuery.isFunction(target) ) { target = {}; } // extend jQuery itself if only one argument is passed if ( length === i ) { target = this; --i; } for ( ; i < length; i++ ) { // Only deal with non-null/undefined values if ( (options = arguments[ i ]) != null ) { // Extend the base object for ( name in options ) { src = target[ name ]; copy = options[ name ]; // Prevent never-ending loop if ( target === copy ) { continue; } // Recurse if we're merging plain objects or arrays if ( deep && copy && ( jQuery.isPlainObject(copy) || (copyIsArray = jQuery.isArray(copy)) ) ) { if ( copyIsArray ) { copyIsArray = false; clone = src && jQuery.isArray(src) ? src : []; } else { clone = src && jQuery.isPlainObject(src) ? src : {}; } // Never move original objects, clone them target[ name ] = jQuery.extend( deep, clone, copy ); // Don't bring in undefined values } else if ( copy !== undefined ) { target[ name ] = copy; } } } } // Return the modified object return target; }; jQuery.extend({ noConflict: function( deep ) { if ( window.$ === jQuery ) { window.$ = _$; } if ( deep && window.jQuery === jQuery ) { window.jQuery = _jQuery; } return jQuery; }, // Is the DOM ready to be used? Set to true once it occurs. isReady: false, // A counter to track how many items to wait for before // the ready event fires. See #6781 readyWait: 1, // Hold (or release) the ready event holdReady: function( hold ) { if ( hold ) { jQuery.readyWait++; } else { jQuery.ready( true ); } }, // Handle when the DOM is ready ready: function( wait ) { // Either a released hold or an DOMready/load event and not yet ready if ( (wait === true && !--jQuery.readyWait) || (wait !== true && !jQuery.isReady) ) { // Make sure body exists, at least, in case IE gets a little overzealous (ticket #5443). if ( !document.body ) { return setTimeout( jQuery.ready, 1 ); } // Remember that the DOM is ready jQuery.isReady = true; // If a normal DOM Ready event fired, decrement, and wait if need be if ( wait !== true && --jQuery.readyWait > 0 ) { return; } // If there are functions bound, to execute readyList.fireWith( document, [ jQuery ] ); // Trigger any bound ready events if ( jQuery.fn.trigger ) { jQuery( document ).trigger( "ready" ).off( "ready" ); } } }, bindReady: function() { if ( readyList ) { return; } readyList = jQuery.Callbacks( "once memory" ); // Catch cases where $(document).ready() is called after the // browser event has already occurred. if ( document.readyState === "complete" ) { // Handle it asynchronously to allow scripts the opportunity to delay ready return setTimeout( jQuery.ready, 1 ); } // Mozilla, Opera and webkit nightlies currently support this event if ( document.addEventListener ) { // Use the handy event callback document.addEventListener( "DOMContentLoaded", DOMContentLoaded, false ); // A fallback to window.onload, that will always work window.addEventListener( "load", jQuery.ready, false ); // If IE event model is used } else if ( document.attachEvent ) { // ensure firing before onload, // maybe late but safe also for iframes document.attachEvent( "onreadystatechange", DOMContentLoaded ); // A fallback to window.onload, that will always work window.attachEvent( "onload", jQuery.ready ); // If IE and not a frame // continually check to see if the document is ready var toplevel = false; try { toplevel = window.frameElement == null; } catch(e) {} if ( document.documentElement.doScroll && toplevel ) { doScrollCheck(); } } }, // See test/unit/core.js for details concerning isFunction. // Since version 1.3, DOM methods and functions like alert // aren't supported. They return false on IE (#2968). isFunction: function( obj ) { return jQuery.type(obj) === "function"; }, isArray: Array.isArray || function( obj ) { return jQuery.type(obj) === "array"; }, isWindow: function( obj ) { return obj != null && obj == obj.window; }, isNumeric: function( obj ) { return !isNaN( parseFloat(obj) ) && isFinite( obj ); }, type: function( obj ) { return obj == null ? String( obj ) : class2type[ toString.call(obj) ] || "object"; }, isPlainObject: function( obj ) { // Must be an Object. // Because of IE, we also have to check the presence of the constructor property. // Make sure that DOM nodes and window objects don't pass through, as well if ( !obj || jQuery.type(obj) !== "object" || obj.nodeType || jQuery.isWindow( obj ) ) { return false; } try { // Not own constructor property must be Object if ( obj.constructor && !hasOwn.call(obj, "constructor") && !hasOwn.call(obj.constructor.prototype, "isPrototypeOf") ) { return false; } } catch ( e ) { // IE8,9 Will throw exceptions on certain host objects #9897 return false; } // Own properties are enumerated firstly, so to speed up, // if last one is own, then all properties are own. var key; for ( key in obj ) {} return key === undefined || hasOwn.call( obj, key ); }, isEmptyObject: function( obj ) { for ( var name in obj ) { return false; } return true; }, error: function( msg ) { throw new Error( msg ); }, parseJSON: function( data ) { if ( typeof data !== "string" || !data ) { return null; } // Make sure leading/trailing whitespace is removed (IE can't handle it) data = jQuery.trim( data ); // Attempt to parse using the native JSON parser first if ( window.JSON && window.JSON.parse ) { return window.JSON.parse( data ); } // Make sure the incoming data is actual JSON // Logic borrowed from http://json.org/json2.js if ( rvalidchars.test( data.replace( rvalidescape, "@" ) .replace( rvalidtokens, "]" ) .replace( rvalidbraces, "")) ) { return ( new Function( "return " + data ) )(); } jQuery.error( "Invalid JSON: " + data ); }, // Cross-browser xml parsing parseXML: function( data ) { if ( typeof data !== "string" || !data ) { return null; } var xml, tmp; try { if ( window.DOMParser ) { // Standard tmp = new DOMParser(); xml = tmp.parseFromString( data , "text/xml" ); } else { // IE xml = new ActiveXObject( "Microsoft.XMLDOM" ); xml.async = "false"; xml.loadXML( data ); } } catch( e ) { xml = undefined; } if ( !xml || !xml.documentElement || xml.getElementsByTagName( "parsererror" ).length ) { jQuery.error( "Invalid XML: " + data ); } return xml; }, noop: function() {}, // Evaluates a script in a global context // Workarounds based on findings by Jim Driscoll // http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context globalEval: function( data ) { if ( data && rnotwhite.test( data ) ) { // We use execScript on Internet Explorer // We use an anonymous function so that context is window // rather than jQuery in Firefox ( window.execScript || function( data ) { window[ "eval" ].call( window, data ); } )( data ); } }, // Convert dashed to camelCase; used by the css and data modules // Microsoft forgot to hump their vendor prefix (#9572) camelCase: function( string ) { return string.replace( rmsPrefix, "ms-" ).replace( rdashAlpha, fcamelCase ); }, nodeName: function( elem, name ) { return elem.nodeName && elem.nodeName.toUpperCase() === name.toUpperCase(); }, // args is for internal usage only each: function( object, callback, args ) { var name, i = 0, length = object.length, isObj = length === undefined || jQuery.isFunction( object ); if ( args ) { if ( isObj ) { for ( name in object ) { if ( callback.apply( object[ name ], args ) === false ) { break; } } } else { for ( ; i < length; ) { if ( callback.apply( object[ i++ ], args ) === false ) { break; } } } // A special, fast, case for the most common use of each } else { if ( isObj ) { for ( name in object ) { if ( callback.call( object[ name ], name, object[ name ] ) === false ) { break; } } } else { for ( ; i < length; ) { if ( callback.call( object[ i ], i, object[ i++ ] ) === false ) { break; } } } } return object; }, // Use native String.trim function wherever possible trim: trim ? function( text ) { return text == null ? "" : trim.call( text ); } : // Otherwise use our own trimming functionality function( text ) { return text == null ? "" : text.toString().replace( trimLeft, "" ).replace( trimRight, "" ); }, // results is for internal usage only makeArray: function( array, results ) { var ret = results || []; if ( array != null ) { // The window, strings (and functions) also have 'length' // Tweaked logic slightly to handle Blackberry 4.7 RegExp issues #6930 var type = jQuery.type( array ); if ( array.length == null || type === "string" || type === "function" || type === "regexp" || jQuery.isWindow( array ) ) { push.call( ret, array ); } else { jQuery.merge( ret, array ); } } return ret; }, inArray: function( elem, array, i ) { var len; if ( array ) { if ( indexOf ) { return indexOf.call( array, elem, i ); } len = array.length; i = i ? i < 0 ? Math.max( 0, len + i ) : i : 0; for ( ; i < len; i++ ) { // Skip accessing in sparse arrays if ( i in array && array[ i ] === elem ) { return i; } } } return -1; }, merge: function( first, second ) { var i = first.length, j = 0; if ( typeof second.length === "number" ) { for ( var l = second.length; j < l; j++ ) { first[ i++ ] = second[ j ]; } } else { while ( second[j] !== undefined ) { first[ i++ ] = second[ j++ ]; } } first.length = i; return first; }, grep: function( elems, callback, inv ) { var ret = [], retVal; inv = !!inv; // Go through the array, only saving the items // that pass the validator function for ( var i = 0, length = elems.length; i < length; i++ ) { retVal = !!callback( elems[ i ], i ); if ( inv !== retVal ) { ret.push( elems[ i ] ); } } return ret; }, // arg is for internal usage only map: function( elems, callback, arg ) { var value, key, ret = [], i = 0, length = elems.length, // jquery objects are treated as arrays isArray = elems instanceof jQuery || length !== undefined && typeof length === "number" && ( ( length > 0 && elems[ 0 ] && elems[ length -1 ] ) || length === 0 || jQuery.isArray( elems ) ) ; // Go through the array, translating each of the items to their if ( isArray ) { for ( ; i < length; i++ ) { value = callback( elems[ i ], i, arg ); if ( value != null ) { ret[ ret.length ] = value; } } // Go through every key on the object, } else { for ( key in elems ) { value = callback( elems[ key ], key, arg ); if ( value != null ) { ret[ ret.length ] = value; } } } // Flatten any nested arrays return ret.concat.apply( [], ret ); }, // A global GUID counter for objects guid: 1, // Bind a function to a context, optionally partially applying any // arguments. proxy: function( fn, context ) { if ( typeof context === "string" ) { var tmp = fn[ context ]; context = fn; fn = tmp; } // Quick check to determine if target is callable, in the spec // this throws a TypeError, but we will just return undefined. if ( !jQuery.isFunction( fn ) ) { return undefined; } // Simulated bind var args = slice.call( arguments, 2 ), proxy = function() { return fn.apply( context, args.concat( slice.call( arguments ) ) ); }; // Set the guid of unique handler to the same of original handler, so it can be removed proxy.guid = fn.guid = fn.guid || proxy.guid || jQuery.guid++; return proxy; }, // Mutifunctional method to get and set values to a collection // The value/s can optionally be executed if it's a function access: function( elems, fn, key, value, chainable, emptyGet, pass ) { var exec, bulk = key == null, i = 0, length = elems.length; // Sets many values if ( key && typeof key === "object" ) { for ( i in key ) { jQuery.access( elems, fn, i, key[i], 1, emptyGet, value ); } chainable = 1; // Sets one value } else if ( value !== undefined ) { // Optionally, function values get executed if exec is true exec = pass === undefined && jQuery.isFunction( value ); if ( bulk ) { // Bulk operations only iterate when executing function values if ( exec ) { exec = fn; fn = function( elem, key, value ) { return exec.call( jQuery( elem ), value ); }; // Otherwise they run against the entire set } else { fn.call( elems, value ); fn = null; } } if ( fn ) { for (; i < length; i++ ) { fn( elems[i], key, exec ? value.call( elems[i], i, fn( elems[i], key ) ) : value, pass ); } } chainable = 1; } return chainable ? elems : // Gets bulk ? fn.call( elems ) : length ? fn( elems[0], key ) : emptyGet; }, now: function() { return ( new Date() ).getTime(); }, // Use of jQuery.browser is frowned upon. // More details: http://docs.jquery.com/Utilities/jQuery.browser uaMatch: function( ua ) { ua = ua.toLowerCase(); var match = rwebkit.exec( ua ) || ropera.exec( ua ) || rmsie.exec( ua ) || ua.indexOf("compatible") < 0 && rmozilla.exec( ua ) || []; return { browser: match[1] || "", version: match[2] || "0" }; }, sub: function() { function jQuerySub( selector, context ) { return new jQuerySub.fn.init( selector, context ); } jQuery.extend( true, jQuerySub, this ); jQuerySub.superclass = this; jQuerySub.fn = jQuerySub.prototype = this(); jQuerySub.fn.constructor = jQuerySub; jQuerySub.sub = this.sub; jQuerySub.fn.init = function init( selector, context ) { if ( context && context instanceof jQuery && !(context instanceof jQuerySub) ) { context = jQuerySub( context ); } return jQuery.fn.init.call( this, selector, context, rootjQuerySub ); }; jQuerySub.fn.init.prototype = jQuerySub.fn; var rootjQuerySub = jQuerySub(document); return jQuerySub; }, browser: {} }); // Populate the class2type map jQuery.each("Boolean Number String Function Array Date RegExp Object".split(" "), function(i, name) { class2type[ "[object " + name + "]" ] = name.toLowerCase(); }); browserMatch = jQuery.uaMatch( userAgent ); if ( browserMatch.browser ) { jQuery.browser[ browserMatch.browser ] = true; jQuery.browser.version = browserMatch.version; } // Deprecated, use jQuery.browser.webkit instead if ( jQuery.browser.webkit ) { jQuery.browser.safari = true; } // IE doesn't match non-breaking spaces with \s if ( rnotwhite.test( "\xA0" ) ) { trimLeft = /^[\s\xA0]+/; trimRight = /[\s\xA0]+$/; } // All jQuery objects should point back to these rootjQuery = jQuery(document); // Cleanup functions for the document ready method if ( document.addEventListener ) { DOMContentLoaded = function() { document.removeEventListener( "DOMContentLoaded", DOMContentLoaded, false ); jQuery.ready(); }; } else if ( document.attachEvent ) { DOMContentLoaded = function() { // Make sure body exists, at least, in case IE gets a little overzealous (ticket #5443). if ( document.readyState === "complete" ) { document.detachEvent( "onreadystatechange", DOMContentLoaded ); jQuery.ready(); } }; } // The DOM ready check for Internet Explorer function doScrollCheck() { if ( jQuery.isReady ) { return; } try { // If IE is used, use the trick by Diego Perini // http://javascript.nwbox.com/IEContentLoaded/ document.documentElement.doScroll("left"); } catch(e) { setTimeout( doScrollCheck, 1 ); return; } // and execute any waiting functions jQuery.ready(); } return jQuery; })(); // String to Object flags format cache var flagsCache = {}; // Convert String-formatted flags into Object-formatted ones and store in cache function createFlags( flags ) { var object = flagsCache[ flags ] = {}, i, length; flags = flags.split( /\s+/ ); for ( i = 0, length = flags.length; i < length; i++ ) { object[ flags[i] ] = true; } return object; } /* * Create a callback list using the following parameters: * * flags: an optional list of space-separated flags that will change how * the callback list behaves * * By default a callback list will act like an event callback list and can be * "fired" multiple times. * * Possible flags: * * once: will ensure the callback list can only be fired once (like a Deferred) * * memory: will keep track of previous values and will call any callback added * after the list has been fired right away with the latest "memorized" * values (like a Deferred) * * unique: will ensure a callback can only be added once (no duplicate in the list) * * stopOnFalse: interrupt callings when a callback returns false * */ jQuery.Callbacks = function( flags ) { // Convert flags from String-formatted to Object-formatted // (we check in cache first) flags = flags ? ( flagsCache[ flags ] || createFlags( flags ) ) : {}; var // Actual callback list list = [], // Stack of fire calls for repeatable lists stack = [], // Last fire value (for non-forgettable lists) memory, // Flag to know if list was already fired fired, // Flag to know if list is currently firing firing, // First callback to fire (used internally by add and fireWith) firingStart, // End of the loop when firing firingLength, // Index of currently firing callback (modified by remove if needed) firingIndex, // Add one or several callbacks to the list add = function( args ) { var i, length, elem, type, actual; for ( i = 0, length = args.length; i < length; i++ ) { elem = args[ i ]; type = jQuery.type( elem ); if ( type === "array" ) { // Inspect recursively add( elem ); } else if ( type === "function" ) { // Add if not in unique mode and callback is not in if ( !flags.unique || !self.has( elem ) ) { list.push( elem ); } } } }, // Fire callbacks fire = function( context, args ) { args = args || []; memory = !flags.memory || [ context, args ]; fired = true; firing = true; firingIndex = firingStart || 0; firingStart = 0; firingLength = list.length; for ( ; list && firingIndex < firingLength; firingIndex++ ) { if ( list[ firingIndex ].apply( context, args ) === false && flags.stopOnFalse ) { memory = true; // Mark as halted break; } } firing = false; if ( list ) { if ( !flags.once ) { if ( stack && stack.length ) { memory = stack.shift(); self.fireWith( memory[ 0 ], memory[ 1 ] ); } } else if ( memory === true ) { self.disable(); } else { list = []; } } }, // Actual Callbacks object self = { // Add a callback or a collection of callbacks to the list add: function() { if ( list ) { var length = list.length; add( arguments ); // Do we need to add the callbacks to the // current firing batch? if ( firing ) { firingLength = list.length; // With memory, if we're not firing then // we should call right away, unless previous // firing was halted (stopOnFalse) } else if ( memory && memory !== true ) { firingStart = length; fire( memory[ 0 ], memory[ 1 ] ); } } return this; }, // Remove a callback from the list remove: function() { if ( list ) { var args = arguments, argIndex = 0, argLength = args.length; for ( ; argIndex < argLength ; argIndex++ ) { for ( var i = 0; i < list.length; i++ ) { if ( args[ argIndex ] === list[ i ] ) { // Handle firingIndex and firingLength if ( firing ) { if ( i <= firingLength ) { firingLength--; if ( i <= firingIndex ) { firingIndex--; } } } // Remove the element list.splice( i--, 1 ); // If we have some unicity property then // we only need to do this once if ( flags.unique ) { break; } } } } } return this; }, // Control if a given callback is in the list has: function( fn ) { if ( list ) { var i = 0, length = list.length; for ( ; i < length; i++ ) { if ( fn === list[ i ] ) { return true; } } } return false; }, // Remove all callbacks from the list empty: function() { list = []; return this; }, // Have the list do nothing anymore disable: function() { list = stack = memory = undefined; return this; }, // Is it disabled? disabled: function() { return !list; }, // Lock the list in its current state lock: function() { stack = undefined; if ( !memory || memory === true ) { self.disable(); } return this; }, // Is it locked? locked: function() { return !stack; }, // Call all callbacks with the given context and arguments fireWith: function( context, args ) { if ( stack ) { if ( firing ) { if ( !flags.once ) { stack.push( [ context, args ] ); } } else if ( !( flags.once && memory ) ) { fire( context, args ); } } return this; }, // Call all the callbacks with the given arguments fire: function() { self.fireWith( this, arguments ); return this; }, // To know if the callbacks have already been called at least once fired: function() { return !!fired; } }; return self; }; var // Static reference to slice sliceDeferred = [].slice; jQuery.extend({ Deferred: function( func ) { var doneList = jQuery.Callbacks( "once memory" ), failList = jQuery.Callbacks( "once memory" ), progressList = jQuery.Callbacks( "memory" ), state = "pending", lists = { resolve: doneList, reject: failList, notify: progressList }, promise = { done: doneList.add, fail: failList.add, progress: progressList.add, state: function() { return state; }, // Deprecated isResolved: doneList.fired, isRejected: failList.fired, then: function( doneCallbacks, failCallbacks, progressCallbacks ) { deferred.done( doneCallbacks ).fail( failCallbacks ).progress( progressCallbacks ); return this; }, always: function() { deferred.done.apply( deferred, arguments ).fail.apply( deferred, arguments ); return this; }, pipe: function( fnDone, fnFail, fnProgress ) { return jQuery.Deferred(function( newDefer ) { jQuery.each( { done: [ fnDone, "resolve" ], fail: [ fnFail, "reject" ], progress: [ fnProgress, "notify" ] }, function( handler, data ) { var fn = data[ 0 ], action = data[ 1 ], returned; if ( jQuery.isFunction( fn ) ) { deferred[ handler ](function() { returned = fn.apply( this, arguments ); if ( returned && jQuery.isFunction( returned.promise ) ) { returned.promise().then( newDefer.resolve, newDefer.reject, newDefer.notify ); } else { newDefer[ action + "With" ]( this === deferred ? newDefer : this, [ returned ] ); } }); } else { deferred[ handler ]( newDefer[ action ] ); } }); }).promise(); }, // Get a promise for this deferred // If obj is provided, the promise aspect is added to the object promise: function( obj ) { if ( obj == null ) { obj = promise; } else { for ( var key in promise ) { obj[ key ] = promise[ key ]; } } return obj; } }, deferred = promise.promise({}), key; for ( key in lists ) { deferred[ key ] = lists[ key ].fire; deferred[ key + "With" ] = lists[ key ].fireWith; } // Handle state deferred.done( function() { state = "resolved"; }, failList.disable, progressList.lock ).fail( function() { state = "rejected"; }, doneList.disable, progressList.lock ); // Call given func if any if ( func ) { func.call( deferred, deferred ); } // All done! return deferred; }, // Deferred helper when: function( firstParam ) { var args = sliceDeferred.call( arguments, 0 ), i = 0, length = args.length, pValues = new Array( length ), count = length, pCount = length, deferred = length <= 1 && firstParam && jQuery.isFunction( firstParam.promise ) ? firstParam : jQuery.Deferred(), promise = deferred.promise(); function resolveFunc( i ) { return function( value ) { args[ i ] = arguments.length > 1 ? sliceDeferred.call( arguments, 0 ) : value; if ( !( --count ) ) { deferred.resolveWith( deferred, args ); } }; } function progressFunc( i ) { return function( value ) { pValues[ i ] = arguments.length > 1 ? sliceDeferred.call( arguments, 0 ) : value; deferred.notifyWith( promise, pValues ); }; } if ( length > 1 ) { for ( ; i < length; i++ ) { if ( args[ i ] && args[ i ].promise && jQuery.isFunction( args[ i ].promise ) ) { args[ i ].promise().then( resolveFunc(i), deferred.reject, progressFunc(i) ); } else { --count; } } if ( !count ) { deferred.resolveWith( deferred, args ); } } else if ( deferred !== firstParam ) { deferred.resolveWith( deferred, length ? [ firstParam ] : [] ); } return promise; } }); jQuery.support = (function() { var support, all, a, select, opt, input, fragment, tds, events, eventName, i, isSupported, div = document.createElement( "div" ), documentElement = document.documentElement; // Preliminary tests div.setAttribute("className", "t"); div.innerHTML = "
a"; all = div.getElementsByTagName( "*" ); a = div.getElementsByTagName( "a" )[ 0 ]; // Can't get basic test support if ( !all || !all.length || !a ) { return {}; } // First batch of supports tests select = document.createElement( "select" ); opt = select.appendChild( document.createElement("option") ); input = div.getElementsByTagName( "input" )[ 0 ]; support = { // IE strips leading whitespace when .innerHTML is used leadingWhitespace: ( div.firstChild.nodeType === 3 ), // Make sure that tbody elements aren't automatically inserted // IE will insert them into empty tables tbody: !div.getElementsByTagName("tbody").length, // Make sure that link elements get serialized correctly by innerHTML // This requires a wrapper element in IE htmlSerialize: !!div.getElementsByTagName("link").length, // Get the style information from getAttribute // (IE uses .cssText instead) style: /top/.test( a.getAttribute("style") ), // Make sure that URLs aren't manipulated // (IE normalizes it by default) hrefNormalized: ( a.getAttribute("href") === "/a" ), // Make sure that element opacity exists // (IE uses filter instead) // Use a regex to work around a WebKit issue. See #5145 opacity: /^0.55/.test( a.style.opacity ), // Verify style float existence // (IE uses styleFloat instead of cssFloat) cssFloat: !!a.style.cssFloat, // Make sure that if no value is specified for a checkbox // that it defaults to "on". // (WebKit defaults to "" instead) checkOn: ( input.value === "on" ), // Make sure that a selected-by-default option has a working selected property. // (WebKit defaults to false instead of true, IE too, if it's in an optgroup) optSelected: opt.selected, // Test setAttribute on camelCase class. If it works, we need attrFixes when doing get/setAttribute (ie6/7) getSetAttribute: div.className !== "t", // Tests for enctype support on a form(#6743) enctype: !!document.createElement("form").enctype, // Makes sure cloning an html5 element does not cause problems // Where outerHTML is undefined, this still works html5Clone: document.createElement("nav").cloneNode( true ).outerHTML !== "<:nav>", // Will be defined later submitBubbles: true, changeBubbles: true, focusinBubbles: false, deleteExpando: true, noCloneEvent: true, inlineBlockNeedsLayout: false, shrinkWrapBlocks: false, reliableMarginRight: true, pixelMargin: true }; // jQuery.boxModel DEPRECATED in 1.3, use jQuery.support.boxModel instead jQuery.boxModel = support.boxModel = (document.compatMode === "CSS1Compat"); // Make sure checked status is properly cloned input.checked = true; support.noCloneChecked = input.cloneNode( true ).checked; // Make sure that the options inside disabled selects aren't marked as disabled // (WebKit marks them as disabled) select.disabled = true; support.optDisabled = !opt.disabled; // Test to see if it's possible to delete an expando from an element // Fails in Internet Explorer try { delete div.test; } catch( e ) { support.deleteExpando = false; } if ( !div.addEventListener && div.attachEvent && div.fireEvent ) { div.attachEvent( "onclick", function() { // Cloning a node shouldn't copy over any // bound event handlers (IE does this) support.noCloneEvent = false; }); div.cloneNode( true ).fireEvent( "onclick" ); } // Check if a radio maintains its value // after being appended to the DOM input = document.createElement("input"); input.value = "t"; input.setAttribute("type", "radio"); support.radioValue = input.value === "t"; input.setAttribute("checked", "checked"); // #11217 - WebKit loses check when the name is after the checked attribute input.setAttribute( "name", "t" ); div.appendChild( input ); fragment = document.createDocumentFragment(); fragment.appendChild( div.lastChild ); // WebKit doesn't clone checked state correctly in fragments support.checkClone = fragment.cloneNode( true ).cloneNode( true ).lastChild.checked; // Check if a disconnected checkbox will retain its checked // value of true after appended to the DOM (IE6/7) support.appendChecked = input.checked; fragment.removeChild( input ); fragment.appendChild( div ); // Technique from Juriy Zaytsev // http://perfectionkills.com/detecting-event-support-without-browser-sniffing/ // We only care about the case where non-standard event systems // are used, namely in IE. Short-circuiting here helps us to // avoid an eval call (in setAttribute) which can cause CSP // to go haywire. See: https://developer.mozilla.org/en/Security/CSP if ( div.attachEvent ) { for ( i in { submit: 1, change: 1, focusin: 1 }) { eventName = "on" + i; isSupported = ( eventName in div ); if ( !isSupported ) { div.setAttribute( eventName, "return;" ); isSupported = ( typeof div[ eventName ] === "function" ); } support[ i + "Bubbles" ] = isSupported; } } fragment.removeChild( div ); // Null elements to avoid leaks in IE fragment = select = opt = div = input = null; // Run tests that need a body at doc ready jQuery(function() { var container, outer, inner, table, td, offsetSupport, marginDiv, conMarginTop, style, html, positionTopLeftWidthHeight, paddingMarginBorderVisibility, paddingMarginBorder, body = document.getElementsByTagName("body")[0]; if ( !body ) { // Return for frameset docs that don't have a body return; } conMarginTop = 1; paddingMarginBorder = "padding:0;margin:0;border:"; positionTopLeftWidthHeight = "position:absolute;top:0;left:0;width:1px;height:1px;"; paddingMarginBorderVisibility = paddingMarginBorder + "0;visibility:hidden;"; style = "style='" + positionTopLeftWidthHeight + paddingMarginBorder + "5px solid #000;"; html = "
" + "" + "
"; container = document.createElement("div"); container.style.cssText = paddingMarginBorderVisibility + "width:0;height:0;position:static;top:0;margin-top:" + conMarginTop + "px"; body.insertBefore( container, body.firstChild ); // Construct the test element div = document.createElement("div"); container.appendChild( div ); // Check if table cells still have offsetWidth/Height when they are set // to display:none and there are still other visible table cells in a // table row; if so, offsetWidth/Height are not reliable for use when // determining if an element has been hidden directly using // display:none (it is still safe to use offsets if a parent element is // hidden; don safety goggles and see bug #4512 for more information). // (only IE 8 fails this test) div.innerHTML = "
t
"; tds = div.getElementsByTagName( "td" ); isSupported = ( tds[ 0 ].offsetHeight === 0 ); tds[ 0 ].style.display = ""; tds[ 1 ].style.display = "none"; // Check if empty table cells still have offsetWidth/Height // (IE <= 8 fail this test) support.reliableHiddenOffsets = isSupported && ( tds[ 0 ].offsetHeight === 0 ); // Check if div with explicit width and no margin-right incorrectly // gets computed margin-right based on width of container. For more // info see bug #3333 // Fails in WebKit before Feb 2011 nightlies // WebKit Bug 13343 - getComputedStyle returns wrong value for margin-right if ( window.getComputedStyle ) { div.innerHTML = ""; marginDiv = document.createElement( "div" ); marginDiv.style.width = "0"; marginDiv.style.marginRight = "0"; div.style.width = "2px"; div.appendChild( marginDiv ); support.reliableMarginRight = ( parseInt( ( window.getComputedStyle( marginDiv, null ) || { marginRight: 0 } ).marginRight, 10 ) || 0 ) === 0; } if ( typeof div.style.zoom !== "undefined" ) { // Check if natively block-level elements act like inline-block // elements when setting their display to 'inline' and giving // them layout // (IE < 8 does this) div.innerHTML = ""; div.style.width = div.style.padding = "1px"; div.style.border = 0; div.style.overflow = "hidden"; div.style.display = "inline"; div.style.zoom = 1; support.inlineBlockNeedsLayout = ( div.offsetWidth === 3 ); // Check if elements with layout shrink-wrap their children // (IE 6 does this) div.style.display = "block"; div.style.overflow = "visible"; div.innerHTML = "
"; support.shrinkWrapBlocks = ( div.offsetWidth !== 3 ); } div.style.cssText = positionTopLeftWidthHeight + paddingMarginBorderVisibility; div.innerHTML = html; outer = div.firstChild; inner = outer.firstChild; td = outer.nextSibling.firstChild.firstChild; offsetSupport = { doesNotAddBorder: ( inner.offsetTop !== 5 ), doesAddBorderForTableAndCells: ( td.offsetTop === 5 ) }; inner.style.position = "fixed"; inner.style.top = "20px"; // safari subtracts parent border width here which is 5px offsetSupport.fixedPosition = ( inner.offsetTop === 20 || inner.offsetTop === 15 ); inner.style.position = inner.style.top = ""; outer.style.overflow = "hidden"; outer.style.position = "relative"; offsetSupport.subtractsBorderForOverflowNotVisible = ( inner.offsetTop === -5 ); offsetSupport.doesNotIncludeMarginInBodyOffset = ( body.offsetTop !== conMarginTop ); if ( window.getComputedStyle ) { div.style.marginTop = "1%"; support.pixelMargin = ( window.getComputedStyle( div, null ) || { marginTop: 0 } ).marginTop !== "1%"; } if ( typeof container.style.zoom !== "undefined" ) { container.style.zoom = 1; } body.removeChild( container ); marginDiv = div = container = null; jQuery.extend( support, offsetSupport ); }); return support; })(); var rbrace = /^(?:\{.*\}|\[.*\])$/, rmultiDash = /([A-Z])/g; jQuery.extend({ cache: {}, // Please use with caution uuid: 0, // Unique for each copy of jQuery on the page // Non-digits removed to match rinlinejQuery expando: "jQuery" + ( jQuery.fn.jquery + Math.random() ).replace( /\D/g, "" ), // The following elements throw uncatchable exceptions if you // attempt to add expando properties to them. noData: { "embed": true, // Ban all objects except for Flash (which handle expandos) "object": "clsid:D27CDB6E-AE6D-11cf-96B8-444553540000", "applet": true }, hasData: function( elem ) { elem = elem.nodeType ? jQuery.cache[ elem[jQuery.expando] ] : elem[ jQuery.expando ]; return !!elem && !isEmptyDataObject( elem ); }, data: function( elem, name, data, pvt /* Internal Use Only */ ) { if ( !jQuery.acceptData( elem ) ) { return; } var privateCache, thisCache, ret, internalKey = jQuery.expando, getByName = typeof name === "string", // We have to handle DOM nodes and JS objects differently because IE6-7 // can't GC object references properly across the DOM-JS boundary isNode = elem.nodeType, // Only DOM nodes need the global jQuery cache; JS object data is // attached directly to the object so GC can occur automatically cache = isNode ? jQuery.cache : elem, // Only defining an ID for JS objects if its cache already exists allows // the code to shortcut on the same path as a DOM node with no cache id = isNode ? elem[ internalKey ] : elem[ internalKey ] && internalKey, isEvents = name === "events"; // Avoid doing any more work than we need to when trying to get data on an // object that has no data at all if ( (!id || !cache[id] || (!isEvents && !pvt && !cache[id].data)) && getByName && data === undefined ) { return; } if ( !id ) { // Only DOM nodes need a new unique ID for each element since their data // ends up in the global cache if ( isNode ) { elem[ internalKey ] = id = ++jQuery.uuid; } else { id = internalKey; } } if ( !cache[ id ] ) { cache[ id ] = {}; // Avoids exposing jQuery metadata on plain JS objects when the object // is serialized using JSON.stringify if ( !isNode ) { cache[ id ].toJSON = jQuery.noop; } } // An object can be passed to jQuery.data instead of a key/value pair; this gets // shallow copied over onto the existing cache if ( typeof name === "object" || typeof name === "function" ) { if ( pvt ) { cache[ id ] = jQuery.extend( cache[ id ], name ); } else { cache[ id ].data = jQuery.extend( cache[ id ].data, name ); } } privateCache = thisCache = cache[ id ]; // jQuery data() is stored in a separate object inside the object's internal data // cache in order to avoid key collisions between internal data and user-defined // data. if ( !pvt ) { if ( !thisCache.data ) { thisCache.data = {}; } thisCache = thisCache.data; } if ( data !== undefined ) { thisCache[ jQuery.camelCase( name ) ] = data; } // Users should not attempt to inspect the internal events object using jQuery.data, // it is undocumented and subject to change. But does anyone listen? No. if ( isEvents && !thisCache[ name ] ) { return privateCache.events; } // Check for both converted-to-camel and non-converted data property names // If a data property was specified if ( getByName ) { // First Try to find as-is property data ret = thisCache[ name ]; // Test for null|undefined property data if ( ret == null ) { // Try to find the camelCased property ret = thisCache[ jQuery.camelCase( name ) ]; } } else { ret = thisCache; } return ret; }, removeData: function( elem, name, pvt /* Internal Use Only */ ) { if ( !jQuery.acceptData( elem ) ) { return; } var thisCache, i, l, // Reference to internal data cache key internalKey = jQuery.expando, isNode = elem.nodeType, // See jQuery.data for more information cache = isNode ? jQuery.cache : elem, // See jQuery.data for more information id = isNode ? elem[ internalKey ] : internalKey; // If there is already no cache entry for this object, there is no // purpose in continuing if ( !cache[ id ] ) { return; } if ( name ) { thisCache = pvt ? cache[ id ] : cache[ id ].data; if ( thisCache ) { // Support array or space separated string names for data keys if ( !jQuery.isArray( name ) ) { // try the string as a key before any manipulation if ( name in thisCache ) { name = [ name ]; } else { // split the camel cased version by spaces unless a key with the spaces exists name = jQuery.camelCase( name ); if ( name in thisCache ) { name = [ name ]; } else { name = name.split( " " ); } } } for ( i = 0, l = name.length; i < l; i++ ) { delete thisCache[ name[i] ]; } // If there is no data left in the cache, we want to continue // and let the cache object itself get destroyed if ( !( pvt ? isEmptyDataObject : jQuery.isEmptyObject )( thisCache ) ) { return; } } } // See jQuery.data for more information if ( !pvt ) { delete cache[ id ].data; // Don't destroy the parent cache unless the internal data object // had been the only thing left in it if ( !isEmptyDataObject(cache[ id ]) ) { return; } } // Browsers that fail expando deletion also refuse to delete expandos on // the window, but it will allow it on all other JS objects; other browsers // don't care // Ensure that `cache` is not a window object #10080 if ( jQuery.support.deleteExpando || !cache.setInterval ) { delete cache[ id ]; } else { cache[ id ] = null; } // We destroyed the cache and need to eliminate the expando on the node to avoid // false lookups in the cache for entries that no longer exist if ( isNode ) { // IE does not allow us to delete expando properties from nodes, // nor does it have a removeAttribute function on Document nodes; // we must handle all of these cases if ( jQuery.support.deleteExpando ) { delete elem[ internalKey ]; } else if ( elem.removeAttribute ) { elem.removeAttribute( internalKey ); } else { elem[ internalKey ] = null; } } }, // For internal use only. _data: function( elem, name, data ) { return jQuery.data( elem, name, data, true ); }, // A method for determining if a DOM node can handle the data expando acceptData: function( elem ) { if ( elem.nodeName ) { var match = jQuery.noData[ elem.nodeName.toLowerCase() ]; if ( match ) { return !(match === true || elem.getAttribute("classid") !== match); } } return true; } }); jQuery.fn.extend({ data: function( key, value ) { var parts, part, attr, name, l, elem = this[0], i = 0, data = null; // Gets all values if ( key === undefined ) { if ( this.length ) { data = jQuery.data( elem ); if ( elem.nodeType === 1 && !jQuery._data( elem, "parsedAttrs" ) ) { attr = elem.attributes; for ( l = attr.length; i < l; i++ ) { name = attr[i].name; if ( name.indexOf( "data-" ) === 0 ) { name = jQuery.camelCase( name.substring(5) ); dataAttr( elem, name, data[ name ] ); } } jQuery._data( elem, "parsedAttrs", true ); } } return data; } // Sets multiple values if ( typeof key === "object" ) { return this.each(function() { jQuery.data( this, key ); }); } parts = key.split( ".", 2 ); parts[1] = parts[1] ? "." + parts[1] : ""; part = parts[1] + "!"; return jQuery.access( this, function( value ) { if ( value === undefined ) { data = this.triggerHandler( "getData" + part, [ parts[0] ] ); // Try to fetch any internally stored data first if ( data === undefined && elem ) { data = jQuery.data( elem, key ); data = dataAttr( elem, key, data ); } return data === undefined && parts[1] ? this.data( parts[0] ) : data; } parts[1] = value; this.each(function() { var self = jQuery( this ); self.triggerHandler( "setData" + part, parts ); jQuery.data( this, key, value ); self.triggerHandler( "changeData" + part, parts ); }); }, null, value, arguments.length > 1, null, false ); }, removeData: function( key ) { return this.each(function() { jQuery.removeData( this, key ); }); } }); function dataAttr( elem, key, data ) { // If nothing was found internally, try to fetch any // data from the HTML5 data-* attribute if ( data === undefined && elem.nodeType === 1 ) { var name = "data-" + key.replace( rmultiDash, "-$1" ).toLowerCase(); data = elem.getAttribute( name ); if ( typeof data === "string" ) { try { data = data === "true" ? true : data === "false" ? false : data === "null" ? null : jQuery.isNumeric( data ) ? +data : rbrace.test( data ) ? jQuery.parseJSON( data ) : data; } catch( e ) {} // Make sure we set the data so it isn't changed later jQuery.data( elem, key, data ); } else { data = undefined; } } return data; } // checks a cache object for emptiness function isEmptyDataObject( obj ) { for ( var name in obj ) { // if the public data object is empty, the private is still empty if ( name === "data" && jQuery.isEmptyObject( obj[name] ) ) { continue; } if ( name !== "toJSON" ) { return false; } } return true; } function handleQueueMarkDefer( elem, type, src ) { var deferDataKey = type + "defer", queueDataKey = type + "queue", markDataKey = type + "mark", defer = jQuery._data( elem, deferDataKey ); if ( defer && ( src === "queue" || !jQuery._data(elem, queueDataKey) ) && ( src === "mark" || !jQuery._data(elem, markDataKey) ) ) { // Give room for hard-coded callbacks to fire first // and eventually mark/queue something else on the element setTimeout( function() { if ( !jQuery._data( elem, queueDataKey ) && !jQuery._data( elem, markDataKey ) ) { jQuery.removeData( elem, deferDataKey, true ); defer.fire(); } }, 0 ); } } jQuery.extend({ _mark: function( elem, type ) { if ( elem ) { type = ( type || "fx" ) + "mark"; jQuery._data( elem, type, (jQuery._data( elem, type ) || 0) + 1 ); } }, _unmark: function( force, elem, type ) { if ( force !== true ) { type = elem; elem = force; force = false; } if ( elem ) { type = type || "fx"; var key = type + "mark", count = force ? 0 : ( (jQuery._data( elem, key ) || 1) - 1 ); if ( count ) { jQuery._data( elem, key, count ); } else { jQuery.removeData( elem, key, true ); handleQueueMarkDefer( elem, type, "mark" ); } } }, queue: function( elem, type, data ) { var q; if ( elem ) { type = ( type || "fx" ) + "queue"; q = jQuery._data( elem, type ); // Speed up dequeue by getting out quickly if this is just a lookup if ( data ) { if ( !q || jQuery.isArray(data) ) { q = jQuery._data( elem, type, jQuery.makeArray(data) ); } else { q.push( data ); } } return q || []; } }, dequeue: function( elem, type ) { type = type || "fx"; var queue = jQuery.queue( elem, type ), fn = queue.shift(), hooks = {}; // If the fx queue is dequeued, always remove the progress sentinel if ( fn === "inprogress" ) { fn = queue.shift(); } if ( fn ) { // Add a progress sentinel to prevent the fx queue from being // automatically dequeued if ( type === "fx" ) { queue.unshift( "inprogress" ); } jQuery._data( elem, type + ".run", hooks ); fn.call( elem, function() { jQuery.dequeue( elem, type ); }, hooks ); } if ( !queue.length ) { jQuery.removeData( elem, type + "queue " + type + ".run", true ); handleQueueMarkDefer( elem, type, "queue" ); } } }); jQuery.fn.extend({ queue: function( type, data ) { var setter = 2; if ( typeof type !== "string" ) { data = type; type = "fx"; setter--; } if ( arguments.length < setter ) { return jQuery.queue( this[0], type ); } return data === undefined ? this : this.each(function() { var queue = jQuery.queue( this, type, data ); if ( type === "fx" && queue[0] !== "inprogress" ) { jQuery.dequeue( this, type ); } }); }, dequeue: function( type ) { return this.each(function() { jQuery.dequeue( this, type ); }); }, // Based off of the plugin by Clint Helfers, with permission. // http://blindsignals.com/index.php/2009/07/jquery-delay/ delay: function( time, type ) { time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time; type = type || "fx"; return this.queue( type, function( next, hooks ) { var timeout = setTimeout( next, time ); hooks.stop = function() { clearTimeout( timeout ); }; }); }, clearQueue: function( type ) { return this.queue( type || "fx", [] ); }, // Get a promise resolved when queues of a certain type // are emptied (fx is the type by default) promise: function( type, object ) { if ( typeof type !== "string" ) { object = type; type = undefined; } type = type || "fx"; var defer = jQuery.Deferred(), elements = this, i = elements.length, count = 1, deferDataKey = type + "defer", queueDataKey = type + "queue", markDataKey = type + "mark", tmp; function resolve() { if ( !( --count ) ) { defer.resolveWith( elements, [ elements ] ); } } while( i-- ) { if (( tmp = jQuery.data( elements[ i ], deferDataKey, undefined, true ) || ( jQuery.data( elements[ i ], queueDataKey, undefined, true ) || jQuery.data( elements[ i ], markDataKey, undefined, true ) ) && jQuery.data( elements[ i ], deferDataKey, jQuery.Callbacks( "once memory" ), true ) )) { count++; tmp.add( resolve ); } } resolve(); return defer.promise( object ); } }); var rclass = /[\n\t\r]/g, rspace = /\s+/, rreturn = /\r/g, rtype = /^(?:button|input)$/i, rfocusable = /^(?:button|input|object|select|textarea)$/i, rclickable = /^a(?:rea)?$/i, rboolean = /^(?:autofocus|autoplay|async|checked|controls|defer|disabled|hidden|loop|multiple|open|readonly|required|scoped|selected)$/i, getSetAttribute = jQuery.support.getSetAttribute, nodeHook, boolHook, fixSpecified; jQuery.fn.extend({ attr: function( name, value ) { return jQuery.access( this, jQuery.attr, name, value, arguments.length > 1 ); }, removeAttr: function( name ) { return this.each(function() { jQuery.removeAttr( this, name ); }); }, prop: function( name, value ) { return jQuery.access( this, jQuery.prop, name, value, arguments.length > 1 ); }, removeProp: function( name ) { name = jQuery.propFix[ name ] || name; return this.each(function() { // try/catch handles cases where IE balks (such as removing a property on window) try { this[ name ] = undefined; delete this[ name ]; } catch( e ) {} }); }, addMethod: function( value ) { var classNames, i, l, elem, setMethod, c, cl; if ( jQuery.isFunction( value ) ) { return this.each(function( j ) { jQuery( this ).addMethod( value.call(this, j, this.className) ); }); } if ( value && typeof value === "string" ) { classNames = value.split( rspace ); for ( i = 0, l = this.length; i < l; i++ ) { elem = this[ i ]; if ( elem.nodeType === 1 ) { if ( !elem.className && classNames.length === 1 ) { elem.className = value; } else { setMethod = " " + elem.className + " "; for ( c = 0, cl = classNames.length; c < cl; c++ ) { if ( !~setMethod.indexOf( " " + classNames[ c ] + " " ) ) { setMethod += classNames[ c ] + " "; } } elem.className = jQuery.trim( setMethod ); } } } } return this; }, removeMethod: function( value ) { var classNames, i, l, elem, className, c, cl; if ( jQuery.isFunction( value ) ) { return this.each(function( j ) { jQuery( this ).removeMethod( value.call(this, j, this.className) ); }); } if ( (value && typeof value === "string") || value === undefined ) { classNames = ( value || "" ).split( rspace ); for ( i = 0, l = this.length; i < l; i++ ) { elem = this[ i ]; if ( elem.nodeType === 1 && elem.className ) { if ( value ) { className = (" " + elem.className + " ").replace( rclass, " " ); for ( c = 0, cl = classNames.length; c < cl; c++ ) { className = className.replace(" " + classNames[ c ] + " ", " "); } elem.className = jQuery.trim( className ); } else { elem.className = ""; } } } } return this; }, toggleMethod: function( value, stateVal ) { var type = typeof value, isBool = typeof stateVal === "boolean"; if ( jQuery.isFunction( value ) ) { return this.each(function( i ) { jQuery( this ).toggleMethod( value.call(this, i, this.className, stateVal), stateVal ); }); } return this.each(function() { if ( type === "string" ) { // toggle individual class names var className, i = 0, self = jQuery( this ), state = stateVal, classNames = value.split( rspace ); while ( (className = classNames[ i++ ]) ) { // check each className given, space seperated list state = isBool ? state : !self.hasMethod( className ); self[ state ? "addMethod" : "removeMethod" ]( className ); } } else if ( type === "undefined" || type === "boolean" ) { if ( this.className ) { // store className if set jQuery._data( this, "__className__", this.className ); } // toggle whole className this.className = this.className || value === false ? "" : jQuery._data( this, "__className__" ) || ""; } }); }, hasMethod: function( selector ) { var className = " " + selector + " ", i = 0, l = this.length; for ( ; i < l; i++ ) { if ( this[i].nodeType === 1 && (" " + this[i].className + " ").replace(rclass, " ").indexOf( className ) > -1 ) { return true; } } return false; }, val: function( value ) { var hooks, ret, isFunction, elem = this[0]; if ( !arguments.length ) { if ( elem ) { hooks = jQuery.valHooks[ elem.type ] || jQuery.valHooks[ elem.nodeName.toLowerCase() ]; if ( hooks && "get" in hooks && (ret = hooks.get( elem, "value" )) !== undefined ) { return ret; } ret = elem.value; return typeof ret === "string" ? // handle most common string cases ret.replace(rreturn, "") : // handle cases where value is null/undef or number ret == null ? "" : ret; } return; } isFunction = jQuery.isFunction( value ); return this.each(function( i ) { var self = jQuery(this), val; if ( this.nodeType !== 1 ) { return; } if ( isFunction ) { val = value.call( this, i, self.val() ); } else { val = value; } // Treat null/undefined as ""; convert numbers to string if ( val == null ) { val = ""; } else if ( typeof val === "number" ) { val += ""; } else if ( jQuery.isArray( val ) ) { val = jQuery.map(val, function ( value ) { return value == null ? "" : value + ""; }); } hooks = jQuery.valHooks[ this.type ] || jQuery.valHooks[ this.nodeName.toLowerCase() ]; // If set returns undefined, fall back to normal setting if ( !hooks || !("set" in hooks) || hooks.set( this, val, "value" ) === undefined ) { this.value = val; } }); } }); jQuery.extend({ valHooks: { option: { get: function( elem ) { // attributes.value is undefined in Blackberry 4.7 but // uses .value. See #6932 var val = elem.attributes.value; return !val || val.specified ? elem.value : elem.text; } }, select: { get: function( elem ) { var value, i, max, option, index = elem.selectedIndex, values = [], options = elem.options, one = elem.type === "select-one"; // Nothing was selected if ( index < 0 ) { return null; } // Loop through all the selected options i = one ? index : 0; max = one ? index + 1 : options.length; for ( ; i < max; i++ ) { option = options[ i ]; // Don't return options that are disabled or in a disabled optgroup if ( option.selected && (jQuery.support.optDisabled ? !option.disabled : option.getAttribute("disabled") === null) && (!option.parentNode.disabled || !jQuery.nodeName( option.parentNode, "optgroup" )) ) { // Get the specific value for the option value = jQuery( option ).val(); // We don't need an array for one selects if ( one ) { return value; } // Multi-Selects return an array values.push( value ); } } // Fixes Bug #2551 -- select.val() broken in IE after form.reset() if ( one && !values.length && options.length ) { return jQuery( options[ index ] ).val(); } return values; }, set: function( elem, value ) { var values = jQuery.makeArray( value ); jQuery(elem).find("option").each(function() { this.selected = jQuery.inArray( jQuery(this).val(), values ) >= 0; }); if ( !values.length ) { elem.selectedIndex = -1; } return values; } } }, attrFn: { val: true, css: true, html: true, text: true, data: true, width: true, height: true, offset: true }, attr: function( elem, name, value, pass ) { var ret, hooks, notxml, nType = elem.nodeType; // don't get/set attributes on text, comment and attribute nodes if ( !elem || nType === 3 || nType === 8 || nType === 2 ) { return; } if ( pass && name in jQuery.attrFn ) { return jQuery( elem )[ name ]( value ); } // Fallback to prop when attributes are not supported if ( typeof elem.getAttribute === "undefined" ) { return jQuery.prop( elem, name, value ); } notxml = nType !== 1 || !jQuery.isXMLDoc( elem ); // All attributes are lowercase // Grab necessary hook if one is defined if ( notxml ) { name = name.toLowerCase(); hooks = jQuery.attrHooks[ name ] || ( rboolean.test( name ) ? boolHook : nodeHook ); } if ( value !== undefined ) { if ( value === null ) { jQuery.removeAttr( elem, name ); return; } else if ( hooks && "set" in hooks && notxml && (ret = hooks.set( elem, value, name )) !== undefined ) { return ret; } else { elem.setAttribute( name, "" + value ); return value; } } else if ( hooks && "get" in hooks && notxml && (ret = hooks.get( elem, name )) !== null ) { return ret; } else { ret = elem.getAttribute( name ); // Non-existent attributes return null, we normalize to undefined return ret === null ? undefined : ret; } }, removeAttr: function( elem, value ) { var propName, attrNames, name, l, isBool, i = 0; if ( value && elem.nodeType === 1 ) { attrNames = value.toLowerCase().split( rspace ); l = attrNames.length; for ( ; i < l; i++ ) { name = attrNames[ i ]; if ( name ) { propName = jQuery.propFix[ name ] || name; isBool = rboolean.test( name ); // See #9699 for explanation of this approach (setting first, then removal) // Do not do this for boolean attributes (see #10870) if ( !isBool ) { jQuery.attr( elem, name, "" ); } elem.removeAttribute( getSetAttribute ? name : propName ); // Set corresponding property to false for boolean attributes if ( isBool && propName in elem ) { elem[ propName ] = false; } } } } }, attrHooks: { type: { set: function( elem, value ) { // We can't allow the type property to be changed (since it causes problems in IE) if ( rtype.test( elem.nodeName ) && elem.parentNode ) { jQuery.error( "type property can't be changed" ); } else if ( !jQuery.support.radioValue && value === "radio" && jQuery.nodeName(elem, "input") ) { // Setting the type on a radio button after the value resets the value in IE6-9 // Reset value to it's default in case type is set after value // This is for element creation var val = elem.value; elem.setAttribute( "type", value ); if ( val ) { elem.value = val; } return value; } } }, // Use the value property for back compat // Use the nodeHook for button elements in IE6/7 (#1954) value: { get: function( elem, name ) { if ( nodeHook && jQuery.nodeName( elem, "button" ) ) { return nodeHook.get( elem, name ); } return name in elem ? elem.value : null; }, set: function( elem, value, name ) { if ( nodeHook && jQuery.nodeName( elem, "button" ) ) { return nodeHook.set( elem, value, name ); } // Does not return so that setAttribute is also used elem.value = value; } } }, propFix: { tabindex: "tabIndex", readonly: "readOnly", "for": "htmlFor", "class": "className", maxlength: "maxLength", cellspacing: "cellSpacing", cellpadding: "cellPadding", rowspan: "rowSpan", colspan: "colSpan", usemap: "useMap", frameborder: "frameBorder", contenteditable: "contentEditable" }, prop: function( elem, name, value ) { var ret, hooks, notxml, nType = elem.nodeType; // don't get/set properties on text, comment and attribute nodes if ( !elem || nType === 3 || nType === 8 || nType === 2 ) { return; } notxml = nType !== 1 || !jQuery.isXMLDoc( elem ); if ( notxml ) { // Fix name and attach hooks name = jQuery.propFix[ name ] || name; hooks = jQuery.propHooks[ name ]; } if ( value !== undefined ) { if ( hooks && "set" in hooks && (ret = hooks.set( elem, value, name )) !== undefined ) { return ret; } else { return ( elem[ name ] = value ); } } else { if ( hooks && "get" in hooks && (ret = hooks.get( elem, name )) !== null ) { return ret; } else { return elem[ name ]; } } }, propHooks: { tabIndex: { get: function( elem ) { // elem.tabIndex doesn't always return the correct value when it hasn't been explicitly set // http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/ var attributeNode = elem.getAttributeNode("tabindex"); return attributeNode && attributeNode.specified ? parseInt( attributeNode.value, 10 ) : rfocusable.test( elem.nodeName ) || rclickable.test( elem.nodeName ) && elem.href ? 0 : undefined; } } } }); // Add the tabIndex propHook to attrHooks for back-compat (different case is intentional) jQuery.attrHooks.tabindex = jQuery.propHooks.tabIndex; // Hook for boolean attributes boolHook = { get: function( elem, name ) { // Align boolean attributes with corresponding properties // Fall back to attribute presence where some booleans are not supported var attrNode, property = jQuery.prop( elem, name ); return property === true || typeof property !== "boolean" && ( attrNode = elem.getAttributeNode(name) ) && attrNode.nodeValue !== false ? name.toLowerCase() : undefined; }, set: function( elem, value, name ) { var propName; if ( value === false ) { // Remove boolean attributes when set to false jQuery.removeAttr( elem, name ); } else { // value is true since we know at this point it's type boolean and not false // Set boolean attributes to the same name and set the DOM property propName = jQuery.propFix[ name ] || name; if ( propName in elem ) { // Only set the IDL specifically if it already exists on the element elem[ propName ] = true; } elem.setAttribute( name, name.toLowerCase() ); } return name; } }; // IE6/7 do not support getting/setting some attributes with get/setAttribute if ( !getSetAttribute ) { fixSpecified = { name: true, id: true, coords: true }; // Use this for any attribute in IE6/7 // This fixes almost every IE6/7 issue nodeHook = jQuery.valHooks.button = { get: function( elem, name ) { var ret; ret = elem.getAttributeNode( name ); return ret && ( fixSpecified[ name ] ? ret.nodeValue !== "" : ret.specified ) ? ret.nodeValue : undefined; }, set: function( elem, value, name ) { // Set the existing or create a new attribute node var ret = elem.getAttributeNode( name ); if ( !ret ) { ret = document.createAttribute( name ); elem.setAttributeNode( ret ); } return ( ret.nodeValue = value + "" ); } }; // Apply the nodeHook to tabindex jQuery.attrHooks.tabindex.set = nodeHook.set; // Set width and height to auto instead of 0 on empty string( Bug #8150 ) // This is for removals jQuery.each([ "width", "height" ], function( i, name ) { jQuery.attrHooks[ name ] = jQuery.extend( jQuery.attrHooks[ name ], { set: function( elem, value ) { if ( value === "" ) { elem.setAttribute( name, "auto" ); return value; } } }); }); // Set contenteditable to false on removals(#10429) // Setting to empty string throws an error as an invalid value jQuery.attrHooks.contenteditable = { get: nodeHook.get, set: function( elem, value, name ) { if ( value === "" ) { value = "false"; } nodeHook.set( elem, value, name ); } }; } // Some attributes require a special call on IE if ( !jQuery.support.hrefNormalized ) { jQuery.each([ "href", "src", "width", "height" ], function( i, name ) { jQuery.attrHooks[ name ] = jQuery.extend( jQuery.attrHooks[ name ], { get: function( elem ) { var ret = elem.getAttribute( name, 2 ); return ret === null ? undefined : ret; } }); }); } if ( !jQuery.support.style ) { jQuery.attrHooks.style = { get: function( elem ) { // Return undefined in the case of empty string // Normalize to lowercase since IE uppercases css property names return elem.style.cssText.toLowerCase() || undefined; }, set: function( elem, value ) { return ( elem.style.cssText = "" + value ); } }; } // Safari mis-reports the default selected property of an option // Accessing the parent's selectedIndex property fixes it if ( !jQuery.support.optSelected ) { jQuery.propHooks.selected = jQuery.extend( jQuery.propHooks.selected, { get: function( elem ) { var parent = elem.parentNode; if ( parent ) { parent.selectedIndex; // Make sure that it also works with optgroups, see #5701 if ( parent.parentNode ) { parent.parentNode.selectedIndex; } } return null; } }); } // IE6/7 call enctype encoding if ( !jQuery.support.enctype ) { jQuery.propFix.enctype = "encoding"; } // Radios and checkboxes getter/setter if ( !jQuery.support.checkOn ) { jQuery.each([ "radio", "checkbox" ], function() { jQuery.valHooks[ this ] = { get: function( elem ) { // Handle the case where in Webkit "" is returned instead of "on" if a value isn't specified return elem.getAttribute("value") === null ? "on" : elem.value; } }; }); } jQuery.each([ "radio", "checkbox" ], function() { jQuery.valHooks[ this ] = jQuery.extend( jQuery.valHooks[ this ], { set: function( elem, value ) { if ( jQuery.isArray( value ) ) { return ( elem.checked = jQuery.inArray( jQuery(elem).val(), value ) >= 0 ); } } }); }); var rformElems = /^(?:textarea|input|select)$/i, rtypenamespace = /^([^\.]*)?(?:\.(.+))?$/, rhoverHack = /(?:^|\s)hover(\.\S+)?\b/, rkeyEvent = /^key/, rmouseEvent = /^(?:mouse|contextmenu)|click/, rfocusMorph = /^(?:focusinfocus|focusoutblur)$/, rquickIs = /^(\w*)(?:#([\w\-]+))?(?:\.([\w\-]+))?$/, quickParse = function( selector ) { var quick = rquickIs.exec( selector ); if ( quick ) { // 0 1 2 3 // [ _, tag, id, class ] quick[1] = ( quick[1] || "" ).toLowerCase(); quick[3] = quick[3] && new RegExp( "(?:^|\\s)" + quick[3] + "(?:\\s|$)" ); } return quick; }, quickIs = function( elem, m ) { var attrs = elem.attributes || {}; return ( (!m[1] || elem.nodeName.toLowerCase() === m[1]) && (!m[2] || (attrs.id || {}).value === m[2]) && (!m[3] || m[3].test( (attrs[ "class" ] || {}).value )) ); }, hoverHack = function( events ) { return jQuery.event.special.hover ? events : events.replace( rhoverHack, "mouseenter$1 mouseleave$1" ); }; /* * Helper functions for managing events -- not part of the public interface. * Props to Dean Edwards' addEvent library for many of the ideas. */ jQuery.event = { add: function( elem, types, handler, data, selector ) { var elemData, eventHandle, events, t, tns, type, namespaces, handleObj, handleObjIn, quick, handlers, special; // Don't attach events to noData or text/comment nodes (allow plain objects tho) if ( elem.nodeType === 3 || elem.nodeType === 8 || !types || !handler || !(elemData = jQuery._data( elem )) ) { return; } // Caller can pass in an object of custom data in lieu of the handler if ( handler.handler ) { handleObjIn = handler; handler = handleObjIn.handler; selector = handleObjIn.selector; } // Make sure that the handler has a unique ID, used to find/remove it later if ( !handler.guid ) { handler.guid = jQuery.guid++; } // Init the element's event structure and main handler, if this is the first events = elemData.events; if ( !events ) { elemData.events = events = {}; } eventHandle = elemData.handle; if ( !eventHandle ) { elemData.handle = eventHandle = function( e ) { // Discard the second event of a jQuery.event.trigger() and // when an event is called after a page has unloaded return typeof jQuery !== "undefined" && (!e || jQuery.event.triggered !== e.type) ? jQuery.event.dispatch.apply( eventHandle.elem, arguments ) : undefined; }; // Add elem as a property of the handle fn to prevent a memory leak with IE non-native events eventHandle.elem = elem; } // Handle multiple events separated by a space // jQuery(...).bind("mouseover mouseout", fn); types = jQuery.trim( hoverHack(types) ).split( " " ); for ( t = 0; t < types.length; t++ ) { tns = rtypenamespace.exec( types[t] ) || []; type = tns[1]; namespaces = ( tns[2] || "" ).split( "." ).sort(); // If event changes its type, use the special event handlers for the changed type special = jQuery.event.special[ type ] || {}; // If selector defined, determine special event api type, otherwise given type type = ( selector ? special.delegateType : special.bindType ) || type; // Update special based on newly reset type special = jQuery.event.special[ type ] || {}; // handleObj is passed to all event handlers handleObj = jQuery.extend({ type: type, origType: tns[1], data: data, handler: handler, guid: handler.guid, selector: selector, quick: selector && quickParse( selector ), namespace: namespaces.join(".") }, handleObjIn ); // Init the event handler queue if we're the first handlers = events[ type ]; if ( !handlers ) { handlers = events[ type ] = []; handlers.delegateCount = 0; // Only use addEventListener/attachEvent if the special events handler returns false if ( !special.setup || special.setup.call( elem, data, namespaces, eventHandle ) === false ) { // Bind the global event handler to the element if ( elem.addEventListener ) { elem.addEventListener( type, eventHandle, false ); } else if ( elem.attachEvent ) { elem.attachEvent( "on" + type, eventHandle ); } } } if ( special.add ) { special.add.call( elem, handleObj ); if ( !handleObj.handler.guid ) { handleObj.handler.guid = handler.guid; } } // Add to the element's handler list, delegates in front if ( selector ) { handlers.splice( handlers.delegateCount++, 0, handleObj ); } else { handlers.push( handleObj ); } // Keep track of which events have ever been used, for event optimization jQuery.event.global[ type ] = true; } // Nullify elem to prevent memory leaks in IE elem = null; }, global: {}, // Detach an event or set of events from an element remove: function( elem, types, handler, selector, mappedTypes ) { var elemData = jQuery.hasData( elem ) && jQuery._data( elem ), t, tns, type, origType, namespaces, origCount, j, events, special, handle, eventType, handleObj; if ( !elemData || !(events = elemData.events) ) { return; } // Once for each type.namespace in types; type may be omitted types = jQuery.trim( hoverHack( types || "" ) ).split(" "); for ( t = 0; t < types.length; t++ ) { tns = rtypenamespace.exec( types[t] ) || []; type = origType = tns[1]; namespaces = tns[2]; // Unbind all events (on this namespace, if provided) for the element if ( !type ) { for ( type in events ) { jQuery.event.remove( elem, type + types[ t ], handler, selector, true ); } continue; } special = jQuery.event.special[ type ] || {}; type = ( selector? special.delegateType : special.bindType ) || type; eventType = events[ type ] || []; origCount = eventType.length; namespaces = namespaces ? new RegExp("(^|\\.)" + namespaces.split(".").sort().join("\\.(?:.*\\.)?") + "(\\.|$)") : null; // Remove matching events for ( j = 0; j < eventType.length; j++ ) { handleObj = eventType[ j ]; if ( ( mappedTypes || origType === handleObj.origType ) && ( !handler || handler.guid === handleObj.guid ) && ( !namespaces || namespaces.test( handleObj.namespace ) ) && ( !selector || selector === handleObj.selector || selector === "**" && handleObj.selector ) ) { eventType.splice( j--, 1 ); if ( handleObj.selector ) { eventType.delegateCount--; } if ( special.remove ) { special.remove.call( elem, handleObj ); } } } // Remove generic event handler if we removed something and no more handlers exist // (avoids potential for endless recursion during removal of special event handlers) if ( eventType.length === 0 && origCount !== eventType.length ) { if ( !special.teardown || special.teardown.call( elem, namespaces ) === false ) { jQuery.removeEvent( elem, type, elemData.handle ); } delete events[ type ]; } } // Remove the expando if it's no longer used if ( jQuery.isEmptyObject( events ) ) { handle = elemData.handle; if ( handle ) { handle.elem = null; } // removeData also checks for emptiness and clears the expando if empty // so use it instead of delete jQuery.removeData( elem, [ "events", "handle" ], true ); } }, // Events that are safe to short-circuit if no handlers are attached. // Native DOM events should not be added, they may have inline handlers. customEvent: { "getData": true, "setData": true, "changeData": true }, trigger: function( event, data, elem, onlyHandlers ) { // Don't do events on text and comment nodes if ( elem && (elem.nodeType === 3 || elem.nodeType === 8) ) { return; } // Event object or event type var type = event.type || event, namespaces = [], cache, exclusive, i, cur, old, ontype, special, handle, eventPath, bubbleType; // focus/blur morphs to focusin/out; ensure we're not firing them right now if ( rfocusMorph.test( type + jQuery.event.triggered ) ) { return; } if ( type.indexOf( "!" ) >= 0 ) { // Exclusive events trigger only for the exact event (no namespaces) type = type.slice(0, -1); exclusive = true; } if ( type.indexOf( "." ) >= 0 ) { // Namespaced trigger; create a regexp to match event type in handle() namespaces = type.split("."); type = namespaces.shift(); namespaces.sort(); } if ( (!elem || jQuery.event.customEvent[ type ]) && !jQuery.event.global[ type ] ) { // No jQuery handlers for this event type, and it can't have inline handlers return; } // Caller can pass in an Event, Object, or just an event type string event = typeof event === "object" ? // jQuery.Event object event[ jQuery.expando ] ? event : // Object literal new jQuery.Event( type, event ) : // Just the event type (string) new jQuery.Event( type ); event.type = type; event.isTrigger = true; event.exclusive = exclusive; event.namespace = namespaces.join( "." ); event.namespace_re = event.namespace? new RegExp("(^|\\.)" + namespaces.join("\\.(?:.*\\.)?") + "(\\.|$)") : null; ontype = type.indexOf( ":" ) < 0 ? "on" + type : ""; // Handle a global trigger if ( !elem ) { // TODO: Stop taunting the data cache; remove global events and always attach to document cache = jQuery.cache; for ( i in cache ) { if ( cache[ i ].events && cache[ i ].events[ type ] ) { jQuery.event.trigger( event, data, cache[ i ].handle.elem, true ); } } return; } // Clean up the event in case it is being reused event.result = undefined; if ( !event.target ) { event.target = elem; } // Clone any incoming data and prepend the event, creating the handler arg list data = data != null ? jQuery.makeArray( data ) : []; data.unshift( event ); // Allow special events to draw outside the lines special = jQuery.event.special[ type ] || {}; if ( special.trigger && special.trigger.apply( elem, data ) === false ) { return; } // Determine event propagation path in advance, per W3C events spec (#9951) // Bubble up to document, then to window; watch for a global ownerDocument var (#9724) eventPath = [[ elem, special.bindType || type ]]; if ( !onlyHandlers && !special.noBubble && !jQuery.isWindow( elem ) ) { bubbleType = special.delegateType || type; cur = rfocusMorph.test( bubbleType + type ) ? elem : elem.parentNode; old = null; for ( ; cur; cur = cur.parentNode ) { eventPath.push([ cur, bubbleType ]); old = cur; } // Only add window if we got to document (e.g., not plain obj or detached DOM) if ( old && old === elem.ownerDocument ) { eventPath.push([ old.defaultView || old.parentWindow || window, bubbleType ]); } } // Fire handlers on the event path for ( i = 0; i < eventPath.length && !event.isPropagationStopped(); i++ ) { cur = eventPath[i][0]; event.type = eventPath[i][1]; handle = ( jQuery._data( cur, "events" ) || {} )[ event.type ] && jQuery._data( cur, "handle" ); if ( handle ) { handle.apply( cur, data ); } // Note that this is a bare JS function and not a jQuery handler handle = ontype && cur[ ontype ]; if ( handle && jQuery.acceptData( cur ) && handle.apply( cur, data ) === false ) { event.preventDefault(); } } event.type = type; // If nobody prevented the default action, do it now if ( !onlyHandlers && !event.isDefaultPrevented() ) { if ( (!special._default || special._default.apply( elem.ownerDocument, data ) === false) && !(type === "click" && jQuery.nodeName( elem, "a" )) && jQuery.acceptData( elem ) ) { // Call a native DOM method on the target with the same name name as the event. // Can't use an .isFunction() check here because IE6/7 fails that test. // Don't do default actions on window, that's where global variables be (#6170) // IE<9 dies on focus/blur to hidden element (#1486) if ( ontype && elem[ type ] && ((type !== "focus" && type !== "blur") || event.target.offsetWidth !== 0) && !jQuery.isWindow( elem ) ) { // Don't re-trigger an onFOO event when we call its FOO() method old = elem[ ontype ]; if ( old ) { elem[ ontype ] = null; } // Prevent re-triggering of the same event, since we already bubbled it above jQuery.event.triggered = type; elem[ type ](); jQuery.event.triggered = undefined; if ( old ) { elem[ ontype ] = old; } } } } return event.result; }, dispatch: function( event ) { // Make a writable jQuery.Event from the native event object event = jQuery.event.fix( event || window.event ); var handlers = ( (jQuery._data( this, "events" ) || {} )[ event.type ] || []), delegateCount = handlers.delegateCount, args = [].slice.call( arguments, 0 ), run_all = !event.exclusive && !event.namespace, special = jQuery.event.special[ event.type ] || {}, handlerQueue = [], i, j, cur, jqcur, ret, selMatch, matched, matches, handleObj, sel, related; // Use the fix-ed jQuery.Event rather than the (read-only) native event args[0] = event; event.delegateTarget = this; // Call the preDispatch hook for the mapped type, and let it bail if desired if ( special.preDispatch && special.preDispatch.call( this, event ) === false ) { return; } // Determine handlers that should run if there are delegated events // Avoid non-left-click bubbling in Firefox (#3861) if ( delegateCount && !(event.button && event.type === "click") ) { // Pregenerate a single jQuery object for reuse with .is() jqcur = jQuery(this); jqcur.context = this.ownerDocument || this; for ( cur = event.target; cur != this; cur = cur.parentNode || this ) { // Don't process events on disabled elements (#6911, #8165) if ( cur.disabled !== true ) { selMatch = {}; matches = []; jqcur[0] = cur; for ( i = 0; i < delegateCount; i++ ) { handleObj = handlers[ i ]; sel = handleObj.selector; if ( selMatch[ sel ] === undefined ) { selMatch[ sel ] = ( handleObj.quick ? quickIs( cur, handleObj.quick ) : jqcur.is( sel ) ); } if ( selMatch[ sel ] ) { matches.push( handleObj ); } } if ( matches.length ) { handlerQueue.push({ elem: cur, matches: matches }); } } } } // Add the remaining (directly-bound) handlers if ( handlers.length > delegateCount ) { handlerQueue.push({ elem: this, matches: handlers.slice( delegateCount ) }); } // Run delegates first; they may want to stop propagation beneath us for ( i = 0; i < handlerQueue.length && !event.isPropagationStopped(); i++ ) { matched = handlerQueue[ i ]; event.currentTarget = matched.elem; for ( j = 0; j < matched.matches.length && !event.isImmediatePropagationStopped(); j++ ) { handleObj = matched.matches[ j ]; // Triggered event must either 1) be non-exclusive and have no namespace, or // 2) have namespace(s) a subset or equal to those in the bound event (both can have no namespace). if ( run_all || (!event.namespace && !handleObj.namespace) || event.namespace_re && event.namespace_re.test( handleObj.namespace ) ) { event.data = handleObj.data; event.handleObj = handleObj; ret = ( (jQuery.event.special[ handleObj.origType ] || {}).handle || handleObj.handler ) .apply( matched.elem, args ); if ( ret !== undefined ) { event.result = ret; if ( ret === false ) { event.preventDefault(); event.stopPropagation(); } } } } } // Call the postDispatch hook for the mapped type if ( special.postDispatch ) { special.postDispatch.call( this, event ); } return event.result; }, // Includes some event props shared by KeyEvent and MouseEvent // *** attrChange attrName relatedNode srcElement are not normalized, non-W3C, deprecated, will be removed in 1.8 *** props: "attrChange attrName relatedNode srcElement altKey bubbles cancelable ctrlKey currentTarget eventPhase metaKey relatedTarget shiftKey target timeStamp view which".split(" "), fixHooks: {}, keyHooks: { props: "char charCode key keyCode".split(" "), filter: function( event, original ) { // Add which for key events if ( event.which == null ) { event.which = original.charCode != null ? original.charCode : original.keyCode; } return event; } }, mouseHooks: { props: "button buttons clientX clientY fromElement offsetX offsetY pageX pageY screenX screenY toElement".split(" "), filter: function( event, original ) { var eventDoc, doc, body, button = original.button, fromElement = original.fromElement; // Calculate pageX/Y if missing and clientX/Y available if ( event.pageX == null && original.clientX != null ) { eventDoc = event.target.ownerDocument || document; doc = eventDoc.documentElement; body = eventDoc.body; event.pageX = original.clientX + ( doc && doc.scrollLeft || body && body.scrollLeft || 0 ) - ( doc && doc.clientLeft || body && body.clientLeft || 0 ); event.pageY = original.clientY + ( doc && doc.scrollTop || body && body.scrollTop || 0 ) - ( doc && doc.clientTop || body && body.clientTop || 0 ); } // Add relatedTarget, if necessary if ( !event.relatedTarget && fromElement ) { event.relatedTarget = fromElement === event.target ? original.toElement : fromElement; } // Add which for click: 1 === left; 2 === middle; 3 === right // Note: button is not normalized, so don't use it if ( !event.which && button !== undefined ) { event.which = ( button & 1 ? 1 : ( button & 2 ? 3 : ( button & 4 ? 2 : 0 ) ) ); } return event; } }, fix: function( event ) { if ( event[ jQuery.expando ] ) { return event; } // Create a writable copy of the event object and normalize some properties var i, prop, originalEvent = event, fixHook = jQuery.event.fixHooks[ event.type ] || {}, copy = fixHook.props ? this.props.concat( fixHook.props ) : this.props; event = jQuery.Event( originalEvent ); for ( i = copy.length; i; ) { prop = copy[ --i ]; event[ prop ] = originalEvent[ prop ]; } // Fix target property, if necessary (#1925, IE 6/7/8 & Safari2) if ( !event.target ) { event.target = originalEvent.srcElement || document; } // Target should not be a text node (#504, Safari) if ( event.target.nodeType === 3 ) { event.target = event.target.parentNode; } // For mouse/key events; add metaKey if it's not there (#3368, IE6/7/8) if ( event.metaKey === undefined ) { event.metaKey = event.ctrlKey; } return fixHook.filter? fixHook.filter( event, originalEvent ) : event; }, special: { ready: { // Make sure the ready event is setup setup: jQuery.bindReady }, load: { // Prevent triggered image.load events from bubbling to window.load noBubble: true }, focus: { delegateType: "focusin" }, blur: { delegateType: "focusout" }, beforeunload: { setup: function( data, namespaces, eventHandle ) { // We only want to do this special case on windows if ( jQuery.isWindow( this ) ) { this.onbeforeunload = eventHandle; } }, teardown: function( namespaces, eventHandle ) { if ( this.onbeforeunload === eventHandle ) { this.onbeforeunload = null; } } } }, simulate: function( type, elem, event, bubble ) { // Piggyback on a donor event to simulate a different one. // Fake originalEvent to avoid donor's stopPropagation, but if the // simulated event prevents default then we do the same on the donor. var e = jQuery.extend( new jQuery.Event(), event, { type: type, isSimulated: true, originalEvent: {} } ); if ( bubble ) { jQuery.event.trigger( e, null, elem ); } else { jQuery.event.dispatch.call( elem, e ); } if ( e.isDefaultPrevented() ) { event.preventDefault(); } } }; // Some plugins are using, but it's undocumented/deprecated and will be removed. // The 1.7 special event interface should provide all the hooks needed now. jQuery.event.handle = jQuery.event.dispatch; jQuery.removeEvent = document.removeEventListener ? function( elem, type, handle ) { if ( elem.removeEventListener ) { elem.removeEventListener( type, handle, false ); } } : function( elem, type, handle ) { if ( elem.detachEvent ) { elem.detachEvent( "on" + type, handle ); } }; jQuery.Event = function( src, props ) { // Allow instantiation without the 'new' keyword if ( !(this instanceof jQuery.Event) ) { return new jQuery.Event( src, props ); } // Event object if ( src && src.type ) { this.originalEvent = src; this.type = src.type; // Events bubbling up the document may have been marked as prevented // by a handler lower down the tree; reflect the correct value. this.isDefaultPrevented = ( src.defaultPrevented || src.returnValue === false || src.getPreventDefault && src.getPreventDefault() ) ? returnTrue : returnFalse; // Event type } else { this.type = src; } // Put explicitly provided properties onto the event object if ( props ) { jQuery.extend( this, props ); } // Create a timestamp if incoming event doesn't have one this.timeStamp = src && src.timeStamp || jQuery.now(); // Mark it as fixed this[ jQuery.expando ] = true; }; function returnFalse() { return false; } function returnTrue() { return true; } // jQuery.Event is based on DOM3 Events as specified by the ECMAScript Language Binding // http://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html jQuery.Event.prototype = { preventDefault: function() { this.isDefaultPrevented = returnTrue; var e = this.originalEvent; if ( !e ) { return; } // if preventDefault exists run it on the original event if ( e.preventDefault ) { e.preventDefault(); // otherwise set the returnValue property of the original event to false (IE) } else { e.returnValue = false; } }, stopPropagation: function() { this.isPropagationStopped = returnTrue; var e = this.originalEvent; if ( !e ) { return; } // if stopPropagation exists run it on the original event if ( e.stopPropagation ) { e.stopPropagation(); } // otherwise set the cancelBubble property of the original event to true (IE) e.cancelBubble = true; }, stopImmediatePropagation: function() { this.isImmediatePropagationStopped = returnTrue; this.stopPropagation(); }, isDefaultPrevented: returnFalse, isPropagationStopped: returnFalse, isImmediatePropagationStopped: returnFalse }; // Create mouseenter/leave events using mouseover/out and event-time checks jQuery.each({ mouseenter: "mouseover", mouseleave: "mouseout" }, function( orig, fix ) { jQuery.event.special[ orig ] = { delegateType: fix, bindType: fix, handle: function( event ) { var target = this, related = event.relatedTarget, handleObj = event.handleObj, selector = handleObj.selector, ret; // For mousenter/leave call the handler if related is outside the target. // NB: No relatedTarget if the mouse left/entered the browser window if ( !related || (related !== target && !jQuery.contains( target, related )) ) { event.type = handleObj.origType; ret = handleObj.handler.apply( this, arguments ); event.type = fix; } return ret; } }; }); // IE submit delegation if ( !jQuery.support.submitBubbles ) { jQuery.event.special.submit = { setup: function() { // Only need this for delegated form submit events if ( jQuery.nodeName( this, "form" ) ) { return false; } // Lazy-add a submit handler when a descendant form may potentially be submitted jQuery.event.add( this, "click._submit keypress._submit", function( e ) { // Node name check avoids a VML-related crash in IE (#9807) var elem = e.target, form = jQuery.nodeName( elem, "input" ) || jQuery.nodeName( elem, "button" ) ? elem.form : undefined; if ( form && !form._submit_attached ) { jQuery.event.add( form, "submit._submit", function( event ) { event._submit_bubble = true; }); form._submit_attached = true; } }); // return undefined since we don't need an event listener }, postDispatch: function( event ) { // If form was submitted by the user, bubble the event up the tree if ( event._submit_bubble ) { delete event._submit_bubble; if ( this.parentNode && !event.isTrigger ) { jQuery.event.simulate( "submit", this.parentNode, event, true ); } } }, teardown: function() { // Only need this for delegated form submit events if ( jQuery.nodeName( this, "form" ) ) { return false; } // Remove delegated handlers; cleanData eventually reaps submit handlers attached above jQuery.event.remove( this, "._submit" ); } }; } // IE change delegation and checkbox/radio fix if ( !jQuery.support.changeBubbles ) { jQuery.event.special.change = { setup: function() { if ( rformElems.test( this.nodeName ) ) { // IE doesn't fire change on a check/radio until blur; trigger it on click // after a propertychange. Eat the blur-change in special.change.handle. // This still fires onchange a second time for check/radio after blur. if ( this.type === "checkbox" || this.type === "radio" ) { jQuery.event.add( this, "propertychange._change", function( event ) { if ( event.originalEvent.propertyName === "checked" ) { this._just_changed = true; } }); jQuery.event.add( this, "click._change", function( event ) { if ( this._just_changed && !event.isTrigger ) { this._just_changed = false; jQuery.event.simulate( "change", this, event, true ); } }); } return false; } // Delegated event; lazy-add a change handler on descendant inputs jQuery.event.add( this, "beforeactivate._change", function( e ) { var elem = e.target; if ( rformElems.test( elem.nodeName ) && !elem._change_attached ) { jQuery.event.add( elem, "change._change", function( event ) { if ( this.parentNode && !event.isSimulated && !event.isTrigger ) { jQuery.event.simulate( "change", this.parentNode, event, true ); } }); elem._change_attached = true; } }); }, handle: function( event ) { var elem = event.target; // Swallow native change events from checkbox/radio, we already triggered them above if ( this !== elem || event.isSimulated || event.isTrigger || (elem.type !== "radio" && elem.type !== "checkbox") ) { return event.handleObj.handler.apply( this, arguments ); } }, teardown: function() { jQuery.event.remove( this, "._change" ); return rformElems.test( this.nodeName ); } }; } // Create "bubbling" focus and blur events if ( !jQuery.support.focusinBubbles ) { jQuery.each({ focus: "focusin", blur: "focusout" }, function( orig, fix ) { // Attach a single capturing handler while someone wants focusin/focusout var attaches = 0, handler = function( event ) { jQuery.event.simulate( fix, event.target, jQuery.event.fix( event ), true ); }; jQuery.event.special[ fix ] = { setup: function() { if ( attaches++ === 0 ) { document.addEventListener( orig, handler, true ); } }, teardown: function() { if ( --attaches === 0 ) { document.removeEventListener( orig, handler, true ); } } }; }); } jQuery.fn.extend({ on: function( types, selector, data, fn, /*INTERNAL*/ one ) { var origFn, type; // Types can be a map of types/handlers if ( typeof types === "object" ) { // ( types-Object, selector, data ) if ( typeof selector !== "string" ) { // && selector != null // ( types-Object, data ) data = data || selector; selector = undefined; } for ( type in types ) { this.on( type, selector, data, types[ type ], one ); } return this; } if ( data == null && fn == null ) { // ( types, fn ) fn = selector; data = selector = undefined; } else if ( fn == null ) { if ( typeof selector === "string" ) { // ( types, selector, fn ) fn = data; data = undefined; } else { // ( types, data, fn ) fn = data; data = selector; selector = undefined; } } if ( fn === false ) { fn = returnFalse; } else if ( !fn ) { return this; } if ( one === 1 ) { origFn = fn; fn = function( event ) { // Can use an empty set, since event contains the info jQuery().off( event ); return origFn.apply( this, arguments ); }; // Use same guid so caller can remove using origFn fn.guid = origFn.guid || ( origFn.guid = jQuery.guid++ ); } return this.each( function() { jQuery.event.add( this, types, fn, data, selector ); }); }, one: function( types, selector, data, fn ) { return this.on( types, selector, data, fn, 1 ); }, off: function( types, selector, fn ) { if ( types && types.preventDefault && types.handleObj ) { // ( event ) dispatched jQuery.Event var handleObj = types.handleObj; jQuery( types.delegateTarget ).off( handleObj.namespace ? handleObj.origType + "." + handleObj.namespace : handleObj.origType, handleObj.selector, handleObj.handler ); return this; } if ( typeof types === "object" ) { // ( types-object [, selector] ) for ( var type in types ) { this.off( type, selector, types[ type ] ); } return this; } if ( selector === false || typeof selector === "function" ) { // ( types [, fn] ) fn = selector; selector = undefined; } if ( fn === false ) { fn = returnFalse; } return this.each(function() { jQuery.event.remove( this, types, fn, selector ); }); }, bind: function( types, data, fn ) { return this.on( types, null, data, fn ); }, unbind: function( types, fn ) { return this.off( types, null, fn ); }, live: function( types, data, fn ) { jQuery( this.context ).on( types, this.selector, data, fn ); return this; }, die: function( types, fn ) { jQuery( this.context ).off( types, this.selector || "**", fn ); return this; }, delegate: function( selector, types, data, fn ) { return this.on( types, selector, data, fn ); }, undelegate: function( selector, types, fn ) { // ( namespace ) or ( selector, types [, fn] ) return arguments.length == 1? this.off( selector, "**" ) : this.off( types, selector, fn ); }, trigger: function( type, data ) { return this.each(function() { jQuery.event.trigger( type, data, this ); }); }, triggerHandler: function( type, data ) { if ( this[0] ) { return jQuery.event.trigger( type, data, this[0], true ); } }, toggle: function( fn ) { // Save reference to arguments for access in closure var args = arguments, guid = fn.guid || jQuery.guid++, i = 0, toggler = function( event ) { // Figure out which function to execute var lastToggle = ( jQuery._data( this, "lastToggle" + fn.guid ) || 0 ) % i; jQuery._data( this, "lastToggle" + fn.guid, lastToggle + 1 ); // Make sure that clicks stop event.preventDefault(); // and execute the function return args[ lastToggle ].apply( this, arguments ) || false; }; // link all the functions, so any of them can unbind this click handler toggler.guid = guid; while ( i < args.length ) { args[ i++ ].guid = guid; } return this.click( toggler ); }, hover: function( fnOver, fnOut ) { return this.mouseenter( fnOver ).mouseleave( fnOut || fnOver ); } }); jQuery.each( ("blur focus focusin focusout load resize scroll unload click dblclick " + "mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave " + "change select submit keydown keypress keyup error contextmenu").split(" "), function( i, name ) { // Handle event binding jQuery.fn[ name ] = function( data, fn ) { if ( fn == null ) { fn = data; data = null; } return arguments.length > 0 ? this.on( name, null, data, fn ) : this.trigger( name ); }; if ( jQuery.attrFn ) { jQuery.attrFn[ name ] = true; } if ( rkeyEvent.test( name ) ) { jQuery.event.fixHooks[ name ] = jQuery.event.keyHooks; } if ( rmouseEvent.test( name ) ) { jQuery.event.fixHooks[ name ] = jQuery.event.mouseHooks; } }); /*! * Sizzle CSS Selector Engine * Copyright 2011, The Dojo Foundation * Released under the MIT, BSD, and GPL Licenses. * More information: http://sizzlejs.com/ */ (function(){ var chunker = /((?:\((?:\([^()]+\)|[^()]+)+\)|\[(?:\[[^\[\]]*\]|['"][^'"]*['"]|[^\[\]'"]+)+\]|\\.|[^ >+~,(\[\\]+)+|[>+~])(\s*,\s*)?((?:.|\r|\n)*)/g, expando = "sizcache" + (Math.random() + '').replace('.', ''), done = 0, toString = Object.prototype.toString, hasDuplicate = false, baseHasDuplicate = true, rBackslash = /\\/g, rReturn = /\r\n/g, rNonWord = /\W/; // Here we check if the JavaScript engine is using some sort of // optimization where it does not always call our comparision // function. If that is the case, discard the hasDuplicate value. // Thus far that includes Google Chrome. [0, 0].sort(function() { baseHasDuplicate = false; return 0; }); var Sizzle = function( selector, context, results, seed ) { results = results || []; context = context || document; var origContext = context; if ( context.nodeType !== 1 && context.nodeType !== 9 ) { return []; } if ( !selector || typeof selector !== "string" ) { return results; } var m, set, checkSet, extra, ret, cur, pop, i, prune = true, contextXML = Sizzle.isXML( context ), parts = [], soFar = selector; // Reset the position of the chunker regexp (start from head) do { chunker.exec( "" ); m = chunker.exec( soFar ); if ( m ) { soFar = m[3]; parts.push( m[1] ); if ( m[2] ) { extra = m[3]; break; } } } while ( m ); if ( parts.length > 1 && origPOS.exec( selector ) ) { if ( parts.length === 2 && Expr.relative[ parts[0] ] ) { set = posProcess( parts[0] + parts[1], context, seed ); } else { set = Expr.relative[ parts[0] ] ? [ context ] : Sizzle( parts.shift(), context ); while ( parts.length ) { selector = parts.shift(); if ( Expr.relative[ selector ] ) { selector += parts.shift(); } set = posProcess( selector, set, seed ); } } } else { // Take a shortcut and set the context if the root selector is an ID // (but not if it'll be faster if the inner selector is an ID) if ( !seed && parts.length > 1 && context.nodeType === 9 && !contextXML && Expr.match.ID.test(parts[0]) && !Expr.match.ID.test(parts[parts.length - 1]) ) { ret = Sizzle.find( parts.shift(), context, contextXML ); context = ret.expr ? Sizzle.filter( ret.expr, ret.set )[0] : ret.set[0]; } if ( context ) { ret = seed ? { expr: parts.pop(), set: makeArray(seed) } : Sizzle.find( parts.pop(), parts.length === 1 && (parts[0] === "~" || parts[0] === "+") && context.parentNode ? context.parentNode : context, contextXML ); set = ret.expr ? Sizzle.filter( ret.expr, ret.set ) : ret.set; if ( parts.length > 0 ) { checkSet = makeArray( set ); } else { prune = false; } while ( parts.length ) { cur = parts.pop(); pop = cur; if ( !Expr.relative[ cur ] ) { cur = ""; } else { pop = parts.pop(); } if ( pop == null ) { pop = context; } Expr.relative[ cur ]( checkSet, pop, contextXML ); } } else { checkSet = parts = []; } } if ( !checkSet ) { checkSet = set; } if ( !checkSet ) { Sizzle.error( cur || selector ); } if ( toString.call(checkSet) === "[object Array]" ) { if ( !prune ) { results.push.apply( results, checkSet ); } else if ( context && context.nodeType === 1 ) { for ( i = 0; checkSet[i] != null; i++ ) { if ( checkSet[i] && (checkSet[i] === true || checkSet[i].nodeType === 1 && Sizzle.contains(context, checkSet[i])) ) { results.push( set[i] ); } } } else { for ( i = 0; checkSet[i] != null; i++ ) { if ( checkSet[i] && checkSet[i].nodeType === 1 ) { results.push( set[i] ); } } } } else { makeArray( checkSet, results ); } if ( extra ) { Sizzle( extra, origContext, results, seed ); Sizzle.uniqueSort( results ); } return results; }; Sizzle.uniqueSort = function( results ) { if ( sortOrder ) { hasDuplicate = baseHasDuplicate; results.sort( sortOrder ); if ( hasDuplicate ) { for ( var i = 1; i < results.length; i++ ) { if ( results[i] === results[ i - 1 ] ) { results.splice( i--, 1 ); } } } } return results; }; Sizzle.matches = function( expr, set ) { return Sizzle( expr, null, null, set ); }; Sizzle.matchesSelector = function( node, expr ) { return Sizzle( expr, null, null, [node] ).length > 0; }; Sizzle.find = function( expr, context, isXML ) { var set, i, len, match, type, left; if ( !expr ) { return []; } for ( i = 0, len = Expr.order.length; i < len; i++ ) { type = Expr.order[i]; if ( (match = Expr.leftMatch[ type ].exec( expr )) ) { left = match[1]; match.splice( 1, 1 ); if ( left.substr( left.length - 1 ) !== "\\" ) { match[1] = (match[1] || "").replace( rBackslash, "" ); set = Expr.find[ type ]( match, context, isXML ); if ( set != null ) { expr = expr.replace( Expr.match[ type ], "" ); break; } } } } if ( !set ) { set = typeof context.getElementsByTagName !== "undefined" ? context.getElementsByTagName( "*" ) : []; } return { set: set, expr: expr }; }; Sizzle.filter = function( expr, set, inplace, not ) { var match, anyFound, type, found, item, filter, left, i, pass, old = expr, result = [], curLoop = set, isXMLFilter = set && set[0] && Sizzle.isXML( set[0] ); while ( expr && set.length ) { for ( type in Expr.filter ) { if ( (match = Expr.leftMatch[ type ].exec( expr )) != null && match[2] ) { filter = Expr.filter[ type ]; left = match[1]; anyFound = false; match.splice(1,1); if ( left.substr( left.length - 1 ) === "\\" ) { continue; } if ( curLoop === result ) { result = []; } if ( Expr.preFilter[ type ] ) { match = Expr.preFilter[ type ]( match, curLoop, inplace, result, not, isXMLFilter ); if ( !match ) { anyFound = found = true; } else if ( match === true ) { continue; } } if ( match ) { for ( i = 0; (item = curLoop[i]) != null; i++ ) { if ( item ) { found = filter( item, match, i, curLoop ); pass = not ^ found; if ( inplace && found != null ) { if ( pass ) { anyFound = true; } else { curLoop[i] = false; } } else if ( pass ) { result.push( item ); anyFound = true; } } } } if ( found !== undefined ) { if ( !inplace ) { curLoop = result; } expr = expr.replace( Expr.match[ type ], "" ); if ( !anyFound ) { return []; } break; } } } // Improper expression if ( expr === old ) { if ( anyFound == null ) { Sizzle.error( expr ); } else { break; } } old = expr; } return curLoop; }; Sizzle.error = function( msg ) { throw new Error( "Syntax error, unrecognized expression: " + msg ); }; /** * Utility function for retreiving the text value of an array of DOM nodes * @param {Array|Element} elem */ var getText = Sizzle.getText = function( elem ) { var i, node, nodeType = elem.nodeType, ret = ""; if ( nodeType ) { if ( nodeType === 1 || nodeType === 9 || nodeType === 11 ) { // Use textContent || innerText for elements if ( typeof elem.textContent === 'string' ) { return elem.textContent; } else if ( typeof elem.innerText === 'string' ) { // Replace IE's carriage returns return elem.innerText.replace( rReturn, '' ); } else { // Traverse it's children for ( elem = elem.firstChild; elem; elem = elem.nextSibling) { ret += getText( elem ); } } } else if ( nodeType === 3 || nodeType === 4 ) { return elem.nodeValue; } } else { // If no nodeType, this is expected to be an array for ( i = 0; (node = elem[i]); i++ ) { // Do not traverse comment nodes if ( node.nodeType !== 8 ) { ret += getText( node ); } } } return ret; }; var Expr = Sizzle.selectors = { order: [ "ID", "NAME", "TAG" ], match: { ID: /#((?:[\w\u00c0-\uFFFF\-]|\\.)+)/, CLASS: /\.((?:[\w\u00c0-\uFFFF\-]|\\.)+)/, NAME: /\[name=['"]*((?:[\w\u00c0-\uFFFF\-]|\\.)+)['"]*\]/, ATTR: /\[\s*((?:[\w\u00c0-\uFFFF\-]|\\.)+)\s*(?:(\S?=)\s*(?:(['"])(.*?)\3|(#?(?:[\w\u00c0-\uFFFF\-]|\\.)*)|)|)\s*\]/, TAG: /^((?:[\w\u00c0-\uFFFF\*\-]|\\.)+)/, CHILD: /:(only|nth|last|first)-child(?:\(\s*(even|odd|(?:[+\-]?\d+|(?:[+\-]?\d*)?n\s*(?:[+\-]\s*\d+)?))\s*\))?/, POS: /:(nth|eq|gt|lt|first|last|even|odd)(?:\((\d*)\))?(?=[^\-]|$)/, PSEUDO: /:((?:[\w\u00c0-\uFFFF\-]|\\.)+)(?:\((['"]?)((?:\([^\)]+\)|[^\(\)]*)+)\2\))?/ }, leftMatch: {}, attrMap: { "class": "className", "for": "htmlFor" }, attrHandle: { href: function( elem ) { return elem.getAttribute( "href" ); }, type: function( elem ) { return elem.getAttribute( "type" ); } }, relative: { "+": function(checkSet, part){ var isPartStr = typeof part === "string", isTag = isPartStr && !rNonWord.test( part ), isPartStrNotTag = isPartStr && !isTag; if ( isTag ) { part = part.toLowerCase(); } for ( var i = 0, l = checkSet.length, elem; i < l; i++ ) { if ( (elem = checkSet[i]) ) { while ( (elem = elem.previousSibling) && elem.nodeType !== 1 ) {} checkSet[i] = isPartStrNotTag || elem && elem.nodeName.toLowerCase() === part ? elem || false : elem === part; } } if ( isPartStrNotTag ) { Sizzle.filter( part, checkSet, true ); } }, ">": function( checkSet, part ) { var elem, isPartStr = typeof part === "string", i = 0, l = checkSet.length; if ( isPartStr && !rNonWord.test( part ) ) { part = part.toLowerCase(); for ( ; i < l; i++ ) { elem = checkSet[i]; if ( elem ) { var parent = elem.parentNode; checkSet[i] = parent.nodeName.toLowerCase() === part ? parent : false; } } } else { for ( ; i < l; i++ ) { elem = checkSet[i]; if ( elem ) { checkSet[i] = isPartStr ? elem.parentNode : elem.parentNode === part; } } if ( isPartStr ) { Sizzle.filter( part, checkSet, true ); } } }, "": function(checkSet, part, isXML){ var nodeCheck, doneName = done++, checkFn = dirCheck; if ( typeof part === "string" && !rNonWord.test( part ) ) { part = part.toLowerCase(); nodeCheck = part; checkFn = dirNodeCheck; } checkFn( "parentNode", part, doneName, checkSet, nodeCheck, isXML ); }, "~": function( checkSet, part, isXML ) { var nodeCheck, doneName = done++, checkFn = dirCheck; if ( typeof part === "string" && !rNonWord.test( part ) ) { part = part.toLowerCase(); nodeCheck = part; checkFn = dirNodeCheck; } checkFn( "previousSibling", part, doneName, checkSet, nodeCheck, isXML ); } }, find: { ID: function( match, context, isXML ) { if ( typeof context.getElementById !== "undefined" && !isXML ) { var m = context.getElementById(match[1]); // Check parentNode to catch when Blackberry 4.6 returns // nodes that are no longer in the document #6963 return m && m.parentNode ? [m] : []; } }, NAME: function( match, context ) { if ( typeof context.getElementsByName !== "undefined" ) { var ret = [], results = context.getElementsByName( match[1] ); for ( var i = 0, l = results.length; i < l; i++ ) { if ( results[i].getAttribute("name") === match[1] ) { ret.push( results[i] ); } } return ret.length === 0 ? null : ret; } }, TAG: function( match, context ) { if ( typeof context.getElementsByTagName !== "undefined" ) { return context.getElementsByTagName( match[1] ); } } }, preFilter: { CLASS: function( match, curLoop, inplace, result, not, isXML ) { match = " " + match[1].replace( rBackslash, "" ) + " "; if ( isXML ) { return match; } for ( var i = 0, elem; (elem = curLoop[i]) != null; i++ ) { if ( elem ) { if ( not ^ (elem.className && (" " + elem.className + " ").replace(/[\t\n\r]/g, " ").indexOf(match) >= 0) ) { if ( !inplace ) { result.push( elem ); } } else if ( inplace ) { curLoop[i] = false; } } } return false; }, ID: function( match ) { return match[1].replace( rBackslash, "" ); }, TAG: function( match, curLoop ) { return match[1].replace( rBackslash, "" ).toLowerCase(); }, CHILD: function( match ) { if ( match[1] === "nth" ) { if ( !match[2] ) { Sizzle.error( match[0] ); } match[2] = match[2].replace(/^\+|\s*/g, ''); // parse equations like 'even', 'odd', '5', '2n', '3n+2', '4n-1', '-n+6' var test = /(-?)(\d*)(?:n([+\-]?\d*))?/.exec( match[2] === "even" && "2n" || match[2] === "odd" && "2n+1" || !/\D/.test( match[2] ) && "0n+" + match[2] || match[2]); // calculate the numbers (first)n+(last) including if they are negative match[2] = (test[1] + (test[2] || 1)) - 0; match[3] = test[3] - 0; } else if ( match[2] ) { Sizzle.error( match[0] ); } // TODO: Move to normal caching system match[0] = done++; return match; }, ATTR: function( match, curLoop, inplace, result, not, isXML ) { var name = match[1] = match[1].replace( rBackslash, "" ); if ( !isXML && Expr.attrMap[name] ) { match[1] = Expr.attrMap[name]; } // Handle if an un-quoted value was used match[4] = ( match[4] || match[5] || "" ).replace( rBackslash, "" ); if ( match[2] === "~=" ) { match[4] = " " + match[4] + " "; } return match; }, PSEUDO: function( match, curLoop, inplace, result, not ) { if ( match[1] === "not" ) { // If we're dealing with a complex expression, or a simple one if ( ( chunker.exec(match[3]) || "" ).length > 1 || /^\w/.test(match[3]) ) { match[3] = Sizzle(match[3], null, null, curLoop); } else { var ret = Sizzle.filter(match[3], curLoop, inplace, true ^ not); if ( !inplace ) { result.push.apply( result, ret ); } return false; } } else if ( Expr.match.POS.test( match[0] ) || Expr.match.CHILD.test( match[0] ) ) { return true; } return match; }, POS: function( match ) { match.unshift( true ); return match; } }, filters: { enabled: function( elem ) { return elem.disabled === false && elem.type !== "hidden"; }, disabled: function( elem ) { return elem.disabled === true; }, checked: function( elem ) { return elem.checked === true; }, selected: function( elem ) { // Accessing this property makes selected-by-default // options in Safari work properly if ( elem.parentNode ) { elem.parentNode.selectedIndex; } return elem.selected === true; }, parent: function( elem ) { return !!elem.firstChild; }, empty: function( elem ) { return !elem.firstChild; }, has: function( elem, i, match ) { return !!Sizzle( match[3], elem ).length; }, header: function( elem ) { return (/h\d/i).test( elem.nodeName ); }, text: function( elem ) { var attr = elem.getAttribute( "type" ), type = elem.type; // IE6 and 7 will map elem.type to 'text' for new HTML5 types (search, etc) // use getAttribute instead to test this case return elem.nodeName.toLowerCase() === "input" && "text" === type && ( attr === type || attr === null ); }, radio: function( elem ) { return elem.nodeName.toLowerCase() === "input" && "radio" === elem.type; }, checkbox: function( elem ) { return elem.nodeName.toLowerCase() === "input" && "checkbox" === elem.type; }, file: function( elem ) { return elem.nodeName.toLowerCase() === "input" && "file" === elem.type; }, password: function( elem ) { return elem.nodeName.toLowerCase() === "input" && "password" === elem.type; }, submit: function( elem ) { var name = elem.nodeName.toLowerCase(); return (name === "input" || name === "button") && "submit" === elem.type; }, image: function( elem ) { return elem.nodeName.toLowerCase() === "input" && "image" === elem.type; }, reset: function( elem ) { var name = elem.nodeName.toLowerCase(); return (name === "input" || name === "button") && "reset" === elem.type; }, button: function( elem ) { var name = elem.nodeName.toLowerCase(); return name === "input" && "button" === elem.type || name === "button"; }, input: function( elem ) { return (/input|select|textarea|button/i).test( elem.nodeName ); }, focus: function( elem ) { return elem === elem.ownerDocument.activeElement; } }, setFilters: { first: function( elem, i ) { return i === 0; }, last: function( elem, i, match, array ) { return i === array.length - 1; }, even: function( elem, i ) { return i % 2 === 0; }, odd: function( elem, i ) { return i % 2 === 1; }, lt: function( elem, i, match ) { return i < match[3] - 0; }, gt: function( elem, i, match ) { return i > match[3] - 0; }, nth: function( elem, i, match ) { return match[3] - 0 === i; }, eq: function( elem, i, match ) { return match[3] - 0 === i; } }, filter: { PSEUDO: function( elem, match, i, array ) { var name = match[1], filter = Expr.filters[ name ]; if ( filter ) { return filter( elem, i, match, array ); } else if ( name === "contains" ) { return (elem.textContent || elem.innerText || getText([ elem ]) || "").indexOf(match[3]) >= 0; } else if ( name === "not" ) { var not = match[3]; for ( var j = 0, l = not.length; j < l; j++ ) { if ( not[j] === elem ) { return false; } } return true; } else { Sizzle.error( name ); } }, CHILD: function( elem, match ) { var first, last, doneName, parent, cache, count, diff, type = match[1], node = elem; switch ( type ) { case "only": case "first": while ( (node = node.previousSibling) ) { if ( node.nodeType === 1 ) { return false; } } if ( type === "first" ) { return true; } node = elem; /* falls through */ case "last": while ( (node = node.nextSibling) ) { if ( node.nodeType === 1 ) { return false; } } return true; case "nth": first = match[2]; last = match[3]; if ( first === 1 && last === 0 ) { return true; } doneName = match[0]; parent = elem.parentNode; if ( parent && (parent[ expando ] !== doneName || !elem.nodeIndex) ) { count = 0; for ( node = parent.firstChild; node; node = node.nextSibling ) { if ( node.nodeType === 1 ) { node.nodeIndex = ++count; } } parent[ expando ] = doneName; } diff = elem.nodeIndex - last; if ( first === 0 ) { return diff === 0; } else { return ( diff % first === 0 && diff / first >= 0 ); } } }, ID: function( elem, match ) { return elem.nodeType === 1 && elem.getAttribute("id") === match; }, TAG: function( elem, match ) { return (match === "*" && elem.nodeType === 1) || !!elem.nodeName && elem.nodeName.toLowerCase() === match; }, CLASS: function( elem, match ) { return (" " + (elem.className || elem.getAttribute("class")) + " ") .indexOf( match ) > -1; }, ATTR: function( elem, match ) { var name = match[1], result = Sizzle.attr ? Sizzle.attr( elem, name ) : Expr.attrHandle[ name ] ? Expr.attrHandle[ name ]( elem ) : elem[ name ] != null ? elem[ name ] : elem.getAttribute( name ), value = result + "", type = match[2], check = match[4]; return result == null ? type === "!=" : !type && Sizzle.attr ? result != null : type === "=" ? value === check : type === "*=" ? value.indexOf(check) >= 0 : type === "~=" ? (" " + value + " ").indexOf(check) >= 0 : !check ? value && result !== false : type === "!=" ? value !== check : type === "^=" ? value.indexOf(check) === 0 : type === "$=" ? value.substr(value.length - check.length) === check : type === "|=" ? value === check || value.substr(0, check.length + 1) === check + "-" : false; }, POS: function( elem, match, i, array ) { var name = match[2], filter = Expr.setFilters[ name ]; if ( filter ) { return filter( elem, i, match, array ); } } } }; var origPOS = Expr.match.POS, fescape = function(all, num){ return "\\" + (num - 0 + 1); }; for ( var type in Expr.match ) { Expr.match[ type ] = new RegExp( Expr.match[ type ].source + (/(?![^\[]*\])(?![^\(]*\))/.source) ); Expr.leftMatch[ type ] = new RegExp( /(^(?:.|\r|\n)*?)/.source + Expr.match[ type ].source.replace(/\\(\d+)/g, fescape) ); } // Expose origPOS // "global" as in regardless of relation to brackets/parens Expr.match.globalPOS = origPOS; var makeArray = function( array, results ) { array = Array.prototype.slice.call( array, 0 ); if ( results ) { results.push.apply( results, array ); return results; } return array; }; // Perform a simple check to determine if the browser is capable of // converting a NodeList to an array using builtin methods. // Also verifies that the returned array holds DOM nodes // (which is not the case in the Blackberry browser) try { Array.prototype.slice.call( document.documentElement.childNodes, 0 )[0].nodeType; // Provide a fallback method if it does not work } catch( e ) { makeArray = function( array, results ) { var i = 0, ret = results || []; if ( toString.call(array) === "[object Array]" ) { Array.prototype.push.apply( ret, array ); } else { if ( typeof array.length === "number" ) { for ( var l = array.length; i < l; i++ ) { ret.push( array[i] ); } } else { for ( ; array[i]; i++ ) { ret.push( array[i] ); } } } return ret; }; } var sortOrder, siblingCheck; if ( document.documentElement.compareDocumentPosition ) { sortOrder = function( a, b ) { if ( a === b ) { hasDuplicate = true; return 0; } if ( !a.compareDocumentPosition || !b.compareDocumentPosition ) { return a.compareDocumentPosition ? -1 : 1; } return a.compareDocumentPosition(b) & 4 ? -1 : 1; }; } else { sortOrder = function( a, b ) { // The nodes are identical, we can exit early if ( a === b ) { hasDuplicate = true; return 0; // Fallback to using sourceIndex (in IE) if it's available on both nodes } else if ( a.sourceIndex && b.sourceIndex ) { return a.sourceIndex - b.sourceIndex; } var al, bl, ap = [], bp = [], aup = a.parentNode, bup = b.parentNode, cur = aup; // If the nodes are siblings (or identical) we can do a quick check if ( aup === bup ) { return siblingCheck( a, b ); // If no parents were found then the nodes are disconnected } else if ( !aup ) { return -1; } else if ( !bup ) { return 1; } // Otherwise they're somewhere else in the tree so we need // to build up a full list of the parentNodes for comparison while ( cur ) { ap.unshift( cur ); cur = cur.parentNode; } cur = bup; while ( cur ) { bp.unshift( cur ); cur = cur.parentNode; } al = ap.length; bl = bp.length; // Start walking down the tree looking for a discrepancy for ( var i = 0; i < al && i < bl; i++ ) { if ( ap[i] !== bp[i] ) { return siblingCheck( ap[i], bp[i] ); } } // We ended someplace up the tree so do a sibling check return i === al ? siblingCheck( a, bp[i], -1 ) : siblingCheck( ap[i], b, 1 ); }; siblingCheck = function( a, b, ret ) { if ( a === b ) { return ret; } var cur = a.nextSibling; while ( cur ) { if ( cur === b ) { return -1; } cur = cur.nextSibling; } return 1; }; } // Check to see if the browser returns elements by name when // querying by getElementById (and provide a workaround) (function(){ // We're going to inject a fake input element with a specified name var form = document.createElement("div"), id = "script" + (new Date()).getTime(), root = document.documentElement; form.innerHTML = ""; // Inject it into the root element, check its status, and remove it quickly root.insertBefore( form, root.firstChild ); // The workaround has to do additional checks after a getElementById // Which slows things down for other browsers (hence the branching) if ( document.getElementById( id ) ) { Expr.find.ID = function( match, context, isXML ) { if ( typeof context.getElementById !== "undefined" && !isXML ) { var m = context.getElementById(match[1]); return m ? m.id === match[1] || typeof m.getAttributeNode !== "undefined" && m.getAttributeNode("id").nodeValue === match[1] ? [m] : undefined : []; } }; Expr.filter.ID = function( elem, match ) { var node = typeof elem.getAttributeNode !== "undefined" && elem.getAttributeNode("id"); return elem.nodeType === 1 && node && node.nodeValue === match; }; } root.removeChild( form ); // release memory in IE root = form = null; })(); (function(){ // Check to see if the browser returns only elements // when doing getElementsByTagName("*") // Create a fake element var div = document.createElement("div"); div.appendChild( document.createComment("") ); // Make sure no comments are found if ( div.getElementsByTagName("*").length > 0 ) { Expr.find.TAG = function( match, context ) { var results = context.getElementsByTagName( match[1] ); // Filter out possible comments if ( match[1] === "*" ) { var tmp = []; for ( var i = 0; results[i]; i++ ) { if ( results[i].nodeType === 1 ) { tmp.push( results[i] ); } } results = tmp; } return results; }; } // Check to see if an attribute returns normalized href attributes div.innerHTML = ""; if ( div.firstChild && typeof div.firstChild.getAttribute !== "undefined" && div.firstChild.getAttribute("href") !== "#" ) { Expr.attrHandle.href = function( elem ) { return elem.getAttribute( "href", 2 ); }; } // release memory in IE div = null; })(); if ( document.querySelectorAll ) { (function(){ var oldSizzle = Sizzle, div = document.createElement("div"), id = "__sizzle__"; div.innerHTML = "

"; // Safari can't handle uppercase or unicode characters when // in quirks mode. if ( div.querySelectorAll && div.querySelectorAll(".TEST").length === 0 ) { return; } Sizzle = function( query, context, extra, seed ) { context = context || document; // Only use querySelectorAll on non-XML documents // (ID selectors don't work in non-HTML documents) if ( !seed && !Sizzle.isXML(context) ) { // See if we find a selector to speed up var match = /^(\w+$)|^\.([\w\-]+$)|^#([\w\-]+$)/.exec( query ); if ( match && (context.nodeType === 1 || context.nodeType === 9) ) { // Speed-up: Sizzle("TAG") if ( match[1] ) { return makeArray( context.getElementsByTagName( query ), extra ); // Speed-up: Sizzle(".CLASS") } else if ( match[2] && Expr.find.CLASS && context.getElementsByMethodName ) { return makeArray( context.getElementsByMethodName( match[2] ), extra ); } } if ( context.nodeType === 9 ) { // Speed-up: Sizzle("body") // The body element only exists once, optimize finding it if ( query === "body" && context.body ) { return makeArray( [ context.body ], extra ); // Speed-up: Sizzle("#ID") } else if ( match && match[3] ) { var elem = context.getElementById( match[3] ); // Check parentNode to catch when Blackberry 4.6 returns // nodes that are no longer in the document #6963 if ( elem && elem.parentNode ) { // Handle the case where IE and Opera return items // by name instead of ID if ( elem.id === match[3] ) { return makeArray( [ elem ], extra ); } } else { return makeArray( [], extra ); } } try { return makeArray( context.querySelectorAll(query), extra ); } catch(qsaError) {} // qSA works strangely on Element-rooted queries // We can work around this by specifying an extra ID on the root // and working up from there (Thanks to Andrew Dupont for the technique) // IE 8 doesn't work on object elements } else if ( context.nodeType === 1 && context.nodeName.toLowerCase() !== "object" ) { var oldContext = context, old = context.getAttribute( "id" ), nid = old || id, hasParent = context.parentNode, relativeHierarchySelector = /^\s*[+~]/.test( query ); if ( !old ) { context.setAttribute( "id", nid ); } else { nid = nid.replace( /'/g, "\\$&" ); } if ( relativeHierarchySelector && hasParent ) { context = context.parentNode; } try { if ( !relativeHierarchySelector || hasParent ) { return makeArray( context.querySelectorAll( "[id='" + nid + "'] " + query ), extra ); } } catch(pseudoError) { } finally { if ( !old ) { oldContext.removeAttribute( "id" ); } } } } return oldSizzle(query, context, extra, seed); }; for ( var prop in oldSizzle ) { Sizzle[ prop ] = oldSizzle[ prop ]; } // release memory in IE div = null; })(); } (function(){ var html = document.documentElement, matches = html.matchesSelector || html.mozMatchesSelector || html.webkitMatchesSelector || html.msMatchesSelector; if ( matches ) { // Check to see if it's possible to do matchesSelector // on a disconnected node (IE 9 fails this) var disconnectedMatch = !matches.call( document.createElement( "div" ), "div" ), pseudoWorks = false; try { // This should fail with an exception // Gecko does not error, returns false instead matches.call( document.documentElement, "[test!='']:sizzle" ); } catch( pseudoError ) { pseudoWorks = true; } Sizzle.matchesSelector = function( node, expr ) { // Make sure that attribute selectors are quoted expr = expr.replace(/\=\s*([^'"\]]*)\s*\]/g, "='$1']"); if ( !Sizzle.isXML( node ) ) { try { if ( pseudoWorks || !Expr.match.PSEUDO.test( expr ) && !/!=/.test( expr ) ) { var ret = matches.call( node, expr ); // IE 9's matchesSelector returns false on disconnected nodes if ( ret || !disconnectedMatch || // As well, disconnected nodes are said to be in a document // fragment in IE 9, so check for that node.document && node.document.nodeType !== 11 ) { return ret; } } } catch(e) {} } return Sizzle(expr, null, null, [node]).length > 0; }; } })(); (function(){ var div = document.createElement("div"); div.innerHTML = "
"; // Opera can't find a second classname (in 9.6) // Also, make sure that getElementsByMethodName actually exists if ( !div.getElementsByMethodName || div.getElementsByMethodName("e").length === 0 ) { return; } // Safari caches class attributes, doesn't catch changes (in 3.2) div.lastChild.className = "e"; if ( div.getElementsByMethodName("e").length === 1 ) { return; } Expr.order.splice(1, 0, "CLASS"); Expr.find.CLASS = function( match, context, isXML ) { if ( typeof context.getElementsByMethodName !== "undefined" && !isXML ) { return context.getElementsByMethodName(match[1]); } }; // release memory in IE div = null; })(); function dirNodeCheck( dir, cur, doneName, checkSet, nodeCheck, isXML ) { for ( var i = 0, l = checkSet.length; i < l; i++ ) { var elem = checkSet[i]; if ( elem ) { var match = false; elem = elem[dir]; while ( elem ) { if ( elem[ expando ] === doneName ) { match = checkSet[elem.sizset]; break; } if ( elem.nodeType === 1 && !isXML ){ elem[ expando ] = doneName; elem.sizset = i; } if ( elem.nodeName.toLowerCase() === cur ) { match = elem; break; } elem = elem[dir]; } checkSet[i] = match; } } } function dirCheck( dir, cur, doneName, checkSet, nodeCheck, isXML ) { for ( var i = 0, l = checkSet.length; i < l; i++ ) { var elem = checkSet[i]; if ( elem ) { var match = false; elem = elem[dir]; while ( elem ) { if ( elem[ expando ] === doneName ) { match = checkSet[elem.sizset]; break; } if ( elem.nodeType === 1 ) { if ( !isXML ) { elem[ expando ] = doneName; elem.sizset = i; } if ( typeof cur !== "string" ) { if ( elem === cur ) { match = true; break; } } else if ( Sizzle.filter( cur, [elem] ).length > 0 ) { match = elem; break; } } elem = elem[dir]; } checkSet[i] = match; } } } if ( document.documentElement.contains ) { Sizzle.contains = function( a, b ) { return a !== b && (a.contains ? a.contains(b) : true); }; } else if ( document.documentElement.compareDocumentPosition ) { Sizzle.contains = function( a, b ) { return !!(a.compareDocumentPosition(b) & 16); }; } else { Sizzle.contains = function() { return false; }; } Sizzle.isXML = function( elem ) { // documentElement is verified for cases where it doesn't yet exist // (such as loading iframes in IE - #4833) var documentElement = (elem ? elem.ownerDocument || elem : 0).documentElement; return documentElement ? documentElement.nodeName !== "HTML" : false; }; var posProcess = function( selector, context, seed ) { var match, tmpSet = [], later = "", root = context.nodeType ? [context] : context; // Position selectors must be done after the filter // And so must :not(positional) so we move all PSEUDOs to the end while ( (match = Expr.match.PSEUDO.exec( selector )) ) { later += match[0]; selector = selector.replace( Expr.match.PSEUDO, "" ); } selector = Expr.relative[selector] ? selector + "*" : selector; for ( var i = 0, l = root.length; i < l; i++ ) { Sizzle( selector, root[i], tmpSet, seed ); } return Sizzle.filter( later, tmpSet ); }; // EXPOSE // Override sizzle attribute retrieval Sizzle.attr = jQuery.attr; Sizzle.selectors.attrMap = {}; jQuery.find = Sizzle; jQuery.expr = Sizzle.selectors; jQuery.expr[":"] = jQuery.expr.filters; jQuery.unique = Sizzle.uniqueSort; jQuery.text = Sizzle.getText; jQuery.isXMLDoc = Sizzle.isXML; jQuery.contains = Sizzle.contains; })(); var runtil = /Until$/, rparentsprev = /^(?:parents|prevUntil|prevAll)/, // Note: This RegExp should be improved, or likely pulled from Sizzle rmultiselector = /,/, isSimple = /^.[^:#\[\.,]*$/, slice = Array.prototype.slice, POS = jQuery.expr.match.globalPOS, // methods guaranteed to produce a unique set when starting from a unique set guaranteedUnique = { children: true, contents: true, next: true, prev: true }; jQuery.fn.extend({ find: function( selector ) { var self = this, i, l; if ( typeof selector !== "string" ) { return jQuery( selector ).filter(function() { for ( i = 0, l = self.length; i < l; i++ ) { if ( jQuery.contains( self[ i ], this ) ) { return true; } } }); } var ret = this.pushStack( "", "find", selector ), length, n, r; for ( i = 0, l = this.length; i < l; i++ ) { length = ret.length; jQuery.find( selector, this[i], ret ); if ( i > 0 ) { // Make sure that the results are unique for ( n = length; n < ret.length; n++ ) { for ( r = 0; r < length; r++ ) { if ( ret[r] === ret[n] ) { ret.splice(n--, 1); break; } } } } } return ret; }, has: function( target ) { var targets = jQuery( target ); return this.filter(function() { for ( var i = 0, l = targets.length; i < l; i++ ) { if ( jQuery.contains( this, targets[i] ) ) { return true; } } }); }, not: function( selector ) { return this.pushStack( winnow(this, selector, false), "not", selector); }, filter: function( selector ) { return this.pushStack( winnow(this, selector, true), "filter", selector ); }, is: function( selector ) { return !!selector && ( typeof selector === "string" ? // If this is a positional selector, check membership in the returned set // so $("p:first").is("p:last") won't return true for a doc with two "p". POS.test( selector ) ? jQuery( selector, this.context ).index( this[0] ) >= 0 : jQuery.filter( selector, this ).length > 0 : this.filter( selector ).length > 0 ); }, closest: function( selectors, context ) { var ret = [], i, l, cur = this[0]; // Array (deprecated as of jQuery 1.7) if ( jQuery.isArray( selectors ) ) { var level = 1; while ( cur && cur.ownerDocument && cur !== context ) { for ( i = 0; i < selectors.length; i++ ) { if ( jQuery( cur ).is( selectors[ i ] ) ) { ret.push({ selector: selectors[ i ], elem: cur, level: level }); } } cur = cur.parentNode; level++; } return ret; } // String var pos = POS.test( selectors ) || typeof selectors !== "string" ? jQuery( selectors, context || this.context ) : 0; for ( i = 0, l = this.length; i < l; i++ ) { cur = this[i]; while ( cur ) { if ( pos ? pos.index(cur) > -1 : jQuery.find.matchesSelector(cur, selectors) ) { ret.push( cur ); break; } else { cur = cur.parentNode; if ( !cur || !cur.ownerDocument || cur === context || cur.nodeType === 11 ) { break; } } } } ret = ret.length > 1 ? jQuery.unique( ret ) : ret; return this.pushStack( ret, "closest", selectors ); }, // Determine the position of an element within // the matched set of elements index: function( elem ) { // No argument, return index in parent if ( !elem ) { return ( this[0] && this[0].parentNode ) ? this.prevAll().length : -1; } // index in selector if ( typeof elem === "string" ) { return jQuery.inArray( this[0], jQuery( elem ) ); } // Locate the position of the desired element return jQuery.inArray( // If it receives a jQuery object, the first element is used elem.jquery ? elem[0] : elem, this ); }, add: function( selector, context ) { var set = typeof selector === "string" ? jQuery( selector, context ) : jQuery.makeArray( selector && selector.nodeType ? [ selector ] : selector ), all = jQuery.merge( this.get(), set ); return this.pushStack( isDisconnected( set[0] ) || isDisconnected( all[0] ) ? all : jQuery.unique( all ) ); }, andSelf: function() { return this.add( this.prevObject ); } }); // A painfully simple check to see if an element is disconnected // from a document (should be improved, where feasible). function isDisconnected( node ) { return !node || !node.parentNode || node.parentNode.nodeType === 11; } jQuery.each({ parent: function( elem ) { var parent = elem.parentNode; return parent && parent.nodeType !== 11 ? parent : null; }, parents: function( elem ) { return jQuery.dir( elem, "parentNode" ); }, parentsUntil: function( elem, i, until ) { return jQuery.dir( elem, "parentNode", until ); }, next: function( elem ) { return jQuery.nth( elem, 2, "nextSibling" ); }, prev: function( elem ) { return jQuery.nth( elem, 2, "previousSibling" ); }, nextAll: function( elem ) { return jQuery.dir( elem, "nextSibling" ); }, prevAll: function( elem ) { return jQuery.dir( elem, "previousSibling" ); }, nextUntil: function( elem, i, until ) { return jQuery.dir( elem, "nextSibling", until ); }, prevUntil: function( elem, i, until ) { return jQuery.dir( elem, "previousSibling", until ); }, siblings: function( elem ) { return jQuery.sibling( ( elem.parentNode || {} ).firstChild, elem ); }, children: function( elem ) { return jQuery.sibling( elem.firstChild ); }, contents: function( elem ) { return jQuery.nodeName( elem, "iframe" ) ? elem.contentDocument || elem.contentWindow.document : jQuery.makeArray( elem.childNodes ); } }, function( name, fn ) { jQuery.fn[ name ] = function( until, selector ) { var ret = jQuery.map( this, fn, until ); if ( !runtil.test( name ) ) { selector = until; } if ( selector && typeof selector === "string" ) { ret = jQuery.filter( selector, ret ); } ret = this.length > 1 && !guaranteedUnique[ name ] ? jQuery.unique( ret ) : ret; if ( (this.length > 1 || rmultiselector.test( selector )) && rparentsprev.test( name ) ) { ret = ret.reverse(); } return this.pushStack( ret, name, slice.call( arguments ).join(",") ); }; }); jQuery.extend({ filter: function( expr, elems, not ) { if ( not ) { expr = ":not(" + expr + ")"; } return elems.length === 1 ? jQuery.find.matchesSelector(elems[0], expr) ? [ elems[0] ] : [] : jQuery.find.matches(expr, elems); }, dir: function( elem, dir, until ) { var matched = [], cur = elem[ dir ]; while ( cur && cur.nodeType !== 9 && (until === undefined || cur.nodeType !== 1 || !jQuery( cur ).is( until )) ) { if ( cur.nodeType === 1 ) { matched.push( cur ); } cur = cur[dir]; } return matched; }, nth: function( cur, result, dir, elem ) { result = result || 1; var num = 0; for ( ; cur; cur = cur[dir] ) { if ( cur.nodeType === 1 && ++num === result ) { break; } } return cur; }, sibling: function( n, elem ) { var r = []; for ( ; n; n = n.nextSibling ) { if ( n.nodeType === 1 && n !== elem ) { r.push( n ); } } return r; } }); // Implement the identical functionality for filter and not function winnow( elements, qualifier, keep ) { // Can't pass null or undefined to indexOf in Firefox 4 // Set to 0 to skip string check qualifier = qualifier || 0; if ( jQuery.isFunction( qualifier ) ) { return jQuery.grep(elements, function( elem, i ) { var retVal = !!qualifier.call( elem, i, elem ); return retVal === keep; }); } else if ( qualifier.nodeType ) { return jQuery.grep(elements, function( elem, i ) { return ( elem === qualifier ) === keep; }); } else if ( typeof qualifier === "string" ) { var filtered = jQuery.grep(elements, function( elem ) { return elem.nodeType === 1; }); if ( isSimple.test( qualifier ) ) { return jQuery.filter(qualifier, filtered, !keep); } else { qualifier = jQuery.filter( qualifier, filtered ); } } return jQuery.grep(elements, function( elem, i ) { return ( jQuery.inArray( elem, qualifier ) >= 0 ) === keep; }); } function createSafeFragment( document ) { var list = nodeNames.split( "|" ), safeFrag = document.createDocumentFragment(); if ( safeFrag.createElement ) { while ( list.length ) { safeFrag.createElement( list.pop() ); } } return safeFrag; } var nodeNames = "abbr|article|aside|audio|bdi|canvas|data|datalist|details|figcaption|figure|footer|" + "header|hgroup|mark|meter|nav|output|progress|section|summary|time|video", rinlinejQuery = / jQuery\d+="(?:\d+|null)"/g, rleadingWhitespace = /^\s+/, rxhtmlTag = /<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/ig, rtagName = /<([\w:]+)/, rtbody = /]", "i"), // checked="checked" or checked rchecked = /checked\s*(?:[^=]|=\s*.checked.)/i, rscriptType = /\/(java|ecma)script/i, rcleanScript = /^\s*", "" ], legend: [ 1, "
", "
" ], thead: [ 1, "", "
" ], tr: [ 2, "", "
" ], td: [ 3, "", "
" ], col: [ 2, "", "
" ], area: [ 1, "", "" ], _default: [ 0, "", "" ] }, safeFragment = createSafeFragment( document ); wrapMap.optgroup = wrapMap.option; wrapMap.tbody = wrapMap.tfoot = wrapMap.colgroup = wrapMap.caption = wrapMap.thead; wrapMap.th = wrapMap.td; // IE can't serialize and

Navigation

Index

A | B | C | D | F | G | I | L | M | N | O | P | Q | R | S | T | V | W

A

AC_KERBEROS (saml2.constants.OneLogin_Saml2_Constants attribute)
AC_PASSWORD (saml2.constants.OneLogin_Saml2_Constants attribute)
AC_SMARTCARD (saml2.constants.OneLogin_Saml2_Constants attribute)
AC_UNSPECIFIED (saml2.constants.OneLogin_Saml2_Constants attribute)
AC_X509 (saml2.constants.OneLogin_Saml2_Constants attribute)
add_sign() (saml2.utils.OneLogin_Saml2_Utils static method)
add_x509_key_descriptors() (saml2.metadata.OneLogin_Saml2_Metadata static method)
ALOWED_CLOCK_DRIFT (saml2.constants.OneLogin_Saml2_Constants attribute)
ATTRNAME_FORMAT_BASIC (saml2.constants.OneLogin_Saml2_Constants attribute)
ATTRNAME_FORMAT_UNSPECIFIED (saml2.constants.OneLogin_Saml2_Constants attribute)
ATTRNAME_FORMAT_URI (saml2.constants.OneLogin_Saml2_Constants attribute)

B

BINDING_DEFLATE (saml2.constants.OneLogin_Saml2_Constants attribute)
BINDING_HTTP_ARTIFACT (saml2.constants.OneLogin_Saml2_Constants attribute)
BINDING_HTTP_POST (saml2.constants.OneLogin_Saml2_Constants attribute)
BINDING_HTTP_REDIRECT (saml2.constants.OneLogin_Saml2_Constants attribute)
BINDING_SOAP (saml2.constants.OneLogin_Saml2_Constants attribute)
build() (saml2.logout_response.OneLogin_Saml2_Logout_Response method)
build_request_signature() (saml2.auth.OneLogin_Saml2_Auth method)
build_response_signature() (saml2.auth.OneLogin_Saml2_Auth method)
builder() (saml2.metadata.OneLogin_Saml2_Metadata static method)

C

calculate_x509_fingerprint() (saml2.utils.OneLogin_Saml2_Utils static method)
check_settings() (saml2.settings.OneLogin_Saml2_Settings method)
check_sp_certs() (saml2.settings.OneLogin_Saml2_Settings method)
check_status() (saml2.response.OneLogin_Saml2_Response method)
CM_BEARER (saml2.constants.OneLogin_Saml2_Constants attribute)
CM_HOLDER_KEY (saml2.constants.OneLogin_Saml2_Constants attribute)
CM_SENDER_VOUCHES (saml2.constants.OneLogin_Saml2_Constants attribute)

D

decode_base64_and_inflate() (saml2.utils.OneLogin_Saml2_Utils static method)
decrypt_element() (saml2.utils.OneLogin_Saml2_Utils static method)
deflate_and_base64_encode() (saml2.utils.OneLogin_Saml2_Utils static method)
delete_local_session() (saml2.utils.OneLogin_Saml2_Utils static method)

F

format_cert() (saml2.utils.OneLogin_Saml2_Utils static method)
format_finger_print() (saml2.utils.OneLogin_Saml2_Utils static method)
format_idp_cert() (saml2.settings.OneLogin_Saml2_Settings method)

G

generate_name_id() (saml2.utils.OneLogin_Saml2_Utils static method)
generate_unique_id() (saml2.utils.OneLogin_Saml2_Utils static method)
get_attribute() (saml2.auth.OneLogin_Saml2_Auth method)
get_attributes() (saml2.auth.OneLogin_Saml2_Auth method)
(saml2.response.OneLogin_Saml2_Response method)
get_audiences() (saml2.response.OneLogin_Saml2_Response method)
get_base_path() (saml2.settings.OneLogin_Saml2_Settings method)
get_cert_path() (saml2.settings.OneLogin_Saml2_Settings method)
get_contacts() (saml2.settings.OneLogin_Saml2_Settings method)
get_errors() (saml2.auth.OneLogin_Saml2_Auth method)
(saml2.settings.OneLogin_Saml2_Settings method)
get_expire_time() (saml2.utils.OneLogin_Saml2_Utils static method)
get_ext_lib_path() (saml2.settings.OneLogin_Saml2_Settings method)
get_id() (saml2.logout_request.OneLogin_Saml2_Logout_Request static method)
get_idp_data() (saml2.settings.OneLogin_Saml2_Settings method)
get_issuer() (saml2.logout_request.OneLogin_Saml2_Logout_Request static method)
(saml2.logout_response.OneLogin_Saml2_Logout_Response method)
get_issuers() (saml2.response.OneLogin_Saml2_Response method)
get_lib_path() (saml2.settings.OneLogin_Saml2_Settings method)
get_name_id() (saml2.logout_request.OneLogin_Saml2_Logout_Request static method)
get_name_id_data() (saml2.logout_request.OneLogin_Saml2_Logout_Request static method)
get_nameid() (saml2.auth.OneLogin_Saml2_Auth method)
(saml2.response.OneLogin_Saml2_Response method)
get_nameid_data() (saml2.response.OneLogin_Saml2_Response method)
get_organization() (saml2.settings.OneLogin_Saml2_Settings method)
get_request() (saml2.authn_request.OneLogin_Saml2_Authn_Request method)
(saml2.logout_request.OneLogin_Saml2_Logout_Request method)
get_response() (saml2.logout_response.OneLogin_Saml2_Logout_Response method)
get_schemas_path() (saml2.settings.OneLogin_Saml2_Settings method)
get_security_data() (saml2.settings.OneLogin_Saml2_Settings method)
get_self_host() (saml2.utils.OneLogin_Saml2_Utils static method)
get_self_url() (saml2.utils.OneLogin_Saml2_Utils static method)
get_self_url_host() (saml2.utils.OneLogin_Saml2_Utils static method)
get_self_url_no_query() (saml2.utils.OneLogin_Saml2_Utils static method)
get_session_index() (saml2.response.OneLogin_Saml2_Response method)
get_session_indexes() (saml2.logout_request.OneLogin_Saml2_Logout_Request static method)
get_session_not_on_or_after() (saml2.response.OneLogin_Saml2_Response method)
get_settings() (saml2.auth.OneLogin_Saml2_Auth method)
get_slo_url() (saml2.auth.OneLogin_Saml2_Auth method)
get_sp_cert() (saml2.settings.OneLogin_Saml2_Settings method)
get_sp_data() (saml2.settings.OneLogin_Saml2_Settings method)
get_sp_key() (saml2.settings.OneLogin_Saml2_Settings method)
get_sp_metadata() (saml2.settings.OneLogin_Saml2_Settings method)
get_sso_url() (saml2.auth.OneLogin_Saml2_Auth method)
get_status() (saml2.logout_response.OneLogin_Saml2_Logout_Response method)
(saml2.utils.OneLogin_Saml2_Utils static method)

I

is_authenticated() (saml2.auth.OneLogin_Saml2_Auth method)
is_debug_active() (saml2.settings.OneLogin_Saml2_Settings method)
is_https() (saml2.utils.OneLogin_Saml2_Utils static method)
is_strict() (saml2.settings.OneLogin_Saml2_Settings method)
is_valid() (saml2.logout_request.OneLogin_Saml2_Logout_Request static method)
(saml2.logout_response.OneLogin_Saml2_Logout_Response method)
(saml2.response.OneLogin_Saml2_Response method)

L

login() (saml2.auth.OneLogin_Saml2_Auth method)
logout() (saml2.auth.OneLogin_Saml2_Auth method)

M

METADATA_SP_INVALID (saml2.errors.OneLogin_Saml2_Error attribute)

N

NAMEID_EMAIL_ADDRESS (saml2.constants.OneLogin_Saml2_Constants attribute)
NAMEID_ENCRYPTED (saml2.constants.OneLogin_Saml2_Constants attribute)
NAMEID_ENTITY (saml2.constants.OneLogin_Saml2_Constants attribute)
NAMEID_KERBEROS (saml2.constants.OneLogin_Saml2_Constants attribute)
NAMEID_PERSISTENT (saml2.constants.OneLogin_Saml2_Constants attribute)
NAMEID_TRANSIENT (saml2.constants.OneLogin_Saml2_Constants attribute)
NAMEID_WINDOWS_DOMAIN_QUALIFIED_NAME (saml2.constants.OneLogin_Saml2_Constants attribute)
NAMEID_X509_SUBJECT_NAME (saml2.constants.OneLogin_Saml2_Constants attribute)
NS_DS (saml2.constants.OneLogin_Saml2_Constants attribute)
NS_MD (saml2.constants.OneLogin_Saml2_Constants attribute)
NS_SAML (saml2.constants.OneLogin_Saml2_Constants attribute)
NS_SAMLP (saml2.constants.OneLogin_Saml2_Constants attribute)
NS_SOAP (saml2.constants.OneLogin_Saml2_Constants attribute)
NS_XENC (saml2.constants.OneLogin_Saml2_Constants attribute)
NS_XS (saml2.constants.OneLogin_Saml2_Constants attribute)
NS_XSI (saml2.constants.OneLogin_Saml2_Constants attribute)
NSMAP (saml2.constants.OneLogin_Saml2_Constants attribute)

O

OneLogin_Saml2_Auth (class in saml2.auth)
OneLogin_Saml2_Authn_Request (class in saml2.authn_request)
OneLogin_Saml2_Constants (class in saml2.constants)
OneLogin_Saml2_Error
OneLogin_Saml2_Logout_Request (class in saml2.logout_request)
OneLogin_Saml2_Logout_Response (class in saml2.logout_response)
OneLogin_Saml2_Metadata (class in saml2.metadata)
OneLogin_Saml2_Response (class in saml2.response)
OneLogin_Saml2_Settings (class in saml2.settings)
OneLogin_Saml2_Utils (class in saml2.utils)

P

parse_duration() (saml2.utils.OneLogin_Saml2_Utils static method)
parse_SAML_to_time() (saml2.utils.OneLogin_Saml2_Utils static method)
parse_time_to_SAML() (saml2.utils.OneLogin_Saml2_Utils static method)
PRIVATE_KEY_FILE_NOT_FOUND (saml2.errors.OneLogin_Saml2_Error attribute)
process_response() (saml2.auth.OneLogin_Saml2_Auth method)
process_slo() (saml2.auth.OneLogin_Saml2_Auth method)
PUBLIC_CERT_FILE_NOT_FOUND (saml2.errors.OneLogin_Saml2_Error attribute)

Q

query() (saml2.utils.OneLogin_Saml2_Utils static method)

R

redirect() (saml2.utils.OneLogin_Saml2_Utils static method)
REDIRECT_INVALID_URL (saml2.errors.OneLogin_Saml2_Error attribute)
redirect_to() (saml2.auth.OneLogin_Saml2_Auth method)
RSA_SHA1 (saml2.constants.OneLogin_Saml2_Constants attribute)

S

saml2.auth (module)
saml2.authn_request (module)
saml2.constants (module)
saml2.errors (module)
saml2.logout_request (module)
saml2.logout_response (module)
saml2.metadata (module)
saml2.response (module)
saml2.settings (module)
saml2.utils (module)
SAML_LOGOUTMESSAGE_NOT_FOUND (saml2.errors.OneLogin_Saml2_Error attribute)
SAML_LOGOUTREQUEST_INVALID (saml2.errors.OneLogin_Saml2_Error attribute)
SAML_LOGOUTRESPONSE_INVALID (saml2.errors.OneLogin_Saml2_Error attribute)
SAML_RESPONSE_NOT_FOUND (saml2.errors.OneLogin_Saml2_Error attribute)
SAML_SINGLE_LOGOUT_NOT_SUPPORTED (saml2.errors.OneLogin_Saml2_Error attribute)
set_strict() (saml2.auth.OneLogin_Saml2_Auth method)
(saml2.settings.OneLogin_Saml2_Settings method)
SETTINGS_FILE_NOT_FOUND (saml2.errors.OneLogin_Saml2_Error attribute)
SETTINGS_INVALID (saml2.errors.OneLogin_Saml2_Error attribute)
SETTINGS_INVALID_SYNTAX (saml2.errors.OneLogin_Saml2_Error attribute)
sign_metadata() (saml2.metadata.OneLogin_Saml2_Metadata static method)
SP_CERTS_NOT_FOUND (saml2.errors.OneLogin_Saml2_Error attribute)
STATUS_NO_PASSIVE (saml2.constants.OneLogin_Saml2_Constants attribute)
STATUS_PARTIAL_LOGOUT (saml2.constants.OneLogin_Saml2_Constants attribute)
STATUS_PROXY_COUNT_EXCEEDED (saml2.constants.OneLogin_Saml2_Constants attribute)
STATUS_REQUESTER (saml2.constants.OneLogin_Saml2_Constants attribute)
STATUS_RESPONDER (saml2.constants.OneLogin_Saml2_Constants attribute)
STATUS_SUCCESS (saml2.constants.OneLogin_Saml2_Constants attribute)
STATUS_VERSION_MISMATCH (saml2.constants.OneLogin_Saml2_Constants attribute)

T

TIME_CACHED (saml2.metadata.OneLogin_Saml2_Metadata attribute)
TIME_VALID (saml2.metadata.OneLogin_Saml2_Metadata attribute)

V

validate_metadata() (saml2.settings.OneLogin_Saml2_Settings method)
validate_num_assertions() (saml2.response.OneLogin_Saml2_Response method)
validate_sign() (saml2.utils.OneLogin_Saml2_Utils static method)
validate_timestamps() (saml2.response.OneLogin_Saml2_Response method)
validate_url() (in module saml2.settings)
validate_xml() (saml2.utils.OneLogin_Saml2_Utils static method)

W

write_temp_file() (saml2.utils.OneLogin_Saml2_Utils static method)

Navigation

© Copyright 2014, OneLogin Inc.. Created using Sphinx 1.1.3.
python3-saml-1.12.0/docs/saml2/index.html000066400000000000000000000146241410551756100201100ustar00rootroot00000000000000 Welcome to OneLogin SAML Python library documentation

Navigation

Table Of Contents

Next topic

onelogin.saml2 Module

This Page

Navigation

© Copyright 2014, OneLogin Inc.. Created using Sphinx 1.1.3.
python3-saml-1.12.0/docs/saml2/objects.inv000066400000000000000000000036471410551756100202650ustar00rootroot00000000000000# Sphinx inventory version 2 # Project: OneLogin SAML Python library classes and methods # Version: # The remainder of this file is compressed using zlib. xڵZK6WhH@rJܬQQih[^t$;s2@Y#r87*c/3.E̊ՇYzUע,~yul檥w+Vfu|c+gI8d,~N늋\ns9|lxֿ3]:(HD$N.U hgBՊ7R kۺy4Ui] ;*6WyT={H]%1͟;fvoPVL5tmoumԦzZ[`T<';*^S"OOou0CD^{o'u `;moP8ݬ+34Sjyu?h|gX͢5+T CPK D^?wym<_UZ6i-Rmnu4mBT\mHY>EVI4xf4Bs.)ܠȼ &QӤ8 +vC΍E q}Cn ;GDZ#T7y%XĞt7n9m"Xq#wyV vo]ڌ9Y[ByM8+?AUՀ#~O2B qlt~#-c TQ 0IiIi X9L)jͥV6 4µ4GYd}NaDجB z<#M{,^JuiJWnTg^MlF+fUA֩du]~.nE/8jNWeǁ^fK娰-i+1M9Vr7ˡsui#`Ƣm,DA5,ׇzn - # Fj;֊G`M}6F"VʍPF>XwN'.'?N=lLAgCO`y qׇdž@@eC+MtT7V3ؾHpython3-saml-1.12.0/docs/saml2/py-modindex.html000066400000000000000000000123171410551756100212330ustar00rootroot00000000000000 Python Class Index — OneLogin SAML Python library classes and methods

Navigation

Python Class Index

saml2
    saml2.auth
    saml2.authn_request
    saml2.constants
    saml2.errors
    saml2.logout_request
    saml2.logout_response
    saml2.metadata
    saml2.response
    saml2.settings
    saml2.utils

Navigation

© Copyright 2014, OneLogin Inc.. Created using Sphinx 1.1.3.
python3-saml-1.12.0/docs/saml2/saml2.html000066400000000000000000003631731410551756100200250ustar00rootroot00000000000000 OneLogin saml2 Module — OneLogin SAML Python library classes and methods

Navigation

OneLogin saml2 Module

auth Class

class onelogin.saml2.auth.OneLogin_Saml2_Auth(request_data, old_settings=None)[source]

Bases: object

build_request_signature(saml_request, relay_state)[source]

Builds the Signature of the SAML Request.

Parameters:
  • saml_request (string) – The SAML Request
  • relay_state (string) – The target URL the user should be redirected to
build_response_signature(saml_response, relay_state)[source]

Builds the Signature of the SAML Response. :param saml_request: The SAML Response :type saml_request: string

Parameters:relay_state (string) – The target URL the user should be redirected to
get_attribute(name)[source]

Returns the requested SAML attribute.

Parameters:name (string) – Name of the attribute
Returns:Attribute value if exists or None
Return type:string
get_attributes()[source]

Returns the set of SAML attributes.

Returns:SAML attributes
Return type:dict
get_errors()[source]

Returns a list with code errors if something went wrong

Returns:List of errors
Return type:list
get_last_error_reason()[source]

Returns the reason for the last error

Returns:Error
Return type:string
get_nameid()[source]

Returns the nameID.

Returns:NameID
Return type:string
get_settings()[source]

Returns the settings info :return: Setting info :rtype: OneLogin_Saml2_Setting object

get_slo_url()[source]

Gets the SLO url.

Returns:An URL, the SLO endpoint of the IdP
Return type:string
get_sso_url()[source]

Gets the SSO url.

Returns:An URL, the SSO endpoint of the IdP
Return type:string
is_authenticated()[source]

Checks if the user is authenticated or not.

Returns:True if is authenticated, False if not
Return type:bool
login(return_to=None, force_authn=False, is_passive=False)[source]

Initiates the SSO process.

Parameters:
  • return_to (string) – Optional argument. The target URL the user should be redirected to after login.
  • force_authn (bool) – Optional argument. When true the AuthNReuqest will set the ForceAuthn='true'.
  • is_passive (bool) – Optional argument. When true the AuthNReuqest will set the Ispassive='true'.
Returns:Redirection url
logout(return_to=None, name_id=None, session_index=None)[source]

Initiates the SLO process.

Parameters:
  • return_to (string) – Optional argument. The target URL the user should be redirected to after logout.
  • name_id (string) – Optional argument. The NameID that will be set in the LogoutRequest.
  • session_index (string) – Optional argument. SessionIndex that identifies the session of the user.
Returns:Redirection url
process_response(request_id=None)[source]

Process the SAML Response sent by the IdP.

Parameters:request_id (string) – Is an optional argumen. Is the ID of the AuthNRequest sent by this SP to the IdP.
Raises :OneLogin_Saml2_Error.SAML_RESPONSE_NOT_FOUND, when a POST with a SAMLResponse is not found
process_slo(keep_local_session=False, request_id=None, delete_session_cb=None)[source]

Process the SAML Logout Response / Logout Request sent by the IdP.

Parameters:
  • keep_local_session (bool) – When false will destroy the local session, otherwise will destroy it
  • request_id (string) – The ID of the LogoutRequest sent by this SP to the IdP
Returns:

Redirection url
redirect_to(url=None, parameters={})[source]

Redirects the user to the url past by parameter or to the url that we defined in our SSO Request.

Parameters:
  • url (string) – The target URL to redirect the user
  • parameters (dict) – Extra parameters to be passed as part of the url
Returns:

Redirection url
set_strict(value)[source]

Set the strict mode active/disable

Parameters:value (bool) –

authn_request Class

class onelogin.saml2.authn_request.OneLogin_Saml2_Authn_Request(settings, force_authn=False, is_passive=False)[source]
get_request()[source]

Returns unsigned AuthnRequest. :return: Unsigned AuthnRequest :rtype: str object

constants Class

class onelogin.saml2.constants.OneLogin_Saml2_Constants[source]
AC_KERBEROS = 'urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos'
AC_PASSWORD = 'urn:oasis:names:tc:SAML:2.0:ac:classes:Password'
AC_SMARTCARD = 'urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard'
AC_UNSPECIFIED = 'urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified'
AC_X509 = 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509'
ALOWED_CLOCK_DRIFT = 180
ATTRNAME_FORMAT_BASIC = 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic'
ATTRNAME_FORMAT_UNSPECIFIED = 'urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified'
ATTRNAME_FORMAT_URI = 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri'
BINDING_DEFLATE = 'urn:oasis:names:tc:SAML:2.0:bindings:URL-Encoding:DEFLATE'
BINDING_HTTP_ARTIFACT = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact'
BINDING_HTTP_POST = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
BINDING_HTTP_REDIRECT = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
BINDING_SOAP = 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP'
CM_BEARER = 'urn:oasis:names:tc:SAML:2.0:cm:bearer'
CM_HOLDER_KEY = 'urn:oasis:names:tc:SAML:2.0:cm:holder-of-key'
CM_SENDER_VOUCHES = 'urn:oasis:names:tc:SAML:2.0:cm:sender-vouches'
NAMEID_EMAIL_ADDRESS = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
NAMEID_ENCRYPTED = 'urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted'
NAMEID_ENTITY = 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity'
NAMEID_KERBEROS = 'urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos'
NAMEID_PERSISTENT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'
NAMEID_TRANSIENT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
NAMEID_WINDOWS_DOMAIN_QUALIFIED_NAME = 'urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName'
NAMEID_X509_SUBJECT_NAME = 'urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName'
NSMAP = {'xenc': 'http://www.w3.org/2001/04/xmlenc#', 'samlp': 'urn:oasis:names:tc:SAML:2.0:protocol', 'ds': 'http://www.w3.org/2000/09/xmldsig#', 'saml': 'urn:oasis:names:tc:SAML:2.0:assertion'}
NS_DS = 'http://www.w3.org/2000/09/xmldsig#'
NS_MD = 'urn:oasis:names:tc:SAML:2.0:metadata'
NS_SAML = 'urn:oasis:names:tc:SAML:2.0:assertion'
NS_SAMLP = 'urn:oasis:names:tc:SAML:2.0:protocol'
NS_SOAP = 'http://schemas.xmlsoap.org/soap/envelope/'
NS_XENC = 'http://www.w3.org/2001/04/xmlenc#'
NS_XS = 'http://www.w3.org/2001/XMLSchema'
NS_XSI = 'http://www.w3.org/2001/XMLSchema-instance'
RSA_SHA1 = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'
STATUS_NO_PASSIVE = 'urn:oasis:names:tc:SAML:2.0:status:NoPassive'
STATUS_PARTIAL_LOGOUT = 'urn:oasis:names:tc:SAML:2.0:status:PartialLogout'
STATUS_PROXY_COUNT_EXCEEDED = 'urn:oasis:names:tc:SAML:2.0:status:ProxyCountExceeded'
STATUS_REQUESTER = 'urn:oasis:names:tc:SAML:2.0:status:Requester'
STATUS_RESPONDER = 'urn:oasis:names:tc:SAML:2.0:status:Responder'
STATUS_SUCCESS = 'urn:oasis:names:tc:SAML:2.0:status:Success'
STATUS_VERSION_MISMATCH = 'urn:oasis:names:tc:SAML:2.0:status:VersionMismatch'

errors Class

exception onelogin.saml2.errors.OneLogin_Saml2_Error(message, code=0, errors=None)[source]

Bases: exceptions.Exception

METADATA_SP_INVALID = 3
PRIVATE_KEY_FILE_NOT_FOUND = 7
PUBLIC_CERT_FILE_NOT_FOUND = 6
REDIRECT_INVALID_URL = 5
SAML_LOGOUTMESSAGE_NOT_FOUND = 9
SAML_LOGOUTREQUEST_INVALID = 10
SAML_LOGOUTRESPONSE_INVALID = 11
SAML_RESPONSE_NOT_FOUND = 8
SAML_SINGLE_LOGOUT_NOT_SUPPORTED = 12
SETTINGS_FILE_NOT_FOUND = 0
SETTINGS_INVALID = 2
SETTINGS_INVALID_SYNTAX = 1
SP_CERTS_NOT_FOUND = 4

logout_request Class

class onelogin.saml2.logout_request.OneLogin_Saml2_Logout_Request(settings, request=None, name_id=None, session_index=None)[source]
static get_id(request)[source]

Returns the ID of the Logout Request :param request: Logout Request Message :type request: string|DOMDocument :return: string ID :rtype: str object

static get_issuer(request)[source]

Gets the Issuer of the Logout Request Message :param request: Logout Request Message :type request: string|DOMDocument :return: The Issuer :rtype: string

static get_name_id(request, key=None)[source]

Gets the NameID of the Logout Request Message :param request: Logout Request Message :type request: string|DOMDocument :param key: The SP key :type key: string :return: Name ID Value :rtype: string

static get_name_id_data(request, key=None)[source]

Gets the NameID Data of the the Logout Request :param request: Logout Request Message :type request: string|DOMDocument :param key: The SP key :type key: string :return: Name ID Data (Value, Format, NameQualifier, SPNameQualifier) :rtype: dict

get_request()[source]

Returns the Logout Request defated, base64encoded :return: Deflated base64 encoded Logout Request :rtype: str object

static get_session_indexes(request)[source]

Gets the SessionIndexes from the Logout Request :param request: Logout Request Message :type request: string|DOMDocument :return: The SessionIndex value :rtype: list

static is_valid(settings, request, get_data, debug=False)[source]

Checks if the Logout Request recieved is valid :param settings: Settings :type settings: OneLogin_Saml2_Settings :param request: Logout Request Message :type request: string|DOMDocument :return: If the Logout Request is or not valid :rtype: boolean

get_error()[source]

After execute a validation process, if fails this method returns the cause :rtype: str object

logout_response Class

class onelogin.saml2.logout_response.OneLogin_Saml2_Logout_Response(settings, response=None)[source]
build(in_response_to)[source]

Creates a Logout Response object. :param in_response_to: InResponseTo value for the Logout Response. :type in_response_to: string

get_issuer()[source]

Gets the Issuer of the Logout Response Message :return: The Issuer :rtype: string

get_response()[source]

Returns a Logout Response object. :return: Logout Response deflated and base64 encoded :rtype: string

get_status()[source]

Gets the Status :return: The Status :rtype: string

is_valid(request_data, request_id=None)[source]

Determines if the SAML LogoutResponse is valid :param request_id: The ID of the LogoutRequest sent by this SP to the IdP :type request_id: string :return: Returns if the SAML LogoutResponse is or not valid :rtype: boolean

get_error()[source]

After execute a validation process, if fails this method returns the cause :rtype: str object

metadata Class

class onelogin.saml2.metadata.OneLogin_Saml2_Metadata[source]
TIME_CACHED = 604800
TIME_VALID = 172800
static add_x509_key_descriptors(metadata, cert)[source]

Add the x509 descriptors (sign/encriptation to the metadata The same cert will be used for sign/encrypt

Parameters:
  • metadata (string) – SAML Metadata XML
  • cert (string) – x509 cert
Returns:

Metadata with KeyDescriptors
Return type:

string
static builder(sp, authnsign=False, wsign=False, valid_until=None, cache_duration=None, contacts=None, organization=None)[source]

Build the metadata of the SP

Parameters:
  • sp (string) – The SP data
  • authnsign (string) – authnRequestsSigned attribute
  • wsign (string) – wantAssertionsSigned attribute
  • valid_until (DateTime) – Metadata’s valid time
  • cache_duration (Timestamp) – Duration of the cache in seconds
  • contacts (dict) – Contacts info
  • organization (dict) – Organization ingo
static sign_metadata(metadata, key, cert)[source]

Sign the metadata with the key/cert provided

Parameters:
  • metadata (string) – SAML Metadata XML
  • key (string) – x509 key
  • cert (string) – x509 cert
Returns:

Signed Metadata
Return type:

string

response Class

class onelogin.saml2.response.OneLogin_Saml2_Response(settings, response)[source]

Bases: object

check_status()[source]

Check if the status of the response is success or not

Raises :Exception. If the status is not success
get_attributes()[source]

Gets the Attributes from the AttributeStatement element. EncryptedAttributes are not supported

get_audiences()[source]

Gets the audiences

Returns:The valid audiences for the SAML Response
Return type:list
get_issuers()[source]

Gets the issuers (from message and from assertion)

Returns:The issuers
Return type:list
get_nameid()[source]

Gets the NameID provided by the SAML Response from the IdP

Returns:NameID (value)
Return type:string
get_nameid_data()[source]

Gets the NameID Data provided by the SAML Response from the IdP

Returns:Name ID Data (Value, Format, NameQualifier, SPNameQualifier)
Return type:dict
get_session_index()[source]

Gets the SessionIndex from the AuthnStatement Could be used to be stored in the local session in order to be used in a future Logout Request that the SP could send to the SP, to set what specific session must be deleted

Returns:The SessionIndex value
Return type:string|None
get_session_not_on_or_after()[source]

Gets the SessionNotOnOrAfter from the AuthnStatement Could be used to set the local session expiration

Returns:The SessionNotOnOrAfter value
Return type:time|None
is_valid(request_data, request_id=None)[source]

Constructs the response object.

Parameters:request_id (string) – Optional argument. The ID of the AuthNRequest sent by this SP to the IdP
Returns:True if the SAML Response is valid, False if not
Return type:bool
validate_num_assertions()[source]

Verifies that the document only contains a single Assertion (encrypted or not)

Returns:True if only 1 assertion encrypted or not
Return type:bool
validate_timestamps()[source]

Verifies that the document is valid according to Conditions Element

Returns:True if the condition is valid, False otherwise
Return type:bool

settings Class

class onelogin.saml2.settings.OneLogin_Saml2_Settings(settings=None, custom_base_path=None)[source]
check_settings(settings)[source]

Checks the settings info.

Parameters:settings (dict) – Dict with settings data
Returns:Errors found on the settings data
Return type:list
check_sp_certs()[source]

Checks if the x509 certs of the SP exists and are valid.

Returns:If the x509 certs of the SP exists and are valid
Return type:boolean
format_idp_cert()[source]

Formats the IdP cert.

get_base_path()[source]

Returns base path

Returns:The base toolkit folder path
Return type:string
get_cert_path()[source]

Returns cert path

Returns:The cert folder path
Return type:string
get_contacts()[source]

Gets contact data.

Returns:Contacts info
Return type:dict
get_errors()[source]

Returns an array with the errors, the array is empty when the settings is ok.

Returns:Errors
Return type:list
get_ext_lib_path()[source]

Returns external lib path

Returns:The external library folder path
Return type:string
get_idp_data()[source]

Gets the IdP data.

Returns:IdP info
Return type:dict
get_lib_path()[source]

Returns lib path

Returns:The library folder path
Return type:string
get_organization()[source]

Gets organization data.

Returns:Organization info
Return type:dict
get_schemas_path()[source]

Returns schema path

Returns:The schema folder path
Return type:string
get_security_data()[source]

Gets security data.

Returns:Security info
Return type:dict
get_sp_cert()[source]

Returns the x509 public cert of the SP.

Returns:SP public cert
Return type:string
get_sp_data()[source]

Gets the SP data.

Returns:SP info
Return type:dict
get_sp_key()[source]

Returns the x509 private key of the SP.

Returns:SP private key
Return type:string
get_sp_metadata()[source]

Gets the SP metadata. The XML representation.

Returns:SP metadata (xml)
Return type:string
is_debug_active()[source]

Returns if the debug is active.

Returns:Debug parameter
Return type:boolean
is_strict()[source]

Returns if the ‘strict’ mode is active.

Returns:Strict parameter
Return type:boolean
set_strict(value)[source]

Activates or deactivates the strict mode.

Parameters:xml (boolean) – Strict parameter
validate_metadata(xml)[source]

Validates an XML SP Metadata.

Parameters:xml (string) – Metadata’s XML that will be validate
Returns:The list of found errors
Return type:list
onelogin.saml2.settings.validate_url(url)[source]

utils Class

class onelogin.saml2.utils.OneLogin_Saml2_Utils[source]
static add_sign(xml, key, cert)[source]

Adds signature key and senders certificate to an element (Message or Assertion).

Parameters:
  • xml – The element we should sign
  • key – The private key
  • cert – The public
Type :

string | Document
Type :

string
Type :

string
static calculate_x509_fingerprint(x509_cert)[source]

Calculates the fingerprint of a x509cert.

Parameters:x509_cert – x509 cert
Type :string
Returns:Formated fingerprint
Return type:string
static decode_base64_and_inflate(value)[source]

base64 decodes and then inflates according to RFC1951 :param value: a deflated and encoded string :return: the string after decoding and inflating

static decrypt_element(encrypted_data, enc_ctx)[source]

Decrypts an encrypted element.

Parameters:
  • encrypted_data – The encrypted data.
  • enc_ctx – The encryption context.
Type :

DOMElement
Type :

Encryption Context
Returns:

The decrypted element.
Return type:

DOMElement
static deflate_and_base64_encode(value)[source]

Deflates and the base64 encodes a string :param value: The string to deflate and encode :return: The deflated and encoded string

static delete_local_session(callback=None)[source]

Deletes the local session.

static format_cert(cert, heads=True)[source]

Returns a x509 cert (adding header & footer if required).

Parameters:
  • cert – A x509 unformated cert
  • heads – True if we want to include head and footer
Type :

string
Type :

boolean
Returns:

Formated cert
Return type:

string
static format_finger_print(fingerprint)[source]

Formates a fingerprint.

Parameters:fingerprint – fingerprint
Type :string
Returns:Formated fingerprint
Return type:string
static generate_name_id(value, sp_nq, sp_format, key=None)[source]

Generates a nameID.

Parameters:
  • value – fingerprint
  • sp_nq – SP Name Qualifier
  • sp_format – SP Format
  • key – SP Key to encrypt the nameID
Type :

string
Type :

string
Type :

string
Type :

string
Returns:

DOMElement | XMLSec nameID
Return type:

string
static generate_unique_id()[source]

Generates an unique string (used for example as ID for assertions).

Returns:A unique string
Return type:string
static get_expire_time(cache_duration=None, valid_until=None)[source]

Compares 2 dates and returns the earliest.

Parameters:
  • cache_duration – The duration, as a string.
  • valid_until – The valid until date, as a string or as a timestamp
Type :

string
Type :

string
Returns:

The expiration time.
Return type:

int
static get_self_host(request_data)[source]

Returns the current host.

Parameters:request_data – The request as a dict
Type :dict
Returns:The current host
Return type:string
static get_self_url(request_data)[source]

Returns the URL of the current host + current view + query.

Parameters:request_data – The request as a dict
Type :dict
Returns:The url of current host + current view + query
Return type:string
static get_self_url_host(request_data)[source]

Returns the protocol + the current host + the port (if different than common ports).

Parameters:request_data – The request as a dict
Type :dict
Returns:Url
Return type:string
static get_self_url_no_query(request_data)[source]

Returns the URL of the current host + current view.

Parameters:request_data – The request as a dict
Type :dict
Returns:The url of current host + current view
Return type:string
static get_status(dom)[source]

Gets Status from a Response.

Parameters:dom – The Response as XML
Type :Document
Returns:The Status, an array with the code and a message.
Return type:dict
static is_https(request_data)[source]

Checks if https or http.

Parameters:request_data – The request as a dict
Type :dict
Returns:False if https is not active
Return type:boolean
static parse_SAML_to_time(timestr)[source]

Converts a SAML2 timestamp on the form yyyy-mm-ddThh:mm:ss(.s+)?Z to a UNIX timestamp. The sub-second part is ignored.

Parameters:time – The time we should convert (SAML Timestamp).
Type :string
Returns:Converted to a unix timestamp.
Return type:int
static parse_duration(duration, timestamp=None)[source]

Interprets a ISO8601 duration value relative to a given timestamp.

Parameters:
  • duration – The duration, as a string.
  • timestamp – The unix timestamp we should apply the duration to. Optional, default to the current time.
Type :

string
Type :

string
Returns:

The new timestamp, after the duration is applied.
Return type:

int
static parse_time_to_SAML(time)[source]

Converts a UNIX timestamp to SAML2 timestamp on the form yyyy-mm-ddThh:mm:ss(.s+)?Z.

Parameters:time – The time we should convert (DateTime).
Type :string
Returns:SAML2 timestamp.
Return type:string
static query(dom, query, context=None)[source]

Extracts nodes that match the query from the Element

Parameters:
  • dom – The root of the lxml objet
  • query – Xpath Expresion
  • context – Context Node
Type :

Element
Type :

string
Type :

DOMElement
Returns:

The queried nodes
Return type:

list
static redirect(url, parameters={}, request_data={})[source]

Executes a redirection to the provided url (or return the target url).

Parameters:
  • url – The target url
  • parameters – Extra parameters to be passed as part of the url
  • request_data – The request as a dict
Type :

string
Type :

dict
Type :

dict
Returns:

Url
Return type:

string
static validate_sign(xml, cert=None, fingerprint=None)[source]

Validates a signature (Message or Assertion).

Parameters:
  • xml – The element we should validate
  • cert – The pubic cert
  • fingerprint – The fingerprint of the public cert
Type :

string | Document
Type :

string
Type :

string
static validate_xml(xml, schema, debug=False)[source]
static write_temp_file(content)[source]

Writes some content into a temporary file and returns it.

Parameters:content – The file content
Type :string
Returns:The temporary file
Return type:file-like object

Table Of Contents

Previous topic

Welcome to OneLogin SAML Python library documentation

This Page

Navigation

© Copyright 2014, OneLogin Inc.. Created using Sphinx 1.1.3.
python3-saml-1.12.0/docs/saml2/search.html000066400000000000000000000066621410551756100202510ustar00rootroot00000000000000 Search — OneLogin SAML Python library classes and methods

Navigation

Search

Please activate JavaScript to enable the search functionality.

From here you can search these documents. Enter your search words into the box below and click "search". Note that the search function will automatically search for all of the words. Pages containing fewer words won't appear in the result list.

Navigation

© Copyright 2014, OneLogin Inc.. Created using Sphinx 1.1.3.
python3-saml-1.12.0/docs/saml2/searchindex.js000066400000000000000000000261001410551756100207360ustar00rootroot00000000000000Search.setIndex({objects:{"saml2.logout_response.OneLogin_Saml2_Logout_Response":{is_valid:[1,2,1,""],get_response:[1,2,1,""],get_status:[1,2,1,""],get_issuer:[1,2,1,""],build:[1,2,1,""]},"saml2.response.OneLogin_Saml2_Response":{get_audiences:[1,2,1,""],validate_num_assertions:[1,2,1,""],get_nameid_data:[1,2,1,""],get_session_index:[1,2,1,""],get_issuers:[1,2,1,""],is_valid:[1,2,1,""],check_status:[1,2,1,""],validate_timestamps:[1,2,1,""],get_nameid:[1,2,1,""],get_attributes:[1,2,1,""],get_session_not_on_or_after:[1,2,1,""]},"saml2.errors.OneLogin_Saml2_Error":{PUBLIC_CERT_FILE_NOT_FOUND:[1,1,1,""],SETTINGS_FILE_NOT_FOUND:[1,1,1,""],SAML_LOGOUTREQUEST_INVALID:[1,1,1,""],REDIRECT_INVALID_URL:[1,1,1,""],PRIVATE_KEY_FILE_NOT_FOUND:[1,1,1,""],SAML_LOGOUTMESSAGE_NOT_FOUND:[1,1,1,""],SAML_RESPONSE_NOT_FOUND:[1,1,1,""],METADATA_SP_INVALID:[1,1,1,""],SAML_LOGOUTRESPONSE_INVALID:[1,1,1,""],SETTINGS_INVALID:[1,1,1,""],SP_CERTS_NOT_FOUND:[1,1,1,""],SETTINGS_INVALID_SYNTAX:[1,1,1,""],SAML_SINGLE_LOGOUT_NOT_SUPPORTED:[1,1,1,""]},"saml2.errors":{OneLogin_Saml2_Error:[1,6,1,""]},"saml2.metadata.OneLogin_Saml2_Metadata":{sign_metadata:[1,3,1,""],builder:[1,3,1,""],add_x509_key_descriptors:[1,3,1,""],TIME_VALID:[1,1,1,""],TIME_CACHED:[1,1,1,""]},"saml2.response":{OneLogin_Saml2_Response:[1,4,1,""]},"saml2.settings.OneLogin_Saml2_Settings":{get_contacts:[1,2,1,""],get_security_data:[1,2,1,""],validate_metadata:[1,2,1,""],get_errors:[1,2,1,""],check_settings:[1,2,1,""],get_sp_data:[1,2,1,""],get_idp_data:[1,2,1,""],get_cert_path:[1,2,1,""],get_schemas_path:[1,2,1,""],set_strict:[1,2,1,""],get_base_path:[1,2,1,""],is_strict:[1,2,1,""],get_lib_path:[1,2,1,""],get_sp_key:[1,2,1,""],get_sp_metadata:[1,2,1,""],is_debug_active:[1,2,1,""],get_ext_lib_path:[1,2,1,""],get_sp_cert:[1,2,1,""],get_organization:[1,2,1,""],check_sp_certs:[1,2,1,""],format_idp_cert:[1,2,1,""]},"saml2.settings":{OneLogin_Saml2_Settings:[1,4,1,""],validate_url:[1,5,1,""]},"saml2.logout_response":{OneLogin_Saml2_Logout_Response:[1,4,1,""]},"saml2.authn_request.OneLogin_Saml2_Authn_Request":{get_request:[1,2,1,""]},"saml2.constants.OneLogin_Saml2_Constants":{NAMEID_EMAIL_ADDRESS:[1,1,1,""],CM_SENDER_VOUCHES:[1,1,1,""],CM_HOLDER_KEY:[1,1,1,""],NS_SAML:[1,1,1,""],RSA_SHA1:[1,1,1,""],NS_XS:[1,1,1,""],STATUS_PROXY_COUNT_EXCEEDED:[1,1,1,""],NS_SOAP:[1,1,1,""],NAMEID_ENCRYPTED:[1,1,1,""],STATUS_REQUESTER:[1,1,1,""],STATUS_NO_PASSIVE:[1,1,1,""],STATUS_PARTIAL_LOGOUT:[1,1,1,""],BINDING_HTTP_REDIRECT:[1,1,1,""],NAMEID_X509_SUBJECT_NAME:[1,1,1,""],AC_KERBEROS:[1,1,1,""],NAMEID_KERBEROS:[1,1,1,""],BINDING_HTTP_ARTIFACT:[1,1,1,""],NS_XENC:[1,1,1,""],BINDING_HTTP_POST:[1,1,1,""],CM_BEARER:[1,1,1,""],ALOWED_CLOCK_DRIFT:[1,1,1,""],BINDING_DEFLATE:[1,1,1,""],NAMEID_ENTITY:[1,1,1,""],AC_SMARTCARD:[1,1,1,""],AC_UNSPECIFIED:[1,1,1,""],NS_XSI:[1,1,1,""],NSMAP:[1,1,1,""],STATUS_RESPONDER:[1,1,1,""],AC_PASSWORD:[1,1,1,""],NS_SAMLP:[1,1,1,""],NS_DS:[1,1,1,""],STATUS_SUCCESS:[1,1,1,""],AC_X509:[1,1,1,""],NAMEID_TRANSIENT:[1,1,1,""],BINDING_SOAP:[1,1,1,""],ATTRNAME_FORMAT_UNSPECIFIED:[1,1,1,""],ATTRNAME_FORMAT_BASIC:[1,1,1,""],NS_MD:[1,1,1,""],ATTRNAME_FORMAT_URI:[1,1,1,""],NAMEID_PERSISTENT:[1,1,1,""],STATUS_VERSION_MISMATCH:[1,1,1,""],NAMEID_WINDOWS_DOMAIN_QUALIFIED_NAME:[1,1,1,""]},"saml2.authn_request":{OneLogin_Saml2_Authn_Request:[1,4,1,""]},"saml2.metadata":{OneLogin_Saml2_Metadata:[1,4,1,""]},"saml2.utils.OneLogin_Saml2_Utils":{generate_unique_id:[1,3,1,""],add_sign:[1,3,1,""],deflate_and_base64_encode:[1,3,1,""],get_status:[1,3,1,""],query:[1,3,1,""],redirect:[1,3,1,""],get_expire_time:[1,3,1,""],decode_base64_and_inflate:[1,3,1,""],parse_SAML_to_time:[1,3,1,""],parse_duration:[1,3,1,""],generate_name_id:[1,3,1,""],validate_xml:[1,3,1,""],get_self_host:[1,3,1,""],parse_time_to_SAML:[1,3,1,""],format_finger_print:[1,3,1,""],decrypt_element:[1,3,1,""],get_self_url_host:[1,3,1,""],get_self_url:[1,3,1,""],delete_local_session:[1,3,1,""],format_cert:[1,3,1,""],is_https:[1,3,1,""],calculate_x509_fingerprint:[1,3,1,""],get_self_url_no_query:[1,3,1,""],write_temp_file:[1,3,1,""],validate_sign:[1,3,1,""]},"saml2.logout_request.OneLogin_Saml2_Logout_Request":{get_issuer:[1,3,1,""],get_name_id:[1,3,1,""],get_request:[1,2,1,""],get_id:[1,3,1,""],is_valid:[1,3,1,""],get_session_indexes:[1,3,1,""],get_name_id_data:[1,3,1,""]},"saml2.utils":{OneLogin_Saml2_Utils:[1,4,1,""]},"saml2.constants":{OneLogin_Saml2_Constants:[1,4,1,""]},"saml2.auth.OneLogin_Saml2_Auth":{get_settings:[1,2,1,""],process_response:[1,2,1,""],get_errors:[1,2,1,""],build_request_signature:[1,2,1,""],redirect_to:[1,2,1,""],is_authenticated:[1,2,1,""],get_attribute:[1,2,1,""],build_response_signature:[1,2,1,""],set_strict:[1,2,1,""],process_slo:[1,2,1,""],get_sso_url:[1,2,1,""],logout:[1,2,1,""],login:[1,2,1,""],get_slo_url:[1,2,1,""],get_attributes:[1,2,1,""],get_nameid:[1,2,1,""]},"saml2.auth":{OneLogin_Saml2_Auth:[1,4,1,""]},saml2:{errors:[1,0,1,""],settings:[1,0,1,""],utils:[1,0,1,""],auth:[1,0,1,""],logout_request:[1,0,1,""],authn_request:[1,0,1,""],logout_response:[1,0,1,""],response:[1,0,1,""],constants:[1,0,1,""],metadata:[1,0,1,""]},"saml2.logout_request":{OneLogin_Saml2_Logout_Request:[1,4,1,""]}},terms:{represent:1,code:1,queri:1,issuer:1,privat:1,encryptedattribut:1,base64:1,ac_smartcard:1,specif:1,send:1,binding_defl:1,must:1,sent:1,deactiv:1,sourc:1,string:1,fals:1,parse_saml_to_tim:1,util:[0,1],xmlschema:1,public_cert_file_not_found:1,get_self_url_no_queri:1,settings_file_not_found:1,list:1,onelogin_saml2_util:1,sign_metadata:1,pubic:1,sign:1,past:1,second:1,pass:1,port:1,index:0,what:1,get_name_id:1,compar:1,get_idp_data:1,sp_nq:1,current:1,delet:1,x509subjectnam:1,"new":1,status_no_pass:1,"public":1,metadata:[0,1],redirect:1,keep_local_sess:1,gener:1,windowsdomainqualifiednam:1,logout:1,path:1,valu:1,search:0,sender:1,datetim:1,cert:1,is_debug_act:1,redirect_invalid_url:1,extra:1,appli:1,modul:[0,1],metadata_sp_invalid:1,is_authent:1,unix:1,"boolean":1,onelogin_saml2_respons:1,org:1,post:1,authnstat:1,from:1,ddthh:1,nameid_persist:1,emailaddress:1,status_request:1,type:1,until:1,keydescriptor:1,attrname_format_bas:1,iso8601:1,"transient":1,get_sp_cert:1,cach:1,status_proxy_count_exceed:1,none:1,endpoint:1,redirect_to:1,uniqu:1,descriptor:1,time_valid:1,root:1,status_success:1,request_data:1,objet:1,process:1,onelogin_saml2_auth:1,unform:1,indic:0,ac_unspecifi:1,want:1,unsign:1,lxml:1,secur:1,check_statu:1,status_respond:1,write:1,verifi:1,decrypt_el:1,ns_samlp:1,ac_x509:1,x509:1,after:1,validate_xml:1,nameid_x509_subject_nam:1,callback:1,date:1,data:1,domdocu:1,footer:1,bind:1,element:1,onelogin_saml2_logout_request:1,authn_request:[0,1],nameid:1,order:1,alowed_clock_drift:1,deflate_and_base64_encod:1,process_respons:1,paramet:1,settings_invalid_syntax:1,persist:1,get_slo_url:1,"return":1,timestamp:1,auth:[0,1],authnrequest:1,get_respons:1,get_self_url:1,format_idp_cert:1,namequalifi:1,authent:1,onelogin_saml2_authn_request:1,mode:1,request_id:1,debug:1,found:1,went:1,oasi:1,authnsign:1,"static":1,rsa_sha1:1,our:1,extract:1,check_sp_cert:1,content:[0,1],validate_metadata:1,rel:1,qualifi:1,generate_name_id:1,envelop:1,given:1,base:1,get_lib_path:1,format_finger_print:1,get_session_index:1,earliest:1,get_name_id_data:1,ns_x:1,could:1,wrong:1,domel:1,ns_d:1,time_cach:1,validate_sign:1,smartcard:1,arrai:1,messag:1,attrname_format_uri:1,kerbero:1,saml_single_logout_not_support:1,differ:1,construct:1,ns_xsi:1,parse_time_to_saml:1,store:1,schema:1,option:1,sessionnotonoraft:1,rsa:1,artifact:1,wantassertionssign:1,encrypted_data:1,vouch:1,part:1,is_strict:1,holder:1,than:1,target:1,provid:1,defat:1,str:1,get_nameid:1,initi:1,argument:1,packag:[0,1],expir:1,onelogin_saml2_error:1,tabl:0,onelogin_saml2_set:1,lib:1,build_response_signatur:1,destroi:1,contact:1,build:1,soap:1,singl:1,validate_timestamp:1,decode_base64_and_infl:1,object:1,nameid_kerbero:1,logout_request:[0,1],return_to:1,"class":1,sub:1,ns_saml:1,saml_logoutrequest_invalid:1,dom:1,url:1,urn:1,nsmap:1,uri:1,determin:1,saml_response_not_found:1,add_sign:1,session:1,nameid_ent:1,onelogin_saml2_const:1,xml:1,onli:1,get_sp_kei:1,timestr:1,activ:1,set_strict:1,should:1,get_sso_url:1,dict:1,folder:1,local:1,valid_until:1,nameid_transi:1,get:1,authnrequestssign:1,sso:1,expres:1,get_nameid_data:1,requir:1,organ:1,onelogin:[0,1],binding_http_redirect:1,common:1,contain:1,xmlenc:1,view:1,respond:1,certif:1,set:[0,1],get_set:1,respons:[0,1],statu:1,ingo:1,logoutrequest:1,check_set:1,someth:1,get_organ:1,saml_logoutresponse_invalid:1,entiti:1,attribut:1,signatur:1,accord:1,kei:1,samlrespons:1,old_set:1,wsign:1,sp_format:1,delete_session_cb:1,rtype:1,get_cert_path:1,format_cert:1,audienc:1,instanc:1,get_error:1,attrnam:1,login:1,validate_num_assert:1,generate_unique_id:1,settings_invalid:1,write_temp_fil:1,status_partial_logout:1,header:1,rfc1951:1,reciev:1,empti:1,interpret:1,basic:1,nameid_email_address:1,partiallogout:1,convert:1,assert:1,get_id:1,versionmismatch:1,saml_request:1,durat:1,defin:1,calcul:1,slo:1,error:[0,1],ns_xenc:1,cm_holder_kei:1,get_attribut:1,binding_soap:1,toolkit:1,sessionindex:1,cache_dur:1,sp_certs_not_found:1,get_statu:1,status_version_mismatch:1,welcom:0,saml:1,inresponseto:1,process_slo:1,same:1,decod:1,document:[0,1],get_security_data:1,http:1,context:1,inflat:1,onelogin_saml2_logout_respons:1,rais:1,temporari:1,user:1,binding_http_artifact:1,extern:1,get_self_url_host:1,sha1:1,builder:1,relay_st:1,calculate_x509_fingerprint:1,exampl:1,thi:1,get_contact:1,protocol:1,bearer:1,execut:1,private_key_file_not_found:1,fingerprint:1,ac_kerbero:1,get_audi:1,get_sp_data:1,except:1,param:1,proxycountexceed:1,add:1,is_valid:1,xenc:1,match:1,logoutrespons:1,nameid_encrypt:1,format:1,add_x509_key_descriptor:1,cm_sender_vouch:1,get_sp_metadata:1,password:1,enc_ctx:1,name:1,like:1,success:1,xmlsoap:1,nameid_windows_domain_qualified_nam:1,page:0,yyyi:1,is_http:1,www:1,some:1,unspecifi:1,librari:1,xmldsig:1,condit:1,get_ext_lib_path:1,get_expire_tim:1,cm_bearer:1,build_request_signatur:1,logout_respons:[0,1],host:1,get_base_path:1,x509cert:1,deflat:1,idp:1,get_request:1,disabl:1,encod:1,get_issu:1,validate_url:1,samlp:1,support:1,strict:1,encript:1,includ:1,delete_local_sess:1,xpath:1,head:1,form:1,spnamequalifi:1,saml_logoutmessage_not_found:1,parse_dur:1,ac_password:1,"true":1,info:1,binding_http_post:1,get_session_not_on_or_aft:1,"default":1,ns_md:1,otherwis:1,constant:[0,1],creat:1,"int":1,request:1,decrypt:1,onelogin_saml2_metadata:1,exist:1,file:1,check:1,saml2:[0,1],encrypt:1,attrname_format_unspecifi:1,get_schemas_path:1,get_data:1,when:1,valid:1,bool:1,futur:1,saml_respons:1,argumen:1,node:1,attributestat:1,get_self_host:1,x509_cert:1,nopass:1,ns_soap:1,xmlsec:1,ignor:1,base64encod:1,time:1,custom_base_path:1,in_response_to:1},objtypes:{"0":"py:module","1":"py:attribute","2":"py:method","3":"py:staticmethod","4":"py:class","5":"py:function","6":"py:exception"},titles:["Welcome to saml2’s documentation!","OneLogin saml2 Module"],objnames:{"0":["py","module","Python module"],"1":["py","attribute","Python attribute"],"2":["py","method","Python method"],"3":["py","staticmethod","Python static method"],"4":["py","class","Python class"],"5":["py","function","Python function"],"6":["py","exception","Python exception"]},filenames:["index","saml2"]})python3-saml-1.12.0/setup.cfg000066400000000000000000000001471410551756100157610ustar00rootroot00000000000000[flake8] ignore = E731,W504,E501 max-complexity = 48 max-line-length = 1900 [wheel] python-tag = py27 python3-saml-1.12.0/setup.py000066400000000000000000000032521410551756100156520ustar00rootroot00000000000000#! /usr/bin/env python # -*- coding: utf-8 -*- # Copyright (c) 2010-2021 OneLogin, Inc. # MIT License from setuptools import setup setup( name='python3-saml', version='1.12.0', description='Onelogin Python Toolkit. Add SAML support to your Python software using this library', classifiers=[ 'Development Status :: 5 - Production/Stable', 'Intended Audience :: Developers', 'Intended Audience :: System Administrators', 'Operating System :: OS Independent', 'Programming Language :: Python :: 2.7', 'Programming Language :: Python :: 3.4', 'Programming Language :: Python :: 3.5', 'Programming Language :: Python :: 3.6', 'Programming Language :: Python :: 3.7', 'Programming Language :: Python :: 3.8', 'Programming Language :: Python :: 3.9', ], author='OneLogin', author_email='support@onelogin.com', license='MIT', url='https://github.com/onelogin/python3-saml', packages=['onelogin', 'onelogin/saml2'], include_package_data=True, package_data={ 'onelogin/saml2/schemas': ['*.xsd'], }, package_dir={ '': 'src', }, test_suite='tests', install_requires=[ 'isodate>=0.5.0', 'lxml>=3.3.5', 'xmlsec>=1.0.5' ], dependency_links=['http://github.com/mehcode/python-xmlsec/tarball/master'], extras_require={ 'test': ( 'coverage>=4.5.2', 'freezegun>=0.3.11, <=1.1.0', 'pylint==1.9.4', 'flake8>=3.6.0', 'coveralls>=1.11.1', 'pytest>=4.6', ), }, keywords='saml saml2 xmlsec django flask pyramid python3', ) python3-saml-1.12.0/src/000077500000000000000000000000001410551756100147255ustar00rootroot00000000000000python3-saml-1.12.0/src/onelogin/000077500000000000000000000000001410551756100165375ustar00rootroot00000000000000python3-saml-1.12.0/src/onelogin/__init__.py000066400000000000000000000013271410551756100206530ustar00rootroot00000000000000# -*- coding: utf-8 -*- """ Copyright (c) 2010-2021 OneLogin, Inc. MIT License Add SAML support to your Python softwares using this library. Forget those complicated libraries and use that open source library provided and supported by OneLogin Inc. OneLogin's SAML Python toolkit let you build a SP (Service Provider) over your Python application and connect it to any IdP (Identity Provider). Supports: * SSO and SLO (SP-Initiated and IdP-Initiated). * Assertion and nameId encryption. * Assertion signature. * Message signature: AuthNRequest, LogoutRequest, LogoutResponses. * Enable an Assertion Consumer Service endpoint. * Enable a Single Logout Service endpoint. * Publish the SP metadata (which can be signed). """ python3-saml-1.12.0/src/onelogin/saml2/000077500000000000000000000000001410551756100175555ustar00rootroot00000000000000python3-saml-1.12.0/src/onelogin/saml2/__init__.py000066400000000000000000000013271410551756100216710ustar00rootroot00000000000000# -*- coding: utf-8 -*- """ Copyright (c) 2010-2021 OneLogin, Inc. MIT License Add SAML support to your Python softwares using this library. Forget those complicated libraries and use that open source library provided and supported by OneLogin Inc. OneLogin's SAML Python toolkit let you build a SP (Service Provider) over your Python application and connect it to any IdP (Identity Provider). Supports: * SSO and SLO (SP-Initiated and IdP-Initiated). * Assertion and nameId encryption. * Assertion signature. * Message signature: AuthNRequest, LogoutRequest, LogoutResponses. * Enable an Assertion Consumer Service endpoint. * Enable a Single Logout Service endpoint. * Publish the SP metadata (which can be signed). """ python3-saml-1.12.0/src/onelogin/saml2/auth.py000066400000000000000000000670101410551756100210740ustar00rootroot00000000000000# -*- coding: utf-8 -*- """ OneLogin_Saml2_Auth class Copyright (c) 2010-2021 OneLogin, Inc. MIT License Main class of OneLogin's Python Toolkit. Initializes the SP SAML instance """ import xmlsec from onelogin.saml2 import compat from onelogin.saml2.authn_request import OneLogin_Saml2_Authn_Request from onelogin.saml2.constants import OneLogin_Saml2_Constants from onelogin.saml2.logout_request import OneLogin_Saml2_Logout_Request from onelogin.saml2.logout_response import OneLogin_Saml2_Logout_Response from onelogin.saml2.response import OneLogin_Saml2_Response from onelogin.saml2.settings import OneLogin_Saml2_Settings from onelogin.saml2.utils import OneLogin_Saml2_Utils, OneLogin_Saml2_Error, OneLogin_Saml2_ValidationError from onelogin.saml2.xmlparser import tostring class OneLogin_Saml2_Auth(object): """ This class implements the SP SAML instance. Defines the methods that you can invoke in your application in order to add SAML support (initiates SSO, initiates SLO, processes a SAML Response, a Logout Request or a Logout Response). """ authn_request_class = OneLogin_Saml2_Authn_Request logout_request_class = OneLogin_Saml2_Logout_Request logout_response_class = OneLogin_Saml2_Logout_Response response_class = OneLogin_Saml2_Response def __init__(self, request_data, old_settings=None, custom_base_path=None): """ Initializes the SP SAML instance. :param request_data: Request Data :type request_data: dict :param old_settings: Optional. SAML Toolkit Settings :type old_settings: dict :param custom_base_path: Optional. Path where are stored the settings file and the cert folder :type custom_base_path: string """ self.__request_data = request_data if isinstance(old_settings, OneLogin_Saml2_Settings): self.__settings = old_settings else: self.__settings = OneLogin_Saml2_Settings(old_settings, custom_base_path) self.__attributes = dict() self.__friendlyname_attributes = dict() self.__nameid = None self.__nameid_format = None self.__nameid_nq = None self.__nameid_spnq = None self.__session_index = None self.__session_expiration = None self.__authenticated = False self.__errors = [] self.__error_reason = None self.__last_request_id = None self.__last_message_id = None self.__last_assertion_id = None self.__last_authn_contexts = [] self.__last_request = None self.__last_response = None self.__last_assertion_not_on_or_after = None def get_settings(self): """ Returns the settings info :return: Setting info :rtype: OneLogin_Saml2_Setting object """ return self.__settings def set_strict(self, value): """ Set the strict mode active/disable :param value: :type value: bool """ assert isinstance(value, bool) self.__settings.set_strict(value) def store_valid_response(self, response): self.__attributes = response.get_attributes() self.__friendlyname_attributes = response.get_friendlyname_attributes() self.__nameid = response.get_nameid() self.__nameid_format = response.get_nameid_format() self.__nameid_nq = response.get_nameid_nq() self.__nameid_spnq = response.get_nameid_spnq() self.__session_index = response.get_session_index() self.__session_expiration = response.get_session_not_on_or_after() self.__last_message_id = response.get_id() self.__last_assertion_id = response.get_assertion_id() self.__last_authn_contexts = response.get_authn_contexts() self.__authenticated = True self.__last_assertion_not_on_or_after = response.get_assertion_not_on_or_after() def process_response(self, request_id=None): """ Process the SAML Response sent by the IdP. :param request_id: Is an optional argument. Is the ID of the AuthNRequest sent by this SP to the IdP. :type request_id: string :raises: OneLogin_Saml2_Error.SAML_RESPONSE_NOT_FOUND, when a POST with a SAMLResponse is not found """ self.__errors = [] self.__error_reason = None if 'post_data' in self.__request_data and 'SAMLResponse' in self.__request_data['post_data']: # AuthnResponse -- HTTP_POST Binding response = self.response_class(self.__settings, self.__request_data['post_data']['SAMLResponse']) self.__last_response = response.get_xml_document() if response.is_valid(self.__request_data, request_id): self.store_valid_response(response) else: self.__errors.append('invalid_response') self.__error_reason = response.get_error() else: self.__errors.append('invalid_binding') raise OneLogin_Saml2_Error( 'SAML Response not found, Only supported HTTP_POST Binding', OneLogin_Saml2_Error.SAML_RESPONSE_NOT_FOUND ) def process_slo(self, keep_local_session=False, request_id=None, delete_session_cb=None): """ Process the SAML Logout Response / Logout Request sent by the IdP. :param keep_local_session: When false will destroy the local session, otherwise will destroy it :type keep_local_session: bool :param request_id: The ID of the LogoutRequest sent by this SP to the IdP :type request_id: string :returns: Redirection url """ self.__errors = [] self.__error_reason = None get_data = 'get_data' in self.__request_data and self.__request_data['get_data'] if get_data and 'SAMLResponse' in get_data: logout_response = self.logout_response_class(self.__settings, get_data['SAMLResponse']) self.__last_response = logout_response.get_xml() if not self.validate_response_signature(get_data): self.__errors.append('invalid_logout_response_signature') self.__errors.append('Signature validation failed. Logout Response rejected') elif not logout_response.is_valid(self.__request_data, request_id): self.__errors.append('invalid_logout_response') self.__error_reason = logout_response.get_error() elif logout_response.get_status() != OneLogin_Saml2_Constants.STATUS_SUCCESS: self.__errors.append('logout_not_success') else: self.__last_message_id = logout_response.id if not keep_local_session: OneLogin_Saml2_Utils.delete_local_session(delete_session_cb) elif get_data and 'SAMLRequest' in get_data: logout_request = self.logout_request_class(self.__settings, get_data['SAMLRequest']) self.__last_request = logout_request.get_xml() if not self.validate_request_signature(get_data): self.__errors.append("invalid_logout_request_signature") self.__errors.append('Signature validation failed. Logout Request rejected') elif not logout_request.is_valid(self.__request_data): self.__errors.append('invalid_logout_request') self.__error_reason = logout_request.get_error() else: if not keep_local_session: OneLogin_Saml2_Utils.delete_local_session(delete_session_cb) in_response_to = logout_request.id self.__last_message_id = logout_request.id response_builder = self.logout_response_class(self.__settings) response_builder.build(in_response_to) self.__last_response = response_builder.get_xml() logout_response = response_builder.get_response() parameters = {'SAMLResponse': logout_response} if 'RelayState' in self.__request_data['get_data']: parameters['RelayState'] = self.__request_data['get_data']['RelayState'] security = self.__settings.get_security_data() if security['logoutResponseSigned']: self.add_response_signature(parameters, security['signatureAlgorithm']) return self.redirect_to(self.get_slo_response_url(), parameters) else: self.__errors.append('invalid_binding') raise OneLogin_Saml2_Error( 'SAML LogoutRequest/LogoutResponse not found. Only supported HTTP_REDIRECT Binding', OneLogin_Saml2_Error.SAML_LOGOUTMESSAGE_NOT_FOUND ) def redirect_to(self, url=None, parameters={}): """ Redirects the user to the URL passed by parameter or to the URL that we defined in our SSO Request. :param url: The target URL to redirect the user :type url: string :param parameters: Extra parameters to be passed as part of the URL :type parameters: dict :returns: Redirection URL """ if url is None and 'RelayState' in self.__request_data['get_data']: url = self.__request_data['get_data']['RelayState'] return OneLogin_Saml2_Utils.redirect(url, parameters, request_data=self.__request_data) def is_authenticated(self): """ Checks if the user is authenticated or not. :returns: True if is authenticated, False if not :rtype: bool """ return self.__authenticated def get_attributes(self): """ Returns the set of SAML attributes. :returns: SAML attributes :rtype: dict """ return self.__attributes def get_friendlyname_attributes(self): """ Returns the set of SAML attributes indexed by FiendlyName. :returns: SAML attributes :rtype: dict """ return self.__friendlyname_attributes def get_nameid(self): """ Returns the nameID. :returns: NameID :rtype: string|None """ return self.__nameid def get_nameid_format(self): """ Returns the nameID Format. :returns: NameID Format :rtype: string|None """ return self.__nameid_format def get_nameid_nq(self): """ Returns the nameID NameQualifier of the Assertion. :returns: NameID NameQualifier :rtype: string|None """ return self.__nameid_nq def get_nameid_spnq(self): """ Returns the nameID SP NameQualifier of the Assertion. :returns: NameID SP NameQualifier :rtype: string|None """ return self.__nameid_spnq def get_session_index(self): """ Returns the SessionIndex from the AuthnStatement. :returns: The SessionIndex of the assertion :rtype: string """ return self.__session_index def get_session_expiration(self): """ Returns the SessionNotOnOrAfter from the AuthnStatement. :returns: The SessionNotOnOrAfter of the assertion :rtype: unix/posix timestamp|None """ return self.__session_expiration def get_last_assertion_not_on_or_after(self): """ The NotOnOrAfter value of the valid SubjectConfirmationData node (if any) of the last assertion processed """ return self.__last_assertion_not_on_or_after def get_errors(self): """ Returns a list with code errors if something went wrong :returns: List of errors :rtype: list """ return self.__errors def get_last_error_reason(self): """ Returns the reason for the last error :returns: Reason of the last error :rtype: None | string """ return self.__error_reason def get_attribute(self, name): """ Returns the requested SAML attribute. :param name: Name of the attribute :type name: string :returns: Attribute value(s) if exists or None :rtype: list """ assert isinstance(name, compat.str_type) return self.__attributes.get(name) def get_friendlyname_attribute(self, friendlyname): """ Returns the requested SAML attribute searched by FriendlyName. :param friendlyname: FriendlyName of the attribute :type friendlyname: string :returns: Attribute value(s) if exists or None :rtype: list """ assert isinstance(friendlyname, compat.str_type) return self.__friendlyname_attributes.get(friendlyname) def get_last_request_id(self): """ :returns: The ID of the last Request SAML message generated. :rtype: string """ return self.__last_request_id def get_last_message_id(self): """ :returns: The ID of the last Response SAML message processed. :rtype: string """ return self.__last_message_id def get_last_assertion_id(self): """ :returns: The ID of the last assertion processed. :rtype: string """ return self.__last_assertion_id def get_last_authn_contexts(self): """ :returns: The list of authentication contexts sent in the last SAML Response. :rtype: list """ return self.__last_authn_contexts def login(self, return_to=None, force_authn=False, is_passive=False, set_nameid_policy=True, name_id_value_req=None): """ Initiates the SSO process. :param return_to: Optional argument. The target URL the user should be redirected to after login. :type return_to: string :param force_authn: Optional argument. When true the AuthNRequest will set the ForceAuthn='true'. :type force_authn: bool :param is_passive: Optional argument. When true the AuthNRequest will set the Ispassive='true'. :type is_passive: bool :param set_nameid_policy: Optional argument. When true the AuthNRequest will set a nameIdPolicy element. :type set_nameid_policy: bool :param name_id_value_req: Optional argument. Indicates to the IdP the subject that should be authenticated :type name_id_value_req: string :returns: Redirection URL :rtype: string """ authn_request = self.authn_request_class(self.__settings, force_authn, is_passive, set_nameid_policy, name_id_value_req) self.__last_request = authn_request.get_xml() self.__last_request_id = authn_request.get_id() saml_request = authn_request.get_request() parameters = {'SAMLRequest': saml_request} if return_to is not None: parameters['RelayState'] = return_to else: parameters['RelayState'] = OneLogin_Saml2_Utils.get_self_url_no_query(self.__request_data) security = self.__settings.get_security_data() if security.get('authnRequestsSigned', False): self.add_request_signature(parameters, security['signatureAlgorithm']) return self.redirect_to(self.get_sso_url(), parameters) def logout(self, return_to=None, name_id=None, session_index=None, nq=None, name_id_format=None, spnq=None): """ Initiates the SLO process. :param return_to: Optional argument. The target URL the user should be redirected to after logout. :type return_to: string :param name_id: The NameID that will be set in the LogoutRequest. :type name_id: string :param session_index: SessionIndex that identifies the session of the user. :type session_index: string :param nq: IDP Name Qualifier :type: string :param name_id_format: The NameID Format that will be set in the LogoutRequest. :type: string :param spnq: SP Name Qualifier :type: string :returns: Redirection URL """ slo_url = self.get_slo_url() if slo_url is None: raise OneLogin_Saml2_Error( 'The IdP does not support Single Log Out', OneLogin_Saml2_Error.SAML_SINGLE_LOGOUT_NOT_SUPPORTED ) if name_id is None and self.__nameid is not None: name_id = self.__nameid if name_id_format is None and self.__nameid_format is not None: name_id_format = self.__nameid_format logout_request = self.logout_request_class( self.__settings, name_id=name_id, session_index=session_index, nq=nq, name_id_format=name_id_format, spnq=spnq ) self.__last_request = logout_request.get_xml() self.__last_request_id = logout_request.id parameters = {'SAMLRequest': logout_request.get_request()} if return_to is not None: parameters['RelayState'] = return_to else: parameters['RelayState'] = OneLogin_Saml2_Utils.get_self_url_no_query(self.__request_data) security = self.__settings.get_security_data() if security.get('logoutRequestSigned', False): self.add_request_signature(parameters, security['signatureAlgorithm']) return self.redirect_to(slo_url, parameters) def get_sso_url(self): """ Gets the SSO URL. :returns: An URL, the SSO endpoint of the IdP :rtype: string """ return self.__settings.get_idp_sso_url() def get_slo_url(self): """ Gets the SLO URL. :returns: An URL, the SLO endpoint of the IdP :rtype: string """ return self.__settings.get_idp_slo_url() def get_slo_response_url(self): """ Gets the SLO return URL for IdP-initiated logout. :returns: an URL, the SLO return endpoint of the IdP :rtype: string """ return self.__settings.get_idp_slo_response_url() def add_request_signature(self, request_data, sign_algorithm=OneLogin_Saml2_Constants.RSA_SHA1): """ Builds the Signature of the SAML Request. :param request_data: The Request parameters :type request_data: dict :param sign_algorithm: Signature algorithm method :type sign_algorithm: string """ return self.__build_signature(request_data, 'SAMLRequest', sign_algorithm) def add_response_signature(self, response_data, sign_algorithm=OneLogin_Saml2_Constants.RSA_SHA1): """ Builds the Signature of the SAML Response. :param response_data: The Response parameters :type response_data: dict :param sign_algorithm: Signature algorithm method :type sign_algorithm: string """ return self.__build_signature(response_data, 'SAMLResponse', sign_algorithm) @staticmethod def __build_sign_query_from_qs(query_string, saml_type): """ Build sign query from query string :param query_string: The query string :type query_string: str :param saml_type: The target URL the user should be redirected to :type saml_type: string SAMLRequest | SAMLResponse """ args = ('%s=' % saml_type, 'RelayState=', 'SigAlg=') parts = query_string.split('&') # Join in the order of arguments rather than the original order of parts. return '&'.join(part for arg in args for part in parts if part.startswith(arg)) @staticmethod def __build_sign_query(saml_data, relay_state, algorithm, saml_type, lowercase_urlencoding=False): """ Build sign query :param saml_data: The Request data :type saml_data: str :param relay_state: The Relay State :type relay_state: str :param algorithm: The Signature Algorithm :type algorithm: str :param saml_type: The target URL the user should be redirected to :type saml_type: string SAMLRequest | SAMLResponse :param lowercase_urlencoding: lowercase or no :type lowercase_urlencoding: boolean """ sign_data = ['%s=%s' % (saml_type, OneLogin_Saml2_Utils.escape_url(saml_data, lowercase_urlencoding))] if relay_state is not None: sign_data.append('RelayState=%s' % OneLogin_Saml2_Utils.escape_url(relay_state, lowercase_urlencoding)) sign_data.append('SigAlg=%s' % OneLogin_Saml2_Utils.escape_url(algorithm, lowercase_urlencoding)) return '&'.join(sign_data) def __build_signature(self, data, saml_type, sign_algorithm=OneLogin_Saml2_Constants.RSA_SHA1): """ Builds the Signature :param data: The Request data :type data: dict :param saml_type: The target URL the user should be redirected to :type saml_type: string SAMLRequest | SAMLResponse :param sign_algorithm: Signature algorithm method :type sign_algorithm: string """ assert saml_type in ('SAMLRequest', 'SAMLResponse') key = self.get_settings().get_sp_key() if not key: raise OneLogin_Saml2_Error( "Trying to sign the %s but can't load the SP private key." % saml_type, OneLogin_Saml2_Error.PRIVATE_KEY_NOT_FOUND ) msg = self.__build_sign_query(data[saml_type], data.get('RelayState', None), sign_algorithm, saml_type) sign_algorithm_transform_map = { OneLogin_Saml2_Constants.DSA_SHA1: xmlsec.Transform.DSA_SHA1, OneLogin_Saml2_Constants.RSA_SHA1: xmlsec.Transform.RSA_SHA1, OneLogin_Saml2_Constants.RSA_SHA256: xmlsec.Transform.RSA_SHA256, OneLogin_Saml2_Constants.RSA_SHA384: xmlsec.Transform.RSA_SHA384, OneLogin_Saml2_Constants.RSA_SHA512: xmlsec.Transform.RSA_SHA512 } sign_algorithm_transform = sign_algorithm_transform_map.get(sign_algorithm, xmlsec.Transform.RSA_SHA1) signature = OneLogin_Saml2_Utils.sign_binary(msg, key, sign_algorithm_transform, self.__settings.is_debug_active()) data['Signature'] = OneLogin_Saml2_Utils.b64encode(signature) data['SigAlg'] = sign_algorithm def validate_request_signature(self, request_data): """ Validate Request Signature :param request_data: The Request data :type request_data: dict """ return self.__validate_signature(request_data, 'SAMLRequest') def validate_response_signature(self, request_data): """ Validate Response Signature :param request_data: The Request data :type request_data: dict """ return self.__validate_signature(request_data, 'SAMLResponse') def __validate_signature(self, data, saml_type, raise_exceptions=False): """ Validate Signature :param data: The Request data :type data: dict :param cert: The certificate to check signature :type cert: str :param saml_type: The target URL the user should be redirected to :type saml_type: string SAMLRequest | SAMLResponse :param raise_exceptions: Whether to return false on failure or raise an exception :type raise_exceptions: Boolean """ try: signature = data.get('Signature', None) if signature is None: if self.__settings.is_strict() and self.__settings.get_security_data().get('wantMessagesSigned', False): raise OneLogin_Saml2_ValidationError( 'The %s is not signed. Rejected.' % saml_type, OneLogin_Saml2_ValidationError.NO_SIGNED_MESSAGE ) return True idp_data = self.get_settings().get_idp_data() exists_x509cert = self.get_settings().get_idp_cert() is not None exists_multix509sign = 'x509certMulti' in idp_data and \ 'signing' in idp_data['x509certMulti'] and \ idp_data['x509certMulti']['signing'] if not (exists_x509cert or exists_multix509sign): error_msg = 'In order to validate the sign on the %s, the x509cert of the IdP is required' % saml_type self.__errors.append(error_msg) raise OneLogin_Saml2_Error( error_msg, OneLogin_Saml2_Error.CERT_NOT_FOUND ) sign_alg = data.get('SigAlg', OneLogin_Saml2_Constants.RSA_SHA1) if isinstance(sign_alg, bytes): sign_alg = sign_alg.decode('utf8') query_string = self.__request_data.get('query_string') if query_string and self.__request_data.get('validate_signature_from_qs'): signed_query = self.__build_sign_query_from_qs(query_string, saml_type) else: lowercase_urlencoding = self.__request_data.get('lowercase_urlencoding', False) signed_query = self.__build_sign_query(data[saml_type], data.get('RelayState'), sign_alg, saml_type, lowercase_urlencoding) if exists_multix509sign: for cert in idp_data['x509certMulti']['signing']: if OneLogin_Saml2_Utils.validate_binary_sign(signed_query, OneLogin_Saml2_Utils.b64decode(signature), cert, sign_alg): return True raise OneLogin_Saml2_ValidationError( 'Signature validation failed. %s rejected' % saml_type, OneLogin_Saml2_ValidationError.INVALID_SIGNATURE ) else: cert = self.get_settings().get_idp_cert() if not OneLogin_Saml2_Utils.validate_binary_sign(signed_query, OneLogin_Saml2_Utils.b64decode(signature), cert, sign_alg, self.__settings.is_debug_active()): raise OneLogin_Saml2_ValidationError( 'Signature validation failed. %s rejected' % saml_type, OneLogin_Saml2_ValidationError.INVALID_SIGNATURE ) return True except Exception as e: self.__error_reason = str(e) if raise_exceptions: raise e return False def get_last_response_xml(self, pretty_print_if_possible=False): """ Retrieves the raw XML (decrypted) of the last SAML response, or the last Logout Response generated or processed :returns: SAML response XML :rtype: string|None """ response = None if self.__last_response is not None: if isinstance(self.__last_response, compat.str_type): response = self.__last_response else: response = tostring(self.__last_response, encoding='unicode', pretty_print=pretty_print_if_possible) return response def get_last_request_xml(self): """ Retrieves the raw XML sent in the last SAML request :returns: SAML request XML :rtype: string|None """ return self.__last_request or None python3-saml-1.12.0/src/onelogin/saml2/authn_request.py000066400000000000000000000144531410551756100230250ustar00rootroot00000000000000# -*- coding: utf-8 -*- """ OneLogin_Saml2_Authn_Request class Copyright (c) 2010-2021 OneLogin, Inc. MIT License AuthNRequest class of OneLogin's Python Toolkit. """ from onelogin.saml2.constants import OneLogin_Saml2_Constants from onelogin.saml2.utils import OneLogin_Saml2_Utils from onelogin.saml2.xml_templates import OneLogin_Saml2_Templates class OneLogin_Saml2_Authn_Request(object): """ This class handles an AuthNRequest. It builds an AuthNRequest object. """ def __init__(self, settings, force_authn=False, is_passive=False, set_nameid_policy=True, name_id_value_req=None): """ Constructs the AuthnRequest object. :param settings: OSetting data :type settings: OneLogin_Saml2_Settings :param force_authn: Optional argument. When true the AuthNRequest will set the ForceAuthn='true'. :type force_authn: bool :param is_passive: Optional argument. When true the AuthNRequest will set the Ispassive='true'. :type is_passive: bool :param set_nameid_policy: Optional argument. When true the AuthNRequest will set a nameIdPolicy element. :type set_nameid_policy: bool :param name_id_value_req: Optional argument. Indicates to the IdP the subject that should be authenticated :type name_id_value_req: string """ self.__settings = settings sp_data = self.__settings.get_sp_data() idp_data = self.__settings.get_idp_data() security = self.__settings.get_security_data() self.__id = self._generate_request_id() issue_instant = OneLogin_Saml2_Utils.parse_time_to_SAML(OneLogin_Saml2_Utils.now()) destination = idp_data['singleSignOnService']['url'] provider_name_str = '' organization_data = settings.get_organization() if isinstance(organization_data, dict) and organization_data: langs = organization_data if 'en-US' in langs: lang = 'en-US' else: lang = sorted(langs)[0] display_name = 'displayname' in organization_data[lang] and organization_data[lang]['displayname'] if display_name: provider_name_str = "\n" + ' ProviderName="%s"' % organization_data[lang]['displayname'] force_authn_str = '' if force_authn is True: force_authn_str = "\n" + ' ForceAuthn="true"' is_passive_str = '' if is_passive is True: is_passive_str = "\n" + ' IsPassive="true"' subject_str = '' if name_id_value_req: subject_str = """ %s """ % (sp_data['NameIDFormat'], name_id_value_req) nameid_policy_str = '' if set_nameid_policy: name_id_policy_format = sp_data['NameIDFormat'] if security['wantNameIdEncrypted']: name_id_policy_format = OneLogin_Saml2_Constants.NAMEID_ENCRYPTED nameid_policy_str = """ """ % name_id_policy_format requested_authn_context_str = '' if security['requestedAuthnContext'] is not False: authn_comparison = security['requestedAuthnContextComparison'] if security['requestedAuthnContext'] is True: requested_authn_context_str = """ urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport """ % authn_comparison else: requested_authn_context_str = ' ' % authn_comparison for authn_context in security['requestedAuthnContext']: requested_authn_context_str += '%s' % authn_context requested_authn_context_str += ' ' attr_consuming_service_str = '' if 'attributeConsumingService' in sp_data and sp_data['attributeConsumingService']: attr_consuming_service_str = "\n AttributeConsumingServiceIndex=\"%s\"" % sp_data['attributeConsumingService'].get('index', '1') request = OneLogin_Saml2_Templates.AUTHN_REQUEST % \ { 'id': self.__id, 'provider_name': provider_name_str, 'force_authn_str': force_authn_str, 'is_passive_str': is_passive_str, 'issue_instant': issue_instant, 'destination': destination, 'assertion_url': sp_data['assertionConsumerService']['url'], 'entity_id': sp_data['entityId'], 'subject_str': subject_str, 'nameid_policy_str': nameid_policy_str, 'requested_authn_context_str': requested_authn_context_str, 'attr_consuming_service_str': attr_consuming_service_str, 'acs_binding': sp_data['assertionConsumerService'].get('binding', 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST') } self.__authn_request = request def _generate_request_id(self): """ Generate an unique request ID. """ return OneLogin_Saml2_Utils.generate_unique_id() def get_request(self, deflate=True): """ Returns unsigned AuthnRequest. :param deflate: It makes the deflate process optional :type: bool :return: AuthnRequest maybe deflated and base64 encoded :rtype: str object """ if deflate: request = OneLogin_Saml2_Utils.deflate_and_base64_encode(self.__authn_request) else: request = OneLogin_Saml2_Utils.b64encode(self.__authn_request) return request def get_id(self): """ Returns the AuthNRequest ID. :return: AuthNRequest ID :rtype: string """ return self.__id def get_xml(self): """ Returns the XML that will be sent as part of the request :return: XML request body :rtype: string """ return self.__authn_request python3-saml-1.12.0/src/onelogin/saml2/compat.py000066400000000000000000000026001410551756100214100ustar00rootroot00000000000000# -*- coding: utf-8 -*- """ py3 compatibility class Copyright (c) 2010-2021 OneLogin, Inc. MIT License """ from __future__ import absolute_import, print_function, with_statement try: basestring except NameError: basestring = str try: unicode except NameError: unicode = str if isinstance(b'', type('')): # py 2.x text_types = (basestring,) # noqa bytes_type = bytes str_type = basestring # noqa def utf8(data): """ return utf8-encoded string """ if isinstance(data, basestring): return data.decode("utf8") return unicode(data) def to_string(data): """ return string """ if isinstance(data, unicode): return data.encode("utf8") return str(data) def to_bytes(data): """ return bytes """ return str(data) else: # py 3.x text_types = (bytes, str) bytes_type = bytes str_type = str def utf8(data): """ return utf8-encoded string """ if isinstance(data, bytes): return data.decode("utf8") return str(data) def to_string(data): """convert to string""" if isinstance(data, bytes): return data.decode("utf8") return str(data) def to_bytes(data): """return bytes""" if isinstance(data, str): return data.encode("utf8") return bytes(data) python3-saml-1.12.0/src/onelogin/saml2/constants.py000066400000000000000000000115311410551756100221440ustar00rootroot00000000000000# -*- coding: utf-8 -*- """ OneLogin_Saml2_Constants class Copyright (c) 2010-2021 OneLogin, Inc. MIT License Constants class of OneLogin's Python Toolkit. """ class OneLogin_Saml2_Constants(object): """ This class defines all the constants that will be used in the OneLogin's Python Toolkit. """ # Value added to the current time in time condition validations ALLOWED_CLOCK_DRIFT = 300 # NameID Formats NAMEID_EMAIL_ADDRESS = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress' NAMEID_X509_SUBJECT_NAME = 'urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName' NAMEID_WINDOWS_DOMAIN_QUALIFIED_NAME = 'urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName' NAMEID_UNSPECIFIED = 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified' NAMEID_KERBEROS = 'urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos' NAMEID_ENTITY = 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity' NAMEID_TRANSIENT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient' NAMEID_PERSISTENT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent' NAMEID_ENCRYPTED = 'urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted' # Attribute Name Formats ATTRNAME_FORMAT_UNSPECIFIED = 'urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified' ATTRNAME_FORMAT_URI = 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri' ATTRNAME_FORMAT_BASIC = 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic' # Namespaces NS_SAML = 'urn:oasis:names:tc:SAML:2.0:assertion' NS_SAMLP = 'urn:oasis:names:tc:SAML:2.0:protocol' NS_SOAP = 'http://schemas.xmlsoap.org/soap/envelope/' NS_MD = 'urn:oasis:names:tc:SAML:2.0:metadata' NS_XS = 'http://www.w3.org/2001/XMLSchema' NS_XSI = 'http://www.w3.org/2001/XMLSchema-instance' NS_XENC = 'http://www.w3.org/2001/04/xmlenc#' NS_DS = 'http://www.w3.org/2000/09/xmldsig#' # Namespace Prefixes NS_PREFIX_SAML = 'saml' NS_PREFIX_SAMLP = 'samlp' NS_PREFIX_MD = 'md' NS_PREFIX_XS = 'xs' NS_PREFIX_XSI = 'xsi' NS_PREFIX_XSD = 'xsd' NS_PREFIX_XENC = 'xenc' NS_PREFIX_DS = 'ds' # Prefix:Namespace Mappings NSMAP = { NS_PREFIX_SAMLP: NS_SAMLP, NS_PREFIX_SAML: NS_SAML, NS_PREFIX_DS: NS_DS, NS_PREFIX_XENC: NS_XENC, NS_PREFIX_MD: NS_MD } # Bindings BINDING_HTTP_POST = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' BINDING_HTTP_REDIRECT = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect' BINDING_HTTP_ARTIFACT = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact' BINDING_SOAP = 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP' BINDING_DEFLATE = 'urn:oasis:names:tc:SAML:2.0:bindings:URL-Encoding:DEFLATE' # Auth Context Class AC_UNSPECIFIED = 'urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified' AC_PASSWORD = 'urn:oasis:names:tc:SAML:2.0:ac:classes:Password' AC_PASSWORD_PROTECTED = 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' AC_X509 = 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509' AC_SMARTCARD = 'urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard' AC_KERBEROS = 'urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos' # Subject Confirmation CM_BEARER = 'urn:oasis:names:tc:SAML:2.0:cm:bearer' CM_HOLDER_KEY = 'urn:oasis:names:tc:SAML:2.0:cm:holder-of-key' CM_SENDER_VOUCHES = 'urn:oasis:names:tc:SAML:2.0:cm:sender-vouches' # Status Codes STATUS_SUCCESS = 'urn:oasis:names:tc:SAML:2.0:status:Success' STATUS_REQUESTER = 'urn:oasis:names:tc:SAML:2.0:status:Requester' STATUS_RESPONDER = 'urn:oasis:names:tc:SAML:2.0:status:Responder' STATUS_VERSION_MISMATCH = 'urn:oasis:names:tc:SAML:2.0:status:VersionMismatch' STATUS_NO_PASSIVE = 'urn:oasis:names:tc:SAML:2.0:status:NoPassive' STATUS_PARTIAL_LOGOUT = 'urn:oasis:names:tc:SAML:2.0:status:PartialLogout' STATUS_PROXY_COUNT_EXCEEDED = 'urn:oasis:names:tc:SAML:2.0:status:ProxyCountExceeded' # Sign & Crypto SHA1 = 'http://www.w3.org/2000/09/xmldsig#sha1' SHA256 = 'http://www.w3.org/2001/04/xmlenc#sha256' SHA384 = 'http://www.w3.org/2001/04/xmldsig-more#sha384' SHA512 = 'http://www.w3.org/2001/04/xmlenc#sha512' DSA_SHA1 = 'http://www.w3.org/2000/09/xmldsig#dsa-sha1' RSA_SHA1 = 'http://www.w3.org/2000/09/xmldsig#rsa-sha1' RSA_SHA256 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' RSA_SHA384 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384' RSA_SHA512 = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512' # Enc TRIPLEDES_CBC = 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc' AES128_CBC = 'http://www.w3.org/2001/04/xmlenc#aes128-cbc' AES192_CBC = 'http://www.w3.org/2001/04/xmlenc#aes192-cbc' AES256_CBC = 'http://www.w3.org/2001/04/xmlenc#aes256-cbc' RSA_1_5 = 'http://www.w3.org/2001/04/xmlenc#rsa-1_5' RSA_OAEP_MGF1P = 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p' python3-saml-1.12.0/src/onelogin/saml2/errors.py000066400000000000000000000070301410551756100214430ustar00rootroot00000000000000# -*- coding: utf-8 -*- """ OneLogin_Saml2_Error class Copyright (c) 2010-2021 OneLogin, Inc. MIT License Error class of OneLogin's Python Toolkit. Defines common Error codes and has a custom initializator. """ class OneLogin_Saml2_Error(Exception): """ This class implements a custom Exception handler. Defines custom error codes. """ # Errors SETTINGS_FILE_NOT_FOUND = 0 SETTINGS_INVALID_SYNTAX = 1 SETTINGS_INVALID = 2 METADATA_SP_INVALID = 3 # SP_CERTS_NOT_FOUND is deprecated, use CERT_NOT_FOUND instead SP_CERTS_NOT_FOUND = 4 CERT_NOT_FOUND = 4 REDIRECT_INVALID_URL = 5 PUBLIC_CERT_FILE_NOT_FOUND = 6 PRIVATE_KEY_FILE_NOT_FOUND = 7 SAML_RESPONSE_NOT_FOUND = 8 SAML_LOGOUTMESSAGE_NOT_FOUND = 9 SAML_LOGOUTREQUEST_INVALID = 10 SAML_LOGOUTRESPONSE_INVALID = 11 SAML_SINGLE_LOGOUT_NOT_SUPPORTED = 12 PRIVATE_KEY_NOT_FOUND = 13 UNSUPPORTED_SETTINGS_OBJECT = 14 def __init__(self, message, code=0, errors=None): """ Initializes the Exception instance. Arguments are: * (str) message. Describes the error. * (int) code. The code error (defined in the error class). """ assert isinstance(code, int) if errors is not None: message = message % errors Exception.__init__(self, message) self.code = code class OneLogin_Saml2_ValidationError(Exception): """ This class implements another custom Exception handler, related to exceptions that happens during validation process. Defines custom error codes . """ # Validation Errors UNSUPPORTED_SAML_VERSION = 0 MISSING_ID = 1 WRONG_NUMBER_OF_ASSERTIONS = 2 MISSING_STATUS = 3 MISSING_STATUS_CODE = 4 STATUS_CODE_IS_NOT_SUCCESS = 5 WRONG_SIGNED_ELEMENT = 6 ID_NOT_FOUND_IN_SIGNED_ELEMENT = 7 DUPLICATED_ID_IN_SIGNED_ELEMENTS = 8 INVALID_SIGNED_ELEMENT = 9 DUPLICATED_REFERENCE_IN_SIGNED_ELEMENTS = 10 UNEXPECTED_SIGNED_ELEMENTS = 11 WRONG_NUMBER_OF_SIGNATURES_IN_RESPONSE = 12 WRONG_NUMBER_OF_SIGNATURES_IN_ASSERTION = 13 INVALID_XML_FORMAT = 14 WRONG_INRESPONSETO = 15 NO_ENCRYPTED_ASSERTION = 16 NO_ENCRYPTED_NAMEID = 17 MISSING_CONDITIONS = 18 ASSERTION_TOO_EARLY = 19 ASSERTION_EXPIRED = 20 WRONG_NUMBER_OF_AUTHSTATEMENTS = 21 NO_ATTRIBUTESTATEMENT = 22 ENCRYPTED_ATTRIBUTES = 23 WRONG_DESTINATION = 24 EMPTY_DESTINATION = 25 WRONG_AUDIENCE = 26 ISSUER_MULTIPLE_IN_RESPONSE = 27 ISSUER_NOT_FOUND_IN_ASSERTION = 28 WRONG_ISSUER = 29 SESSION_EXPIRED = 30 WRONG_SUBJECTCONFIRMATION = 31 NO_SIGNED_MESSAGE = 32 NO_SIGNED_ASSERTION = 33 NO_SIGNATURE_FOUND = 34 KEYINFO_NOT_FOUND_IN_ENCRYPTED_DATA = 35 CHILDREN_NODE_NOT_FOUND_IN_KEYINFO = 36 UNSUPPORTED_RETRIEVAL_METHOD = 37 NO_NAMEID = 38 EMPTY_NAMEID = 39 SP_NAME_QUALIFIER_NAME_MISMATCH = 40 DUPLICATED_ATTRIBUTE_NAME_FOUND = 41 INVALID_SIGNATURE = 42 WRONG_NUMBER_OF_SIGNATURES = 43 RESPONSE_EXPIRED = 44 AUTHN_CONTEXT_MISMATCH = 45 def __init__(self, message, code=0, errors=None): """ Initializes the Exception instance. Arguments are: * (str) message. Describes the error. * (int) code. The code error (defined in the error class). """ assert isinstance(code, int) if errors is not None: message = message % errors Exception.__init__(self, message) self.code = code python3-saml-1.12.0/src/onelogin/saml2/idp_metadata_parser.py000066400000000000000000000264511410551756100241270ustar00rootroot00000000000000# -*- coding: utf-8 -*- """ OneLogin_Saml2_IdPMetadataParser class Copyright (c) 2010-2021 OneLogin, Inc. MIT License Metadata class of OneLogin's Python Toolkit. """ from copy import deepcopy try: import urllib.request as urllib2 except ImportError: import urllib2 import ssl from onelogin.saml2.constants import OneLogin_Saml2_Constants from onelogin.saml2.xml_utils import OneLogin_Saml2_XML class OneLogin_Saml2_IdPMetadataParser(object): """ A class that contain methods related to obtaining and parsing metadata from IdP This class does not validate in any way the URL that is introduced, make sure to validate it properly before use it in a get_metadata method. """ @classmethod def get_metadata(cls, url, validate_cert=True, timeout=None): """ Gets the metadata XML from the provided URL :param url: Url where the XML of the Identity Provider Metadata is published. :type url: string :param validate_cert: If the url uses https schema, that flag enables or not the verification of the associated certificate. :type validate_cert: bool :param timeout: Timeout in seconds to wait for metadata response :type timeout: int :returns: metadata XML :rtype: string """ valid = False if validate_cert: response = urllib2.urlopen(url, timeout=timeout) else: ctx = ssl.create_default_context() ctx.check_hostname = False ctx.verify_mode = ssl.CERT_NONE response = urllib2.urlopen(url, context=ctx, timeout=timeout) xml = response.read() if xml: try: dom = OneLogin_Saml2_XML.to_etree(xml) idp_descriptor_nodes = OneLogin_Saml2_XML.query(dom, '//md:IDPSSODescriptor') if idp_descriptor_nodes: valid = True except Exception: pass if not valid: raise Exception('Not valid IdP XML found from URL: %s' % (url)) return xml @classmethod def parse_remote(cls, url, validate_cert=True, entity_id=None, timeout=None, **kwargs): """ Gets the metadata XML from the provided URL and parse it, returning a dict with extracted data :param url: Url where the XML of the Identity Provider Metadata is published. :type url: string :param validate_cert: If the url uses https schema, that flag enables or not the verification of the associated certificate. :type validate_cert: bool :param entity_id: Specify the entity_id of the EntityDescriptor that you want to parse a XML that contains multiple EntityDescriptor. :type entity_id: string :param timeout: Timeout in seconds to wait for metadata response :type timeout: int :returns: settings dict with extracted data :rtype: dict """ idp_metadata = cls.get_metadata(url, validate_cert, timeout) return cls.parse(idp_metadata, entity_id=entity_id, **kwargs) @classmethod def parse( cls, idp_metadata, required_sso_binding=OneLogin_Saml2_Constants.BINDING_HTTP_REDIRECT, required_slo_binding=OneLogin_Saml2_Constants.BINDING_HTTP_REDIRECT, entity_id=None): """ Parses the Identity Provider metadata and return a dict with extracted data. If there are multiple tags, parse only the first. Parses only those SSO endpoints with the same binding as given by the `required_sso_binding` parameter. Parses only those SLO endpoints with the same binding as given by the `required_slo_binding` parameter. If the metadata specifies multiple SSO endpoints with the required binding, extract only the first (the same holds true for SLO endpoints). :param idp_metadata: XML of the Identity Provider Metadata. :type idp_metadata: string :param required_sso_binding: Parse only POST or REDIRECT SSO endpoints. :type required_sso_binding: one of OneLogin_Saml2_Constants.BINDING_HTTP_REDIRECT or OneLogin_Saml2_Constants.BINDING_HTTP_POST :param required_slo_binding: Parse only POST or REDIRECT SLO endpoints. :type required_slo_binding: one of OneLogin_Saml2_Constants.BINDING_HTTP_REDIRECT or OneLogin_Saml2_Constants.BINDING_HTTP_POST :param entity_id: Specify the entity_id of the EntityDescriptor that you want to parse a XML that contains multiple EntityDescriptor. :type entity_id: string :returns: settings dict with extracted data :rtype: dict """ data = {} dom = OneLogin_Saml2_XML.to_etree(idp_metadata) idp_entity_id = want_authn_requests_signed = idp_name_id_format = idp_sso_url = idp_slo_url = certs = None entity_desc_path = '//md:EntityDescriptor' if entity_id: entity_desc_path += "[@entityID='%s']" % entity_id entity_descriptor_nodes = OneLogin_Saml2_XML.query(dom, entity_desc_path) if len(entity_descriptor_nodes) > 0: entity_descriptor_node = entity_descriptor_nodes[0] idp_descriptor_nodes = OneLogin_Saml2_XML.query(entity_descriptor_node, './md:IDPSSODescriptor') if len(idp_descriptor_nodes) > 0: idp_descriptor_node = idp_descriptor_nodes[0] idp_entity_id = entity_descriptor_node.get('entityID', None) want_authn_requests_signed = entity_descriptor_node.get('WantAuthnRequestsSigned', None) name_id_format_nodes = OneLogin_Saml2_XML.query(idp_descriptor_node, './md:NameIDFormat') if len(name_id_format_nodes) > 0: idp_name_id_format = OneLogin_Saml2_XML.element_text(name_id_format_nodes[0]) sso_nodes = OneLogin_Saml2_XML.query( idp_descriptor_node, "./md:SingleSignOnService[@Binding='%s']" % required_sso_binding ) if len(sso_nodes) > 0: idp_sso_url = sso_nodes[0].get('Location', None) slo_nodes = OneLogin_Saml2_XML.query( idp_descriptor_node, "./md:SingleLogoutService[@Binding='%s']" % required_slo_binding ) if len(slo_nodes) > 0: idp_slo_url = slo_nodes[0].get('Location', None) signing_nodes = OneLogin_Saml2_XML.query(idp_descriptor_node, "./md:KeyDescriptor[not(contains(@use, 'encryption'))]/ds:KeyInfo/ds:X509Data/ds:X509Certificate") encryption_nodes = OneLogin_Saml2_XML.query(idp_descriptor_node, "./md:KeyDescriptor[not(contains(@use, 'signing'))]/ds:KeyInfo/ds:X509Data/ds:X509Certificate") if len(signing_nodes) > 0 or len(encryption_nodes) > 0: certs = {} if len(signing_nodes) > 0: certs['signing'] = [] for cert_node in signing_nodes: certs['signing'].append(''.join(OneLogin_Saml2_XML.element_text(cert_node).split())) if len(encryption_nodes) > 0: certs['encryption'] = [] for cert_node in encryption_nodes: certs['encryption'].append(''.join(OneLogin_Saml2_XML.element_text(cert_node).split())) data['idp'] = {} if idp_entity_id is not None: data['idp']['entityId'] = idp_entity_id if idp_sso_url is not None: data['idp']['singleSignOnService'] = {} data['idp']['singleSignOnService']['url'] = idp_sso_url data['idp']['singleSignOnService']['binding'] = required_sso_binding if idp_slo_url is not None: data['idp']['singleLogoutService'] = {} data['idp']['singleLogoutService']['url'] = idp_slo_url data['idp']['singleLogoutService']['binding'] = required_slo_binding if want_authn_requests_signed is not None: data['security'] = {} data['security']['authnRequestsSigned'] = want_authn_requests_signed if idp_name_id_format: data['sp'] = {} data['sp']['NameIDFormat'] = idp_name_id_format if certs is not None: if (len(certs) == 1 and (('signing' in certs and len(certs['signing']) == 1) or ('encryption' in certs and len(certs['encryption']) == 1))) or \ (('signing' in certs and len(certs['signing']) == 1) and ('encryption' in certs and len(certs['encryption']) == 1 and certs['signing'][0] == certs['encryption'][0])): if 'signing' in certs: data['idp']['x509cert'] = certs['signing'][0] else: data['idp']['x509cert'] = certs['encryption'][0] else: data['idp']['x509certMulti'] = certs return data @staticmethod def merge_settings(settings, new_metadata_settings): """ Will update the settings with the provided new settings data extracted from the IdP metadata :param settings: Current settings dict data :type settings: dict :param new_metadata_settings: Settings to be merged (extracted from IdP metadata after parsing) :type new_metadata_settings: dict :returns: merged settings :rtype: dict """ for d in (settings, new_metadata_settings): if not isinstance(d, dict): raise TypeError('Both arguments must be dictionaries.') # Guarantee to not modify original data (`settings.copy()` would not # be sufficient, as it's just a shallow copy). result_settings = deepcopy(settings) # previously I will take care of cert stuff if 'idp' in new_metadata_settings and 'idp' in result_settings: if new_metadata_settings['idp'].get('x509cert', None) and result_settings['idp'].get('x509certMulti', None): del result_settings['idp']['x509certMulti'] if new_metadata_settings['idp'].get('x509certMulti', None) and result_settings['idp'].get('x509cert', None): del result_settings['idp']['x509cert'] # Merge `new_metadata_settings` into `result_settings`. dict_deep_merge(result_settings, new_metadata_settings) return result_settings def dict_deep_merge(a, b, path=None): """Deep-merge dictionary `b` into dictionary `a`. Kudos to http://stackoverflow.com/a/7205107/145400 """ if path is None: path = [] for key in b: if key in a: if isinstance(a[key], dict) and isinstance(b[key], dict): dict_deep_merge(a[key], b[key], path + [str(key)]) elif a[key] == b[key]: # Key conflict, but equal value. pass else: # Key/value conflict. Prioritize b over a. a[key] = b[key] else: a[key] = b[key] return a python3-saml-1.12.0/src/onelogin/saml2/logout_request.py000066400000000000000000000325761410551756100232250ustar00rootroot00000000000000# -*- coding: utf-8 -*- """ OneLogin_Saml2_Logout_Request class Copyright (c) 2010-2021 OneLogin, Inc. MIT License Logout Request class of OneLogin's Python Toolkit. """ from onelogin.saml2 import compat from onelogin.saml2.constants import OneLogin_Saml2_Constants from onelogin.saml2.utils import OneLogin_Saml2_Utils, OneLogin_Saml2_Error, OneLogin_Saml2_ValidationError from onelogin.saml2.xml_templates import OneLogin_Saml2_Templates from onelogin.saml2.xml_utils import OneLogin_Saml2_XML class OneLogin_Saml2_Logout_Request(object): """ This class handles a Logout Request. Builds a Logout Response object and validates it. """ def __init__(self, settings, request=None, name_id=None, session_index=None, nq=None, name_id_format=None, spnq=None): """ Constructs the Logout Request object. :param settings: Setting data :type settings: OneLogin_Saml2_Settings :param request: Optional. A LogoutRequest to be loaded instead build one. :type request: string :param name_id: The NameID that will be set in the LogoutRequest. :type name_id: string :param session_index: SessionIndex that identifies the session of the user. :type session_index: string :param nq: IDP Name Qualifier :type: string :param name_id_format: The NameID Format that will be set in the LogoutRequest. :type: string :param spnq: SP Name Qualifier :type: string """ self.__settings = settings self.__error = None self.id = None if request is None: sp_data = self.__settings.get_sp_data() idp_data = self.__settings.get_idp_data() security = self.__settings.get_security_data() self.id = self._generate_request_id() issue_instant = OneLogin_Saml2_Utils.parse_time_to_SAML(OneLogin_Saml2_Utils.now()) cert = None if security['nameIdEncrypted']: exists_multix509enc = 'x509certMulti' in idp_data and \ 'encryption' in idp_data['x509certMulti'] and \ idp_data['x509certMulti']['encryption'] if exists_multix509enc: cert = idp_data['x509certMulti']['encryption'][0] else: cert = self.__settings.get_idp_cert() if name_id is not None: if not name_id_format and sp_data['NameIDFormat'] != OneLogin_Saml2_Constants.NAMEID_UNSPECIFIED: name_id_format = sp_data['NameIDFormat'] else: name_id = idp_data['entityId'] name_id_format = OneLogin_Saml2_Constants.NAMEID_ENTITY # From saml-core-2.0-os 8.3.6, when the entity Format is used: # "The NameQualifier, SPNameQualifier, and SPProvidedID attributes # MUST be omitted. if name_id_format and name_id_format == OneLogin_Saml2_Constants.NAMEID_ENTITY: nq = None spnq = None # NameID Format UNSPECIFIED omitted if name_id_format and name_id_format == OneLogin_Saml2_Constants.NAMEID_UNSPECIFIED: name_id_format = None name_id_obj = OneLogin_Saml2_Utils.generate_name_id( name_id, spnq, name_id_format, cert, False, nq ) if session_index: session_index_str = '%s' % session_index else: session_index_str = '' logout_request = OneLogin_Saml2_Templates.LOGOUT_REQUEST % \ { 'id': self.id, 'issue_instant': issue_instant, 'single_logout_url': self.__settings.get_idp_slo_url(), 'entity_id': sp_data['entityId'], 'name_id': name_id_obj, 'session_index': session_index_str, } else: logout_request = OneLogin_Saml2_Utils.decode_base64_and_inflate(request, ignore_zip=True) self.id = self.get_id(logout_request) self.__logout_request = compat.to_string(logout_request) def get_request(self, deflate=True): """ Returns the Logout Request deflated, base64encoded :param deflate: It makes the deflate process optional :type: bool :return: Logout Request maybe deflated and base64 encoded :rtype: str object """ if deflate: request = OneLogin_Saml2_Utils.deflate_and_base64_encode(self.__logout_request) else: request = OneLogin_Saml2_Utils.b64encode(self.__logout_request) return request def get_xml(self): """ Returns the XML that will be sent as part of the request or that was received at the SP :return: XML request body :rtype: string """ return self.__logout_request @classmethod def get_id(cls, request): """ Returns the ID of the Logout Request :param request: Logout Request Message :type request: string|DOMDocument :return: string ID :rtype: str object """ elem = OneLogin_Saml2_XML.to_etree(request) return elem.get('ID', None) @classmethod def get_nameid_data(cls, request, key=None): """ Gets the NameID Data of the the Logout Request :param request: Logout Request Message :type request: string|DOMDocument :param key: The SP key :type key: string :return: Name ID Data (Value, Format, NameQualifier, SPNameQualifier) :rtype: dict """ elem = OneLogin_Saml2_XML.to_etree(request) name_id = None encrypted_entries = OneLogin_Saml2_XML.query(elem, '/samlp:LogoutRequest/saml:EncryptedID') if len(encrypted_entries) == 1: if key is None: raise OneLogin_Saml2_Error( 'Private Key is required in order to decrypt the NameID, check settings', OneLogin_Saml2_Error.PRIVATE_KEY_NOT_FOUND ) encrypted_data_nodes = OneLogin_Saml2_XML.query(elem, '/samlp:LogoutRequest/saml:EncryptedID/xenc:EncryptedData') if len(encrypted_data_nodes) == 1: encrypted_data = encrypted_data_nodes[0] name_id = OneLogin_Saml2_Utils.decrypt_element(encrypted_data, key) else: entries = OneLogin_Saml2_XML.query(elem, '/samlp:LogoutRequest/saml:NameID') if len(entries) == 1: name_id = entries[0] if name_id is None: raise OneLogin_Saml2_ValidationError( 'NameID not found in the Logout Request', OneLogin_Saml2_ValidationError.NO_NAMEID ) name_id_data = { 'Value': OneLogin_Saml2_XML.element_text(name_id) } for attr in ['Format', 'SPNameQualifier', 'NameQualifier']: if attr in name_id.attrib: name_id_data[attr] = name_id.attrib[attr] return name_id_data @classmethod def get_nameid(cls, request, key=None): """ Gets the NameID of the Logout Request Message :param request: Logout Request Message :type request: string|DOMDocument :param key: The SP key :type key: string :return: Name ID Value :rtype: string """ name_id = cls.get_nameid_data(request, key) return name_id['Value'] @classmethod def get_nameid_format(cls, request, key=None): """ Gets the NameID Format of the Logout Request Message :param request: Logout Request Message :type request: string|DOMDocument :param key: The SP key :type key: string :return: Name ID Format :rtype: string """ name_id_format = None name_id_data = cls.get_nameid_data(request, key) if name_id_data and 'Format' in name_id_data.keys(): name_id_format = name_id_data['Format'] return name_id_format @classmethod def get_issuer(cls, request): """ Gets the Issuer of the Logout Request Message :param request: Logout Request Message :type request: string|DOMDocument :return: The Issuer :rtype: string """ elem = OneLogin_Saml2_XML.to_etree(request) issuer = None issuer_nodes = OneLogin_Saml2_XML.query(elem, '/samlp:LogoutRequest/saml:Issuer') if len(issuer_nodes) == 1: issuer = OneLogin_Saml2_XML.element_text(issuer_nodes[0]) return issuer @classmethod def get_session_indexes(cls, request): """ Gets the SessionIndexes from the Logout Request :param request: Logout Request Message :type request: string|DOMDocument :return: The SessionIndex value :rtype: list """ elem = OneLogin_Saml2_XML.to_etree(request) session_indexes = [] session_index_nodes = OneLogin_Saml2_XML.query(elem, '/samlp:LogoutRequest/samlp:SessionIndex') for session_index_node in session_index_nodes: session_indexes.append(OneLogin_Saml2_XML.element_text(session_index_node)) return session_indexes def is_valid(self, request_data, raise_exceptions=False): """ Checks if the Logout Request received is valid :param request_data: Request Data :type request_data: dict :param raise_exceptions: Whether to return false on failure or raise an exception :type raise_exceptions: Boolean :return: If the Logout Request is or not valid :rtype: boolean """ self.__error = None try: root = OneLogin_Saml2_XML.to_etree(self.__logout_request) idp_data = self.__settings.get_idp_data() idp_entity_id = idp_data['entityId'] get_data = ('get_data' in request_data and request_data['get_data']) or dict() if self.__settings.is_strict(): res = OneLogin_Saml2_XML.validate_xml(root, 'saml-schema-protocol-2.0.xsd', self.__settings.is_debug_active()) if isinstance(res, str): raise OneLogin_Saml2_ValidationError( 'Invalid SAML Logout Request. Not match the saml-schema-protocol-2.0.xsd', OneLogin_Saml2_ValidationError.INVALID_XML_FORMAT ) security = self.__settings.get_security_data() current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data) # Check NotOnOrAfter if root.get('NotOnOrAfter', None): na = OneLogin_Saml2_Utils.parse_SAML_to_time(root.get('NotOnOrAfter')) if na <= OneLogin_Saml2_Utils.now(): raise OneLogin_Saml2_ValidationError( 'Could not validate timestamp: expired. Check system clock.)', OneLogin_Saml2_ValidationError.RESPONSE_EXPIRED ) # Check destination destination = root.get('Destination', None) if destination: if not OneLogin_Saml2_Utils.normalize_url(url=destination).startswith(OneLogin_Saml2_Utils.normalize_url(url=current_url)): raise OneLogin_Saml2_ValidationError( 'The LogoutRequest was received at ' '%(currentURL)s instead of %(destination)s' % { 'currentURL': current_url, 'destination': destination, }, OneLogin_Saml2_ValidationError.WRONG_DESTINATION ) # Check issuer issuer = self.get_issuer(root) if issuer is not None and issuer != idp_entity_id: raise OneLogin_Saml2_ValidationError( 'Invalid issuer in the Logout Request (expected %(idpEntityId)s, got %(issuer)s)' % { 'idpEntityId': idp_entity_id, 'issuer': issuer }, OneLogin_Saml2_ValidationError.WRONG_ISSUER ) if security['wantMessagesSigned']: if 'Signature' not in get_data: raise OneLogin_Saml2_ValidationError( 'The Message of the Logout Request is not signed and the SP require it', OneLogin_Saml2_ValidationError.NO_SIGNED_MESSAGE ) return True except Exception as err: # pylint: disable=R0801 self.__error = str(err) debug = self.__settings.is_debug_active() if debug: print(err) if raise_exceptions: raise return False def get_error(self): """ After executing a validation process, if it fails this method returns the cause """ return self.__error def _generate_request_id(self): """ Generate an unique logout request ID. """ return OneLogin_Saml2_Utils.generate_unique_id() python3-saml-1.12.0/src/onelogin/saml2/logout_response.py000066400000000000000000000203571410551756100233650ustar00rootroot00000000000000# -*- coding: utf-8 -*- """ OneLogin_Saml2_Logout_Response class Copyright (c) 2010-2021 OneLogin, Inc. MIT License Logout Response class of OneLogin's Python Toolkit. """ from onelogin.saml2 import compat from onelogin.saml2.utils import OneLogin_Saml2_Utils, OneLogin_Saml2_ValidationError from onelogin.saml2.xml_templates import OneLogin_Saml2_Templates from onelogin.saml2.xml_utils import OneLogin_Saml2_XML class OneLogin_Saml2_Logout_Response(object): """ This class handles a Logout Response. It Builds or parses a Logout Response object and validates it. """ def __init__(self, settings, response=None): """ Constructs a Logout Response object (Initialize params from settings and if provided load the Logout Response. Arguments are: * (OneLogin_Saml2_Settings) settings. Setting data * (string) response. An UUEncoded SAML Logout response from the IdP. """ self.__settings = settings self.__error = None self.id = None if response is not None: self.__logout_response = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(response, ignore_zip=True)) self.document = OneLogin_Saml2_XML.to_etree(self.__logout_response) self.id = self.document.get('ID', None) def get_issuer(self): """ Gets the Issuer of the Logout Response Message :return: The Issuer :rtype: string """ issuer = None issuer_nodes = self.__query('/samlp:LogoutResponse/saml:Issuer') if len(issuer_nodes) == 1: issuer = OneLogin_Saml2_XML.element_text(issuer_nodes[0]) return issuer def get_status(self): """ Gets the Status :return: The Status :rtype: string """ entries = self.__query('/samlp:LogoutResponse/samlp:Status/samlp:StatusCode') if len(entries) == 0: return None status = entries[0].attrib['Value'] return status def is_valid(self, request_data, request_id=None, raise_exceptions=False): """ Determines if the SAML LogoutResponse is valid :param request_id: The ID of the LogoutRequest sent by this SP to the IdP :type request_id: string :param raise_exceptions: Whether to return false on failure or raise an exception :type raise_exceptions: Boolean :return: Returns if the SAML LogoutResponse is or not valid :rtype: boolean """ self.__error = None try: idp_data = self.__settings.get_idp_data() idp_entity_id = idp_data['entityId'] get_data = request_data['get_data'] if self.__settings.is_strict(): res = OneLogin_Saml2_XML.validate_xml(self.document, 'saml-schema-protocol-2.0.xsd', self.__settings.is_debug_active()) if isinstance(res, str): raise OneLogin_Saml2_ValidationError( 'Invalid SAML Logout Request. Not match the saml-schema-protocol-2.0.xsd', OneLogin_Saml2_ValidationError.INVALID_XML_FORMAT ) security = self.__settings.get_security_data() # Check if the InResponseTo of the Logout Response matches the ID of the Logout Request (requestId) if provided in_response_to = self.get_in_response_to() if request_id is not None and in_response_to and in_response_to != request_id: raise OneLogin_Saml2_ValidationError( 'The InResponseTo of the Logout Response: %s, does not match the ID of the Logout request sent by the SP: %s' % (in_response_to, request_id), OneLogin_Saml2_ValidationError.WRONG_INRESPONSETO ) # Check issuer issuer = self.get_issuer() if issuer is not None and issuer != idp_entity_id: raise OneLogin_Saml2_ValidationError( 'Invalid issuer in the Logout Response (expected %(idpEntityId)s, got %(issuer)s)' % { 'idpEntityId': idp_entity_id, 'issuer': issuer }, OneLogin_Saml2_ValidationError.WRONG_ISSUER ) current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data) # Check destination destination = self.document.get('Destination', None) if destination: if not OneLogin_Saml2_Utils.normalize_url(url=destination).startswith(OneLogin_Saml2_Utils.normalize_url(url=current_url)): raise OneLogin_Saml2_ValidationError( 'The LogoutResponse was received at %s instead of %s' % (current_url, destination), OneLogin_Saml2_ValidationError.WRONG_DESTINATION ) if security['wantMessagesSigned']: if 'Signature' not in get_data: raise OneLogin_Saml2_ValidationError( 'The Message of the Logout Response is not signed and the SP require it', OneLogin_Saml2_ValidationError.NO_SIGNED_MESSAGE ) return True # pylint: disable=R0801 except Exception as err: self.__error = str(err) debug = self.__settings.is_debug_active() if debug: print(err) if raise_exceptions: raise return False def __query(self, query): """ Extracts a node from the Etree (Logout Response Message) :param query: Xpath Expression :type query: string :return: The queried node :rtype: Element """ return OneLogin_Saml2_XML.query(self.document, query) def build(self, in_response_to): """ Creates a Logout Response object. :param in_response_to: InResponseTo value for the Logout Response. :type in_response_to: string """ sp_data = self.__settings.get_sp_data() self.id = self._generate_request_id() issue_instant = OneLogin_Saml2_Utils.parse_time_to_SAML(OneLogin_Saml2_Utils.now()) logout_response = OneLogin_Saml2_Templates.LOGOUT_RESPONSE % \ { 'id': self.id, 'issue_instant': issue_instant, 'destination': self.__settings.get_idp_slo_response_url(), 'in_response_to': in_response_to, 'entity_id': sp_data['entityId'], 'status': "urn:oasis:names:tc:SAML:2.0:status:Success" } self.__logout_response = logout_response def get_in_response_to(self): """ Gets the ID of the LogoutRequest which this response is in response to :returns: ID of LogoutRequest this LogoutResponse is in response to or None if it is not present :rtype: str """ return self.document.get('InResponseTo') def get_response(self, deflate=True): """ Returns a Logout Response object. :param deflate: It makes the deflate process optional :type: bool :return: Logout Response maybe deflated and base64 encoded :rtype: string """ if deflate: response = OneLogin_Saml2_Utils.deflate_and_base64_encode(self.__logout_response) else: response = OneLogin_Saml2_Utils.b64encode(self.__logout_response) return response def get_error(self): """ After executing a validation process, if it fails this method returns the cause """ return self.__error def get_xml(self): """ Returns the XML that will be sent as part of the response or that was received at the SP :return: XML response body :rtype: string """ return self.__logout_response def _generate_request_id(self): """ Generate an unique logout response ID. """ return OneLogin_Saml2_Utils.generate_unique_id() python3-saml-1.12.0/src/onelogin/saml2/metadata.py000066400000000000000000000261361410551756100217170ustar00rootroot00000000000000# -*- coding: utf-8 -*- """ OneLoginSaml2Metadata class Copyright (c) 2010-2021 OneLogin, Inc. MIT License Metadata class of OneLogin's Python Toolkit. """ from time import gmtime, strftime, time from datetime import datetime from onelogin.saml2 import compat from onelogin.saml2.constants import OneLogin_Saml2_Constants from onelogin.saml2.utils import OneLogin_Saml2_Utils from onelogin.saml2.xml_templates import OneLogin_Saml2_Templates from onelogin.saml2.xml_utils import OneLogin_Saml2_XML try: basestring except NameError: basestring = str class OneLogin_Saml2_Metadata(object): """ A class that contains methods related to the metadata of the SP """ TIME_VALID = 172800 # 2 days TIME_CACHED = 604800 # 1 week @classmethod def builder(cls, sp, authnsign=False, wsign=False, valid_until=None, cache_duration=None, contacts=None, organization=None): """ Builds the metadata of the SP :param sp: The SP data :type sp: string :param authnsign: authnRequestsSigned attribute :type authnsign: string :param wsign: wantAssertionsSigned attribute :type wsign: string :param valid_until: Metadata's expiry date :type valid_until: string|DateTime|Timestamp :param cache_duration: Duration of the cache in seconds :type cache_duration: int|string :param contacts: Contacts info :type contacts: dict :param organization: Organization info :type organization: dict """ if valid_until is None: valid_until = int(time()) + cls.TIME_VALID if not isinstance(valid_until, basestring): if isinstance(valid_until, datetime): valid_until_time = valid_until.timetuple() else: valid_until_time = gmtime(valid_until) valid_until_str = strftime(r'%Y-%m-%dT%H:%M:%SZ', valid_until_time) else: valid_until_str = valid_until if cache_duration is None: cache_duration = cls.TIME_CACHED if not isinstance(cache_duration, compat.str_type): cache_duration_str = 'PT%sS' % cache_duration # Period of Time x Seconds else: cache_duration_str = cache_duration if contacts is None: contacts = {} if organization is None: organization = {} sls = '' if 'singleLogoutService' in sp and 'url' in sp['singleLogoutService']: sls = OneLogin_Saml2_Templates.MD_SLS % \ { 'binding': sp['singleLogoutService']['binding'], 'location': sp['singleLogoutService']['url'], } str_authnsign = 'true' if authnsign else 'false' str_wsign = 'true' if wsign else 'false' str_organization = '' if len(organization) > 0: organization_names = [] organization_displaynames = [] organization_urls = [] for (lang, info) in organization.items(): organization_names.append(""" %s""" % (lang, info['name'])) organization_displaynames.append(""" %s""" % (lang, info['displayname'])) organization_urls.append(""" %s""" % (lang, info['url'])) org_data = '\n'.join(organization_names) + '\n' + '\n'.join(organization_displaynames) + '\n' + '\n'.join(organization_urls) str_organization = """ \n%(org)s\n """ % {'org': org_data} str_contacts = '' if len(contacts) > 0: contacts_info = [] for (ctype, info) in contacts.items(): contact = OneLogin_Saml2_Templates.MD_CONTACT_PERSON % \ { 'type': ctype, 'name': info['givenName'], 'email': info['emailAddress'], } contacts_info.append(contact) str_contacts = '\n'.join(contacts_info) str_attribute_consuming_service = '' if 'attributeConsumingService' in sp and len(sp['attributeConsumingService']): attr_cs_desc_str = '' if "serviceDescription" in sp['attributeConsumingService']: attr_cs_desc_str = """ %s """ % sp['attributeConsumingService']['serviceDescription'] requested_attribute_data = [] for req_attribs in sp['attributeConsumingService']['requestedAttributes']: req_attr_nameformat_str = req_attr_friendlyname_str = req_attr_isrequired_str = '' req_attr_aux_str = ' />' if 'nameFormat' in req_attribs.keys() and req_attribs['nameFormat']: req_attr_nameformat_str = " NameFormat=\"%s\"" % req_attribs['nameFormat'] if 'friendlyName' in req_attribs.keys() and req_attribs['friendlyName']: req_attr_friendlyname_str = " FriendlyName=\"%s\"" % req_attribs['friendlyName'] if 'isRequired' in req_attribs.keys() and req_attribs['isRequired']: req_attr_isrequired_str = " isRequired=\"%s\"" % 'true' if req_attribs['isRequired'] else 'false' if 'attributeValue' in req_attribs.keys() and req_attribs['attributeValue']: if isinstance(req_attribs['attributeValue'], basestring): req_attribs['attributeValue'] = [req_attribs['attributeValue']] req_attr_aux_str = ">" for attrValue in req_attribs['attributeValue']: req_attr_aux_str += """ %(attributeValue)s""" % \ { 'attributeValue': attrValue } req_attr_aux_str += """ """ requested_attribute = """ %(service_name)s %(attr_cs_desc)s%(requested_attribute_str)s """ % \ { 'service_name': sp['attributeConsumingService']['serviceName'], 'attr_cs_desc': attr_cs_desc_str, 'attribute_consuming_service_index': sp['attributeConsumingService'].get('index', '1'), 'requested_attribute_str': '\n'.join(requested_attribute_data) } metadata = OneLogin_Saml2_Templates.MD_ENTITY_DESCRIPTOR % \ { 'valid': ('validUntil="%s"' % valid_until_str) if valid_until_str else '', 'cache': ('cacheDuration="%s"' % cache_duration_str) if cache_duration_str else '', 'entity_id': sp['entityId'], 'authnsign': str_authnsign, 'wsign': str_wsign, 'name_id_format': sp['NameIDFormat'], 'binding': sp['assertionConsumerService']['binding'], 'location': sp['assertionConsumerService']['url'], 'sls': sls, 'organization': str_organization, 'contacts': str_contacts, 'attribute_consuming_service': str_attribute_consuming_service } return metadata @staticmethod def sign_metadata(metadata, key, cert, sign_algorithm=OneLogin_Saml2_Constants.RSA_SHA1, digest_algorithm=OneLogin_Saml2_Constants.SHA1): """ Signs the metadata with the key/cert provided :param metadata: SAML Metadata XML :type metadata: string :param key: x509 key :type key: string :param cert: x509 cert :type cert: string :returns: Signed Metadata :rtype: string :param sign_algorithm: Signature algorithm method :type sign_algorithm: string :param digest_algorithm: Digest algorithm method :type digest_algorithm: string """ return OneLogin_Saml2_Utils.add_sign(metadata, key, cert, False, sign_algorithm, digest_algorithm) @staticmethod def __add_x509_key_descriptors(root, cert, signing): key_descriptor = OneLogin_Saml2_XML.make_child(root, '{%s}KeyDescriptor' % OneLogin_Saml2_Constants.NS_MD) root.remove(key_descriptor) root.insert(0, key_descriptor) key_info = OneLogin_Saml2_XML.make_child(key_descriptor, '{%s}KeyInfo' % OneLogin_Saml2_Constants.NS_DS) key_data = OneLogin_Saml2_XML.make_child(key_info, '{%s}X509Data' % OneLogin_Saml2_Constants.NS_DS) x509_certificate = OneLogin_Saml2_XML.make_child(key_data, '{%s}X509Certificate' % OneLogin_Saml2_Constants.NS_DS) x509_certificate.text = OneLogin_Saml2_Utils.format_cert(cert, False) key_descriptor.set('use', ('encryption', 'signing')[signing]) @classmethod def add_x509_key_descriptors(cls, metadata, cert=None, add_encryption=True): """ Adds the x509 descriptors (sign/encryption) to the metadata The same cert will be used for sign/encrypt :param metadata: SAML Metadata XML :type metadata: string :param cert: x509 cert :type cert: string :param add_encryption: Determines if the KeyDescriptor[use="encryption"] should be added. :type add_encryption: boolean :returns: Metadata with KeyDescriptors :rtype: string """ if cert is None or cert == '': return metadata try: root = OneLogin_Saml2_XML.to_etree(metadata) except Exception as e: raise Exception('Error parsing metadata. ' + str(e)) assert root.tag == '{%s}EntityDescriptor' % OneLogin_Saml2_Constants.NS_MD try: sp_sso_descriptor = next(root.iterfind('.//md:SPSSODescriptor', namespaces=OneLogin_Saml2_Constants.NSMAP)) except StopIteration: raise Exception('Malformed metadata.') if add_encryption: cls.__add_x509_key_descriptors(sp_sso_descriptor, cert, False) cls.__add_x509_key_descriptors(sp_sso_descriptor, cert, True) return OneLogin_Saml2_XML.to_string(root) python3-saml-1.12.0/src/onelogin/saml2/response.py000066400000000000000000001204711410551756100217720ustar00rootroot00000000000000# -*- coding: utf-8 -*- """ OneLogin_Saml2_Response class Copyright (c) 2010-2021 OneLogin, Inc. MIT License SAML Response class of OneLogin's Python Toolkit. """ from copy import deepcopy from onelogin.saml2.constants import OneLogin_Saml2_Constants from onelogin.saml2.utils import OneLogin_Saml2_Utils, OneLogin_Saml2_Error, OneLogin_Saml2_ValidationError, return_false_on_exception from onelogin.saml2.xml_utils import OneLogin_Saml2_XML class OneLogin_Saml2_Response(object): """ This class handles a SAML Response. It parses or validates a Logout Response object. """ def __init__(self, settings, response): """ Constructs the response object. :param settings: The setting info :type settings: OneLogin_Saml2_Setting object :param response: The base64 encoded, XML string containing the samlp:Response :type response: string """ self.__settings = settings self.__error = None self.response = OneLogin_Saml2_Utils.b64decode(response) self.document = OneLogin_Saml2_XML.to_etree(self.response) self.decrypted_document = None self.encrypted = None self.valid_scd_not_on_or_after = None # Quick check for the presence of EncryptedAssertion encrypted_assertion_nodes = self.__query('/samlp:Response/saml:EncryptedAssertion') if encrypted_assertion_nodes: decrypted_document = deepcopy(self.document) self.encrypted = True self.decrypted_document = self.__decrypt_assertion(decrypted_document) def is_valid(self, request_data, request_id=None, raise_exceptions=False): """ Validates the response object. :param request_data: Request Data :type request_data: dict :param request_id: Optional argument. The ID of the AuthNRequest sent by this SP to the IdP :type request_id: string :param raise_exceptions: Whether to return false on failure or raise an exception :type raise_exceptions: Boolean :returns: True if the SAML Response is valid, False if not :rtype: bool """ self.__error = None try: # Checks SAML version if self.document.get('Version', None) != '2.0': raise OneLogin_Saml2_ValidationError( 'Unsupported SAML version', OneLogin_Saml2_ValidationError.UNSUPPORTED_SAML_VERSION ) # Checks that ID exists if self.document.get('ID', None) is None: raise OneLogin_Saml2_ValidationError( 'Missing ID attribute on SAML Response', OneLogin_Saml2_ValidationError.MISSING_ID ) # Checks that the response has the SUCCESS status self.check_status() # Checks that the response only has one assertion if not self.validate_num_assertions(): raise OneLogin_Saml2_ValidationError( 'SAML Response must contain 1 assertion', OneLogin_Saml2_ValidationError.WRONG_NUMBER_OF_ASSERTIONS ) idp_data = self.__settings.get_idp_data() idp_entity_id = idp_data['entityId'] sp_data = self.__settings.get_sp_data() sp_entity_id = sp_data['entityId'] signed_elements = self.process_signed_elements() has_signed_response = '{%s}Response' % OneLogin_Saml2_Constants.NS_SAMLP in signed_elements has_signed_assertion = '{%s}Assertion' % OneLogin_Saml2_Constants.NS_SAML in signed_elements if self.__settings.is_strict(): no_valid_xml_msg = 'Invalid SAML Response. Not match the saml-schema-protocol-2.0.xsd' res = OneLogin_Saml2_XML.validate_xml(self.document, 'saml-schema-protocol-2.0.xsd', self.__settings.is_debug_active()) if isinstance(res, str): raise OneLogin_Saml2_ValidationError( no_valid_xml_msg, OneLogin_Saml2_ValidationError.INVALID_XML_FORMAT ) # If encrypted, check also the decrypted document if self.encrypted: res = OneLogin_Saml2_XML.validate_xml(self.decrypted_document, 'saml-schema-protocol-2.0.xsd', self.__settings.is_debug_active()) if isinstance(res, str): raise OneLogin_Saml2_ValidationError( no_valid_xml_msg, OneLogin_Saml2_ValidationError.INVALID_XML_FORMAT ) security = self.__settings.get_security_data() current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data) # Check if the InResponseTo of the Response matchs the ID of the AuthNRequest (requestId) if provided in_response_to = self.get_in_response_to() if in_response_to is not None and request_id is not None: if in_response_to != request_id: raise OneLogin_Saml2_ValidationError( 'The InResponseTo of the Response: %s, does not match the ID of the AuthNRequest sent by the SP: %s' % (in_response_to, request_id), OneLogin_Saml2_ValidationError.WRONG_INRESPONSETO ) if not self.encrypted and security['wantAssertionsEncrypted']: raise OneLogin_Saml2_ValidationError( 'The assertion of the Response is not encrypted and the SP require it', OneLogin_Saml2_ValidationError.NO_ENCRYPTED_ASSERTION ) if security['wantNameIdEncrypted']: encrypted_nameid_nodes = self.__query_assertion('/saml:Subject/saml:EncryptedID/xenc:EncryptedData') if len(encrypted_nameid_nodes) != 1: raise OneLogin_Saml2_ValidationError( 'The NameID of the Response is not encrypted and the SP require it', OneLogin_Saml2_ValidationError.NO_ENCRYPTED_NAMEID ) # Checks that a Conditions element exists if not self.check_one_condition(): raise OneLogin_Saml2_ValidationError( 'The Assertion must include a Conditions element', OneLogin_Saml2_ValidationError.MISSING_CONDITIONS ) # Validates Assertion timestamps self.validate_timestamps(raise_exceptions=True) # Checks that an AuthnStatement element exists and is unique if not self.check_one_authnstatement(): raise OneLogin_Saml2_ValidationError( 'The Assertion must include an AuthnStatement element', OneLogin_Saml2_ValidationError.WRONG_NUMBER_OF_AUTHSTATEMENTS ) # Checks that the response has all of the AuthnContexts that we provided in the request. # Only check if failOnAuthnContextMismatch is true and requestedAuthnContext is set to a list. requested_authn_contexts = security['requestedAuthnContext'] if security['failOnAuthnContextMismatch'] and requested_authn_contexts and requested_authn_contexts is not True: authn_contexts = self.get_authn_contexts() unmatched_contexts = set(authn_contexts).difference(requested_authn_contexts) if unmatched_contexts: raise OneLogin_Saml2_ValidationError( 'The AuthnContext "%s" was not a requested context "%s"' % (', '.join(unmatched_contexts), ', '.join(requested_authn_contexts)), OneLogin_Saml2_ValidationError.AUTHN_CONTEXT_MISMATCH ) # Checks that there is at least one AttributeStatement if required attribute_statement_nodes = self.__query_assertion('/saml:AttributeStatement') if security.get('wantAttributeStatement', True) and not attribute_statement_nodes: raise OneLogin_Saml2_ValidationError( 'There is no AttributeStatement on the Response', OneLogin_Saml2_ValidationError.NO_ATTRIBUTESTATEMENT ) encrypted_attributes_nodes = self.__query_assertion('/saml:AttributeStatement/saml:EncryptedAttribute') if encrypted_attributes_nodes: raise OneLogin_Saml2_ValidationError( 'There is an EncryptedAttribute in the Response and this SP not support them', OneLogin_Saml2_ValidationError.ENCRYPTED_ATTRIBUTES ) # Checks destination destination = self.document.get('Destination', None) if destination: if not OneLogin_Saml2_Utils.normalize_url(url=destination).startswith(OneLogin_Saml2_Utils.normalize_url(url=current_url)): # TODO: Review if following lines are required, since we can control the # request_data # current_url_routed = OneLogin_Saml2_Utils.get_self_routed_url_no_query(request_data) # if not destination.startswith(current_url_routed): raise OneLogin_Saml2_ValidationError( 'The response was received at %s instead of %s' % (current_url, destination), OneLogin_Saml2_ValidationError.WRONG_DESTINATION ) elif destination == '': raise OneLogin_Saml2_ValidationError( 'The response has an empty Destination value', OneLogin_Saml2_ValidationError.EMPTY_DESTINATION ) # Checks audience valid_audiences = self.get_audiences() if valid_audiences and sp_entity_id not in valid_audiences: raise OneLogin_Saml2_ValidationError( '%s is not a valid audience for this Response' % sp_entity_id, OneLogin_Saml2_ValidationError.WRONG_AUDIENCE ) # Checks the issuers issuers = self.get_issuers() for issuer in issuers: if issuer is None or issuer != idp_entity_id: raise OneLogin_Saml2_ValidationError( 'Invalid issuer in the Assertion/Response (expected %(idpEntityId)s, got %(issuer)s)' % { 'idpEntityId': idp_entity_id, 'issuer': issuer }, OneLogin_Saml2_ValidationError.WRONG_ISSUER ) # Checks the session Expiration session_expiration = self.get_session_not_on_or_after() if session_expiration and session_expiration <= OneLogin_Saml2_Utils.now(): raise OneLogin_Saml2_ValidationError( 'The attributes have expired, based on the SessionNotOnOrAfter of the AttributeStatement of this Response', OneLogin_Saml2_ValidationError.SESSION_EXPIRED ) # Checks the SubjectConfirmation, at least one SubjectConfirmation must be valid any_subject_confirmation = False subject_confirmation_nodes = self.__query_assertion('/saml:Subject/saml:SubjectConfirmation') for scn in subject_confirmation_nodes: method = scn.get('Method', None) if method and method != OneLogin_Saml2_Constants.CM_BEARER: continue sc_data = scn.find('saml:SubjectConfirmationData', namespaces=OneLogin_Saml2_Constants.NSMAP) if sc_data is None: continue else: irt = sc_data.get('InResponseTo', None) if in_response_to and irt and irt != in_response_to: continue recipient = sc_data.get('Recipient', None) if recipient and current_url not in recipient: continue nooa = sc_data.get('NotOnOrAfter', None) if nooa: parsed_nooa = OneLogin_Saml2_Utils.parse_SAML_to_time(nooa) if parsed_nooa <= OneLogin_Saml2_Utils.now(): continue nb = sc_data.get('NotBefore', None) if nb: parsed_nb = OneLogin_Saml2_Utils.parse_SAML_to_time(nb) if parsed_nb > OneLogin_Saml2_Utils.now(): continue if nooa: self.valid_scd_not_on_or_after = OneLogin_Saml2_Utils.parse_SAML_to_time(nooa) any_subject_confirmation = True break if not any_subject_confirmation: raise OneLogin_Saml2_ValidationError( 'A valid SubjectConfirmation was not found on this Response', OneLogin_Saml2_ValidationError.WRONG_SUBJECTCONFIRMATION ) if security['wantAssertionsSigned'] and not has_signed_assertion: raise OneLogin_Saml2_ValidationError( 'The Assertion of the Response is not signed and the SP require it', OneLogin_Saml2_ValidationError.NO_SIGNED_ASSERTION ) if security['wantMessagesSigned'] and not has_signed_response: raise OneLogin_Saml2_ValidationError( 'The Message of the Response is not signed and the SP require it', OneLogin_Saml2_ValidationError.NO_SIGNED_MESSAGE ) if not signed_elements or (not has_signed_response and not has_signed_assertion): raise OneLogin_Saml2_ValidationError( 'No Signature found. SAML Response rejected', OneLogin_Saml2_ValidationError.NO_SIGNATURE_FOUND ) else: cert = self.__settings.get_idp_cert() fingerprint = idp_data.get('certFingerprint', None) if fingerprint: fingerprint = OneLogin_Saml2_Utils.format_finger_print(fingerprint) fingerprintalg = idp_data.get('certFingerprintAlgorithm', None) multicerts = None if 'x509certMulti' in idp_data and 'signing' in idp_data['x509certMulti'] and idp_data['x509certMulti']['signing']: multicerts = idp_data['x509certMulti']['signing'] # If find a Signature on the Response, validates it checking the original response if has_signed_response and not OneLogin_Saml2_Utils.validate_sign(self.document, cert, fingerprint, fingerprintalg, xpath=OneLogin_Saml2_Utils.RESPONSE_SIGNATURE_XPATH, multicerts=multicerts, raise_exceptions=False): raise OneLogin_Saml2_ValidationError( 'Signature validation failed. SAML Response rejected', OneLogin_Saml2_ValidationError.INVALID_SIGNATURE ) document_check_assertion = self.decrypted_document if self.encrypted else self.document if has_signed_assertion and not OneLogin_Saml2_Utils.validate_sign(document_check_assertion, cert, fingerprint, fingerprintalg, xpath=OneLogin_Saml2_Utils.ASSERTION_SIGNATURE_XPATH, multicerts=multicerts, raise_exceptions=False): raise OneLogin_Saml2_ValidationError( 'Signature validation failed. SAML Response rejected', OneLogin_Saml2_ValidationError.INVALID_SIGNATURE ) return True except Exception as err: self.__error = str(err) debug = self.__settings.is_debug_active() if debug: print(err) if raise_exceptions: raise return False def check_status(self): """ Check if the status of the response is success or not :raises: Exception. If the status is not success """ status = OneLogin_Saml2_Utils.get_status(self.document) code = status.get('code', None) if code and code != OneLogin_Saml2_Constants.STATUS_SUCCESS: splited_code = code.split(':') printable_code = splited_code.pop() status_exception_msg = 'The status code of the Response was not Success, was %s' % printable_code status_msg = status.get('msg', None) if status_msg: status_exception_msg += ' -> ' + status_msg raise OneLogin_Saml2_ValidationError( status_exception_msg, OneLogin_Saml2_ValidationError.STATUS_CODE_IS_NOT_SUCCESS ) def check_one_condition(self): """ Checks that the samlp:Response/saml:Assertion/saml:Conditions element exists and is unique. """ condition_nodes = self.__query_assertion('/saml:Conditions') if len(condition_nodes) == 1: return True else: return False def check_one_authnstatement(self): """ Checks that the samlp:Response/saml:Assertion/saml:AuthnStatement element exists and is unique. """ authnstatement_nodes = self.__query_assertion('/saml:AuthnStatement') if len(authnstatement_nodes) == 1: return True else: return False def get_audiences(self): """ Gets the audiences :returns: The valid audiences for the SAML Response :rtype: list """ audience_nodes = self.__query_assertion('/saml:Conditions/saml:AudienceRestriction/saml:Audience') return [OneLogin_Saml2_XML.element_text(node) for node in audience_nodes if OneLogin_Saml2_XML.element_text(node) is not None] def get_authn_contexts(self): """ Gets the authentication contexts :returns: The authentication classes for the SAML Response :rtype: list """ authn_context_nodes = self.__query_assertion('/saml:AuthnStatement/saml:AuthnContext/saml:AuthnContextClassRef') return [OneLogin_Saml2_XML.element_text(node) for node in authn_context_nodes] def get_in_response_to(self): """ Gets the ID of the request which this response is in response to :returns: ID of AuthNRequest this Response is in response to or None if it is not present :rtype: str """ return self.document.get('InResponseTo') def get_issuers(self): """ Gets the issuers (from message and from assertion) :returns: The issuers :rtype: list """ issuers = set() message_issuer_nodes = OneLogin_Saml2_XML.query(self.document, '/samlp:Response/saml:Issuer') if len(message_issuer_nodes) > 0: if len(message_issuer_nodes) == 1: issuer_value = OneLogin_Saml2_XML.element_text(message_issuer_nodes[0]) if issuer_value: issuers.add(issuer_value) else: raise OneLogin_Saml2_ValidationError( 'Issuer of the Response is multiple.', OneLogin_Saml2_ValidationError.ISSUER_MULTIPLE_IN_RESPONSE ) assertion_issuer_nodes = self.__query_assertion('/saml:Issuer') if len(assertion_issuer_nodes) == 1: issuer_value = OneLogin_Saml2_XML.element_text(assertion_issuer_nodes[0]) if issuer_value: issuers.add(issuer_value) else: raise OneLogin_Saml2_ValidationError( 'Issuer of the Assertion not found or multiple.', OneLogin_Saml2_ValidationError.ISSUER_NOT_FOUND_IN_ASSERTION ) return list(set(issuers)) def get_nameid_data(self): """ Gets the NameID Data provided by the SAML Response from the IdP :returns: Name ID Data (Value, Format, NameQualifier, SPNameQualifier) :rtype: dict """ nameid = None nameid_data = {} encrypted_id_data_nodes = self.__query_assertion('/saml:Subject/saml:EncryptedID/xenc:EncryptedData') if encrypted_id_data_nodes: encrypted_data = encrypted_id_data_nodes[0] key = self.__settings.get_sp_key() nameid = OneLogin_Saml2_Utils.decrypt_element(encrypted_data, key) else: nameid_nodes = self.__query_assertion('/saml:Subject/saml:NameID') if nameid_nodes: nameid = nameid_nodes[0] is_strict = self.__settings.is_strict() want_nameid = self.__settings.get_security_data().get('wantNameId', True) if nameid is None: if is_strict and want_nameid: raise OneLogin_Saml2_ValidationError( 'NameID not found in the assertion of the Response', OneLogin_Saml2_ValidationError.NO_NAMEID ) else: if is_strict and want_nameid and not OneLogin_Saml2_XML.element_text(nameid): raise OneLogin_Saml2_ValidationError( 'An empty NameID value found', OneLogin_Saml2_ValidationError.EMPTY_NAMEID ) nameid_data = {'Value': OneLogin_Saml2_XML.element_text(nameid)} for attr in ['Format', 'SPNameQualifier', 'NameQualifier']: value = nameid.get(attr, None) if value: if is_strict and attr == 'SPNameQualifier': sp_data = self.__settings.get_sp_data() sp_entity_id = sp_data.get('entityId', '') if sp_entity_id != value: raise OneLogin_Saml2_ValidationError( 'The SPNameQualifier value mistmatch the SP entityID value.', OneLogin_Saml2_ValidationError.SP_NAME_QUALIFIER_NAME_MISMATCH ) nameid_data[attr] = value return nameid_data def get_nameid(self): """ Gets the NameID provided by the SAML Response from the IdP :returns: NameID (value) :rtype: string|None """ nameid_value = None nameid_data = self.get_nameid_data() if nameid_data and 'Value' in nameid_data.keys(): nameid_value = nameid_data['Value'] return nameid_value def get_nameid_format(self): """ Gets the NameID Format provided by the SAML Response from the IdP :returns: NameID Format :rtype: string|None """ nameid_format = None nameid_data = self.get_nameid_data() if nameid_data and 'Format' in nameid_data.keys(): nameid_format = nameid_data['Format'] return nameid_format def get_nameid_nq(self): """ Gets the NameID NameQualifier provided by the SAML Response from the IdP :returns: NameID NameQualifier :rtype: string|None """ nameid_nq = None nameid_data = self.get_nameid_data() if nameid_data and 'NameQualifier' in nameid_data.keys(): nameid_nq = nameid_data['NameQualifier'] return nameid_nq def get_nameid_spnq(self): """ Gets the NameID SP NameQualifier provided by the SAML response from the IdP. :returns: NameID SP NameQualifier :rtype: string|None """ nameid_spnq = None nameid_data = self.get_nameid_data() if nameid_data and 'SPNameQualifier' in nameid_data.keys(): nameid_spnq = nameid_data['SPNameQualifier'] return nameid_spnq def get_session_not_on_or_after(self): """ Gets the SessionNotOnOrAfter from the AuthnStatement Could be used to set the local session expiration :returns: The SessionNotOnOrAfter value :rtype: time|None """ not_on_or_after = None authn_statement_nodes = self.__query_assertion('/saml:AuthnStatement[@SessionNotOnOrAfter]') if authn_statement_nodes: not_on_or_after = OneLogin_Saml2_Utils.parse_SAML_to_time(authn_statement_nodes[0].get('SessionNotOnOrAfter')) return not_on_or_after def get_assertion_not_on_or_after(self): """ Returns the NotOnOrAfter value of the valid SubjectConfirmationData node if any """ return self.valid_scd_not_on_or_after def get_session_index(self): """ Gets the SessionIndex from the AuthnStatement Could be used to be stored in the local session in order to be used in a future Logout Request that the SP could send to the SP, to set what specific session must be deleted :returns: The SessionIndex value :rtype: string|None """ session_index = None authn_statement_nodes = self.__query_assertion('/saml:AuthnStatement[@SessionIndex]') if authn_statement_nodes: session_index = authn_statement_nodes[0].get('SessionIndex') return session_index def get_attributes(self): """ Gets the Attributes from the AttributeStatement element. EncryptedAttributes are not supported """ return self._get_attributes('Name') def get_friendlyname_attributes(self): """ Gets the Attributes from the AttributeStatement element indexed by FiendlyName. EncryptedAttributes are not supported """ return self._get_attributes('FriendlyName') def _get_attributes(self, attr_name): allow_duplicates = self.__settings.get_security_data().get('allowRepeatAttributeName', False) attributes = {} attribute_nodes = self.__query_assertion('/saml:AttributeStatement/saml:Attribute') for attribute_node in attribute_nodes: attr_key = attribute_node.get(attr_name) if attr_key: if not allow_duplicates and attr_key in attributes: raise OneLogin_Saml2_ValidationError( 'Found an Attribute element with duplicated ' + attr_name, OneLogin_Saml2_ValidationError.DUPLICATED_ATTRIBUTE_NAME_FOUND ) values = [] for attr in attribute_node.iterchildren('{%s}AttributeValue' % OneLogin_Saml2_Constants.NSMAP['saml']): attr_text = OneLogin_Saml2_XML.element_text(attr) if attr_text: attr_text = attr_text.strip() if attr_text: values.append(attr_text) # Parse any nested NameID children for nameid in attr.iterchildren('{%s}NameID' % OneLogin_Saml2_Constants.NSMAP['saml']): values.append({ 'NameID': { 'Format': nameid.get('Format'), 'NameQualifier': nameid.get('NameQualifier'), 'value': nameid.text } }) if attr_key in attributes: attributes[attr_key].extend(values) else: attributes[attr_key] = values return attributes def validate_num_assertions(self): """ Verifies that the document only contains a single Assertion (encrypted or not) :returns: True if only 1 assertion encrypted or not :rtype: bool """ encrypted_assertion_nodes = OneLogin_Saml2_XML.query(self.document, '//saml:EncryptedAssertion') assertion_nodes = OneLogin_Saml2_XML.query(self.document, '//saml:Assertion') valid = len(encrypted_assertion_nodes) + len(assertion_nodes) == 1 if (self.encrypted): assertion_nodes = OneLogin_Saml2_XML.query(self.decrypted_document, '//saml:Assertion') valid = valid and len(assertion_nodes) == 1 return valid def process_signed_elements(self): """ Verifies the signature nodes: - Checks that are Response or Assertion - Check that IDs and reference URI are unique and consistent. :returns: The signed elements tag names :rtype: list """ sign_nodes = self.__query('//ds:Signature') signed_elements = [] verified_seis = [] verified_ids = [] response_tag = '{%s}Response' % OneLogin_Saml2_Constants.NS_SAMLP assertion_tag = '{%s}Assertion' % OneLogin_Saml2_Constants.NS_SAML for sign_node in sign_nodes: signed_element = sign_node.getparent().tag if signed_element != response_tag and signed_element != assertion_tag: raise OneLogin_Saml2_ValidationError( 'Invalid Signature Element %s SAML Response rejected' % signed_element, OneLogin_Saml2_ValidationError.WRONG_SIGNED_ELEMENT ) if not sign_node.getparent().get('ID'): raise OneLogin_Saml2_ValidationError( 'Signed Element must contain an ID. SAML Response rejected', OneLogin_Saml2_ValidationError.ID_NOT_FOUND_IN_SIGNED_ELEMENT ) id_value = sign_node.getparent().get('ID') if id_value in verified_ids: raise OneLogin_Saml2_ValidationError( 'Duplicated ID. SAML Response rejected', OneLogin_Saml2_ValidationError.DUPLICATED_ID_IN_SIGNED_ELEMENTS ) verified_ids.append(id_value) # Check that reference URI matches the parent ID and no duplicate References or IDs ref = OneLogin_Saml2_XML.query(sign_node, './/ds:Reference') if ref: ref = ref[0] if ref.get('URI'): sei = ref.get('URI')[1:] if sei != id_value: raise OneLogin_Saml2_ValidationError( 'Found an invalid Signed Element. SAML Response rejected', OneLogin_Saml2_ValidationError.INVALID_SIGNED_ELEMENT ) if sei in verified_seis: raise OneLogin_Saml2_ValidationError( 'Duplicated Reference URI. SAML Response rejected', OneLogin_Saml2_ValidationError.DUPLICATED_REFERENCE_IN_SIGNED_ELEMENTS ) verified_seis.append(sei) signed_elements.append(signed_element) if signed_elements: if not self.validate_signed_elements(signed_elements, raise_exceptions=True): raise OneLogin_Saml2_ValidationError( 'Found an unexpected Signature Element. SAML Response rejected', OneLogin_Saml2_ValidationError.UNEXPECTED_SIGNED_ELEMENTS ) return signed_elements @return_false_on_exception def validate_signed_elements(self, signed_elements): """ Verifies that the document has the expected signed nodes. :param signed_elements: The signed elements to be checked :type signed_elements: list :param raise_exceptions: Whether to return false on failure or raise an exception :type raise_exceptions: Boolean """ if len(signed_elements) > 2: return False response_tag = '{%s}Response' % OneLogin_Saml2_Constants.NS_SAMLP assertion_tag = '{%s}Assertion' % OneLogin_Saml2_Constants.NS_SAML if (response_tag in signed_elements and signed_elements.count(response_tag) > 1) or \ (assertion_tag in signed_elements and signed_elements.count(assertion_tag) > 1) or \ (response_tag not in signed_elements and assertion_tag not in signed_elements): return False # Check that the signed elements found here, are the ones that will be verified # by OneLogin_Saml2_Utils.validate_sign if response_tag in signed_elements: expected_signature_nodes = OneLogin_Saml2_XML.query(self.document, OneLogin_Saml2_Utils.RESPONSE_SIGNATURE_XPATH) if len(expected_signature_nodes) != 1: raise OneLogin_Saml2_ValidationError( 'Unexpected number of Response signatures found. SAML Response rejected.', OneLogin_Saml2_ValidationError.WRONG_NUMBER_OF_SIGNATURES_IN_RESPONSE ) if assertion_tag in signed_elements: expected_signature_nodes = self.__query(OneLogin_Saml2_Utils.ASSERTION_SIGNATURE_XPATH) if len(expected_signature_nodes) != 1: raise OneLogin_Saml2_ValidationError( 'Unexpected number of Assertion signatures found. SAML Response rejected.', OneLogin_Saml2_ValidationError.WRONG_NUMBER_OF_SIGNATURES_IN_ASSERTION ) return True @return_false_on_exception def validate_timestamps(self): """ Verifies that the document is valid according to Conditions Element :returns: True if the condition is valid, False otherwise :rtype: bool """ conditions_nodes = self.__query_assertion('/saml:Conditions') for conditions_node in conditions_nodes: nb_attr = conditions_node.get('NotBefore') nooa_attr = conditions_node.get('NotOnOrAfter') if nb_attr and OneLogin_Saml2_Utils.parse_SAML_to_time(nb_attr) > OneLogin_Saml2_Utils.now() + OneLogin_Saml2_Constants.ALLOWED_CLOCK_DRIFT: raise OneLogin_Saml2_ValidationError( 'Could not validate timestamp: not yet valid. Check system clock.', OneLogin_Saml2_ValidationError.ASSERTION_TOO_EARLY ) if nooa_attr and OneLogin_Saml2_Utils.parse_SAML_to_time(nooa_attr) + OneLogin_Saml2_Constants.ALLOWED_CLOCK_DRIFT <= OneLogin_Saml2_Utils.now(): raise OneLogin_Saml2_ValidationError( 'Could not validate timestamp: expired. Check system clock.', OneLogin_Saml2_ValidationError.ASSERTION_EXPIRED ) return True def __query_assertion(self, xpath_expr): """ Extracts nodes that match the query from the Assertion :param xpath_expr: Xpath Expresion :type xpath_expr: String :returns: The queried nodes :rtype: list """ assertion_expr = '/saml:Assertion' signature_expr = '/ds:Signature/ds:SignedInfo/ds:Reference' signed_assertion_query = '/samlp:Response' + assertion_expr + signature_expr assertion_reference_nodes = self.__query(signed_assertion_query) tagid = None if not assertion_reference_nodes: # Check if the message is signed signed_message_query = '/samlp:Response' + signature_expr message_reference_nodes = self.__query(signed_message_query) if message_reference_nodes: message_id = message_reference_nodes[0].get('URI') final_query = "/samlp:Response[@ID=$tagid]/" tagid = message_id[1:] else: final_query = "/samlp:Response" final_query += assertion_expr else: assertion_id = assertion_reference_nodes[0].get('URI') final_query = '/samlp:Response' + assertion_expr + "[@ID=$tagid]" tagid = assertion_id[1:] final_query += xpath_expr return self.__query(final_query, tagid) def __query(self, query, tagid=None): """ Extracts nodes that match the query from the Response :param query: Xpath Expresion :type query: String :param tagid: Tag ID :type query: String :returns: The queried nodes :rtype: list """ if self.encrypted: document = self.decrypted_document else: document = self.document return OneLogin_Saml2_XML.query(document, query, None, tagid) def __decrypt_assertion(self, xml): """ Decrypts the Assertion :raises: Exception if no private key available :param xml: Encrypted Assertion :type xml: Element :returns: Decrypted Assertion :rtype: Element """ key = self.__settings.get_sp_key() debug = self.__settings.is_debug_active() if not key: raise OneLogin_Saml2_Error( 'No private key available to decrypt the assertion, check settings', OneLogin_Saml2_Error.PRIVATE_KEY_NOT_FOUND ) encrypted_assertion_nodes = OneLogin_Saml2_XML.query(xml, '/samlp:Response/saml:EncryptedAssertion') if encrypted_assertion_nodes: encrypted_data_nodes = OneLogin_Saml2_XML.query(encrypted_assertion_nodes[0], '//saml:EncryptedAssertion/xenc:EncryptedData') if encrypted_data_nodes: keyinfo = OneLogin_Saml2_XML.query(encrypted_assertion_nodes[0], '//saml:EncryptedAssertion/xenc:EncryptedData/ds:KeyInfo') if not keyinfo: raise OneLogin_Saml2_ValidationError( 'No KeyInfo present, invalid Assertion', OneLogin_Saml2_ValidationError.KEYINFO_NOT_FOUND_IN_ENCRYPTED_DATA ) keyinfo = keyinfo[0] children = keyinfo.getchildren() if not children: raise OneLogin_Saml2_ValidationError( 'KeyInfo has no children nodes, invalid Assertion', OneLogin_Saml2_ValidationError.CHILDREN_NODE_NOT_FOUND_IN_KEYINFO ) for child in children: if 'RetrievalMethod' in child.tag: if child.attrib['Type'] != 'http://www.w3.org/2001/04/xmlenc#EncryptedKey': raise OneLogin_Saml2_ValidationError( 'Unsupported Retrieval Method found', OneLogin_Saml2_ValidationError.UNSUPPORTED_RETRIEVAL_METHOD ) uri = child.attrib['URI'] if not uri.startswith('#'): break uri = uri.split('#')[1] encrypted_key = OneLogin_Saml2_XML.query(encrypted_assertion_nodes[0], './xenc:EncryptedKey[@Id=$tagid]', None, uri) if encrypted_key: keyinfo.append(encrypted_key[0]) encrypted_data = encrypted_data_nodes[0] decrypted = OneLogin_Saml2_Utils.decrypt_element(encrypted_data, key, debug=debug, inplace=True) xml.replace(encrypted_assertion_nodes[0], decrypted) return xml def get_error(self): """ After executing a validation process, if it fails this method returns the cause """ return self.__error def get_xml_document(self): """ Returns the SAML Response document (If contains an encrypted assertion, decrypts it) :return: Decrypted XML response document :rtype: DOMDocument """ if self.encrypted: return self.decrypted_document else: return self.document def get_id(self): """ :returns: the ID of the response :rtype: string """ return self.document.get('ID', None) def get_assertion_id(self): """ :returns: the ID of the assertion in the response :rtype: string """ if not self.validate_num_assertions(): raise OneLogin_Saml2_ValidationError( 'SAML Response must contain 1 assertion', OneLogin_Saml2_ValidationError.WRONG_NUMBER_OF_ASSERTIONS ) return self.__query_assertion('')[0].get('ID', None) python3-saml-1.12.0/src/onelogin/saml2/schemas/000077500000000000000000000000001410551756100212005ustar00rootroot00000000000000python3-saml-1.12.0/src/onelogin/saml2/schemas/saml-schema-assertion-2.0.xsd000066400000000000000000000307461410551756100264260ustar00rootroot00000000000000 Document identifier: saml-schema-assertion-2.0 Location: http://docs.oasis-open.org/security/saml/v2.0/ Revision history: V1.0 (November, 2002): Initial Standard Schema. V1.1 (September, 2003): Updates within the same V1.0 namespace. V2.0 (March, 2005): New assertion schema for SAML V2.0 namespace. python3-saml-1.12.0/src/onelogin/saml2/schemas/saml-schema-authn-context-2.0.xsd000066400000000000000000000013721410551756100272110ustar00rootroot00000000000000 Document identifier: saml-schema-authn-context-2.0 Location: http://docs.oasis-open.org/security/saml/v2.0/ Revision history: V2.0 (March, 2005): New core authentication context schema for SAML V2.0. This is just an include of all types from the schema referred to in the include statement below. python3-saml-1.12.0/src/onelogin/saml2/schemas/saml-schema-authn-context-types-2.0.xsd000066400000000000000000000711331410551756100303550ustar00rootroot00000000000000 Document identifier: saml-schema-authn-context-types-2.0 Location: http://docs.oasis-open.org/security/saml/v2.0/ Revision history: V2.0 (March, 2005): New core authentication context schema types for SAML V2.0. A particular assertion on an identity provider's part with respect to the authentication context associated with an authentication assertion. Refers to those characteristics that describe the processes and mechanisms the Authentication Authority uses to initially create an association between a Principal and the identity (or name) by which the Principal will be known This element indicates that identification has been performed in a physical face-to-face meeting with the principal and not in an online manner. Refers to those characterstics that describe how the 'secret' (the knowledge or possession of which allows the Principal to authenticate to the Authentication Authority) is kept secure This element indicates the types and strengths of facilities of a UA used to protect a shared secret key from unauthorized access and/or use. This element indicates the types and strengths of facilities of a UA used to protect a private key from unauthorized access and/or use. The actions that must be performed before the private key can be used. Whether or not the private key is shared with the certificate authority. In which medium is the key stored. memory - the key is stored in memory. smartcard - the key is stored in a smartcard. token - the key is stored in a hardware token. MobileDevice - the key is stored in a mobile device. MobileAuthCard - the key is stored in a mobile authentication card. This element indicates that a password (or passphrase) has been used to authenticate the Principal to a remote system. This element indicates that a Pin (Personal Identification Number) has been used to authenticate the Principal to some local system in order to activate a key. This element indicates that a hardware or software token is used as a method of identifying the Principal. This element indicates that a time synchronization token is used to identify the Principal. hardware - the time synchonization token has been implemented in hardware. software - the time synchronization token has been implemented in software. SeedLength - the length, in bits, of the random seed used in the time synchronization token. This element indicates that a smartcard is used to identity the Principal. This element indicates the minimum and/or maximum ASCII length of the password which is enforced (by the UA or the IdP). In other words, this is the minimum and/or maximum number of ASCII characters required to represent a valid password. min - the minimum number of ASCII characters required in a valid password, as enforced by the UA or the IdP. max - the maximum number of ASCII characters required in a valid password, as enforced by the UA or the IdP. This element indicates the length of time for which an PIN-based authentication is valid. Indicates whether the password was chosen by the Principal or auto-supplied by the Authentication Authority. principalchosen - the Principal is allowed to choose the value of the password. This is true even if the initial password is chosen at random by the UA or the IdP and the Principal is then free to change the password. automatic - the password is chosen by the UA or the IdP to be cryptographically strong in some sense, or to satisfy certain password rules, and that the Principal is not free to change it or to choose a new password. Refers to those characteristics that define the mechanisms by which the Principal authenticates to the Authentication Authority. The method that a Principal employs to perform authentication to local system components. The method applied to validate a principal's authentication across a network Supports Authenticators with nested combinations of additional complexity. Indicates that the Principal has been strongly authenticated in a previous session during which the IdP has set a cookie in the UA. During the present session the Principal has only been authenticated by the UA returning the cookie to the IdP. Rather like PreviousSession but using stronger security. A secret that was established in a previous session with the Authentication Authority has been cached by the local system and is now re-used (e.g. a Master Secret is used to derive new session keys in TLS, SSL, WTLS). This element indicates that the Principal has been authenticated by a zero knowledge technique as specified in ISO/IEC 9798-5. This element indicates that the Principal has been authenticated by a challenge-response protocol utilizing shared secret keys and symmetric cryptography. This element indicates that the Principal has been authenticated by a mechanism which involves the Principal computing a digital signature over at least challenge data provided by the IdP. The local system has a private key but it is used in decryption mode, rather than signature mode. For example, the Authentication Authority generates a secret and encrypts it using the local system's public key: the local system then proves it has decrypted the secret. The local system has a private key and uses it for shared secret key agreement with the Authentication Authority (e.g. via Diffie Helman). This element indicates that the Principal has been authenticated through connection from a particular IP address. The local system and Authentication Authority share a secret key. The local system uses this to encrypt a randomised string to pass to the Authentication Authority. The protocol across which Authenticator information is transferred to an Authentication Authority verifier. This element indicates that the Authenticator has been transmitted using bare HTTP utilizing no additional security protocols. This element indicates that the Authenticator has been transmitted using a transport mechanism protected by an IPSEC session. This element indicates that the Authenticator has been transmitted using a transport mechanism protected by a WTLS session. This element indicates that the Authenticator has been transmitted solely across a mobile network using no additional security mechanism. This element indicates that the Authenticator has been transmitted using a transport mechnanism protected by an SSL or TLS session. Refers to those characteristics that describe procedural security controls employed by the Authentication Authority. Provides a mechanism for linking to external (likely human readable) documents in which additional business agreements, (e.g. liability constraints, obligations, etc) can be placed. This attribute indicates whether or not the Identification mechanisms allow the actions of the Principal to be linked to an actual end user. This element indicates that the Key Activation Limit is defined as a specific duration of time. This element indicates that the Key Activation Limit is defined as a number of usages. This element indicates that the Key Activation Limit is the session. python3-saml-1.12.0/src/onelogin/saml2/schemas/saml-schema-metadata-2.0.xsd000066400000000000000000000370271410551756100261760ustar00rootroot00000000000000 Document identifier: saml-schema-metadata-2.0 Location: http://docs.oasis-open.org/security/saml/v2.0/ Revision history: V2.0 (March, 2005): Schema for SAML metadata, first published in SAML 2.0. python3-saml-1.12.0/src/onelogin/saml2/schemas/saml-schema-protocol-2.0.xsd000066400000000000000000000322321410551756100262500ustar00rootroot00000000000000 Document identifier: saml-schema-protocol-2.0 Location: http://docs.oasis-open.org/security/saml/v2.0/ Revision history: V1.0 (November, 2002): Initial Standard Schema. V1.1 (September, 2003): Updates within the same V1.0 namespace. V2.0 (March, 2005): New protocol schema based in a SAML V2.0 namespace. python3-saml-1.12.0/src/onelogin/saml2/schemas/sstc-metadata-attr.xsd000066400000000000000000000021631410551756100254240ustar00rootroot00000000000000 Document title: SAML V2.0 Metadata Extention for Entity Attributes Schema Document identifier: sstc-metadata-attr.xsd Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security Revision history: V1.0 (November 2008): Initial version. python3-saml-1.12.0/src/onelogin/saml2/schemas/sstc-saml-attribute-ext.xsd000066400000000000000000000013341410551756100264260ustar00rootroot00000000000000 Document title: SAML V2.0 Attribute Extension Schema Document identifier: sstc-saml-attribute-ext.xsd Location: http://www.oasis-open.org/committees/documents.php?wg_abbrev=security Revision history: V1.0 (October 2008): Initial version. python3-saml-1.12.0/src/onelogin/saml2/schemas/sstc-saml-metadata-algsupport-v1.0.xsd000066400000000000000000000026551410551756100302740ustar00rootroot00000000000000 Document title: Metadata Extension Schema for SAML V2.0 Metadata Profile for Algorithm Support Version 1.0 Document identifier: sstc-saml-metadata-algsupport.xsd Location: http://docs.oasis-open.org/security/saml/Post2.0/ Revision history: V1.0 (June 2010): Initial version. python3-saml-1.12.0/src/onelogin/saml2/schemas/sstc-saml-metadata-ui-v1.0.xsd000066400000000000000000000060321410551756100265020ustar00rootroot00000000000000 Document title: Metadata Extension Schema for SAML V2.0 Metadata Extensions for Login and Discovery User Interface Version 1.0 Document identifier: sstc-saml-metadata-ui-v1.0.xsd Location: http://docs.oasis-open.org/security/saml/Post2.0/ Revision history: 16 November 2010: Added Keywords element/type. 01 November 2010 Changed filename. September 2010: Initial version. python3-saml-1.12.0/src/onelogin/saml2/schemas/xenc-schema.xsd000066400000000000000000000113361410551756100241170ustar00rootroot00000000000000 python3-saml-1.12.0/src/onelogin/saml2/schemas/xml.xsd000066400000000000000000000212041410551756100225170ustar00rootroot00000000000000

About the XML namespace

This schema document describes the XML namespace, in a form suitable for import by other schema documents.

See http://www.w3.org/XML/1998/namespace.html and http://www.w3.org/TR/REC-xml for information about this namespace.

Note that local names in this namespace are intended to be defined only by the World Wide Web Consortium or its subgroups. The names currently defined in this namespace are listed below. They should not be used with conflicting semantics by any Working Group, specification, or document instance.

See further below in this document for more information about how to refer to this schema document from your own XSD schema documents and about the namespace-versioning policy governing this schema document.

lang (as an attribute name)

denotes an attribute whose value is a language code for the natural language of the content of any element; its value is inherited. This name is reserved by virtue of its definition in the XML specification.

Notes

Attempting to install the relevant ISO 2- and 3-letter codes as the enumerated possible values is probably never going to be a realistic possibility.

See BCP 47 at http://www.rfc-editor.org/rfc/bcp/bcp47.txt and the IANA language subtag registry at http://www.iana.org/assignments/language-subtag-registry for further information.

The union allows for the 'un-declaration' of xml:lang with the empty string.

space (as an attribute name)

denotes an attribute whose value is a keyword indicating what whitespace processing discipline is intended for the content of the element; its value is inherited. This name is reserved by virtue of its definition in the XML specification.

base (as an attribute name)

denotes an attribute whose value provides a URI to be used as the base for interpreting any relative URIs in the scope of the element on which it appears; its value is inherited. This name is reserved by virtue of its definition in the XML Base specification.

See http://www.w3.org/TR/xmlbase/ for information about this attribute.

id (as an attribute name)

denotes an attribute whose value should be interpreted as if declared to be of type ID. This name is reserved by virtue of its definition in the xml:id specification.

See http://www.w3.org/TR/xml-id/ for information about this attribute.

Father (in any context at all)

denotes Jon Bosak, the chair of the original XML Working Group. This name is reserved by the following decision of the W3C XML Plenary and XML Coordination groups:

In appreciation for his vision, leadership and dedication the W3C XML Plenary on this 10th day of February, 2000, reserves for Jon Bosak in perpetuity the XML name "xml:Father".

About this schema document

This schema defines attributes and an attribute group suitable for use by schemas wishing to allow xml:base, xml:lang, xml:space or xml:id attributes on elements they define.

To enable this, such a schema must import this schema for the XML namespace, e.g. as follows: 

          <schema . . .>
           . . .
           <import namespace="http://www.w3.org/XML/1998/namespace"
                      schemaLocation="http://www.w3.org/2001/xml.xsd"/>

or 

           <import namespace="http://www.w3.org/XML/1998/namespace"
                      schemaLocation="http://www.w3.org/2009/01/xml.xsd"/>

Subsequently, qualified reference to any of the attributes or the group defined below will have the desired effect, e.g. 

          <type . . .>
           . . .
           <attributeGroup ref="xml:specialAttrs"/>

will define a type which will schema-validate an instance element with any of those attributes.

Versioning policy for this schema document

In keeping with the XML Schema WG's standard versioning policy, this schema document will persist at http://www.w3.org/2009/01/xml.xsd.

At the date of issue it can also be found at http://www.w3.org/2001/xml.xsd.

The schema document at that URI may however change in the future, in order to remain compatible with the latest version of XML Schema itself, or with the XML namespace itself. In other words, if the XML Schema or XML namespaces change, the version of this document at http://www.w3.org/2001/xml.xsd will change accordingly; the version at http://www.w3.org/2009/01/xml.xsd will not change.

Previous dated (and unchanging) versions of this schema document are at:

python3-saml-1.12.0/src/onelogin/saml2/schemas/xmldsig-core-schema.xsd000066400000000000000000000234231410551756100255570ustar00rootroot00000000000000 python3-saml-1.12.0/src/onelogin/saml2/settings.py000066400000000000000000000753571410551756100220100ustar00rootroot00000000000000# -*- coding: utf-8 -*- """ OneLogin_Saml2_Settings class Copyright (c) 2010-2021 OneLogin, Inc. MIT License Setting class of OneLogin's Python Toolkit. """ from time import time import re from os.path import dirname, exists, join, sep from onelogin.saml2 import compat from onelogin.saml2.constants import OneLogin_Saml2_Constants from onelogin.saml2.errors import OneLogin_Saml2_Error from onelogin.saml2.metadata import OneLogin_Saml2_Metadata from onelogin.saml2.utils import OneLogin_Saml2_Utils from onelogin.saml2.xml_utils import OneLogin_Saml2_XML try: import ujson as json except ImportError: import json try: basestring except NameError: basestring = str # Regex from Django Software Foundation and individual contributors. # Released under a BSD 3-Clause License url_regex = re.compile( r'^(?:[a-z0-9\.\-]*)://' # scheme is validated separately r'(?:(?:[A-Z0-9_](?:[A-Z0-9-_]{0,61}[A-Z0-9_])?\.)+(?:[A-Z]{2,6}\.?|[A-Z0-9-]{2,}\.?)|' # domain... r'localhost|' # localhost... r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|' # ...or ipv4 r'\[?[A-F0-9]*:[A-F0-9:]+\]?)' # ...or ipv6 r'(?::\d+)?' # optional port r'(?:/?|[/?]\S+)$', re.IGNORECASE) url_regex_single_label_domain = re.compile( r'^(?:[a-z0-9\.\-]*)://' # scheme is validated separately r'(?:(?:[A-Z0-9_](?:[A-Z0-9-_]{0,61}[A-Z0-9_])?\.)+(?:[A-Z]{2,6}\.?|[A-Z0-9-]{2,}\.?)|' # domain... r'(?:[A-Z0-9_](?:[A-Z0-9-_]{0,61}[A-Z0-9_]))|' # single-label-domain r'localhost|' # localhost... r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|' # ...or ipv4 r'\[?[A-F0-9]*:[A-F0-9:]+\]?)' # ...or ipv6 r'(?::\d+)?' # optional port r'(?:/?|[/?]\S+)$', re.IGNORECASE) url_schemes = ['http', 'https', 'ftp', 'ftps'] def validate_url(url, allow_single_label_domain=False): """ Auxiliary method to validate an urllib :param url: An url to be validated :type url: string :param allow_single_label_domain: In order to allow or not single label domain :type url: bool :returns: True if the url is valid :rtype: bool """ scheme = url.split('://')[0].lower() if scheme not in url_schemes: return False if allow_single_label_domain: if not bool(url_regex_single_label_domain.search(url)): return False else: if not bool(url_regex.search(url)): return False return True class OneLogin_Saml2_Settings(object): """ Handles the settings of the Python toolkits. """ metadata_class = OneLogin_Saml2_Metadata def __init__(self, settings=None, custom_base_path=None, sp_validation_only=False): """ Initializes the settings: - Sets the paths of the different folders - Loads settings info from settings file or array/object provided :param settings: SAML Toolkit Settings :type settings: dict :param custom_base_path: Path where are stored the settings file and the cert folder :type custom_base_path: string :param sp_validation_only: Avoid the IdP validation :type sp_validation_only: boolean """ self.__sp_validation_only = sp_validation_only self.__paths = {} self.__strict = True self.__debug = False self.__sp = {} self.__idp = {} self.__security = {} self.__contacts = {} self.__organization = {} self.__errors = [] self.__load_paths(base_path=custom_base_path) self.__update_paths(settings) if settings is None: try: valid = self.__load_settings_from_file() except Exception as e: raise e if not valid: raise OneLogin_Saml2_Error( 'Invalid dict settings at the file: %s', OneLogin_Saml2_Error.SETTINGS_INVALID, ','.join(self.__errors) ) elif isinstance(settings, dict): if not self.__load_settings_from_dict(settings): raise OneLogin_Saml2_Error( 'Invalid dict settings: %s', OneLogin_Saml2_Error.SETTINGS_INVALID, ','.join(self.__errors) ) else: raise OneLogin_Saml2_Error( 'Unsupported settings object', OneLogin_Saml2_Error.UNSUPPORTED_SETTINGS_OBJECT ) self.format_idp_cert() if 'x509certMulti' in self.__idp: self.format_idp_cert_multi() self.format_sp_cert() if 'x509certNew' in self.__sp: self.format_sp_cert_new() self.format_sp_key() def __load_paths(self, base_path=None): """ Set the paths of the different folders """ if base_path is None: base_path = dirname(dirname(dirname(__file__))) if not base_path.endswith(sep): base_path += sep self.__paths = { 'base': base_path, 'cert': base_path + 'certs' + sep, 'lib': dirname(__file__) + sep } def __update_paths(self, settings): """ Set custom paths if necessary """ if not isinstance(settings, dict): return if 'custom_base_path' in settings: base_path = settings['custom_base_path'] base_path = join(dirname(__file__), base_path) self.__load_paths(base_path) def get_base_path(self): """ Returns base path :return: The base toolkit folder path :rtype: string """ return self.__paths['base'] def get_cert_path(self): """ Returns cert path :return: The cert folder path :rtype: string """ return self.__paths['cert'] def set_cert_path(self, path): """ Set a new cert path """ self.__paths['cert'] = path def get_lib_path(self): """ Returns lib path :return: The library folder path :rtype: string """ return self.__paths['lib'] def get_schemas_path(self): """ Returns schema path :return: The schema folder path :rtype: string """ return self.__paths['lib'] + 'schemas/' def __load_settings_from_dict(self, settings): """ Loads settings info from a settings Dict :param settings: SAML Toolkit Settings :type settings: dict :returns: True if the settings info is valid :rtype: boolean """ errors = self.check_settings(settings) if len(errors) == 0: self.__errors = [] self.__sp = settings['sp'] self.__idp = settings.get('idp', {}) self.__strict = settings.get('strict', True) self.__debug = settings.get('debug', False) self.__security = settings.get('security', {}) self.__contacts = settings.get('contactPerson', {}) self.__organization = settings.get('organization', {}) self.__add_default_values() return True self.__errors = errors return False def __load_settings_from_file(self): """ Loads settings info from the settings json file :returns: True if the settings info is valid :rtype: boolean """ filename = self.get_base_path() + 'settings.json' if not exists(filename): raise OneLogin_Saml2_Error( 'Settings file not found: %s', OneLogin_Saml2_Error.SETTINGS_FILE_NOT_FOUND, filename ) # In the php toolkit instead of being a json file it is a php file and # it is directly included with open(filename, 'r') as json_data: settings = json.loads(json_data.read()) advanced_filename = self.get_base_path() + 'advanced_settings.json' if exists(advanced_filename): with open(advanced_filename, 'r') as json_data: settings.update(json.loads(json_data.read())) # Merge settings return self.__load_settings_from_dict(settings) def __add_default_values(self): """ Add default values if the settings info is not complete """ self.__sp.setdefault('assertionConsumerService', {}) self.__sp['assertionConsumerService'].setdefault('binding', OneLogin_Saml2_Constants.BINDING_HTTP_POST) self.__sp.setdefault('attributeConsumingService', {}) self.__sp.setdefault('singleLogoutService', {}) self.__sp['singleLogoutService'].setdefault('binding', OneLogin_Saml2_Constants.BINDING_HTTP_REDIRECT) self.__idp.setdefault('singleLogoutService', {}) # Related to nameID self.__sp.setdefault('NameIDFormat', OneLogin_Saml2_Constants.NAMEID_UNSPECIFIED) self.__security.setdefault('nameIdEncrypted', False) # Metadata format self.__security.setdefault('metadataValidUntil', None) # None means use default self.__security.setdefault('metadataCacheDuration', None) # None means use default # Sign provided self.__security.setdefault('authnRequestsSigned', False) self.__security.setdefault('logoutRequestSigned', False) self.__security.setdefault('logoutResponseSigned', False) self.__security.setdefault('signMetadata', False) # Sign expected self.__security.setdefault('wantMessagesSigned', False) self.__security.setdefault('wantAssertionsSigned', False) # NameID element expected self.__security.setdefault('wantNameId', True) # Encrypt expected self.__security.setdefault('wantAssertionsEncrypted', False) self.__security.setdefault('wantNameIdEncrypted', False) # Signature Algorithm self.__security.setdefault('signatureAlgorithm', OneLogin_Saml2_Constants.RSA_SHA1) # Digest Algorithm self.__security.setdefault('digestAlgorithm', OneLogin_Saml2_Constants.SHA1) # AttributeStatement required by default self.__security.setdefault('wantAttributeStatement', True) # Disallow duplicate attribute names by default self.__security.setdefault('allowRepeatAttributeName', False) self.__idp.setdefault('x509cert', '') self.__idp.setdefault('certFingerprint', '') self.__idp.setdefault('certFingerprintAlgorithm', 'sha1') self.__sp.setdefault('x509cert', '') self.__sp.setdefault('privateKey', '') self.__security.setdefault('requestedAuthnContext', True) self.__security.setdefault('requestedAuthnContextComparison', 'exact') self.__security.setdefault('failOnAuthnContextMismatch', False) def check_settings(self, settings): """ Checks the settings info. :param settings: Dict with settings data :type settings: dict :returns: Errors found on the settings data :rtype: list """ assert isinstance(settings, dict) errors = [] if not isinstance(settings, dict) or len(settings) == 0: errors.append('invalid_syntax') else: if not self.__sp_validation_only: errors += self.check_idp_settings(settings) sp_errors = self.check_sp_settings(settings) errors += sp_errors return errors def check_idp_settings(self, settings): """ Checks the IdP settings info. :param settings: Dict with settings data :type settings: dict :returns: Errors found on the IdP settings data :rtype: list """ assert isinstance(settings, dict) errors = [] if not isinstance(settings, dict) or len(settings) == 0: errors.append('invalid_syntax') else: if not settings.get('idp'): errors.append('idp_not_found') else: allow_single_domain_urls = self._get_allow_single_label_domain(settings) idp = settings['idp'] if not idp.get('entityId'): errors.append('idp_entityId_not_found') if not idp.get('singleSignOnService', {}).get('url'): errors.append('idp_sso_not_found') elif not validate_url(idp['singleSignOnService']['url'], allow_single_domain_urls): errors.append('idp_sso_url_invalid') slo_url = idp.get('singleLogoutService', {}).get('url') if slo_url and not validate_url(slo_url, allow_single_domain_urls): errors.append('idp_slo_url_invalid') if 'security' in settings: security = settings['security'] exists_x509 = bool(idp.get('x509cert')) exists_fingerprint = bool(idp.get('certFingerprint')) exists_multix509sign = 'x509certMulti' in idp and \ 'signing' in idp['x509certMulti'] and \ idp['x509certMulti']['signing'] exists_multix509enc = 'x509certMulti' in idp and \ 'encryption' in idp['x509certMulti'] and \ idp['x509certMulti']['encryption'] want_assert_sign = bool(security.get('wantAssertionsSigned')) want_mes_signed = bool(security.get('wantMessagesSigned')) nameid_enc = bool(security.get('nameIdEncrypted')) if (want_assert_sign or want_mes_signed) and \ not(exists_x509 or exists_fingerprint or exists_multix509sign): errors.append('idp_cert_or_fingerprint_not_found_and_required') if nameid_enc and not (exists_x509 or exists_multix509enc): errors.append('idp_cert_not_found_and_required') return errors def check_sp_settings(self, settings): """ Checks the SP settings info. :param settings: Dict with settings data :type settings: dict :returns: Errors found on the SP settings data :rtype: list """ assert isinstance(settings, dict) errors = [] if not isinstance(settings, dict) or not settings: errors.append('invalid_syntax') else: if not settings.get('sp'): errors.append('sp_not_found') else: allow_single_domain_urls = self._get_allow_single_label_domain(settings) # check_sp_certs uses self.__sp so I add it old_sp = self.__sp self.__sp = settings['sp'] sp = settings['sp'] security = settings.get('security', {}) if not sp.get('entityId'): errors.append('sp_entityId_not_found') if not sp.get('assertionConsumerService', {}).get('url'): errors.append('sp_acs_not_found') elif not validate_url(sp['assertionConsumerService']['url'], allow_single_domain_urls): errors.append('sp_acs_url_invalid') if sp.get('attributeConsumingService'): attributeConsumingService = sp['attributeConsumingService'] if 'serviceName' not in attributeConsumingService: errors.append('sp_attributeConsumingService_serviceName_not_found') elif not isinstance(attributeConsumingService['serviceName'], basestring): errors.append('sp_attributeConsumingService_serviceName_type_invalid') if 'requestedAttributes' not in attributeConsumingService: errors.append('sp_attributeConsumingService_requestedAttributes_not_found') elif not isinstance(attributeConsumingService['requestedAttributes'], list): errors.append('sp_attributeConsumingService_serviceName_type_invalid') else: for req_attrib in attributeConsumingService['requestedAttributes']: if 'name' not in req_attrib: errors.append('sp_attributeConsumingService_requestedAttributes_name_not_found') if 'name' in req_attrib and not req_attrib['name'].strip(): errors.append('sp_attributeConsumingService_requestedAttributes_name_invalid') if 'attributeValue' in req_attrib and type(req_attrib['attributeValue']) != list: errors.append('sp_attributeConsumingService_requestedAttributes_attributeValue_type_invalid') if 'isRequired' in req_attrib and type(req_attrib['isRequired']) != bool: errors.append('sp_attributeConsumingService_requestedAttributes_isRequired_type_invalid') if "serviceDescription" in attributeConsumingService and not isinstance(attributeConsumingService['serviceDescription'], basestring): errors.append('sp_attributeConsumingService_serviceDescription_type_invalid') slo_url = sp.get('singleLogoutService', {}).get('url') if slo_url and not validate_url(slo_url, allow_single_domain_urls): errors.append('sp_sls_url_invalid') if 'signMetadata' in security and isinstance(security['signMetadata'], dict): if 'keyFileName' not in security['signMetadata'] or \ 'certFileName' not in security['signMetadata']: errors.append('sp_signMetadata_invalid') authn_sign = bool(security.get('authnRequestsSigned')) logout_req_sign = bool(security.get('logoutRequestSigned')) logout_res_sign = bool(security.get('logoutResponseSigned')) want_assert_enc = bool(security.get('wantAssertionsEncrypted')) want_nameid_enc = bool(security.get('wantNameIdEncrypted')) if not self.check_sp_certs(): if authn_sign or logout_req_sign or logout_res_sign or \ want_assert_enc or want_nameid_enc: errors.append('sp_cert_not_found_and_required') if 'contactPerson' in settings: types = settings['contactPerson'] valid_types = ['technical', 'support', 'administrative', 'billing', 'other'] for c_type in types: if c_type not in valid_types: errors.append('contact_type_invalid') break for c_type in settings['contactPerson']: contact = settings['contactPerson'][c_type] if ('givenName' not in contact or len(contact['givenName']) == 0) or \ ('emailAddress' not in contact or len(contact['emailAddress']) == 0): errors.append('contact_not_enought_data') break if 'organization' in settings: for org in settings['organization']: organization = settings['organization'][org] if ('name' not in organization or len(organization['name']) == 0) or \ ('displayname' not in organization or len(organization['displayname']) == 0) or \ ('url' not in organization or len(organization['url']) == 0): errors.append('organization_not_enought_data') break # Restores the value that had the self.__sp if 'old_sp' in locals(): self.__sp = old_sp return errors def check_sp_certs(self): """ Checks if the x509 certs of the SP exists and are valid. :returns: If the x509 certs of the SP exists and are valid :rtype: boolean """ key = self.get_sp_key() cert = self.get_sp_cert() return key is not None and cert is not None def get_idp_sso_url(self): """ Gets the IdP SSO URL. :returns: An URL, the SSO endpoint of the IdP :rtype: string """ idp_data = self.get_idp_data() return idp_data['singleSignOnService']['url'] def get_idp_slo_url(self): """ Gets the IdP SLO URL. :returns: An URL, the SLO endpoint of the IdP :rtype: string """ idp_data = self.get_idp_data() if 'url' in idp_data['singleLogoutService']: return idp_data['singleLogoutService']['url'] def get_idp_slo_response_url(self): """ Gets the IdP SLO return URL for IdP-initiated logout. :returns: an URL, the SLO return endpoint of the IdP :rtype: string """ idp_data = self.get_idp_data() if 'url' in idp_data['singleLogoutService']: return idp_data['singleLogoutService'].get('responseUrl', self.get_idp_slo_url()) def get_sp_key(self): """ Returns the x509 private key of the SP. :returns: SP private key :rtype: string or None """ key = self.__sp.get('privateKey') key_file_name = self.__paths['cert'] + 'sp.key' if not key and exists(key_file_name): with open(key_file_name) as f: key = f.read() return key or None def get_sp_cert(self): """ Returns the x509 public cert of the SP. :returns: SP public cert :rtype: string or None """ cert = self.__sp.get('x509cert') cert_file_name = self.__paths['cert'] + 'sp.crt' if not cert and exists(cert_file_name): with open(cert_file_name) as f: cert = f.read() return cert or None def get_sp_cert_new(self): """ Returns the x509 public of the SP planned to be used soon instead the other public cert :returns: SP public cert new :rtype: string or None """ cert = self.__sp.get('x509certNew') cert_file_name = self.__paths['cert'] + 'sp_new.crt' if not cert and exists(cert_file_name): with open(cert_file_name) as f: cert = f.read() return cert or None def get_idp_cert(self): """ Returns the x509 public cert of the IdP. :returns: IdP public cert :rtype: string """ cert = self.__idp.get('x509cert') cert_file_name = self.get_cert_path() + 'idp.crt' if not cert and exists(cert_file_name): with open(cert_file_name) as f: cert = f.read() return cert or None def get_idp_data(self): """ Gets the IdP data. :returns: IdP info :rtype: dict """ return self.__idp def get_sp_data(self): """ Gets the SP data. :returns: SP info :rtype: dict """ return self.__sp def get_security_data(self): """ Gets security data. :returns: Security info :rtype: dict """ return self.__security def get_contacts(self): """ Gets contact data. :returns: Contacts info :rtype: dict """ return self.__contacts def get_organization(self): """ Gets organization data. :returns: Organization info :rtype: dict """ return self.__organization def get_sp_metadata(self): """ Gets the SP metadata. The XML representation. :returns: SP metadata (xml) :rtype: string """ metadata = self.metadata_class.builder( self.__sp, self.__security['authnRequestsSigned'], self.__security['wantAssertionsSigned'], self.__security['metadataValidUntil'], self.__security['metadataCacheDuration'], self.get_contacts(), self.get_organization() ) add_encryption = self.__security['wantNameIdEncrypted'] or self.__security['wantAssertionsEncrypted'] cert_new = self.get_sp_cert_new() metadata = self.metadata_class.add_x509_key_descriptors(metadata, cert_new, add_encryption) cert = self.get_sp_cert() metadata = self.metadata_class.add_x509_key_descriptors(metadata, cert, add_encryption) # Sign metadata if 'signMetadata' in self.__security and self.__security['signMetadata'] is not False: if self.__security['signMetadata'] is True: # Use the SP's normal key to sign the metadata: if not cert: raise OneLogin_Saml2_Error( 'Cannot sign metadata: missing SP public key certificate.', OneLogin_Saml2_Error.PUBLIC_CERT_FILE_NOT_FOUND ) cert_metadata = cert key_metadata = self.get_sp_key() if not key_metadata: raise OneLogin_Saml2_Error( 'Cannot sign metadata: missing SP private key.', OneLogin_Saml2_Error.PRIVATE_KEY_FILE_NOT_FOUND ) else: # Use a custom key to sign the metadata: if ('keyFileName' not in self.__security['signMetadata'] or 'certFileName' not in self.__security['signMetadata']): raise OneLogin_Saml2_Error( 'Invalid Setting: signMetadata value of the sp is not valid', OneLogin_Saml2_Error.SETTINGS_INVALID_SYNTAX ) key_file_name = self.__security['signMetadata']['keyFileName'] cert_file_name = self.__security['signMetadata']['certFileName'] key_metadata_file = self.__paths['cert'] + key_file_name cert_metadata_file = self.__paths['cert'] + cert_file_name try: with open(key_metadata_file, 'r') as f_metadata_key: key_metadata = f_metadata_key.read() except IOError: raise OneLogin_Saml2_Error( 'Private key file not readable: %s', OneLogin_Saml2_Error.PRIVATE_KEY_FILE_NOT_FOUND, key_metadata_file ) try: with open(cert_metadata_file, 'r') as f_metadata_cert: cert_metadata = f_metadata_cert.read() except IOError: raise OneLogin_Saml2_Error( 'Public cert file not readable: %s', OneLogin_Saml2_Error.PUBLIC_CERT_FILE_NOT_FOUND, cert_metadata_file ) signature_algorithm = self.__security['signatureAlgorithm'] digest_algorithm = self.__security['digestAlgorithm'] metadata = self.metadata_class.sign_metadata(metadata, key_metadata, cert_metadata, signature_algorithm, digest_algorithm) return metadata def validate_metadata(self, xml): """ Validates an XML SP Metadata. :param xml: Metadata's XML that will be validate :type xml: string :returns: The list of found errors :rtype: list """ assert isinstance(xml, compat.text_types) if len(xml) == 0: raise Exception('Empty string supplied as input') errors = [] root = OneLogin_Saml2_XML.validate_xml(xml, 'saml-schema-metadata-2.0.xsd', self.__debug) if isinstance(root, str): errors.append(root) else: if root.tag != '{%s}EntityDescriptor' % OneLogin_Saml2_Constants.NS_MD: errors.append('noEntityDescriptor_xml') else: if (len(root.findall('.//md:SPSSODescriptor', namespaces=OneLogin_Saml2_Constants.NSMAP))) != 1: errors.append('onlySPSSODescriptor_allowed_xml') else: valid_until, cache_duration = root.get('validUntil'), root.get('cacheDuration') if valid_until: valid_until = OneLogin_Saml2_Utils.parse_SAML_to_time(valid_until) expire_time = OneLogin_Saml2_Utils.get_expire_time(cache_duration, valid_until) if expire_time is not None and int(time()) > int(expire_time): errors.append('expired_xml') # TODO: Validate Sign return errors def format_idp_cert(self): """ Formats the IdP cert. """ self.__idp['x509cert'] = OneLogin_Saml2_Utils.format_cert(self.__idp['x509cert']) def format_idp_cert_multi(self): """ Formats the Multple IdP certs. """ if 'x509certMulti' in self.__idp: if 'signing' in self.__idp['x509certMulti']: for idx in range(len(self.__idp['x509certMulti']['signing'])): self.__idp['x509certMulti']['signing'][idx] = OneLogin_Saml2_Utils.format_cert(self.__idp['x509certMulti']['signing'][idx]) if 'encryption' in self.__idp['x509certMulti']: for idx in range(len(self.__idp['x509certMulti']['encryption'])): self.__idp['x509certMulti']['encryption'][idx] = OneLogin_Saml2_Utils.format_cert(self.__idp['x509certMulti']['encryption'][idx]) def format_sp_cert(self): """ Formats the SP cert. """ self.__sp['x509cert'] = OneLogin_Saml2_Utils.format_cert(self.__sp['x509cert']) def format_sp_cert_new(self): """ Formats the SP cert. """ self.__sp['x509certNew'] = OneLogin_Saml2_Utils.format_cert(self.__sp['x509certNew']) def format_sp_key(self): """ Formats the private key. """ self.__sp['privateKey'] = OneLogin_Saml2_Utils.format_private_key(self.__sp['privateKey']) def get_errors(self): """ Returns an array with the errors, the array is empty when the settings is ok. :returns: Errors :rtype: list """ return self.__errors def set_strict(self, value): """ Activates or deactivates the strict mode. :param value: Strict parameter :type value: boolean """ assert isinstance(value, bool) self.__strict = value def is_strict(self): """ Returns if the 'strict' mode is active. :returns: Strict parameter :rtype: boolean """ return self.__strict def is_debug_active(self): """ Returns if the debug is active. :returns: Debug parameter :rtype: boolean """ return self.__debug def _get_allow_single_label_domain(self, settings): security = settings.get('security', {}) return 'allowSingleLabelDomains' in security.keys() and security['allowSingleLabelDomains'] python3-saml-1.12.0/src/onelogin/saml2/utils.py000066400000000000000000001130271410551756100212730ustar00rootroot00000000000000# -*- coding: utf-8 -*- """ OneLogin_Saml2_Utils class Copyright (c) 2010-2021 OneLogin, Inc. MIT License Auxiliary class of OneLogin's Python Toolkit. """ import base64 import warnings from copy import deepcopy import calendar from datetime import datetime from hashlib import sha1, sha256, sha384, sha512 from isodate import parse_duration as duration_parser import re from textwrap import wrap from functools import wraps from uuid import uuid4 from xml.dom.minidom import Element import zlib import xmlsec from onelogin.saml2 import compat from onelogin.saml2.constants import OneLogin_Saml2_Constants from onelogin.saml2.errors import OneLogin_Saml2_Error, OneLogin_Saml2_ValidationError from onelogin.saml2.xml_utils import OneLogin_Saml2_XML try: from urllib.parse import quote_plus, urlsplit, urlunsplit # py3 except ImportError: from urlparse import urlsplit, urlunsplit from urllib import quote_plus # py2 def return_false_on_exception(func): """ Decorator. When applied to a function, it will, by default, suppress any exceptions raised by that function and return False. It may be overridden by passing a "raise_exceptions" keyword argument when calling the wrapped function. """ @wraps(func) def exceptfalse(*args, **kwargs): if not kwargs.pop('raise_exceptions', False): try: return func(*args, **kwargs) except Exception: return False else: return func(*args, **kwargs) return exceptfalse class OneLogin_Saml2_Utils(object): """ Auxiliary class that contains several utility methods to parse time, urls, add sign, encrypt, decrypt, sign validation, handle xml ... """ RESPONSE_SIGNATURE_XPATH = '/samlp:Response/ds:Signature' ASSERTION_SIGNATURE_XPATH = '/samlp:Response/saml:Assertion/ds:Signature' TIME_FORMAT = "%Y-%m-%dT%H:%M:%SZ" TIME_FORMAT_2 = "%Y-%m-%dT%H:%M:%S.%fZ" TIME_FORMAT_WITH_FRAGMENT = re.compile(r'^(\d{4,4}-\d{2,2}-\d{2,2}T\d{2,2}:\d{2,2}:\d{2,2})(\.\d*)?Z?$') @staticmethod def escape_url(url, lowercase_urlencoding=False): """ escape the non-safe symbols in url The encoding used by ADFS 3.0 is not compatible with python's quote_plus (ADFS produces lower case hex numbers and quote_plus produces upper case hex numbers) :param url: the url to escape :type url: str :param lowercase_urlencoding: lowercase or no :type lowercase_urlencoding: boolean :return: the escaped url :rtype str """ encoded = quote_plus(url) return re.sub(r"%[A-F0-9]{2}", lambda m: m.group(0).lower(), encoded) if lowercase_urlencoding else encoded @staticmethod def b64encode(data): """base64 encode""" return compat.to_string(base64.b64encode(compat.to_bytes(data))) @staticmethod def b64decode(data): """base64 decode""" return base64.b64decode(data) @staticmethod def decode_base64_and_inflate(value, ignore_zip=False): """ base64 decodes and then inflates according to RFC1951 :param value: a deflated and encoded string :type value: string :param ignore_zip: ignore zip errors :returns: the string after decoding and inflating :rtype: string """ encoded = OneLogin_Saml2_Utils.b64decode(value) try: return zlib.decompress(encoded, -15) except zlib.error: if not ignore_zip: raise return encoded @staticmethod def deflate_and_base64_encode(value): """ Deflates and then base64 encodes a string :param value: The string to deflate and encode :type value: string :returns: The deflated and encoded string :rtype: string """ return OneLogin_Saml2_Utils.b64encode(zlib.compress(compat.to_bytes(value))[2:-4]) @staticmethod def format_cert(cert, heads=True): """ Returns a x509 cert (adding header & footer if required). :param cert: A x509 unformatted cert :type: string :param heads: True if we want to include head and footer :type: boolean :returns: Formatted cert :rtype: string """ x509_cert = cert.replace('\x0D', '') x509_cert = x509_cert.replace('\r', '') x509_cert = x509_cert.replace('\n', '') if len(x509_cert) > 0: x509_cert = x509_cert.replace('-----BEGIN CERTIFICATE-----', '') x509_cert = x509_cert.replace('-----END CERTIFICATE-----', '') x509_cert = x509_cert.replace(' ', '') if heads: x509_cert = "-----BEGIN CERTIFICATE-----\n" + "\n".join(wrap(x509_cert, 64)) + "\n-----END CERTIFICATE-----\n" return x509_cert @staticmethod def format_private_key(key, heads=True): """ Returns a private key (adding header & footer if required). :param key A private key :type: string :param heads: True if we want to include head and footer :type: boolean :returns: Formated private key :rtype: string """ private_key = key.replace('\x0D', '') private_key = private_key.replace('\r', '') private_key = private_key.replace('\n', '') if len(private_key) > 0: if private_key.find('-----BEGIN PRIVATE KEY-----') != -1: private_key = private_key.replace('-----BEGIN PRIVATE KEY-----', '') private_key = private_key.replace('-----END PRIVATE KEY-----', '') private_key = private_key.replace(' ', '') if heads: private_key = "-----BEGIN PRIVATE KEY-----\n" + "\n".join(wrap(private_key, 64)) + "\n-----END PRIVATE KEY-----\n" else: private_key = private_key.replace('-----BEGIN RSA PRIVATE KEY-----', '') private_key = private_key.replace('-----END RSA PRIVATE KEY-----', '') private_key = private_key.replace(' ', '') if heads: private_key = "-----BEGIN RSA PRIVATE KEY-----\n" + "\n".join(wrap(private_key, 64)) + "\n-----END RSA PRIVATE KEY-----\n" return private_key @staticmethod def redirect(url, parameters={}, request_data={}): """ Executes a redirection to the provided url (or return the target url). :param url: The target url :type: string :param parameters: Extra parameters to be passed as part of the url :type: dict :param request_data: The request as a dict :type: dict :returns: Url :rtype: string """ assert isinstance(url, compat.str_type) assert isinstance(parameters, dict) if url.startswith('/'): url = '%s%s' % (OneLogin_Saml2_Utils.get_self_url_host(request_data), url) # Verify that the URL is to a http or https site. if re.search('^https?://', url, flags=re.IGNORECASE) is None: raise OneLogin_Saml2_Error( 'Redirect to invalid URL: ' + url, OneLogin_Saml2_Error.REDIRECT_INVALID_URL ) # Add encoded parameters if url.find('?') < 0: param_prefix = '?' else: param_prefix = '&' for name, value in parameters.items(): if value is None: param = OneLogin_Saml2_Utils.escape_url(name) elif isinstance(value, list): param = '' for val in value: param += OneLogin_Saml2_Utils.escape_url(name) + '[]=' + OneLogin_Saml2_Utils.escape_url(val) + '&' if len(param) > 0: param = param[0:-1] else: param = OneLogin_Saml2_Utils.escape_url(name) + '=' + OneLogin_Saml2_Utils.escape_url(value) if param: url += param_prefix + param param_prefix = '&' return url @staticmethod def get_self_url_host(request_data): """ Returns the protocol + the current host + the port (if different than common ports). :param request_data: The request as a dict :type: dict :return: Url :rtype: string """ current_host = OneLogin_Saml2_Utils.get_self_host(request_data) protocol = 'https' if OneLogin_Saml2_Utils.is_https(request_data) else 'http' if request_data.get('server_port') is not None: warnings.warn( 'The server_port key in request data is deprecated. ' 'The http_host key should include a port, if required.', category=DeprecationWarning, ) port_suffix = ':%s' % request_data['server_port'] if not current_host.endswith(port_suffix): if not ((protocol == 'https' and port_suffix == ':443') or (protocol == 'http' and port_suffix == ':80')): current_host += port_suffix return '%s://%s' % (protocol, current_host) @staticmethod def get_self_host(request_data): """ Returns the current host (which may include a port number part). :param request_data: The request as a dict :type: dict :return: The current host :rtype: string """ if 'http_host' in request_data: return request_data['http_host'] elif 'server_name' in request_data: warnings.warn("The server_name key in request data is undocumented & deprecated.", category=DeprecationWarning) return request_data['server_name'] raise Exception('No hostname defined') @staticmethod def is_https(request_data): """ Checks if https or http. :param request_data: The request as a dict :type: dict :return: False if https is not active :rtype: boolean """ is_https = 'https' in request_data and request_data['https'] != 'off' # TODO: this use of server_port should be removed too is_https = is_https or ('server_port' in request_data and str(request_data['server_port']) == '443') return is_https @staticmethod def get_self_url_no_query(request_data): """ Returns the URL of the current host + current view. :param request_data: The request as a dict :type: dict :return: The url of current host + current view :rtype: string """ self_url_host = OneLogin_Saml2_Utils.get_self_url_host(request_data) script_name = request_data['script_name'] if script_name: if script_name[0] != '/': script_name = '/' + script_name else: script_name = '' self_url_no_query = self_url_host + script_name if 'path_info' in request_data: self_url_no_query += request_data['path_info'] return self_url_no_query @staticmethod def get_self_routed_url_no_query(request_data): """ Returns the routed URL of the current host + current view. :param request_data: The request as a dict :type: dict :return: The url of current host + current view :rtype: string """ self_url_host = OneLogin_Saml2_Utils.get_self_url_host(request_data) route = '' if 'request_uri' in request_data and request_data['request_uri']: route = request_data['request_uri'] if 'query_string' in request_data and request_data['query_string']: route = route.replace(request_data['query_string'], '') return self_url_host + route @staticmethod def get_self_url(request_data): """ Returns the URL of the current host + current view + query. :param request_data: The request as a dict :type: dict :return: The url of current host + current view + query :rtype: string """ self_url_host = OneLogin_Saml2_Utils.get_self_url_host(request_data) request_uri = '' if 'request_uri' in request_data: request_uri = request_data['request_uri'] if not request_uri.startswith('/'): match = re.search('^https?://[^/]*(/.*)', request_uri) if match is not None: request_uri = match.groups()[0] return self_url_host + request_uri @staticmethod def generate_unique_id(): """ Generates an unique string (used for example as ID for assertions). :return: A unique string :rtype: string """ return 'ONELOGIN_%s' % sha1(compat.to_bytes(uuid4().hex)).hexdigest() @staticmethod def parse_time_to_SAML(time): r""" Converts a UNIX timestamp to SAML2 timestamp on the form yyyy-mm-ddThh:mm:ss(\.s+)?Z. :param time: The time we should convert (DateTime). :type: string :return: SAML2 timestamp. :rtype: string """ data = datetime.utcfromtimestamp(float(time)) return data.strftime(OneLogin_Saml2_Utils.TIME_FORMAT) @staticmethod def parse_SAML_to_time(timestr): r""" Converts a SAML2 timestamp on the form yyyy-mm-ddThh:mm:ss(\.s+)?Z to a UNIX timestamp. The sub-second part is ignored. :param timestr: The time we should convert (SAML Timestamp). :type: string :return: Converted to a unix timestamp. :rtype: int """ try: data = datetime.strptime(timestr, OneLogin_Saml2_Utils.TIME_FORMAT) except ValueError: try: data = datetime.strptime(timestr, OneLogin_Saml2_Utils.TIME_FORMAT_2) except ValueError: elem = OneLogin_Saml2_Utils.TIME_FORMAT_WITH_FRAGMENT.match(timestr) if not elem: raise Exception("time data %s does not match format %s" % (timestr, r'yyyy-mm-ddThh:mm:ss(\.s+)?Z')) data = datetime.strptime(elem.groups()[0] + "Z", OneLogin_Saml2_Utils.TIME_FORMAT) return calendar.timegm(data.utctimetuple()) @staticmethod def now(): """ :return: unix timestamp of actual time. :rtype: int """ return calendar.timegm(datetime.utcnow().utctimetuple()) @staticmethod def parse_duration(duration, timestamp=None): """ Interprets a ISO8601 duration value relative to a given timestamp. :param duration: The duration, as a string. :type: string :param timestamp: The unix timestamp we should apply the duration to. Optional, default to the current time. :type: string :return: The new timestamp, after the duration is applied. :rtype: int """ assert isinstance(duration, compat.str_type) assert timestamp is None or isinstance(timestamp, int) timedelta = duration_parser(duration) if timestamp is None: data = datetime.utcnow() + timedelta else: data = datetime.utcfromtimestamp(timestamp) + timedelta return calendar.timegm(data.utctimetuple()) @staticmethod def get_expire_time(cache_duration=None, valid_until=None): """ Compares 2 dates and returns the earliest. :param cache_duration: The duration, as a string. :type: string :param valid_until: The valid until date, as a string or as a timestamp :type: string :return: The expiration time. :rtype: int """ expire_time = None if cache_duration is not None: expire_time = OneLogin_Saml2_Utils.parse_duration(cache_duration) if valid_until is not None: if isinstance(valid_until, int): valid_until_time = valid_until else: valid_until_time = OneLogin_Saml2_Utils.parse_SAML_to_time(valid_until) if expire_time is None or expire_time > valid_until_time: expire_time = valid_until_time if expire_time is not None: return '%d' % expire_time return None @staticmethod def delete_local_session(callback=None): """ Deletes the local session. """ if callback is not None: callback() @staticmethod def calculate_x509_fingerprint(x509_cert, alg='sha1'): """ Calculates the fingerprint of a formatted x509cert. :param x509_cert: x509 cert formatted :type: string :param alg: The algorithm to build the fingerprint :type: string :returns: fingerprint :rtype: string """ assert isinstance(x509_cert, compat.str_type) lines = x509_cert.split('\n') data = '' inData = False for line in lines: # Remove '\r' from end of line if present. line = line.rstrip() if not inData: if line == '-----BEGIN CERTIFICATE-----': inData = True elif line == '-----BEGIN PUBLIC KEY-----' or line == '-----BEGIN RSA PRIVATE KEY-----': # This isn't an X509 certificate. return None else: if line == '-----END CERTIFICATE-----': break # Append the current line to the certificate data. data += line if not data: return None decoded_data = base64.b64decode(compat.to_bytes(data)) if alg == 'sha512': fingerprint = sha512(decoded_data) elif alg == 'sha384': fingerprint = sha384(decoded_data) elif alg == 'sha256': fingerprint = sha256(decoded_data) else: fingerprint = sha1(decoded_data) return fingerprint.hexdigest().lower() @staticmethod def format_finger_print(fingerprint): """ Formats a fingerprint. :param fingerprint: fingerprint :type: string :returns: Formatted fingerprint :rtype: string """ formatted_fingerprint = fingerprint.replace(':', '') return formatted_fingerprint.lower() @staticmethod def generate_name_id(value, sp_nq, sp_format=None, cert=None, debug=False, nq=None): """ Generates a nameID. :param value: fingerprint :type: string :param sp_nq: SP Name Qualifier :type: string :param sp_format: SP Format :type: string :param cert: IdP Public Cert to encrypt the nameID :type: string :param debug: Activate the xmlsec debug :type: bool :returns: DOMElement | XMLSec nameID :rtype: string :param nq: IDP Name Qualifier :type: string """ root = OneLogin_Saml2_XML.make_root("{%s}container" % OneLogin_Saml2_Constants.NS_SAML) name_id = OneLogin_Saml2_XML.make_child(root, '{%s}NameID' % OneLogin_Saml2_Constants.NS_SAML) if sp_nq is not None: name_id.set('SPNameQualifier', sp_nq) if sp_format is not None: name_id.set('Format', sp_format) if nq is not None: name_id.set('NameQualifier', nq) name_id.text = value if cert is not None: xmlsec.enable_debug_trace(debug) # Load the public cert manager = xmlsec.KeysManager() manager.add_key(xmlsec.Key.from_memory(cert, xmlsec.KeyFormat.CERT_PEM, None)) # Prepare for encryption enc_data = xmlsec.template.encrypted_data_create( root, xmlsec.Transform.AES128, type=xmlsec.EncryptionType.ELEMENT, ns="xenc") xmlsec.template.encrypted_data_ensure_cipher_value(enc_data) key_info = xmlsec.template.encrypted_data_ensure_key_info(enc_data, ns="dsig") enc_key = xmlsec.template.add_encrypted_key(key_info, xmlsec.Transform.RSA_OAEP) xmlsec.template.encrypted_data_ensure_cipher_value(enc_key) # Encrypt! enc_ctx = xmlsec.EncryptionContext(manager) enc_ctx.key = xmlsec.Key.generate(xmlsec.KeyData.AES, 128, xmlsec.KeyDataType.SESSION) enc_data = enc_ctx.encrypt_xml(enc_data, name_id) return '' + compat.to_string(OneLogin_Saml2_XML.to_string(enc_data)) + '' else: return OneLogin_Saml2_XML.extract_tag_text(root, "saml:NameID") @staticmethod def get_status(dom): """ Gets Status from a Response. :param dom: The Response as XML :type: Document :returns: The Status, an array with the code and a message. :rtype: dict """ status = {} status_entry = OneLogin_Saml2_XML.query(dom, '/samlp:Response/samlp:Status') if len(status_entry) != 1: raise OneLogin_Saml2_ValidationError( 'Missing Status on response', OneLogin_Saml2_ValidationError.MISSING_STATUS ) code_entry = OneLogin_Saml2_XML.query(dom, '/samlp:Response/samlp:Status/samlp:StatusCode', status_entry[0]) if len(code_entry) != 1: raise OneLogin_Saml2_ValidationError( 'Missing Status Code on response', OneLogin_Saml2_ValidationError.MISSING_STATUS_CODE ) code = code_entry[0].values()[0] status['code'] = code status['msg'] = '' message_entry = OneLogin_Saml2_XML.query(dom, '/samlp:Response/samlp:Status/samlp:StatusMessage', status_entry[0]) if len(message_entry) == 0: subcode_entry = OneLogin_Saml2_XML.query(dom, '/samlp:Response/samlp:Status/samlp:StatusCode/samlp:StatusCode', status_entry[0]) if len(subcode_entry) == 1: status['msg'] = subcode_entry[0].values()[0] elif len(message_entry) == 1: status['msg'] = OneLogin_Saml2_XML.element_text(message_entry[0]) return status @staticmethod def decrypt_element(encrypted_data, key, debug=False, inplace=False): """ Decrypts an encrypted element. :param encrypted_data: The encrypted data. :type: lxml.etree.Element | DOMElement | basestring :param key: The key. :type: string :param debug: Activate the xmlsec debug :type: bool :param inplace: update passed data with decrypted result :type: bool :returns: The decrypted element. :rtype: lxml.etree.Element """ if isinstance(encrypted_data, Element): encrypted_data = OneLogin_Saml2_XML.to_etree(str(encrypted_data.toxml())) if not inplace and isinstance(encrypted_data, OneLogin_Saml2_XML._element_class): encrypted_data = deepcopy(encrypted_data) elif isinstance(encrypted_data, OneLogin_Saml2_XML._text_class): encrypted_data = OneLogin_Saml2_XML._parse_etree(encrypted_data) xmlsec.enable_debug_trace(debug) manager = xmlsec.KeysManager() manager.add_key(xmlsec.Key.from_memory(key, xmlsec.KeyFormat.PEM, None)) enc_ctx = xmlsec.EncryptionContext(manager) return enc_ctx.decrypt(encrypted_data) @staticmethod def add_sign(xml, key, cert, debug=False, sign_algorithm=OneLogin_Saml2_Constants.RSA_SHA1, digest_algorithm=OneLogin_Saml2_Constants.SHA1): """ Adds signature key and senders certificate to an element (Message or Assertion). :param xml: The element we should sign :type: string | Document :param key: The private key :type: string :param cert: The public :type: string :param debug: Activate the xmlsec debug :type: bool :param sign_algorithm: Signature algorithm method :type sign_algorithm: string :param digest_algorithm: Digest algorithm method :type digest_algorithm: string :returns: Signed XML :rtype: string """ if xml is None or xml == '': raise Exception('Empty string supplied as input') elem = OneLogin_Saml2_XML.to_etree(xml) sign_algorithm_transform_map = { OneLogin_Saml2_Constants.DSA_SHA1: xmlsec.Transform.DSA_SHA1, OneLogin_Saml2_Constants.RSA_SHA1: xmlsec.Transform.RSA_SHA1, OneLogin_Saml2_Constants.RSA_SHA256: xmlsec.Transform.RSA_SHA256, OneLogin_Saml2_Constants.RSA_SHA384: xmlsec.Transform.RSA_SHA384, OneLogin_Saml2_Constants.RSA_SHA512: xmlsec.Transform.RSA_SHA512 } sign_algorithm_transform = sign_algorithm_transform_map.get(sign_algorithm, xmlsec.Transform.RSA_SHA1) signature = xmlsec.template.create(elem, xmlsec.Transform.EXCL_C14N, sign_algorithm_transform, ns='ds') issuer = OneLogin_Saml2_XML.query(elem, '//saml:Issuer') if len(issuer) > 0: issuer = issuer[0] issuer.addnext(signature) elem_to_sign = issuer.getparent() else: entity_descriptor = OneLogin_Saml2_XML.query(elem, '//md:EntityDescriptor') if len(entity_descriptor) > 0: elem.insert(0, signature) else: elem[0].insert(0, signature) elem_to_sign = elem elem_id = elem_to_sign.get('ID', None) if elem_id is not None: if elem_id: elem_id = '#' + elem_id else: generated_id = generated_id = OneLogin_Saml2_Utils.generate_unique_id() elem_id = '#' + generated_id elem_to_sign.attrib['ID'] = generated_id xmlsec.enable_debug_trace(debug) xmlsec.tree.add_ids(elem_to_sign, ["ID"]) digest_algorithm_transform_map = { OneLogin_Saml2_Constants.SHA1: xmlsec.Transform.SHA1, OneLogin_Saml2_Constants.SHA256: xmlsec.Transform.SHA256, OneLogin_Saml2_Constants.SHA384: xmlsec.Transform.SHA384, OneLogin_Saml2_Constants.SHA512: xmlsec.Transform.SHA512 } digest_algorithm_transform = digest_algorithm_transform_map.get(digest_algorithm, xmlsec.Transform.SHA1) ref = xmlsec.template.add_reference(signature, digest_algorithm_transform, uri=elem_id) xmlsec.template.add_transform(ref, xmlsec.Transform.ENVELOPED) xmlsec.template.add_transform(ref, xmlsec.Transform.EXCL_C14N) key_info = xmlsec.template.ensure_key_info(signature) xmlsec.template.add_x509_data(key_info) dsig_ctx = xmlsec.SignatureContext() sign_key = xmlsec.Key.from_memory(key, xmlsec.KeyFormat.PEM, None) sign_key.load_cert_from_memory(cert, xmlsec.KeyFormat.PEM) dsig_ctx.key = sign_key dsig_ctx.sign(signature) return OneLogin_Saml2_XML.to_string(elem) @staticmethod @return_false_on_exception def validate_sign(xml, cert=None, fingerprint=None, fingerprintalg='sha1', validatecert=False, debug=False, xpath=None, multicerts=None): """ Validates a signature (Message or Assertion). :param xml: The element we should validate :type: string | Document :param cert: The public cert :type: string :param fingerprint: The fingerprint of the public cert :type: string :param fingerprintalg: The algorithm used to build the fingerprint :type: string :param validatecert: If true, will verify the signature and if the cert is valid. :type: bool :param debug: Activate the xmlsec debug :type: bool :param xpath: The xpath of the signed element :type: string :param multicerts: Multiple public certs :type: list :param raise_exceptions: Whether to return false on failure or raise an exception :type raise_exceptions: Boolean """ if xml is None or xml == '': raise Exception('Empty string supplied as input') elem = OneLogin_Saml2_XML.to_etree(xml) xmlsec.enable_debug_trace(debug) xmlsec.tree.add_ids(elem, ["ID"]) if xpath: signature_nodes = OneLogin_Saml2_XML.query(elem, xpath) else: signature_nodes = OneLogin_Saml2_XML.query(elem, OneLogin_Saml2_Utils.RESPONSE_SIGNATURE_XPATH) if len(signature_nodes) == 0: signature_nodes = OneLogin_Saml2_XML.query(elem, OneLogin_Saml2_Utils.ASSERTION_SIGNATURE_XPATH) if len(signature_nodes) == 1: signature_node = signature_nodes[0] if not multicerts: return OneLogin_Saml2_Utils.validate_node_sign(signature_node, elem, cert, fingerprint, fingerprintalg, validatecert, debug, raise_exceptions=True) else: # If multiple certs are provided, I may ignore cert and # fingerprint provided by the method and just check the # certs multicerts fingerprint = fingerprintalg = None for cert in multicerts: if OneLogin_Saml2_Utils.validate_node_sign(signature_node, elem, cert, fingerprint, fingerprintalg, validatecert, False, raise_exceptions=False): return True raise OneLogin_Saml2_ValidationError( 'Signature validation failed. SAML Response rejected.', OneLogin_Saml2_ValidationError.INVALID_SIGNATURE ) else: raise OneLogin_Saml2_ValidationError( 'Expected exactly one signature node; got {}.'.format(len(signature_nodes)), OneLogin_Saml2_ValidationError.WRONG_NUMBER_OF_SIGNATURES ) @staticmethod @return_false_on_exception def validate_metadata_sign(xml, cert=None, fingerprint=None, fingerprintalg='sha1', validatecert=False, debug=False): """ Validates a signature of a EntityDescriptor. :param xml: The element we should validate :type: string | Document :param cert: The public cert :type: string :param fingerprint: The fingerprint of the public cert :type: string :param fingerprintalg: The algorithm used to build the fingerprint :type: string :param validatecert: If true, will verify the signature and if the cert is valid. :type: bool :param debug: Activate the xmlsec debug :type: bool :param raise_exceptions: Whether to return false on failure or raise an exception :type raise_exceptions: Boolean """ if xml is None or xml == '': raise Exception('Empty string supplied as input') elem = OneLogin_Saml2_XML.to_etree(xml) xmlsec.enable_debug_trace(debug) xmlsec.tree.add_ids(elem, ["ID"]) signature_nodes = OneLogin_Saml2_XML.query(elem, '/md:EntitiesDescriptor/ds:Signature') if len(signature_nodes) == 0: signature_nodes += OneLogin_Saml2_XML.query(elem, '/md:EntityDescriptor/ds:Signature') if len(signature_nodes) == 0: signature_nodes += OneLogin_Saml2_XML.query(elem, '/md:EntityDescriptor/md:SPSSODescriptor/ds:Signature') signature_nodes += OneLogin_Saml2_XML.query(elem, '/md:EntityDescriptor/md:IDPSSODescriptor/ds:Signature') if len(signature_nodes) > 0: for signature_node in signature_nodes: # Raises expection if invalid OneLogin_Saml2_Utils.validate_node_sign(signature_node, elem, cert, fingerprint, fingerprintalg, validatecert, debug, raise_exceptions=True) return True else: raise Exception('Could not validate metadata signature: No signature nodes found.') @staticmethod @return_false_on_exception def validate_node_sign(signature_node, elem, cert=None, fingerprint=None, fingerprintalg='sha1', validatecert=False, debug=False): """ Validates a signature node. :param signature_node: The signature node :type: Node :param xml: The element we should validate :type: Document :param cert: The public cert :type: string :param fingerprint: The fingerprint of the public cert :type: string :param fingerprintalg: The algorithm used to build the fingerprint :type: string :param validatecert: If true, will verify the signature and if the cert is valid. :type: bool :param debug: Activate the xmlsec debug :type: bool :param raise_exceptions: Whether to return false on failure or raise an exception :type raise_exceptions: Boolean """ if (cert is None or cert == '') and fingerprint: x509_certificate_nodes = OneLogin_Saml2_XML.query(signature_node, '//ds:Signature/ds:KeyInfo/ds:X509Data/ds:X509Certificate') if len(x509_certificate_nodes) > 0: x509_certificate_node = x509_certificate_nodes[0] x509_cert_value = OneLogin_Saml2_XML.element_text(x509_certificate_node) x509_cert_value_formatted = OneLogin_Saml2_Utils.format_cert(x509_cert_value) x509_fingerprint_value = OneLogin_Saml2_Utils.calculate_x509_fingerprint(x509_cert_value_formatted, fingerprintalg) if fingerprint == x509_fingerprint_value: cert = x509_cert_value_formatted if cert is None or cert == '': raise OneLogin_Saml2_Error( 'Could not validate node signature: No certificate provided.', OneLogin_Saml2_Error.CERT_NOT_FOUND ) # Check if Reference URI is empty # reference_elem = OneLogin_Saml2_XML.query(signature_node, '//ds:Reference') # if len(reference_elem) > 0: # if reference_elem[0].get('URI') == '': # reference_elem[0].set('URI', '#%s' % signature_node.getparent().get('ID')) if validatecert: manager = xmlsec.KeysManager() manager.load_cert_from_memory(cert, xmlsec.KeyFormat.CERT_PEM, xmlsec.KeyDataType.TRUSTED) dsig_ctx = xmlsec.SignatureContext(manager) else: dsig_ctx = xmlsec.SignatureContext() dsig_ctx.key = xmlsec.Key.from_memory(cert, xmlsec.KeyFormat.CERT_PEM, None) dsig_ctx.set_enabled_key_data([xmlsec.KeyData.X509]) try: dsig_ctx.verify(signature_node) except Exception as err: raise OneLogin_Saml2_ValidationError( 'Signature validation failed. SAML Response rejected. %s', OneLogin_Saml2_ValidationError.INVALID_SIGNATURE, str(err) ) return True @staticmethod def sign_binary(msg, key, algorithm=xmlsec.Transform.RSA_SHA1, debug=False): """ Sign binary message :param msg: The element we should validate :type: bytes :param key: The private key :type: string :param debug: Activate the xmlsec debug :type: bool :return signed message :rtype str """ if isinstance(msg, str): msg = msg.encode('utf8') xmlsec.enable_debug_trace(debug) dsig_ctx = xmlsec.SignatureContext() dsig_ctx.key = xmlsec.Key.from_memory(key, xmlsec.KeyFormat.PEM, None) return dsig_ctx.sign_binary(compat.to_bytes(msg), algorithm) @staticmethod def validate_binary_sign(signed_query, signature, cert=None, algorithm=OneLogin_Saml2_Constants.RSA_SHA1, debug=False): """ Validates signed binary data (Used to validate GET Signature). :param signed_query: The element we should validate :type: string :param signature: The signature that will be validate :type: string :param cert: The public cert :type: string :param algorithm: Signature algorithm :type: string :param debug: Activate the xmlsec debug :type: bool """ try: xmlsec.enable_debug_trace(debug) dsig_ctx = xmlsec.SignatureContext() dsig_ctx.key = xmlsec.Key.from_memory(cert, xmlsec.KeyFormat.CERT_PEM, None) sign_algorithm_transform_map = { OneLogin_Saml2_Constants.DSA_SHA1: xmlsec.Transform.DSA_SHA1, OneLogin_Saml2_Constants.RSA_SHA1: xmlsec.Transform.RSA_SHA1, OneLogin_Saml2_Constants.RSA_SHA256: xmlsec.Transform.RSA_SHA256, OneLogin_Saml2_Constants.RSA_SHA384: xmlsec.Transform.RSA_SHA384, OneLogin_Saml2_Constants.RSA_SHA512: xmlsec.Transform.RSA_SHA512 } sign_algorithm_transform = sign_algorithm_transform_map.get(algorithm, xmlsec.Transform.RSA_SHA1) dsig_ctx.verify_binary(compat.to_bytes(signed_query), sign_algorithm_transform, compat.to_bytes(signature)) return True except xmlsec.Error as e: if debug: print(e) return False @staticmethod def normalize_url(url): """ Returns normalized URL for comparison. This method converts the netloc to lowercase, as it should be case-insensitive (per RFC 4343, RFC 7617) If standardization fails, the original URL is returned Python documentation indicates that URL split also normalizes query strings if empty query fields are present :param url: URL :type url: String :returns: A normalized URL, or the given URL string if parsing fails :rtype: String """ try: scheme, netloc, path, query, fragment = urlsplit(url) normalized_url = urlunsplit((scheme.lower(), netloc.lower(), path, query, fragment)) return normalized_url except Exception: return url python3-saml-1.12.0/src/onelogin/saml2/xml_templates.py000066400000000000000000000130331410551756100230050ustar00rootroot00000000000000# -*- coding: utf-8 -*- """ OneLogin_Saml2_Auth class Copyright (c) 2010-2021 OneLogin, Inc. MIT License Main class of OneLogin's Python Toolkit. Initializes the SP SAML instance """ class OneLogin_Saml2_Templates(object): ATTRIBUTE = """ %s """ AUTHN_REQUEST = """\ %(entity_id)s%(subject_str)s%(nameid_policy_str)s %(requested_authn_context_str)s """ LOGOUT_REQUEST = """\ %(entity_id)s %(name_id)s %(session_index)s """ LOGOUT_RESPONSE = """\ %(entity_id)s """ MD_CONTACT_PERSON = """\ %(name)s %(email)s """ MD_SLS = """\ \n""" MD_REQUESTED_ATTRIBUTE = """\ %(service_name)s %(attr_cs_desc)s%(requested_attribute_str)s \n""" MD_ENTITY_DESCRIPTOR = """\ %(sls)s %(name_id_format)s %(attribute_consuming_service)s %(organization)s %(contacts)s """ MD_ORGANISATION = """\ %(name)s %(display_name)s %(url)s """ RESPONSE = """\ %(entity_id)s %(entity_id)s %(name_id)s %(requester)s %(authn_context)s %(attributes)s """ python3-saml-1.12.0/src/onelogin/saml2/xml_utils.py000066400000000000000000000135051410551756100221530ustar00rootroot00000000000000# -*- coding: utf-8 -*- """ OneLogin_Saml2_XML class Copyright (c) 2010-2021 OneLogin, Inc. MIT License Auxiliary class of OneLogin's Python Toolkit. """ from os.path import join, dirname from lxml import etree from onelogin.saml2 import compat from onelogin.saml2.constants import OneLogin_Saml2_Constants from onelogin.saml2.xmlparser import tostring, fromstring for prefix, url in OneLogin_Saml2_Constants.NSMAP.items(): etree.register_namespace(prefix, url) class OneLogin_Saml2_XML(object): _element_class = type(etree.Element('root')) _parse_etree = staticmethod(fromstring) _schema_class = etree.XMLSchema _text_class = compat.text_types _bytes_class = compat.bytes_type _unparse_etree = staticmethod(tostring) dump = staticmethod(etree.dump) make_root = staticmethod(etree.Element) make_child = staticmethod(etree.SubElement) @staticmethod def to_string(xml, **kwargs): """ Serialize an element to an encoded string representation of its XML tree. :param xml: The root node :type xml: str|bytes|xml.dom.minidom.Document|etree.Element :returns: string representation of xml :rtype: string """ if isinstance(xml, OneLogin_Saml2_XML._text_class): return xml if isinstance(xml, OneLogin_Saml2_XML._element_class): OneLogin_Saml2_XML.cleanup_namespaces(xml) return OneLogin_Saml2_XML._unparse_etree(xml, **kwargs) raise ValueError("unsupported type %r" % type(xml)) @staticmethod def to_etree(xml): """ Parses an XML document or fragment from a string. :param xml: the string to parse :type xml: str|bytes|xml.dom.minidom.Document|etree.Element :returns: the root node :rtype: OneLogin_Saml2_XML._element_class """ if isinstance(xml, OneLogin_Saml2_XML._element_class): return xml if isinstance(xml, OneLogin_Saml2_XML._bytes_class): return OneLogin_Saml2_XML._parse_etree(xml, forbid_dtd=True, forbid_entities=True) if isinstance(xml, OneLogin_Saml2_XML._text_class): return OneLogin_Saml2_XML._parse_etree(compat.to_bytes(xml), forbid_dtd=True, forbid_entities=True) raise ValueError('unsupported type %r' % type(xml)) @staticmethod def validate_xml(xml, schema, debug=False): """ Validates a xml against a schema :param xml: The xml that will be validated :type xml: str|bytes|xml.dom.minidom.Document|etree.Element :param schema: The schema :type schema: string :param debug: If debug is active, the parse-errors will be showed :type debug: bool :returns: Error code or the DomDocument of the xml :rtype: xml.dom.minidom.Document """ assert isinstance(schema, compat.str_type) try: xml = OneLogin_Saml2_XML.to_etree(xml) except Exception as e: if debug: print(e) return 'unloaded_xml' schema_file = join(dirname(__file__), 'schemas', schema) with open(schema_file, 'r') as f_schema: xmlschema = OneLogin_Saml2_XML._schema_class(etree.parse(f_schema)) if not xmlschema.validate(xml): if debug: print('Errors validating the metadata: ') for error in xmlschema.error_log: print(error.message) return 'invalid_xml' return xml @staticmethod def query(dom, query, context=None, tagid=None): """ Extracts nodes that match the query from the Element :param dom: The root of the lxml objet :type: Element :param query: Xpath Expresion :type: string :param context: Context Node :type: DOMElement :param tagid: Tag ID :type query: String :returns: The queried nodes :rtype: list """ if context is None: source = dom else: source = context if tagid is None: return source.xpath(query, namespaces=OneLogin_Saml2_Constants.NSMAP) else: return source.xpath(query, tagid=tagid, namespaces=OneLogin_Saml2_Constants.NSMAP) @staticmethod def cleanup_namespaces(tree_or_element, top_nsmap=None, keep_ns_prefixes=None): """ Keeps the xmlns:xs namespace intact when etree.cleanup_namespaces is invoked. :param tree_or_element: An XML tree or element :type tree_or_element: etree.Element :param top_nsmap: A mapping from namespace prefixes to namespace URIs :type top_nsmap: dict :param keep_ns_prefixes: List of prefixes that should not be removed as part of the cleanup :type keep_ns_prefixes: list :returns: An XML tree or element :rtype: etree.Element """ all_prefixes_to_keep = [ OneLogin_Saml2_Constants.NS_PREFIX_XS, OneLogin_Saml2_Constants.NS_PREFIX_XSI, OneLogin_Saml2_Constants.NS_PREFIX_XSD ] if keep_ns_prefixes: all_prefixes_to_keep = list(set(all_prefixes_to_keep.extend(keep_ns_prefixes))) return etree.cleanup_namespaces(tree_or_element, keep_ns_prefixes=all_prefixes_to_keep) @staticmethod def extract_tag_text(xml, tagname): open_tag = compat.to_bytes("<%s" % tagname) close_tag = compat.to_bytes("" % tagname) xml = OneLogin_Saml2_XML.to_string(xml) start = xml.find(open_tag) assert start != -1 end = xml.find(close_tag, start) + len(close_tag) assert end != -1 return compat.to_string(xml[start:end]) @staticmethod def element_text(node): # Double check, the LXML Parser already removes comments etree.strip_tags(node, etree.Comment) return node.text python3-saml-1.12.0/src/onelogin/saml2/xmlparser.py000066400000000000000000000132721410551756100221510ustar00rootroot00000000000000# -*- coding: utf-8 -*- # Based on the lxml example from defusedxml # DTDForbidden, EntitiesForbidden, NotSupportedError are clones of the classes defined at defusedxml # # Copyright (c) 2013 by Christian Heimes # Licensed to PSF under a Contributor Agreement. # See https://www.python.org/psf/license for licensing details. """lxml.etree protection""" from __future__ import print_function, absolute_import import threading from lxml import etree as _etree LXML3 = _etree.LXML_VERSION[0] >= 3 __origin__ = "lxml.etree" tostring = _etree.tostring class DTDForbidden(ValueError): """Document type definition is forbidden """ def __init__(self, name, sysid, pubid): super(DTDForbidden, self).__init__() self.name = name self.sysid = sysid self.pubid = pubid def __str__(self): tpl = "DTDForbidden(name='{}', system_id={!r}, public_id={!r})" return tpl.format(self.name, self.sysid, self.pubid) class EntitiesForbidden(ValueError): """Entity definition is forbidden """ def __init__(self, name, value, base, sysid, pubid, notation_name): super(EntitiesForbidden, self).__init__() self.name = name self.value = value self.base = base self.sysid = sysid self.pubid = pubid self.notation_name = notation_name def __str__(self): tpl = "EntitiesForbidden(name='{}', system_id={!r}, public_id={!r})" return tpl.format(self.name, self.sysid, self.pubid) class NotSupportedError(ValueError): """The operation is not supported """ class RestrictedElement(_etree.ElementBase): """A restricted Element class that filters out instances of some classes """ __slots__ = () blacklist = (_etree._Entity, _etree._ProcessingInstruction, _etree._Comment) def _filter(self, iterator): blacklist = self.blacklist for child in iterator: if isinstance(child, blacklist): continue yield child def __iter__(self): iterator = super(RestrictedElement, self).__iter__() return self._filter(iterator) def iterchildren(self, tag=None, reversed=False): iterator = super(RestrictedElement, self).iterchildren(tag=tag, reversed=reversed) return self._filter(iterator) def iter(self, tag=None, *tags): iterator = super(RestrictedElement, self).iter(tag=tag, *tags) return self._filter(iterator) def iterdescendants(self, tag=None, *tags): iterator = super(RestrictedElement, self).iterdescendants(tag=tag, *tags) return self._filter(iterator) def itersiblings(self, tag=None, preceding=False): iterator = super(RestrictedElement, self).itersiblings(tag=tag, preceding=preceding) return self._filter(iterator) def getchildren(self): iterator = super(RestrictedElement, self).__iter__() return list(self._filter(iterator)) def getiterator(self, tag=None): iterator = super(RestrictedElement, self).getiterator(tag) return self._filter(iterator) class GlobalParserTLS(threading.local): """Thread local context for custom parser instances """ parser_config = { "resolve_entities": False, 'remove_comments': True, 'no_network': True, 'remove_pis': True, 'huge_tree': False } element_class = RestrictedElement def createDefaultParser(self): parser = _etree.XMLParser(**self.parser_config) element_class = self.element_class if self.element_class is not None: lookup = _etree.ElementDefaultClassLookup(element=element_class) parser.set_element_class_lookup(lookup) return parser def setDefaultParser(self, parser): self._default_parser = parser def getDefaultParser(self): parser = getattr(self, "_default_parser", None) if parser is None: parser = self.createDefaultParser() self.setDefaultParser(parser) return parser _parser_tls = GlobalParserTLS() getDefaultParser = _parser_tls.getDefaultParser def check_docinfo(elementtree, forbid_dtd=False, forbid_entities=True): """Check docinfo of an element tree for DTD and entity declarations The check for entity declarations needs lxml 3 or newer. lxml 2.x does not support dtd.iterentities(). """ docinfo = elementtree.docinfo if docinfo.doctype: if forbid_dtd: raise DTDForbidden(docinfo.doctype, docinfo.system_url, docinfo.public_id) if forbid_entities and not LXML3: # lxml < 3 has no iterentities() raise NotSupportedError("Unable to check for entity declarations " "in lxml 2.x") if forbid_entities: for dtd in docinfo.internalDTD, docinfo.externalDTD: if dtd is None: continue for entity in dtd.iterentities(): raise EntitiesForbidden(entity.name, entity.content, None, None, None, None) def parse(source, parser=None, base_url=None, forbid_dtd=True, forbid_entities=True): if parser is None: parser = getDefaultParser() elementtree = _etree.parse(source, parser, base_url=base_url) check_docinfo(elementtree, forbid_dtd, forbid_entities) return elementtree def fromstring(text, parser=None, base_url=None, forbid_dtd=True, forbid_entities=True): if parser is None: parser = getDefaultParser() rootelement = _etree.fromstring(text, parser, base_url=base_url) elementtree = rootelement.getroottree() check_docinfo(elementtree, forbid_dtd, forbid_entities) return rootelement XML = fromstring def iterparse(*args, **kwargs): raise NotSupportedError("iterparse not available") python3-saml-1.12.0/tests/000077500000000000000000000000001410551756100153005ustar00rootroot00000000000000python3-saml-1.12.0/tests/__init__.py000066400000000000000000000000001410551756100173770ustar00rootroot00000000000000python3-saml-1.12.0/tests/certs/000077500000000000000000000000001410551756100164205ustar00rootroot00000000000000python3-saml-1.12.0/tests/certs/certificate1000066400000000000000000000012041410551756100207030ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIBrTCCAaGgAwIBAgIBATADBgEAMGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApD YWxpZm9ybmlhMRUwEwYDVQQHDAxTYW50YSBNb25pY2ExETAPBgNVBAoMCE9uZUxv Z2luMRkwFwYDVQQDDBBhcHAub25lbG9naW4uY29tMB4XDTEwMTAxMTIxMTUxMloX DTE1MTAxMTIxMTUxMlowZzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3Ju aWExFTATBgNVBAcMDFNhbnRhIE1vbmljYTERMA8GA1UECgwIT25lTG9naW4xGTAX BgNVBAMMEGFwcC5vbmVsb2dpbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ AoGBAMPmjfjy7L35oDpeBXBoRVCgktPkLno9DOEWB7MgYMMVKs2B6ymWQLEWrDug MK1hkzWFhIb5fqWLGbWy0J0veGR9/gHOQG+rD/I36xAXnkdiXXhzoiAG/zQxM0ed MOUf40n314FC8moErcUg6QabttzesO59HFz6shPuxcWaVAgxAgMBAAEwAwYBAAMB AA== -----END CERTIFICATE----- python3-saml-1.12.0/tests/coverage.rc000066400000000000000000000010461410551756100174220ustar00rootroot00000000000000[run] branch = True omit = [paths] source = src/onelogin/saml2 [report] # Regexes for lines to exclude from consideration exclude_lines = # Have to re-enable the standard pragma pragma: no cover # Don't complain about missing debug-only code: def __repr__ if self\.debug if debug # Don't complain if tests don't hit defensive assertion code: raise AssertionError raise NotImplementedError # Don't complain if non-runnable code isn't run: if 0: if __name__ == .__main__.: ignore_errors = True python3-saml-1.12.0/tests/data/000077500000000000000000000000001410551756100162115ustar00rootroot00000000000000python3-saml-1.12.0/tests/data/customPath/000077500000000000000000000000001410551756100203405ustar00rootroot00000000000000python3-saml-1.12.0/tests/data/customPath/advanced_settings.json000066400000000000000000000011121410551756100247130ustar00rootroot00000000000000{ "security": { "authnRequestsSigned": false, "wantAssertionsSigned": false, "signMetadata": false }, "contactPerson": { "technical": { "givenName": "technical_name", "emailAddress": "technical@example.com" }, "support": { "givenName": "support_name", "emailAddress": "support@example.com" } }, "organization": { "en-US": { "name": "sp_test", "displayname": "SP test", "url": "http://sp.example.com" } } } python3-saml-1.12.0/tests/data/customPath/certs/000077500000000000000000000000001410551756100214605ustar00rootroot00000000000000python3-saml-1.12.0/tests/data/customPath/certs/idp.crt000066400000000000000000000016371410551756100227550ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMC Tk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYD VQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG 9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4 MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xi ZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2Zl aWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5v MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LO NoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHIS KOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d 1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8 BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7n bK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2Qar Q4/67OZfHd7R+POBXhophSMv1ZOo -----END CERTIFICATE-----python3-saml-1.12.0/tests/data/customPath/certs/metadata.crt000077500000000000000000000016401410551756100237560ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMC Tk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYD VQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG 9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4 MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xi ZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2Zl aWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5v MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LO NoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHIS KOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d 1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8 BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7n bK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2Qar Q4/67OZfHd7R+POBXhophSMv1ZOo -----END CERTIFICATE----- python3-saml-1.12.0/tests/data/customPath/certs/metadata.key000077500000000000000000000015731410551756100237630ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIICXgIBAAKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9 IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+ PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQAB AoGAD4/Z4LWVWV6D1qMIp1Gzr0ZmdWTE1SPdZ7Ej8glGnCzPdguCPuzbhGXmIg0V J5D+02wsqws1zd48JSMXXM8zkYZVwQYIPUsNn5FetQpwxDIMPmhHg+QNBgwOnk8J K2sIjjLPL7qY7Itv7LT7Gvm5qSOkZ33RCgXcgz+okEIQMYkCQQDzbTOyDL0c5WQV 6A2k06T/azdhUdGXF9C0+WkWSfNaovmTgRXh1G+jMlr82Snz4p4/STt7P/XtyWzF 3pkVgZr3AkEA7nPjXwHlttNEMo6AtxHd47nizK2NUN803ElIUT8P9KSCoERmSXq6 6PDekGNic4ldpsSvOeYCk8MAYoDBy9kvVwJBAMLgX4xg6lzhv7hR5+pWjTb1rIY6 rCHbrPfU264+UZXz9v2BT/VUznLF81WMvStD9xAPHpFS6R0OLghSZhdzhI0CQQDL 8Duvfxzrn4b9QlmduV8wLERoT6rEVxKLsPVz316TGrxJvBZLk/cV0SRZE1cZf4uk XSWMfEcJ/0Zt+LdG1CqjAkEAqwLSglJ9Dy3HpgMz4vAAyZWzAxvyA1zW0no9GOLc PQnYaNUN/Fy2SYtETXTb0CQ9X1rt8ffkFP7ya+5TC83aMg== -----END RSA PRIVATE KEY----- python3-saml-1.12.0/tests/data/customPath/certs/sp.crt000077500000000000000000000016401410551756100226200ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMC Tk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYD VQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG 9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4 MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xi ZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2Zl aWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5v MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LO NoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHIS KOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d 1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8 BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7n bK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2Qar Q4/67OZfHd7R+POBXhophSMv1ZOo -----END CERTIFICATE----- python3-saml-1.12.0/tests/data/customPath/certs/sp.key000077500000000000000000000015731410551756100226250ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIICXgIBAAKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9 IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+ PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQAB AoGAD4/Z4LWVWV6D1qMIp1Gzr0ZmdWTE1SPdZ7Ej8glGnCzPdguCPuzbhGXmIg0V J5D+02wsqws1zd48JSMXXM8zkYZVwQYIPUsNn5FetQpwxDIMPmhHg+QNBgwOnk8J K2sIjjLPL7qY7Itv7LT7Gvm5qSOkZ33RCgXcgz+okEIQMYkCQQDzbTOyDL0c5WQV 6A2k06T/azdhUdGXF9C0+WkWSfNaovmTgRXh1G+jMlr82Snz4p4/STt7P/XtyWzF 3pkVgZr3AkEA7nPjXwHlttNEMo6AtxHd47nizK2NUN803ElIUT8P9KSCoERmSXq6 6PDekGNic4ldpsSvOeYCk8MAYoDBy9kvVwJBAMLgX4xg6lzhv7hR5+pWjTb1rIY6 rCHbrPfU264+UZXz9v2BT/VUznLF81WMvStD9xAPHpFS6R0OLghSZhdzhI0CQQDL 8Duvfxzrn4b9QlmduV8wLERoT6rEVxKLsPVz316TGrxJvBZLk/cV0SRZE1cZf4uk XSWMfEcJ/0Zt+LdG1CqjAkEAqwLSglJ9Dy3HpgMz4vAAyZWzAxvyA1zW0no9GOLc PQnYaNUN/Fy2SYtETXTb0CQ9X1rt8ffkFP7ya+5TC83aMg== -----END RSA PRIVATE KEY----- python3-saml-1.12.0/tests/data/customPath/settings.json000077700000000000000000000000001410551756100301702../../settings/settings1.jsonustar00rootroot00000000000000python3-saml-1.12.0/tests/data/logout_requests/000077500000000000000000000000001410551756100214555ustar00rootroot00000000000000python3-saml-1.12.0/tests/data/logout_requests/invalids/000077500000000000000000000000001410551756100232665ustar00rootroot00000000000000python3-saml-1.12.0/tests/data/logout_requests/invalids/invalid_issuer.xml000066400000000000000000000014651410551756100270360ustar00rootroot00000000000000 https://example.hello.com/access/saml ONELOGIN_1e442c129e1f822c8096086a1103c5ee2c7cae1c python3-saml-1.12.0/tests/data/logout_requests/invalids/invalid_issuer.xml.base64000066400000000000000000000007741410551756100301230ustar00rootroot00000000000000jZPfb4IwEMffTfwfDO9CW8BJoxgTt8XEyTaXPexl6coxSaBlXFn881dwP3yQxT411+v3+7n2brY4lMXoE2rMtZo71CXOIh4OZijKouIb/a4b8wgfDaAZ2UyFvDuZO02tuBaYI1eiBORG8t3ybsOZS3hVa6OlLpzhYHRu/Qn9ryMQoTYWrE9ovZo7yfZ6k9yut6+MhtNAyjQTUvgTQYNQQBSRIGCpTKPJWwYTQkMKfWLPP49grXsNERtYKzRCGZtIqD+mbEzJEwm4H3GfvvTdXNkXzJUwncPemIp7Hpomy1ypSw9UWulcGTzZYYFuta/6BLfaJCqpl5mBukVh/piEF6HEx3j3x7yrqI5bIrRIcBBlVYC7h6LQHZqQEtDS2OSZd3rlVGVr/269Gu3u281DI4o8y1usi2TPcd7ouhSmvz2oS7tIno6zLpU3CiuQrW96TjD+7RMKtiUkZRHQbMqYnJJoQqa2YSjxZQjA5JUUQOV3tcfS2pnwzgxF/AU=python3-saml-1.12.0/tests/data/logout_requests/invalids/no_nameId.xml000066400000000000000000000011121410551756100256740ustar00rootroot00000000000000 https://example.hello.com/access/saml python3-saml-1.12.0/tests/data/logout_requests/invalids/not_after_failed.xml000066400000000000000000000014311410551756100272740ustar00rootroot00000000000000 http://idp.example.com/ ONELOGIN_1e442c129e1f822c8096086a1103c5ee2c7cae1c python3-saml-1.12.0/tests/data/logout_requests/invalids/not_after_failed.xml.base64000066400000000000000000000007501410551756100303620ustar00rootroot00000000000000jVJNT8MwDL1P2n+Yel+b9Is12jpNGqBKYwOGOHBBIXVZpTYJdYr282m7ATu0iJwsx37v2X7z5bEsJp9QYa7kwqI2sZbxeDRHXhaabdS7qs0jfNSAZtJUSmTdz8KqK8kUxxyZ5CUgM4LtV3cb5tqE6UoZJVRhjUeTvvcL9DcOR4TKNMKGgJL1wtptrze722T76tJg5guRZlxwL+TUDzhEEfF9NxVpFL5lEBIaUBgCe/5eQkM9SIhYQyLRcGmaQkK9KXWnlDwRn3kR8+jLUOe62WAuuekYDsZo5jho6iyzhSodkKlWuTR4EWGBtj7oIcCtMju5q1aZgeoshQT/khKf8t2NWTdRFZ8V5am24chLXUCna+5cFl32bZtrJevJ/r4NHmpe5FneChkA6tNyo6qSm2ELUJt2mTydZl0pqyVqEC1T2gcY/3iBQnN2Qd0IaDZzXTEjUUhmjSko8UQA4IorwYGK83ynYVrfOz3Gj78Apython3-saml-1.12.0/tests/data/logout_requests/logout_request.xml000066400000000000000000000013401410551756100252560ustar00rootroot00000000000000 http://idp.example.com/ ONELOGIN_1e442c129e1f822c8096086a1103c5ee2c7cae1c python3-saml-1.12.0/tests/data/logout_requests/logout_request.xml.base64000066400000000000000000000017441410551756100263510ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6TG9nb3V0UmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIg0KICAgICAgICAgICAgICAgICAgICAgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiINCiAgICAgICAgICAgICAgICAgICAgIElEPSJPTkVMT0dJTl8yMTU4NGNjZGZhY2EzNmExNDVhZTk5MDQ0MmRjZDk2YmZlNjAxNTFlIg0KICAgICAgICAgICAgICAgICAgICAgVmVyc2lvbj0iMi4wIg0KICAgICAgICAgICAgICAgICAgICAgSXNzdWVJbnN0YW50PSIyMDEzLTEyLTEwVDA0OjM5OjMxWiINCiAgICAgICAgICAgICAgICAgICAgIERlc3RpbmF0aW9uPSJodHRwOi8vc3R1ZmYuY29tL2VuZHBvaW50cy9lbmRwb2ludHMvc2xzLnBocCINCiAgICAgICAgICAgICAgICAgICAgID4NCiAgICA8c2FtbDpJc3N1ZXI+aHR0cDovL2lkcC5leGFtcGxlLmNvbS88L3NhbWw6SXNzdWVyPg0KICAgIDxzYW1sOk5hbWVJRCBTUE5hbWVRdWFsaWZpZXI9Imh0dHA6Ly9pZHAuZXhhbXBsZS5jb20vIg0KICAgICAgICAgICAgICAgICBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OnVuc3BlY2lmaWVkIg0KICAgICAgICAgICAgICAgICA+T05FTE9HSU5fMWU0NDJjMTI5ZTFmODIyYzgwOTYwODZhMTEwM2M1ZWUyYzdjYWUxYzwvc2FtbDpOYW1lSUQ+DQo8L3NhbWxwOkxvZ291dFJlcXVlc3Q+python3-saml-1.12.0/tests/data/logout_requests/logout_request_deflated.xml.base64000066400000000000000000000007301410551756100301730ustar00rootroot00000000000000fZJNT4NAEIbvTfofCPfCLh8VNi2NSdWQ1Fat8eDFrMtgSWB3ZRbTny+ltTYG3NNkduaZj3dmi31VWl9QY6Hk3KYOsRfJeDRDXpWardSHaswTfDaAxmojJbLuZ243tWSKY4FM8gqQGcG21/cr5jmE6VoZJVRpj0dW3/sF/c/hiFCbtrEhULqc25v1zWpzl67fPBpGgRBZzgX3p5wGIYc4JkHgZSKLp+85TAkNKQzBXn6W0JYeLIjYQCrRcGnaQEL9CfUmlDyTgPkx8+nrUOay3WAhuekq7IzRzHXRNHnuCFW5IDOtCmnwwsISHb3TQ8Dk6O+UYl1fdXLiFpl2YM8rXUJHn7mXQZd563bn6dLaPhyMx4aXRV5AfW7wL6ivl1tVV9wMC0kd2nmKbJJ3oayRqEEcKmV9wOSsKIVWPEG9GGgeeZ6ISDwlUSstJb4IATxxJThQcZrvOMzhet2e802+AQ==python3-saml-1.12.0/tests/data/logout_requests/logout_request_encrypted_nameid.xml000066400000000000000000000036501410551756100306560ustar00rootroot00000000000000 http://stuff.com/endpoints/metadata.php Dqhp3WPaoV7i2ry6ZywsfTa0ctWf9a37+BTPLlIycvpRqSObwvBoEGCezXpxUaMTNcFp6p7qSzyGpAbf/h3Qowt1gQqhTn04ofGOwXoMD21Pr5DCbjs9roU005DExjLCFKbf5P3de8QZh5Lcz3dVBU3y1Kc6wku/RuD/HfYBy7g= h1PDxhhKkO/IyIb4G5JFoHnBhaNj7n8fh8jqjHhFkRZtwpS/9HXENF3R+1F6XeHs3YfhbLJDHJroQPJwh4PjRUQnPYHdH5YbriR59VI0H9DoMWaJvd9wEMnH6FniXak9npP8BFPhV0uW1r3ynZ8mfn6DkBzC/IORRsmDrQv3IAcp+3J/rRui51ccH60xkff4dWsBYHBIHspuDNz8EU02Ho+hSayN3x1e4WuSdIOF0SRkh4r1mQ00/q2PHExdxmHr4wLQe8DkBFmdt+FxuEpjOIzyWgdJ1TbvgfjBe7a10PiiPO3inMy29ObLo0l4fkHH python3-saml-1.12.0/tests/data/logout_requests/logout_request_with_encoding.xml000066400000000000000000000013611410551756100301620ustar00rootroot00000000000000 http://idp.example.com/ ONELOGIN_1e442c129e1f822c8096086a1103c5ee2c7cae1c python3-saml-1.12.0/tests/data/logout_requests/logout_request_with_sessionindex.xml000066400000000000000000000014671410551756100311160ustar00rootroot00000000000000 http://idp.example.com/ ONELOGIN_1e442c129e1f822c8096086a1103c5ee2c7cae1c _ac72a76526cb6ca19f8438e73879a0e6c8ae5131 python3-saml-1.12.0/tests/data/logout_responses/000077500000000000000000000000001410551756100216235ustar00rootroot00000000000000python3-saml-1.12.0/tests/data/logout_responses/invalids/000077500000000000000000000000001410551756100234345ustar00rootroot00000000000000python3-saml-1.12.0/tests/data/logout_responses/invalids/no_status.xml.base64000066400000000000000000000006051410551756100272610ustar00rootroot00000000000000fZLBasMwDIbvfYqSexM7TkxtmsKgYxS6Fraywy7FseU1kNgmcqCPvy7bWBnLdLJk+ft/Ia9QdW2QO//mh/gEGLxDmF+61qEcr6pk6J30ChuUTnWAMmr5fPe4k3lKZOh99Nq3yWz+Z/yA/ucoROhj490UaLupkpMVAJzWRpjacsYJt0oJBaympCyWpqwZL7mtl6WYwrxAj1eVKrmKTkohDrB1GJWL10ZC2YLmC0qOpJBMSEZfp15uAGPjVBwVzjEGmWUYB2tT7bsMnAm+cRFvTthiGs5h0or7XsnRV8lhf787PGz3p5yWy0JrY5VWjCtalAqEIEWRG20Ery1wQksKU9j1WF99rEWO0/brL7eNCSlcVBdaGD2vstum2Wf6+7us3wE= python3-saml-1.12.0/tests/data/logout_responses/invalids/status_code_responder.xml.base64000066400000000000000000000006611410551756100316420ustar00rootroot00000000000000fZJda8IwFIbv9yuk99qkH8EEWxhzDMEpTPFiN5I2J7PQJqEnBX/+XKdTYTVXyfl4n/dwMkPZ1E4s7Zft/AegswZhdGxqg6JPZUHXGmElViiMbACFL8Xm+X0pogkRrrXelrYOnkb/nqvQYx2JCK2vrBkSWsyzYK85AKOF4qrQLGaEaSm5hLigJE2mKi1iljJdTFM+JLODFk+ULDhBB1GIHSwMemn8qZDQeEyjMSVbkoiYi5h+DnXOAX1lpO8JB++dCEP0ndaT0jYhGOVsZTze3LDGiTu4QSvmspKtzYL16nW5flus9hFNp0lZKi1LGTNJk1QC5yRJIlUqzgoNjNCUwpBs3sdnP2sR/bRtfnZbKTeBo2xcDb3nWXhbdG1zYuOl7zD/I9yFX6yC0U7WHTxeO/bV4ndIBW0QnhnhPeTyvv+m+Tc= python3-saml-1.12.0/tests/data/logout_responses/logout_response.xml000066400000000000000000000012751410551756100256010ustar00rootroot00000000000000 http://idp.example.com/ python3-saml-1.12.0/tests/data/logout_responses/logout_response.xml.base64000066400000000000000000000016711410551756100266640ustar00rootroot00000000000000PHNhbWxwOkxvZ291dFJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiDQogICAgICAgICAgICAgICAgICAgICAgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiINCiAgICAgICAgICAgICAgICAgICAgICBJRD0iX2Y5ZWU2MWJkOWRiZjYzNjA2ZmFhOWFlM2IxMDU0OGQ1YjM2NTZmYjg1OSINCiAgICAgICAgICAgICAgICAgICAgICBWZXJzaW9uPSIyLjAiDQogICAgICAgICAgICAgICAgICAgICAgSXNzdWVJbnN0YW50PSIyMDEzLTEyLTEwVDA0OjM5OjMxWiINCiAgICAgICAgICAgICAgICAgICAgICBEZXN0aW5hdGlvbj0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL3Nscy5waHAiDQogICAgICAgICAgICAgICAgICAgICAgSW5SZXNwb25zZVRvPSJPTkVMT0dJTl8yMTU4NGNjZGZhY2EzNmExNDVhZTk5MDQ0MmRjZDk2YmZlNjAxNTFlIg0KICAgICAgICAgICAgICAgICAgICAgID4NCiAgICA8c2FtbDpJc3N1ZXI+aHR0cDovL2lkcC5leGFtcGxlLmNvbS88L3NhbWw6SXNzdWVyPg0KICAgIDxzYW1scDpTdGF0dXM+DQogICAgICAgIDxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiIC8+DQogICAgPC9zYW1scDpTdGF0dXM+DQo8L3NhbWxwOkxvZ291dFJlc3BvbnNlPg== python3-saml-1.12.0/tests/data/logout_responses/logout_response_deflated.xml.base64000066400000000000000000000006651410551756100305160ustar00rootroot00000000000000fZJfa8IwFMXf/RSl77ZJ/wQbbGHMMQSnMMWHvUia3M5Cm4TeFPz4c0Wnwmqekpt7z++EkzmKtrF8Zb5N7z4BrdEI3qltNPLhKvf7TnMjsEauRQvIneTbl48VjwLCbWeckabxJ96/6yb0XEcgQudqo8eElovcP1QZAKOlylRZsZgRVgmRCYhLStJkptIyZimrylmajcnsocMzJffP0FEUYg9LjU5od24kNJ7SaErJjiQ8znhMv8YmF4Cu1sINhKNzlochur6qAmnaELSyptYO73bYYGCPdtSKvkayM7m/Wb+tNu/L9SGi6SyRUlVCipgJmqQCsowkSaSkylhZASM0pTAmWwz1+W8sfHhtV1zc1soGcBKtbWDwPA/vm25jlm+dcD0Wf4SH8qtR4O1F08Pz2HHo5tteSkD0vfCCCB8Z1/PjLy0mPw== python3-saml-1.12.0/tests/data/logout_responses/logout_response_with_encoding.xml000066400000000000000000000013441410551756100304770ustar00rootroot00000000000000 http://idp.example.com/ python3-saml-1.12.0/tests/data/logout_responses/logout_response_with_encoding_deflated.xml.base64000066400000000000000000000007311410551756100334110ustar00rootroot00000000000000fVLdS8MwEH8X/B9K3tcmaxvWsFbELwZzAzd98EXS5KqFNgm9VPbnO6pjm1jzFO5+X8nd/GrXNsEndFhbkxMWUhKAUVbX5j0nz9v7yYxcFZcXc5Rt48TSvtvePwE6axCCPdegGFo56TsjrMQahZEtoPBKbK4fl2IaUuE6662yDbm8CP48R6X/hSQidH6fdVRpcZuTtyoD4KzUmS4rHnPKKykzCXHJaJrMdFrGPOVVOUuzUZ2Xw5/sbcfNEHtYGPTS+D2SsnjCphNGtzQRcSZi9jpKvQX0tZF+8Pjw3okoQt9XVahsG4HRztbG48kNGwzdhxsPYw6D2dqcrFd3y/XDYvU2ZeksUUpXUsmYS5akErKMJslUK53xsgJOWcpgVLf4bgwrIIYXd8VP4Fq7EHaydQ0MsefRKeiE58TGS99jcTQ5q99YDcGLbHr4f/44oMWmVwoQSRAdTKJfLofC+cYWXw== python3-saml-1.12.0/tests/data/metadata/000077500000000000000000000000001410551756100177715ustar00rootroot00000000000000python3-saml-1.12.0/tests/data/metadata/entities_metadata.xml000066400000000000000000000147711410551756100242110ustar00rootroot00000000000000 MIICbDCCAdWgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBTMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRgwFgYDVQQDDA9pZHAuZXhhbXBsZS5jb20wHhcNMTQwOTIzMTIyNDA4WhcNNDIwMjA4MTIyNDA4WjBTMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRgwFgYDVQQDDA9pZHAuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOWA+YHU7cvPOrBOfxCscsYTJB+kH3MaA9BFrSHFS+KcR6cw7oPSktIJxUgvDpQbtfNcOkE/tuOPBDoech7AXfvH6d7Bw7xtW8PPJ2mB5Hn/HGW2roYhxmfh3tR5SdwN6i4ERVF8eLkvwCHsNQyK2Ref0DAJvpBNZMHCpS24916/AgMBAAGjUDBOMB0GA1UdDgQWBBQ77/qVeiigfhYDITplCNtJKZTM8DAfBgNVHSMEGDAWgBQ77/qVeiigfhYDITplCNtJKZTM8DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAJO2j/1uO80E5C2PM6Fk9mzerrbkxl7AZ/mvlbOn+sNZE+VZ1AntYuG8ekbJpJtG1YfRfc7EA9mEtqvv4dhv7zBy4nK49OR+KpIBjItWB5kYvrqMLKBa32sMbgqqUqeF1ENXKjpvLSuPdfGJZA3dNa/+Dyb8GGqWe707zLyc5F8m MIICbDCCAdWgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBTMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRgwFgYDVQQDDA9pZHAuZXhhbXBsZS5jb20wHhcNMTQwOTIzMTIyNDA4WhcNNDIwMjA4MTIyNDA4WjBTMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRgwFgYDVQQDDA9pZHAuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOWA+YHU7cvPOrBOfxCscsYTJB+kH3MaA9BFrSHFS+KcR6cw7oPSktIJxUgvDpQbtfNcOkE/tuOPBDoech7AXfvH6d7Bw7xtW8PPJ2mB5Hn/HGW2roYhxmfh3tR5SdwN6i4ERVF8eLkvwCHsNQyK2Ref0DAJvpBNZMHCpS24916/AgMBAAGjUDBOMB0GA1UdDgQWBBQ77/qVeiigfhYDITplCNtJKZTM8DAfBgNVHSMEGDAWgBQ77/qVeiigfhYDITplCNtJKZTM8DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAJO2j/1uO80E5C2PM6Fk9mzerrbkxl7AZ/mvlbOn+sNZE+VZ1AntYuG8ekbJpJtG1YfRfc7EA9mEtqvv4dhv7zBy4nK49OR+KpIBjItWB5kYvrqMLKBa32sMbgqqUqeF1ENXKjpvLSuPdfGJZA3dNa/+Dyb8GGqWe707zLyc5F8m MIICbDCCAdWgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBTMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRgwFgYDVQQDDA9pZHAuZXhhbXBsZS5jb20wHhcNMTQwOTIzMTIyNDA4WhcNNDIwMjA4MTIyNDA4WjBTMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRgwFgYDVQQDDA9pZHAuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOWA+YHU7cvPOrBOfxCscsYTJB+kH3MaA9BFrSHFS+KcR6cw7oPSktIJxUgvDpQbtfNcOkE/tuOPBDoech7AXfvH6d7Bw7xtW8PPJ2mB5Hn/HGW2roYhxmfh3tR5SdwN6i4ERVF8eLkvwCHsNQyK2Ref0DAJvpBNZMHCpS24916/AgMBAAGjUDBOMB0GA1UdDgQWBBQ77/qVeiigfhYDITplCNtJKZTM8DAfBgNVHSMEGDAWgBQ77/qVeiigfhYDITplCNtJKZTM8DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAJO2j/1uO80E5C2PM6Fk9mzerrbkxl7AZ/mvlbOn+sNZE+VZ1AntYuG8ekbJpJtG1YfRfc7EA9mEtqvv4dhv7zBy4nK49OR+KpIBjItWB5kYvrqMLKBa32sMbgqqUqeF1ENXKjpvLSuPdfGJZA3dNa/+Dyb8GGqWe707zLyc5F8m MIICbDCCAdWgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBTMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRgwFgYDVQQDDA9pZHAuZXhhbXBsZS5jb20wHhcNMTQwOTIzMTIyNDA4WhcNNDIwMjA4MTIyNDA4WjBTMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRgwFgYDVQQDDA9pZHAuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOWA+YHU7cvPOrBOfxCscsYTJB+kH3MaA9BFrSHFS+KcR6cw7oPSktIJxUgvDpQbtfNcOkE/tuOPBDoech7AXfvH6d7Bw7xtW8PPJ2mB5Hn/HGW2roYhxmfh3tR5SdwN6i4ERVF8eLkvwCHsNQyK2Ref0DAJvpBNZMHCpS24916/AgMBAAGjUDBOMB0GA1UdDgQWBBQ77/qVeiigfhYDITplCNtJKZTM8DAfBgNVHSMEGDAWgBQ77/qVeiigfhYDITplCNtJKZTM8DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAJO2j/1uO80E5C2PM6Fk9mzerrbkxl7AZ/mvlbOn+sNZE+VZ1AntYuG8ekbJpJtG1YfRfc7EA9mEtqvv4dhv7zBy4nK49OR+KpIBjItWB5kYvrqMLKBa32sMbgqqUqeF1ENXKjpvLSuPdfGJZA3dNa/+Dyb8GGqWe707zLyc5F8m python3-saml-1.12.0/tests/data/metadata/expired_metadata_settings1.xml000066400000000000000000000055551410551756100260260ustar00rootroot00000000000000 MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOoMIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified python3-saml-1.12.0/tests/data/metadata/idp_metadata.xml000066400000000000000000000051631410551756100231340ustar00rootroot00000000000000 MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJVUzET MBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UEBwwMU2FudGEgTW9uaWNhMREwDwYD VQQKDAhPbmVMb2dpbjEZMBcGA1UEAwwQYXBwLm9uZWxvZ2luLmNvbTAeFw0xMzA2 MDUxNzE2MjBaFw0xODA2MDUxNzE2MjBaMGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQI DApDYWxpZm9ybmlhMRUwEwYDVQQHDAxTYW50YSBNb25pY2ExETAPBgNVBAoMCE9u ZUxvZ2luMRkwFwYDVQQDDBBhcHAub25lbG9naW4uY29tMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAse8rnep4qL2GmhH10pMQyJ2Jae+AQHyfgVjaQZ7Z 0QQog5jX91vcJRSMi0XWJnUtOr6lF0dq1+yckjZ92wyLrH+7fvngNO1aV4Mjk9sT gf+iqMrae6y6fRxDt9PXrEFVjvd3vv7QTJf2FuIPy4vVP06Dt8EMkQIr8rmLmU0m Tr1k2DkrdtdlCuNFTXuAu3QqfvNCRrRwfNObn9MP6JeOUdcGLJsBjGF8exfcN1SF zRF0JFr3dmOlx761zK5liD0T1sYWnDquatj/JD9fZMbKecBKni1NglH/LVd+b6aJ UAr5LulERULUjLqYJRKW31u91/4Qazdo9tbvwqyFxaoUrwIDAQABo4HUMIHRMAwG A1UdEwEB/wQCMAAwHQYDVR0OBBYEFPWcXvQSlTXnzZD2xziuoUvrrDedMIGRBgNV HSMEgYkwgYaAFPWcXvQSlTXnzZD2xziuoUvrrDedoWukaTBnMQswCQYDVQQGEwJV UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UEBwwMU2FudGEgTW9uaWNhMREw DwYDVQQKDAhPbmVMb2dpbjEZMBcGA1UEAwwQYXBwLm9uZWxvZ2luLmNvbYIBATAO BgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADggEBAB/8xe3rzqXQVxzHyAHu AuPa73ClDoL1cko0Fp8CGcqEIyj6Te9gx5z6wyfv+Lo8RFvBLlnB1lXqbC+fTGcV gG/4oKLJ5UwRFxInqpZPnOAudVNnd0PYOODn9FWs6u+OTIQIaIcPUv3MhB9lwHIJ sTk/bs9xcru5TPyLIxLLd6ib/pRceKH2mTkzUd0DYk9CQNXXeoGx/du5B9nh3ClP TbVakRzl3oswgI5MQIphYxkW70SopEh4kOFSRE1ND31NNIq1YrXlgtkguQBFsZWu QOPR6cEwFZzP0tHTYbI839WgxX6hfhIUTUz6mLqq4+3P4BG3+1OXeVDg63y8Uh78 1sE= urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress Support support@onelogin.com python3-saml-1.12.0/tests/data/metadata/idp_metadata2.xml000066400000000000000000000047721410551756100232230ustar00rootroot00000000000000 MIIDPDCCAiQCCQDydJgOlszqbzANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEQMA4GA1UEChMHSmFua3lDbzESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTE0MDMxMjE5NDYzM1oXDTI3MTExOTE5NDYzM1owYDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xEDAOBgNVBAoTB0phbmt5Q28xEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMGvJpRTTasRUSPqcbqCG+ZnTAurnu0vVpIG9lzExnh11o/BGmzu7lB+yLHcEdwrKBBmpepDBPCYxpVajvuEhZdKFx/Fdy6j5mH3rrW0Bh/zd36CoUNjbbhHyTjeM7FN2yF3u9lcyubuvOzr3B3gX66IwJlU46+wzcQVhSOlMk2tXR+fIKQExFrOuK9tbX3JIBUqItpI+HnAow509CnM134svw8PTFLkR6/CcMqnDfDK1m993PyoC1Y+N4X9XkhSmEQoAlAHPI5LHrvuujM13nvtoVYvKYoj7ScgumkpWNEvX652LfXOnKYlkB8ZybuxmFfIkzedQrbJsyOhfL03cMECAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAeHwzqwnzGEkxjzSD47imXaTqtYyETZow7XwBc0ZaFS50qRFJUgKTAmKS1xQBP/qHpStsROT35DUxJAE6NY1Kbq3ZbCuhGoSlY0L7VzVT5tpu4EY8+Dq/u2EjRmmhoL7UkskvIZ2n1DdERtd+YUMTeqYl9co43csZwDno/IKomeN5qaPc39IZjikJ+nUC6kPFKeu/3j9rgHNlRtocI6S1FdtFz9OZMQlpr0JbUt2T3xS/YoQJn6coDmJL5GTiiKM6cOe+Ur1VwzS1JEDbSS2TWWhzq8ojLdrotYLGd9JOsoQhElmz+tMfCFQUFLExinPAyy7YHlSiVX13QH2XTu/iQQ== urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress urn:oasis:names:tc:SAML:2.0:nameid-format:persistent urn:oasis:names:tc:SAML:2.0:nameid-format:transient python3-saml-1.12.0/tests/data/metadata/idp_metadata_different_sign_and_encrypt_cert.xml000066400000000000000000000105361410551756100316050ustar00rootroot00000000000000 MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJVUzET MBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UEBwwMU2FudGEgTW9uaWNhMREwDwYD VQQKDAhPbmVMb2dpbjEZMBcGA1UEAwwQYXBwLm9uZWxvZ2luLmNvbTAeFw0xMzA2 MDUxNzE2MjBaFw0xODA2MDUxNzE2MjBaMGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQI DApDYWxpZm9ybmlhMRUwEwYDVQQHDAxTYW50YSBNb25pY2ExETAPBgNVBAoMCE9u ZUxvZ2luMRkwFwYDVQQDDBBhcHAub25lbG9naW4uY29tMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAse8rnep4qL2GmhH10pMQyJ2Jae+AQHyfgVjaQZ7Z 0QQog5jX91vcJRSMi0XWJnUtOr6lF0dq1+yckjZ92wyLrH+7fvngNO1aV4Mjk9sT gf+iqMrae6y6fRxDt9PXrEFVjvd3vv7QTJf2FuIPy4vVP06Dt8EMkQIr8rmLmU0m Tr1k2DkrdtdlCuNFTXuAu3QqfvNCRrRwfNObn9MP6JeOUdcGLJsBjGF8exfcN1SF zRF0JFr3dmOlx761zK5liD0T1sYWnDquatj/JD9fZMbKecBKni1NglH/LVd+b6aJ UAr5LulERULUjLqYJRKW31u91/4Qazdo9tbvwqyFxaoUrwIDAQABo4HUMIHRMAwG A1UdEwEB/wQCMAAwHQYDVR0OBBYEFPWcXvQSlTXnzZD2xziuoUvrrDedMIGRBgNV HSMEgYkwgYaAFPWcXvQSlTXnzZD2xziuoUvrrDedoWukaTBnMQswCQYDVQQGEwJV UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UEBwwMU2FudGEgTW9uaWNhMREw DwYDVQQKDAhPbmVMb2dpbjEZMBcGA1UEAwwQYXBwLm9uZWxvZ2luLmNvbYIBATAO BgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADggEBAB/8xe3rzqXQVxzHyAHu AuPa73ClDoL1cko0Fp8CGcqEIyj6Te9gx5z6wyfv+Lo8RFvBLlnB1lXqbC+fTGcV gG/4oKLJ5UwRFxInqpZPnOAudVNnd0PYOODn9FWs6u+OTIQIaIcPUv3MhB9lwHIJ sTk/bs9xcru5TPyLIxLLd6ib/pRceKH2mTkzUd0DYk9CQNXXeoGx/du5B9nh3ClP TbVakRzl3oswgI5MQIphYxkW70SopEh4kOFSRE1ND31NNIq1YrXlgtkguQBFsZWu QOPR6cEwFZzP0tHTYbI839WgxX6hfhIUTUz6mLqq4+3P4BG3+1OXeVDg63y8Uh78 1sE= MIIEZTCCA02gAwIBAgIUPyy/A3bZAZ4m28PzEUUoT7RJhxIwDQYJKoZIhvcNAQEF BQAwcjELMAkGA1UEBhMCVVMxKzApBgNVBAoMIk9uZUxvZ2luIFRlc3QgKHNnYXJj aWEtdXMtcHJlcHJvZCkxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEfMB0GA1UEAwwW T25lTG9naW4gQWNjb3VudCA4OTE0NjAeFw0xNjA4MDQyMjI5MzdaFw0yMTA4MDUy MjI5MzdaMHIxCzAJBgNVBAYTAlVTMSswKQYDVQQKDCJPbmVMb2dpbiBUZXN0IChz Z2FyY2lhLXVzLXByZXByb2QpMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxHzAdBgNV BAMMFk9uZUxvZ2luIEFjY291bnQgODkxNDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDN6iqQGcLOCglNO42I2rkzE05UXSiMXT6c8ALThMMiaDw6qqzo 3sd/tKK+NcNKWLIIC8TozWVyh5ykUiVZps+08xil7VsTU7E+wKu3kvmOsvw2wlRw tnoKZJwYhnr+RkBa+h1r3ZYUgXm1ZPeHMKj1g18KaWz9+MxYL6BhKqrOzfW/P2xx VRcFH7/pq+ZsDdgNzD2GD+apzY4MZyZj/N6BpBWJ0GlFsmtBegpbX3LBitJuFkk5 L4/U/jjF1AJa3boBdCUVfATqO5G03H4XS1GySjBIRQXmlUF52rLjg6xCgWJ30/+t 1X+IHLJeixiQ0vxyh6C4/usCEt94cgD1r8ADAgMBAAGjgfIwge8wDAYDVR0TAQH/ BAIwADAdBgNVHQ4EFgQUPW0DcH0G3IwynWgi74co4wZ6n7gwga8GA1UdIwSBpzCB pIAUPW0DcH0G3IwynWgi74co4wZ6n7ihdqR0MHIxCzAJBgNVBAYTAlVTMSswKQYD VQQKDCJPbmVMb2dpbiBUZXN0IChzZ2FyY2lhLXVzLXByZXByb2QpMRUwEwYDVQQL DAxPbmVMb2dpbiBJZFAxHzAdBgNVBAMMFk9uZUxvZ2luIEFjY291bnQgODkxNDaC FD8svwN22QGeJtvD8xFFKE+0SYcSMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0B AQUFAAOCAQEAQhB4q9jrycwbHrDSoYR1X4LFFzvJ9Us75wQquRHXpdyS9D6HUBXM GI6ahPicXCQrfLgN8vzMIiqZqfySXXv/8/dxe/X4UsWLYKYJHDJmxXD5EmWTa65c hjkeP1oJAc8f3CKCpcP2lOBTthbnk2fEVAeLHR4xNdQO0VvGXWO9BliYPpkYqUIB vlm+Fg9mF7AM/Uagq2503XXIE1Lq//HON68P10vNMwLSKOtYLsoTiCnuIKGJqG37 MsZVjQ1ZPRcO+LSLkq0i91gFxrOrVCrgztX4JQi5XkvEsYZGIXXjwHqxTVyt3adZ WQO0LPxPqRiUqUzyhDhLo/xXNrHCu4VbMw== urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress Support support@onelogin.com python3-saml-1.12.0/tests/data/metadata/idp_metadata_multi_certs.xml000066400000000000000000000122131410551756100255400ustar00rootroot00000000000000 MIIEZTCCA02gAwIBAgIUPyy/A3bZAZ4m28PzEUUoT7RJhxIwDQYJKoZIhvcNAQEF BQAwcjELMAkGA1UEBhMCVVMxKzApBgNVBAoMIk9uZUxvZ2luIFRlc3QgKHNnYXJj aWEtdXMtcHJlcHJvZCkxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEfMB0GA1UEAwwW T25lTG9naW4gQWNjb3VudCA4OTE0NjAeFw0xNjA4MDQyMjI5MzdaFw0yMTA4MDUy MjI5MzdaMHIxCzAJBgNVBAYTAlVTMSswKQYDVQQKDCJPbmVMb2dpbiBUZXN0IChz Z2FyY2lhLXVzLXByZXByb2QpMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxHzAdBgNV BAMMFk9uZUxvZ2luIEFjY291bnQgODkxNDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDN6iqQGcLOCglNO42I2rkzE05UXSiMXT6c8ALThMMiaDw6qqzo 3sd/tKK+NcNKWLIIC8TozWVyh5ykUiVZps+08xil7VsTU7E+wKu3kvmOsvw2wlRw tnoKZJwYhnr+RkBa+h1r3ZYUgXm1ZPeHMKj1g18KaWz9+MxYL6BhKqrOzfW/P2xx VRcFH7/pq+ZsDdgNzD2GD+apzY4MZyZj/N6BpBWJ0GlFsmtBegpbX3LBitJuFkk5 L4/U/jjF1AJa3boBdCUVfATqO5G03H4XS1GySjBIRQXmlUF52rLjg6xCgWJ30/+t 1X+IHLJeixiQ0vxyh6C4/usCEt94cgD1r8ADAgMBAAGjgfIwge8wDAYDVR0TAQH/ BAIwADAdBgNVHQ4EFgQUPW0DcH0G3IwynWgi74co4wZ6n7gwga8GA1UdIwSBpzCB pIAUPW0DcH0G3IwynWgi74co4wZ6n7ihdqR0MHIxCzAJBgNVBAYTAlVTMSswKQYD VQQKDCJPbmVMb2dpbiBUZXN0IChzZ2FyY2lhLXVzLXByZXByb2QpMRUwEwYDVQQL DAxPbmVMb2dpbiBJZFAxHzAdBgNVBAMMFk9uZUxvZ2luIEFjY291bnQgODkxNDaC FD8svwN22QGeJtvD8xFFKE+0SYcSMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0B AQUFAAOCAQEAQhB4q9jrycwbHrDSoYR1X4LFFzvJ9Us75wQquRHXpdyS9D6HUBXM GI6ahPicXCQrfLgN8vzMIiqZqfySXXv/8/dxe/X4UsWLYKYJHDJmxXD5EmWTa65c hjkeP1oJAc8f3CKCpcP2lOBTthbnk2fEVAeLHR4xNdQO0VvGXWO9BliYPpkYqUIB vlm+Fg9mF7AM/Uagq2503XXIE1Lq//HON68P10vNMwLSKOtYLsoTiCnuIKGJqG37 MsZVjQ1ZPRcO+LSLkq0i91gFxrOrVCrgztX4JQi5XkvEsYZGIXXjwHqxTVyt3adZ WQO0LPxPqRiUqUzyhDhLo/xXNrHCu4VbMw== MIICZDCCAc2gAwIBAgIBADANBgkqhkiG9w0BAQ0FADBPMQswCQYDVQQGEwJ1czEUMBIGA1UECAwLZXhhbXBsZS5jb20xFDASBgNVBAoMC2V4YW1wbGUuY29tMRQwEgYDVQQDDAtleGFtcGxlLmNvbTAeFw0xNzA0MTUxNjMzMThaFw0xODA0MTUxNjMzMThaME8xCzAJBgNVBAYTAnVzMRQwEgYDVQQIDAtleGFtcGxlLmNvbTEUMBIGA1UECgwLZXhhbXBsZS5jb20xFDASBgNVBAMMC2V4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6GLkl5lDUZdHNDAojp5i24OoPlqrt5TGXJIPqAZYT1hQvJW5nv17MFDHrjmtEnmW4ACKEy0fAX80QWIcHunZSkbEGHb+NG/6oTi5RipXMvmHnfFnPJJ0AdtiLiPE478CV856gXekV4Xx5u3KrylcOgkpYsp0GMIQBDzleMUXlYQIDAQABo1AwTjAdBgNVHQ4EFgQUnP8vlYPGPL2n6ZzDYij2kMDC8wMwHwYDVR0jBBgwFoAUnP8vlYPGPL2n6ZzDYij2kMDC8wMwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOBgQAlQGAl+b8Cpot1g+65lLLjVoY7APJPWLW0klKQNlMU0s4MU+71Y3ExUEOXDAZgKcFoavb1fEOGMwEf38NaJAy1e/l6VNuixXShffq20ymqHQxOG0q8ujeNkgZF9k6XDfn/QZ3AD0o/IrCT7UMc/0QsfgIjWYxwCvp2syApc5CYfQ== MIIEZTCCA02gAwIBAgIUPyy/A3bZAZ4m28PzEUUoT7RJhxIwDQYJKoZIhvcNAQEF BQAwcjELMAkGA1UEBhMCVVMxKzApBgNVBAoMIk9uZUxvZ2luIFRlc3QgKHNnYXJj aWEtdXMtcHJlcHJvZCkxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEfMB0GA1UEAwwW T25lTG9naW4gQWNjb3VudCA4OTE0NjAeFw0xNjA4MDQyMjI5MzdaFw0yMTA4MDUy MjI5MzdaMHIxCzAJBgNVBAYTAlVTMSswKQYDVQQKDCJPbmVMb2dpbiBUZXN0IChz Z2FyY2lhLXVzLXByZXByb2QpMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxHzAdBgNV BAMMFk9uZUxvZ2luIEFjY291bnQgODkxNDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDN6iqQGcLOCglNO42I2rkzE05UXSiMXT6c8ALThMMiaDw6qqzo 3sd/tKK+NcNKWLIIC8TozWVyh5ykUiVZps+08xil7VsTU7E+wKu3kvmOsvw2wlRw tnoKZJwYhnr+RkBa+h1r3ZYUgXm1ZPeHMKj1g18KaWz9+MxYL6BhKqrOzfW/P2xx VRcFH7/pq+ZsDdgNzD2GD+apzY4MZyZj/N6BpBWJ0GlFsmtBegpbX3LBitJuFkk5 L4/U/jjF1AJa3boBdCUVfATqO5G03H4XS1GySjBIRQXmlUF52rLjg6xCgWJ30/+t 1X+IHLJeixiQ0vxyh6C4/usCEt94cgD1r8ADAgMBAAGjgfIwge8wDAYDVR0TAQH/ BAIwADAdBgNVHQ4EFgQUPW0DcH0G3IwynWgi74co4wZ6n7gwga8GA1UdIwSBpzCB pIAUPW0DcH0G3IwynWgi74co4wZ6n7ihdqR0MHIxCzAJBgNVBAYTAlVTMSswKQYD VQQKDCJPbmVMb2dpbiBUZXN0IChzZ2FyY2lhLXVzLXByZXByb2QpMRUwEwYDVQQL DAxPbmVMb2dpbiBJZFAxHzAdBgNVBAMMFk9uZUxvZ2luIEFjY291bnQgODkxNDaC FD8svwN22QGeJtvD8xFFKE+0SYcSMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0B AQUFAAOCAQEAQhB4q9jrycwbHrDSoYR1X4LFFzvJ9Us75wQquRHXpdyS9D6HUBXM GI6ahPicXCQrfLgN8vzMIiqZqfySXXv/8/dxe/X4UsWLYKYJHDJmxXD5EmWTa65c hjkeP1oJAc8f3CKCpcP2lOBTthbnk2fEVAeLHR4xNdQO0VvGXWO9BliYPpkYqUIB vlm+Fg9mF7AM/Uagq2503XXIE1Lq//HON68P10vNMwLSKOtYLsoTiCnuIKGJqG37 MsZVjQ1ZPRcO+LSLkq0i91gFxrOrVCrgztX4JQi5XkvEsYZGIXXjwHqxTVyt3adZ WQO0LPxPqRiUqUzyhDhLo/xXNrHCu4VbMw== urn:oasis:names:tc:SAML:2.0:nameid-format:transient python3-saml-1.12.0/tests/data/metadata/idp_metadata_multi_signing_certs.xml000066400000000000000000000122111410551756100272540ustar00rootroot00000000000000 MIIEZTCCA02gAwIBAgIUPyy/A3bZAZ4m28PzEUUoT7RJhxIwDQYJKoZIhvcNAQEF BQAwcjELMAkGA1UEBhMCVVMxKzApBgNVBAoMIk9uZUxvZ2luIFRlc3QgKHNnYXJj aWEtdXMtcHJlcHJvZCkxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEfMB0GA1UEAwwW T25lTG9naW4gQWNjb3VudCA4OTE0NjAeFw0xNjA4MDQyMjI5MzdaFw0yMTA4MDUy MjI5MzdaMHIxCzAJBgNVBAYTAlVTMSswKQYDVQQKDCJPbmVMb2dpbiBUZXN0IChz Z2FyY2lhLXVzLXByZXByb2QpMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxHzAdBgNV BAMMFk9uZUxvZ2luIEFjY291bnQgODkxNDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDN6iqQGcLOCglNO42I2rkzE05UXSiMXT6c8ALThMMiaDw6qqzo 3sd/tKK+NcNKWLIIC8TozWVyh5ykUiVZps+08xil7VsTU7E+wKu3kvmOsvw2wlRw tnoKZJwYhnr+RkBa+h1r3ZYUgXm1ZPeHMKj1g18KaWz9+MxYL6BhKqrOzfW/P2xx VRcFH7/pq+ZsDdgNzD2GD+apzY4MZyZj/N6BpBWJ0GlFsmtBegpbX3LBitJuFkk5 L4/U/jjF1AJa3boBdCUVfATqO5G03H4XS1GySjBIRQXmlUF52rLjg6xCgWJ30/+t 1X+IHLJeixiQ0vxyh6C4/usCEt94cgD1r8ADAgMBAAGjgfIwge8wDAYDVR0TAQH/ BAIwADAdBgNVHQ4EFgQUPW0DcH0G3IwynWgi74co4wZ6n7gwga8GA1UdIwSBpzCB pIAUPW0DcH0G3IwynWgi74co4wZ6n7ihdqR0MHIxCzAJBgNVBAYTAlVTMSswKQYD VQQKDCJPbmVMb2dpbiBUZXN0IChzZ2FyY2lhLXVzLXByZXByb2QpMRUwEwYDVQQL DAxPbmVMb2dpbiBJZFAxHzAdBgNVBAMMFk9uZUxvZ2luIEFjY291bnQgODkxNDaC FD8svwN22QGeJtvD8xFFKE+0SYcSMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0B AQUFAAOCAQEAQhB4q9jrycwbHrDSoYR1X4LFFzvJ9Us75wQquRHXpdyS9D6HUBXM GI6ahPicXCQrfLgN8vzMIiqZqfySXXv/8/dxe/X4UsWLYKYJHDJmxXD5EmWTa65c hjkeP1oJAc8f3CKCpcP2lOBTthbnk2fEVAeLHR4xNdQO0VvGXWO9BliYPpkYqUIB vlm+Fg9mF7AM/Uagq2503XXIE1Lq//HON68P10vNMwLSKOtYLsoTiCnuIKGJqG37 MsZVjQ1ZPRcO+LSLkq0i91gFxrOrVCrgztX4JQi5XkvEsYZGIXXjwHqxTVyt3adZ WQO0LPxPqRiUqUzyhDhLo/xXNrHCu4VbMw== MIICZDCCAc2gAwIBAgIBADANBgkqhkiG9w0BAQ0FADBPMQswCQYDVQQGEwJ1czEUMBIGA1UECAwLZXhhbXBsZS5jb20xFDASBgNVBAoMC2V4YW1wbGUuY29tMRQwEgYDVQQDDAtleGFtcGxlLmNvbTAeFw0xNzA0MTUxNjMzMThaFw0xODA0MTUxNjMzMThaME8xCzAJBgNVBAYTAnVzMRQwEgYDVQQIDAtleGFtcGxlLmNvbTEUMBIGA1UECgwLZXhhbXBsZS5jb20xFDASBgNVBAMMC2V4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6GLkl5lDUZdHNDAojp5i24OoPlqrt5TGXJIPqAZYT1hQvJW5nv17MFDHrjmtEnmW4ACKEy0fAX80QWIcHunZSkbEGHb+NG/6oTi5RipXMvmHnfFnPJJ0AdtiLiPE478CV856gXekV4Xx5u3KrylcOgkpYsp0GMIQBDzleMUXlYQIDAQABo1AwTjAdBgNVHQ4EFgQUnP8vlYPGPL2n6ZzDYij2kMDC8wMwHwYDVR0jBBgwFoAUnP8vlYPGPL2n6ZzDYij2kMDC8wMwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOBgQAlQGAl+b8Cpot1g+65lLLjVoY7APJPWLW0klKQNlMU0s4MU+71Y3ExUEOXDAZgKcFoavb1fEOGMwEf38NaJAy1e/l6VNuixXShffq20ymqHQxOG0q8ujeNkgZF9k6XDfn/QZ3AD0o/IrCT7UMc/0QsfgIjWYxwCvp2syApc5CYfQ== MIIEZTCCA02gAwIBAgIUPyy/A3bZAZ4m28PzEUUoT7RJhxIwDQYJKoZIhvcNAQEF BQAwcjELMAkGA1UEBhMCVVMxKzApBgNVBAoMIk9uZUxvZ2luIFRlc3QgKHNnYXJj aWEtdXMtcHJlcHJvZCkxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEfMB0GA1UEAwwW T25lTG9naW4gQWNjb3VudCA4OTE0NjAeFw0xNjA4MDQyMjI5MzdaFw0yMTA4MDUy MjI5MzdaMHIxCzAJBgNVBAYTAlVTMSswKQYDVQQKDCJPbmVMb2dpbiBUZXN0IChz Z2FyY2lhLXVzLXByZXByb2QpMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxHzAdBgNV BAMMFk9uZUxvZ2luIEFjY291bnQgODkxNDYwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDN6iqQGcLOCglNO42I2rkzE05UXSiMXT6c8ALThMMiaDw6qqzo 3sd/tKK+NcNKWLIIC8TozWVyh5ykUiVZps+08xil7VsTU7E+wKu3kvmOsvw2wlRw tnoKZJwYhnr+RkBa+h1r3ZYUgXm1ZPeHMKj1g18KaWz9+MxYL6BhKqrOzfW/P2xx VRcFH7/pq+ZsDdgNzD2GD+apzY4MZyZj/N6BpBWJ0GlFsmtBegpbX3LBitJuFkk5 L4/U/jjF1AJa3boBdCUVfATqO5G03H4XS1GySjBIRQXmlUF52rLjg6xCgWJ30/+t 1X+IHLJeixiQ0vxyh6C4/usCEt94cgD1r8ADAgMBAAGjgfIwge8wDAYDVR0TAQH/ BAIwADAdBgNVHQ4EFgQUPW0DcH0G3IwynWgi74co4wZ6n7gwga8GA1UdIwSBpzCB pIAUPW0DcH0G3IwynWgi74co4wZ6n7ihdqR0MHIxCzAJBgNVBAYTAlVTMSswKQYD VQQKDCJPbmVMb2dpbiBUZXN0IChzZ2FyY2lhLXVzLXByZXByb2QpMRUwEwYDVQQL DAxPbmVMb2dpbiBJZFAxHzAdBgNVBAMMFk9uZUxvZ2luIEFjY291bnQgODkxNDaC FD8svwN22QGeJtvD8xFFKE+0SYcSMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0B AQUFAAOCAQEAQhB4q9jrycwbHrDSoYR1X4LFFzvJ9Us75wQquRHXpdyS9D6HUBXM GI6ahPicXCQrfLgN8vzMIiqZqfySXXv/8/dxe/X4UsWLYKYJHDJmxXD5EmWTa65c hjkeP1oJAc8f3CKCpcP2lOBTthbnk2fEVAeLHR4xNdQO0VvGXWO9BliYPpkYqUIB vlm+Fg9mF7AM/Uagq2503XXIE1Lq//HON68P10vNMwLSKOtYLsoTiCnuIKGJqG37 MsZVjQ1ZPRcO+LSLkq0i91gFxrOrVCrgztX4JQi5XkvEsYZGIXXjwHqxTVyt3adZ WQO0LPxPqRiUqUzyhDhLo/xXNrHCu4VbMw== urn:oasis:names:tc:SAML:2.0:nameid-format:transient python3-saml-1.12.0/tests/data/metadata/idp_metadata_same_sign_and_encrypt_cert.xml000066400000000000000000000103751410551756100305650ustar00rootroot00000000000000 MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJVUzET MBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UEBwwMU2FudGEgTW9uaWNhMREwDwYD VQQKDAhPbmVMb2dpbjEZMBcGA1UEAwwQYXBwLm9uZWxvZ2luLmNvbTAeFw0xMzA2 MDUxNzE2MjBaFw0xODA2MDUxNzE2MjBaMGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQI DApDYWxpZm9ybmlhMRUwEwYDVQQHDAxTYW50YSBNb25pY2ExETAPBgNVBAoMCE9u ZUxvZ2luMRkwFwYDVQQDDBBhcHAub25lbG9naW4uY29tMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAse8rnep4qL2GmhH10pMQyJ2Jae+AQHyfgVjaQZ7Z 0QQog5jX91vcJRSMi0XWJnUtOr6lF0dq1+yckjZ92wyLrH+7fvngNO1aV4Mjk9sT gf+iqMrae6y6fRxDt9PXrEFVjvd3vv7QTJf2FuIPy4vVP06Dt8EMkQIr8rmLmU0m Tr1k2DkrdtdlCuNFTXuAu3QqfvNCRrRwfNObn9MP6JeOUdcGLJsBjGF8exfcN1SF zRF0JFr3dmOlx761zK5liD0T1sYWnDquatj/JD9fZMbKecBKni1NglH/LVd+b6aJ UAr5LulERULUjLqYJRKW31u91/4Qazdo9tbvwqyFxaoUrwIDAQABo4HUMIHRMAwG A1UdEwEB/wQCMAAwHQYDVR0OBBYEFPWcXvQSlTXnzZD2xziuoUvrrDedMIGRBgNV HSMEgYkwgYaAFPWcXvQSlTXnzZD2xziuoUvrrDedoWukaTBnMQswCQYDVQQGEwJV UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UEBwwMU2FudGEgTW9uaWNhMREw DwYDVQQKDAhPbmVMb2dpbjEZMBcGA1UEAwwQYXBwLm9uZWxvZ2luLmNvbYIBATAO BgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADggEBAB/8xe3rzqXQVxzHyAHu AuPa73ClDoL1cko0Fp8CGcqEIyj6Te9gx5z6wyfv+Lo8RFvBLlnB1lXqbC+fTGcV gG/4oKLJ5UwRFxInqpZPnOAudVNnd0PYOODn9FWs6u+OTIQIaIcPUv3MhB9lwHIJ sTk/bs9xcru5TPyLIxLLd6ib/pRceKH2mTkzUd0DYk9CQNXXeoGx/du5B9nh3ClP TbVakRzl3oswgI5MQIphYxkW70SopEh4kOFSRE1ND31NNIq1YrXlgtkguQBFsZWu QOPR6cEwFZzP0tHTYbI839WgxX6hfhIUTUz6mLqq4+3P4BG3+1OXeVDg63y8Uh78 1sE= MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJVUzET MBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UEBwwMU2FudGEgTW9uaWNhMREwDwYD VQQKDAhPbmVMb2dpbjEZMBcGA1UEAwwQYXBwLm9uZWxvZ2luLmNvbTAeFw0xMzA2 MDUxNzE2MjBaFw0xODA2MDUxNzE2MjBaMGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQI DApDYWxpZm9ybmlhMRUwEwYDVQQHDAxTYW50YSBNb25pY2ExETAPBgNVBAoMCE9u ZUxvZ2luMRkwFwYDVQQDDBBhcHAub25lbG9naW4uY29tMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAse8rnep4qL2GmhH10pMQyJ2Jae+AQHyfgVjaQZ7Z 0QQog5jX91vcJRSMi0XWJnUtOr6lF0dq1+yckjZ92wyLrH+7fvngNO1aV4Mjk9sT gf+iqMrae6y6fRxDt9PXrEFVjvd3vv7QTJf2FuIPy4vVP06Dt8EMkQIr8rmLmU0m Tr1k2DkrdtdlCuNFTXuAu3QqfvNCRrRwfNObn9MP6JeOUdcGLJsBjGF8exfcN1SF zRF0JFr3dmOlx761zK5liD0T1sYWnDquatj/JD9fZMbKecBKni1NglH/LVd+b6aJ UAr5LulERULUjLqYJRKW31u91/4Qazdo9tbvwqyFxaoUrwIDAQABo4HUMIHRMAwG A1UdEwEB/wQCMAAwHQYDVR0OBBYEFPWcXvQSlTXnzZD2xziuoUvrrDedMIGRBgNV HSMEgYkwgYaAFPWcXvQSlTXnzZD2xziuoUvrrDedoWukaTBnMQswCQYDVQQGEwJV UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UEBwwMU2FudGEgTW9uaWNhMREw DwYDVQQKDAhPbmVMb2dpbjEZMBcGA1UEAwwQYXBwLm9uZWxvZ2luLmNvbYIBATAO BgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADggEBAB/8xe3rzqXQVxzHyAHu AuPa73ClDoL1cko0Fp8CGcqEIyj6Te9gx5z6wyfv+Lo8RFvBLlnB1lXqbC+fTGcV gG/4oKLJ5UwRFxInqpZPnOAudVNnd0PYOODn9FWs6u+OTIQIaIcPUv3MhB9lwHIJ sTk/bs9xcru5TPyLIxLLd6ib/pRceKH2mTkzUd0DYk9CQNXXeoGx/du5B9nh3ClP TbVakRzl3oswgI5MQIphYxkW70SopEh4kOFSRE1ND31NNIq1YrXlgtkguQBFsZWu QOPR6cEwFZzP0tHTYbI839WgxX6hfhIUTUz6mLqq4+3P4BG3+1OXeVDg63y8Uh78 1sE= urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress Support support@onelogin.com python3-saml-1.12.0/tests/data/metadata/idp_multiple_descriptors.xml000066400000000000000000000252411410551756100256270ustar00rootroot00000000000000 LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURxekNDQXhTZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBRENCaGpFTE1Ba0dBMVVFQmhNQ1FWVXgKRERBS0JnTlZCQWdUQTA1VFZ6RVBNQTBHQTFVRUJ4TUdVM2xrYm1WNU1Rd3dDZ1lEVlFRS0RBTlFTVlF4Q1RBSApCZ05WQkFzTUFERVlNQllHQTFVRUF3d1BiR0YzY21WdVkyVndhWFF1WTI5dE1TVXdJd1lKS29aSWh2Y05BUWtCCkRCWnNZWGR5Wlc1alpTNXdhWFJBWjIxaGFXd3VZMjl0TUI0WERURXlNRFF4T1RJeU5UUXhPRm9YRFRNeU1EUXgKTkRJeU5UUXhPRm93Z1lZeEN6QUpCZ05WQkFZVEFrRlZNUXd3Q2dZRFZRUUlFd05PVTFjeER6QU5CZ05WQkFjVApCbE41Wkc1bGVURU1NQW9HQTFVRUNnd0RVRWxVTVFrd0J3WURWUVFMREFBeEdEQVdCZ05WQkFNTUQyeGhkM0psCmJtTmxjR2wwTG1OdmJURWxNQ01HQ1NxR1NJYjNEUUVKQVF3V2JHRjNjbVZ1WTJVdWNHbDBRR2R0WVdsc0xtTnYKYlRDQm56QU5CZ2txaGtpRzl3MEJBUUVGQUFPQmpRQXdnWWtDZ1lFQXFqaWUzUjJvaStwRGFldndJeXMvbWJVVApubkdsa3h0ZGlrcnExMXZleHd4SmlQTmhtaHFSVzNtVXVKRXpsbElkVkw2RW14R1lUcXBxZjkzSGxoa3NhZUowCjhVZ2pQOVVtTVlyaFZKdTFqY0ZXVjdmei9yKzIxL2F3VG5EVjlzTVlRcXVJUllZeTdiRzByMU9iaXdkb3ZudGsKN2dGSTA2WjB2WmFjREU1Ym9xVUNBd0VBQWFPQ0FTVXdnZ0VoTUFrR0ExVWRFd1FDTUFBd0N3WURWUjBQQkFRRApBZ1VnTUIwR0ExVWREZ1FXQkJTUk9OOEdKOG8rOGpnRnRqa3R3WmRxeDZCUnlUQVRCZ05WSFNVRUREQUtCZ2dyCkJnRUZCUWNEQVRBZEJnbGdoa2dCaHZoQ0FRMEVFQllPVkdWemRDQllOVEE1SUdObGNuUXdnYk1HQTFVZEl3U0IKcXpDQnFJQVVrVGpmQmlmS1B2STRCYlk1TGNHWGFzZWdVY21oZ1l5a2dZa3dnWVl4Q3pBSkJnTlZCQVlUQWtGVgpNUXd3Q2dZRFZRUUlFd05PVTFjeER6QU5CZ05WQkFjVEJsTjVaRzVsZVRFTU1Bb0dBMVVFQ2d3RFVFbFVNUWt3CkJ3WURWUVFMREFBeEdEQVdCZ05WQkFNTUQyeGhkM0psYm1ObGNHbDBMbU52YlRFbE1DTUdDU3FHU0liM0RRRUoKQVF3V2JHRjNjbVZ1WTJVdWNHbDBRR2R0WVdsc0xtTnZiWUlCQVRBTkJna3Foa2lHOXcwQkFRc0ZBQU9CZ1FDRQpUQWVKVERTQVc2ejFVRlRWN1FyZWg0VUxGT1JhajkrZUN1RjNLV0RIYyswSVFDajlyZG5ERzRRL3dmNy9yYVEwCkpuUFFDU0NkclBMSmV5b1BIN1FhVHdvYUY3ZHpWdzRMQ3N5TkpURld4NGNNNTBWdzZSNWZET2dpQzhic2ZmUzgKQkptb3VscnJaRE5OVmpHOG1XNmNMeHJZdlZRT3JSVmVjQ0ZJZ3NzQ2JBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURxekNDQXhTZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBRENCaGpFTE1Ba0dBMVVFQmhNQ1FWVXgKRERBS0JnTlZCQWdUQTA1VFZ6RVBNQTBHQTFVRUJ4TUdVM2xrYm1WNU1Rd3dDZ1lEVlFRS0RBTlFTVlF4Q1RBSApCZ05WQkFzTUFERVlNQllHQTFVRUF3d1BiR0YzY21WdVkyVndhWFF1WTI5dE1TVXdJd1lKS29aSWh2Y05BUWtCCkRCWnNZWGR5Wlc1alpTNXdhWFJBWjIxaGFXd3VZMjl0TUI0WERURXlNRFF4T1RJeU5UUXhPRm9YRFRNeU1EUXgKTkRJeU5UUXhPRm93Z1lZeEN6QUpCZ05WQkFZVEFrRlZNUXd3Q2dZRFZRUUlFd05PVTFjeER6QU5CZ05WQkFjVApCbE41Wkc1bGVURU1NQW9HQTFVRUNnd0RVRWxVTVFrd0J3WURWUVFMREFBeEdEQVdCZ05WQkFNTUQyeGhkM0psCmJtTmxjR2wwTG1OdmJURWxNQ01HQ1NxR1NJYjNEUUVKQVF3V2JHRjNjbVZ1WTJVdWNHbDBRR2R0WVdsc0xtTnYKYlRDQm56QU5CZ2txaGtpRzl3MEJBUUVGQUFPQmpRQXdnWWtDZ1lFQXFqaWUzUjJvaStwRGFldndJeXMvbWJVVApubkdsa3h0ZGlrcnExMXZleHd4SmlQTmhtaHFSVzNtVXVKRXpsbElkVkw2RW14R1lUcXBxZjkzSGxoa3NhZUowCjhVZ2pQOVVtTVlyaFZKdTFqY0ZXVjdmei9yKzIxL2F3VG5EVjlzTVlRcXVJUllZeTdiRzByMU9iaXdkb3ZudGsKN2dGSTA2WjB2WmFjREU1Ym9xVUNBd0VBQWFPQ0FTVXdnZ0VoTUFrR0ExVWRFd1FDTUFBd0N3WURWUjBQQkFRRApBZ1VnTUIwR0ExVWREZ1FXQkJTUk9OOEdKOG8rOGpnRnRqa3R3WmRxeDZCUnlUQVRCZ05WSFNVRUREQUtCZ2dyCkJnRUZCUWNEQVRBZEJnbGdoa2dCaHZoQ0FRMEVFQllPVkdWemRDQllOVEE1SUdObGNuUXdnYk1HQTFVZEl3U0IKcXpDQnFJQVVrVGpmQmlmS1B2STRCYlk1TGNHWGFzZWdVY21oZ1l5a2dZa3dnWVl4Q3pBSkJnTlZCQVlUQWtGVgpNUXd3Q2dZRFZRUUlFd05PVTFjeER6QU5CZ05WQkFjVEJsTjVaRzVsZVRFTU1Bb0dBMVVFQ2d3RFVFbFVNUWt3CkJ3WURWUVFMREFBeEdEQVdCZ05WQkFNTUQyeGhkM0psYm1ObGNHbDBMbU52YlRFbE1DTUdDU3FHU0liM0RRRUoKQVF3V2JHRjNjbVZ1WTJVdWNHbDBRR2R0WVdsc0xtTnZiWUlCQVRBTkJna3Foa2lHOXcwQkFRc0ZBQU9CZ1FDRQpUQWVKVERTQVc2ejFVRlRWN1FyZWg0VUxGT1JhajkrZUN1RjNLV0RIYyswSVFDajlyZG5ERzRRL3dmNy9yYVEwCkpuUFFDU0NkclBMSmV5b1BIN1FhVHdvYUY3ZHpWdzRMQ3N5TkpURld4NGNNNTBWdzZSNWZET2dpQzhic2ZmUzgKQkptb3VscnJaRE5OVmpHOG1XNmNMeHJZdlZRT3JSVmVjQ0ZJZ3NzQ2JBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress urn:oasis:names:tc:SAML:2.0:nameid-format:persistent LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURxekNDQXhTZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBRENCaGpFTE1Ba0dBMVVFQmhNQ1FWVXgKRERBS0JnTlZCQWdUQTA1VFZ6RVBNQTBHQTFVRUJ4TUdVM2xrYm1WNU1Rd3dDZ1lEVlFRS0RBTlFTVlF4Q1RBSApCZ05WQkFzTUFERVlNQllHQTFVRUF3d1BiR0YzY21WdVkyVndhWFF1WTI5dE1TVXdJd1lKS29aSWh2Y05BUWtCCkRCWnNZWGR5Wlc1alpTNXdhWFJBWjIxaGFXd3VZMjl0TUI0WERURXlNRFF4T1RJeU5UUXhPRm9YRFRNeU1EUXgKTkRJeU5UUXhPRm93Z1lZeEN6QUpCZ05WQkFZVEFrRlZNUXd3Q2dZRFZRUUlFd05PVTFjeER6QU5CZ05WQkFjVApCbE41Wkc1bGVURU1NQW9HQTFVRUNnd0RVRWxVTVFrd0J3WURWUVFMREFBeEdEQVdCZ05WQkFNTUQyeGhkM0psCmJtTmxjR2wwTG1OdmJURWxNQ01HQ1NxR1NJYjNEUUVKQVF3V2JHRjNjbVZ1WTJVdWNHbDBRR2R0WVdsc0xtTnYKYlRDQm56QU5CZ2txaGtpRzl3MEJBUUVGQUFPQmpRQXdnWWtDZ1lFQXFqaWUzUjJvaStwRGFldndJeXMvbWJVVApubkdsa3h0ZGlrcnExMXZleHd4SmlQTmhtaHFSVzNtVXVKRXpsbElkVkw2RW14R1lUcXBxZjkzSGxoa3NhZUowCjhVZ2pQOVVtTVlyaFZKdTFqY0ZXVjdmei9yKzIxL2F3VG5EVjlzTVlRcXVJUllZeTdiRzByMU9iaXdkb3ZudGsKN2dGSTA2WjB2WmFjREU1Ym9xVUNBd0VBQWFPQ0FTVXdnZ0VoTUFrR0ExVWRFd1FDTUFBd0N3WURWUjBQQkFRRApBZ1VnTUIwR0ExVWREZ1FXQkJTUk9OOEdKOG8rOGpnRnRqa3R3WmRxeDZCUnlUQVRCZ05WSFNVRUREQUtCZ2dyCkJnRUZCUWNEQVRBZEJnbGdoa2dCaHZoQ0FRMEVFQllPVkdWemRDQllOVEE1SUdObGNuUXdnYk1HQTFVZEl3U0IKcXpDQnFJQVVrVGpmQmlmS1B2STRCYlk1TGNHWGFzZWdVY21oZ1l5a2dZa3dnWVl4Q3pBSkJnTlZCQVlUQWtGVgpNUXd3Q2dZRFZRUUlFd05PVTFjeER6QU5CZ05WQkFjVEJsTjVaRzVsZVRFTU1Bb0dBMVVFQ2d3RFVFbFVNUWt3CkJ3WURWUVFMREFBeEdEQVdCZ05WQkFNTUQyeGhkM0psYm1ObGNHbDBMbU52YlRFbE1DTUdDU3FHU0liM0RRRUoKQVF3V2JHRjNjbVZ1WTJVdWNHbDBRR2R0WVdsc0xtTnZiWUlCQVRBTkJna3Foa2lHOXcwQkFRc0ZBQU9CZ1FDRQpUQWVKVERTQVc2ejFVRlRWN1FyZWg0VUxGT1JhajkrZUN1RjNLV0RIYyswSVFDajlyZG5ERzRRL3dmNy9yYVEwCkpuUFFDU0NkclBMSmV5b1BIN1FhVHdvYUY3ZHpWdzRMQ3N5TkpURld4NGNNNTBWdzZSNWZET2dpQzhic2ZmUzgKQkptb3VscnJaRE5OVmpHOG1XNmNMeHJZdlZRT3JSVmVjQ0ZJZ3NzQ2JBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURxekNDQXhTZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBRENCaGpFTE1Ba0dBMVVFQmhNQ1FWVXgKRERBS0JnTlZCQWdUQTA1VFZ6RVBNQTBHQTFVRUJ4TUdVM2xrYm1WNU1Rd3dDZ1lEVlFRS0RBTlFTVlF4Q1RBSApCZ05WQkFzTUFERVlNQllHQTFVRUF3d1BiR0YzY21WdVkyVndhWFF1WTI5dE1TVXdJd1lKS29aSWh2Y05BUWtCCkRCWnNZWGR5Wlc1alpTNXdhWFJBWjIxaGFXd3VZMjl0TUI0WERURXlNRFF4T1RJeU5UUXhPRm9YRFRNeU1EUXgKTkRJeU5UUXhPRm93Z1lZeEN6QUpCZ05WQkFZVEFrRlZNUXd3Q2dZRFZRUUlFd05PVTFjeER6QU5CZ05WQkFjVApCbE41Wkc1bGVURU1NQW9HQTFVRUNnd0RVRWxVTVFrd0J3WURWUVFMREFBeEdEQVdCZ05WQkFNTUQyeGhkM0psCmJtTmxjR2wwTG1OdmJURWxNQ01HQ1NxR1NJYjNEUUVKQVF3V2JHRjNjbVZ1WTJVdWNHbDBRR2R0WVdsc0xtTnYKYlRDQm56QU5CZ2txaGtpRzl3MEJBUUVGQUFPQmpRQXdnWWtDZ1lFQXFqaWUzUjJvaStwRGFldndJeXMvbWJVVApubkdsa3h0ZGlrcnExMXZleHd4SmlQTmhtaHFSVzNtVXVKRXpsbElkVkw2RW14R1lUcXBxZjkzSGxoa3NhZUowCjhVZ2pQOVVtTVlyaFZKdTFqY0ZXVjdmei9yKzIxL2F3VG5EVjlzTVlRcXVJUllZeTdiRzByMU9iaXdkb3ZudGsKN2dGSTA2WjB2WmFjREU1Ym9xVUNBd0VBQWFPQ0FTVXdnZ0VoTUFrR0ExVWRFd1FDTUFBd0N3WURWUjBQQkFRRApBZ1VnTUIwR0ExVWREZ1FXQkJTUk9OOEdKOG8rOGpnRnRqa3R3WmRxeDZCUnlUQVRCZ05WSFNVRUREQUtCZ2dyCkJnRUZCUWNEQVRBZEJnbGdoa2dCaHZoQ0FRMEVFQllPVkdWemRDQllOVEE1SUdObGNuUXdnYk1HQTFVZEl3U0IKcXpDQnFJQVVrVGpmQmlmS1B2STRCYlk1TGNHWGFzZWdVY21oZ1l5a2dZa3dnWVl4Q3pBSkJnTlZCQVlUQWtGVgpNUXd3Q2dZRFZRUUlFd05PVTFjeER6QU5CZ05WQkFjVEJsTjVaRzVsZVRFTU1Bb0dBMVVFQ2d3RFVFbFVNUWt3CkJ3WURWUVFMREFBeEdEQVdCZ05WQkFNTUQyeGhkM0psYm1ObGNHbDBMbU52YlRFbE1DTUdDU3FHU0liM0RRRUoKQVF3V2JHRjNjbVZ1WTJVdWNHbDBRR2R0WVdsc0xtTnZiWUlCQVRBTkJna3Foa2lHOXcwQkFRc0ZBQU9CZ1FDRQpUQWVKVERTQVc2ejFVRlRWN1FyZWg0VUxGT1JhajkrZUN1RjNLV0RIYyswSVFDajlyZG5ERzRRL3dmNy9yYVEwCkpuUFFDU0NkclBMSmV5b1BIN1FhVHdvYUY3ZHpWdzRMQ3N5TkpURld4NGNNNTBWdzZSNWZET2dpQzhic2ZmUzgKQkptb3VscnJaRE5OVmpHOG1XNmNMeHJZdlZRT3JSVmVjQ0ZJZ3NzQ2JBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress urn:oasis:names:tc:SAML:2.0:nameid-format:persistent python3-saml-1.12.0/tests/data/metadata/metadata_bad_order_settings1.xml000066400000000000000000000017341410551756100263020ustar00rootroot00000000000000 urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified python3-saml-1.12.0/tests/data/metadata/metadata_settings1.xml000066400000000000000000000017341410551756100243010ustar00rootroot00000000000000 urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified python3-saml-1.12.0/tests/data/metadata/no_expiration_mark_metadata.xml000066400000000000000000000015621410551756100262470ustar00rootroot00000000000000 urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified python3-saml-1.12.0/tests/data/metadata/noentity_metadata_settings1.xml000066400000000000000000000055571410551756100262410ustar00rootroot00000000000000 MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOoMIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified python3-saml-1.12.0/tests/data/metadata/signed_metadata_settings1.xml000066400000000000000000000125701410551756100256320ustar00rootroot00000000000000 +FoWTQxwj75/mQK600oN7ZobfqU=lm/ZJWEoAOeBD+bqimMLJEECySqYSRkcJ5KVU8mKORh044go2YSN5MLyJe9772506FsWf9UxCMV+EhBl7wj4k1E1/SAXQ3GhdWr8qTTBZ4QiVSeB/ReqFQaD/W0vlrYLwu1f+hMoEGdalqsFOetjBSsuiRi3n6qHY2x3ePIXCXY= MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress sp_test SP test http://sp.example.com technical_name technical@example.com support_name support@example.com python3-saml-1.12.0/tests/data/metadata/signed_metadata_settings2.xml000066400000000000000000000120071410551756100256260ustar00rootroot00000000000000 q+ufWp5Xleex2jt5NJHoLUORbyc=WIL36kstHjnFnHRc78dVDVL2htsi4GVOOUDXby7ht77aJbe4nknoES6eqvMgiznL QX3nIeJBkfLtnl2i3dh7mk1RBsFS7G3R00u7ADW+8GqkLMn/Tl7+qaRi6/iiCScs l/TrnoiY/emDNREboGVgts99NHSF53COW5tSnUwqNAg= MIICbDCCAdWgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBTMQswCQYDVQQGEwJ1czET MBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRgwFgYD VQQDDA9pZHAuZXhhbXBsZS5jb20wHhcNMTQwOTIzMTIyNDA4WhcNNDIwMjA4MTIy NDA4WjBTMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UE CgwMT25lbG9naW4gSW5jMRgwFgYDVQQDDA9pZHAuZXhhbXBsZS5jb20wgZ8wDQYJ KoZIhvcNAQEBBQADgY0AMIGJAoGBAOWA+YHU7cvPOrBOfxCscsYTJB+kH3MaA9BF rSHFS+KcR6cw7oPSktIJxUgvDpQbtfNcOkE/tuOPBDoech7AXfvH6d7Bw7xtW8PP J2mB5Hn/HGW2roYhxmfh3tR5SdwN6i4ERVF8eLkvwCHsNQyK2Ref0DAJvpBNZMHC pS24916/AgMBAAGjUDBOMB0GA1UdDgQWBBQ77/qVeiigfhYDITplCNtJKZTM8DAf BgNVHSMEGDAWgBQ77/qVeiigfhYDITplCNtJKZTM8DAMBgNVHRMEBTADAQH/MA0G CSqGSIb3DQEBDQUAA4GBAJO2j/1uO80E5C2PM6Fk9mzerrbkxl7AZ/mvlbOn+sNZ E+VZ1AntYuG8ekbJpJtG1YfRfc7EA9mEtqvv4dhv7zBy4nK49OR+KpIBjItWB5kY vrqMLKBa32sMbgqqUqeF1ENXKjpvLSuPdfGJZA3dNa/+Dyb8GGqWe707zLyc5F8m MIICbDCCAdWgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBTMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRgwFgYDVQQDDA9pZHAuZXhhbXBsZS5jb20wHhcNMTQwOTIzMTIyNDA4WhcNNDIwMjA4MTIyNDA4WjBTMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRgwFgYDVQQDDA9pZHAuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOWA+YHU7cvPOrBOfxCscsYTJB+kH3MaA9BFrSHFS+KcR6cw7oPSktIJxUgvDpQbtfNcOkE/tuOPBDoech7AXfvH6d7Bw7xtW8PPJ2mB5Hn/HGW2roYhxmfh3tR5SdwN6i4ERVF8eLkvwCHsNQyK2Ref0DAJvpBNZMHCpS24916/AgMBAAGjUDBOMB0GA1UdDgQWBBQ77/qVeiigfhYDITplCNtJKZTM8DAfBgNVHSMEGDAWgBQ77/qVeiigfhYDITplCNtJKZTM8DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAJO2j/1uO80E5C2PM6Fk9mzerrbkxl7AZ/mvlbOn+sNZE+VZ1AntYuG8ekbJpJtG1YfRfc7EA9mEtqvv4dhv7zBy4nK49OR+KpIBjItWB5kYvrqMLKBa32sMbgqqUqeF1ENXKjpvLSuPdfGJZA3dNa/+Dyb8GGqWe707zLyc5F8mMIICbDCCAdWgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBTMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRgwFgYDVQQDDA9pZHAuZXhhbXBsZS5jb20wHhcNMTQwOTIzMTIyNDA4WhcNNDIwMjA4MTIyNDA4WjBTMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRgwFgYDVQQDDA9pZHAuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOWA+YHU7cvPOrBOfxCscsYTJB+kH3MaA9BFrSHFS+KcR6cw7oPSktIJxUgvDpQbtfNcOkE/tuOPBDoech7AXfvH6d7Bw7xtW8PPJ2mB5Hn/HGW2roYhxmfh3tR5SdwN6i4ERVF8eLkvwCHsNQyK2Ref0DAJvpBNZMHCpS24916/AgMBAAGjUDBOMB0GA1UdDgQWBBQ77/qVeiigfhYDITplCNtJKZTM8DAfBgNVHSMEGDAWgBQ77/qVeiigfhYDITplCNtJKZTM8DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAJO2j/1uO80E5C2PM6Fk9mzerrbkxl7AZ/mvlbOn+sNZE+VZ1AntYuG8ekbJpJtG1YfRfc7EA9mEtqvv4dhv7zBy4nK49OR+KpIBjItWB5kYvrqMLKBa32sMbgqqUqeF1ENXKjpvLSuPdfGJZA3dNa/+Dyb8GGqWe707zLyc5F8m urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified sp_test SP test http://sp.example.com technical_name technical@example.com support_name support@example.com python3-saml-1.12.0/tests/data/metadata/testshib-providers.xml000066400000000000000000000471741410551756100243700ustar00rootroot00000000000000 testshib.org TestShib Test IdP TestShib IdP. Use this as a source of attributes for your test SP. https://www.testshib.org/testshibtwo.jpg MIIDAzCCAeugAwIBAgIVAPX0G6LuoXnKS0Muei006mVSBXbvMA0GCSqGSIb3DQEB CwUAMBsxGTAXBgNVBAMMEGlkcC50ZXN0c2hpYi5vcmcwHhcNMTYwODIzMjEyMDU0 WhcNMzYwODIzMjEyMDU0WjAbMRkwFwYDVQQDDBBpZHAudGVzdHNoaWIub3JnMIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9C4J2DiRTEhJAWzPt1S3ryh m3M2P3hPpwJwvt2q948vdTUxhhvNMuc3M3S4WNh6JYBs53R+YmjqJAII4ShMGNEm lGnSVfHorex7IxikpuDPKV3SNf28mCAZbQrX+hWA+ann/uifVzqXktOjs6DdzdBn xoVhniXgC8WCJwKcx6JO/hHsH1rG/0DSDeZFpTTcZHj4S9MlLNUtt5JxRzV/MmmB 3ObaX0CMqsSWUOQeE4nylSlp5RWHCnx70cs9kwz5WrflnbnzCeHU2sdbNotBEeTH ot6a2cj/pXlRJIgPsrL/4VSicPZcGYMJMPoLTJ8mdy6mpR6nbCmP7dVbCIm/DQID AQABoz4wPDAdBgNVHQ4EFgQUUfaDa2mPi24x09yWp1OFXmZ2GPswGwYDVR0RBBQw EoIQaWRwLnRlc3RzaGliLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEASKKgqTxhqBzR OZ1eVy++si+eTTUQZU4+8UywSKLia2RattaAPMAcXUjO+3cYOQXLVASdlJtt+8QP dRkfp8SiJemHPXC8BES83pogJPYEGJsKo19l4XFJHPnPy+Dsn3mlJyOfAa8RyWBS 80u5lrvAcr2TJXt9fXgkYs7BOCigxtZoR8flceGRlAZ4p5FPPxQR6NDYb645jtOT MVr3zgfjP6Wh2dt+2p04LG7ENJn8/gEwtXVuXCsPoSCDx9Y0QmyXTJNdV1aB0AhO RkWPlFYwp+zOyOIR+3m1+pqWFpn0eT/HrxpdKa74FA3R2kq4R7dXe4G0kUgXTdqX MLRKhDgdmA== urn:mace:shibboleth:1.0:nameIdentifier urn:oasis:names:tc:SAML:2.0:nameid-format:transient MIIEDjCCAvagAwIBAgIBADANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJVUzEV MBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYDVQQHEwpQaXR0c2J1cmdoMREwDwYD VQQKEwhUZXN0U2hpYjEZMBcGA1UEAxMQaWRwLnRlc3RzaGliLm9yZzAeFw0wNjA4 MzAyMTEyMjVaFw0xNjA4MjcyMTEyMjVaMGcxCzAJBgNVBAYTAlVTMRUwEwYDVQQI EwxQZW5uc3lsdmFuaWExEzARBgNVBAcTClBpdHRzYnVyZ2gxETAPBgNVBAoTCFRl c3RTaGliMRkwFwYDVQQDExBpZHAudGVzdHNoaWIub3JnMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEArYkCGuTmJp9eAOSGHwRJo1SNatB5ZOKqDM9ysg7C yVTDClcpu93gSP10nH4gkCZOlnESNgttg0r+MqL8tfJC6ybddEFB3YBo8PZajKSe 3OQ01Ow3yT4I+Wdg1tsTpSge9gEz7SrC07EkYmHuPtd71CHiUaCWDv+xVfUQX0aT NPFmDixzUjoYzbGDrtAyCqA8f9CN2txIfJnpHE6q6CmKcoLADS4UrNPlhHSzd614 kR/JYiks0K4kbRqCQF0Dv0P5Di+rEfefC6glV8ysC8dB5/9nb0yh/ojRuJGmgMWH gWk6h0ihjihqiu4jACovUZ7vVOCgSE5Ipn7OIwqd93zp2wIDAQABo4HEMIHBMB0G A1UdDgQWBBSsBQ869nh83KqZr5jArr4/7b+QazCBkQYDVR0jBIGJMIGGgBSsBQ86 9nh83KqZr5jArr4/7b+Qa6FrpGkwZzELMAkGA1UEBhMCVVMxFTATBgNVBAgTDFBl bm5zeWx2YW5pYTETMBEGA1UEBxMKUGl0dHNidXJnaDERMA8GA1UEChMIVGVzdFNo aWIxGTAXBgNVBAMTEGlkcC50ZXN0c2hpYi5vcmeCAQAwDAYDVR0TBAUwAwEB/zAN BgkqhkiG9w0BAQUFAAOCAQEAjR29PhrCbk8qLN5MFfSVk98t3CT9jHZoYxd8QMRL I4j7iYQxXiGJTT1FXs1nd4Rha9un+LqTfeMMYqISdDDI6tv8iNpkOAvZZUosVkUo 93pv1T0RPz35hcHHYq2yee59HJOco2bFlcsH8JBXRSRrJ3Q7Eut+z9uo80JdGNJ4 /SJy5UorZ8KazGj16lfJhOBXldgrhppQBb0Nq6HKHguqmwRfJ+WkxemZXzhediAj Geka8nz8JjwxpUjAiSWYKLtJhGEaTqCYxCCX2Dw+dOTqUzHOZ7WKv4JXPK5G/Uhr 8K/qhmFT2nIQi538n6rVYLeWj8Bbnl+ev0peYzxFyF5sQA== urn:mace:shibboleth:1.0:nameIdentifier urn:oasis:names:tc:SAML:2.0:nameid-format:transient TestShib Two Identity Provider TestShib Two http://www.testshib.org/testshib-two/ Nate Klingenstein ndk@internet2.edu TestShib Test SP TestShib SP. Log into this to test your machine. Once logged in check that all attributes that you expected have been released. https://www.testshib.org/testshibtwo.jpg MIIEPjCCAyagAwIBAgIBADANBgkqhkiG9w0BAQUFADB3MQswCQYDVQQGEwJVUzEV MBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYDVQQHEwpQaXR0c2J1cmdoMSIwIAYD VQQKExlUZXN0U2hpYiBTZXJ2aWNlIFByb3ZpZGVyMRgwFgYDVQQDEw9zcC50ZXN0 c2hpYi5vcmcwHhcNMDYwODMwMjEyNDM5WhcNMTYwODI3MjEyNDM5WjB3MQswCQYD VQQGEwJVUzEVMBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYDVQQHEwpQaXR0c2J1 cmdoMSIwIAYDVQQKExlUZXN0U2hpYiBTZXJ2aWNlIFByb3ZpZGVyMRgwFgYDVQQD Ew9zcC50ZXN0c2hpYi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQDJyR6ZP6MXkQ9z6RRziT0AuCabDd3x1m7nLO9ZRPbr0v1LsU+nnC363jO8nGEq sqkgiZ/bSsO5lvjEt4ehff57ERio2Qk9cYw8XCgmYccVXKH9M+QVO1MQwErNobWb AjiVkuhWcwLWQwTDBowfKXI87SA7KR7sFUymNx5z1aoRvk3GM++tiPY6u4shy8c7 vpWbVfisfTfvef/y+galxjPUQYHmegu7vCbjYP3On0V7/Ivzr+r2aPhp8egxt00Q XpilNai12LBYV3Nv/lMsUzBeB7+CdXRVjZOHGuQ8mGqEbsj8MBXvcxIKbcpeK5Zi JCVXPfarzuriM1G5y5QkKW+LAgMBAAGjgdQwgdEwHQYDVR0OBBYEFKB6wPDxwYrY StNjU5P4b4AjBVQVMIGhBgNVHSMEgZkwgZaAFKB6wPDxwYrYStNjU5P4b4AjBVQV oXukeTB3MQswCQYDVQQGEwJVUzEVMBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYD VQQHEwpQaXR0c2J1cmdoMSIwIAYDVQQKExlUZXN0U2hpYiBTZXJ2aWNlIFByb3Zp ZGVyMRgwFgYDVQQDEw9zcC50ZXN0c2hpYi5vcmeCAQAwDAYDVR0TBAUwAwEB/zAN BgkqhkiG9w0BAQUFAAOCAQEAc06Kgt7ZP6g2TIZgMbFxg6vKwvDL0+2dzF11Onpl 5sbtkPaNIcj24lQ4vajCrrGKdzHXo9m54BzrdRJ7xDYtw0dbu37l1IZVmiZr12eE Iay/5YMU+aWP1z70h867ZQ7/7Y4HW345rdiS6EW663oH732wSYNt9kr7/0Uer3KD 9CuPuOidBacospDaFyfsaJruE99Kd6Eu/w5KLAGG+m0iqENCziDGzVA47TngKz2v PVA+aokoOyoz3b53qeti77ijatSEoKjxheBWpO+eoJeGq/e49Um3M2ogIX/JAlMa Inh+vYSYngQB2sx9LGkR9KHaMKNIGCDehk93Xla4pWJx1w== urn:oasis:names:tc:SAML:2.0:nameid-format:transient urn:mace:shibboleth:1.0:nameIdentifier TestShib Two Service Provider TestShib Two http://www.testshib.org/testshib-two/ Nate Klingenstein ndk@internet2.edu python3-saml-1.12.0/tests/data/metadata/unparsed_metadata.xml000066400000000000000000000017351410551756100242020ustar00rootroot00000000000000 urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified python3-saml-1.12.0/tests/data/misc/000077500000000000000000000000001410551756100171445ustar00rootroot00000000000000python3-saml-1.12.0/tests/data/misc/sp2.key000066400000000000000000000016241410551756100203650ustar00rootroot00000000000000-----BEGIN PRIVATE KEY----- MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAOK9uFHs/nXrH9Lc GorG6lB7Qs42iWK6mIE56wI7dIdsOuXf6r0ht+d+YTTis24xw+wjEHXrVN0Okh6w sKftzxo8chIo60+UB5NlKdvxAC7tpGNmrf49us/m5bdNx8IY+0pPK0c6B786Uluj Tvx1WFdDXh3UQPBclbWtFe5S3gLxAgMBAAECgYAPj9ngtZVZXoPWowinUbOvRmZ1 ZMTVI91nsSPyCUacLM92C4I+7NuEZeYiDRUnkP7TbCyrCzXN3jwlIxdczzORhlXB Bgg9Sw2fkV61CnDEMgw+aEeD5A0GDA6eTwkrawiOMs8vupjsi2/stPsa+bmpI6Rn fdEKBdyDP6iQQhAxiQJBAPNtM7IMvRzlZBXoDaTTpP9rN2FR0ZcX0LT5aRZJ81qi +ZOBFeHUb6MyWvzZKfPinj9JO3s/9e3JbMXemRWBmvcCQQDuc+NfAeW200QyjoC3 Ed3jueLMrY1Q3zTcSUhRPw/0pIKgRGZJerro8N6QY2JziV2mxK855gKTwwBigMHL 2S9XAkEAwuBfjGDqXOG/uFHn6laNNvWshjqsIdus99Tbrj5RlfP2/YFP9VTOcsXz VYy9K0P3EA8ekVLpHQ4uCFJmF3OEjQJBAMvwO69/HOufhv1CWZ25XzAsRGhPqsRX Eouw9XPfXpMavEm8FkuT9xXRJFkTVxl/i6RdJYx8Rwn/Rm34t0bUKqMCQQCrAtKC Un0PLcemAzPi8ADJlbMDG/IDXNbSej0Y4tw9Cdho1Q38XLZJi0RNdNvQJD1fWu3x 9+QU/vJr7lMLzdoy -----END PRIVATE KEY----- python3-saml-1.12.0/tests/data/misc/sp3.key000066400000000000000000000015731410551756100203710ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIICXgIBAAKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9 IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+ PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQAB AoGAD4/Z4LWVWV6D1qMIp1Gzr0ZmdWTE1SPdZ7Ej8glGnCzPdguCPuzbhGXmIg0V J5D+02wsqws1zd48JSMXXM8zkYZVwQYIPUsNn5FetQpwxDIMPmhHg+QNBgwOnk8J K2sIjjLPL7qY7Itv7LT7Gvm5qSOkZ33RCgXcgz+okEIQMYkCQQDzbTOyDL0c5WQV 6A2k06T/azdhUdGXF9C0+WkWSfNaovmTgRXh1G+jMlr82Snz4p4/STt7P/XtyWzF 3pkVgZr3AkEA7nPjXwHlttNEMo6AtxHd47nizK2NUN803ElIUT8P9KSCoERmSXq6 6PDekGNic4ldpsSvOeYCk8MAYoDBy9kvVwJBAMLgX4xg6lzhv7hR5+pWjTb1rIY6 rCHbrPfU264+UZXz9v2BT/VUznLF81WMvStD9xAPHpFS6R0OLghSZhdzhI0CQQDL 8Duvfxzrn4b9QlmduV8wLERoT6rEVxKLsPVz316TGrxJvBZLk/cV0SRZE1cZf4uk XSWMfEcJ/0Zt+LdG1CqjAkEAqwLSglJ9Dy3HpgMz4vAAyZWzAxvyA1zW0no9GOLc PQnYaNUN/Fy2SYtETXTb0CQ9X1rt8ffkFP7ya+5TC83aCg== -----END RSA PRIVATE KEY----- python3-saml-1.12.0/tests/data/misc/sp4.key000066400000000000000000000032501410551756100203640ustar00rootroot00000000000000-----BEGIN PRIVATE KEY----- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQD4ZrcXcjCBOQS7 stUabuXPYnXKvcoJUrMVPRX1zfrXvpfghCrykbL1TKoqGfmEA9oNRoMBOmZCgLlK eb0TfuEO/u1jf4rRFcK7U/dYEiX74bQgUnJUWTfFlhwPjxGhn9zDrc2tSpworJBV amyBZIo5Beap5OJLote/Wqp1DZjNyEZ2m8m+lv8udmejmlo5RMoIzuG3VdH6ADC9 LKF+QsXC/HRZBhLE/y+75/XrNODvX8eM8+9Xp21QlVF1EIZDfNQ2iHsA8GEpJDC5 aomTW/xExBysejnwP2ROrfm3PIfP64EbB4G01f8eErlXeUD0oQ0gECgIXsJpfBkD IWMHwx3/AgMBAAECggEAdbLNvFlJ7GDlAj75RJ4ZXAuOPrNw4LwDyON53U9tNP7F HgfiBa/NuPdLhclq9geRMUsg1dsjCw3NPiGy2mL7JszaFJQhZXLHI1Xk1CE9SD0o yUvniln/2CqJP0IOG6QQydM3qo24snkZpq9XnHPUHrLSGdwu8aHGUpAWRoJbzdzR tBWBn6SlkuaE52vcGh7eMdKSICRCg2/gg6LIi89pkiI9tfozAL2LPcDTRGp3DA3w U6OO8k+d1La4s9G0i22OGSwPxGerTHnBIzpeM/ivRwBypFy3EV9bbjQlheI53xAo ZMmGeSnQ89MWgY64pnWrX862Mf1EZYTjumDe2dl1kQKBgQD9pBG2BbcQ8qieTf84 92LeOYTPRdd0N+gdyDKKorRO772zgxBwpSwO285nzy/FKSnpJIDtuee6OFClnDor Ui6lG1WPQeoSEdH1V10XkfSaoFOz7Hyv9H2dCLvW/VO9KYq07VAmQcvNZnqIW+tI edSHcQ3I8tnw4CiFa0BPvdhk9wKBgQD6tiuN2NvuNFFLvwpBGp3hjGyn6siyXDyP 8IXQmP66NxKqcX/NafVO3bVh6VrPGd7PL1PloQZ5EBG2PPtRdf/g4aeZKZleCUXm 9OgMEOUqdbTP9TGrmgNPtNBx3jnhnX/GTy/7GK77YlXEVplezWaerwRM7NCFCtp2 W6K1M961OQKBgQDDSznr2hirrvuP8GRMW4a/rrAI3DDZplZN4CCySDbm9IcvGgJl iXgT9MDHg2q3t0sy3U18PYEkDEpkSZcsVfneXN6TEGCHCzuLWXovNM2O5VWtmrAi 1vCFIf1nuuRoKP1I89SbsFuYyogcSBIwWsX+h1ji2cJfSmlI2VzKSVW93wKBgQDA sqwfRoMkP0oM8jUrfQ3Egm4xUiAYFxTlfXUcs7t13UaXgs08USifCYGUVAvcCoJa tIHDiVS0UEmMzKpOHmghrM9oxbR/tpjnv21reMDrNbVX8ZnPz3ykEtHz816BrtC6 17qFQJ+d0CMj2XvghfdOGC8yAQL0fzcSqbQRmmCe4QKBgFWY9fqHEKdG/UlxZfBB C/QRNTJsrbZf9Ok/o1h6BHnK64xUc4elShEwV9IdC4QNW0UCr7WXoGLUkhfUphId q//KUDNc7VrWj5URsZcGi7WMkqNm9kPkpeuh3iSvh3+q7tK0/yfuj9ZQOjKzQnit VZBooJAJGdSqYgitpyxB71/n -----END PRIVATE KEY----- python3-saml-1.12.0/tests/data/requests/000077500000000000000000000000001410551756100200645ustar00rootroot00000000000000python3-saml-1.12.0/tests/data/requests/authn_request.xml000066400000000000000000000017321410551756100235000ustar00rootroot00000000000000 http://idp.example.com/metadata urn:oasis:names:tc:SAML:2.0:ac:classes:Password python3-saml-1.12.0/tests/data/requests/authn_request.xml.base64000066400000000000000000000024611410551756100245630ustar00rootroot00000000000000PHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBJRD0iX09ORUxPR0lOMTAzNDI4OTA5YWJlYzQyNGZhNTgzMjdmNzk0NzQ5ODQiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTExLTEzVDExOjM5OjM0WiIgRm9yY2VBdXRobj0iZmFsc2UiIElzUGFzc2l2ZT0iZmFsc2UiIFByb3RvY29sQmluZGluZz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmJpbmRpbmdzOkhUVFAtUE9TVCIgQXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWNlVVJMPSJodHRwOi8vZXhhbXBsZS5jb20vYWNzIj4NCiAgICA8c2FtbDpJc3N1ZXIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+DQogICAgICAgIGh0dHA6Ly9pZHAuZXhhbXBsZS5jb20vbWV0YWRhdGENCiAgICA8L3NhbWw6SXNzdWVyPg0KICAgIDxzYW1scDpOYW1lSURQb2xpY3kgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6bmFtZWlkLWZvcm1hdDpwZXJzaXN0ZW50IiBTUE5hbWVRdWFsaWZpZXI9ImV4YW1wbGUuY29tIiBBbGxvd0NyZWF0ZT0idHJ1ZSIgLz4NCiAgICA8c2FtbHA6UmVxdWVzdGVkQXV0aG5Db250ZXh0IHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIENvbXBhcmlzb249ImV4YWN0Ij4NCiAgICAgICAgPHNhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWYgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+DQogICAgICAgICAgICB1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZA0KICAgICAgICA8L3NhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+DQogICAgPC9zYW1scDpSZXF1ZXN0ZWRBdXRobkNvbnRleHQ+DQo8L3NhbWxwOkF1dGhuUmVxdWVzdD4= python3-saml-1.12.0/tests/data/responses/000077500000000000000000000000001410551756100202325ustar00rootroot00000000000000python3-saml-1.12.0/tests/data/responses/adfs_response.xml.base64000066400000000000000000000126261410551756100247010ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIj8+CjxzYW1scDpSZXNwb25zZSB4bWxuczpz YW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBJ RD0iXzAyNjNhMDdiLTIwNWYtNDc5Yy05MGZjLTc0OTU3MTVlY2JiZiIgVmVy c2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMjJUMTI6NDk6MzAu MzQ4WiIgRGVzdGluYXRpb249Imh0dHBzOi8vc29tZW9uZS5leGFtcGxlLmNv bS9lbmRwb2ludCIgQ29uc2VudD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6 Mi4wOmNvbnNlbnQ6dW5zcGVjaWZpZWQiIEluUmVzcG9uc2VUbz0iX2ZjNGEz NGIwLTdlZmItMDEyZS1jYWFlLTc4MmJjYjEzYmIzOCI+CiAgPElzc3VlciB4 bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+ aHR0cDovL2xvZ2luLmV4YW1wbGUuY29tL2lzc3VlcjwvSXNzdWVyPgogIDxz YW1scDpTdGF0dXM+CiAgICA8c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJu Om9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+CiAg PC9zYW1scDpTdGF0dXM+CiAgPEFzc2VydGlvbiB4bWxucz0idXJuOm9hc2lz Om5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9Il83MjFiNGE1YS1k N2UxLTQ4NjEtOTc1NC1hOWIxOTdiNmY5YWIiIElzc3VlSW5zdGFudD0iMjAx MS0wNi0yMlQxMjo0OTozMC4zNDhaIiBWZXJzaW9uPSIyLjAiPgogICAgPElz c3Vlcj5odHRwOi8vbG9naW4uZXhhbXBsZS5jb20vaXNzdWVyPC9Jc3N1ZXI+ CiAgICA8ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9y Zy8yMDAwLzA5L3htbGRzaWcjIj4KICAgICAgPGRzOlNpZ25lZEluZm8+CiAg ICAgICAgPGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJo dHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KICAg ICAgICA8ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3 dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPgog ICAgICAgIDxkczpSZWZlcmVuY2UgVVJJPSIjXzcyMWI0YTVhLWQ3ZTEtNDg2 MS05NzU0LWE5YjE5N2I2ZjlhYiI+CiAgICAgICAgICA8ZHM6VHJhbnNmb3Jt cz4KICAgICAgICAgICAgPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6 Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0 dXJlIi8+CiAgICAgICAgICAgIDxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJo dHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KICAg ICAgICAgIDwvZHM6VHJhbnNmb3Jtcz4KICAgICAgICAgIDxkczpEaWdlc3RN ZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3ht bGVuYyNzaGEyNTYiLz4KICAgICAgICAgIDxkczpEaWdlc3RWYWx1ZT52NTN3 cW80ZllESzhVY3JPVWNPV2cyemxKL2NIVnVtWVMwS2pycm5WdUprPTwvZHM6 RGlnZXN0VmFsdWU+CiAgICAgICAgPC9kczpSZWZlcmVuY2U+CiAgICAgIDwv ZHM6U2lnbmVkSW5mbz4KICAgICAgPGRzOlNpZ25hdHVyZVZhbHVlPlowOXBl d1k3ekZ2OTFobjkwbHgwRUVubE1HTkw5elVKWk14SVI2cW9mTFpPWk1sVG5Y TjV6RnNmKzFYUFBJWVpMdzVsQ0dqanRtZE5seGR2NzJ6TkZsTVROUnFaN0lp SXd2azVHUk0zenZBV3NOT1k2ZEI0YzVxamU0UkhxL2ZySkdCZ04vZ2VWeFZt bjNMWmQ1WmNrdWh1UzFzN0ZKQW9MVWNaRUxKL25jZ1JEZGdqQUUrcjhHdGFO a3U0VVRCUkdBZnRsMFBXbUFTMDdsbGU2bGFTVVBSQmRCRE5sVlN6R0FQT3lY UDE2ZUkxOWJvbllMaGpiOHVoY0N0bWdicnJhbkpVVGxZc1htcnhvaGNGdW4r eWZxVFdXd2l4OW1SUXRBdEFFOW5nSUUwVkRkTC9reFR0NktOb1B6d2tlajVW eFNMRkFncTJ1M3JaTWN1WUdadTFIUT09PC9kczpTaWduYXR1cmVWYWx1ZT4K ICAgICAgPEtleUluZm8geG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAv MDkveG1sZHNpZyMiPgogICAgICAgIDxkczpYNTA5RGF0YT4KICAgICAgICAg IDxkczpYNTA5Q2VydGlmaWNhdGU+TUlJQzVEQ0NBY3lnQXdJQkFnSVFOQlRr dDdxaWNhcEtOc0lYTWNrOHhUQU5CZ2txaGtpRzl3MEJBUXNGQURBdU1Td3dL Z1lEVlFRREV5TkJSRVpUSUZOcFoyNXBibWNnTFNCc2IyZHBiaTVrY21WemIz VnlZMlZ6TG1OdmJUQWVGdzB4TVRBMk1UQXhPRFUyTURGYUZ3MHhNakEyTURr eE9EVTJNREZhTUM0eExEQXFCZ05WQkFNVEkwRkVSbE1nVTJsbmJtbHVaeUF0 SUd4dloybHVMbVJ5WlhOdmRYSmpaWE11WTI5dE1JSUJJakFOQmdrcWhraUc5 dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBcTdBTURHbkJISUd3dDlLUHRM RDBNMEVYR3VabldHQW1iNXAyRkRjRnp0SkhPSThXWVBxZVJwaHpWU0VrZ1h0 UEloNUp4M2VsUzZoVm43SFZqMld2eklENmpwQjQ1bzhpRGs4UFdnaTE0ZnhH V0U1bzFQaUI4WHJlMWM1dnMySUc1YVBXSUQ1dUM2YkQwWGduTDk1TWdPOUhH UFBTUVJGbnVqS05xekZRZHRvQkpJSmF3QWVEL2kveHM3RmpGazl4MWZBMEV5 TENuaCtlYWZmSXBvcmIrMXh4VzJENkQzbVJUZ2ZIeFhyV1I4VzRqSG5pZ2da aHFkRGhVeHZFYWlRRlRiSU4yRCt6eUI3YVF3UUNIU0ZwZXJCYytSNUZsbGdu R0FhK3NqYjZnMUZYYmVobUVHd1NheHdSWklEQWhqSVFtYTV3WDV5V0pEeEZ6 UjRwc1RlRlJRSURBUUFCTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFCekFQ QzJRUStVdHZrcVFZMm8vam9IR3RudUx5Zmt3ZDc2NERjR0RsY1lLVktFYURD dm5KeDNneXdSVU9ERVJoRGh1Zkpid3I3T29YVmRodzcwTnRURU11Z0pGcjI5 U2d4bjNDaVRpeVBGU0RHang5MTFhYkt4dEpTQkludkkwMEFqWCtWbElaaG95 ODNZWU9SWEZjeWIrVXZoMnIyU1pVM0FDTnA4TTNjWlI2SjFFREJoUEtZd0VF VWs4TlRNbVpMM3ZXanFMWldUeVRUaFRyUUYvbEg5UENsdzlPMjl1d2lmaXEy WHpTeVNyMy9QSHh6cE1Sa0w5YzRFaTQ1UURtYWdlckFVUndlcTVwVVc4QzNV QVVqTExWY1hrLzJwZXZaRU43MFlndDVwMmZBZ3M4NE9KaERSS2lIR3BhcmlF bWo0THNKR1pzcDdxRkpwbjErTWlqUmU8L2RzOlg1MDlDZXJ0aWZpY2F0ZT4K ICAgICAgICA8L2RzOlg1MDlEYXRhPgogICAgICA8L0tleUluZm8+CiAgICA8 L2RzOlNpZ25hdHVyZT4KICAgIDxTdWJqZWN0PgogICAgICA8TmFtZUlEIEZv cm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3Jt YXQ6ZW1haWxBZGRyZXNzIj5oZWxsb0BleGFtcGxlLmNvbTwvTmFtZUlEPgog ICAgICA8U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpu YW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPgogICAgICAgIDxTdWJqZWN0 Q29uZmlybWF0aW9uRGF0YSBJblJlc3BvbnNlVG89Il9mYzRhMzRiMC03ZWZi LTAxMmUtY2FhZS03ODJiY2IxM2JiMzgiIE5vdE9uT3JBZnRlcj0iMjAxMS0w Ni0yMlQxMjo1NDozMC4zNDhaIiBSZWNpcGllbnQ9Imh0dHBzOi8vc29tZW9u ZS5leGFtcGxlLmNvbS9lbmRwb2ludCIvPgogICAgICA8L1N1YmplY3RDb25m aXJtYXRpb24+CiAgICA8L1N1YmplY3Q+CiAgICA8Q29uZGl0aW9ucyBOb3RC ZWZvcmU9IjIwMTEtMDYtMjJUMTI6NDk6MzAuMzMyWiIgTm90T25PckFmdGVy PSIyMDExLTA2LTIyVDEzOjQ5OjMwLjMzMloiPgogICAgICA8QXVkaWVuY2VS ZXN0cmljdGlvbj4KICAgICAgICA8QXVkaWVuY2U+ZXhhbXBsZS5jb208L0F1 ZGllbmNlPgogICAgICA8L0F1ZGllbmNlUmVzdHJpY3Rpb24+CiAgICA8L0Nv bmRpdGlvbnM+CiAgICA8QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIy MDExLTA2LTIyVDEyOjQ5OjMwLjExMloiIFNlc3Npb25JbmRleD0iXzcyMWI0 YTVhLWQ3ZTEtNDg2MS05NzU0LWE5YjE5N2I2ZjlhYiI+CiAgICAgIDxBdXRo bkNvbnRleHQ+CiAgICAgICAgPEF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpv YXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkUHJv dGVjdGVkVHJhbnNwb3J0PC9BdXRobkNvbnRleHRDbGFzc1JlZj4KICAgICAg PC9BdXRobkNvbnRleHQ+CiAgICA8L0F1dGhuU3RhdGVtZW50PgogIDwvQXNz ZXJ0aW9uPgo8L3NhbWxwOlJlc3BvbnNlPgo=python3-saml-1.12.0/tests/data/responses/decrypted_valid_encrypted_assertion.xml000066400000000000000000000054331410551756100302670ustar00rootroot00000000000000 http://idp.example.com/ http://idp.example.com/_68392312d490db6d355555cfbbd8ec95d746516f60http://stuff.com/endpoints/metadata.phpurn:oasis:names:tc:SAML:2.0:ac:classes:Passwordtesttest@example.comtestwaa2useradmin python3-saml-1.12.0/tests/data/responses/double_signed_encrypted_assertion.xml.base64000066400000000000000000000270651410551756100310200ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJwZng2ZmE1NDcwMi0wMDc4LTE0ODUtMjgxMS0zMTRlNTg2NWFhYzAiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTAzLTMwVDIwOjQ4OjQ0WiIgRGVzdGluYXRpb249Imh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvbmV3b25lbG9naW4vZGVtbzEvaW5kZXgucGhwP2FjcyIgSW5SZXNwb25zZVRvPSJPTkVMT0dJTl82YmZmYjRlZjgzNzYwMGUwNjc2Y2IyMWY0ZjBhYTRiYWQ5NGRkOTYyIj48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9zaW1wbGVzYW1sL3NhbWwyL2lkcC9tZXRhZGF0YS5waHA8L3NhbWw6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgogIDxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+CiAgICA8ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3JzYS1zaGExIi8+CiAgPGRzOlJlZmVyZW5jZSBVUkk9IiNwZng2ZmE1NDcwMi0wMDc4LTE0ODUtMjgxMS0zMTRlNTg2NWFhYzAiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+PGRzOkRpZ2VzdFZhbHVlPktYMEl1ZnRJNnVqKzhiQ1c0R25HRmJkK2Fodz08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU+Wmw3TjJ2Y0UzTjYrS2VUWGZFY3NaM3FRL0FRWGlId290RWJJZGduNUNlNlNjL0ZaTFhpVTFDOERRbWlhWk1HWDJCbW4ycmNDWGtuQ2dQWjlrVlNUQzFQbUZ3UkJRbGozSExGb2FrTHorUkJUbkJJMmxhSTQrd2U1ZVQ4ZWU3YVpneG1udjFTN1lXbEtyVjZLZDZ1eU1YU1dQQzYxaU9YdUNSbjJnNWR5aGdVPTwvZHM6U2lnbmF0dXJlVmFsdWU+CjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUNnVENDQWVvQ0NRQ2JPbHJXRGRYN0ZUQU5CZ2txaGtpRzl3MEJBUVVGQURDQmhERUxNQWtHQTFVRUJoTUNUazh4R0RBV0JnTlZCQWdURDBGdVpISmxZWE1nVTI5c1ltVnlaekVNTUFvR0ExVUVCeE1EUm05dk1SQXdEZ1lEVlFRS0V3ZFZUa2xPUlZSVU1SZ3dGZ1lEVlFRREV3OW1aV2xrWlM1bGNteGhibWN1Ym04eElUQWZCZ2txaGtpRzl3MEJDUUVXRW1GdVpISmxZWE5BZFc1cGJtVjBkQzV1YnpBZUZ3MHdOekEyTVRVeE1qQXhNelZhRncwd056QTRNVFF4TWpBeE16VmFNSUdFTVFzd0NRWURWUVFHRXdKT1R6RVlNQllHQTFVRUNCTVBRVzVrY21WaGN5QlRiMnhpWlhKbk1Rd3dDZ1lEVlFRSEV3TkdiMjh4RURBT0JnTlZCQW9UQjFWT1NVNUZWRlF4R0RBV0JnTlZCQU1URDJabGFXUmxMbVZ5YkdGdVp5NXViekVoTUI4R0NTcUdTSWIzRFFFSkFSWVNZVzVrY21WaGMwQjFibWx1WlhSMExtNXZNSUdmTUEwR0NTcUdTSWIzRFFFQkFRVUFBNEdOQURDQmlRS0JnUURpdmJoUjdQNTE2eC9TM0JxS3h1cFFlMExPTm9saXVwaUJPZXNDTzNTSGJEcmwzK3E5SWJmbmZtRTA0ck51TWNQc0l4QjE2MVRkRHBJZXNMQ243YzhhUEhJU0tPdFBsQWVUWlNuYjhRQXU3YVJqWnEzK1BiclA1dVczVGNmQ0dQdEtUeXRIT2dlL09sSmJvMDc4ZFZoWFExNGQxRUR3WEpXMXJSWHVVdDRDOFFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQlFVQUE0R0JBQ0RWZnA4NkhPYnFZK2U4QlVvV1E5K1ZNUXgxQVNEb2hCandPc2cyV3lrVXFSWEYrZExmY1VIOWRXUjYzQ3RaSUtGRGJTdE5vbVBuUXo3bmJLK29ueWd3QnNwVkVibkh1VWloWnEzWlVkbXVtUXFDdzRVdnMvMVV2cTNvck9vL1dKVmhUeXZMZ0ZWSzJRYXJRNC82N09aZkhkN1IrUE9CWGhvcGhTTXYxWk9vPC9kczpYNTA5Q2VydGlmaWNhdGU+PC9kczpYNTA5RGF0YT48L2RzOktleUluZm8+PC9kczpTaWduYXR1cmU+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+PHNhbWw6RW5jcnlwdGVkQXNzZXJ0aW9uPjx4ZW5jOkVuY3J5cHRlZERhdGEgeG1sbnM6eGVuYz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjIiB4bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIiBUeXBlPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNFbGVtZW50Ij48eGVuYzpFbmNyeXB0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjYWVzMTI4LWNiYyIvPjxkc2lnOktleUluZm8geG1sbnM6ZHNpZz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PHhlbmM6RW5jcnlwdGVkS2V5Pjx4ZW5jOkVuY3J5cHRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNyc2EtMV81Ii8+PHhlbmM6Q2lwaGVyRGF0YT48eGVuYzpDaXBoZXJWYWx1ZT5zQUNhWHN6OUpHM2RUektZNitHRWFwS2ZkV0k4THJNcXl1d1FIcDNuK2ZUYmdmanZGUGtnMkhNSVgwQTBvdEFWS25rRGlMRFJGUERoQWpxRk5GMXNyMUdRanFXdi94d2N3THZNQ1orMjVMWFBjdk5ra05rZmZ3V0xVdVA4QUU3ZG84WHludllqMHBBNnh4di9pa3NldXFSbWoyeTNsVEpuZ3UrREx3aUtKdUk9PC94ZW5jOkNpcGhlclZhbHVlPjwveGVuYzpDaXBoZXJEYXRhPjwveGVuYzpFbmNyeXB0ZWRLZXk+PC9kc2lnOktleUluZm8+CiAgIDx4ZW5jOkNpcGhlckRhdGE+CiAgICAgIDx4ZW5jOkNpcGhlclZhbHVlPnJUUlQ2YzA3QjVKZ3dYdnZPYUQ5L2NQZ0lhYUpyZ0I5QjZLR1lpK3ZFWExHaTZBWXI0ejVmWTVxMXR2dXA3eUZHTStwZVdGdzRvQ1N2L1Jxdy9HS3pVZ003UjNNZnBzVU1QaERxS2xTT3o1SDhsSSt2ejVSWi9TZVB6eGUxK0N5NGdkUlVRR3dMM1R1c1VLRnhxZUlJVnNjdVVjajVvZ0Z0YmtIS25GbkxnZllNbWVCbFhIN3NnbFZIcFhldHM0TWk0QlAwb2xIZVhXaDc3OWNrSkxsVG15cFBpdThVTGFtYlQrMlhia0xWaHZvVEVEZ1F4TlpUQlZPOW5SdzZwQTUzZkNYZjNTQk43NW5FanFOVDl6UXlEMVBMQU9UVU93U1JNM2d4WFNrTHAzQ0ZaZUVPS3VpZmp4VUZsQWk3WENlUFM4dFdDcUdSbjZ5R3JodlRtYVp6TnJQREFPQmUrTVpTNjBqUTlyMGxLaVk1Z3lxMkkzSUZNYjFMRUQ2N2twRHc1Z3ZjR0xuclZRdkNaVTBLaHc3RWZ2QUc1Y0JlQ1ZMY0RxODBmSWtCVFk1Y285R3UvMjVxVFI4NkxXR2QvMThYK2QxWHo3SkI1OWp6eGlEY05wRllKU3NjQUV2WmZPbHRPTzdNN3RSZ2lsWktta25GWGNMaEpvbUluV3poNE9aSElqcDRla2xlWVV2WHVxRGhDVFE3MjdDZVZJZ0ZNRThUalZCbFpqUW4rOC8vYklud2ZPcDFQQjQrc1dFRzk5dFZhNFB3TGoxTXRVc1dxM2xoL0Y0eUlmSWFRUXFmcGZvRDFWcnRyT3BpSG8yM0NBSGdDajVwVW5wbGxHTDIvU3laRzMybEtja2pWMm5KbjFzaEpXQ1RZNmtnaGdvWkw5QlA3eFh4Nk8rUkRqR3VCZm5idk5lRk5UMi9ROWFPVHZVMW93ckphazJKbWtlWW8rS2Y1SDNvSng1VkUxTG15V3ZYUFZwcVNmMEd6RlFteXg5UDA3WVZOTGdFSDFhM1NaNDlUNzdXSUpXSFdYbWIwUGZacytBMWdhZVZEcis0bHdOTVg4UCs0REF0WDlPTlRUSk1IZ1BiMThaTDE4cGZRUDZxMHdDWDZhdmtJdzh2b1loZFBRSGxhbmlkL3dyN0IxOG8zVEZtT3pTblNHcEFYUHpQM3FodTE0L1NVQlRxWGFPem9JRDZtdW80NElHcWxVbUp4Q1FQOWQ0VDYyU2lZZWVXYlRuOTZIYVNsN1FoYkIyU2hRajFONGVuNEhNQTZkR2FLa0d2cG9tamhTbGF2T1NoVFlKWlBkTnZCeWJUNGFUdHBPVGFJWG9ML1lqdmUrTk9aMGZoZjkxZnZ0NTJNbWttNkxnN3VSK3dJckdQUjl0bzJNQkgwY1k4QjV6Rkt5ei95MXRuTXhGQkZOaTFvNXlQbWZyS3EySUNpVHRPWFFKMzBTMkNEeDR1aU9pcHpGVEFJeC9sTGgxUEhIdC9PVlhVSklMcmdRR3FCVmM5b1BZQXRGMDJJWHB1bU1SdVlUa0VQMGpxeU1SVHlxRDNBTkhIcHlzaUNQYnViSU5YK2VZWUJBb0FqekZXU0YxTDd1K0JxS0grVzdIaXRpYXVSbS9xa09RY1dPUTlsY1lPaWI5UC9RRC9RYWFZQzhoMG9rZ1pPb0EyS09wZ3E0cHNudGt5clMzMEo1OXRxU1hORXVuQXVweURLSkVtZ3poK2JWTTRQVXo5U3ppTDJ3OHdKVzcrb3h5c2ZpRXpNZHhFRDhMa3FkTjBJVEx4VVFBM3V4elMxUHR6ajZtcmZYZ3pGVXJUZFZIUUw0Z2dTejliYTAzZEFIZDZEWFFWelBaS0svTnBaNUY5UzRxUGxSRHo5ZmM4ZDhMSlZIbDFvbUMwUDVlbUlkU0V5NGxLcHl6TE9IMG82K1g5cXpxdGhmTUFHVzhnSk9CbDVJQzkwMjZjOEE1TlJFUnQxcjJ0NTNBWmNSejJIWjEwdGZ6cWZ4UjRBc0FiM0dFdkxpa1N2VDRIZWpRcVlqZDd3dTVSK2V3Ym43aFBIYzNPUG00TEJyTEg3Q013K2U4MmM2bCtUaWdrL0ZJS3Ryc1U3YUhENkNqZ0VRZnNkWHNrRmREOVY2RTgwODU3WjBVWHFveDZuKzdCTkRsN1pzci9PZXJ5QmZlVTk0OXVSY1JKc2xuZVorRlZqL1R5OEs4TXh3LzYrcG5tcUlwUUhYR3FkK0dKZVZvZDZpK3hodDdzTUw0RUhKbnc1RU4zbURLd29OY09RVE55OHM3REcxOHp5NXhEUGkvK1ZxVEw5bTFtZTFsSllLSVhwWXB3UStSNHVPeUlOWDJuM2NhN0RRY3lkcitXQ2hjTEc2RjFFRWhBK0U4NmhKTFU4VUxSbitRNU1kQ3VZOGt1V0graTlOT3R0YU5JRjdnTG4vYndXQzlyNmNud2pTd3RyYXBYQlRWSGxXNXNYWmVaUjdCMjZTZk9wSFhwRVJQUklkMmthU2RzTlZVeGdUMGl6L2h4cFo5MWgrR2huYjg1dW1uOTRSakpVNDRUSFVtdmJ2U1psZklGL1U3RlBhakx0TFN2TzNvUlFIUzdRaVhRelhtMFZoWEdYeVF3cUs1MXhXWWx5LzFmaExXTTB1bkMrK1J2dlhRUFQvVVhoeGQvVVdUV1paVXg4UHFNZVk4Ni80bCt2N0s4RlVtN0FNcTBLRTN2bC9JSWw1d1kzS3NORDZjSUJJSXhDQ3EwS2p3ODN3ZDZCMHl2QndYOTFnZ0s3dHgzL1p1NFNST3YwdjN4eEJZeEtPQ2dSSWRSWG9oU1ZSOEY2VFNGejVCNmw4VjBzMklxUDJnQ056ZStSeXkvWEIzc3pmbi9tMW53Rzg2MHRpWHgwK3V3ODJGdnVsNzY5TSt4c09INnlXRHIvWk0rZ2VRdzk1ODQ0cUFKNUU2UWVoQUU1WHpGUG1lTGRRN2trSUx2VXNnTFVDTTM2bWhobjF6SGg5QnUvZzhkZWFGSE0rajZTbmVhTkJBN1Yvc3hhNEV1U3VBckMyMzlSeUhsT244aFFXa2NUUThUWTEra2JCMmJOOXg2Qi9FNjdxWHNEenU1NW9vSzhVY1ZSa1J0Z2s5a2R3Ukt4djR6SHZZTE9VeE1BZnJCV0xna3VUWFhGUitZbWNwc0s4UmkrSkhZUUd6U0EwY0JzZ2VvS0xqQ3hoWmhoMlF6QmZxNTFWOWE0Rm5ObkJYdFIxT25JTTdrVVRXMVZZQUt4S2c0UWs5M2dQck4vQ2E1M0ZiM1czRUdhc1hha3JXNFE5bXBmNjFxVlJQN3k1WWgzZmRrU2tsU2hhRitmNGxreVB6VTlKTTZSRCtJaEc5OWZjVHJSeWEyNm5QcUdEQTdxT1Y2YWpiT25VRjRDK2FuU2lvS1JXQWIyUDBnTmhGc2J5eXpCQXdpT2lyOFN0eUxBQXNrcE5UWVRGWEx4UDgvMjNtbDlBYVU4U1hGeGtsM0RqR2hBY2F0Mi8yZnFBSERqWThGaG1INVVtZ0t1dENYTW5yNlJzUFlXaEF5YU1vdjhIWHl6NmhUK28rSWthL0ljRU9DKzAzWVovczlWdUNTVjM2a2tLWWI1Sk54QlZpN1lZSzBFZTlZcDFqWVRrWWQrWjhhZm15ZVNkbHA1aitBUUJQcWxtUFFFY0Nub0d2b2ZhdGhjU1NYWHQ2ZVVBTWdxQmI3R01kdTczVjRCbFlHOXhPZmtHbW8rOE9DVHBhK3JhMnlLQlNVK2hNUFZjQU9BRjlUYXpYYUwzRVRwRk5mU2pURllUSmVPSHZFeXZDdnBESkVXT3p1bjdjc3lkaWdUNkxVNnBvUHR4cGpBMlVZZkEzSUpuQ3grZ0JHeVAweG5Na2lBRVUwWWg0c0ROcFZlR2h4NzlpSGNKOU1MQnZKRkNVaUQ0anhnMXE2TldZNVQ4ck1HaGt5N2NJdUpTaWRxaDBXM3VTMGFBanNjd3lMdE82UFZuVjdlblVGbHZKQURIVXNGRHpycEtrdm5Fd3VJZjd0cHNqRW5uc21tVk84d2J1ZWRQL0ZNUlZwbzJnUXlZYURWckFnUmlMSEJkTnpaMi9lUnN4OTN4czlBREE3Yk53M0F3cTVtZXVPZXZDTTRNWHZZWU5xczYrVzNXa2ordWF0cVE0K1E3alYza0UrTEFPeWNwdnV2RXVxWGRsSURFVDR0OU9FWGJiRG8vVXFwZkVhTHdyb1JyNXM1UmR0aVZ0NU5YNnBxeUQ3bUJMRHBUTmlkRVRwdkY1SVNaM2Z5Zkk1aHJYa3dXSU94UVZjL2lTN0tHYTRzYW1UQ1dXM1pPSTI1QWVyUFdUSlhmeU0veXJNSnA0YVRSVFFITFIrRjM1bzhqeHZjVXFCZ1R0Z1VIdlM3eTFZS1lhRTlLYmxUcGVhUVBYcW1oL0FSY0UrL1NxWlNIY2hlakN0ZHRnNXl5RkZlaDAzaEd0U080UVgrM2h5REd5UVAveVZRNjNJM2syejQ2djlDMzRkYzdBUjVBd0gzOWIzK2t4MERSeDJocDFoeGZZTkJYK1c3cWN1bDY1dTJMV2JTMzhOMXgzSkVJY0dSbXlQNFhQV2FUTHBkcmM1ei9YSnVoZHoxYXMxMGd2NWVLQ3AxczJCWGdWUlQ3d2dUclFzaDZxeEl4UkdBYXBFYWY5QVFjRFltYlFEOUtrbU5lREthaFdVdm9vZTJvb29iSGFRdFVleWhJT0I2T053VEp5RkYvdU1sNzZIV2F3dzBYTGV0Sm90NldQR2J6U3JVeCtYSXcxY215NEFQOW80bXYrWkY5OXA0QmUrc2N5aHNLeXEyMkQ4SnFwc0pWL3NiYmZkYjU3MUY0YThRb3ZLSnBoMTQvMXVndWVHT2ZTRU1BWnZRZmI3Q2h4czVDdXBLRm14bFFuMXoxRjBIMzRKQUh0cVRqek0vc210U0lOeVprUGtXUHpVZXpid3F2UndjMHo0N1g3YUtYRVZyQjI5Qkh1b2dadnJqSldLdUNjL3BoTUdBQ05BQTkyT2YwaVNTbUlLSWxaRkVET2FsYWc2d0xvMHc2UlVHKzR6bnV6eGVRbmQ2bDRsZjJYalNBUXZ6N1ZNaGxrZDBLZ0pMc1JQc3FjTkl3dXRRekxvcCtrOG9MeWNvV3ZOaEtlTEIxY2ZGNW1KWENwRDZGRjFqRk91S0dEOHdLenltRVRGcTd0RkJYMWVjMENnMG5iVEFQclVYb3MwZkRLaDRudHZiL3UzN2RXY2pwc3dSWjY3dkM0L3FSby9Ed1gram5XdDVFdzRjQjQ0eWowK2x1WEp3K2lSWk5JYXB1YWtBenR4QzlhaFpheHk0b093cWxyUzB4dS9GMzcyTU5uQThQRmIrZ3pzbFZrMXBZa2g1blo3RXNsUHphMUJIREpQaXQzamFENjVVZzUxb1RQZnhkSWJkK3ZJdHd0cStQUUNOV0dJQnRCTUoxblU1aldMUFpTVEFoenBQNnp6SFU4OTE1Zll6YkZST2tmWEdjOEVkc0dGYmdMdnhCWUJBVWRveElSR0pCTWZyTlV1YWQvRkhGRjdhWkdXTVlKVUJaY1M5aXNNVTJ3M0NXSnl0NWphRW9KaUVwTjRHUG91THNnUGc5ME43eU1md1h6bjE1d3JLclFzWlFnQ2tabDFyUzZBTUdOYlFJTkxUelluT2F3ZGhzN2sxUDVxeGFqdWl1VDlnd3RDamxHNURmbVg5N2xqZXBYY2JabkVNM29XUG9sSHhkeTlUL3p0VExiZFh6OFZ5azY3UlFUOEljZnZSZXdGcDF4QlIxeThzWE9nWklSZTZvUGRQN3ArdnhlVmRHYllTNUtMYVFwRFJ5SExuRGw3NWQxeWRKTHpCdUdtM28raSsyRSt1V29kVXdPNnhJSTg5Vm1YaFVBQzA3SmlNQTFKemJYYXFLWlFkQS82OHl0Y05tYUpjYWsxVGJOZUwvc3l3WUVRa0ZSTkZaYlJkTFdCWVN5Z1FhWU5DVXJIdDFTMExaMDV4aVM3bGxOVmZFNUh2cWtyWFpLekVrS1YwWjE3cGNYMDZ2Tjd5TU1ZT2Z1REdSR3BwZlBzNXVBV2pyN0lKR3IxM3VNRnJ6MTFtQVNOQjVhcTVYNXhUdGp0VmlGZXRDN1FVd2NJaEM0K1lvQkpYQlhST1lyTzVpWkhuY3ZpS2lpb2ZsWWRkcFVIRXIrT0hVQzBjTEdRTlBoQ3BsUjZhRXQ4ZTEySUVZYjBoTURzdmVhbDg4YkwvU2lSUGg5WjFZbXQ1VnZkV0NxMW9YRW51RlNmOTk1SnM5QkVoVitRaktiSjhCNS94Q1NkeWMvSk0zZVpoeThmTFEvN2t2YUxHNWJGa2VKMnM0UXExVmNWRkVzZEVGeGRxWGJkalBBMFY5ZGFmeExhZlpXR3I3UURhTm55THQvUFNWR0NEeGYrZ2g5Zlo0SEl1djlrV2N2d3J5L1BtRHc5ckN5eVI1RGg2dlgxOFBITzB3TG1GWUhSK25zY2ROQlMzNGxualFTQ0d3ZGZmYWUxTXlwYTJhL3ZhaGtsMG42UHViNy8ycFB5c1dOWlhoQ2x2ekNJQzR4UktFRHhiYnhqKy92Wit2Uk9mNndQaXRaUjYySnBveXVQaHpJdDhadVQybE9sNEVhSGZiRWxlVmEvQ1NWbzdKZE5qRVk0NTJ0WnJXa3B2N0dnK2tqZk5RNnQzQTVYb0JJV2hhUUozeTJjYStpeDRZcFcxWVcvdnZ5WlE1TVFPdm9OZHBFY1hqY1d4MEtMVlRUdnY0SUVPRUtQMzZEL3dxeWtEamc1akpWcnkva1RiTDlaSWRtbFJML1FCWDNqR3FMYmp4cG1UN3VnMkVOZFFlbUd6L29XVGpQem0vZVUwcTZlbHliNitDenRGbldkbWU0YmE4T1ZYdVd4TWJsdDVUd3NxOXpCZzc2RGxDaWYrS1h2SlUzRUdXMFQ5WnUrRTJsaEQwQyszOGlJMmtoYm1BWW5qZXlHTzE0VkpIUGFGeS94amZKODM4YjJKaVQ1QnJMZEx4V1NiNXprc2tqSFRBUm5vTzh0SSt1VS9tSzhDSVZGMEhiZEhHYitwbmFoTnVyTXpqeTdiUm0zcUYvdkdVUmdhN0wycVk1SGU0a2U2RStkUDNpc1RTcGVlRGluV2Q4eWo3RmtVZDlwMk5WS1c2bGZEa2paRTR3clNPdGlKYnBrV2RRNjd3VUsxN01iZ2VneFZxT3ZndE9nd1JHQWNTNVhSRVFTNHpUK3lTZ1ZzY29jR2pyMGYrWXBDWXh4eGJ4OVN1Wk5qMGdZbDZVcFdOb3hQd2Q2S3hpYWJYZ3c2MCtIMy9GbitoOVg5cm9wZDJCMXVLelVIVUY2YUZrdlRIN3ZMZThoY1JubE5zNWpyMHozT25iQWpocENtTmt6aDhtRTJsTWR1QW9vTXBZZEF4dzd0Zm14cVZRMlVoajlUMHpheGNYYkhqK1M4MFhoTHNqYnZSL2dxcGJnMUVPMjhuR0I3NUNLZTVtNEJDWnE0VU0vKzFIUTVnN2FWZnlPb1czYklzRUJRPT08L3hlbmM6Q2lwaGVyVmFsdWU+CiAgIDwveGVuYzpDaXBoZXJEYXRhPgo8L3hlbmM6RW5jcnlwdGVkRGF0YT48L3NhbWw6RW5jcnlwdGVkQXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+ python3-saml-1.12.0/tests/data/responses/double_signed_encrypted_assertion2.xml.base64000066400000000000000000000274301410551756100310760ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJfYzdmNjk1NTk1MTFhNTU1YWMwM2E5YTM1ZTk1NTI3YTlhMmE3MjZmYWQwIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxNC0wOS0yNFQwMDo0OTo0OVoiIERlc3RpbmF0aW9uPSJodHRwOi8vcHl0b29sa2l0LmNvbTo4MDAwLz9hY3MiIEluUmVzcG9uc2VUbz0iT05FTE9HSU5fZmQ3OGQ4YTYyMmQwMDEwNzcxOTMyODcwNzI0ZjM4NDM4MTZkMzk4YSI+PHNhbWw6SXNzdWVyPmh0dHBzOi8vaWRwLmV4YW1wbGUuY29tL3NpbXBsZXNhbWwvc2FtbDIvaWRwL21ldGFkYXRhLnBocDwvc2FtbDpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+CiAgPGRzOlNpZ25lZEluZm8+PGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KICAgIDxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4KICA8ZHM6UmVmZXJlbmNlIFVSST0iI19jN2Y2OTU1OTUxMWE1NTVhYzAzYTlhMzVlOTU1MjdhOWEyYTcyNmZhZDAiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+PGRzOkRpZ2VzdFZhbHVlPlRoeHRtcHY1QUF2SGY2bXl0K0RMWHg1SW9DST08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU+MTNRaFp3VDgzbk5tVVMyNmZHVkptQ29NZUw1SzNrcXNaS2xKMWJxWWd2cTBOTHZyRUo0YVh6TTVHTElrN21idjR3UysxRkQ1MTgxdVVJVWRURjNJWHJNeW04R215NXhYcVk2MVYrYWR6YlJIYnIzamZqdlFnaXlJdWcvUE9rWkxpSWhTTHVxLy9tb2FXYXRBQXB0dWVCYU5lOVFQb3N0N3pXSlpJc2EweXRRPTwvZHM6U2lnbmF0dXJlVmFsdWU+CjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUNiRENDQWRXZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRMEZBREJUTVFzd0NRWURWUVFHRXdKMWN6RVRNQkVHQTFVRUNBd0tRMkZzYVdadmNtNXBZVEVWTUJNR0ExVUVDZ3dNVDI1bGJHOW5hVzRnU1c1ak1SZ3dGZ1lEVlFRRERBOXBaSEF1WlhoaGJYQnNaUzVqYjIwd0hoY05NVFF3T1RJek1USXlOREE0V2hjTk5ESXdNakE0TVRJeU5EQTRXakJUTVFzd0NRWURWUVFHRXdKMWN6RVRNQkVHQTFVRUNBd0tRMkZzYVdadmNtNXBZVEVWTUJNR0ExVUVDZ3dNVDI1bGJHOW5hVzRnU1c1ak1SZ3dGZ1lEVlFRRERBOXBaSEF1WlhoaGJYQnNaUzVqYjIwd2daOHdEUVlKS29aSWh2Y05BUUVCQlFBRGdZMEFNSUdKQW9HQkFPV0ErWUhVN2N2UE9yQk9meENzY3NZVEpCK2tIM01hQTlCRnJTSEZTK0tjUjZjdzdvUFNrdElKeFVndkRwUWJ0Zk5jT2tFL3R1T1BCRG9lY2g3QVhmdkg2ZDdCdzd4dFc4UFBKMm1CNUhuL0hHVzJyb1loeG1maDN0UjVTZHdONmk0RVJWRjhlTGt2d0NIc05ReUsyUmVmMERBSnZwQk5aTUhDcFMyNDkxNi9BZ01CQUFHalVEQk9NQjBHQTFVZERnUVdCQlE3Ny9xVmVpaWdmaFlESVRwbENOdEpLWlRNOERBZkJnTlZIU01FR0RBV2dCUTc3L3FWZWlpZ2ZoWURJVHBsQ050SktaVE04REFNQmdOVkhSTUVCVEFEQVFIL01BMEdDU3FHU0liM0RRRUJEUVVBQTRHQkFKTzJqLzF1TzgwRTVDMlBNNkZrOW16ZXJyYmt4bDdBWi9tdmxiT24rc05aRStWWjFBbnRZdUc4ZWtiSnBKdEcxWWZSZmM3RUE5bUV0cXZ2NGRodjd6Qnk0bks0OU9SK0twSUJqSXRXQjVrWXZycU1MS0JhMzJzTWJncXFVcWVGMUVOWEtqcHZMU3VQZGZHSlpBM2ROYS8rRHliOEdHcVdlNzA3ekx5YzVGOG08L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48L2RzOlNpZ25hdHVyZT48c2FtbHA6U3RhdHVzPjxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz48L3NhbWxwOlN0YXR1cz48c2FtbDpFbmNyeXB0ZWRBc3NlcnRpb24+PHhlbmM6RW5jcnlwdGVkRGF0YSB4bWxuczp4ZW5jPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyMiIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIFR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI0VsZW1lbnQiPjx4ZW5jOkVuY3J5cHRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNhZXMxMjgtY2JjIi8+PGRzaWc6S2V5SW5mbyB4bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48eGVuYzpFbmNyeXB0ZWRLZXk+PHhlbmM6RW5jcnlwdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3JzYS1vYWVwLW1nZjFwIi8+PHhlbmM6Q2lwaGVyRGF0YT48eGVuYzpDaXBoZXJWYWx1ZT56SFNWUW9LdktScGg4Q0x5VVNxeWhBMkVPanB3UU93dDkwNlA4bUFVeE5pRlZ3WjBiMWgwcGR4RnpMdkJsT05wSDlZMWFFOVZ3aGg4UnRSNDdYc3ptMXBUbjJBbFZ2R3g2SDZtVE1aS2NYbmppeDYrZTA4WmREY1ZHUHFFd09KNWpqQVpvKzFjTHowLzV3VG9MRzZpZ0FlWDEvZi9WVDhLdG9PQXVZSWFCbTA9PC94ZW5jOkNpcGhlclZhbHVlPjwveGVuYzpDaXBoZXJEYXRhPjwveGVuYzpFbmNyeXB0ZWRLZXk+PC9kc2lnOktleUluZm8+CiAgIDx4ZW5jOkNpcGhlckRhdGE+CiAgICAgIDx4ZW5jOkNpcGhlclZhbHVlPkVOdGFJbDBVVndBcmpvNXo4Zm81d1d0MFExeWV5ekFZKzE3K0RzZktiM1NqTERuVjJiTXVOZHM2dFRRcGF2WnBEYU0rZW0xOVo1Q2JRbUlzVENON2xsVUxOUzJuTEFhckF4U2dJNGxkTitpZ1RIWTMxWDVzNUNMN1NacFBzVG11dWs2OUJlaHF2WGZrclBhRDlDMHpaTVlYcjllcEozbm9reXk2NnBrS3JlZ2dsZEpOem1leWc1SWdSWjdkbG1JQ2duUE1yUmRwZnNLMC9jUjkzbGw5d2hJVGNYV2l6VG9MWWtZMUkrSUptTWRORVk5a1F6L0hDVEQ0SUNsYmhEUzJwUXAxWG51YzM4Q05lTzU4Rk4vSHhVUnhRckRMUHFNUWV2Tlo0alBObktZdUQwcFlzbHl0V1U4aGd4dGtYWWZ6T3R5Nll2VFArUFhjdmhybUMzRHNZUXRDSURBU09nTENkQUtNVmxVc3owemxnbTZGalkwQitsc3ZTWE9sVko0OU83Ymx6Z3ZYKzNSZVVsSHB3RFZ4Nm5welVNWW5iWFJ3Ky9SSlNZeW01b2U5M1krMGttaEpkSzBiWlVMY1lOZWVnTWVtVXJyUjN3Q1dyeTZPZTZ1YUVxWVNFdXJrcytYS2hQdS9PS1dHOHZ5TWhPZ0FrTVdMbzQ0N1NGM2lPQTAydldYZUNVbSt0dEpxdmVwamVxOTJVZ1FoSDVjZWo2dW1Gb2lnSTlFOHJsZ0xnem1jYnd4aG14UWprOG5jaDc0d0FKbWFhT1JjNjYvRWtBK1hwUnN5SXhKWG51VmlLWWt3bjMzNjZJSTJaenpnUUU5UWhOM0lYbE1COHp5a2pFczl5aW43V0JqZy9Id0xwT1d5VG1NY2FMcDhMVmdTNlpXR29TY21Gc29jeDluQkNvSmJuU3NRanV2a3VPbVRtMHlORHFGRzNmVWRsWUlSdzh1QWlTM2ZweWttclJpd081V3BnWFRIMnBYUFFzWFpDdlltQXorbDJUUU5YendOejY2Y2FGck9wdm5MUW52bTJWRDg2a3JaaXhKRGRWZDZaOEhoRjJRSHpNamdLN1hCOG9wcjhwK2ZqN3BrY2JwenRaV2Y3RVNFUnNuWlBHT3VwWTlTLy9ZQjc0c0pDaTNhamczYmdsbEhIN0MrbGlnQWFkd0NDRjViWjRsT1RxY1M3VFVJMjlLNDRKMmZrS2VWeThBVnVZVXNxZ3NWSjd2WGtzNUljMnFoc1FSdStzY2NzOFR0Y0dYSFowalRhUkU4ei9JT1VmdXdCNUFLNC8vV1hNLzVZekEwWEhnSmpIUVpueHhieTdvdlNaYnNvYXVxRFMxTHJhOWtIUFhpZTlvZHlQbmpobExXb1d0WTBodW9EUUR0K3N1aHpyYTF4RzJ6MUh4UmEvRFZVREhKR2FCR29sMFRLQ0FmbXVkMUlqb05VVzdYVVN1d21VSVdVb0drbVNRTy9EYTVYQXhEV1lHVHVuMUdBcmdyTEwzVkJPNGJ6WEMybG1pNUl1OWhqQTJlZ3JRWTBQVit0WkJkTnpCdkxRYTY3RlJqR0hjd1lneDh6ZW9TSGVGRkVUcHBUeHIxWGdicHBVV1lLUjF2V1NvMjdhcXFjeVhTbnVHMUpCSmJOeEdDbjR4SU4yR2RMOXQ5VzNKa2NXUGRSeGE2K1ZuSyszbHpKNGVNNzBtekhaY2ZMQTJLaURYUmhjVG1oU1lGKzZJWThxREdYQXBWMXdld1BSRXZPNWozL21lOTdPVUlIY0cwaFRZTnhhbjhucG1XMmVMVU53ZnpjZE1JNzNhaUsrWk5FTXNkY1hRMnFMSittc0I0dzVYRHBNaHFxMGhYZ3NsZmF6eFZ0Q3E3VWJqS2tENlVRc1pWTHZZSTduYjJUOG9QMlVabUZFUlNDdU5sZys2M3JDTU1lOXd2NnZWMkdUM0RqZHU4Vi9IQzgrMUlXRUtaZEJOM3UvaVNUdEhZTnFtTUdCMVJ4Q0tRWVZrY3hDUzJRV0VrL2hoaGJndEJNOU5KY1BScHJqVS9oSHR6ZFB5UTNNckFLR05sRXBJeGpJNjRkbEdmall5T1JpWDZiTGs5aU5tdmJ4SXl6YnQxSzg0WlNsbTZJTDlXZDVUSmlMdGR5d2lqTlFQZkNVOUxSdkw4NUZYL1RtS3lqOENxenJXcGFZSEp6S0p6RUVUeFMwRldzMnJvcDJURXhrclFjWHlzUjQzNFhMUmE2SHRyVUNjMkNEV2g1dmkxMUF0ZUpCOHhzSVJFYXp1blQ3blBkb0I5NjNaMWFFa1VscTFjb0NieHZnTThxSS9nemZLUDVORmJPRHNJVFdMcVlvTHZaQ2pYSU9jYWdTWGt0Z240YkRGL3hlUG1vMHgxdXJlY0oyMHBJZ2tXM0J5RFFxOWc2YWk5NWdLY1ZZU3FhYXYxLzl1ZXoxK0VzWEZHYVJMU0o3ZTVWZTIxOW1mTGc5T1hrSldWdkZSeFFTVkROWkJWeWRqcUlZd013YjdaQXB4Zkp1OFJGSnQyNTdVT3VDeTBTZWFuRFBFa2M3NlZRekh6MmlBWkhvbitRQ2l4OUVXdXg1dWZEOWRmUmwzc05tOWljMmxUUFZRbm5Sb2NGTjRpdWFyZjQvVkp2dW1uQnlhdmV2Z3g3aXJwdFZmT3lZQWF2YkMzUzByREVaRms2VTBMZUNGd1pPalJjZEVhZDRjeEZYMEI4NndtYXVQSkF2ZTVmaXRJd29GNkpuUkZEK2x4c2N2RUxKYVlFVEF0RkFwN2ljS0JPTi9rNGdzeUs2TGd3NFEvcFNWWXducnBua2t3byszQXJSbUlwdTE5ZVowcHN1QjV6dnFJbkFTV09naGRsZHo4YWdQaXA0N3lSZisrcnE2NHp5RE5TZGVXSTM3ZUVWYkVpd1h5eHRSR3RFSWtRa2drdG05VEU5MCt5eHIrTVo0RmxQU0NKTFkwUDN6WGNFZ2hMZzJUUC84ZXBwUVljcUlJd0pCUWZ6S21CN3pta3FOd0ZZQkhVck05VVRCRlVMVkdhbXpEQnQ4UzNVc0g5OHV0MHlOeUxLSThueEh3V3lnSGFzaGUybVFpUlRDV1l4MGdUc2l5NTN0aVMySHpmRFZmTDM4U0VkNXFqUWUyR1ZVUTlJakt0N05mMUlSQ2dZblRYTVk3KzQ3eUpaYkVJcithZGRIRXFadk9mQWpKY2ZpcUc1eEp1MGhWV01vTThvemFkWkxCN2pUR2dGTERCTHdXTjBvVEVHNVo5Wm81SXlNYmVlWHYxZFc2ZWNLSjJkd2dnb1VxMytmWmN0NVcwbldERHhWSjZRdEQzbHFrZjdzNm9XdmFRcHhHL1ZnRXA4L1NKZnNSekNnbm1XWVFqUWtDclUxbldUREVHWkhuUGtpbUh5RHRaNUJ3REJGZVhVdHQ5R3Nwdk1CNHUwdjYzcmF6bVAwMVdiT2hBVDd0Y0dBQVZzM2ZhTGpvaEd0NTlraVljQkR0cEllZjAzdjBhT2VtOS9wTjNPYW1nM0dUTzc3MG1LS1dDTTNEM2JQejAzNng3cHpWZCtrSUtCZjFtMkF5WDFmMTRKS2VHQmJWUlAxcmIxaXh0OGVKdGVxSHdLRXd2NFRUKzhPeU5GR1F5eVNCQ2d0R1lzdjkrRm1KN2pNeWpNOHJHb2lUTmxQb0pCMlVDcERKT2M5SlVaOVVYa3k4THFCRE95d2pyTzBBL0h1UFdXWnc1RWEyUktkenFNQkxON2JXRktvREtsK3VIblJCcTRzcU5EWUhmeHEvUml5ejRsVlRXYlUvMVV6akpGSzF6UisyYlJzN1piOUtxbzU4ZHVHekV5V1Q5Tk94M0wvSEowUVNYQ0hRSk41YXRDZ2JNVEJTMEtGQmdLSGpTS1FiYWVYS0l6a3FJSkQ5US85ZkJaMGZuOVMwd2tTNlJ6Nk84SWpxWGpQMXdpT0RoT1VGVjdrRlJjSVdQM1ZIVTFtN0ZGcGJpY1RuREdvczBPV01pRWt3VW8vcWZTRFhOQ0FKNFY0b2x5M244bUZSL2JTaDZHRmJpc1VUTmJmQnBDcmZUeFRlaCtJNGFkVlU2dUIyaTl5ZmtWSVFaSjR5QnZ2M1c5NnlaV2dmcXh4M1BKN25GTW0wODdqb2FYMTcwM2tSL3NzbllEVHZFOXlCL1ZGS0J1VnkzQk5oREl2cVRXcDVlNFhJV0lUK0RYL1Uxb3FEb2lDNnVtcHZKUVJVY1R4UUx5RGp6ZEtmNW8yMzRGUkQ3d1NVQVpYa1B5UVR2SmdtVnJzbCtJdDNaazQ4MVhOd01wdG9iZWRHR0ZlUFJ4T3dyNWtQTlRYSHFxL2xkZmlCcENtQzJZQUxkZEV1NDExdk9TYXhUc2JqSGNaRDVlblE0cmR4K1RrelIzbGdkL2lVd0RHSUZpYnU5ZVdkWkx2YWZEV3gxOXJhUGxJRUl1TkJ4dGZsU0IyOWlVaEljeUxFQUtQUy90eTBvWGQ5VTQ2UkZscDA2UlNyY1ArVU1FQWxqN2dqamZuM3MxZmlRc1d1cnhqb2YxZDFad1EwVUFxdzRGSWxpaFpZZU40UVRXYVd6c2FJWXlNcWdmZjNqTVFTSFNMYVJLUHF1S1RFTEJJT0txaU9iVk1hVUdGRndWeGgvNC9rblVHa25LZFFzZTl5c0dJZzBlR2s0OXhRZy9RVkFDVU13N1lqQ2hVdnNqa3U5dkhQUks0Z0RwZWtzM0d3SDlDclVrRGV2cHk2NTZiZi96bUF4dlZnS3NVUU5HUVA1eXJ5dDd4cDB0OEpIbHQ5K054ZHYyL2tVbFpuQlQyUnh6Rm04bDBhWVFRR3ZFSGY4K25TNHl4ejRVMFMyY0dRb2xKYWRyM0l2em9DdndNNVNiNXV6MFJVNnU0cjg0TkV4cllxRDRORWRSeHhRelF4Tm91T2ZvMlRKRGFBUktUMXZndi9lS2hzeFo3bnRaRWx5K2pKTlN0ZHc5cXdmSG0wZVJwR2QxRTlFZytOZEF1cTRCR2ErYzBseEp6ZnU3R0VOVndsd0R2MkUrSjhUb2JpbktkaWlWdzg2V1VYVFFNZnp1Qkg4NmZhdzYyYTV5TXJSZnhEMnViQlQ4Y2FJMGM1aDRqc2hvNW9yZmpGb1RCOVQybldMc3puUTBqdktPREpuUjVQSHR2WkdiZGRaTHd3SHQ5N1RwWEVESUFiNEE3d3NvVlBjMGM1NEg1cDVFMFNqUFhJdEpEcHdSR1piSFN5TnduSm1WZU95YVhWaVdOZSt4NDd3eWttR24rUUViT2h6YUNJNERtRE1CRThDU2xJZzRCQWNwTVE5VjB0NW1FcDVWZDRaRXJwL0FXV1lTakFkVDg0WGFLR0R6cUJsYjBQc1J3YnhkL2M5NnEvTUtORHpLNU5DcHJnTEZHZTluSUkrOWVZeUg0L01mRnFZOWpuWVc2M3MyOTlQY3pWV00yRmFDS1JJL2dyRy9MWlZOaVdjdC9KT0JVQkpzaDYvbkZvc0pWbDdCdllZc3dLM0gzNHgvcnQxcFljV0M0WlhxSHZyRWNMVGFlcjRXZzFTZTZxN0V4UUZYZ21BTGtWNFNiTjQ4QUJHTGZhY2ZHUWRzTkQrWFlVaTdTY1YvYU9EL2tSNGZNeWhrN3RBTGNENENIQUNDRzJ1MW1lRmxvNngzcC83cmEvZm5UcVJoRXNwRjJtV2k3QjR2YUIrNkc1enVBQURtYmxlalNycE5UR1FoaFNyRHozcnlvYkpYb0ZiY2Q5SHZ6dVNYWU04dU1sUVdYOURWSzNrMkZvcFlyQytjTGE2K1VIdlZwdG14S2lpSGM4MFBhdUVXUUZxRnhPb3VwUGtIS0J4R0F2VnFnR2NGYW9Zb2ZUeld4QU5CNGN3ZVRNOWhyWTlieGdzRGZXUklUOEdOWCtNK2RQWWdwVjVLdm92M0s5dFJJZHVMbWVVMW5WVFI0NU11ZkJ6VG03d2ZZWmdoTndEdjExbUszYkZzcll0dmVWZFFQT1cwSkt0dHI2RFo3TW5GRkMra1FJZEJ4RXNxUGlXUEFsY21EZW5oVUxidTVxb2JUc2xiSkk5THlhUDZHNTQ3WkVmanVNNGlzemJHVHIrN0J6ZDdwR3FDa0lraHdWU1hjVmVweDVkUWNwNHdZSjVEZmRYUUZnaU9vMXd2UDBFNzhWVjhjc245NlNhaTBMWHErdHVET1U5UEFDb0hFaXdLNjVYenl6MSt6YWVNajkwWkRNN2pkQWx1MzJadmVRYWZQY3RVcWx6cUNPUXltRUZRUDhHczczV1J5aWhFRS84aEN3UW5rcm5VTktzUi9BendPcUFRaTJ4UzZsUWEvalBwTUFqcnVGNkdYaHpJR2l2RDMxVVRiOXVOQXdlUWpBT29UaEZINkxNc2hETC9WLzRpWEszeFl3cjVWQWUvb0FzVFJzS3VoZFBab0gxcW9ueE5yRlNxR29TclVEWVorUG45dmQ0cXB3R0RuQTRLWnpMYTFQdTYwVkxqWGR3M3ErZEdsV0RFVmVlRUljMjQyUnhxbVRHSWp1QnAwUGl3UGxpSC9VVC9xRWNUQmM4enlTYzVndXVMU1NsZHowMERubzhlMXZGdEJrMzlSbHZ2MmhJeUVaeFMzcGFNckRkRnRYczh5cWRIUTNWU3pyTGNHWTd3L01UNkc5ZUt4N1l2OVlrUGtaaWEzNGkyNmtwcEx3MDMvazdGUWt0U1QyUk1BWkEwa3BVNjBZNkJzNkE0TWFNcU5kN1VZSlpFNXlqek1aTU9iQWpFSW9UMXl2VFlNWVI5N0ZhK2d5Mzd6SDlzVHc1ckVna0xscmtJS2gzbThBK1ZIVi8vTGw0MHp0ZTNPN2dtbkFubldSRC8rbHBwSlJnMHFyR0xQMTRZcUN3NmpaamtpTjdJYmF4UTlsU0l0WTZKdDFDekU4NFhhWk54VXNDVk1JNGgzN21wN0FTK3ZCZWRDdEZ4QkJMeGxoMWt3R01PUW1qQnV6OVhwN3MxU2t3WkZyWlluOFN5T1VLdzZSekF5bUhqUDVGeVJ2MXhiUmVOODB6SFlpd2Y3RndlZEhEdG0yQlg4SVRIL1kxVnJjRXJqQVhack1iWXM2VWhxbXBKRTdJSkFFSktJdWVsMW1PNitoRE5uVXpnL29ScHB6YXBtdFdxamIxcHRVc0t5YWxycm8xd2ptb3lURjRvRFpWN1FnYThxSEthNURFcjRKVi9nMzNaK3VVbURkamRTYXZIa0FKYVY4RDV3NHFjRUhoVm4xMmpQZUtyVjlYMEg4alFuSS9TNEt5UWlhRzFvR0dNbFN6NGEzczdrcytianVKTFFzZ1BHK3ZaRFhHbEtxSnFIQ09UbXR3WENhcWdVQ1YxU2lDU0JmWVdya2trNjd4TFFQUkZxNDU2WVgvTS9RUlg4b3J6RE1POTd6V1loUW5BUHllVGx1VXQrWWUzNXdyencybmM3M0hNK0dHVEJHSW1NaWhCYzZFS2hUUjBYNFJTR1JsVllIUUp0S1FHV2Z4V1VGa3F4ZnFtTGNXUGhYTzM0UHVYekhzZTRrenlLRGJXaTgyWVhranRZbUo4YWpEWm9wL0NYelVmeGZkQ1diamkvUkZPQkhpb0Q0Y3prRjlTTlI5TWpJbjJtQkkyekxBRGI1NGhsN0pLWFg0Rmd2SVNVZWhNZXUzT1FOUmduV2h5eExLWFJsRnJIN1QwVnZlVFJuRWtTcWxOeEI2TXlwbDNDVUNndTF6Q1ZWL2ZlTWd3R2VzdjJXSi9tUytQV2ViOGRKTlMzL3lzRUFDc25FTFJtL05xUE1VQ2xNUGVCSS9rek9GS1pRZkNyQnlweEFSbHRodVFZPTwveGVuYzpDaXBoZXJWYWx1ZT4KICAgPC94ZW5jOkNpcGhlckRhdGE+CjwveGVuYzpFbmNyeXB0ZWREYXRhPjwvc2FtbDpFbmNyeXB0ZWRBc3NlcnRpb24+PC9zYW1scDpSZXNwb25zZT4=python3-saml-1.12.0/tests/data/responses/double_signed_response.xml.base64000066400000000000000000000212211410551756100265560ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJwZngxYmRkMzhjMS04OTljLWMyNTktZjU4Ni1hM2QzNjU3MWViZWYiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTAzLTIxVDEzOjQyOjMxWiIgRGVzdGluYXRpb249Imh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvbmV3b25lbG9naW4vZGVtbzEvaW5kZXgucGhwP2FjcyIgSW5SZXNwb25zZVRvPSJPTkVMT0dJTl8xOTFjMDNlNjhkNzFkOTc5NmY1ZTA3ZTYyNjJjYTRhZDg4M2E3NGIxIj48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9zaW1wbGVzYW1sL3NhbWwyL2lkcC9tZXRhZGF0YS5waHA8L3NhbWw6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgogIDxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+CiAgICA8ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3JzYS1zaGExIi8+CiAgPGRzOlJlZmVyZW5jZSBVUkk9IiNwZngxYmRkMzhjMS04OTljLWMyNTktZjU4Ni1hM2QzNjU3MWViZWYiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+PGRzOkRpZ2VzdFZhbHVlPnZqVjZNT1VsaWpXVEU1M3dac2N1Z0dZN05oRT08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU+RWJnWDZHenRYME9GNkpWZ0IyMElRMVBhUDYvMlpzanh6SHNFdHEzK0hMeG1ZbG5lYkVhalFIMzJWbTJ0UERwclRMdkRtaGZWd1NaZEtLaEFoNGtoc3YxODN1Q3pVdU5GTmZneWx0WVFmem91UlhGZ0ZOdUJKU1IwOTRkWFc2THVqRm5TbHk0VGNScThzSG5YZ0p6V3h1V0ltKzc3TjVOemtYajRxRXFSQXdVPTwvZHM6U2lnbmF0dXJlVmFsdWU+CjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUNnVENDQWVvQ0NRQ2JPbHJXRGRYN0ZUQU5CZ2txaGtpRzl3MEJBUVVGQURDQmhERUxNQWtHQTFVRUJoTUNUazh4R0RBV0JnTlZCQWdURDBGdVpISmxZWE1nVTI5c1ltVnlaekVNTUFvR0ExVUVCeE1EUm05dk1SQXdEZ1lEVlFRS0V3ZFZUa2xPUlZSVU1SZ3dGZ1lEVlFRREV3OW1aV2xrWlM1bGNteGhibWN1Ym04eElUQWZCZ2txaGtpRzl3MEJDUUVXRW1GdVpISmxZWE5BZFc1cGJtVjBkQzV1YnpBZUZ3MHdOekEyTVRVeE1qQXhNelZhRncwd056QTRNVFF4TWpBeE16VmFNSUdFTVFzd0NRWURWUVFHRXdKT1R6RVlNQllHQTFVRUNCTVBRVzVrY21WaGN5QlRiMnhpWlhKbk1Rd3dDZ1lEVlFRSEV3TkdiMjh4RURBT0JnTlZCQW9UQjFWT1NVNUZWRlF4R0RBV0JnTlZCQU1URDJabGFXUmxMbVZ5YkdGdVp5NXViekVoTUI4R0NTcUdTSWIzRFFFSkFSWVNZVzVrY21WaGMwQjFibWx1WlhSMExtNXZNSUdmTUEwR0NTcUdTSWIzRFFFQkFRVUFBNEdOQURDQmlRS0JnUURpdmJoUjdQNTE2eC9TM0JxS3h1cFFlMExPTm9saXVwaUJPZXNDTzNTSGJEcmwzK3E5SWJmbmZtRTA0ck51TWNQc0l4QjE2MVRkRHBJZXNMQ243YzhhUEhJU0tPdFBsQWVUWlNuYjhRQXU3YVJqWnEzK1BiclA1dVczVGNmQ0dQdEtUeXRIT2dlL09sSmJvMDc4ZFZoWFExNGQxRUR3WEpXMXJSWHVVdDRDOFFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQlFVQUE0R0JBQ0RWZnA4NkhPYnFZK2U4QlVvV1E5K1ZNUXgxQVNEb2hCandPc2cyV3lrVXFSWEYrZExmY1VIOWRXUjYzQ3RaSUtGRGJTdE5vbVBuUXo3bmJLK29ueWd3QnNwVkVibkh1VWloWnEzWlVkbXVtUXFDdzRVdnMvMVV2cTNvck9vL1dKVmhUeXZMZ0ZWSzJRYXJRNC82N09aZkhkN1IrUE9CWGhvcGhTTXYxWk9vPC9kczpYNTA5Q2VydGlmaWNhdGU+PC9kczpYNTA5RGF0YT48L2RzOktleUluZm8+PC9kczpTaWduYXR1cmU+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+PHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9InBmeGQzNGZiMGMzLTFkZmItY2EzZS1iMjYzLWEyYWFhMGJlZWRlNyIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDMtMjFUMTM6NDI6MzFaIj48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9zaW1wbGVzYW1sL3NhbWwyL2lkcC9tZXRhZGF0YS5waHA8L3NhbWw6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgogIDxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+CiAgICA8ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3JzYS1zaGExIi8+CiAgPGRzOlJlZmVyZW5jZSBVUkk9IiNwZnhkMzRmYjBjMy0xZGZiLWNhM2UtYjI2My1hMmFhYTBiZWVkZTciPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+PGRzOkRpZ2VzdFZhbHVlPmlUem5CamF3U09EUFZVRVAwVWpvMTdoM1RNWT08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU+TXB4Ny9LL29OUVlIbm15aVdDdEdod3FoVzZtOG5zcnhMYSs5LzQ2dTJuenU5NDMxdm1TQWZPQmF2RURjL3JnNGRYeTRWZmZyejNINFVvUEQyeFNpODFJOU1kVDl1WHRYQkJGUytVN0xIb3VyVjB4VFU0clhDajd3ZmdkbkpMVmprSnVUeWZRMXhsd2VJNzRLSUdLOGZvMVlaYmY5TGREZUE4TURCWDZXN3VBPTwvZHM6U2lnbmF0dXJlVmFsdWU+CjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUNnVENDQWVvQ0NRQ2JPbHJXRGRYN0ZUQU5CZ2txaGtpRzl3MEJBUVVGQURDQmhERUxNQWtHQTFVRUJoTUNUazh4R0RBV0JnTlZCQWdURDBGdVpISmxZWE1nVTI5c1ltVnlaekVNTUFvR0ExVUVCeE1EUm05dk1SQXdEZ1lEVlFRS0V3ZFZUa2xPUlZSVU1SZ3dGZ1lEVlFRREV3OW1aV2xrWlM1bGNteGhibWN1Ym04eElUQWZCZ2txaGtpRzl3MEJDUUVXRW1GdVpISmxZWE5BZFc1cGJtVjBkQzV1YnpBZUZ3MHdOekEyTVRVeE1qQXhNelZhRncwd056QTRNVFF4TWpBeE16VmFNSUdFTVFzd0NRWURWUVFHRXdKT1R6RVlNQllHQTFVRUNCTVBRVzVrY21WaGN5QlRiMnhpWlhKbk1Rd3dDZ1lEVlFRSEV3TkdiMjh4RURBT0JnTlZCQW9UQjFWT1NVNUZWRlF4R0RBV0JnTlZCQU1URDJabGFXUmxMbVZ5YkdGdVp5NXViekVoTUI4R0NTcUdTSWIzRFFFSkFSWVNZVzVrY21WaGMwQjFibWx1WlhSMExtNXZNSUdmTUEwR0NTcUdTSWIzRFFFQkFRVUFBNEdOQURDQmlRS0JnUURpdmJoUjdQNTE2eC9TM0JxS3h1cFFlMExPTm9saXVwaUJPZXNDTzNTSGJEcmwzK3E5SWJmbmZtRTA0ck51TWNQc0l4QjE2MVRkRHBJZXNMQ243YzhhUEhJU0tPdFBsQWVUWlNuYjhRQXU3YVJqWnEzK1BiclA1dVczVGNmQ0dQdEtUeXRIT2dlL09sSmJvMDc4ZFZoWFExNGQxRUR3WEpXMXJSWHVVdDRDOFFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQlFVQUE0R0JBQ0RWZnA4NkhPYnFZK2U4QlVvV1E5K1ZNUXgxQVNEb2hCandPc2cyV3lrVXFSWEYrZExmY1VIOWRXUjYzQ3RaSUtGRGJTdE5vbVBuUXo3bmJLK29ueWd3QnNwVkVibkh1VWloWnEzWlVkbXVtUXFDdzRVdnMvMVV2cTNvck9vL1dKVmhUeXZMZ0ZWSzJRYXJRNC82N09aZkhkN1IrUE9CWGhvcGhTTXYxWk9vPC9kczpYNTA5Q2VydGlmaWNhdGU+PC9kczpYNTA5RGF0YT48L2RzOktleUluZm8+PC9kczpTaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQgU1BOYW1lUXVhbGlmaWVyPSJodHRwczovL3BpdGJ1bGsubm8taXAub3JnL25ld29uZWxvZ2luL2RlbW8xL21ldGFkYXRhLnBocCIgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6bmFtZWlkLWZvcm1hdDp0cmFuc2llbnQiPl8yMTI2ZGQxOWI4YTlhMjgyMzhkODhmZGM3Mzg1ZTYwOTk1MDA0YTc3ODI8L3NhbWw6TmFtZUlEPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBOb3RPbk9yQWZ0ZXI9IjIwMjMtMDktMjJUMTk6MDI6MzFaIiBSZWNpcGllbnQ9Imh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvbmV3b25lbG9naW4vZGVtbzEvaW5kZXgucGhwP2FjcyIgSW5SZXNwb25zZVRvPSJPTkVMT0dJTl8xOTFjMDNlNjhkNzFkOTc5NmY1ZTA3ZTYyNjJjYTRhZDg4M2E3NGIxIi8+PC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+PC9zYW1sOlN1YmplY3Q+PHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTQtMDMtMjFUMTM6NDI6MDFaIiBOb3RPbk9yQWZ0ZXI9IjIwMjMtMDktMjJUMTk6MDI6MzFaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvbmV3b25lbG9naW4vZGVtbzEvbWV0YWRhdGEucGhwPC9zYW1sOkF1ZGllbmNlPjwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjwvc2FtbDpDb25kaXRpb25zPjxzYW1sOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxNC0wMy0yMVQxMzo0MTowOVoiIFNlc3Npb25Ob3RPbk9yQWZ0ZXI9IjIwMTQtMDMtMjFUMjE6NDI6MzFaIiBTZXNzaW9uSW5kZXg9Il9lNjU3OGQ2YWY5N2I5ZjdmMDY3MmQ4NTBkMjlkYjRhZGQxYTI4NmRjMjQiPjxzYW1sOkF1dGhuQ29udGV4dD48c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZDwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj48L3NhbWw6QXV0aG5Db250ZXh0Pjwvc2FtbDpBdXRoblN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9InVpZCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+dGVzdDwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJtYWlsIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj50ZXN0QGV4YW1wbGUuY29tPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9ImNuIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj50ZXN0PC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9InNuIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj53YWEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9ImVkdVBlcnNvbkFmZmlsaWF0aW9uIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj51c2VyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPmFkbWluPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48L3NhbWw6QXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+ python3-saml-1.12.0/tests/data/responses/double_signed_response2.xml.base64000066400000000000000000000211341410551756100266430ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJfZTZkMzIxZGM1OGMyYTZkNjEzMTFhNTNkYTFkMjhiMzZkMjdiOWRhZGEzIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxNC0wOS0yM1QxMjo0NjozMVoiIERlc3RpbmF0aW9uPSJodHRwOi8vcHl0b29sa2l0LmNvbTo4MDAwLz9hY3MiIEluUmVzcG9uc2VUbz0iT05FTE9HSU5fNTJlOGNiZGM0OGNkNzdmZmM3MGI4ZWI2MTgxYmEwYTVjN2U1YTRiYyI+PHNhbWw6SXNzdWVyPmh0dHBzOi8vaWRwLmV4YW1wbGUuY29tL3NpbXBsZXNhbWwvc2FtbDIvaWRwL21ldGFkYXRhLnBocDwvc2FtbDpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+CiAgPGRzOlNpZ25lZEluZm8+PGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KICAgIDxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4KICA8ZHM6UmVmZXJlbmNlIFVSST0iI19lNmQzMjFkYzU4YzJhNmQ2MTMxMWE1M2RhMWQyOGIzNmQyN2I5ZGFkYTMiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+PGRzOkRpZ2VzdFZhbHVlPnBUTEcxYXliMTFvRjRJanorOC9OdW43NDdpND08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU+dlM2NnB0L3QvMzlwWG9jd0ZneWRUWmg1eC9YN29tMFBnL2xoYXFEOWN3NzByWE5CNU1zbVZMR3BWSXZwQnd5WlkzS0t2ZUZNdDA5cTJCSkl1V0RsblVFOGhXR0k2STlFOGZpVXUvZ0VoRU4yRmx3NWdtK05BYXhWVHZuR1IrMkh5UmtYUjBCa0R3TngyVFM3bnZweFFEbzI1b25KUnhtenpPekxlZWlwQ2o0PTwvZHM6U2lnbmF0dXJlVmFsdWU+CjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUNiRENDQWRXZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRMEZBREJUTVFzd0NRWURWUVFHRXdKMWN6RVRNQkVHQTFVRUNBd0tRMkZzYVdadmNtNXBZVEVWTUJNR0ExVUVDZ3dNVDI1bGJHOW5hVzRnU1c1ak1SZ3dGZ1lEVlFRRERBOXBaSEF1WlhoaGJYQnNaUzVqYjIwd0hoY05NVFF3T1RJek1USXlOREE0V2hjTk5ESXdNakE0TVRJeU5EQTRXakJUTVFzd0NRWURWUVFHRXdKMWN6RVRNQkVHQTFVRUNBd0tRMkZzYVdadmNtNXBZVEVWTUJNR0ExVUVDZ3dNVDI1bGJHOW5hVzRnU1c1ak1SZ3dGZ1lEVlFRRERBOXBaSEF1WlhoaGJYQnNaUzVqYjIwd2daOHdEUVlKS29aSWh2Y05BUUVCQlFBRGdZMEFNSUdKQW9HQkFPV0ErWUhVN2N2UE9yQk9meENzY3NZVEpCK2tIM01hQTlCRnJTSEZTK0tjUjZjdzdvUFNrdElKeFVndkRwUWJ0Zk5jT2tFL3R1T1BCRG9lY2g3QVhmdkg2ZDdCdzd4dFc4UFBKMm1CNUhuL0hHVzJyb1loeG1maDN0UjVTZHdONmk0RVJWRjhlTGt2d0NIc05ReUsyUmVmMERBSnZwQk5aTUhDcFMyNDkxNi9BZ01CQUFHalVEQk9NQjBHQTFVZERnUVdCQlE3Ny9xVmVpaWdmaFlESVRwbENOdEpLWlRNOERBZkJnTlZIU01FR0RBV2dCUTc3L3FWZWlpZ2ZoWURJVHBsQ050SktaVE04REFNQmdOVkhSTUVCVEFEQVFIL01BMEdDU3FHU0liM0RRRUJEUVVBQTRHQkFKTzJqLzF1TzgwRTVDMlBNNkZrOW16ZXJyYmt4bDdBWi9tdmxiT24rc05aRStWWjFBbnRZdUc4ZWtiSnBKdEcxWWZSZmM3RUE5bUV0cXZ2NGRodjd6Qnk0bks0OU9SK0twSUJqSXRXQjVrWXZycU1MS0JhMzJzTWJncXFVcWVGMUVOWEtqcHZMU3VQZGZHSlpBM2ROYS8rRHliOEdHcVdlNzA3ekx5YzVGOG08L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48L2RzOlNpZ25hdHVyZT48c2FtbHA6U3RhdHVzPjxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz48L3NhbWxwOlN0YXR1cz48c2FtbDpBc3NlcnRpb24geG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiBJRD0iXzc2ZDEwMTAyOGY3MDRjNjJhOTkyNjg5MWE0YTFjOWNjM2QzMzJkMTI5YiIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDktMjNUMTI6NDY6MzFaIj48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9pZHAuZXhhbXBsZS5jb20vc2ltcGxlc2FtbC9zYW1sMi9pZHAvbWV0YWRhdGEucGhwPC9zYW1sOklzc3Vlcj48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4KICA8ZHM6U2lnbmVkSW5mbz48ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPgogICAgPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIvPgogIDxkczpSZWZlcmVuY2UgVVJJPSIjXzc2ZDEwMTAyOGY3MDRjNjJhOTkyNjg5MWE0YTFjOWNjM2QzMzJkMTI5YiI+PGRzOlRyYW5zZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvZHM6VHJhbnNmb3Jtcz48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz48ZHM6RGlnZXN0VmFsdWU+L25YbW1VenY3M0hlK1FUMS9nejdiM3JCRk5NPTwvZHM6RGlnZXN0VmFsdWU+PC9kczpSZWZlcmVuY2U+PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5keG1SNWVMdTdya3kyZWo3MVVZbkpodUJSeXAxMENadGdSOTJFRjU5SzFlY1dzcHI0RlVHbFhON0hlcGN1RWUzcFN5NEs1Qno3MlV4bFhpR2JvKzlhSmVXTGZVNlVQMVBJYlR2cFBLT3ljdzZ0dE5zOWtDVUh1UTdGUGI3L2pTRzZHZE1wRkpoQmZoVjhXRS92ODBJSWwwNk4vMFpXK2E4QzRtQUxTMy9HRVU9PC9kczpTaWduYXR1cmVWYWx1ZT4KPGRzOktleUluZm8+PGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJQ2JEQ0NBZFdnQXdJQkFnSUJBREFOQmdrcWhraUc5dzBCQVEwRkFEQlRNUXN3Q1FZRFZRUUdFd0oxY3pFVE1CRUdBMVVFQ0F3S1EyRnNhV1p2Y201cFlURVZNQk1HQTFVRUNnd01UMjVsYkc5bmFXNGdTVzVqTVJnd0ZnWURWUVFEREE5cFpIQXVaWGhoYlhCc1pTNWpiMjB3SGhjTk1UUXdPVEl6TVRJeU5EQTRXaGNOTkRJd01qQTRNVEl5TkRBNFdqQlRNUXN3Q1FZRFZRUUdFd0oxY3pFVE1CRUdBMVVFQ0F3S1EyRnNhV1p2Y201cFlURVZNQk1HQTFVRUNnd01UMjVsYkc5bmFXNGdTVzVqTVJnd0ZnWURWUVFEREE5cFpIQXVaWGhoYlhCc1pTNWpiMjB3Z1o4d0RRWUpLb1pJaHZjTkFRRUJCUUFEZ1kwQU1JR0pBb0dCQU9XQStZSFU3Y3ZQT3JCT2Z4Q3Njc1lUSkIra0gzTWFBOUJGclNIRlMrS2NSNmN3N29QU2t0SUp4VWd2RHBRYnRmTmNPa0UvdHVPUEJEb2VjaDdBWGZ2SDZkN0J3N3h0VzhQUEoybUI1SG4vSEdXMnJvWWh4bWZoM3RSNVNkd042aTRFUlZGOGVMa3Z3Q0hzTlF5SzJSZWYwREFKdnBCTlpNSENwUzI0OTE2L0FnTUJBQUdqVURCT01CMEdBMVVkRGdRV0JCUTc3L3FWZWlpZ2ZoWURJVHBsQ050SktaVE04REFmQmdOVkhTTUVHREFXZ0JRNzcvcVZlaWlnZmhZRElUcGxDTnRKS1pUTThEQU1CZ05WSFJNRUJUQURBUUgvTUEwR0NTcUdTSWIzRFFFQkRRVUFBNEdCQUpPMmovMXVPODBFNUMyUE02Rms5bXplcnJia3hsN0FaL212bGJPbitzTlpFK1ZaMUFudFl1Rzhla2JKcEp0RzFZZlJmYzdFQTltRXRxdnY0ZGh2N3pCeTRuSzQ5T1IrS3BJQmpJdFdCNWtZdnJxTUxLQmEzMnNNYmdxcVVxZUYxRU5YS2pwdkxTdVBkZkdKWkEzZE5hLytEeWI4R0dxV2U3MDd6THljNUY4bTwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1sOlN1YmplY3Q+PHNhbWw6TmFtZUlEIFNQTmFtZVF1YWxpZmllcj0iaHR0cDovL3B5dG9vbGtpdC5jb206ODAwMC9tZXRhZGF0YS8iIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6dW5zcGVjaWZpZWQiPjI1ZGRkN2QzNGE3ZDc5ZGI2OTE2NzYyNWNkYTU2YTMyMGFkZjI4NzY8L3NhbWw6TmFtZUlEPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBOb3RPbk9yQWZ0ZXI9IjIwMjQtMDMtMjZUMTg6MDY6MzFaIiBSZWNpcGllbnQ9Imh0dHA6Ly9weXRvb2xraXQuY29tOjgwMDAvP2FjcyIgSW5SZXNwb25zZVRvPSJPTkVMT0dJTl81MmU4Y2JkYzQ4Y2Q3N2ZmYzcwYjhlYjYxODFiYTBhNWM3ZTVhNGJjIi8+PC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+PC9zYW1sOlN1YmplY3Q+PHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTQtMDktMjNUMTI6NDY6MDFaIiBOb3RPbk9yQWZ0ZXI9IjIwMjQtMDMtMjZUMTg6MDY6MzFaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9weXRvb2xraXQuY29tOjgwMDAvbWV0YWRhdGEvPC9zYW1sOkF1ZGllbmNlPjwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjwvc2FtbDpDb25kaXRpb25zPjxzYW1sOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxNC0wOS0yM1QxMjo0NjozMVoiIFNlc3Npb25Ob3RPbk9yQWZ0ZXI9IjIwMTQtMDktMjNUMjA6NDY6MzFaIiBTZXNzaW9uSW5kZXg9Il9jZWYzYjIwNTViYTZhMTI1MmMyMjQ2YWJhN2UwNmJmMzQ1MDkwODBmYTMiPjxzYW1sOkF1dGhuQ29udGV4dD48c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZDwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj48L3NhbWw6QXV0aG5Db250ZXh0Pjwvc2FtbDpBdXRoblN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9InVpZCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+c21hcnRpbjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJtYWlsIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5zbWFydGluQHlhY28uZXM8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0iY24iIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPlNpeHRvMzwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJzbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+TWFydGluMjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJwaG9uZSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyIvPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJlZHVQZXJzb25BZmZpbGlhdGlvbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+dXNlcjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5hZG1pbjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PC9zYW1sOkFzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg==python3-saml-1.12.0/tests/data/responses/expired_response.xml.base64000066400000000000000000000076341410551756100254270ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJwZnhmYTk3ZWVkNS03NTg4LTBkMjMtMmFkNy1mYTY2ZjI4OTM3ODgiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTAyLTE5VDAxOjA1OjQ5WiIgRGVzdGluYXRpb249Imh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvbmV3b25lbG9naW4vZGVtbzEvaW5kZXgucGhwP2FjcyIgSW5SZXNwb25zZVRvPSJPTkVMT0dJTl9hZjNkNGE3MTBmYzhiMzA1ODg0Yjk2ZDAwOTRhYjYyODgwMmY1NjkyIj48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9zaW1wbGVzYW1sL3NhbWwyL2lkcC9tZXRhZGF0YS5waHA8L3NhbWw6SXNzdWVyPjxzYW1scDpTdGF0dXM+PHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbHA6U3RhdHVzPjxzYW1sOkFzc2VydGlvbiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIElEPSJwZng3ZTQ4ZmQ3NS1jZTJiLTYwZWQtMjllZS1lNzk4NDZjOTU5YzYiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTAyLTE5VDAxOjA1OjQ5WiI+PHNhbWw6SXNzdWVyPmh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvc2ltcGxlc2FtbC9zYW1sMi9pZHAvbWV0YWRhdGEucGhwPC9zYW1sOklzc3Vlcj48c2FtbDpTdWJqZWN0PjxzYW1sOk5hbWVJRCBTUE5hbWVRdWFsaWZpZXI9Imh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvbmV3b25lbG9naW4vZGVtbzEvbWV0YWRhdGEucGhwIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+NDkyODgyNjE1YWNmMzFjODA5NmI2MjcyNDVkNzZhZTUzMDM2YzA5MDwvc2FtbDpOYW1lSUQ+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAxNC0wMi0xOVQwMToxMDo0OVoiIFJlY2lwaWVudD0iaHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9pbmRleC5waHA/YWNzIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOX2FmM2Q0YTcxMGZjOGIzMDU4ODRiOTZkMDA5NGFiNjI4ODAyZjU2OTIiLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWw6U3ViamVjdD48c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxNC0wMi0xOVQwMTowNToxOVoiIE5vdE9uT3JBZnRlcj0iMjAxNC0wMi0xOVQwMToxMDo0OVoiPjxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PHNhbWw6QXVkaWVuY2U+aHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9tZXRhZGF0YS5waHA8L3NhbWw6QXVkaWVuY2U+PC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PC9zYW1sOkNvbmRpdGlvbnM+PHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDE0LTAyLTE4VDE5OjQyOjIwWiIgU2Vzc2lvbk5vdE9uT3JBZnRlcj0iMjAxNC0wMi0xOVQwOTowNTo0OVoiIFNlc3Npb25JbmRleD0iXzBmNGYxODhkYzFiZmQzYmZlYTM2YTE2MzRhNzQ0MTU4M2FmYzNiMzc4MSI+PHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDpBdXRobkNvbnRleHQ+PC9zYW1sOkF1dGhuU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGUgTmFtZT0idWlkIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5zbWFydGluPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Im1haWwiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPnNtYXJ0aW5AeWFjby5lczwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJjbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+U2l4dG8zPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9InNuIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5NYXJ0aW4yPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9ImVkdVBlcnNvbkFmZmlsaWF0aW9uIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj51c2VyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPmFkbWluPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48L3NhbWw6QXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+python3-saml-1.12.0/tests/data/responses/invalids/000077500000000000000000000000001410551756100220435ustar00rootroot00000000000000python3-saml-1.12.0/tests/data/responses/invalids/bad_reference.xml.base64000066400000000000000000000211651410551756100264210ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJwZngwNWYzY2UxMC0xNjE1LWYzZWEtYTk4OC02MGUzODBiMzI5OWYiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTAyLTE5VDAxOjM3OjAxWiIgRGVzdGluYXRpb249Imh0dHBzOi8vZXhhbXBsZS5jb20vbmV3b25lbG9naW4vZGVtbzEvaW5kZXgucGhwP2FjcyIgSW5SZXNwb25zZVRvPSJPTkVMT0dJTl81ZmU5ZDZlNDk5YjJmMDkxMzIwNmFhYjNmNzE5MTcyOTA0OWJiODA3Ij48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9leGFtcGxlLmNvbS9zaW1wbGVzYW1sL3NhbWwyL2lkcC9tZXRhZGF0YS5waHA8L3NhbWw6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPg0KICA8ZHM6U2lnbmVkSW5mbz48ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPg0KICAgIDxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4NCiAgPGRzOlJlZmVyZW5jZSBVUkk9IiNwZngwNWYzY2UxMC0xNjE1LWYzZWEtYTk4OC02MGUzODBiMzI5OWYiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+PGRzOkRpZ2VzdFZhbHVlPmpBZ290RjBKK1JLMS9LODd3MjRNTUMyK1pScz08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU+cFhmM3Z3T1p2dGZtZjdNTWNPU0cwMzkyU213bnBJb0FqZ2dzVmErUlNJRE1Td0tTckwzcWw3SnlZQjVTaXZxL0xYODlUYXF5WTJ4MFBnTWl4YXY0bjFHMTFDM3NtbFJBTXJEZTZ2UnRJbUpVc2xTR2s5N3pQaHlvUStKNW9nUVBkNlZsTVR6OEtXemZxdE9QRGY1ZGwyWXlKcG9rZU9OVE0xemM0SkdNM0dBPTwvZHM6U2lnbmF0dXJlVmFsdWU+DQo8ZHM6S2V5SW5mbz48ZHM6WDUwOURhdGE+PGRzOlg1MDlDZXJ0aWZpY2F0ZT5NSUlDZ1RDQ0Flb0NDUUNiT2xyV0RkWDdGVEFOQmdrcWhraUc5dzBCQVFVRkFEQ0JoREVMTUFrR0ExVUVCaE1DVGs4eEdEQVdCZ05WQkFnVEQwRnVaSEpsWVhNZ1UyOXNZbVZ5WnpFTU1Bb0dBMVVFQnhNRFJtOXZNUkF3RGdZRFZRUUtFd2RWVGtsT1JWUlVNUmd3RmdZRFZRUURFdzltWldsa1pTNWxjbXhoYm1jdWJtOHhJVEFmQmdrcWhraUc5dzBCQ1FFV0VtRnVaSEpsWVhOQWRXNXBibVYwZEM1dWJ6QWVGdzB3TnpBMk1UVXhNakF4TXpWYUZ3MHdOekE0TVRReE1qQXhNelZhTUlHRU1Rc3dDUVlEVlFRR0V3Sk9UekVZTUJZR0ExVUVDQk1QUVc1a2NtVmhjeUJUYjJ4aVpYSm5NUXd3Q2dZRFZRUUhFd05HYjI4eEVEQU9CZ05WQkFvVEIxVk9TVTVGVkZReEdEQVdCZ05WQkFNVEQyWmxhV1JsTG1WeWJHRnVaeTV1YnpFaE1COEdDU3FHU0liM0RRRUpBUllTWVc1a2NtVmhjMEIxYm1sdVpYUjBMbTV2TUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FEaXZiaFI3UDUxNngvUzNCcUt4dXBRZTBMT05vbGl1cGlCT2VzQ08zU0hiRHJsMytxOUliZm5mbUUwNHJOdU1jUHNJeEIxNjFUZERwSWVzTENuN2M4YVBISVNLT3RQbEFlVFpTbmI4UUF1N2FSalpxMytQYnJQNXVXM1RjZkNHUHRLVHl0SE9nZS9PbEpibzA3OGRWaFhRMTRkMUVEd1hKVzFyUlh1VXQ0QzhRSURBUUFCTUEwR0NTcUdTSWIzRFFFQkJRVUFBNEdCQUNEVmZwODZIT2JxWStlOEJVb1dROStWTVF4MUFTRG9oQmp3T3NnMld5a1VxUlhGK2RMZmNVSDlkV1I2M0N0WklLRkRiU3ROb21QblF6N25iSytvbnlnd0JzcFZFYm5IdVVpaFpxM1pVZG11bVFxQ3c0VXZzLzFVdnEzb3JPby9XSlZoVHl2TGdGVksyUWFyUTQvNjdPWmZIZDdSK1BPQlhob3BoU012MVpPbzwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1scDpTdGF0dXM+PHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbHA6U3RhdHVzPjxzYW1sOkFzc2VydGlvbiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIElEPSJwZnhiNGVjOWM4YS00OGViLWZkYTItN2Y3NC1mYTFhMTA1YTk5ZmUiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTAyLTE5VDAxOjM3OjAxWiI+PHNhbWw6SXNzdWVyPmh0dHBzOi8vZXhhbXBsZS5jb20vc2ltcGxlc2FtbC9zYW1sMi9pZHAvbWV0YWRhdGEucGhwPC9zYW1sOklzc3Vlcj48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgPGRzOlNpZ25lZEluZm8+PGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4NCiAgICA8ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3JzYS1zaGExIi8+DQogIDxkczpSZWZlcmVuY2UgVVJJPSIjcGZ4YjRlYzljOGEtNDhlYi1mZGEyLTdmNzQtZmExYTEwNWE5OWZlIj48ZHM6VHJhbnNmb3Jtcz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PC9kczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIvPjxkczpEaWdlc3RWYWx1ZT5obnBUOWN1ZTZ0Qks0SVpPajUwZU1tM21DZ0k9PC9kczpEaWdlc3RWYWx1ZT48L2RzOlJlZmVyZW5jZT48L2RzOlNpZ25lZEluZm8+PGRzOlNpZ25hdHVyZVZhbHVlPnJBMGZMWjdLa2wzSndzTEtYRHdhRmNnNkxuS0hSeklVcng2bU5YMVRvOXpNQ3ZDVUQvb1BZVmFFZU10bnhZWTQ2ZnNtYU52c0tpdWdpeGRWekxMMzhLbUFZOHVNVGV6aEd2ejJWZUhVb3I0dTRoeGZRbHNPdDJmdXpBRTZEYnF2SVZLMHdqeDNSWTA4WC91T0NSOXVQY3B5NEJCc1EzeFBsNFF2aXBKalNOTT08L2RzOlNpZ25hdHVyZVZhbHVlPg0KPGRzOktleUluZm8+PGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJQ2dUQ0NBZW9DQ1FDYk9scldEZFg3RlRBTkJna3Foa2lHOXcwQkFRVUZBRENCaERFTE1Ba0dBMVVFQmhNQ1RrOHhHREFXQmdOVkJBZ1REMEZ1WkhKbFlYTWdVMjlzWW1WeVp6RU1NQW9HQTFVRUJ4TURSbTl2TVJBd0RnWURWUVFLRXdkVlRrbE9SVlJVTVJnd0ZnWURWUVFERXc5bVpXbGtaUzVsY214aGJtY3VibTh4SVRBZkJna3Foa2lHOXcwQkNRRVdFbUZ1WkhKbFlYTkFkVzVwYm1WMGRDNXViekFlRncwd056QTJNVFV4TWpBeE16VmFGdzB3TnpBNE1UUXhNakF4TXpWYU1JR0VNUXN3Q1FZRFZRUUdFd0pPVHpFWU1CWUdBMVVFQ0JNUFFXNWtjbVZoY3lCVGIyeGlaWEpuTVF3d0NnWURWUVFIRXdOR2IyOHhFREFPQmdOVkJBb1RCMVZPU1U1RlZGUXhHREFXQmdOVkJBTVREMlpsYVdSbExtVnliR0Z1Wnk1dWJ6RWhNQjhHQ1NxR1NJYjNEUUVKQVJZU1lXNWtjbVZoYzBCMWJtbHVaWFIwTG01dk1JR2ZNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0R05BRENCaVFLQmdRRGl2YmhSN1A1MTZ4L1MzQnFLeHVwUWUwTE9Ob2xpdXBpQk9lc0NPM1NIYkRybDMrcTlJYmZuZm1FMDRyTnVNY1BzSXhCMTYxVGREcEllc0xDbjdjOGFQSElTS090UGxBZVRaU25iOFFBdTdhUmpacTMrUGJyUDV1VzNUY2ZDR1B0S1R5dEhPZ2UvT2xKYm8wNzhkVmhYUTE0ZDFFRHdYSlcxclJYdVV0NEM4UUlEQVFBQk1BMEdDU3FHU0liM0RRRUJCUVVBQTRHQkFDRFZmcDg2SE9icVkrZThCVW9XUTkrVk1ReDFBU0RvaEJqd09zZzJXeWtVcVJYRitkTGZjVUg5ZFdSNjNDdFpJS0ZEYlN0Tm9tUG5RejduYksrb255Z3dCc3BWRWJuSHVVaWhacTNaVWRtdW1RcUN3NFV2cy8xVXZxM29yT28vV0pWaFR5dkxnRlZLMlFhclE0LzY3T1pmSGQ3UitQT0JYaG9waFNNdjFaT288L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48L2RzOlNpZ25hdHVyZT48c2FtbDpTdWJqZWN0PjxzYW1sOk5hbWVJRCBTUE5hbWVRdWFsaWZpZXI9Imh0dHBzOi8vZXhhbXBsZS5jb20vbmV3b25lbG9naW4vZGVtbzEvbWV0YWRhdGEucGhwIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+NDkyODgyNjE1YWNmMzFjODA5NmI2MjcyNDVkNzZhZTUzMDM2YzA5MDwvc2FtbDpOYW1lSUQ+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAyMy0wOC0yM1QwNjo1NzowMVoiIFJlY2lwaWVudD0iaHR0cHM6Ly9leGFtcGxlLmNvbS9uZXdvbmVsb2dpbi9kZW1vMS9pbmRleC5waHA/YWNzIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOXzVmZTlkNmU0OTliMmYwOTEzMjA2YWFiM2Y3MTkxNzI5MDQ5YmI4MDciLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWw6U3ViamVjdD48c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxNC0wMi0xOVQwMTozNjozMVoiIE5vdE9uT3JBZnRlcj0iMjAyMy0wOC0yM1QwNjo1NzowMVoiPjxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PHNhbWw6QXVkaWVuY2U+aHR0cHM6Ly9leGFtcGxlLmNvbS9uZXdvbmVsb2dpbi9kZW1vMS9tZXRhZGF0YS5waHA8L3NhbWw6QXVkaWVuY2U+PC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PC9zYW1sOkNvbmRpdGlvbnM+PHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDE0LTAyLTE5VDAxOjM3OjAxWiIgU2Vzc2lvbk5vdE9uT3JBZnRlcj0iMjAxNC0wMi0xOVQwOTozNzowMVoiIFNlc3Npb25JbmRleD0iXzYyNzNkNzdiOGNkZTBjMzMzZWM3OWQyMmE5ZmEwMDAzYjlmZTJkNzVjYiI+PHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDpBdXRobkNvbnRleHQ+PC9zYW1sOkF1dGhuU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGUgTmFtZT0idWlkIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5leGFtcGxldXNlcjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJtYWlsIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj51c2VyQGV4YW1wbGUuY29tPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9ImNuIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5UZXN0PC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9InNuIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5Vc2VyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9ImVkdVBlcnNvbkFmZmlsaWF0aW9uIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj51c2VyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPmFkbWluPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48L3NhbWw6QXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+ python3-saml-1.12.0/tests/data/responses/invalids/duplicated_attributes.xml.base64000066400000000000000000000216441410551756100302430ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeDQ0OTkyZWJiLTRiMzgtZTQzMi1kYjgyLTk5NTI0MTBkOWFhYiIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDMtMjFUMTM6NDI6MzFaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9pbmRleC5waHA/YWNzIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOXzE5MWMwM2U2OGQ3MWQ5Nzk2ZjVlMDdlNjI2MmNhNGFkODgzYTc0YjEiPjxzYW1sOklzc3Vlcj5odHRwczovL3BpdGJ1bGsubm8taXAub3JnL3NpbXBsZXNhbWwvc2FtbDIvaWRwL21ldGFkYXRhLnBocDwvc2FtbDpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+DQogIDxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+DQogICAgPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIvPg0KICA8ZHM6UmVmZXJlbmNlIFVSST0iI3BmeDQ0OTkyZWJiLTRiMzgtZTQzMi1kYjgyLTk5NTI0MTBkOWFhYiI+PGRzOlRyYW5zZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvZHM6VHJhbnNmb3Jtcz48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz48ZHM6RGlnZXN0VmFsdWU+Z3ZScnJneHBBZHlsSUEvMnNyRm1KZCtqaXM4PTwvZHM6RGlnZXN0VmFsdWU+PC9kczpSZWZlcmVuY2U+PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5LZHA4VDhybndQY0JVb2hjcVBNMGVpTlhwTWgzbGMrZXBIVERIcUxFbk9Kcmd1NS9qaitpN0VhQW1nTzBSSlRraERFWTBWOEZuZVQ0dm92Y0FiZzlmYk04ZlRPMWxYODJ3SW1zRWRxMkwzU0U4NHFCdWFDbURWNVlvMDdDSGJRT1FqYWV0VGt0SnVvRjA4QWQ2bCs1aFJPL3BKeG1yRXlHKzRLaWhGWUJ1dWs9PC9kczpTaWduYXR1cmVWYWx1ZT4NCjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUNnVENDQWVvQ0NRQ2JPbHJXRGRYN0ZUQU5CZ2txaGtpRzl3MEJBUVVGQURDQmhERUxNQWtHQTFVRUJoTUNUazh4R0RBV0JnTlZCQWdURDBGdVpISmxZWE1nVTI5c1ltVnlaekVNTUFvR0ExVUVCeE1EUm05dk1SQXdEZ1lEVlFRS0V3ZFZUa2xPUlZSVU1SZ3dGZ1lEVlFRREV3OW1aV2xrWlM1bGNteGhibWN1Ym04eElUQWZCZ2txaGtpRzl3MEJDUUVXRW1GdVpISmxZWE5BZFc1cGJtVjBkQzV1YnpBZUZ3MHdOekEyTVRVeE1qQXhNelZhRncwd056QTRNVFF4TWpBeE16VmFNSUdFTVFzd0NRWURWUVFHRXdKT1R6RVlNQllHQTFVRUNCTVBRVzVrY21WaGN5QlRiMnhpWlhKbk1Rd3dDZ1lEVlFRSEV3TkdiMjh4RURBT0JnTlZCQW9UQjFWT1NVNUZWRlF4R0RBV0JnTlZCQU1URDJabGFXUmxMbVZ5YkdGdVp5NXViekVoTUI4R0NTcUdTSWIzRFFFSkFSWVNZVzVrY21WaGMwQjFibWx1WlhSMExtNXZNSUdmTUEwR0NTcUdTSWIzRFFFQkFRVUFBNEdOQURDQmlRS0JnUURpdmJoUjdQNTE2eC9TM0JxS3h1cFFlMExPTm9saXVwaUJPZXNDTzNTSGJEcmwzK3E5SWJmbmZtRTA0ck51TWNQc0l4QjE2MVRkRHBJZXNMQ243YzhhUEhJU0tPdFBsQWVUWlNuYjhRQXU3YVJqWnEzK1BiclA1dVczVGNmQ0dQdEtUeXRIT2dlL09sSmJvMDc4ZFZoWFExNGQxRUR3WEpXMXJSWHVVdDRDOFFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQlFVQUE0R0JBQ0RWZnA4NkhPYnFZK2U4QlVvV1E5K1ZNUXgxQVNEb2hCandPc2cyV3lrVXFSWEYrZExmY1VIOWRXUjYzQ3RaSUtGRGJTdE5vbVBuUXo3bmJLK29ueWd3QnNwVkVibkh1VWloWnEzWlVkbXVtUXFDdzRVdnMvMVV2cTNvck9vL1dKVmhUeXZMZ0ZWSzJRYXJRNC82N09aZkhkN1IrUE9CWGhvcGhTTXYxWk9vPC9kczpYNTA5Q2VydGlmaWNhdGU+PC9kczpYNTA5RGF0YT48L2RzOktleUluZm8+PC9kczpTaWduYXR1cmU+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+PHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9InBmeDgwYmFhZWY2LTI5MmItODc0Ny1jZmNhLWRlMWVlM2YxYTQxNSIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDMtMjFUMTM6NDI6MzFaIj48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9zaW1wbGVzYW1sL3NhbWwyL2lkcC9tZXRhZGF0YS5waHA8L3NhbWw6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPg0KICA8ZHM6U2lnbmVkSW5mbz48ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPg0KICAgIDxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4NCiAgPGRzOlJlZmVyZW5jZSBVUkk9IiNwZng4MGJhYWVmNi0yOTJiLTg3NDctY2ZjYS1kZTFlZTNmMWE0MTUiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+PGRzOkRpZ2VzdFZhbHVlPmFSOU00ZXdOczN1K25KYVFDRDI2WjBBd0Q2TT08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU+NGQ4WEo1bXBOaW1vQkhkenNXZi9aemxVTlE3SmlVeEl4K1B5TjRuM0EvbWExcGwvQ0FPSUtOUzZ0clR6STg5N1ZjbGxneFhhTTljUFZqOUhLYU9aRW4wSE5Qa2FWR3VjeVVPVzFUd2dWdnJVdkNNQXVRTzdRZ21aekd1SVhsblVKS3FpTDRZMThNT1M1VGpLaExoSG4xbGE4TEFucmRVVEJobUx5eGtjZjhVPTwvZHM6U2lnbmF0dXJlVmFsdWU+DQo8ZHM6S2V5SW5mbz48ZHM6WDUwOURhdGE+PGRzOlg1MDlDZXJ0aWZpY2F0ZT5NSUlDZ1RDQ0Flb0NDUUNiT2xyV0RkWDdGVEFOQmdrcWhraUc5dzBCQVFVRkFEQ0JoREVMTUFrR0ExVUVCaE1DVGs4eEdEQVdCZ05WQkFnVEQwRnVaSEpsWVhNZ1UyOXNZbVZ5WnpFTU1Bb0dBMVVFQnhNRFJtOXZNUkF3RGdZRFZRUUtFd2RWVGtsT1JWUlVNUmd3RmdZRFZRUURFdzltWldsa1pTNWxjbXhoYm1jdWJtOHhJVEFmQmdrcWhraUc5dzBCQ1FFV0VtRnVaSEpsWVhOQWRXNXBibVYwZEM1dWJ6QWVGdzB3TnpBMk1UVXhNakF4TXpWYUZ3MHdOekE0TVRReE1qQXhNelZhTUlHRU1Rc3dDUVlEVlFRR0V3Sk9UekVZTUJZR0ExVUVDQk1QUVc1a2NtVmhjeUJUYjJ4aVpYSm5NUXd3Q2dZRFZRUUhFd05HYjI4eEVEQU9CZ05WQkFvVEIxVk9TVTVGVkZReEdEQVdCZ05WQkFNVEQyWmxhV1JsTG1WeWJHRnVaeTV1YnpFaE1COEdDU3FHU0liM0RRRUpBUllTWVc1a2NtVmhjMEIxYm1sdVpYUjBMbTV2TUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FEaXZiaFI3UDUxNngvUzNCcUt4dXBRZTBMT05vbGl1cGlCT2VzQ08zU0hiRHJsMytxOUliZm5mbUUwNHJOdU1jUHNJeEIxNjFUZERwSWVzTENuN2M4YVBISVNLT3RQbEFlVFpTbmI4UUF1N2FSalpxMytQYnJQNXVXM1RjZkNHUHRLVHl0SE9nZS9PbEpibzA3OGRWaFhRMTRkMUVEd1hKVzFyUlh1VXQ0QzhRSURBUUFCTUEwR0NTcUdTSWIzRFFFQkJRVUFBNEdCQUNEVmZwODZIT2JxWStlOEJVb1dROStWTVF4MUFTRG9oQmp3T3NnMld5a1VxUlhGK2RMZmNVSDlkV1I2M0N0WklLRkRiU3ROb21QblF6N25iSytvbnlnd0JzcFZFYm5IdVVpaFpxM1pVZG11bVFxQ3c0VXZzLzFVdnEzb3JPby9XSlZoVHl2TGdGVksyUWFyUTQvNjdPWmZIZDdSK1BPQlhob3BoU012MVpPbzwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1sOlN1YmplY3Q+PHNhbWw6TmFtZUlEIFNQTmFtZVF1YWxpZmllcj0iaHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9tZXRhZGF0YS5waHAiIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6dHJhbnNpZW50Ij5fMjEyNmRkMTliOGE5YTI4MjM4ZDg4ZmRjNzM4NWU2MDk5NTAwNGE3NzgyPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDIzLTA5LTIyVDE5OjAyOjMxWiIgUmVjaXBpZW50PSJodHRwczovL3BpdGJ1bGsubm8taXAub3JnL25ld29uZWxvZ2luL2RlbW8xL2luZGV4LnBocD9hY3MiIEluUmVzcG9uc2VUbz0iT05FTE9HSU5fMTkxYzAzZTY4ZDcxZDk3OTZmNWUwN2U2MjYyY2E0YWQ4ODNhNzRiMSIvPjwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE0LTAzLTIxVDEzOjQyOjAxWiIgTm90T25PckFmdGVyPSIyMDIzLTA5LTIyVDE5OjAyOjMxWiI+PHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48c2FtbDpBdWRpZW5jZT5odHRwczovL3BpdGJ1bGsubm8taXAub3JnL25ld29uZWxvZ2luL2RlbW8xL21ldGFkYXRhLnBocDwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMTQtMDMtMjFUMTM6NDE6MDlaIiBTZXNzaW9uTm90T25PckFmdGVyPSIyMDE0LTAzLTIxVDIxOjQyOjMxWiIgU2Vzc2lvbkluZGV4PSJfZTY1NzhkNmFmOTdiOWY3ZjA2NzJkODUwZDI5ZGI0YWRkMWEyODZkYzI0Ij48c2FtbDpBdXRobkNvbnRleHQ+PHNhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmQ8L3NhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+PC9zYW1sOkF1dGhuQ29udGV4dD48L3NhbWw6QXV0aG5TdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJ1aWQiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPnRlc3Q8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0idWlkIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj50ZXN0Mjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJtYWlsIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj50ZXN0QGV4YW1wbGUuY29tPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9ImNuIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj50ZXN0PC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9InNuIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj53YWEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9ImVkdVBlcnNvbkFmZmlsaWF0aW9uIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj51c2VyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPmFkbWluPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48L3NhbWw6QXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+python3-saml-1.12.0/tests/data/responses/invalids/empty_destination.xml.base64000066400000000000000000000207541410551756100274170ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeDc2ZWY5MjAxLTY4OGItYzJkZC1mY2Q2LTQxMzEyNzE3ODk0OSIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDItMTlUMDE6Mzc6MDFaIiBEZXN0aW5hdGlvbj0iIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOXzVmZTlkNmU0OTliMmYwOTEzMjA2YWFiM2Y3MTkxNzI5MDQ5YmI4MDciPjxzYW1sOklzc3Vlcj5odHRwOi8vaWRwLmV4YW1wbGUuY29tLzwvc2FtbDpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+DQogIDxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+DQogICAgPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIvPg0KICA8ZHM6UmVmZXJlbmNlIFVSST0iI3BmeDc2ZWY5MjAxLTY4OGItYzJkZC1mY2Q2LTQxMzEyNzE3ODk0OSI+PGRzOlRyYW5zZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvZHM6VHJhbnNmb3Jtcz48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz48ZHM6RGlnZXN0VmFsdWU+TVJEd3dSTXZtalQ1VEhLUTBCNWRUNDVBNWhNPTwvZHM6RGlnZXN0VmFsdWU+PC9kczpSZWZlcmVuY2U+PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5wRFlrTFNKM2Z3TUQ0cnJNbWF4cFUwQkZVemZHQlVwNklURmovejNOTnFrQmdaTzdBMGIvQlFGbVBOQ202UE82NGdYNmVySGhhMVQ3aW5PTGRIY2crT0Q2Z2h2R0lpbGJzM1RjUkRwUmVTVkpZVWRiUS9jVk85aC9VdWNielBqZ3gyb3dpakk2aVh1dXhYcmpVeHEzYS9DbHcyTGJiVWJHMCtmQStud0ZuOVE9PC9kczpTaWduYXR1cmVWYWx1ZT4NCjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUNnVENDQWVvQ0NRQ2JPbHJXRGRYN0ZUQU5CZ2txaGtpRzl3MEJBUVVGQURDQmhERUxNQWtHQTFVRUJoTUNUazh4R0RBV0JnTlZCQWdURDBGdVpISmxZWE1nVTI5c1ltVnlaekVNTUFvR0ExVUVCeE1EUm05dk1SQXdEZ1lEVlFRS0V3ZFZUa2xPUlZSVU1SZ3dGZ1lEVlFRREV3OW1aV2xrWlM1bGNteGhibWN1Ym04eElUQWZCZ2txaGtpRzl3MEJDUUVXRW1GdVpISmxZWE5BZFc1cGJtVjBkQzV1YnpBZUZ3MHdOekEyTVRVeE1qQXhNelZhRncwd056QTRNVFF4TWpBeE16VmFNSUdFTVFzd0NRWURWUVFHRXdKT1R6RVlNQllHQTFVRUNCTVBRVzVrY21WaGN5QlRiMnhpWlhKbk1Rd3dDZ1lEVlFRSEV3TkdiMjh4RURBT0JnTlZCQW9UQjFWT1NVNUZWRlF4R0RBV0JnTlZCQU1URDJabGFXUmxMbVZ5YkdGdVp5NXViekVoTUI4R0NTcUdTSWIzRFFFSkFSWVNZVzVrY21WaGMwQjFibWx1WlhSMExtNXZNSUdmTUEwR0NTcUdTSWIzRFFFQkFRVUFBNEdOQURDQmlRS0JnUURpdmJoUjdQNTE2eC9TM0JxS3h1cFFlMExPTm9saXVwaUJPZXNDTzNTSGJEcmwzK3E5SWJmbmZtRTA0ck51TWNQc0l4QjE2MVRkRHBJZXNMQ243YzhhUEhJU0tPdFBsQWVUWlNuYjhRQXU3YVJqWnEzK1BiclA1dVczVGNmQ0dQdEtUeXRIT2dlL09sSmJvMDc4ZFZoWFExNGQxRUR3WEpXMXJSWHVVdDRDOFFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQlFVQUE0R0JBQ0RWZnA4NkhPYnFZK2U4QlVvV1E5K1ZNUXgxQVNEb2hCandPc2cyV3lrVXFSWEYrZExmY1VIOWRXUjYzQ3RaSUtGRGJTdE5vbVBuUXo3bmJLK29ueWd3QnNwVkVibkh1VWloWnEzWlVkbXVtUXFDdzRVdnMvMVV2cTNvck9vL1dKVmhUeXZMZ0ZWSzJRYXJRNC82N09aZkhkN1IrUE9CWGhvcGhTTXYxWk9vPC9kczpYNTA5Q2VydGlmaWNhdGU+PC9kczpYNTA5RGF0YT48L2RzOktleUluZm8+PC9kczpTaWduYXR1cmU+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+PHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9InBmeDk0Y2Q5YTMzLWQyOWMtMTMyMi1kYzMzLTFkOGU0ZDJiNTQzNSIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDItMTlUMDE6Mzc6MDFaIj48c2FtbDpJc3N1ZXI+aHR0cDovL2lkcC5leGFtcGxlLmNvbS88L3NhbWw6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPg0KICA8ZHM6U2lnbmVkSW5mbz48ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPg0KICAgIDxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4NCiAgPGRzOlJlZmVyZW5jZSBVUkk9IiNwZng5NGNkOWEzMy1kMjljLTEzMjItZGMzMy0xZDhlNGQyYjU0MzUiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+PGRzOkRpZ2VzdFZhbHVlPnBYMkV3c1pVVUdCTGhYSTBVOVVMc3d0S3hDYz08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU+TW5aVU04U0VmN3RVMlc1VGwvb0ZYTVBJYTZUVlcvUTczRmJUNUcxdW14eHZFRkM1UDlsR08reFVkdlBBTXdkTGc1aEN0R29QenB6amxCSnVFemhJU3VYblNZdkVCbllqdGJKVzcxcU9iM25WcTFjYVZtZXRhQjk4aUZzTDFvS0FWTVZ0Q0VST2E1SFpoT3VtQWJONU5qeHYvcUJlYW1lK0ExaStjV0FNaW13PTwvZHM6U2lnbmF0dXJlVmFsdWU+DQo8ZHM6S2V5SW5mbz48ZHM6WDUwOURhdGE+PGRzOlg1MDlDZXJ0aWZpY2F0ZT5NSUlDZ1RDQ0Flb0NDUUNiT2xyV0RkWDdGVEFOQmdrcWhraUc5dzBCQVFVRkFEQ0JoREVMTUFrR0ExVUVCaE1DVGs4eEdEQVdCZ05WQkFnVEQwRnVaSEpsWVhNZ1UyOXNZbVZ5WnpFTU1Bb0dBMVVFQnhNRFJtOXZNUkF3RGdZRFZRUUtFd2RWVGtsT1JWUlVNUmd3RmdZRFZRUURFdzltWldsa1pTNWxjbXhoYm1jdWJtOHhJVEFmQmdrcWhraUc5dzBCQ1FFV0VtRnVaSEpsWVhOQWRXNXBibVYwZEM1dWJ6QWVGdzB3TnpBMk1UVXhNakF4TXpWYUZ3MHdOekE0TVRReE1qQXhNelZhTUlHRU1Rc3dDUVlEVlFRR0V3Sk9UekVZTUJZR0ExVUVDQk1QUVc1a2NtVmhjeUJUYjJ4aVpYSm5NUXd3Q2dZRFZRUUhFd05HYjI4eEVEQU9CZ05WQkFvVEIxVk9TVTVGVkZReEdEQVdCZ05WQkFNVEQyWmxhV1JsTG1WeWJHRnVaeTV1YnpFaE1COEdDU3FHU0liM0RRRUpBUllTWVc1a2NtVmhjMEIxYm1sdVpYUjBMbTV2TUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FEaXZiaFI3UDUxNngvUzNCcUt4dXBRZTBMT05vbGl1cGlCT2VzQ08zU0hiRHJsMytxOUliZm5mbUUwNHJOdU1jUHNJeEIxNjFUZERwSWVzTENuN2M4YVBISVNLT3RQbEFlVFpTbmI4UUF1N2FSalpxMytQYnJQNXVXM1RjZkNHUHRLVHl0SE9nZS9PbEpibzA3OGRWaFhRMTRkMUVEd1hKVzFyUlh1VXQ0QzhRSURBUUFCTUEwR0NTcUdTSWIzRFFFQkJRVUFBNEdCQUNEVmZwODZIT2JxWStlOEJVb1dROStWTVF4MUFTRG9oQmp3T3NnMld5a1VxUlhGK2RMZmNVSDlkV1I2M0N0WklLRkRiU3ROb21QblF6N25iSytvbnlnd0JzcFZFYm5IdVVpaFpxM1pVZG11bVFxQ3c0VXZzLzFVdnEzb3JPby9XSlZoVHl2TGdGVksyUWFyUTQvNjdPWmZIZDdSK1BPQlhob3BoU012MVpPbzwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1sOlN1YmplY3Q+PHNhbWw6TmFtZUlEIFNQTmFtZVF1YWxpZmllcj0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvbWV0YWRhdGEucGhwIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+NDkyODgyNjE1YWNmMzFjODA5NmI2MjcyNDVkNzZhZTUzMDM2YzA5MDwvc2FtbDpOYW1lSUQ+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAyMy0wOC0yM1QwNjo1NzowMVoiIFJlY2lwaWVudD0iaHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9pbmRleC5waHA/YWNzIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOXzVmZTlkNmU0OTliMmYwOTEzMjA2YWFiM2Y3MTkxNzI5MDQ5YmI4MDciLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWw6U3ViamVjdD48c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxNC0wMi0xOVQwMTozNjozMVoiIE5vdE9uT3JBZnRlcj0iMjAyMy0wOC0yM1QwNjo1NzowMVoiPjxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PHNhbWw6QXVkaWVuY2U+aHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvbWV0YWRhdGEucGhwPC9zYW1sOkF1ZGllbmNlPjwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjwvc2FtbDpDb25kaXRpb25zPjxzYW1sOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxNC0wMi0xOVQwMTozNzowMVoiIFNlc3Npb25Ob3RPbk9yQWZ0ZXI9IjIwMTQtMDItMTlUMDk6Mzc6MDFaIiBTZXNzaW9uSW5kZXg9Il82MjczZDc3YjhjZGUwYzMzM2VjNzlkMjJhOWZhMDAwM2I5ZmUyZDc1Y2IiPjxzYW1sOkF1dGhuQ29udGV4dD48c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZDwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj48L3NhbWw6QXV0aG5Db250ZXh0Pjwvc2FtbDpBdXRoblN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9InVpZCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+c21hcnRpbjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJtYWlsIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5zbWFydGluQHlhY28uZXM8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0iY24iIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPlNpeHRvMzwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJzbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+TWFydGluMjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJlZHVQZXJzb25BZmZpbGlhdGlvbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+dXNlcjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5hZG1pbjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PC9zYW1sOkFzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg==python3-saml-1.12.0/tests/data/responses/invalids/empty_nameid.xml.base64000066400000000000000000000210301410551756100263170ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeDQ0MTM5Y2JkLWE2NTQtOWM1Mi00Njk3LTdjMDVkMzAyM2QyZiIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDItMTlUMDE6Mzc6MDFaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9pbmRleC5waHA/YWNzIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOXzVmZTlkNmU0OTliMmYwOTEzMjA2YWFiM2Y3MTkxNzI5MDQ5YmI4MDciPjxzYW1sOklzc3Vlcj5odHRwczovL3BpdGJ1bGsubm8taXAub3JnL3NpbXBsZXNhbWwvc2FtbDIvaWRwL21ldGFkYXRhLnBocDwvc2FtbDpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+DQogIDxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+DQogICAgPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIvPg0KICA8ZHM6UmVmZXJlbmNlIFVSST0iI3BmeDQ0MTM5Y2JkLWE2NTQtOWM1Mi00Njk3LTdjMDVkMzAyM2QyZiI+PGRzOlRyYW5zZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvZHM6VHJhbnNmb3Jtcz48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz48ZHM6RGlnZXN0VmFsdWU+VEVFTFhxT0tmZVRqSFI5aUhPb2hrQWlCSDVVPTwvZHM6RGlnZXN0VmFsdWU+PC9kczpSZWZlcmVuY2U+PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT51ZW1SeWgyQkcyTXBsbG5kWFNsV0tiaEgzZTRNQVd0VHNJYS9waWJndXZaRmhSTTVJNzUrRkFxYkl4UFVoWDlGYjlOTWRVRzdacWJJS2J0aitLZGxCdVlYaDdTdEIyQWMwY1VzamFQTHVLa2RTc0IzUzdESXFYRThmcEdNeHBSblNNZDZWc1RXM2RId3FYaTJiZklYblBDM0N0RjMwWUhXditwR081MFpCcjg9PC9kczpTaWduYXR1cmVWYWx1ZT4NCjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUNnVENDQWVvQ0NRQ2JPbHJXRGRYN0ZUQU5CZ2txaGtpRzl3MEJBUVVGQURDQmhERUxNQWtHQTFVRUJoTUNUazh4R0RBV0JnTlZCQWdURDBGdVpISmxZWE1nVTI5c1ltVnlaekVNTUFvR0ExVUVCeE1EUm05dk1SQXdEZ1lEVlFRS0V3ZFZUa2xPUlZSVU1SZ3dGZ1lEVlFRREV3OW1aV2xrWlM1bGNteGhibWN1Ym04eElUQWZCZ2txaGtpRzl3MEJDUUVXRW1GdVpISmxZWE5BZFc1cGJtVjBkQzV1YnpBZUZ3MHdOekEyTVRVeE1qQXhNelZhRncwd056QTRNVFF4TWpBeE16VmFNSUdFTVFzd0NRWURWUVFHRXdKT1R6RVlNQllHQTFVRUNCTVBRVzVrY21WaGN5QlRiMnhpWlhKbk1Rd3dDZ1lEVlFRSEV3TkdiMjh4RURBT0JnTlZCQW9UQjFWT1NVNUZWRlF4R0RBV0JnTlZCQU1URDJabGFXUmxMbVZ5YkdGdVp5NXViekVoTUI4R0NTcUdTSWIzRFFFSkFSWVNZVzVrY21WaGMwQjFibWx1WlhSMExtNXZNSUdmTUEwR0NTcUdTSWIzRFFFQkFRVUFBNEdOQURDQmlRS0JnUURpdmJoUjdQNTE2eC9TM0JxS3h1cFFlMExPTm9saXVwaUJPZXNDTzNTSGJEcmwzK3E5SWJmbmZtRTA0ck51TWNQc0l4QjE2MVRkRHBJZXNMQ243YzhhUEhJU0tPdFBsQWVUWlNuYjhRQXU3YVJqWnEzK1BiclA1dVczVGNmQ0dQdEtUeXRIT2dlL09sSmJvMDc4ZFZoWFExNGQxRUR3WEpXMXJSWHVVdDRDOFFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQlFVQUE0R0JBQ0RWZnA4NkhPYnFZK2U4QlVvV1E5K1ZNUXgxQVNEb2hCandPc2cyV3lrVXFSWEYrZExmY1VIOWRXUjYzQ3RaSUtGRGJTdE5vbVBuUXo3bmJLK29ueWd3QnNwVkVibkh1VWloWnEzWlVkbXVtUXFDdzRVdnMvMVV2cTNvck9vL1dKVmhUeXZMZ0ZWSzJRYXJRNC82N09aZkhkN1IrUE9CWGhvcGhTTXYxWk9vPC9kczpYNTA5Q2VydGlmaWNhdGU+PC9kczpYNTA5RGF0YT48L2RzOktleUluZm8+PC9kczpTaWduYXR1cmU+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+PHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9InBmeDVhMTU1NmIwLTE1NmYtZjNhNS04OGUyLTc1MzRkNjdiNjg0MyIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDItMTlUMDE6Mzc6MDFaIj48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9zaW1wbGVzYW1sL3NhbWwyL2lkcC9tZXRhZGF0YS5waHA8L3NhbWw6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPg0KICA8ZHM6U2lnbmVkSW5mbz48ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPg0KICAgIDxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4NCiAgPGRzOlJlZmVyZW5jZSBVUkk9IiNwZng1YTE1NTZiMC0xNTZmLWYzYTUtODhlMi03NTM0ZDY3YjY4NDMiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+PGRzOkRpZ2VzdFZhbHVlPnhpTEtIa05OcllPWTdWOFhkSjVET3pQNFp0ND08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU+WHZDRURGdDBJM1VXWlMwN3JWa1VmNTA0Mjg3ZHJTbEI2bDBSdS9OTWMzZFlIT2E1V0NCNXZRanpGVURMSFZSQWlueWR0WXh3ejRTN1NKd081V3RKVFdTOStQNU9SMnpRTjRpYVpnclVGRm5xV0FDZW4rUTMzaXZVaFY0elVTcDU0cjVVdUxLNE96UnVhNmhlWUYrM0Y5TXZMK3VPV2hFZVc3NXZjODk0VXlVPTwvZHM6U2lnbmF0dXJlVmFsdWU+DQo8ZHM6S2V5SW5mbz48ZHM6WDUwOURhdGE+PGRzOlg1MDlDZXJ0aWZpY2F0ZT5NSUlDZ1RDQ0Flb0NDUUNiT2xyV0RkWDdGVEFOQmdrcWhraUc5dzBCQVFVRkFEQ0JoREVMTUFrR0ExVUVCaE1DVGs4eEdEQVdCZ05WQkFnVEQwRnVaSEpsWVhNZ1UyOXNZbVZ5WnpFTU1Bb0dBMVVFQnhNRFJtOXZNUkF3RGdZRFZRUUtFd2RWVGtsT1JWUlVNUmd3RmdZRFZRUURFdzltWldsa1pTNWxjbXhoYm1jdWJtOHhJVEFmQmdrcWhraUc5dzBCQ1FFV0VtRnVaSEpsWVhOQWRXNXBibVYwZEM1dWJ6QWVGdzB3TnpBMk1UVXhNakF4TXpWYUZ3MHdOekE0TVRReE1qQXhNelZhTUlHRU1Rc3dDUVlEVlFRR0V3Sk9UekVZTUJZR0ExVUVDQk1QUVc1a2NtVmhjeUJUYjJ4aVpYSm5NUXd3Q2dZRFZRUUhFd05HYjI4eEVEQU9CZ05WQkFvVEIxVk9TVTVGVkZReEdEQVdCZ05WQkFNVEQyWmxhV1JsTG1WeWJHRnVaeTV1YnpFaE1COEdDU3FHU0liM0RRRUpBUllTWVc1a2NtVmhjMEIxYm1sdVpYUjBMbTV2TUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FEaXZiaFI3UDUxNngvUzNCcUt4dXBRZTBMT05vbGl1cGlCT2VzQ08zU0hiRHJsMytxOUliZm5mbUUwNHJOdU1jUHNJeEIxNjFUZERwSWVzTENuN2M4YVBISVNLT3RQbEFlVFpTbmI4UUF1N2FSalpxMytQYnJQNXVXM1RjZkNHUHRLVHl0SE9nZS9PbEpibzA3OGRWaFhRMTRkMUVEd1hKVzFyUlh1VXQ0QzhRSURBUUFCTUEwR0NTcUdTSWIzRFFFQkJRVUFBNEdCQUNEVmZwODZIT2JxWStlOEJVb1dROStWTVF4MUFTRG9oQmp3T3NnMld5a1VxUlhGK2RMZmNVSDlkV1I2M0N0WklLRkRiU3ROb21QblF6N25iSytvbnlnd0JzcFZFYm5IdVVpaFpxM1pVZG11bVFxQ3c0VXZzLzFVdnEzb3JPby9XSlZoVHl2TGdGVksyUWFyUTQvNjdPWmZIZDdSK1BPQlhob3BoU012MVpPbzwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1sOlN1YmplY3Q+PHNhbWw6TmFtZUlEIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6ZW1haWxBZGRyZXNzIi8+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAyMy0wOC0yM1QwNjo1NzowMVoiIFJlY2lwaWVudD0iaHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9pbmRleC5waHA/YWNzIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOXzVmZTlkNmU0OTliMmYwOTEzMjA2YWFiM2Y3MTkxNzI5MDQ5YmI4MDciLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWw6U3ViamVjdD48c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxNC0wMi0xOVQwMTozNjozMVoiIE5vdE9uT3JBZnRlcj0iMjAyMy0wOC0yM1QwNjo1NzowMVoiPjxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PHNhbWw6QXVkaWVuY2U+aHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9tZXRhZGF0YS5waHA8L3NhbWw6QXVkaWVuY2U+PC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PC9zYW1sOkNvbmRpdGlvbnM+PHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDE0LTAyLTE5VDAxOjM3OjAxWiIgU2Vzc2lvbk5vdE9uT3JBZnRlcj0iMjAxNC0wMi0xOVQwOTozNzowMVoiIFNlc3Npb25JbmRleD0iXzYyNzNkNzdiOGNkZTBjMzMzZWM3OWQyMmE5ZmEwMDAzYjlmZTJkNzVjYiI+PHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDpBdXRobkNvbnRleHQ+PC9zYW1sOkF1dGhuU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGUgTmFtZT0idWlkIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5zbWFydGluPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Im1haWwiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPnNtYXJ0aW5AeWFjby5lczwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJjbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+U2l4dG8zPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9InNuIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5NYXJ0aW4yPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9ImVkdVBlcnNvbkFmZmlsaWF0aW9uIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj51c2VyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPmFkbWluPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48L3NhbWw6QXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+python3-saml-1.12.0/tests/data/responses/invalids/encrypted_attrs.xml.base64000066400000000000000000000120141410551756100270600ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeGMzMmFlZDY3LTgyMGYtNDI5Ni0wYzIwLTIwNWExMGRkNTc4NyIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIiBEZXN0aW5hdGlvbj0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiIEluUmVzcG9uc2VUbz0iXzU3YmNiZjcwLTdiMWYtMDEyZS1jODIxLTc4MmJjYjEzYmIzOCI+DQogIDxzYW1sOklzc3Vlcj5odHRwOi8vaWRwLmV4YW1wbGUuY29tLzwvc2FtbDpJc3N1ZXI+DQogIDxzYW1scDpTdGF0dXM+DQogICAgPHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPg0KICA8L3NhbWxwOlN0YXR1cz4NCiAgPHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9InBmeDc4NDE5OTFjLWM3M2YtNDAzNS1lMmVlLWMxNzBjMGUxZDNlNCIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIj4NCiAgICA8c2FtbDpJc3N1ZXI+aHR0cDovL2lkcC5leGFtcGxlLmNvbS88L3NhbWw6SXNzdWVyPiAgICANCiAgICA8c2FtbDpTdWJqZWN0Pg0KICAgICAgPHNhbWw6TmFtZUlEIFNQTmFtZVF1YWxpZmllcj0iaGVsbG8uY29tIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+c29tZW9uZUBleGFtcGxlLmNvbTwvc2FtbDpOYW1lSUQ+DQogICAgICA8c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+DQogICAgICAgIDxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAyMC0wNi0xN1QxNDo1OToxNFoiIFJlY2lwaWVudD0iaGh0dHA6Ly9zdHVmZi5jb20vZW5kcG9pbnRzL21ldGFkYXRhLnBocCIgSW5SZXNwb25zZVRvPSJfNTdiY2JmNzAtN2IxZi0wMTJlLWM4MjEtNzgyYmNiMTNiYjM4Ii8+DQogICAgICA8L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4NCiAgICA8L3NhbWw6U3ViamVjdD4NCiAgICA8c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxMC0wNi0xN1QxNDo1Mzo0NFoiIE5vdE9uT3JBZnRlcj0iMjA5OS0wNi0xN1QxNDo1OToxNFoiPg0KICAgICAgPHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj4NCiAgICAgICAgPHNhbWw6QXVkaWVuY2U+aHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvbWV0YWRhdGEucGhwPC9zYW1sOkF1ZGllbmNlPg0KICAgICAgPC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+DQogICAgPC9zYW1sOkNvbmRpdGlvbnM+DQogICAgPHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDExLTA2LTE3VDE0OjU0OjA3WiIgU2Vzc2lvbk5vdE9uT3JBZnRlcj0iMjAyMC0wNi0xN1QyMjo1NDoxNFoiIFNlc3Npb25JbmRleD0iXzUxYmUzNzk2NWZlYjU1NzlkODAzMTQxMDc2OTM2ZGMyZTlkMWQ5OGViZiI+DQogICAgICA8c2FtbDpBdXRobkNvbnRleHQ+DQogICAgICAgIDxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPg0KICAgICAgPC9zYW1sOkF1dGhuQ29udGV4dD4NCiAgICA8L3NhbWw6QXV0aG5TdGF0ZW1lbnQ+DQogICAgPHNhbWw6QXR0cmlidXRlU3RhdGVtZW50Pg0KIDxzYW1sOkVuY3J5cHRlZEF0dHJpYnV0ZSB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj4NCiAgICAgICAgICA8eGVuYzpFbmNyeXB0ZWREYXRhIHhtbG5zOnhlbmM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jIyIgVHlwZT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjRWxlbWVudCIgSWQ9Il9GMzk2MjVBRjY4QjRGQzA3OENDNzU4MkQyOEQwNUQ5QyI+DQogICAgICAgICAgICA8eGVuYzpFbmNyeXB0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjYWVzMjU2LWNiYyIvPg0KICAgICAgICAgICAgPGRzOktleUluZm8geG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPg0KICAgICAgICAgICAgICA8eGVuYzpFbmNyeXB0ZWRLZXk+DQogICAgICAgICAgICAgICAgPHhlbmM6RW5jcnlwdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3JzYS1vYWVwLW1nZjFwIi8+DQogICAgICAgICAgICAgICAgPGRzOktleUluZm8geG1sbnM6ZHNpZz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+DQogICAgICAgICAgICAgICAgICA8ZHM6S2V5TmFtZT42MjM1NWZiZDFmNjI0NTAzYzVjOTY3NzQwMmVjY2EwMGVmMWY2Mjc3PC9kczpLZXlOYW1lPg0KICAgICAgICAgICAgICAgIDwvZHM6S2V5SW5mbz4NCiAgICAgICAgICAgICAgICA8eGVuYzpDaXBoZXJEYXRhPg0KICAgICAgICAgICAgICAgICAgPHhlbmM6Q2lwaGVyVmFsdWU+SzBtQkx4Zkx6aUtWVUtFQU9ZZTdENnVWU0NQeTh2eVdWaDNSZWNuUEVTKzhRa0FoT3VSU3VFL0xRcEZyMGh1SS9pQ0V5OXBkZTFRZ2pZREx0akhjdWpLaTJ4R3FXNmprWFcvRXVLb21xV1BQQTJ4WXMxZnBCMXN1NGFYVU9RQjZPSjcwL29EY09zeTgzNGdoRmFCV2lsRThmcXlEQlVCdlcrMkl2YU1VWmFid04vczltVmtXek0zcjMwdGxraExLN2lPcmJHQWxkSUh3RlU1ejdQUFI2Uk8zWTNmSXhqSFU0ME9uTHNKYzN4SXFkTEgzZlhwQzBrZ2k1VXNwTGRxMTRlNU9vWGpMb1BHM0JPM3p3T0FJSjhYTkJXWTV1UW9mNktyS2JjdnRaU1kwZk12UFloWWZOanRSRnk4eTQ5b3ZMOWZ3akNSVERsVDUrYUhxc0NUQnJ3PT08L3hlbmM6Q2lwaGVyVmFsdWU+DQogICAgICAgICAgICAgICAgPC94ZW5jOkNpcGhlckRhdGE+DQogICAgICAgICAgICAgIDwveGVuYzpFbmNyeXB0ZWRLZXk+DQogICAgICAgICAgICA8L2RzOktleUluZm8+DQogICAgICAgICAgICA8eGVuYzpDaXBoZXJEYXRhPg0KICAgICAgICAgICAgICA8eGVuYzpDaXBoZXJWYWx1ZT5aekN1NmF4R2dBWVpIVmY3N05YOGFwWktCL0dKRGV1VjZiRkJ5QlMwQUlnaVhrdkRVQW1MQ3BhYlRBV0JNK3l6MTlvbEE2cnJ5dU9mcjgyZXYyYnpQTlVSdm00U1l4YWh2dUw0UGlibjV3Smt5MEJsNTRWcW1jVStBcWowZEF2T2dxRzF5M1g0d085bjliUnNUdjY5MjFtMGVxUkFGcGg4a0s4TDloaXJLMUJ4WUJZajJSeUZDb0ZEUHhWWjV3eXJhM3E0cW1FNC9FTFFwRlA2bWZVOExYYjB1b1dKVWpHVWVsUzJBYTdiWmlzOHpFcHdvdjRDd3RsTmpsdFFpaDRtdjd0dENBZllxY1FJRnpCVEIrREFhMCtYZ2d4Q0xjZEIzK21RaVJjRUNCZndISEo3Z1JtbnVCRWdlV1QzQ0dLYTNOYjdHTVhPZnV4RktGNXBJZWhXZ28za2ROUUxhbG9yOFJWVzZJOFAvSThmUTMzRmUrTnNIVm5KM3p3U0EvL2E8L3hlbmM6Q2lwaGVyVmFsdWU+DQogICAgICAgICAgICA8L3hlbmM6Q2lwaGVyRGF0YT4NCiAgICAgICAgICA8L3hlbmM6RW5jcnlwdGVkRGF0YT4NCiAgICAgICAgPC9zYW1sOkVuY3J5cHRlZEF0dHJpYnV0ZT4NCiAgICA8L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pg0KICA8L3NhbWw6QXNzZXJ0aW9uPg0KPC9zYW1scDpSZXNwb25zZT4=python3-saml-1.12.0/tests/data/responses/invalids/encrypted_nameID_without_EncMethod.xml.base64000066400000000000000000000235651410551756100326060ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJwZng4NDMwYjFkZS1mNTU0LTQ5M2YtNjMyZS00YTIxZTBhMGRkZDQiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTAzLTA5VDEyOjIzOjM3WiIgRGVzdGluYXRpb249Imh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvbmV3b25lbG9naW4vZGVtbzEvaW5kZXgucGhwP2FjcyIgSW5SZXNwb25zZVRvPSJPTkVMT0dJTl9iZjM3MmI5ZDY3ZDBjODlkMGNmMWFmM2ZmNjI1ZWE3YzA1MWM5ODg1Ij48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9zaW1wbGVzYW1sL3NhbWwyL2lkcC9tZXRhZGF0YS5waHA8L3NhbWw6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPg0KICA8ZHM6U2lnbmVkSW5mbz48ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPg0KICAgIDxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4NCiAgPGRzOlJlZmVyZW5jZSBVUkk9IiNwZng4NDMwYjFkZS1mNTU0LTQ5M2YtNjMyZS00YTIxZTBhMGRkZDQiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+PGRzOkRpZ2VzdFZhbHVlPkhENDgxVEsxVmtPMGVaNGUxL2Vma1VJTVVCaz08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU+bWZrcnh5SlU4MG1hMWwwQ2xUU2tObTgzajVZQ0Y3YUt2bDJqRmVsVU04M3RuaitwNDB1RXRITjkrbHBJQVgrZEZkNnNCR3JEdUk0Q21lOTZuQ2lDK05mb2Y5MnpYaUcrWExCbFR2K0Z0cWxaZUgxc0ZNTFhuOWwxTHNLT0dPbjM5alA4bklUSGtYL0VkYjRucENNZlpQeWZ2b3M1dkMwbUtnWlFKZ1JtcG5vPTwvZHM6U2lnbmF0dXJlVmFsdWU+DQo8ZHM6S2V5SW5mbz48ZHM6WDUwOURhdGE+PGRzOlg1MDlDZXJ0aWZpY2F0ZT5NSUlDZ1RDQ0Flb0NDUUNiT2xyV0RkWDdGVEFOQmdrcWhraUc5dzBCQVFVRkFEQ0JoREVMTUFrR0ExVUVCaE1DVGs4eEdEQVdCZ05WQkFnVEQwRnVaSEpsWVhNZ1UyOXNZbVZ5WnpFTU1Bb0dBMVVFQnhNRFJtOXZNUkF3RGdZRFZRUUtFd2RWVGtsT1JWUlVNUmd3RmdZRFZRUURFdzltWldsa1pTNWxjbXhoYm1jdWJtOHhJVEFmQmdrcWhraUc5dzBCQ1FFV0VtRnVaSEpsWVhOQWRXNXBibVYwZEM1dWJ6QWVGdzB3TnpBMk1UVXhNakF4TXpWYUZ3MHdOekE0TVRReE1qQXhNelZhTUlHRU1Rc3dDUVlEVlFRR0V3Sk9UekVZTUJZR0ExVUVDQk1QUVc1a2NtVmhjeUJUYjJ4aVpYSm5NUXd3Q2dZRFZRUUhFd05HYjI4eEVEQU9CZ05WQkFvVEIxVk9TVTVGVkZReEdEQVdCZ05WQkFNVEQyWmxhV1JsTG1WeWJHRnVaeTV1YnpFaE1COEdDU3FHU0liM0RRRUpBUllTWVc1a2NtVmhjMEIxYm1sdVpYUjBMbTV2TUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FEaXZiaFI3UDUxNngvUzNCcUt4dXBRZTBMT05vbGl1cGlCT2VzQ08zU0hiRHJsMytxOUliZm5mbUUwNHJOdU1jUHNJeEIxNjFUZERwSWVzTENuN2M4YVBISVNLT3RQbEFlVFpTbmI4UUF1N2FSalpxMytQYnJQNXVXM1RjZkNHUHRLVHl0SE9nZS9PbEpibzA3OGRWaFhRMTRkMUVEd1hKVzFyUlh1VXQ0QzhRSURBUUFCTUEwR0NTcUdTSWIzRFFFQkJRVUFBNEdCQUNEVmZwODZIT2JxWStlOEJVb1dROStWTVF4MUFTRG9oQmp3T3NnMld5a1VxUlhGK2RMZmNVSDlkV1I2M0N0WklLRkRiU3ROb21QblF6N25iSytvbnlnd0JzcFZFYm5IdVVpaFpxM1pVZG11bVFxQ3c0VXZzLzFVdnEzb3JPby9XSlZoVHl2TGdGVksyUWFyUTQvNjdPWmZIZDdSK1BPQlhob3BoU012MVpPbzwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1scDpTdGF0dXM+PHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbHA6U3RhdHVzPjxzYW1sOkFzc2VydGlvbiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIElEPSJwZnhkMDhjOTU2Ny1lNzUxLTY2ODItMGEwYS1hNDUwZDZmMTUxZTAiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTAzLTA5VDEyOjIzOjM3WiI+PHNhbWw6SXNzdWVyPmh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvc2ltcGxlc2FtbC9zYW1sMi9pZHAvbWV0YWRhdGEucGhwPC9zYW1sOklzc3Vlcj48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgPGRzOlNpZ25lZEluZm8+PGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4NCiAgICA8ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3JzYS1zaGExIi8+DQogIDxkczpSZWZlcmVuY2UgVVJJPSIjcGZ4ZDA4Yzk1NjctZTc1MS02NjgyLTBhMGEtYTQ1MGQ2ZjE1MWUwIj48ZHM6VHJhbnNmb3Jtcz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PC9kczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIvPjxkczpEaWdlc3RWYWx1ZT42alZGMVZEMGJwVW1BVm1ERzlLeGxqMmFOUTA9PC9kczpEaWdlc3RWYWx1ZT48L2RzOlJlZmVyZW5jZT48L2RzOlNpZ25lZEluZm8+PGRzOlNpZ25hdHVyZVZhbHVlPlU3YTdFVWdxeDFiRC9ZaW9uTldPVWVMMHRJR0dRSU5ad1V6N1FBODNhYmxlVnE5dGtKbUsvWm8wak10MnluWHgxelA4K0M1bjNDRTY4TnZ4and5S2RFQUExUjAwblpneDRMR0JnZWl2WVBrazRBb0p6Q0RBbE11M1VLelZ0SU90dTV1VjFNMmVGc0NJY2RUcXBRMGt2b2pVQUVZWVhObSt6Y2xkcnVZWGQ1dz08L2RzOlNpZ25hdHVyZVZhbHVlPg0KPGRzOktleUluZm8+PGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJQ2dUQ0NBZW9DQ1FDYk9scldEZFg3RlRBTkJna3Foa2lHOXcwQkFRVUZBRENCaERFTE1Ba0dBMVVFQmhNQ1RrOHhHREFXQmdOVkJBZ1REMEZ1WkhKbFlYTWdVMjlzWW1WeVp6RU1NQW9HQTFVRUJ4TURSbTl2TVJBd0RnWURWUVFLRXdkVlRrbE9SVlJVTVJnd0ZnWURWUVFERXc5bVpXbGtaUzVsY214aGJtY3VibTh4SVRBZkJna3Foa2lHOXcwQkNRRVdFbUZ1WkhKbFlYTkFkVzVwYm1WMGRDNXViekFlRncwd056QTJNVFV4TWpBeE16VmFGdzB3TnpBNE1UUXhNakF4TXpWYU1JR0VNUXN3Q1FZRFZRUUdFd0pPVHpFWU1CWUdBMVVFQ0JNUFFXNWtjbVZoY3lCVGIyeGlaWEpuTVF3d0NnWURWUVFIRXdOR2IyOHhFREFPQmdOVkJBb1RCMVZPU1U1RlZGUXhHREFXQmdOVkJBTVREMlpsYVdSbExtVnliR0Z1Wnk1dWJ6RWhNQjhHQ1NxR1NJYjNEUUVKQVJZU1lXNWtjbVZoYzBCMWJtbHVaWFIwTG01dk1JR2ZNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0R05BRENCaVFLQmdRRGl2YmhSN1A1MTZ4L1MzQnFLeHVwUWUwTE9Ob2xpdXBpQk9lc0NPM1NIYkRybDMrcTlJYmZuZm1FMDRyTnVNY1BzSXhCMTYxVGREcEllc0xDbjdjOGFQSElTS090UGxBZVRaU25iOFFBdTdhUmpacTMrUGJyUDV1VzNUY2ZDR1B0S1R5dEhPZ2UvT2xKYm8wNzhkVmhYUTE0ZDFFRHdYSlcxclJYdVV0NEM4UUlEQVFBQk1BMEdDU3FHU0liM0RRRUJCUVVBQTRHQkFDRFZmcDg2SE9icVkrZThCVW9XUTkrVk1ReDFBU0RvaEJqd09zZzJXeWtVcVJYRitkTGZjVUg5ZFdSNjNDdFpJS0ZEYlN0Tm9tUG5RejduYksrb255Z3dCc3BWRWJuSHVVaWhacTNaVWRtdW1RcUN3NFV2cy8xVXZxM29yT28vV0pWaFR5dkxnRlZLMlFhclE0LzY3T1pmSGQ3UitQT0JYaG9waFNNdjFaT288L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48L2RzOlNpZ25hdHVyZT48c2FtbDpTdWJqZWN0PjxzYW1sOkVuY3J5cHRlZElEPjx4ZW5jOkVuY3J5cHRlZERhdGEgeG1sbnM6eGVuYz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjIiB4bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIiBUeXBlPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNFbGVtZW50Ij48eGVuYzpFbmNyeXB0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjYWVzMTI4LWNiYyIvPjxkc2lnOktleUluZm8geG1sbnM6ZHNpZz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PHhlbmM6RW5jcnlwdGVkS2V5Pjx4ZW5jOkNpcGhlckRhdGE+PHhlbmM6Q2lwaGVyVmFsdWU+RjJQVjV4TjVFM3EzODFJV2Qya25CdjAvUEpPN1ExR01oMGhkUm1USUxSYnJGZ0toNlFtN2VoTFlBS1B5QW52b0lFRDZSK0g4VkhweEtsZ2lybm9xNWYvSUxCajhOV1FpOEFKV21qZkMyWTBxQ3duOHJxVFRWQzVlZFhFZUMzU094ZHBTbzNzWGlOakhKUms3VndRUEV5RXNNeWcvSkN1cytGeUJYbXRickMwPTwveGVuYzpDaXBoZXJWYWx1ZT48L3hlbmM6Q2lwaGVyRGF0YT48L3hlbmM6RW5jcnlwdGVkS2V5PjwvZHNpZzpLZXlJbmZvPg0KICAgPHhlbmM6Q2lwaGVyRGF0YT4NCiAgICAgIDx4ZW5jOkNpcGhlclZhbHVlPmxuMytVMVZNMmNDQjVOMXdIcmczaWVMMzRUSDdFdC9EZVhvK0FOUkdETnY5eG1GT3N1YUpuZzB1L1dseXpGNE10cWxpZWJEZUNCNVNZVE9FRHE0VGxVUno2QVhIcEg1UTNZa2ErbmttZXlhYytWc2lyNHB6eXBuUmgvb0x5ZFFXd01xSWZNQjAzeGtzeXhJUzVCTmRLNGNielprdnRsa1gvRmtGdlRCcktTMGxTUDgzZWVXaXhJNE16WXZBNW0rVHVJemNFdCtRR29zQVBnSkJ0REhMR1hpSWF6dFJYYUJLNXR5TEtwN0IydUdXK1ZjYlpRNWZlV2VRNW1DSnhYUFhiMnQ5c0xDUTFFRUFDZ05CK0kwYWJ6MWFLWXhOK0Vqd1B3akNVUVpmcWdiOVVjTFBFcENqcXNyR0QwWk9JbFBiMlFyYmM0cVZzY0xpSVZENm9pbEZYUzlDOHNtMDd2YklPMDdJSGhTWi9Gb2MrcDNsKy9BVFVvQjh5NzVISnZPMTwveGVuYzpDaXBoZXJWYWx1ZT4NCiAgIDwveGVuYzpDaXBoZXJEYXRhPg0KPC94ZW5jOkVuY3J5cHRlZERhdGE+PC9zYW1sOkVuY3J5cHRlZElEPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBOb3RPbk9yQWZ0ZXI9IjIwMjMtMDktMTBUMTc6NDM6MzdaIiBSZWNpcGllbnQ9Imh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvbmV3b25lbG9naW4vZGVtbzEvaW5kZXgucGhwP2FjcyIgSW5SZXNwb25zZVRvPSJPTkVMT0dJTl9iZjM3MmI5ZDY3ZDBjODlkMGNmMWFmM2ZmNjI1ZWE3YzA1MWM5ODg1Ii8+PC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+PC9zYW1sOlN1YmplY3Q+PHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTQtMDMtMDlUMTI6MjM6MDdaIiBOb3RPbk9yQWZ0ZXI9IjIwMjMtMDktMTBUMTc6NDM6MzdaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvbmV3b25lbG9naW4vZGVtbzEvbWV0YWRhdGEucGhwPC9zYW1sOkF1ZGllbmNlPjwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjwvc2FtbDpDb25kaXRpb25zPjxzYW1sOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxNC0wMy0wOVQxMjoyMzozN1oiIFNlc3Npb25Ob3RPbk9yQWZ0ZXI9IjIwMTQtMDMtMDlUMjA6MjM6MzdaIiBTZXNzaW9uSW5kZXg9Il85NDRiZmNhY2IwZDgzMmIxMmU0YmNmNzc0ZTAyYmJlNWY2NDU1YzY4MDMiPjxzYW1sOkF1dGhuQ29udGV4dD48c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZDwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj48L3NhbWw6QXV0aG5Db250ZXh0Pjwvc2FtbDpBdXRoblN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9InVpZCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+dGVzdDwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJtYWlsIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj50ZXN0QGV4YW1wbGUuY29tPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9ImNuIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj50ZXN0PC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9InNuIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj53YWEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9ImVkdVBlcnNvbkFmZmlsaWF0aW9uIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj51c2VyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPmFkbWluPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48L3NhbWw6QXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+ python3-saml-1.12.0/tests/data/responses/invalids/encrypted_nameID_without_keyinfo.xml.base64000066400000000000000000000226211410551756100323740ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJwZng4NDMwYjFkZS1mNTU0LTQ5M2YtNjMyZS00YTIxZTBhMGRkZDQiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTAzLTA5VDEyOjIzOjM3WiIgRGVzdGluYXRpb249Imh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvbmV3b25lbG9naW4vZGVtbzEvaW5kZXgucGhwP2FjcyIgSW5SZXNwb25zZVRvPSJPTkVMT0dJTl9iZjM3MmI5ZDY3ZDBjODlkMGNmMWFmM2ZmNjI1ZWE3YzA1MWM5ODg1Ij48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9zaW1wbGVzYW1sL3NhbWwyL2lkcC9tZXRhZGF0YS5waHA8L3NhbWw6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPg0KICA8ZHM6U2lnbmVkSW5mbz48ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPg0KICAgIDxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4NCiAgPGRzOlJlZmVyZW5jZSBVUkk9IiNwZng4NDMwYjFkZS1mNTU0LTQ5M2YtNjMyZS00YTIxZTBhMGRkZDQiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+PGRzOkRpZ2VzdFZhbHVlPkhENDgxVEsxVmtPMGVaNGUxL2Vma1VJTVVCaz08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU+bWZrcnh5SlU4MG1hMWwwQ2xUU2tObTgzajVZQ0Y3YUt2bDJqRmVsVU04M3RuaitwNDB1RXRITjkrbHBJQVgrZEZkNnNCR3JEdUk0Q21lOTZuQ2lDK05mb2Y5MnpYaUcrWExCbFR2K0Z0cWxaZUgxc0ZNTFhuOWwxTHNLT0dPbjM5alA4bklUSGtYL0VkYjRucENNZlpQeWZ2b3M1dkMwbUtnWlFKZ1JtcG5vPTwvZHM6U2lnbmF0dXJlVmFsdWU+DQo8ZHM6S2V5SW5mbz48ZHM6WDUwOURhdGE+PGRzOlg1MDlDZXJ0aWZpY2F0ZT5NSUlDZ1RDQ0Flb0NDUUNiT2xyV0RkWDdGVEFOQmdrcWhraUc5dzBCQVFVRkFEQ0JoREVMTUFrR0ExVUVCaE1DVGs4eEdEQVdCZ05WQkFnVEQwRnVaSEpsWVhNZ1UyOXNZbVZ5WnpFTU1Bb0dBMVVFQnhNRFJtOXZNUkF3RGdZRFZRUUtFd2RWVGtsT1JWUlVNUmd3RmdZRFZRUURFdzltWldsa1pTNWxjbXhoYm1jdWJtOHhJVEFmQmdrcWhraUc5dzBCQ1FFV0VtRnVaSEpsWVhOQWRXNXBibVYwZEM1dWJ6QWVGdzB3TnpBMk1UVXhNakF4TXpWYUZ3MHdOekE0TVRReE1qQXhNelZhTUlHRU1Rc3dDUVlEVlFRR0V3Sk9UekVZTUJZR0ExVUVDQk1QUVc1a2NtVmhjeUJUYjJ4aVpYSm5NUXd3Q2dZRFZRUUhFd05HYjI4eEVEQU9CZ05WQkFvVEIxVk9TVTVGVkZReEdEQVdCZ05WQkFNVEQyWmxhV1JsTG1WeWJHRnVaeTV1YnpFaE1COEdDU3FHU0liM0RRRUpBUllTWVc1a2NtVmhjMEIxYm1sdVpYUjBMbTV2TUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FEaXZiaFI3UDUxNngvUzNCcUt4dXBRZTBMT05vbGl1cGlCT2VzQ08zU0hiRHJsMytxOUliZm5mbUUwNHJOdU1jUHNJeEIxNjFUZERwSWVzTENuN2M4YVBISVNLT3RQbEFlVFpTbmI4UUF1N2FSalpxMytQYnJQNXVXM1RjZkNHUHRLVHl0SE9nZS9PbEpibzA3OGRWaFhRMTRkMUVEd1hKVzFyUlh1VXQ0QzhRSURBUUFCTUEwR0NTcUdTSWIzRFFFQkJRVUFBNEdCQUNEVmZwODZIT2JxWStlOEJVb1dROStWTVF4MUFTRG9oQmp3T3NnMld5a1VxUlhGK2RMZmNVSDlkV1I2M0N0WklLRkRiU3ROb21QblF6N25iSytvbnlnd0JzcFZFYm5IdVVpaFpxM1pVZG11bVFxQ3c0VXZzLzFVdnEzb3JPby9XSlZoVHl2TGdGVksyUWFyUTQvNjdPWmZIZDdSK1BPQlhob3BoU012MVpPbzwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1scDpTdGF0dXM+PHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbHA6U3RhdHVzPjxzYW1sOkFzc2VydGlvbiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIElEPSJwZnhkMDhjOTU2Ny1lNzUxLTY2ODItMGEwYS1hNDUwZDZmMTUxZTAiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTAzLTA5VDEyOjIzOjM3WiI+PHNhbWw6SXNzdWVyPmh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvc2ltcGxlc2FtbC9zYW1sMi9pZHAvbWV0YWRhdGEucGhwPC9zYW1sOklzc3Vlcj48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgPGRzOlNpZ25lZEluZm8+PGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4NCiAgICA8ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3JzYS1zaGExIi8+DQogIDxkczpSZWZlcmVuY2UgVVJJPSIjcGZ4ZDA4Yzk1NjctZTc1MS02NjgyLTBhMGEtYTQ1MGQ2ZjE1MWUwIj48ZHM6VHJhbnNmb3Jtcz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PC9kczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIvPjxkczpEaWdlc3RWYWx1ZT42alZGMVZEMGJwVW1BVm1ERzlLeGxqMmFOUTA9PC9kczpEaWdlc3RWYWx1ZT48L2RzOlJlZmVyZW5jZT48L2RzOlNpZ25lZEluZm8+PGRzOlNpZ25hdHVyZVZhbHVlPlU3YTdFVWdxeDFiRC9ZaW9uTldPVWVMMHRJR0dRSU5ad1V6N1FBODNhYmxlVnE5dGtKbUsvWm8wak10MnluWHgxelA4K0M1bjNDRTY4TnZ4and5S2RFQUExUjAwblpneDRMR0JnZWl2WVBrazRBb0p6Q0RBbE11M1VLelZ0SU90dTV1VjFNMmVGc0NJY2RUcXBRMGt2b2pVQUVZWVhObSt6Y2xkcnVZWGQ1dz08L2RzOlNpZ25hdHVyZVZhbHVlPg0KPGRzOktleUluZm8+PGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJQ2dUQ0NBZW9DQ1FDYk9scldEZFg3RlRBTkJna3Foa2lHOXcwQkFRVUZBRENCaERFTE1Ba0dBMVVFQmhNQ1RrOHhHREFXQmdOVkJBZ1REMEZ1WkhKbFlYTWdVMjlzWW1WeVp6RU1NQW9HQTFVRUJ4TURSbTl2TVJBd0RnWURWUVFLRXdkVlRrbE9SVlJVTVJnd0ZnWURWUVFERXc5bVpXbGtaUzVsY214aGJtY3VibTh4SVRBZkJna3Foa2lHOXcwQkNRRVdFbUZ1WkhKbFlYTkFkVzVwYm1WMGRDNXViekFlRncwd056QTJNVFV4TWpBeE16VmFGdzB3TnpBNE1UUXhNakF4TXpWYU1JR0VNUXN3Q1FZRFZRUUdFd0pPVHpFWU1CWUdBMVVFQ0JNUFFXNWtjbVZoY3lCVGIyeGlaWEpuTVF3d0NnWURWUVFIRXdOR2IyOHhFREFPQmdOVkJBb1RCMVZPU1U1RlZGUXhHREFXQmdOVkJBTVREMlpsYVdSbExtVnliR0Z1Wnk1dWJ6RWhNQjhHQ1NxR1NJYjNEUUVKQVJZU1lXNWtjbVZoYzBCMWJtbHVaWFIwTG01dk1JR2ZNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0R05BRENCaVFLQmdRRGl2YmhSN1A1MTZ4L1MzQnFLeHVwUWUwTE9Ob2xpdXBpQk9lc0NPM1NIYkRybDMrcTlJYmZuZm1FMDRyTnVNY1BzSXhCMTYxVGREcEllc0xDbjdjOGFQSElTS090UGxBZVRaU25iOFFBdTdhUmpacTMrUGJyUDV1VzNUY2ZDR1B0S1R5dEhPZ2UvT2xKYm8wNzhkVmhYUTE0ZDFFRHdYSlcxclJYdVV0NEM4UUlEQVFBQk1BMEdDU3FHU0liM0RRRUJCUVVBQTRHQkFDRFZmcDg2SE9icVkrZThCVW9XUTkrVk1ReDFBU0RvaEJqd09zZzJXeWtVcVJYRitkTGZjVUg5ZFdSNjNDdFpJS0ZEYlN0Tm9tUG5RejduYksrb255Z3dCc3BWRWJuSHVVaWhacTNaVWRtdW1RcUN3NFV2cy8xVXZxM29yT28vV0pWaFR5dkxnRlZLMlFhclE0LzY3T1pmSGQ3UitQT0JYaG9waFNNdjFaT288L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48L2RzOlNpZ25hdHVyZT48c2FtbDpTdWJqZWN0PjxzYW1sOkVuY3J5cHRlZElEPjx4ZW5jOkVuY3J5cHRlZERhdGEgeG1sbnM6eGVuYz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjIiB4bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIiBUeXBlPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNFbGVtZW50Ij48eGVuYzpFbmNyeXB0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjYWVzMTI4LWNiYyIvPjx4ZW5jOkNpcGhlckRhdGE+DQogICAgICA8eGVuYzpDaXBoZXJWYWx1ZT5sbjMrVTFWTTJjQ0I1TjF3SHJnM2llTDM0VEg3RXQvRGVYbytBTlJHRE52OXhtRk9zdWFKbmcwdS9XbHl6RjRNdHFsaWViRGVDQjVTWVRPRURxNFRsVVJ6NkFYSHBINVEzWWthK25rbWV5YWMrVnNpcjRwenlwblJoL29MeWRRV3dNcUlmTUIwM3hrc3l4SVM1Qk5kSzRjYnpaa3Z0bGtYL0ZrRnZUQnJLUzBsU1A4M2VlV2l4STRNell2QTVtK1R1SXpjRXQrUUdvc0FQZ0pCdERITEdYaUlhenRSWGFCSzV0eUxLcDdCMnVHVytWY2JaUTVmZVdlUTVtQ0p4WFBYYjJ0OXNMQ1ExRUVBQ2dOQitJMGFiejFhS1l4TitFandQd2pDVVFaZnFnYjlVY0xQRXBDanFzckdEMFpPSWxQYjJRcmJjNHFWc2NMaUlWRDZvaWxGWFM5QzhzbTA3dmJJTzA3SUhoU1ovRm9jK3AzbCsvQVRVb0I4eTc1SEp2TzE8L3hlbmM6Q2lwaGVyVmFsdWU+DQogICA8L3hlbmM6Q2lwaGVyRGF0YT4NCjwveGVuYzpFbmNyeXB0ZWREYXRhPjwvc2FtbDpFbmNyeXB0ZWRJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDIzLTA5LTEwVDE3OjQzOjM3WiIgUmVjaXBpZW50PSJodHRwczovL3BpdGJ1bGsubm8taXAub3JnL25ld29uZWxvZ2luL2RlbW8xL2luZGV4LnBocD9hY3MiIEluUmVzcG9uc2VUbz0iT05FTE9HSU5fYmYzNzJiOWQ2N2QwYzg5ZDBjZjFhZjNmZjYyNWVhN2MwNTFjOTg4NSIvPjwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE0LTAzLTA5VDEyOjIzOjA3WiIgTm90T25PckFmdGVyPSIyMDIzLTA5LTEwVDE3OjQzOjM3WiI+PHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48c2FtbDpBdWRpZW5jZT5odHRwczovL3BpdGJ1bGsubm8taXAub3JnL25ld29uZWxvZ2luL2RlbW8xL21ldGFkYXRhLnBocDwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMTQtMDMtMDlUMTI6MjM6MzdaIiBTZXNzaW9uTm90T25PckFmdGVyPSIyMDE0LTAzLTA5VDIwOjIzOjM3WiIgU2Vzc2lvbkluZGV4PSJfOTQ0YmZjYWNiMGQ4MzJiMTJlNGJjZjc3NGUwMmJiZTVmNjQ1NWM2ODAzIj48c2FtbDpBdXRobkNvbnRleHQ+PHNhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmQ8L3NhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+PC9zYW1sOkF1dGhuQ29udGV4dD48L3NhbWw6QXV0aG5TdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJ1aWQiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPnRlc3Q8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0ibWFpbCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+dGVzdEBleGFtcGxlLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJjbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+dGVzdDwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJzbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+d2FhMjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJlZHVQZXJzb25BZmZpbGlhdGlvbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+dXNlcjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5hZG1pbjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PC9zYW1sOkFzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg== python3-saml-1.12.0/tests/data/responses/invalids/invalid_audience.xml.base64000066400000000000000000000056041410551756100271400ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeGMzMmFlZDY3LTgyMGYtNDI5Ni0wYzIwLTIwNWExMGRkNTc4NyIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIiBEZXN0aW5hdGlvbj0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiIEluUmVzcG9uc2VUbz0iXzU3YmNiZjcwLTdiMWYtMDEyZS1jODIxLTc4MmJjYjEzYmIzOCI+DQogIDxzYW1sOklzc3Vlcj5odHRwOi8vaWRwLmV4YW1wbGUuY29tLzwvc2FtbDpJc3N1ZXI+DQogIDxzYW1scDpTdGF0dXM+DQogICAgPHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPg0KICA8L3NhbWxwOlN0YXR1cz4NCiAgPHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9InBmeDc4NDE5OTFjLWM3M2YtNDAzNS1lMmVlLWMxNzBjMGUxZDNlNCIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIj4NCiAgICA8c2FtbDpJc3N1ZXI+aHR0cDovL2lkcC5leGFtcGxlLmNvbS88L3NhbWw6SXNzdWVyPiAgICANCiAgICA8c2FtbDpTdWJqZWN0Pg0KICAgICAgPHNhbWw6TmFtZUlEIFNQTmFtZVF1YWxpZmllcj0iaGVsbG8uY29tIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+c29tZW9uZUBleGFtcGxlLmNvbTwvc2FtbDpOYW1lSUQ+DQogICAgICA8c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+DQogICAgICAgIDxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAyMC0wNi0xN1QxNDo1OToxNFoiIFJlY2lwaWVudD0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiIEluUmVzcG9uc2VUbz0iXzU3YmNiZjcwLTdiMWYtMDEyZS1jODIxLTc4MmJjYjEzYmIzOCIvPg0KICAgICAgPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+DQogICAgPC9zYW1sOlN1YmplY3Q+DQogICAgPHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTAtMDYtMTdUMTQ6NTM6NDRaIiBOb3RPbk9yQWZ0ZXI9IjIwOTktMDYtMTdUMTQ6NTk6MTRaIj4NCiAgICAgIDxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+DQogICAgICAgIDxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9pbnZhbGlkLmF1ZGllbmNlLmNvbTwvc2FtbDpBdWRpZW5jZT4NCiAgICAgIDwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KICAgIDwvc2FtbDpDb25kaXRpb25zPg0KICAgIDxzYW1sOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxMS0wNi0xN1QxNDo1NDowN1oiIFNlc3Npb25Ob3RPbk9yQWZ0ZXI9IjIwOTktMDYtMTdUMjI6NTQ6MTRaIiBTZXNzaW9uSW5kZXg9Il81MWJlMzc5NjVmZWI1NTc5ZDgwMzE0MTA3NjkzNmRjMmU5ZDFkOThlYmYiPg0KICAgICAgPHNhbWw6QXV0aG5Db250ZXh0Pg0KICAgICAgICA8c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZDwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj4NCiAgICAgIDwvc2FtbDpBdXRobkNvbnRleHQ+DQogICAgPC9zYW1sOkF1dGhuU3RhdGVtZW50Pg0KICAgIDxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgICAgIDxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJtYWlsIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj4NCiAgICAgICAgPHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+c29tZW9uZUBleGFtcGxlLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4NCiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+DQogICAgPC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgPC9zYW1sOkFzc2VydGlvbj4NCjwvc2FtbHA6UmVzcG9uc2U+python3-saml-1.12.0/tests/data/responses/invalids/invalid_issuer_assertion.xml.base64000066400000000000000000000056441410551756100307700ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeGMzMmFlZDY3LTgyMGYtNDI5Ni0wYzIwLTIwNWExMGRkNTc4NyIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIiBEZXN0aW5hdGlvbj0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiIEluUmVzcG9uc2VUbz0iXzU3YmNiZjcwLTdiMWYtMDEyZS1jODIxLTc4MmJjYjEzYmIzOCI+DQogIDxzYW1sOklzc3Vlcj5odHRwOi8vaWRwLmV4YW1wbGUuY29tLzwvc2FtbDpJc3N1ZXI+DQogIDxzYW1scDpTdGF0dXM+DQogICAgPHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPg0KICA8L3NhbWxwOlN0YXR1cz4NCiAgPHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9InBmeDc4NDE5OTFjLWM3M2YtNDAzNS1lMmVlLWMxNzBjMGUxZDNlNCIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIj4NCiAgICA8c2FtbDpJc3N1ZXI+aHR0cDovL2ludmFsaWQuaXNzdWVyLmV4YW1wbGUuY29tLzwvc2FtbDpJc3N1ZXI+ICAgIA0KICAgIDxzYW1sOlN1YmplY3Q+DQogICAgICA8c2FtbDpOYW1lSUQgU1BOYW1lUXVhbGlmaWVyPSJoZWxsby5jb20iIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6ZW1haWxBZGRyZXNzIj5zb21lb25lQGV4YW1wbGUuY29tPC9zYW1sOk5hbWVJRD4NCiAgICAgIDxzYW1sOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj4NCiAgICAgICAgPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDIwLTA2LTE3VDE0OjU5OjE0WiIgUmVjaXBpZW50PSJodHRwOi8vc3R1ZmYuY29tL2VuZHBvaW50cy9lbmRwb2ludHMvYWNzLnBocCIgSW5SZXNwb25zZVRvPSJfNTdiY2JmNzAtN2IxZi0wMTJlLWM4MjEtNzgyYmNiMTNiYjM4Ii8+DQogICAgICA8L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4NCiAgICA8L3NhbWw6U3ViamVjdD4NCiAgICA8c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxMC0wNi0xN1QxNDo1Mzo0NFoiIE5vdE9uT3JBZnRlcj0iMjA5OS0wNi0xN1QxNDo1OToxNFoiPg0KICAgICAgPHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj4NCiAgICAgICAgPHNhbWw6QXVkaWVuY2U+aHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvbWV0YWRhdGEucGhwPC9zYW1sOkF1ZGllbmNlPg0KICAgICAgPC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+DQogICAgPC9zYW1sOkNvbmRpdGlvbnM+DQogICAgPHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDExLTA2LTE3VDE0OjU0OjA3WiIgU2Vzc2lvbk5vdE9uT3JBZnRlcj0iMjA5OS0wNi0xN1QyMjo1NDoxNFoiIFNlc3Npb25JbmRleD0iXzUxYmUzNzk2NWZlYjU1NzlkODAzMTQxMDc2OTM2ZGMyZTlkMWQ5OGViZiI+DQogICAgICA8c2FtbDpBdXRobkNvbnRleHQ+DQogICAgICAgIDxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPg0KICAgICAgPC9zYW1sOkF1dGhuQ29udGV4dD4NCiAgICA8L3NhbWw6QXV0aG5TdGF0ZW1lbnQ+DQogICAgPHNhbWw6QXR0cmlidXRlU3RhdGVtZW50Pg0KICAgICAgPHNhbWw6QXR0cmlidXRlIE5hbWU9Im1haWwiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPg0KICAgICAgICA8c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5zb21lb25lQGV4YW1wbGUuY29tPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPg0KICAgICAgPC9zYW1sOkF0dHJpYnV0ZT4NCiAgICA8L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pg0KICA8L3NhbWw6QXNzZXJ0aW9uPg0KPC9zYW1scDpSZXNwb25zZT4=python3-saml-1.12.0/tests/data/responses/invalids/invalid_issuer_message.xml.base64000066400000000000000000000056501410551756100304020ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeGMzMmFlZDY3LTgyMGYtNDI5Ni0wYzIwLTIwNWExMGRkNTc4NyIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIiBEZXN0aW5hdGlvbj0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiIEluUmVzcG9uc2VUbz0iXzU3YmNiZjcwLTdiMWYtMDEyZS1jODIxLTc4MmJjYjEzYmIzOCI+DQogIDxzYW1sOklzc3Vlcj5odHRwOi8vaW52YWxpZC5pc3Nlci5leGFtcGxlLmNvbS88L3NhbWw6SXNzdWVyPg0KICA8c2FtbHA6U3RhdHVzPg0KICAgIDxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz4NCiAgPC9zYW1scDpTdGF0dXM+DQogIDxzYW1sOkFzc2VydGlvbiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIElEPSJwZng3ODQxOTkxYy1jNzNmLTQwMzUtZTJlZS1jMTcwYzBlMWQzZTQiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDExLTA2LTE3VDE0OjU0OjE0WiI+DQogICAgPHNhbWw6SXNzdWVyPmh0dHA6Ly9pZHAuZXhhbXBsZS5jb20vPC9zYW1sOklzc3Vlcj4gICAgDQogICAgPHNhbWw6U3ViamVjdD4NCiAgICAgIDxzYW1sOk5hbWVJRCBTUE5hbWVRdWFsaWZpZXI9ImhlbGxvLmNvbSIgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjE6bmFtZWlkLWZvcm1hdDplbWFpbEFkZHJlc3MiPnNvbWVvbmVAZXhhbXBsZS5jb208L3NhbWw6TmFtZUlEPg0KICAgICAgPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPg0KICAgICAgICA8c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBOb3RPbk9yQWZ0ZXI9IjIwMjAtMDYtMTdUMTQ6NTk6MTRaIiBSZWNpcGllbnQ9Imh0dHA6Ly9zdHVmZi5jb20vZW5kcG9pbnRzL2VuZHBvaW50cy9hY3MucGhwIiBJblJlc3BvbnNlVG89Il81N2JjYmY3MC03YjFmLTAxMmUtYzgyMS03ODJiY2IxM2JiMzgiLz4NCiAgICAgIDwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPg0KICAgIDwvc2FtbDpTdWJqZWN0Pg0KICAgIDxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDEwLTA2LTE3VDE0OjUzOjQ0WiIgTm90T25PckFmdGVyPSIyMDk5LTA2LTE3VDE0OjU5OjE0WiI+DQogICAgICA8c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KICAgICAgICA8c2FtbDpBdWRpZW5jZT5odHRwOi8vc3R1ZmYuY29tL2VuZHBvaW50cy9tZXRhZGF0YS5waHA8L3NhbWw6QXVkaWVuY2U+DQogICAgICA8L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj4NCiAgICA8L3NhbWw6Q29uZGl0aW9ucz4NCiAgICA8c2FtbDpBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MDdaIiBTZXNzaW9uTm90T25PckFmdGVyPSIyMDk5LTA2LTE3VDIyOjU0OjE0WiIgU2Vzc2lvbkluZGV4PSJfNTFiZTM3OTY1ZmViNTU3OWQ4MDMxNDEwNzY5MzZkYzJlOWQxZDk4ZWJmIj4NCiAgICAgIDxzYW1sOkF1dGhuQ29udGV4dD4NCiAgICAgICAgPHNhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmQ8L3NhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+DQogICAgICA8L3NhbWw6QXV0aG5Db250ZXh0Pg0KICAgIDwvc2FtbDpBdXRoblN0YXRlbWVudD4NCiAgICA8c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQogICAgICA8c2FtbDpBdHRyaWJ1dGUgTmFtZT0ibWFpbCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+DQogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPnNvbWVvbmVAZXhhbXBsZS5jb208L3NhbWw6QXR0cmlidXRlVmFsdWU+DQogICAgICA8L3NhbWw6QXR0cmlidXRlPg0KICAgIDwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQogIDwvc2FtbDpBc3NlcnRpb24+DQo8L3NhbWxwOlJlc3BvbnNlPg0KICA=python3-saml-1.12.0/tests/data/responses/invalids/invalid_sessionindex.xml.base64000066400000000000000000000056241410551756100301000ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeGMzMmFlZDY3LTgyMGYtNDI5Ni0wYzIwLTIwNWExMGRkNTc4NyIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIiBEZXN0aW5hdGlvbj0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiIEluUmVzcG9uc2VUbz0iXzU3YmNiZjcwLTdiMWYtMDEyZS1jODIxLTc4MmJjYjEzYmIzOCI+DQogIDxzYW1sOklzc3Vlcj5odHRwOi8vaWRwLmV4YW1wbGUuY29tLzwvc2FtbDpJc3N1ZXI+DQogIDxzYW1scDpTdGF0dXM+DQogICAgPHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPg0KICA8L3NhbWxwOlN0YXR1cz4NCiAgPHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9InBmeDc4NDE5OTFjLWM3M2YtNDAzNS1lMmVlLWMxNzBjMGUxZDNlNCIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIj4NCiAgICA8c2FtbDpJc3N1ZXI+aHR0cDovL2lkcC5leGFtcGxlLmNvbS88L3NhbWw6SXNzdWVyPiAgICANCiAgICA8c2FtbDpTdWJqZWN0Pg0KICAgICAgPHNhbWw6TmFtZUlEIFNQTmFtZVF1YWxpZmllcj0iaGVsbG8uY29tIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+c29tZW9uZUBleGFtcGxlLmNvbTwvc2FtbDpOYW1lSUQ+DQogICAgICA8c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+DQogICAgICAgIDxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAyMC0wNi0xN1QxNDo1OToxNFoiIFJlY2lwaWVudD0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiIEluUmVzcG9uc2VUbz0iXzU3YmNiZjcwLTdiMWYtMDEyZS1jODIxLTc4MmJjYjEzYmIzOCIvPg0KICAgICAgPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+DQogICAgPC9zYW1sOlN1YmplY3Q+DQogICAgPHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTAtMDYtMTdUMTQ6NTM6NDRaIiBOb3RPbk9yQWZ0ZXI9IjIwOTktMDYtMTdUMTQ6NTk6MTRaIj4NCiAgICAgIDxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+DQogICAgICAgIDxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9zdHVmZi5jb20vZW5kcG9pbnRzL21ldGFkYXRhLnBocDwvc2FtbDpBdWRpZW5jZT4NCiAgICAgIDwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KICAgIDwvc2FtbDpDb25kaXRpb25zPg0KICAgIDxzYW1sOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxMS0wNi0xN1QxNDo1NDowN1oiIFNlc3Npb25Ob3RPbk9yQWZ0ZXI9IjIwMTMtMDYtMTdUMjI6NTQ6MTRaIiBTZXNzaW9uSW5kZXg9Il81MWJlMzc5NjVmZWI1NTc5ZDgwMzE0MTA3NjkzNmRjMmU5ZDFkOThlYmYiPg0KICAgICAgPHNhbWw6QXV0aG5Db250ZXh0Pg0KICAgICAgICA8c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZDwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj4NCiAgICAgIDwvc2FtbDpBdXRobkNvbnRleHQ+DQogICAgPC9zYW1sOkF1dGhuU3RhdGVtZW50Pg0KICAgIDxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgICAgIDxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJtYWlsIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj4NCiAgICAgICAgPHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+c29tZW9uZUBleGFtcGxlLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4NCiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+DQogICAgPC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgPC9zYW1sOkFzc2VydGlvbj4NCjwvc2FtbHA6UmVzcG9uc2U+python3-saml-1.12.0/tests/data/responses/invalids/invalid_subjectconfirmation_inresponse.xml.base64000066400000000000000000000055741410551756100337060ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeGMzMmFlZDY3LTgyMGYtNDI5Ni0wYzIwLTIwNWExMGRkNTc4NyIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIiBEZXN0aW5hdGlvbj0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiIEluUmVzcG9uc2VUbz0iXzU3YmNiZjcwLTdiMWYtMDEyZS1jODIxLTc4MmJjYjEzYmIzOCI+DQogIDxzYW1sOklzc3Vlcj5odHRwOi8vaWRwLmV4YW1wbGUuY29tLzwvc2FtbDpJc3N1ZXI+DQogIDxzYW1scDpTdGF0dXM+DQogICAgPHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPg0KICA8L3NhbWxwOlN0YXR1cz4NCiAgPHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9InBmeDc4NDE5OTFjLWM3M2YtNDAzNS1lMmVlLWMxNzBjMGUxZDNlNCIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIj4NCiAgICA8c2FtbDpJc3N1ZXI+aHR0cDovL2lkcC5leGFtcGxlLmNvbS88L3NhbWw6SXNzdWVyPiAgICANCiAgICA8c2FtbDpTdWJqZWN0Pg0KICAgICAgPHNhbWw6TmFtZUlEIFNQTmFtZVF1YWxpZmllcj0iaGVsbG8uY29tIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+c29tZW9uZUBleGFtcGxlLmNvbTwvc2FtbDpOYW1lSUQ+DQogICAgICA8c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+DQogICAgICAgIDxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAyMC0wNi0xN1QxNDo1OToxNFoiIFJlY2lwaWVudD0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiIEluUmVzcG9uc2VUbz0iaW52YWxpZF9pbnJlc3BvbnNlIi8+DQogICAgICA8L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4NCiAgICA8L3NhbWw6U3ViamVjdD4NCiAgICA8c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxMC0wNi0xN1QxNDo1Mzo0NFoiIE5vdE9uT3JBZnRlcj0iMjA5OS0wNi0xN1QxNDo1OToxNFoiPg0KICAgICAgPHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj4NCiAgICAgICAgPHNhbWw6QXVkaWVuY2U+aHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvbWV0YWRhdGEucGhwPC9zYW1sOkF1ZGllbmNlPg0KICAgICAgPC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+DQogICAgPC9zYW1sOkNvbmRpdGlvbnM+DQogICAgPHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDExLTA2LTE3VDE0OjU0OjA3WiIgU2Vzc2lvbk5vdE9uT3JBZnRlcj0iMjA5OS0wNi0xN1QyMjo1NDoxNFoiIFNlc3Npb25JbmRleD0iXzUxYmUzNzk2NWZlYjU1NzlkODAzMTQxMDc2OTM2ZGMyZTlkMWQ5OGViZiI+DQogICAgICA8c2FtbDpBdXRobkNvbnRleHQ+DQogICAgICAgIDxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPg0KICAgICAgPC9zYW1sOkF1dGhuQ29udGV4dD4NCiAgICA8L3NhbWw6QXV0aG5TdGF0ZW1lbnQ+DQogICAgPHNhbWw6QXR0cmlidXRlU3RhdGVtZW50Pg0KICAgICAgPHNhbWw6QXR0cmlidXRlIE5hbWU9Im1haWwiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPg0KICAgICAgICA8c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5zb21lb25lQGV4YW1wbGUuY29tPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPg0KICAgICAgPC9zYW1sOkF0dHJpYnV0ZT4NCiAgICA8L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pg0KICA8L3NhbWw6QXNzZXJ0aW9uPg0KPC9zYW1scDpSZXNwb25zZT4=python3-saml-1.12.0/tests/data/responses/invalids/invalid_subjectconfirmation_nb.xml.base64000066400000000000000000000056211410551756100321110ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeGMzMmFlZDY3LTgyMGYtNDI5Ni0wYzIwLTIwNWExMGRkNTc4NyIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIiBEZXN0aW5hdGlvbj0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiIEluUmVzcG9uc2VUbz0iXzU3YmNiZjcwLTdiMWYtMDEyZS1jODIxLTc4MmJjYjEzYmIzOCI+DQogIDxzYW1sOklzc3Vlcj5odHRwOi8vaWRwLmV4YW1wbGUuY29tLzwvc2FtbDpJc3N1ZXI+DQogIDxzYW1scDpTdGF0dXM+DQogICAgPHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPg0KICA8L3NhbWxwOlN0YXR1cz4NCiAgPHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9InBmeDc4NDE5OTFjLWM3M2YtNDAzNS1lMmVlLWMxNzBjMGUxZDNlNCIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIj4NCiAgICA8c2FtbDpJc3N1ZXI+aHR0cDovL2lkcC5leGFtcGxlLmNvbS88L3NhbWw6SXNzdWVyPiAgICANCiAgICA8c2FtbDpTdWJqZWN0Pg0KICAgICAgPHNhbWw6TmFtZUlEIFNQTmFtZVF1YWxpZmllcj0iaGVsbG8uY29tIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+c29tZW9uZUBleGFtcGxlLmNvbTwvc2FtbDpOYW1lSUQ+DQogICAgICA8c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+DQogICAgICAgIDxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdEJlZm9yZT0iMjk5OS0wNi0xN1QxNDo1OToxNFoiIFJlY2lwaWVudD0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiIEluUmVzcG9uc2VUbz0iXzU3YmNiZjcwLTdiMWYtMDEyZS1jODIxLTc4MmJjYjEzYmIzOCIvPg0KICAgICAgPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+DQogICAgPC9zYW1sOlN1YmplY3Q+DQogICAgPHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTAtMDYtMTdUMTQ6NTM6NDRaIiBOb3RPbk9yQWZ0ZXI9IjI5OTktMDYtMTdUMTQ6NTk6MTRaIj4NCiAgICAgIDxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+DQogICAgICAgIDxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9zdHVmZi5jb20vZW5kcG9pbnRzL21ldGFkYXRhLnBocDwvc2FtbDpBdWRpZW5jZT4NCiAgICAgIDwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KICAgIDwvc2FtbDpDb25kaXRpb25zPg0KICAgIDxzYW1sOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxMS0wNi0xN1QxNDo1NDowN1oiIFNlc3Npb25Ob3RPbk9yQWZ0ZXI9IjI5OTktMDYtMTdUMjI6NTQ6MTRaIiBTZXNzaW9uSW5kZXg9Il81MWJlMzc5NjVmZWI1NTc5ZDgwMzE0MTA3NjkzNmRjMmU5ZDFkOThlYmYiPg0KICAgICAgPHNhbWw6QXV0aG5Db250ZXh0Pg0KICAgICAgICA8c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZDwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj4NCiAgICAgIDwvc2FtbDpBdXRobkNvbnRleHQ+DQogICAgPC9zYW1sOkF1dGhuU3RhdGVtZW50Pg0KICAgIDxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgICAgIDxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJtYWlsIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj4NCiAgICAgICAgPHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+c29tZW9uZUBleGFtcGxlLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4NCiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+DQogICAgPC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgPC9zYW1sOkFzc2VydGlvbj4NCjwvc2FtbHA6UmVzcG9uc2U+ python3-saml-1.12.0/tests/data/responses/invalids/invalid_subjectconfirmation_noa.xml.base64000066400000000000000000000056241410551756100322720ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeGMzMmFlZDY3LTgyMGYtNDI5Ni0wYzIwLTIwNWExMGRkNTc4NyIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIiBEZXN0aW5hdGlvbj0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiIEluUmVzcG9uc2VUbz0iXzU3YmNiZjcwLTdiMWYtMDEyZS1jODIxLTc4MmJjYjEzYmIzOCI+DQogIDxzYW1sOklzc3Vlcj5odHRwOi8vaWRwLmV4YW1wbGUuY29tLzwvc2FtbDpJc3N1ZXI+DQogIDxzYW1scDpTdGF0dXM+DQogICAgPHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPg0KICA8L3NhbWxwOlN0YXR1cz4NCiAgPHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9InBmeDc4NDE5OTFjLWM3M2YtNDAzNS1lMmVlLWMxNzBjMGUxZDNlNCIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIj4NCiAgICA8c2FtbDpJc3N1ZXI+aHR0cDovL2lkcC5leGFtcGxlLmNvbS88L3NhbWw6SXNzdWVyPiAgICANCiAgICA8c2FtbDpTdWJqZWN0Pg0KICAgICAgPHNhbWw6TmFtZUlEIFNQTmFtZVF1YWxpZmllcj0iaGVsbG8uY29tIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+c29tZW9uZUBleGFtcGxlLmNvbTwvc2FtbDpOYW1lSUQ+DQogICAgICA8c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+DQogICAgICAgIDxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAxMC0wNi0xN1QxNDo1OToxNFoiIFJlY2lwaWVudD0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiIEluUmVzcG9uc2VUbz0iXzU3YmNiZjcwLTdiMWYtMDEyZS1jODIxLTc4MmJjYjEzYmIzOCIvPg0KICAgICAgPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+DQogICAgPC9zYW1sOlN1YmplY3Q+DQogICAgPHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTAtMDYtMTdUMTQ6NTM6NDRaIiBOb3RPbk9yQWZ0ZXI9IjIwOTktMDYtMTdUMTQ6NTk6MTRaIj4NCiAgICAgIDxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+DQogICAgICAgIDxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9zdHVmZi5jb20vZW5kcG9pbnRzL21ldGFkYXRhLnBocDwvc2FtbDpBdWRpZW5jZT4NCiAgICAgIDwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KICAgIDwvc2FtbDpDb25kaXRpb25zPg0KICAgIDxzYW1sOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxMS0wNi0xN1QxNDo1NDowN1oiIFNlc3Npb25Ob3RPbk9yQWZ0ZXI9IjIwOTktMDYtMTdUMjI6NTQ6MTRaIiBTZXNzaW9uSW5kZXg9Il81MWJlMzc5NjVmZWI1NTc5ZDgwMzE0MTA3NjkzNmRjMmU5ZDFkOThlYmYiPg0KICAgICAgPHNhbWw6QXV0aG5Db250ZXh0Pg0KICAgICAgICA8c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZDwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj4NCiAgICAgIDwvc2FtbDpBdXRobkNvbnRleHQ+DQogICAgPC9zYW1sOkF1dGhuU3RhdGVtZW50Pg0KICAgIDxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgICAgIDxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJtYWlsIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj4NCiAgICAgICAgPHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+c29tZW9uZUBleGFtcGxlLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4NCiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+DQogICAgPC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgPC9zYW1sOkFzc2VydGlvbj4NCjwvc2FtbHA6UmVzcG9uc2U+python3-saml-1.12.0/tests/data/responses/invalids/invalid_subjectconfirmation_recipient.xml.base64000066400000000000000000000056101410551756100334720ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeGMzMmFlZDY3LTgyMGYtNDI5Ni0wYzIwLTIwNWExMGRkNTc4NyIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIiBEZXN0aW5hdGlvbj0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiIEluUmVzcG9uc2VUbz0iXzU3YmNiZjcwLTdiMWYtMDEyZS1jODIxLTc4MmJjYjEzYmIzOCI+DQogIDxzYW1sOklzc3Vlcj5odHRwOi8vaWRwLmV4YW1wbGUuY29tLzwvc2FtbDpJc3N1ZXI+DQogIDxzYW1scDpTdGF0dXM+DQogICAgPHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPg0KICA8L3NhbWxwOlN0YXR1cz4NCiAgPHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9InBmeDc4NDE5OTFjLWM3M2YtNDAzNS1lMmVlLWMxNzBjMGUxZDNlNCIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIj4NCiAgICA8c2FtbDpJc3N1ZXI+aHR0cDovL2lkcC5leGFtcGxlLmNvbS88L3NhbWw6SXNzdWVyPiAgICANCiAgICA8c2FtbDpTdWJqZWN0Pg0KICAgICAgPHNhbWw6TmFtZUlEIFNQTmFtZVF1YWxpZmllcj0iaGVsbG8uY29tIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+c29tZW9uZUBleGFtcGxlLmNvbTwvc2FtbDpOYW1lSUQ+DQogICAgICA8c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+DQogICAgICAgIDxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAyMC0wNi0xN1QxNDo1OToxNFoiIFJlY2lwaWVudD0iaHR0cDovL2ludmFsaWQucmVjaXBlbnQuZXhhbXBsZS5jb20iIEluUmVzcG9uc2VUbz0iXzU3YmNiZjcwLTdiMWYtMDEyZS1jODIxLTc4MmJjYjEzYmIzOCIvPg0KICAgICAgPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+DQogICAgPC9zYW1sOlN1YmplY3Q+DQogICAgPHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTAtMDYtMTdUMTQ6NTM6NDRaIiBOb3RPbk9yQWZ0ZXI9IjIwOTktMDYtMTdUMTQ6NTk6MTRaIj4NCiAgICAgIDxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+DQogICAgICAgIDxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9zdHVmZi5jb20vZW5kcG9pbnRzL21ldGFkYXRhLnBocDwvc2FtbDpBdWRpZW5jZT4NCiAgICAgIDwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KICAgIDwvc2FtbDpDb25kaXRpb25zPg0KICAgIDxzYW1sOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxMS0wNi0xN1QxNDo1NDowN1oiIFNlc3Npb25Ob3RPbk9yQWZ0ZXI9IjIwOTktMDYtMTdUMjI6NTQ6MTRaIiBTZXNzaW9uSW5kZXg9Il81MWJlMzc5NjVmZWI1NTc5ZDgwMzE0MTA3NjkzNmRjMmU5ZDFkOThlYmYiPg0KICAgICAgPHNhbWw6QXV0aG5Db250ZXh0Pg0KICAgICAgICA8c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZDwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj4NCiAgICAgIDwvc2FtbDpBdXRobkNvbnRleHQ+DQogICAgPC9zYW1sOkF1dGhuU3RhdGVtZW50Pg0KICAgIDxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgICAgIDxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJtYWlsIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj4NCiAgICAgICAgPHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+c29tZW9uZUBleGFtcGxlLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4NCiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+DQogICAgPC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgPC9zYW1sOkFzc2VydGlvbj4NCjwvc2FtbHA6UmVzcG9uc2U+python3-saml-1.12.0/tests/data/responses/invalids/multiple_assertions.xml.base64000066400000000000000000000232761410551756100277670ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIElEPSJHT1NBTUxSMTI5MDExNzQ1NzE3OTQiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDEwLTExLTE4VDIxOjU3OjM3WiIgRGVzdGluYXRpb249IntyZWNpcGllbnR9Ij4NCiAgPHNhbWxwOlN0YXR1cz4NCiAgICA8c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+DQogIDxzYW1sOkFzc2VydGlvbiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIFZlcnNpb249IjIuMCIgSUQ9InBmeGE0NjU3NGRmLWIzYjAtYTA2YS0yM2M4LTYzNjQxMzE5ODc3MiIgSXNzdWVJbnN0YW50PSIyMDEwLTExLTE4VDIxOjU3OjM3WiI+DQogICAgPHNhbWw6SXNzdWVyPmh0dHBzOi8vYXBwLm9uZWxvZ2luLmNvbS9zYW1sL21ldGFkYXRhLzEzNTkwPC9zYW1sOklzc3Vlcj4NCiAgICA8ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgICAgIDxkczpTaWduZWRJbmZvPg0KICAgICAgICA8ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPg0KICAgICAgICA8ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3JzYS1zaGExIi8+DQogICAgICAgIDxkczpSZWZlcmVuY2UgVVJJPSIjcGZ4YTQ2NTc0ZGYtYjNiMC1hMDZhLTIzYzgtNjM2NDEzMTk4NzcyIj4NCiAgICAgICAgICA8ZHM6VHJhbnNmb3Jtcz4NCiAgICAgICAgICAgIDxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPg0KICAgICAgICAgICAgPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPg0KICAgICAgICAgIDwvZHM6VHJhbnNmb3Jtcz4NCiAgICAgICAgICA8ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz4NCiAgICAgICAgICA8ZHM6RGlnZXN0VmFsdWU+cEpRN01TL2VrNEtSUldHbXYvSDQzUmVIWU1zPTwvZHM6RGlnZXN0VmFsdWU+DQogICAgICAgIDwvZHM6UmVmZXJlbmNlPg0KICAgICAgPC9kczpTaWduZWRJbmZvPg0KICAgICAgPGRzOlNpZ25hdHVyZVZhbHVlPnlpdmVLY1BkRHB1RE5qNnNoclEzQUJ3ci9jQTNDcnlEMnBoRy94TFpzektXeFU1L21sYUt0OGV3YlpPZEtLdnRPczJwSEJ5NUR1YTNrOTRBRit6eEd5ZWw1Z09vd21veVhKcitBT3Ira1BPMHZsaTFWOG8zaFBQVVp3UmdTWDZROXBTMUNxUWdoS2lFYXNSeXlscXFKVWFQWXptT3pPRTgvWGxNa3dpV21PMD08L2RzOlNpZ25hdHVyZVZhbHVlPg0KICAgICAgPGRzOktleUluZm8+DQogICAgICAgIDxkczpYNTA5RGF0YT4NCiAgICAgICAgICA8ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUJyVENDQWFHZ0F3SUJBZ0lCQVRBREJnRUFNR2N4Q3pBSkJnTlZCQVlUQWxWVE1STXdFUVlEVlFRSURBcERZV3hwWm05eWJtbGhNUlV3RXdZRFZRUUhEQXhUWVc1MFlTQk5iMjVwWTJFeEVUQVBCZ05WQkFvTUNFOXVaVXh2WjJsdU1Sa3dGd1lEVlFRRERCQmhjSEF1YjI1bGJHOW5hVzR1WTI5dE1CNFhEVEV3TURNd09UQTVOVGcwTlZvWERURTFNRE13T1RBNU5UZzBOVm93WnpFTE1Ba0dBMVVFQmhNQ1ZWTXhFekFSQmdOVkJBZ01Da05oYkdsbWIzSnVhV0V4RlRBVEJnTlZCQWNNREZOaGJuUmhJRTF2Ym1sallURVJNQThHQTFVRUNnd0lUMjVsVEc5bmFXNHhHVEFYQmdOVkJBTU1FR0Z3Y0M1dmJtVnNiMmRwYmk1amIyMHdnWjh3RFFZSktvWklodmNOQVFFQkJRQURnWTBBTUlHSkFvR0JBT2pTdTFmalB5OGQ1dzRReUwxK3pkNGhJdzFNa2tmZjRXWS9UTEc4T1prVTVZVFNXbW1IUEQ1a3ZZSDV1b1hTLzZxUTgxcVhwUjJ3VjhDVG93WkpVTGcwOWRkUmRSbjhRc3FqMUZ5T0M1c2xFM3kyYloyb0Z1YTcyb2YvNDlmcHVqbkZUNktuUTYxQ0JNcWxEb1RRcU9UNjJ2R0o4blA2TVpXdkE2c3hxdWQ1QWdNQkFBRXdBd1lCQUFNQkFBPT08L2RzOlg1MDlDZXJ0aWZpY2F0ZT4NCiAgICAgICAgPC9kczpYNTA5RGF0YT4NCiAgICAgIDwvZHM6S2V5SW5mbz4NCiAgICA8L2RzOlNpZ25hdHVyZT4NCiAgICA8c2FtbDpTdWJqZWN0Pg0KICAgICAgPHNhbWw6TmFtZUlEIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6ZW1haWxBZGRyZXNzIj5zdXBwb3J0QG9uZWxvZ2luLmNvbTwvc2FtbDpOYW1lSUQ+DQogICAgICA8c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+DQogICAgICAgIDxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAxMC0xMS0xOFQyMjowMjozN1oiIFJlY2lwaWVudD0ie3JlY2lwaWVudH0iLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4NCiAgICA8L3NhbWw6U3ViamVjdD4NCiAgICA8c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxMC0xMS0xOFQyMTo1MjozN1oiIE5vdE9uT3JBZnRlcj0iMjAxMC0xMS0xOFQyMjowMjozN1oiPg0KICAgICAgPHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj4NCiAgICAgICAgPHNhbWw6QXVkaWVuY2U+e2F1ZGllbmNlfTwvc2FtbDpBdWRpZW5jZT4NCiAgICAgIDwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KICAgIDwvc2FtbDpDb25kaXRpb25zPg0KICAgIDxzYW1sOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxMC0xMS0xOFQyMTo1NzozN1oiIFNlc3Npb25Ob3RPbk9yQWZ0ZXI9IjIwMTAtMTEtMTlUMjE6NTc6MzdaIiBTZXNzaW9uSW5kZXg9Il81MzFjMzJkMjgzYmRmZjdlMDRlNDg3YmNkYmM0ZGQ4ZCI+DQogICAgICA8c2FtbDpBdXRobkNvbnRleHQ+DQogICAgICAgIDxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPg0KICAgICAgPC9zYW1sOkF1dGhuQ29udGV4dD4NCiAgICA8L3NhbWw6QXV0aG5TdGF0ZW1lbnQ+DQogICAgPHNhbWw6QXR0cmlidXRlU3RhdGVtZW50Pg0KICAgICAgPHNhbWw6QXR0cmlidXRlIE5hbWU9InVpZCI+DQogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+ZGVtbzwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4NCiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+DQogICAgICA8c2FtbDpBdHRyaWJ1dGUgTmFtZT0iYW5vdGhlcl92YWx1ZSI+DQogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+dmFsdWU8L3NhbWw6QXR0cmlidXRlVmFsdWU+DQogICAgICA8L3NhbWw6QXR0cmlidXRlPg0KICAgIDwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQogIDwvc2FtbDpBc3NlcnRpb24+DQogIDxzYW1sOkFzc2VydGlvbiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIFZlcnNpb249IjIuMCIgSUQ9InBmeGE0NjU3NGRmLWIzYjAtYTA2YS0yM2M4LTYzNjQxMzE5ODc3MyIgSXNzdWVJbnN0YW50PSIyMDEwLTExLTE4VDIxOjU3OjQ1WiI+DQogICAgPHNhbWw6SXNzdWVyPmh0dHBzOi8vYXBwLm9uZWxvZ2luLmNvbS9zYW1sL21ldGFkYXRhLzEzNTkwPC9zYW1sOklzc3Vlcj4NCiAgICA8ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgICAgIDxkczpTaWduZWRJbmZvPg0KICAgICAgICA8ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPg0KICAgICAgICA8ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3JzYS1zaGExIi8+DQogICAgICAgIDxkczpSZWZlcmVuY2UgVVJJPSIjcGZ4YTQ2NTc0ZGYtYjNiMC1hMDZhLTIzYzgtNjM2NDEzMTk4NzcyIj4NCiAgICAgICAgICA8ZHM6VHJhbnNmb3Jtcz4NCiAgICAgICAgICAgIDxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPg0KICAgICAgICAgICAgPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPg0KICAgICAgICAgIDwvZHM6VHJhbnNmb3Jtcz4NCiAgICAgICAgICA8ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz4NCiAgICAgICAgICA8ZHM6RGlnZXN0VmFsdWU+cEpRN01TL2VrNEtSUldHbXYvSDQzUmVIWU1zPTwvZHM6RGlnZXN0VmFsdWU+DQogICAgICAgIDwvZHM6UmVmZXJlbmNlPg0KICAgICAgPC9kczpTaWduZWRJbmZvPg0KICAgICAgPGRzOlNpZ25hdHVyZVZhbHVlPnlpdmVLY1BkRHB1RE5qNnNoclEzQUJ3ci9jQTNDcnlEMnBoRy94TFpzektXeFU1L21sYUt0OGV3YlpPZEtLdnRPczJwSEJ5NUR1YTNrOTRBRit6eEd5ZWw1Z09vd21veVhKcitBT3Ira1BPMHZsaTFWOG8zaFBQVVp3UmdTWDZROXBTMUNxUWdoS2lFYXNSeXlscXFKVWFQWXptT3pPRTgvWGxNa3dpV21PMD08L2RzOlNpZ25hdHVyZVZhbHVlPg0KICAgICAgPGRzOktleUluZm8+DQogICAgICAgIDxkczpYNTA5RGF0YT4NCiAgICAgICAgICA8ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUJyVENDQWFHZ0F3SUJBZ0lCQVRBREJnRUFNR2N4Q3pBSkJnTlZCQVlUQWxWVE1STXdFUVlEVlFRSURBcERZV3hwWm05eWJtbGhNUlV3RXdZRFZRUUhEQXhUWVc1MFlTQk5iMjVwWTJFeEVUQVBCZ05WQkFvTUNFOXVaVXh2WjJsdU1Sa3dGd1lEVlFRRERCQmhjSEF1YjI1bGJHOW5hVzR1WTI5dE1CNFhEVEV3TURNd09UQTVOVGcwTlZvWERURTFNRE13T1RBNU5UZzBOVm93WnpFTE1Ba0dBMVVFQmhNQ1ZWTXhFekFSQmdOVkJBZ01Da05oYkdsbWIzSnVhV0V4RlRBVEJnTlZCQWNNREZOaGJuUmhJRTF2Ym1sallURVJNQThHQTFVRUNnd0lUMjVsVEc5bmFXNHhHVEFYQmdOVkJBTU1FR0Z3Y0M1dmJtVnNiMmRwYmk1amIyMHdnWjh3RFFZSktvWklodmNOQVFFQkJRQURnWTBBTUlHSkFvR0JBT2pTdTFmalB5OGQ1dzRReUwxK3pkNGhJdzFNa2tmZjRXWS9UTEc4T1prVTVZVFNXbW1IUEQ1a3ZZSDV1b1hTLzZxUTgxcVhwUjJ3VjhDVG93WkpVTGcwOWRkUmRSbjhRc3FqMUZ5T0M1c2xFM3kyYloyb0Z1YTcyb2YvNDlmcHVqbkZUNktuUTYxQ0JNcWxEb1RRcU9UNjJ2R0o4blA2TVpXdkE2c3hxdWQ1QWdNQkFBRXdBd1lCQUFNQkFBPT08L2RzOlg1MDlDZXJ0aWZpY2F0ZT4NCiAgICAgICAgPC9kczpYNTA5RGF0YT4NCiAgICAgIDwvZHM6S2V5SW5mbz4NCiAgICA8L2RzOlNpZ25hdHVyZT4NCiAgICA8c2FtbDpTdWJqZWN0Pg0KICAgICAgPHNhbWw6TmFtZUlEIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6ZW1haWxBZGRyZXNzIj5zdXBwb3J0QG9uZWxvZ2luLmNvbTwvc2FtbDpOYW1lSUQ+DQogICAgICA8c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+DQogICAgICAgIDxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAxMC0xMS0xOFQyMjowMjo0NVoiIFJlY2lwaWVudD0ie3JlY2lwaWVudH0iLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4NCiAgICA8L3NhbWw6U3ViamVjdD4NCiAgICA8c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxMC0xMS0xOFQyMTo1MjozN1oiIE5vdE9uT3JBZnRlcj0iMjAxMC0xMS0xOFQyMjowMjo0NVoiPg0KICAgICAgPHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj4NCiAgICAgICAgPHNhbWw6QXVkaWVuY2U+e2F1ZGllbmNlfTwvc2FtbDpBdWRpZW5jZT4NCiAgICAgIDwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KICAgIDwvc2FtbDpDb25kaXRpb25zPg0KICAgIDxzYW1sOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxMC0xMS0xOFQyMTo1Nzo0NVoiIFNlc3Npb25Ob3RPbk9yQWZ0ZXI9IjIwMTAtMTEtMTlUMjE6NTc6NDVaIiBTZXNzaW9uSW5kZXg9Il81MzFjMzJkMjgzYmRmZjdlMDRlNDg3YmNkYmM0ZGQ4ZCI+DQogICAgICA8c2FtbDpBdXRobkNvbnRleHQ+DQogICAgICAgIDxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPg0KICAgICAgPC9zYW1sOkF1dGhuQ29udGV4dD4NCiAgICA8L3NhbWw6QXV0aG5TdGF0ZW1lbnQ+DQogICAgPHNhbWw6QXR0cmlidXRlU3RhdGVtZW50Pg0KICAgICAgPHNhbWw6QXR0cmlidXRlIE5hbWU9InVpZCI+DQogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+ZGVtbzwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4NCiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+DQogICAgICA8c2FtbDpBdHRyaWJ1dGUgTmFtZT0iYW5vdGhlcl92YWx1ZSI+DQogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+dmFsdWU8L3NhbWw6QXR0cmlidXRlVmFsdWU+DQogICAgICA8L3NhbWw6QXR0cmlidXRlPg0KICAgIDwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQogIDwvc2FtbDpBc3NlcnRpb24+DQo8L3NhbWxwOlJlc3BvbnNlPg== python3-saml-1.12.0/tests/data/responses/invalids/no_authnstatement.xml.base64000066400000000000000000000136241410551756100274160ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeGRmNWRiN2JiLTYwZDgtMWZhNi00OTBhLWFjMWMyZThjYWFhMiIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDItMTlUMDE6Mzc6MDFaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9pbmRleC5waHA/YWNzIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOXzVmZTlkNmU0OTliMmYwOTEzMjA2YWFiM2Y3MTkxNzI5MDQ5YmI4MDciPjxzYW1sOklzc3Vlcj5odHRwczovL3BpdGJ1bGsubm8taXAub3JnL3NpbXBsZXNhbWwvc2FtbDIvaWRwL21ldGFkYXRhLnBocDwvc2FtbDpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+DQogIDxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+DQogICAgPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIvPg0KICA8ZHM6UmVmZXJlbmNlIFVSST0iI3BmeGRmNWRiN2JiLTYwZDgtMWZhNi00OTBhLWFjMWMyZThjYWFhMiI+PGRzOlRyYW5zZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvZHM6VHJhbnNmb3Jtcz48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz48ZHM6RGlnZXN0VmFsdWU+bGJTZmtFR0JsNmZEN0JBc1prU25wYmQyNGJFPTwvZHM6RGlnZXN0VmFsdWU+PC9kczpSZWZlcmVuY2U+PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT56Y3YwSitsZ0V4R2tjSVVKYVp5ajdvZkFrY1VZc3dvckpiei9xdEo0WDBmSEtMYXB1eE0xYmlEbnJMTm5wUXhNSkJ3K092WG9sdWdHdVZBeEVyYmE5NTV2QlFtQTRCZXRZS0tKR09XcTkyMWpxKzVhdThtOWQzM2M1UTR6cDYzZld4UnRKV3AyVU05UnZ0aWd6enk2WWg0SE5yNVNkdUhzd1FJeFM2ZEQ2Lzg9PC9kczpTaWduYXR1cmVWYWx1ZT4NCjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUNnVENDQWVvQ0NRQ2JPbHJXRGRYN0ZUQU5CZ2txaGtpRzl3MEJBUVVGQURDQmhERUxNQWtHQTFVRUJoTUNUazh4R0RBV0JnTlZCQWdURDBGdVpISmxZWE1nVTI5c1ltVnlaekVNTUFvR0ExVUVCeE1EUm05dk1SQXdEZ1lEVlFRS0V3ZFZUa2xPUlZSVU1SZ3dGZ1lEVlFRREV3OW1aV2xrWlM1bGNteGhibWN1Ym04eElUQWZCZ2txaGtpRzl3MEJDUUVXRW1GdVpISmxZWE5BZFc1cGJtVjBkQzV1YnpBZUZ3MHdOekEyTVRVeE1qQXhNelZhRncwd056QTRNVFF4TWpBeE16VmFNSUdFTVFzd0NRWURWUVFHRXdKT1R6RVlNQllHQTFVRUNCTVBRVzVrY21WaGN5QlRiMnhpWlhKbk1Rd3dDZ1lEVlFRSEV3TkdiMjh4RURBT0JnTlZCQW9UQjFWT1NVNUZWRlF4R0RBV0JnTlZCQU1URDJabGFXUmxMbVZ5YkdGdVp5NXViekVoTUI4R0NTcUdTSWIzRFFFSkFSWVNZVzVrY21WaGMwQjFibWx1WlhSMExtNXZNSUdmTUEwR0NTcUdTSWIzRFFFQkFRVUFBNEdOQURDQmlRS0JnUURpdmJoUjdQNTE2eC9TM0JxS3h1cFFlMExPTm9saXVwaUJPZXNDTzNTSGJEcmwzK3E5SWJmbmZtRTA0ck51TWNQc0l4QjE2MVRkRHBJZXNMQ243YzhhUEhJU0tPdFBsQWVUWlNuYjhRQXU3YVJqWnEzK1BiclA1dVczVGNmQ0dQdEtUeXRIT2dlL09sSmJvMDc4ZFZoWFExNGQxRUR3WEpXMXJSWHVVdDRDOFFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQlFVQUE0R0JBQ0RWZnA4NkhPYnFZK2U4QlVvV1E5K1ZNUXgxQVNEb2hCandPc2cyV3lrVXFSWEYrZExmY1VIOWRXUjYzQ3RaSUtGRGJTdE5vbVBuUXo3bmJLK29ueWd3QnNwVkVibkh1VWloWnEzWlVkbXVtUXFDdzRVdnMvMVV2cTNvck9vL1dKVmhUeXZMZ0ZWSzJRYXJRNC82N09aZkhkN1IrUE9CWGhvcGhTTXYxWk9vPC9kczpYNTA5Q2VydGlmaWNhdGU+PC9kczpYNTA5RGF0YT48L2RzOktleUluZm8+PC9kczpTaWduYXR1cmU+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+PHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9InBmeGI0ZWM5YzhhLTQ4ZWItZmRhMi03Zjc0LWZhMWExMDVhOTlmZSIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDItMTlUMDE6Mzc6MDFaIj48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9zaW1wbGVzYW1sL3NhbWwyL2lkcC9tZXRhZGF0YS5waHA8L3NhbWw6SXNzdWVyPjxzYW1sOlN1YmplY3Q+PHNhbWw6TmFtZUlEIFNQTmFtZVF1YWxpZmllcj0iaHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9tZXRhZGF0YS5waHAiIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6ZW1haWxBZGRyZXNzIj40OTI4ODI2MTVhY2YzMWM4MDk2YjYyNzI0NWQ3NmFlNTMwMzZjMDkwPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDIzLTA4LTIzVDA2OjU3OjAxWiIgUmVjaXBpZW50PSJodHRwczovL3BpdGJ1bGsubm8taXAub3JnL25ld29uZWxvZ2luL2RlbW8xL2luZGV4LnBocD9hY3MiIEluUmVzcG9uc2VUbz0iT05FTE9HSU5fNWZlOWQ2ZTQ5OWIyZjA5MTMyMDZhYWIzZjcxOTE3MjkwNDliYjgwNyIvPjwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE0LTAyLTE5VDAxOjM2OjMxWiIgTm90T25PckFmdGVyPSIyMDIzLTA4LTIzVDA2OjU3OjAxWiI+PHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48c2FtbDpBdWRpZW5jZT5odHRwczovL3BpdGJ1bGsubm8taXAub3JnL25ld29uZWxvZ2luL2RlbW8xL21ldGFkYXRhLnBocDwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9InVpZCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+c21hcnRpbjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJtYWlsIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5zbWFydGluQHlhY28uZXM8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0iY24iIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPlNpeHRvMzwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJzbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+TWFydGluMjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJlZHVQZXJzb25BZmZpbGlhdGlvbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+dXNlcjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5hZG1pbjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PC9zYW1sOkFzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg==python3-saml-1.12.0/tests/data/responses/invalids/no_conditions.xml.base64000066400000000000000000000137741410551756100265310ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeGQyMjJkZWI1LTZkMjktNWFiZC05NmM0LWFlOTk5ODZhYmVkNSIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDItMTlUMDE6Mzc6MDFaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9pbmRleC5waHA/YWNzIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOXzVmZTlkNmU0OTliMmYwOTEzMjA2YWFiM2Y3MTkxNzI5MDQ5YmI4MDciPjxzYW1sOklzc3Vlcj5odHRwczovL3BpdGJ1bGsubm8taXAub3JnL3NpbXBsZXNhbWwvc2FtbDIvaWRwL21ldGFkYXRhLnBocDwvc2FtbDpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+DQogIDxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+DQogICAgPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIvPg0KICA8ZHM6UmVmZXJlbmNlIFVSST0iI3BmeGQyMjJkZWI1LTZkMjktNWFiZC05NmM0LWFlOTk5ODZhYmVkNSI+PGRzOlRyYW5zZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvZHM6VHJhbnNmb3Jtcz48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz48ZHM6RGlnZXN0VmFsdWU+Sm03Qm5JTEJ3V2h2TW1ZTjd4WG01dDR0ZEZVPTwvZHM6RGlnZXN0VmFsdWU+PC9kczpSZWZlcmVuY2U+PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5XRGw3K2RMclN4Ym95bTNWZzBXWTBrLzVDNWZxaDNNUWZPcXQraExDTXMwKzl3ekY4SHduWlJwLzRCMlJGOVBiUVAzc1d6VUY5QWNWeUErUFM4bU5aUnRzRzN4amFabE5BMWV3ZlQ3blFHZ1EvUkxLckhHeW9Bc3VaT0pLTDNqVjJiOGFSTE8rdSsrcmdoZUZSWm1wTkxVanBFTkdFZ3ZWc3ptcGN5aHFCd2c9PC9kczpTaWduYXR1cmVWYWx1ZT4NCjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUNnVENDQWVvQ0NRQ2JPbHJXRGRYN0ZUQU5CZ2txaGtpRzl3MEJBUVVGQURDQmhERUxNQWtHQTFVRUJoTUNUazh4R0RBV0JnTlZCQWdURDBGdVpISmxZWE1nVTI5c1ltVnlaekVNTUFvR0ExVUVCeE1EUm05dk1SQXdEZ1lEVlFRS0V3ZFZUa2xPUlZSVU1SZ3dGZ1lEVlFRREV3OW1aV2xrWlM1bGNteGhibWN1Ym04eElUQWZCZ2txaGtpRzl3MEJDUUVXRW1GdVpISmxZWE5BZFc1cGJtVjBkQzV1YnpBZUZ3MHdOekEyTVRVeE1qQXhNelZhRncwd056QTRNVFF4TWpBeE16VmFNSUdFTVFzd0NRWURWUVFHRXdKT1R6RVlNQllHQTFVRUNCTVBRVzVrY21WaGN5QlRiMnhpWlhKbk1Rd3dDZ1lEVlFRSEV3TkdiMjh4RURBT0JnTlZCQW9UQjFWT1NVNUZWRlF4R0RBV0JnTlZCQU1URDJabGFXUmxMbVZ5YkdGdVp5NXViekVoTUI4R0NTcUdTSWIzRFFFSkFSWVNZVzVrY21WaGMwQjFibWx1WlhSMExtNXZNSUdmTUEwR0NTcUdTSWIzRFFFQkFRVUFBNEdOQURDQmlRS0JnUURpdmJoUjdQNTE2eC9TM0JxS3h1cFFlMExPTm9saXVwaUJPZXNDTzNTSGJEcmwzK3E5SWJmbmZtRTA0ck51TWNQc0l4QjE2MVRkRHBJZXNMQ243YzhhUEhJU0tPdFBsQWVUWlNuYjhRQXU3YVJqWnEzK1BiclA1dVczVGNmQ0dQdEtUeXRIT2dlL09sSmJvMDc4ZFZoWFExNGQxRUR3WEpXMXJSWHVVdDRDOFFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQlFVQUE0R0JBQ0RWZnA4NkhPYnFZK2U4QlVvV1E5K1ZNUXgxQVNEb2hCandPc2cyV3lrVXFSWEYrZExmY1VIOWRXUjYzQ3RaSUtGRGJTdE5vbVBuUXo3bmJLK29ueWd3QnNwVkVibkh1VWloWnEzWlVkbXVtUXFDdzRVdnMvMVV2cTNvck9vL1dKVmhUeXZMZ0ZWSzJRYXJRNC82N09aZkhkN1IrUE9CWGhvcGhTTXYxWk9vPC9kczpYNTA5Q2VydGlmaWNhdGU+PC9kczpYNTA5RGF0YT48L2RzOktleUluZm8+PC9kczpTaWduYXR1cmU+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+PHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9InBmeGI0ZWM5YzhhLTQ4ZWItZmRhMi03Zjc0LWZhMWExMDVhOTlmZSIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDItMTlUMDE6Mzc6MDFaIj48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9zaW1wbGVzYW1sL3NhbWwyL2lkcC9tZXRhZGF0YS5waHA8L3NhbWw6SXNzdWVyPjxzYW1sOlN1YmplY3Q+PHNhbWw6TmFtZUlEIFNQTmFtZVF1YWxpZmllcj0iaHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9tZXRhZGF0YS5waHAiIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6ZW1haWxBZGRyZXNzIj40OTI4ODI2MTVhY2YzMWM4MDk2YjYyNzI0NWQ3NmFlNTMwMzZjMDkwPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDIzLTA4LTIzVDA2OjU3OjAxWiIgUmVjaXBpZW50PSJodHRwczovL3BpdGJ1bGsubm8taXAub3JnL25ld29uZWxvZ2luL2RlbW8xL2luZGV4LnBocD9hY3MiIEluUmVzcG9uc2VUbz0iT05FTE9HSU5fNWZlOWQ2ZTQ5OWIyZjA5MTMyMDZhYWIzZjcxOTE3MjkwNDliYjgwNyIvPjwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxNC0wMi0xOVQwMTozNzowMVoiIFNlc3Npb25Ob3RPbk9yQWZ0ZXI9IjIwMTQtMDItMTlUMDk6Mzc6MDFaIiBTZXNzaW9uSW5kZXg9Il82MjczZDc3YjhjZGUwYzMzM2VjNzlkMjJhOWZhMDAwM2I5ZmUyZDc1Y2IiPjxzYW1sOkF1dGhuQ29udGV4dD48c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZDwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj48L3NhbWw6QXV0aG5Db250ZXh0Pjwvc2FtbDpBdXRoblN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9InVpZCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+c21hcnRpbjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJtYWlsIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5zbWFydGluQHlhY28uZXM8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0iY24iIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPlNpeHRvMzwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJzbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+TWFydGluMjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJlZHVQZXJzb25BZmZpbGlhdGlvbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+dXNlcjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5hZG1pbjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PC9zYW1sOkFzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg==python3-saml-1.12.0/tests/data/responses/invalids/no_id.xml.base64000066400000000000000000000072511410551756100247450ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTAyLTE5VDAxOjA1OjQ5WiIgRGVzdGluYXRpb249Imh0dHBzOi8vZXhhbXBsZS5jb20vbmV3b25lbG9naW4vZGVtbzEvaW5kZXgucGhwP2FjcyIgSW5SZXNwb25zZVRvPSJPTkVMT0dJTl9hZjNkNGE3MTBmYzhiMzA1ODg0Yjk2ZDAwOTRhYjYyODgwMmY1NjkyIj48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9leGFtcGxlLmNvbS9zaW1wbGVzYW1sL3NhbWwyL2lkcC9tZXRhZGF0YS5waHA8L3NhbWw6SXNzdWVyPjxzYW1sOkFzc2VydGlvbiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIElEPSJwZng3ZTQ4ZmQ3NS1jZTJiLTYwZWQtMjllZS1lNzk4NDZjOTU5YzYiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTAyLTE5VDAxOjA1OjQ5WiI+PHNhbWw6SXNzdWVyPmh0dHBzOi8vZXhhbXBsZS5jb20vc2ltcGxlc2FtbC9zYW1sMi9pZHAvbWV0YWRhdGEucGhwPC9zYW1sOklzc3Vlcj4NCjxzYW1sOlN1YmplY3Q+PHNhbWw6TmFtZUlEIFNQTmFtZVF1YWxpZmllcj0iaHR0cHM6Ly9leGFtcGxlLmNvbS9uZXdvbmVsb2dpbi9kZW1vMS9tZXRhZGF0YS5waHAiIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6ZW1haWxBZGRyZXNzIj40OTI4ODI2MTVhY2YzMWM4MDk2YjYyNzI0NWQ3NmFlNTMwMzZjMDkwPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDE0LTAyLTE5VDAxOjEwOjQ5WiIgUmVjaXBpZW50PSJodHRwczovL2V4YW1wbGUuY29tL25ld29uZWxvZ2luL2RlbW8xL2luZGV4LnBocD9hY3MiIEluUmVzcG9uc2VUbz0iT05FTE9HSU5fYWYzZDRhNzEwZmM4YjMwNTg4NGI5NmQwMDk0YWI2Mjg4MDJmNTY5MiIvPjwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE0LTAyLTE5VDAxOjA1OjE5WiIgTm90T25PckFmdGVyPSIyMDE0LTAyLTE5VDAxOjEwOjQ5WiI+PHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48c2FtbDpBdWRpZW5jZT5odHRwczovL2V4YW1wbGUuY29tL25ld29uZWxvZ2luL2RlbW8xL21ldGFkYXRhLnBocDwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMTQtMDItMThUMTk6NDI6MjBaIiBTZXNzaW9uTm90T25PckFmdGVyPSIyMDE0LTAyLTE5VDA5OjA1OjQ5WiIgU2Vzc2lvbkluZGV4PSJfMGY0ZjE4OGRjMWJmZDNiZmVhMzZhMTYzNGE3NDQxNTgzYWZjM2IzNzgxIj48c2FtbDpBdXRobkNvbnRleHQ+PHNhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmQ8L3NhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+PC9zYW1sOkF1dGhuQ29udGV4dD48L3NhbWw6QXV0aG5TdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJ1aWQiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPnVzZXI8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0ibWFpbCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+dXNlckBleGFtcGxlLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJjbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+dGVzdDwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJzbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+dXNlcjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJlZHVQZXJzb25BZmZpbGlhdGlvbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+dXNlcjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5hZG1pbjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PC9zYW1sOkFzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg== python3-saml-1.12.0/tests/data/responses/invalids/no_issuer_assertion.xml.base64000066400000000000000000000143141410551756100277500ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeDBlNmM5NjUzLTEwNjgtYzhjNS1iNzVjLWU2OTA1ZTE0M2Q0NCIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDItMTlUMDE6Mzc6MDFaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9pbmRleC5waHA/YWNzIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOXzVmZTlkNmU0OTliMmYwOTEzMjA2YWFiM2Y3MTkxNzI5MDQ5YmI4MDciPjxzYW1sOklzc3Vlcj5odHRwczovL3BpdGJ1bGsubm8taXAub3JnL3NpbXBsZXNhbWwvc2FtbDIvaWRwL21ldGFkYXRhLnBocDwvc2FtbDpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+DQogIDxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+DQogICAgPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIvPg0KICA8ZHM6UmVmZXJlbmNlIFVSST0iI3BmeDBlNmM5NjUzLTEwNjgtYzhjNS1iNzVjLWU2OTA1ZTE0M2Q0NCI+PGRzOlRyYW5zZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvZHM6VHJhbnNmb3Jtcz48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz48ZHM6RGlnZXN0VmFsdWU+KzhLSEl6dHh6SXNzMzNZZzlzRTVjTDlBRFpBPTwvZHM6RGlnZXN0VmFsdWU+PC9kczpSZWZlcmVuY2U+PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5yK21CNi9NU3pSS0VGNi9NZGY4M29QeE9ZelFWQ2IvUVIvNlVieG10cmVqbnRFRnN2ZFZSckhmMmd5TUUyZTBGd21ta3JQbEtzcHl2ZDhXbVN2ckV0T0pZaERLRWRYUThtUnRmZWgvY1M4M3pFYmRGSG9ubTd2YkJiU2VxSDBIN2g3S1UxSStqeEwyZVRpQWlubkpHeWhhVHNmaVAxNzdXZmlXVmQ4SHBOY289PC9kczpTaWduYXR1cmVWYWx1ZT4NCjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUNnVENDQWVvQ0NRQ2JPbHJXRGRYN0ZUQU5CZ2txaGtpRzl3MEJBUVVGQURDQmhERUxNQWtHQTFVRUJoTUNUazh4R0RBV0JnTlZCQWdURDBGdVpISmxZWE1nVTI5c1ltVnlaekVNTUFvR0ExVUVCeE1EUm05dk1SQXdEZ1lEVlFRS0V3ZFZUa2xPUlZSVU1SZ3dGZ1lEVlFRREV3OW1aV2xrWlM1bGNteGhibWN1Ym04eElUQWZCZ2txaGtpRzl3MEJDUUVXRW1GdVpISmxZWE5BZFc1cGJtVjBkQzV1YnpBZUZ3MHdOekEyTVRVeE1qQXhNelZhRncwd056QTRNVFF4TWpBeE16VmFNSUdFTVFzd0NRWURWUVFHRXdKT1R6RVlNQllHQTFVRUNCTVBRVzVrY21WaGN5QlRiMnhpWlhKbk1Rd3dDZ1lEVlFRSEV3TkdiMjh4RURBT0JnTlZCQW9UQjFWT1NVNUZWRlF4R0RBV0JnTlZCQU1URDJabGFXUmxMbVZ5YkdGdVp5NXViekVoTUI4R0NTcUdTSWIzRFFFSkFSWVNZVzVrY21WaGMwQjFibWx1WlhSMExtNXZNSUdmTUEwR0NTcUdTSWIzRFFFQkFRVUFBNEdOQURDQmlRS0JnUURpdmJoUjdQNTE2eC9TM0JxS3h1cFFlMExPTm9saXVwaUJPZXNDTzNTSGJEcmwzK3E5SWJmbmZtRTA0ck51TWNQc0l4QjE2MVRkRHBJZXNMQ243YzhhUEhJU0tPdFBsQWVUWlNuYjhRQXU3YVJqWnEzK1BiclA1dVczVGNmQ0dQdEtUeXRIT2dlL09sSmJvMDc4ZFZoWFExNGQxRUR3WEpXMXJSWHVVdDRDOFFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQlFVQUE0R0JBQ0RWZnA4NkhPYnFZK2U4QlVvV1E5K1ZNUXgxQVNEb2hCandPc2cyV3lrVXFSWEYrZExmY1VIOWRXUjYzQ3RaSUtGRGJTdE5vbVBuUXo3bmJLK29ueWd3QnNwVkVibkh1VWloWnEzWlVkbXVtUXFDdzRVdnMvMVV2cTNvck9vL1dKVmhUeXZMZ0ZWSzJRYXJRNC82N09aZkhkN1IrUE9CWGhvcGhTTXYxWk9vPC9kczpYNTA5Q2VydGlmaWNhdGU+PC9kczpYNTA5RGF0YT48L2RzOktleUluZm8+PC9kczpTaWduYXR1cmU+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+PHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9InBmeGI0ZWM5YzhhLTQ4ZWItZmRhMi03Zjc0LWZhMWExMDVhOTlmZSIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDItMTlUMDE6Mzc6MDFaIj48c2FtbDpTdWJqZWN0PjxzYW1sOk5hbWVJRCBTUE5hbWVRdWFsaWZpZXI9Imh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvbmV3b25lbG9naW4vZGVtbzEvbWV0YWRhdGEucGhwIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+NDkyODgyNjE1YWNmMzFjODA5NmI2MjcyNDVkNzZhZTUzMDM2YzA5MDwvc2FtbDpOYW1lSUQ+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAyMy0wOC0yM1QwNjo1NzowMVoiIFJlY2lwaWVudD0iaHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9pbmRleC5waHA/YWNzIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOXzVmZTlkNmU0OTliMmYwOTEzMjA2YWFiM2Y3MTkxNzI5MDQ5YmI4MDciLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWw6U3ViamVjdD48c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxNC0wMi0xOVQwMTozNjozMVoiIE5vdE9uT3JBZnRlcj0iMjAyMy0wOC0yM1QwNjo1NzowMVoiPjxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PHNhbWw6QXVkaWVuY2U+aHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9tZXRhZGF0YS5waHA8L3NhbWw6QXVkaWVuY2U+PC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PC9zYW1sOkNvbmRpdGlvbnM+PHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDE0LTAyLTE5VDAxOjM3OjAxWiIgU2Vzc2lvbk5vdE9uT3JBZnRlcj0iMjAxNC0wMi0xOVQwOTozNzowMVoiIFNlc3Npb25JbmRleD0iXzYyNzNkNzdiOGNkZTBjMzMzZWM3OWQyMmE5ZmEwMDAzYjlmZTJkNzVjYiI+PHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDpBdXRobkNvbnRleHQ+PC9zYW1sOkF1dGhuU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGUgTmFtZT0idWlkIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5zbWFydGluPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Im1haWwiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPnNtYXJ0aW5AeWFjby5lczwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJjbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+U2l4dG8zPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9InNuIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5NYXJ0aW4yPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9ImVkdVBlcnNvbkFmZmlsaWF0aW9uIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj51c2VyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPmFkbWluPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48L3NhbWw6QXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+python3-saml-1.12.0/tests/data/responses/invalids/no_issuer_response.xml.base64000066400000000000000000000142601410551756100275770ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJwZnhmMTA1MTkwNy0wZDZjLWI0NjctZjBiNC1kMDI4YTU4ZjNmNzIiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTAyLTE5VDAxOjM3OjAxWiIgRGVzdGluYXRpb249Imh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvbmV3b25lbG9naW4vZGVtbzEvaW5kZXgucGhwP2FjcyIgSW5SZXNwb25zZVRvPSJPTkVMT0dJTl81ZmU5ZDZlNDk5YjJmMDkxMzIwNmFhYjNmNzE5MTcyOTA0OWJiODA3Ij48c2FtbHA6U3RhdHVzPjxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz48L3NhbWxwOlN0YXR1cz48c2FtbDpBc3NlcnRpb24geG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiBJRD0icGZ4NGFhZGFlMTQtMmY5MC0xZDI1LWJlOTAtYjdjMzI3NzdkODU5IiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxNC0wMi0xOVQwMTozNzowMVoiPjxzYW1sOklzc3Vlcj5odHRwczovL3BpdGJ1bGsubm8taXAub3JnL3NpbXBsZXNhbWwvc2FtbDIvaWRwL21ldGFkYXRhLnBocDwvc2FtbDpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+DQogIDxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+DQogICAgPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIvPg0KICA8ZHM6UmVmZXJlbmNlIFVSST0iI3BmeDRhYWRhZTE0LTJmOTAtMWQyNS1iZTkwLWI3YzMyNzc3ZDg1OSI+PGRzOlRyYW5zZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvZHM6VHJhbnNmb3Jtcz48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz48ZHM6RGlnZXN0VmFsdWU+T1R6Slg2cmNnUXdnM3dsOEZGMUZkUWFYY1QwPTwvZHM6RGlnZXN0VmFsdWU+PC9kczpSZWZlcmVuY2U+PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5GQlRWMXVGVk1WQ0NXelNvdTFxK3kvMzRZVVp1RnlLUzFyaktEREV0aHNVV0ZnVU10S3pQcU9VOFc2enN2MmdZaG0xQ09qd01yenFZUG5WTGViWmtQZ0VNYUlRZW9DR1M0M0pqYllzWk9sakgxZWo5Z3Z6SDM3NHBZMUd6UUx1QXllYmxlL3B4ZmZSMEY5NklYbnFjbjFySnJQM1puR0k1RGcxV3BpbVphWTQ9PC9kczpTaWduYXR1cmVWYWx1ZT4NCjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUNnVENDQWVvQ0NRQ2JPbHJXRGRYN0ZUQU5CZ2txaGtpRzl3MEJBUVVGQURDQmhERUxNQWtHQTFVRUJoTUNUazh4R0RBV0JnTlZCQWdURDBGdVpISmxZWE1nVTI5c1ltVnlaekVNTUFvR0ExVUVCeE1EUm05dk1SQXdEZ1lEVlFRS0V3ZFZUa2xPUlZSVU1SZ3dGZ1lEVlFRREV3OW1aV2xrWlM1bGNteGhibWN1Ym04eElUQWZCZ2txaGtpRzl3MEJDUUVXRW1GdVpISmxZWE5BZFc1cGJtVjBkQzV1YnpBZUZ3MHdOekEyTVRVeE1qQXhNelZhRncwd056QTRNVFF4TWpBeE16VmFNSUdFTVFzd0NRWURWUVFHRXdKT1R6RVlNQllHQTFVRUNCTVBRVzVrY21WaGN5QlRiMnhpWlhKbk1Rd3dDZ1lEVlFRSEV3TkdiMjh4RURBT0JnTlZCQW9UQjFWT1NVNUZWRlF4R0RBV0JnTlZCQU1URDJabGFXUmxMbVZ5YkdGdVp5NXViekVoTUI4R0NTcUdTSWIzRFFFSkFSWVNZVzVrY21WaGMwQjFibWx1WlhSMExtNXZNSUdmTUEwR0NTcUdTSWIzRFFFQkFRVUFBNEdOQURDQmlRS0JnUURpdmJoUjdQNTE2eC9TM0JxS3h1cFFlMExPTm9saXVwaUJPZXNDTzNTSGJEcmwzK3E5SWJmbmZtRTA0ck51TWNQc0l4QjE2MVRkRHBJZXNMQ243YzhhUEhJU0tPdFBsQWVUWlNuYjhRQXU3YVJqWnEzK1BiclA1dVczVGNmQ0dQdEtUeXRIT2dlL09sSmJvMDc4ZFZoWFExNGQxRUR3WEpXMXJSWHVVdDRDOFFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQlFVQUE0R0JBQ0RWZnA4NkhPYnFZK2U4QlVvV1E5K1ZNUXgxQVNEb2hCandPc2cyV3lrVXFSWEYrZExmY1VIOWRXUjYzQ3RaSUtGRGJTdE5vbVBuUXo3bmJLK29ueWd3QnNwVkVibkh1VWloWnEzWlVkbXVtUXFDdzRVdnMvMVV2cTNvck9vL1dKVmhUeXZMZ0ZWSzJRYXJRNC82N09aZkhkN1IrUE9CWGhvcGhTTXYxWk9vPC9kczpYNTA5Q2VydGlmaWNhdGU+PC9kczpYNTA5RGF0YT48L2RzOktleUluZm8+PC9kczpTaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQgU1BOYW1lUXVhbGlmaWVyPSJodHRwczovL3BpdGJ1bGsubm8taXAub3JnL25ld29uZWxvZ2luL2RlbW8xL21ldGFkYXRhLnBocCIgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjE6bmFtZWlkLWZvcm1hdDplbWFpbEFkZHJlc3MiPjQ5Mjg4MjYxNWFjZjMxYzgwOTZiNjI3MjQ1ZDc2YWU1MzAzNmMwOTA8L3NhbWw6TmFtZUlEPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBOb3RPbk9yQWZ0ZXI9IjIwMjMtMDgtMjNUMDY6NTc6MDFaIiBSZWNpcGllbnQ9Imh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvbmV3b25lbG9naW4vZGVtbzEvaW5kZXgucGhwP2FjcyIgSW5SZXNwb25zZVRvPSJPTkVMT0dJTl81ZmU5ZDZlNDk5YjJmMDkxMzIwNmFhYjNmNzE5MTcyOTA0OWJiODA3Ii8+PC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+PC9zYW1sOlN1YmplY3Q+PHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTQtMDItMTlUMDE6MzY6MzFaIiBOb3RPbk9yQWZ0ZXI9IjIwMjMtMDgtMjNUMDY6NTc6MDFaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvbmV3b25lbG9naW4vZGVtbzEvbWV0YWRhdGEucGhwPC9zYW1sOkF1ZGllbmNlPjwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjwvc2FtbDpDb25kaXRpb25zPjxzYW1sOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxNC0wMi0xOVQwMTozNzowMVoiIFNlc3Npb25Ob3RPbk9yQWZ0ZXI9IjIwMTQtMDItMTlUMDk6Mzc6MDFaIiBTZXNzaW9uSW5kZXg9Il82MjczZDc3YjhjZGUwYzMzM2VjNzlkMjJhOWZhMDAwM2I5ZmUyZDc1Y2IiPjxzYW1sOkF1dGhuQ29udGV4dD48c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZDwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj48L3NhbWw6QXV0aG5Db250ZXh0Pjwvc2FtbDpBdXRoblN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9InVpZCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+c21hcnRpbjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJtYWlsIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5zbWFydGluQHlhY28uZXM8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0iY24iIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPlNpeHRvMzwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJzbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+TWFydGluMjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJlZHVQZXJzb25BZmZpbGlhdGlvbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+dXNlcjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5hZG1pbjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PC9zYW1sOkFzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg==python3-saml-1.12.0/tests/data/responses/invalids/no_key.xml.base64000066400000000000000000000064351410551756100251440ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJwZngwNWYzY2UxMC0xNjE1LWYzZWEtYTk4OC02MGUzODBiMzI5OWYiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTAyLTE5VDAxOjM3OjAxWiIgRGVzdGluYXRpb249Imh0dHBzOi8vZXhhbXBsZS5jb20vbmV3b25lbG9naW4vZGVtbzEvaW5kZXgucGhwP2FjcyIgSW5SZXNwb25zZVRvPSJPTkVMT0dJTl81ZmU5ZDZlNDk5YjJmMDkxMzIwNmFhYjNmNzE5MTcyOTA0OWJiODA3Ij48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9leGFtcGxlLmNvbS9zaW1wbGVzYW1sL3NhbWwyL2lkcC9tZXRhZGF0YS5waHA8L3NhbWw6SXNzdWVyPjxzYW1scDpTdGF0dXM+PHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbHA6U3RhdHVzPjxzYW1sOkFzc2VydGlvbiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIElEPSJwZnhiNGVjOWM4YS00OGViLWZkYTItN2Y3NC1mYTFhMTA1YTk5ZmUiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTAyLTE5VDAxOjM3OjAxWiI+PHNhbWw6SXNzdWVyPmh0dHBzOi8vZXhhbXBsZS5jb20vc2ltcGxlc2FtbC9zYW1sMi9pZHAvbWV0YWRhdGEucGhwPC9zYW1sOklzc3Vlcj48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgPGRzOlNpZ25lZEluZm8+PGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4gICAgDQogIDxkczpSZWZlcmVuY2UgVVJJPSIjcGZ4YjRlYzljOGEtNDhlYi1mZGEyLTdmNzQtZmExYTEwNWE5OWZlIj48ZHM6VHJhbnNmb3Jtcz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PC9kczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIvPjxkczpEaWdlc3RWYWx1ZT5obnBUOWN1ZTZ0Qks0SVpPajUwZU1tM21DZ0k9PC9kczpEaWdlc3RWYWx1ZT48L2RzOlJlZmVyZW5jZT48L2RzOlNpZ25lZEluZm8+DQo8L2RzOlNpZ25hdHVyZT48c2FtbDpTdWJqZWN0PjxzYW1sOk5hbWVJRCBTUE5hbWVRdWFsaWZpZXI9Imh0dHBzOi8vZXhhbXBsZS5jb20vbmV3b25lbG9naW4vZGVtbzEvbWV0YWRhdGEucGhwIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+NDkyODgyNjE1YWNmMzFjODA5NmI2MjcyNDVkNzZhZTUzMDM2YzA5MDwvc2FtbDpOYW1lSUQ+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAyMy0wOC0yM1QwNjo1NzowMVoiIFJlY2lwaWVudD0iaHR0cHM6Ly9leGFtcGxlLmNvbS9uZXdvbmVsb2dpbi9kZW1vMS9pbmRleC5waHA/YWNzIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOXzVmZTlkNmU0OTliMmYwOTEzMjA2YWFiM2Y3MTkxNzI5MDQ5YmI4MDciLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWw6U3ViamVjdD48c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxNC0wMi0xOVQwMTozNjozMVoiIE5vdE9uT3JBZnRlcj0iMjAyMy0wOC0yM1QwNjo1NzowMVoiPjxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PHNhbWw6QXVkaWVuY2U+aHR0cHM6Ly9leGFtcGxlLmNvbS9uZXdvbmVsb2dpbi9kZW1vMS9tZXRhZGF0YS5waHA8L3NhbWw6QXVkaWVuY2U+PC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PC9zYW1sOkNvbmRpdGlvbnM+PHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDE0LTAyLTE5VDAxOjM3OjAxWiIgU2Vzc2lvbk5vdE9uT3JBZnRlcj0iMjAxNC0wMi0xOVQwOTozNzowMVoiIFNlc3Npb25JbmRleD0iXzYyNzNkNzdiOGNkZTBjMzMzZWM3OWQyMmE5ZmEwMDAzYjlmZTJkNzVjYiI+PHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDpBdXRobkNvbnRleHQ+PC9zYW1sOkF1dGhuU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+PC9zYW1scDpSZXNwb25zZT4= python3-saml-1.12.0/tests/data/responses/invalids/no_nameid.xml.base64000066400000000000000000000053241410551756100256050ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeGMzMmFlZDY3LTgyMGYtNDI5Ni0wYzIwLTIwNWExMGRkNTc4NyIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIiBEZXN0aW5hdGlvbj0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiIEluUmVzcG9uc2VUbz0iXzU3YmNiZjcwLTdiMWYtMDEyZS1jODIxLTc4MmJjYjEzYmIzOCI+DQogIDxzYW1sOklzc3Vlcj5odHRwOi8vaWRwLmV4YW1wbGUuY29tLzwvc2FtbDpJc3N1ZXI+DQogIDxzYW1scDpTdGF0dXM+DQogICAgPHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPg0KICA8L3NhbWxwOlN0YXR1cz4NCiAgPHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9InBmeDc4NDE5OTFjLWM3M2YtNDAzNS1lMmVlLWMxNzBjMGUxZDNlNCIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIj4NCiAgICA8c2FtbDpJc3N1ZXI+aHR0cDovL2lkcC5leGFtcGxlLmNvbS88L3NhbWw6SXNzdWVyPiAgICANCiAgICA8c2FtbDpTdWJqZWN0Pg0KICAgICAgPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPg0KICAgICAgICA8c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBOb3RPbk9yQWZ0ZXI9IjIwMjAtMDYtMTdUMTQ6NTk6MTRaIiBSZWNpcGllbnQ9Imh0dHA6Ly9zdHVmZi5jb20vZW5kcG9pbnRzL2VuZHBvaW50cy9hY3MucGhwIiBJblJlc3BvbnNlVG89Il81N2JjYmY3MC03YjFmLTAxMmUtYzgyMS03ODJiY2IxM2JiMzgiLz4NCiAgICAgIDwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPg0KICAgIDwvc2FtbDpTdWJqZWN0Pg0KICAgIDxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDEwLTA2LTE3VDE0OjUzOjQ0WiIgTm90T25PckFmdGVyPSIyMDk5LTA2LTE3VDE0OjU5OjE0WiI+DQogICAgICA8c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KICAgICAgICA8c2FtbDpBdWRpZW5jZT5odHRwOi8vc3R1ZmYuY29tL2VuZHBvaW50cy9tZXRhZGF0YS5waHA8L3NhbWw6QXVkaWVuY2U+DQogICAgICA8L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj4NCiAgICA8L3NhbWw6Q29uZGl0aW9ucz4NCiAgICA8c2FtbDpBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MDdaIiBTZXNzaW9uTm90T25PckFmdGVyPSIyMDk5LTA2LTE3VDIyOjU0OjE0WiIgU2Vzc2lvbkluZGV4PSJfNTFiZTM3OTY1ZmViNTU3OWQ4MDMxNDEwNzY5MzZkYzJlOWQxZDk4ZWJmIj4NCiAgICAgIDxzYW1sOkF1dGhuQ29udGV4dD4NCiAgICAgICAgPHNhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmQ8L3NhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+DQogICAgICA8L3NhbWw6QXV0aG5Db250ZXh0Pg0KICAgIDwvc2FtbDpBdXRoblN0YXRlbWVudD4NCiAgICA8c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQogICAgICA8c2FtbDpBdHRyaWJ1dGUgTmFtZT0ibWFpbCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+DQogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPnNvbWVvbmVAZXhhbXBsZS5jb208L3NhbWw6QXR0cmlidXRlVmFsdWU+DQogICAgICA8L3NhbWw6QXR0cmlidXRlPg0KICAgIDwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQogIDwvc2FtbDpBc3NlcnRpb24+DQo8L3NhbWxwOlJlc3BvbnNlPg==python3-saml-1.12.0/tests/data/responses/invalids/no_saml2.xml.base64000066400000000000000000000072151410551756100253670ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8UmVzcG9uc2UgeG1sbnM9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4wOmFzc2VydGlvbiINCiAgICB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4wOnByb3RvY29sIiB4bWxuczp4c2Q9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIg0KICAgIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIElzc3VlSW5zdGFudD0iMjAwOC0xMi0xMFQxNDoxMjoxNC44MTdaIg0KICAgIE1ham9yVmVyc2lvbj0iMSIgTWlub3JWZXJzaW9uPSIxIiBSZWNpcGllbnQ9Imh0dHBzOi8vZWlnZXIuaWFkLnZ0LmVkdS9kYXQvaG9tZS5kbyINCiAgICBSZXNwb25zZUlEPSJfNWM5NGI1NDMxYzU0MDM2NWU1YTcwYjI4NzRiNzU5OTYiPg0KICAgICAgPFN0YXR1cz4NCiAgICAgICAgPFN0YXR1c0NvZGUgVmFsdWU9InNhbWxwOlN1Y2Nlc3MiPg0KICAgICAgICA8L1N0YXR1c0NvZGU+DQogICAgICA8L1N0YXR1cz4NCiAgICAgIDxBc3NlcnRpb24geG1sbnM9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMDphc3NlcnRpb24iIEFzc2VydGlvbklEPSJfZTVjMjNmZjdhMzg4OWUxMmZhMDE4MDJhNDczMzE2NTMiDQogICAgICBJc3N1ZUluc3RhbnQ9IjIwMDgtMTItMTBUMTQ6MTI6MTQuODE3WiIgSXNzdWVyPSJsb2NhbGhvc3QiIE1ham9yVmVyc2lvbj0iMSINCiAgICAgIE1pbm9yVmVyc2lvbj0iMSI+DQogICAgICAgIDxDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAwOC0xMi0xMFQxNDoxMjoxNC44MTdaIiBOb3RPbk9yQWZ0ZXI9IjIwMDgtMTItMTBUMTQ6MTI6NDQuODE3WiI+DQogICAgICAgICAgPEF1ZGllbmNlUmVzdHJpY3Rpb25Db25kaXRpb24+DQogICAgICAgICAgICA8QXVkaWVuY2U+DQogICAgICAgICAgICAgIGh0dHBzOi8vc29tZS1zZXJ2aWNlLmV4YW1wbGUuY29tL2FwcC8NCiAgICAgICAgICAgIDwvQXVkaWVuY2U+DQogICAgICAgICAgPC9BdWRpZW5jZVJlc3RyaWN0aW9uQ29uZGl0aW9uPg0KICAgICAgICA8L0NvbmRpdGlvbnM+DQogICAgICAgIDxBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQogICAgICAgICAgPFN1YmplY3Q+DQogICAgICAgICAgICA8TmFtZUlkZW50aWZpZXI+am9obnE8L05hbWVJZGVudGlmaWVyPg0KICAgICAgICAgICAgPFN1YmplY3RDb25maXJtYXRpb24+DQogICAgICAgICAgICAgIDxDb25maXJtYXRpb25NZXRob2Q+DQogICAgICAgICAgICAgICAgdXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4wOmNtOmFydGlmYWN0DQogICAgICAgICAgICAgIDwvQ29uZmlybWF0aW9uTWV0aG9kPg0KICAgICAgICAgICAgPC9TdWJqZWN0Q29uZmlybWF0aW9uPg0KICAgICAgICAgIDwvU3ViamVjdD4NCiAgICAgICAgICA8QXR0cmlidXRlIEF0dHJpYnV0ZU5hbWU9InVpZCIgQXR0cmlidXRlTmFtZXNwYWNlPSJodHRwOi8vd3d3LmphLXNpZy5vcmcvcHJvZHVjdHMvY2FzLyI+DQogICAgICAgICAgICA8QXR0cmlidXRlVmFsdWU+MTIzNDU8L0F0dHJpYnV0ZVZhbHVlPg0KICAgICAgICAgIDwvQXR0cmlidXRlPg0KICAgICAgICAgIDxBdHRyaWJ1dGUgQXR0cmlidXRlTmFtZT0iZ3JvdXBNZW1iZXJzaGlwIiBBdHRyaWJ1dGVOYW1lc3BhY2U9Imh0dHA6Ly93d3cuamEtc2lnLm9yZy9wcm9kdWN0cy9jYXMvIj4NCiAgICAgICAgICAgIDxBdHRyaWJ1dGVWYWx1ZT4NCiAgICAgICAgICAgICAgdXVnaWQ9bWlkZGxld2FyZS5zdGFmZixvdT1Hcm91cHMsZGM9dnQsZGM9ZWR1DQogICAgICAgICAgICA8L0F0dHJpYnV0ZVZhbHVlPg0KICAgICAgICAgIDwvQXR0cmlidXRlPg0KICAgICAgICAgIDxBdHRyaWJ1dGUgQXR0cmlidXRlTmFtZT0iZWR1UGVyc29uQWZmaWxpYXRpb24iIEF0dHJpYnV0ZU5hbWVzcGFjZT0iaHR0cDovL3d3dy5qYS1zaWcub3JnL3Byb2R1Y3RzL2Nhcy8iPg0KICAgICAgICAgICAgPEF0dHJpYnV0ZVZhbHVlPnN0YWZmPC9BdHRyaWJ1dGVWYWx1ZT4NCiAgICAgICAgICA8L0F0dHJpYnV0ZT4NCiAgICAgICAgICA8QXR0cmlidXRlIEF0dHJpYnV0ZU5hbWU9ImFjY291bnRTdGF0ZSIgQXR0cmlidXRlTmFtZXNwYWNlPSJodHRwOi8vd3d3LmphLXNpZy5vcmcvcHJvZHVjdHMvY2FzLyI+DQogICAgICAgICAgICA8QXR0cmlidXRlVmFsdWU+QUNUSVZFPC9BdHRyaWJ1dGVWYWx1ZT4NCiAgICAgICAgICA8L0F0dHJpYnV0ZT4NCiAgICAgICAgPC9BdHRyaWJ1dGVTdGF0ZW1lbnQ+DQogICAgICAgIDxBdXRoZW50aWNhdGlvblN0YXRlbWVudCBBdXRoZW50aWNhdGlvbkluc3RhbnQ9IjIwMDgtMTItMTBUMTQ6MTI6MTQuNzQxWiINCiAgICAgICAgQXV0aGVudGljYXRpb25NZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMDphbTpwYXNzd29yZCI+DQogICAgICAgICAgPFN1YmplY3Q+DQogICAgICAgICAgICA8TmFtZUlkZW50aWZpZXI+am9obnE8L05hbWVJZGVudGlmaWVyPg0KICAgICAgICAgICAgPFN1YmplY3RDb25maXJtYXRpb24+DQogICAgICAgICAgICAgIDxDb25maXJtYXRpb25NZXRob2Q+DQogICAgICAgICAgICAgICAgdXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4wOmNtOmFydGlmYWN0DQogICAgICAgICAgICAgIDwvQ29uZmlybWF0aW9uTWV0aG9kPg0KICAgICAgICAgICAgPC9TdWJqZWN0Q29uZmlybWF0aW9uPg0KICAgICAgICAgIDwvU3ViamVjdD4NCiAgICAgICAgPC9BdXRoZW50aWNhdGlvblN0YXRlbWVudD4NCiAgICAgIDwvQXNzZXJ0aW9uPg0KICAgIDwvUmVzcG9uc2U+ python3-saml-1.12.0/tests/data/responses/invalids/no_signature.xml.base64000066400000000000000000000050211410551756100263430ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJwZngwNWYzY2UxMC0xNjE1LWYzZWEtYTk4OC02MGUzODBiMzI5OWYiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTAyLTE5VDAxOjM3OjAxWiIgRGVzdGluYXRpb249Imh0dHBzOi8vZXhhbXBsZS5jb20vbmV3b25lbG9naW4vZGVtbzEvaW5kZXgucGhwP2FjcyIgSW5SZXNwb25zZVRvPSJPTkVMT0dJTl81ZmU5ZDZlNDk5YjJmMDkxMzIwNmFhYjNmNzE5MTcyOTA0OWJiODA3Ij48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9leGFtcGxlLmNvbS9zaW1wbGVzYW1sL3NhbWwyL2lkcC9tZXRhZGF0YS5waHA8L3NhbWw6SXNzdWVyPjxzYW1scDpTdGF0dXM+PHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbHA6U3RhdHVzPjxzYW1sOkFzc2VydGlvbiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIElEPSJwZnhiNGVjOWM4YS00OGViLWZkYTItN2Y3NC1mYTFhMTA1YTk5ZmUiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTAyLTE5VDAxOjM3OjAxWiI+PHNhbWw6SXNzdWVyPmh0dHBzOi8vZXhhbXBsZS5jb20vc2ltcGxlc2FtbC9zYW1sMi9pZHAvbWV0YWRhdGEucGhwPC9zYW1sOklzc3Vlcj48c2FtbDpTdWJqZWN0PjxzYW1sOk5hbWVJRCBTUE5hbWVRdWFsaWZpZXI9Imh0dHBzOi8vZXhhbXBsZS5jb20vbmV3b25lbG9naW4vZGVtbzEvbWV0YWRhdGEucGhwIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+NDkyODgyNjE1YWNmMzFjODA5NmI2MjcyNDVkNzZhZTUzMDM2YzA5MDwvc2FtbDpOYW1lSUQ+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAyMy0wOC0yM1QwNjo1NzowMVoiIFJlY2lwaWVudD0iaHR0cHM6Ly9leGFtcGxlLmNvbS9uZXdvbmVsb2dpbi9kZW1vMS9pbmRleC5waHA/YWNzIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOXzVmZTlkNmU0OTliMmYwOTEzMjA2YWFiM2Y3MTkxNzI5MDQ5YmI4MDciLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWw6U3ViamVjdD48c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxNC0wMi0xOVQwMTozNjozMVoiIE5vdE9uT3JBZnRlcj0iMjAyMy0wOC0yM1QwNjo1NzowMVoiPjxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PHNhbWw6QXVkaWVuY2U+aHR0cHM6Ly9leGFtcGxlLmNvbS9uZXdvbmVsb2dpbi9kZW1vMS9tZXRhZGF0YS5waHA8L3NhbWw6QXVkaWVuY2U+PC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PC9zYW1sOkNvbmRpdGlvbnM+PHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDE0LTAyLTE5VDAxOjM3OjAxWiIgU2Vzc2lvbk5vdE9uT3JBZnRlcj0iMjAxNC0wMi0xOVQwOTozNzowMVoiIFNlc3Npb25JbmRleD0iXzYyNzNkNzdiOGNkZTBjMzMzZWM3OWQyMmE5ZmEwMDAzYjlmZTJkNzVjYiI+PHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDpBdXRobkNvbnRleHQ+PC9zYW1sOkF1dGhuU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+PC9zYW1scDpSZXNwb25zZT4= python3-saml-1.12.0/tests/data/responses/invalids/no_status.xml.base64000066400000000000000000000116651410551756100257000ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIElEPSJHT1NBTUxSMTI5MDExNzQ1NzE3OTQiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDEwLTExLTE4VDIxOjU3OjM3WiIgRGVzdGluYXRpb249IntyZWNpcGllbnR9Ij4NCiAgPHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgVmVyc2lvbj0iMi4wIiBJRD0icGZ4YTQ2NTc0ZGYtYjNiMC1hMDZhLTIzYzgtNjM2NDEzMTk4NzcyIiBJc3N1ZUluc3RhbnQ9IjIwMTAtMTEtMThUMjE6NTc6MzdaIj4NCiAgICA8c2FtbDpJc3N1ZXI+aHR0cHM6Ly9hcHAub25lbG9naW4uY29tL3NhbWwvbWV0YWRhdGEvMTM1OTA8L3NhbWw6SXNzdWVyPg0KICAgIDxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPg0KICAgICAgPGRzOlNpZ25lZEluZm8+DQogICAgICAgIDxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+DQogICAgICAgIDxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4NCiAgICAgICAgPGRzOlJlZmVyZW5jZSBVUkk9IiNwZnhhNDY1NzRkZi1iM2IwLWEwNmEtMjNjOC02MzY0MTMxOTg3NzIiPg0KICAgICAgICAgIDxkczpUcmFuc2Zvcm1zPg0KICAgICAgICAgICAgPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+DQogICAgICAgICAgICA8ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+DQogICAgICAgICAgPC9kczpUcmFuc2Zvcm1zPg0KICAgICAgICAgIDxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIvPg0KICAgICAgICAgIDxkczpEaWdlc3RWYWx1ZT5wSlE3TVMvZWs0S1JSV0dtdi9INDNSZUhZTXM9PC9kczpEaWdlc3RWYWx1ZT4NCiAgICAgICAgPC9kczpSZWZlcmVuY2U+DQogICAgICA8L2RzOlNpZ25lZEluZm8+DQogICAgICA8ZHM6U2lnbmF0dXJlVmFsdWU+eWl2ZUtjUGREcHVETmo2c2hyUTNBQndyL2NBM0NyeUQycGhHL3hMWnN6S1d4VTUvbWxhS3Q4ZXdiWk9kS0t2dE9zMnBIQnk1RHVhM2s5NEFGK3p4R3llbDVnT293bW95WEpyK0FPcitrUE8wdmxpMVY4bzNoUFBVWndSZ1NYNlE5cFMxQ3FRZ2hLaUVhc1J5eWxxcUpVYVBZem1Pek9FOC9YbE1rd2lXbU8wPTwvZHM6U2lnbmF0dXJlVmFsdWU+DQogICAgICA8ZHM6S2V5SW5mbz4NCiAgICAgICAgPGRzOlg1MDlEYXRhPg0KICAgICAgICAgIDxkczpYNTA5Q2VydGlmaWNhdGU+TUlJQnJUQ0NBYUdnQXdJQkFnSUJBVEFEQmdFQU1HY3hDekFKQmdOVkJBWVRBbFZUTVJNd0VRWURWUVFJREFwRFlXeHBabTl5Ym1saE1SVXdFd1lEVlFRSERBeFRZVzUwWVNCTmIyNXBZMkV4RVRBUEJnTlZCQW9NQ0U5dVpVeHZaMmx1TVJrd0Z3WURWUVFEREJCaGNIQXViMjVsYkc5bmFXNHVZMjl0TUI0WERURXdNRE13T1RBNU5UZzBOVm9YRFRFMU1ETXdPVEE1TlRnME5Wb3daekVMTUFrR0ExVUVCaE1DVlZNeEV6QVJCZ05WQkFnTUNrTmhiR2xtYjNKdWFXRXhGVEFUQmdOVkJBY01ERk5oYm5SaElFMXZibWxqWVRFUk1BOEdBMVVFQ2d3SVQyNWxURzluYVc0eEdUQVhCZ05WQkFNTUVHRndjQzV2Ym1Wc2IyZHBiaTVqYjIwd2daOHdEUVlKS29aSWh2Y05BUUVCQlFBRGdZMEFNSUdKQW9HQkFPalN1MWZqUHk4ZDV3NFF5TDEremQ0aEl3MU1ra2ZmNFdZL1RMRzhPWmtVNVlUU1dtbUhQRDVrdllINXVvWFMvNnFRODFxWHBSMndWOENUb3daSlVMZzA5ZGRSZFJuOFFzcWoxRnlPQzVzbEUzeTJiWjJvRnVhNzJvZi80OWZwdWpuRlQ2S25RNjFDQk1xbERvVFFxT1Q2MnZHSjhuUDZNWld2QTZzeHF1ZDVBZ01CQUFFd0F3WUJBQU1CQUE9PTwvZHM6WDUwOUNlcnRpZmljYXRlPg0KICAgICAgICA8L2RzOlg1MDlEYXRhPg0KICAgICAgPC9kczpLZXlJbmZvPg0KICAgIDwvZHM6U2lnbmF0dXJlPg0KICAgIDxzYW1sOlN1YmplY3Q+DQogICAgICA8c2FtbDpOYW1lSUQgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjE6bmFtZWlkLWZvcm1hdDplbWFpbEFkZHJlc3MiPnN1cHBvcnRAb25lbG9naW4uY29tPC9zYW1sOk5hbWVJRD4NCiAgICAgIDxzYW1sOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj4NCiAgICAgICAgPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDEwLTExLTE4VDIyOjAyOjM3WiIgUmVjaXBpZW50PSJ7cmVjaXBpZW50fSIvPjwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPg0KICAgIDwvc2FtbDpTdWJqZWN0Pg0KICAgIDxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDEwLTExLTE4VDIxOjUyOjM3WiIgTm90T25PckFmdGVyPSIyMDEwLTExLTE4VDIyOjAyOjM3WiI+DQogICAgICA8c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KICAgICAgICA8c2FtbDpBdWRpZW5jZT57YXVkaWVuY2V9PC9zYW1sOkF1ZGllbmNlPg0KICAgICAgPC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+DQogICAgPC9zYW1sOkNvbmRpdGlvbnM+DQogICAgPHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDEwLTExLTE4VDIxOjU3OjM3WiIgU2Vzc2lvbk5vdE9uT3JBZnRlcj0iMjAxMC0xMS0xOVQyMTo1NzozN1oiIFNlc3Npb25JbmRleD0iXzUzMWMzMmQyODNiZGZmN2UwNGU0ODdiY2RiYzRkZDhkIj4NCiAgICAgIDxzYW1sOkF1dGhuQ29udGV4dD4NCiAgICAgICAgPHNhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmQ8L3NhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+DQogICAgICA8L3NhbWw6QXV0aG5Db250ZXh0Pg0KICAgIDwvc2FtbDpBdXRoblN0YXRlbWVudD4NCiAgICA8c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQogICAgICA8c2FtbDpBdHRyaWJ1dGUgTmFtZT0idWlkIj4NCiAgICAgICAgPHNhbWw6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5kZW1vPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPg0KICAgICAgPC9zYW1sOkF0dHJpYnV0ZT4NCiAgICAgIDxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJhbm90aGVyX3ZhbHVlIj4NCiAgICAgICAgPHNhbWw6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj52YWx1ZTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4NCiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+DQogICAgPC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgPC9zYW1sOkFzc2VydGlvbj4NCjwvc2FtbHA6UmVzcG9uc2U+ python3-saml-1.12.0/tests/data/responses/invalids/no_status_code.xml.base64000066400000000000000000000117411410551756100266650ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIElEPSJHT1NBTUxSMTI5MDExNzQ1NzE3OTQiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDEwLTExLTE4VDIxOjU3OjM3WiIgRGVzdGluYXRpb249IntyZWNpcGllbnR9Ij4NCiAgPHNhbWxwOlN0YXR1cz48L3NhbWxwOlN0YXR1cz4NCiAgPHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgVmVyc2lvbj0iMi4wIiBJRD0icGZ4YTQ2NTc0ZGYtYjNiMC1hMDZhLTIzYzgtNjM2NDEzMTk4NzcyIiBJc3N1ZUluc3RhbnQ9IjIwMTAtMTEtMThUMjE6NTc6MzdaIj4NCiAgICA8c2FtbDpJc3N1ZXI+aHR0cHM6Ly9hcHAub25lbG9naW4uY29tL3NhbWwvbWV0YWRhdGEvMTM1OTA8L3NhbWw6SXNzdWVyPg0KICAgIDxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPg0KICAgICAgPGRzOlNpZ25lZEluZm8+DQogICAgICAgIDxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+DQogICAgICAgIDxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4NCiAgICAgICAgPGRzOlJlZmVyZW5jZSBVUkk9IiNwZnhhNDY1NzRkZi1iM2IwLWEwNmEtMjNjOC02MzY0MTMxOTg3NzIiPg0KICAgICAgICAgIDxkczpUcmFuc2Zvcm1zPg0KICAgICAgICAgICAgPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+DQogICAgICAgICAgICA8ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+DQogICAgICAgICAgPC9kczpUcmFuc2Zvcm1zPg0KICAgICAgICAgIDxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIvPg0KICAgICAgICAgIDxkczpEaWdlc3RWYWx1ZT5wSlE3TVMvZWs0S1JSV0dtdi9INDNSZUhZTXM9PC9kczpEaWdlc3RWYWx1ZT4NCiAgICAgICAgPC9kczpSZWZlcmVuY2U+DQogICAgICA8L2RzOlNpZ25lZEluZm8+DQogICAgICA8ZHM6U2lnbmF0dXJlVmFsdWU+eWl2ZUtjUGREcHVETmo2c2hyUTNBQndyL2NBM0NyeUQycGhHL3hMWnN6S1d4VTUvbWxhS3Q4ZXdiWk9kS0t2dE9zMnBIQnk1RHVhM2s5NEFGK3p4R3llbDVnT293bW95WEpyK0FPcitrUE8wdmxpMVY4bzNoUFBVWndSZ1NYNlE5cFMxQ3FRZ2hLaUVhc1J5eWxxcUpVYVBZem1Pek9FOC9YbE1rd2lXbU8wPTwvZHM6U2lnbmF0dXJlVmFsdWU+DQogICAgICA8ZHM6S2V5SW5mbz4NCiAgICAgICAgPGRzOlg1MDlEYXRhPg0KICAgICAgICAgIDxkczpYNTA5Q2VydGlmaWNhdGU+TUlJQnJUQ0NBYUdnQXdJQkFnSUJBVEFEQmdFQU1HY3hDekFKQmdOVkJBWVRBbFZUTVJNd0VRWURWUVFJREFwRFlXeHBabTl5Ym1saE1SVXdFd1lEVlFRSERBeFRZVzUwWVNCTmIyNXBZMkV4RVRBUEJnTlZCQW9NQ0U5dVpVeHZaMmx1TVJrd0Z3WURWUVFEREJCaGNIQXViMjVsYkc5bmFXNHVZMjl0TUI0WERURXdNRE13T1RBNU5UZzBOVm9YRFRFMU1ETXdPVEE1TlRnME5Wb3daekVMTUFrR0ExVUVCaE1DVlZNeEV6QVJCZ05WQkFnTUNrTmhiR2xtYjNKdWFXRXhGVEFUQmdOVkJBY01ERk5oYm5SaElFMXZibWxqWVRFUk1BOEdBMVVFQ2d3SVQyNWxURzluYVc0eEdUQVhCZ05WQkFNTUVHRndjQzV2Ym1Wc2IyZHBiaTVqYjIwd2daOHdEUVlKS29aSWh2Y05BUUVCQlFBRGdZMEFNSUdKQW9HQkFPalN1MWZqUHk4ZDV3NFF5TDEremQ0aEl3MU1ra2ZmNFdZL1RMRzhPWmtVNVlUU1dtbUhQRDVrdllINXVvWFMvNnFRODFxWHBSMndWOENUb3daSlVMZzA5ZGRSZFJuOFFzcWoxRnlPQzVzbEUzeTJiWjJvRnVhNzJvZi80OWZwdWpuRlQ2S25RNjFDQk1xbERvVFFxT1Q2MnZHSjhuUDZNWld2QTZzeHF1ZDVBZ01CQUFFd0F3WUJBQU1CQUE9PTwvZHM6WDUwOUNlcnRpZmljYXRlPg0KICAgICAgICA8L2RzOlg1MDlEYXRhPg0KICAgICAgPC9kczpLZXlJbmZvPg0KICAgIDwvZHM6U2lnbmF0dXJlPg0KICAgIDxzYW1sOlN1YmplY3Q+DQogICAgICA8c2FtbDpOYW1lSUQgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjE6bmFtZWlkLWZvcm1hdDplbWFpbEFkZHJlc3MiPnN1cHBvcnRAb25lbG9naW4uY29tPC9zYW1sOk5hbWVJRD4NCiAgICAgIDxzYW1sOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj4NCiAgICAgICAgPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDEwLTExLTE4VDIyOjAyOjM3WiIgUmVjaXBpZW50PSJ7cmVjaXBpZW50fSIvPjwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPg0KICAgIDwvc2FtbDpTdWJqZWN0Pg0KICAgIDxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDEwLTExLTE4VDIxOjUyOjM3WiIgTm90T25PckFmdGVyPSIyMDEwLTExLTE4VDIyOjAyOjM3WiI+DQogICAgICA8c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KICAgICAgICA8c2FtbDpBdWRpZW5jZT57YXVkaWVuY2V9PC9zYW1sOkF1ZGllbmNlPg0KICAgICAgPC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+DQogICAgPC9zYW1sOkNvbmRpdGlvbnM+DQogICAgPHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDEwLTExLTE4VDIxOjU3OjM3WiIgU2Vzc2lvbk5vdE9uT3JBZnRlcj0iMjAxMC0xMS0xOVQyMTo1NzozN1oiIFNlc3Npb25JbmRleD0iXzUzMWMzMmQyODNiZGZmN2UwNGU0ODdiY2RiYzRkZDhkIj4NCiAgICAgIDxzYW1sOkF1dGhuQ29udGV4dD4NCiAgICAgICAgPHNhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmQ8L3NhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+DQogICAgICA8L3NhbWw6QXV0aG5Db250ZXh0Pg0KICAgIDwvc2FtbDpBdXRoblN0YXRlbWVudD4NCiAgICA8c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQogICAgICA8c2FtbDpBdHRyaWJ1dGUgTmFtZT0idWlkIj4NCiAgICAgICAgPHNhbWw6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5kZW1vPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPg0KICAgICAgPC9zYW1sOkF0dHJpYnV0ZT4NCiAgICAgIDxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJhbm90aGVyX3ZhbHVlIj4NCiAgICAgICAgPHNhbWw6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj52YWx1ZTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4NCiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+DQogICAgPC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgPC9zYW1sOkFzc2VydGlvbj4NCjwvc2FtbHA6UmVzcG9uc2U+ python3-saml-1.12.0/tests/data/responses/invalids/no_subjectconfirmation_data.xml.base64000066400000000000000000000052501410551756100314070ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeGMzMmFlZDY3LTgyMGYtNDI5Ni0wYzIwLTIwNWExMGRkNTc4NyIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIiBEZXN0aW5hdGlvbj0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiIEluUmVzcG9uc2VUbz0iXzU3YmNiZjcwLTdiMWYtMDEyZS1jODIxLTc4MmJjYjEzYmIzOCI+DQogIDxzYW1sOklzc3Vlcj5odHRwOi8vaWRwLmV4YW1wbGUuY29tLzwvc2FtbDpJc3N1ZXI+DQogIDxzYW1scDpTdGF0dXM+DQogICAgPHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPg0KICA8L3NhbWxwOlN0YXR1cz4NCiAgPHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9InBmeDc4NDE5OTFjLWM3M2YtNDAzNS1lMmVlLWMxNzBjMGUxZDNlNCIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIj4NCiAgICA8c2FtbDpJc3N1ZXI+aHR0cDovL2lkcC5leGFtcGxlLmNvbS88L3NhbWw6SXNzdWVyPiAgICANCiAgICA8c2FtbDpTdWJqZWN0Pg0KICAgICAgPHNhbWw6TmFtZUlEIFNQTmFtZVF1YWxpZmllcj0iaGVsbG8uY29tIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+c29tZW9uZUBleGFtcGxlLmNvbTwvc2FtbDpOYW1lSUQ+DQogICAgICA8c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+ICAgICAgICANCiAgICAgIDwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPg0KICAgIDwvc2FtbDpTdWJqZWN0Pg0KICAgIDxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDEwLTA2LTE3VDE0OjUzOjQ0WiIgTm90T25PckFmdGVyPSIyMDk5LTA2LTE3VDE0OjU5OjE0WiI+DQogICAgICA8c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KICAgICAgICA8c2FtbDpBdWRpZW5jZT5odHRwOi8vc3R1ZmYuY29tL2VuZHBvaW50cy9tZXRhZGF0YS5waHA8L3NhbWw6QXVkaWVuY2U+DQogICAgICA8L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj4NCiAgICA8L3NhbWw6Q29uZGl0aW9ucz4NCiAgICA8c2FtbDpBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MDdaIiBTZXNzaW9uTm90T25PckFmdGVyPSIyMDk5LTA2LTE3VDIyOjU0OjE0WiIgU2Vzc2lvbkluZGV4PSJfNTFiZTM3OTY1ZmViNTU3OWQ4MDMxNDEwNzY5MzZkYzJlOWQxZDk4ZWJmIj4NCiAgICAgIDxzYW1sOkF1dGhuQ29udGV4dD4NCiAgICAgICAgPHNhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmQ8L3NhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+DQogICAgICA8L3NhbWw6QXV0aG5Db250ZXh0Pg0KICAgIDwvc2FtbDpBdXRoblN0YXRlbWVudD4NCiAgICA8c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQogICAgICA8c2FtbDpBdHRyaWJ1dGUgTmFtZT0ibWFpbCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+DQogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPnNvbWVvbmVAZXhhbXBsZS5jb208L3NhbWw6QXR0cmlidXRlVmFsdWU+DQogICAgICA8L3NhbWw6QXR0cmlidXRlPg0KICAgIDwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQogIDwvc2FtbDpBc3NlcnRpb24+DQo8L3NhbWxwOlJlc3BvbnNlPg==python3-saml-1.12.0/tests/data/responses/invalids/no_subjectconfirmation_method.xml.base64000066400000000000000000000056401410551756100317610ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeGMzMmFlZDY3LTgyMGYtNDI5Ni0wYzIwLTIwNWExMGRkNTc4NyIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIiBEZXN0aW5hdGlvbj0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiIEluUmVzcG9uc2VUbz0iXzU3YmNiZjcwLTdiMWYtMDEyZS1jODIxLTc4MmJjYjEzYmIzOCI+DQogIDxzYW1sOklzc3Vlcj5odHRwOi8vaWRwLmV4YW1wbGUuY29tLzwvc2FtbDpJc3N1ZXI+DQogIDxzYW1scDpTdGF0dXM+DQogICAgPHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPg0KICA8L3NhbWxwOlN0YXR1cz4NCiAgPHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9InBmeDc4NDE5OTFjLWM3M2YtNDAzNS1lMmVlLWMxNzBjMGUxZDNlNCIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIj4NCiAgICA8c2FtbDpJc3N1ZXI+aHR0cDovL2lkcC5leGFtcGxlLmNvbS88L3NhbWw6SXNzdWVyPiAgICANCiAgICA8c2FtbDpTdWJqZWN0Pg0KICAgICAgPHNhbWw6TmFtZUlEIFNQTmFtZVF1YWxpZmllcj0iaGVsbG8uY29tIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+c29tZW9uZUBleGFtcGxlLmNvbTwvc2FtbDpOYW1lSUQ+DQogICAgICA8c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmhvbGRlci1vZi1rZXkiPg0KICAgICAgICA8c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBOb3RPbk9yQWZ0ZXI9IjIwMjAtMDYtMTdUMTQ6NTk6MTRaIiBSZWNpcGllbnQ9Imh0dHA6Ly9zdHVmZi5jb20vZW5kcG9pbnRzL2VuZHBvaW50cy9hY3MucGhwIiBJblJlc3BvbnNlVG89Il81N2JjYmY3MC03YjFmLTAxMmUtYzgyMS03ODJiY2IxM2JiMzgiLz4NCiAgICAgIDwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPg0KICAgIDwvc2FtbDpTdWJqZWN0Pg0KICAgIDxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDEwLTA2LTE3VDE0OjUzOjQ0WiIgTm90T25PckFmdGVyPSIyMDk5LTA2LTE3VDE0OjU5OjE0WiI+DQogICAgICA8c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KICAgICAgICA8c2FtbDpBdWRpZW5jZT5odHRwOi8vc3R1ZmYuY29tL2VuZHBvaW50cy9tZXRhZGF0YS5waHA8L3NhbWw6QXVkaWVuY2U+DQogICAgICA8L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj4NCiAgICA8L3NhbWw6Q29uZGl0aW9ucz4NCiAgICA8c2FtbDpBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MDdaIiBTZXNzaW9uTm90T25PckFmdGVyPSIyMDk5LTA2LTE3VDIyOjU0OjE0WiIgU2Vzc2lvbkluZGV4PSJfNTFiZTM3OTY1ZmViNTU3OWQ4MDMxNDEwNzY5MzZkYzJlOWQxZDk4ZWJmIj4NCiAgICAgIDxzYW1sOkF1dGhuQ29udGV4dD4NCiAgICAgICAgPHNhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmQ8L3NhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+DQogICAgICA8L3NhbWw6QXV0aG5Db250ZXh0Pg0KICAgIDwvc2FtbDpBdXRoblN0YXRlbWVudD4NCiAgICA8c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQogICAgICA8c2FtbDpBdHRyaWJ1dGUgTmFtZT0ibWFpbCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+DQogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPnNvbWVvbmVAZXhhbXBsZS5jb208L3NhbWw6QXR0cmlidXRlVmFsdWU+DQogICAgICA8L3NhbWw6QXR0cmlidXRlPg0KICAgIDwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQogIDwvc2FtbDpBc3NlcnRpb24+DQo8L3NhbWxwOlJlc3BvbnNlPg==python3-saml-1.12.0/tests/data/responses/invalids/not_after_failed.xml.base64000066400000000000000000000073451410551756100271460ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJwZnhmYTk3ZWVkNS03NTg4LTBkMjMtMmFkNy1mYTY2ZjI4OTM3ODgiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTAyLTE5VDAxOjA1OjQ5WiIgRGVzdGluYXRpb249Imh0dHBzOi8vZXhhbXBsZS5jb20vbmV3b25lbG9naW4vZGVtbzEvaW5kZXgucGhwP2FjcyIgSW5SZXNwb25zZVRvPSJPTkVMT0dJTl9hZjNkNGE3MTBmYzhiMzA1ODg0Yjk2ZDAwOTRhYjYyODgwMmY1NjkyIj48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9leGFtcGxlLmNvbS9zaW1wbGVzYW1sL3NhbWwyL2lkcC9tZXRhZGF0YS5waHA8L3NhbWw6SXNzdWVyPjxzYW1sOkFzc2VydGlvbiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIElEPSJwZng3ZTQ4ZmQ3NS1jZTJiLTYwZWQtMjllZS1lNzk4NDZjOTU5YzYiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTAyLTE5VDAxOjA1OjQ5WiI+PHNhbWw6SXNzdWVyPmh0dHBzOi8vZXhhbXBsZS5jb20vc2ltcGxlc2FtbC9zYW1sMi9pZHAvbWV0YWRhdGEucGhwPC9zYW1sOklzc3Vlcj4NCjxzYW1sOlN1YmplY3Q+PHNhbWw6TmFtZUlEIFNQTmFtZVF1YWxpZmllcj0iaHR0cHM6Ly9leGFtcGxlLmNvbS9uZXdvbmVsb2dpbi9kZW1vMS9tZXRhZGF0YS5waHAiIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6ZW1haWxBZGRyZXNzIj40OTI4ODI2MTVhY2YzMWM4MDk2YjYyNzI0NWQ3NmFlNTMwMzZjMDkwPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDE0LTAyLTE5VDAxOjEwOjQ5WiIgUmVjaXBpZW50PSJodHRwczovL2V4YW1wbGUuY29tL25ld29uZWxvZ2luL2RlbW8xL2luZGV4LnBocD9hY3MiIEluUmVzcG9uc2VUbz0iT05FTE9HSU5fYWYzZDRhNzEwZmM4YjMwNTg4NGI5NmQwMDk0YWI2Mjg4MDJmNTY5MiIvPjwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE0LTAyLTE5VDAxOjA1OjE5WiIgTm90T25PckFmdGVyPSIyMDE0LTAyLTE5VDAxOjEwOjQ5WiI+PHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48c2FtbDpBdWRpZW5jZT5odHRwczovL2V4YW1wbGUuY29tL25ld29uZWxvZ2luL2RlbW8xL21ldGFkYXRhLnBocDwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMTQtMDItMThUMTk6NDI6MjBaIiBTZXNzaW9uTm90T25PckFmdGVyPSIyMDE0LTAyLTE5VDA5OjA1OjQ5WiIgU2Vzc2lvbkluZGV4PSJfMGY0ZjE4OGRjMWJmZDNiZmVhMzZhMTYzNGE3NDQxNTgzYWZjM2IzNzgxIj48c2FtbDpBdXRobkNvbnRleHQ+PHNhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmQ8L3NhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+PC9zYW1sOkF1dGhuQ29udGV4dD48L3NhbWw6QXV0aG5TdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJ1aWQiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPnVzZXI8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0ibWFpbCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+dXNlckBleGFtcGxlLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJjbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+dGVzdDwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJzbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+dXNlcjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJlZHVQZXJzb25BZmZpbGlhdGlvbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+dXNlcjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5hZG1pbjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PC9zYW1sOkFzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg== python3-saml-1.12.0/tests/data/responses/invalids/not_before_failed.xml.base64000066400000000000000000000073451410551756100273070ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJwZnhmYTk3ZWVkNS03NTg4LTBkMjMtMmFkNy1mYTY2ZjI4OTM3ODgiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTAyLTE5VDAxOjA1OjQ5WiIgRGVzdGluYXRpb249Imh0dHBzOi8vZXhhbXBsZS5jb20vbmV3b25lbG9naW4vZGVtbzEvaW5kZXgucGhwP2FjcyIgSW5SZXNwb25zZVRvPSJPTkVMT0dJTl9hZjNkNGE3MTBmYzhiMzA1ODg0Yjk2ZDAwOTRhYjYyODgwMmY1NjkyIj48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9leGFtcGxlLmNvbS9zaW1wbGVzYW1sL3NhbWwyL2lkcC9tZXRhZGF0YS5waHA8L3NhbWw6SXNzdWVyPjxzYW1sOkFzc2VydGlvbiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIElEPSJwZng3ZTQ4ZmQ3NS1jZTJiLTYwZWQtMjllZS1lNzk4NDZjOTU5YzYiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTAyLTE5VDAxOjA1OjQ5WiI+PHNhbWw6SXNzdWVyPmh0dHBzOi8vZXhhbXBsZS5jb20vc2ltcGxlc2FtbC9zYW1sMi9pZHAvbWV0YWRhdGEucGhwPC9zYW1sOklzc3Vlcj4NCjxzYW1sOlN1YmplY3Q+PHNhbWw6TmFtZUlEIFNQTmFtZVF1YWxpZmllcj0iaHR0cHM6Ly9leGFtcGxlLmNvbS9uZXdvbmVsb2dpbi9kZW1vMS9tZXRhZGF0YS5waHAiIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6ZW1haWxBZGRyZXNzIj40OTI4ODI2MTVhY2YzMWM4MDk2YjYyNzI0NWQ3NmFlNTMwMzZjMDkwPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDE0LTAyLTE5VDAxOjEwOjQ5WiIgUmVjaXBpZW50PSJodHRwczovL2V4YW1wbGUuY29tL25ld29uZWxvZ2luL2RlbW8xL2luZGV4LnBocD9hY3MiIEluUmVzcG9uc2VUbz0iT05FTE9HSU5fYWYzZDRhNzEwZmM4YjMwNTg4NGI5NmQwMDk0YWI2Mjg4MDJmNTY5MiIvPjwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDI0LTAyLTE5VDAxOjA1OjE5WiIgTm90T25PckFmdGVyPSIyMDE0LTAyLTE5VDAxOjEwOjQ5WiI+PHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48c2FtbDpBdWRpZW5jZT5odHRwczovL2V4YW1wbGUuY29tL25ld29uZWxvZ2luL2RlbW8xL21ldGFkYXRhLnBocDwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMTQtMDItMThUMTk6NDI6MjBaIiBTZXNzaW9uTm90T25PckFmdGVyPSIyMDE0LTAyLTE5VDA5OjA1OjQ5WiIgU2Vzc2lvbkluZGV4PSJfMGY0ZjE4OGRjMWJmZDNiZmVhMzZhMTYzNGE3NDQxNTgzYWZjM2IzNzgxIj48c2FtbDpBdXRobkNvbnRleHQ+PHNhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmQ8L3NhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+PC9zYW1sOkF1dGhuQ29udGV4dD48L3NhbWw6QXV0aG5TdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJ1aWQiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPnVzZXI8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0ibWFpbCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+dXNlckBleGFtcGxlLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJjbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+dGVzdDwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJzbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+dXNlcjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJlZHVQZXJzb25BZmZpbGlhdGlvbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+dXNlcjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5hZG1pbjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PC9zYW1sOkFzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg== python3-saml-1.12.0/tests/data/responses/invalids/response_encrypted_attrs.xml.base64000066400000000000000000000120141410551756100307760ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeGMzMmFlZDY3LTgyMGYtNDI5Ni0wYzIwLTIwNWExMGRkNTc4NyIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIiBEZXN0aW5hdGlvbj0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiIEluUmVzcG9uc2VUbz0iXzU3YmNiZjcwLTdiMWYtMDEyZS1jODIxLTc4MmJjYjEzYmIzOCI+DQogIDxzYW1sOklzc3Vlcj5odHRwOi8vaWRwLmV4YW1wbGUuY29tLzwvc2FtbDpJc3N1ZXI+DQogIDxzYW1scDpTdGF0dXM+DQogICAgPHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPg0KICA8L3NhbWxwOlN0YXR1cz4NCiAgPHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9InBmeDc4NDE5OTFjLWM3M2YtNDAzNS1lMmVlLWMxNzBjMGUxZDNlNCIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIj4NCiAgICA8c2FtbDpJc3N1ZXI+aHR0cDovL2lkcC5leGFtcGxlLmNvbS88L3NhbWw6SXNzdWVyPiAgICANCiAgICA8c2FtbDpTdWJqZWN0Pg0KICAgICAgPHNhbWw6TmFtZUlEIFNQTmFtZVF1YWxpZmllcj0iaGVsbG8uY29tIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+c29tZW9uZUBleGFtcGxlLmNvbTwvc2FtbDpOYW1lSUQ+DQogICAgICA8c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+DQogICAgICAgIDxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAyMC0wNi0xN1QxNDo1OToxNFoiIFJlY2lwaWVudD0iaGh0dHA6Ly9zdHVmZi5jb20vZW5kcG9pbnRzL21ldGFkYXRhLnBocCIgSW5SZXNwb25zZVRvPSJfNTdiY2JmNzAtN2IxZi0wMTJlLWM4MjEtNzgyYmNiMTNiYjM4Ii8+DQogICAgICA8L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4NCiAgICA8L3NhbWw6U3ViamVjdD4NCiAgICA8c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxMC0wNi0xN1QxNDo1Mzo0NFoiIE5vdE9uT3JBZnRlcj0iMjA5OS0wNi0xN1QxNDo1OToxNFoiPg0KICAgICAgPHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj4NCiAgICAgICAgPHNhbWw6QXVkaWVuY2U+aHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvbWV0YWRhdGEucGhwPC9zYW1sOkF1ZGllbmNlPg0KICAgICAgPC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+DQogICAgPC9zYW1sOkNvbmRpdGlvbnM+DQogICAgPHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDExLTA2LTE3VDE0OjU0OjA3WiIgU2Vzc2lvbk5vdE9uT3JBZnRlcj0iMjA5OS0wNi0xN1QyMjo1NDoxNFoiIFNlc3Npb25JbmRleD0iXzUxYmUzNzk2NWZlYjU1NzlkODAzMTQxMDc2OTM2ZGMyZTlkMWQ5OGViZiI+DQogICAgICA8c2FtbDpBdXRobkNvbnRleHQ+DQogICAgICAgIDxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPg0KICAgICAgPC9zYW1sOkF1dGhuQ29udGV4dD4NCiAgICA8L3NhbWw6QXV0aG5TdGF0ZW1lbnQ+DQogICAgPHNhbWw6QXR0cmlidXRlU3RhdGVtZW50Pg0KIDxzYW1sOkVuY3J5cHRlZEF0dHJpYnV0ZSB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj4NCiAgICAgICAgICA8eGVuYzpFbmNyeXB0ZWREYXRhIHhtbG5zOnhlbmM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jIyIgVHlwZT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjRWxlbWVudCIgSWQ9Il9GMzk2MjVBRjY4QjRGQzA3OENDNzU4MkQyOEQwNUQ5QyI+DQogICAgICAgICAgICA8eGVuYzpFbmNyeXB0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjYWVzMjU2LWNiYyIvPg0KICAgICAgICAgICAgPGRzOktleUluZm8geG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPg0KICAgICAgICAgICAgICA8eGVuYzpFbmNyeXB0ZWRLZXk+DQogICAgICAgICAgICAgICAgPHhlbmM6RW5jcnlwdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3JzYS1vYWVwLW1nZjFwIi8+DQogICAgICAgICAgICAgICAgPGRzOktleUluZm8geG1sbnM6ZHNpZz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+DQogICAgICAgICAgICAgICAgICA8ZHM6S2V5TmFtZT42MjM1NWZiZDFmNjI0NTAzYzVjOTY3NzQwMmVjY2EwMGVmMWY2Mjc3PC9kczpLZXlOYW1lPg0KICAgICAgICAgICAgICAgIDwvZHM6S2V5SW5mbz4NCiAgICAgICAgICAgICAgICA8eGVuYzpDaXBoZXJEYXRhPg0KICAgICAgICAgICAgICAgICAgPHhlbmM6Q2lwaGVyVmFsdWU+SzBtQkx4Zkx6aUtWVUtFQU9ZZTdENnVWU0NQeTh2eVdWaDNSZWNuUEVTKzhRa0FoT3VSU3VFL0xRcEZyMGh1SS9pQ0V5OXBkZTFRZ2pZREx0akhjdWpLaTJ4R3FXNmprWFcvRXVLb21xV1BQQTJ4WXMxZnBCMXN1NGFYVU9RQjZPSjcwL29EY09zeTgzNGdoRmFCV2lsRThmcXlEQlVCdlcrMkl2YU1VWmFid04vczltVmtXek0zcjMwdGxraExLN2lPcmJHQWxkSUh3RlU1ejdQUFI2Uk8zWTNmSXhqSFU0ME9uTHNKYzN4SXFkTEgzZlhwQzBrZ2k1VXNwTGRxMTRlNU9vWGpMb1BHM0JPM3p3T0FJSjhYTkJXWTV1UW9mNktyS2JjdnRaU1kwZk12UFloWWZOanRSRnk4eTQ5b3ZMOWZ3akNSVERsVDUrYUhxc0NUQnJ3PT08L3hlbmM6Q2lwaGVyVmFsdWU+DQogICAgICAgICAgICAgICAgPC94ZW5jOkNpcGhlckRhdGE+DQogICAgICAgICAgICAgIDwveGVuYzpFbmNyeXB0ZWRLZXk+DQogICAgICAgICAgICA8L2RzOktleUluZm8+DQogICAgICAgICAgICA8eGVuYzpDaXBoZXJEYXRhPg0KICAgICAgICAgICAgICA8eGVuYzpDaXBoZXJWYWx1ZT5aekN1NmF4R2dBWVpIVmY3N05YOGFwWktCL0dKRGV1VjZiRkJ5QlMwQUlnaVhrdkRVQW1MQ3BhYlRBV0JNK3l6MTlvbEE2cnJ5dU9mcjgyZXYyYnpQTlVSdm00U1l4YWh2dUw0UGlibjV3Smt5MEJsNTRWcW1jVStBcWowZEF2T2dxRzF5M1g0d085bjliUnNUdjY5MjFtMGVxUkFGcGg4a0s4TDloaXJLMUJ4WUJZajJSeUZDb0ZEUHhWWjV3eXJhM3E0cW1FNC9FTFFwRlA2bWZVOExYYjB1b1dKVWpHVWVsUzJBYTdiWmlzOHpFcHdvdjRDd3RsTmpsdFFpaDRtdjd0dENBZllxY1FJRnpCVEIrREFhMCtYZ2d4Q0xjZEIzK21RaVJjRUNCZndISEo3Z1JtbnVCRWdlV1QzQ0dLYTNOYjdHTVhPZnV4RktGNXBJZWhXZ28za2ROUUxhbG9yOFJWVzZJOFAvSThmUTMzRmUrTnNIVm5KM3p3U0EvL2E8L3hlbmM6Q2lwaGVyVmFsdWU+DQogICAgICAgICAgICA8L3hlbmM6Q2lwaGVyRGF0YT4NCiAgICAgICAgICA8L3hlbmM6RW5jcnlwdGVkRGF0YT4NCiAgICAgICAgPC9zYW1sOkVuY3J5cHRlZEF0dHJpYnV0ZT4NCiAgICA8L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pg0KICA8L3NhbWw6QXNzZXJ0aW9uPg0KPC9zYW1scDpSZXNwb25zZT4=python3-saml-1.12.0/tests/data/responses/invalids/signature_wrapping_attack.xml.base64000066400000000000000000000243641410551756100311200ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJwZnhjM2QyYjU0Mi0wZjdlLTg3NjctOGU4Ny01YjBkYzY5MTMzNzUiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTAzLTIxVDEzOjQxOjA5WiIgRGVzdGluYXRpb249Imh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvbmV3b25lbG9naW4vZGVtbzEvaW5kZXgucGhwP2FjcyIgSW5SZXNwb25zZVRvPSJPTkVMT0dJTl81ZDllMzE5YzFiOGE2N2RhNDgyMjc5NjRjMjhkMjgwZTc4NjBmODA0Ij48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9zaW1wbGVzYW1sL3NhbWwyL2lkcC9tZXRhZGF0YS5waHA8L3NhbWw6SXNzdWVyPjxzYW1scDpTdGF0dXM+PHNhbWxwOlN0YXR1c0RldGFpbD48c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeGMzZDJiNTQyLTBmN2UtODc2Ny04ZTg3LTViMGRjNjkxMzM3NSIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDMtMjFUMTM6NDE6MDlaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9pbmRleC5waHA/YWNzIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOXzVkOWUzMTljMWI4YTY3ZGE0ODIyNzk2NGMyOGQyODBlNzg2MGY4MDQiPjxzYW1sOklzc3Vlcj5odHRwczovL3BpdGJ1bGsubm8taXAub3JnL3NpbXBsZXNhbWwvc2FtbDIvaWRwL21ldGFkYXRhLnBocDwvc2FtbDpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+DQogIDxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+DQogICAgPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIvPg0KICA8ZHM6UmVmZXJlbmNlIFVSST0iI3BmeGMzZDJiNTQyLTBmN2UtODc2Ny04ZTg3LTViMGRjNjkxMzM3NSI+PGRzOlRyYW5zZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvZHM6VHJhbnNmb3Jtcz48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz48ZHM6RGlnZXN0VmFsdWU+MWRRRmlZVTBvMk9GN2MvUlZWOEdwZ2I0dTNJPTwvZHM6RGlnZXN0VmFsdWU+PC9kczpSZWZlcmVuY2U+PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT53UmdCWE9xL0ZpTFpjMm11cmVUQy9qNnpZNzA5T2lrSjVIZVVTcnVIVGRZakVnOWFaeTFSYnhsS0lZRUlmWHBuWDdOQm9LeGZBTW0rTzBmc3JxT2pnY1l4VFZrcVpqT3I3MXFpWE5idHdqZUFrZFlTcGs1YnJzQWNuZmNQZHY4UVJlWXIzRDd0NVpWQ2dZdXZYUStkTkVMS2VhZzdlMUFTT3pWcU9kcDVaOVk9PC9kczpTaWduYXR1cmVWYWx1ZT4NCjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUNnVENDQWVvQ0NRQ2JPbHJXRGRYN0ZUQU5CZ2txaGtpRzl3MEJBUVVGQURDQmhERUxNQWtHQTFVRUJoTUNUazh4R0RBV0JnTlZCQWdURDBGdVpISmxZWE1nVTI5c1ltVnlaekVNTUFvR0ExVUVCeE1EUm05dk1SQXdEZ1lEVlFRS0V3ZFZUa2xPUlZSVU1SZ3dGZ1lEVlFRREV3OW1aV2xrWlM1bGNteGhibWN1Ym04eElUQWZCZ2txaGtpRzl3MEJDUUVXRW1GdVpISmxZWE5BZFc1cGJtVjBkQzV1YnpBZUZ3MHdOekEyTVRVeE1qQXhNelZhRncwd056QTRNVFF4TWpBeE16VmFNSUdFTVFzd0NRWURWUVFHRXdKT1R6RVlNQllHQTFVRUNCTVBRVzVrY21WaGN5QlRiMnhpWlhKbk1Rd3dDZ1lEVlFRSEV3TkdiMjh4RURBT0JnTlZCQW9UQjFWT1NVNUZWRlF4R0RBV0JnTlZCQU1URDJabGFXUmxMbVZ5YkdGdVp5NXViekVoTUI4R0NTcUdTSWIzRFFFSkFSWVNZVzVrY21WaGMwQjFibWx1WlhSMExtNXZNSUdmTUEwR0NTcUdTSWIzRFFFQkFRVUFBNEdOQURDQmlRS0JnUURpdmJoUjdQNTE2eC9TM0JxS3h1cFFlMExPTm9saXVwaUJPZXNDTzNTSGJEcmwzK3E5SWJmbmZtRTA0ck51TWNQc0l4QjE2MVRkRHBJZXNMQ243YzhhUEhJU0tPdFBsQWVUWlNuYjhRQXU3YVJqWnEzK1BiclA1dVczVGNmQ0dQdEtUeXRIT2dlL09sSmJvMDc4ZFZoWFExNGQxRUR3WEpXMXJSWHVVdDRDOFFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQlFVQUE0R0JBQ0RWZnA4NkhPYnFZK2U4QlVvV1E5K1ZNUXgxQVNEb2hCandPc2cyV3lrVXFSWEYrZExmY1VIOWRXUjYzQ3RaSUtGRGJTdE5vbVBuUXo3bmJLK29ueWd3QnNwVkVibkh1VWloWnEzWlVkbXVtUXFDdzRVdnMvMVV2cTNvck9vL1dKVmhUeXZMZ0ZWSzJRYXJRNC82N09aZkhkN1IrUE9CWGhvcGhTTXYxWk9vPC9kczpYNTA5Q2VydGlmaWNhdGU+PC9kczpYNTA5RGF0YT48L2RzOktleUluZm8+PC9kczpTaWduYXR1cmU+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+PHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9Il9jY2NkNjAyNDExNjY0MWZlNDhlMGFlMmM1MTIyMGQwMjc1NWY5NmM5OGQiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTAzLTIxVDEzOjQxOjA5WiI+PHNhbWw6SXNzdWVyPmh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvc2ltcGxlc2FtbC9zYW1sMi9pZHAvbWV0YWRhdGEucGhwPC9zYW1sOklzc3Vlcj48c2FtbDpTdWJqZWN0PjxzYW1sOk5hbWVJRCBTUE5hbWVRdWFsaWZpZXI9Imh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvbmV3b25lbG9naW4vZGVtbzEvbWV0YWRhdGEucGhwIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OnRyYW5zaWVudCI+X2I5OGY5OGJiMWFiNTEyY2VkNjUzYjU4YmFhZmY1NDM0NDhkYWVkNTM1ZDwvc2FtbDpOYW1lSUQ+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAyMy0wOS0yMlQxOTowMTowOVoiIFJlY2lwaWVudD0iaHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9pbmRleC5waHA/YWNzIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOXzVkOWUzMTljMWI4YTY3ZGE0ODIyNzk2NGMyOGQyODBlNzg2MGY4MDQiLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWw6U3ViamVjdD48c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxNC0wMy0yMVQxMzo0MDozOVoiIE5vdE9uT3JBZnRlcj0iMjAyMy0wOS0yMlQxOTowMTowOVoiPjxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PHNhbWw6QXVkaWVuY2U+aHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9tZXRhZGF0YS5waHA8L3NhbWw6QXVkaWVuY2U+PC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PC9zYW1sOkNvbmRpdGlvbnM+PHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDE0LTAzLTIxVDEzOjQxOjA5WiIgU2Vzc2lvbk5vdE9uT3JBZnRlcj0iMjAxNC0wMy0yMVQyMTo0MTowOVoiIFNlc3Npb25JbmRleD0iXzlmZTBjOGRjZDMzMDJlNzM2NGZjYWIyMmE1Mjc0OGViZjIyMjRkZjBhYSI+PHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDpBdXRobkNvbnRleHQ+PC9zYW1sOkF1dGhuU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGUgTmFtZT0idWlkIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj50ZXN0PC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Im1haWwiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPnRlc3RAZXhhbXBsZS5jb208L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0iY24iIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPnRlc3Q8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0ic24iIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPndhYTI8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0iZWR1UGVyc29uQWZmaWxpYXRpb24iIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPnVzZXI8L3NhbWw6QXR0cmlidXRlVmFsdWU+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+YWRtaW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+PC9zYW1scDpSZXNwb25zZT48L3NhbWxwOlN0YXR1c0RldGFpbD48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+PHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9Il9jY2NkNjAyNDExNjY0MWZlNDhlMGFlMmM1MTIyMGQwMjc1NWY5NmM5OGQiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTAzLTIxVDEzOjQxOjA5WiI+PHNhbWw6SXNzdWVyPmh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvc2ltcGxlc2FtbC9zYW1sMi9pZHAvbWV0YWRhdGEucGhwPC9zYW1sOklzc3Vlcj48c2FtbDpTdWJqZWN0PjxzYW1sOk5hbWVJRCBTUE5hbWVRdWFsaWZpZXI9Imh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvbmV3b25lbG9naW4vZGVtbzEvbWV0YWRhdGEucGhwIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OnRyYW5zaWVudCI+X2I5OGY5OGJiMWFiNTEyY2VkNjUzYjU4YmFhZmY1NDM0NDhkYWVkNTM1ZDwvc2FtbDpOYW1lSUQ+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAyMy0wOS0yMlQxOTowMTowOVoiIFJlY2lwaWVudD0iaHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9pbmRleC5waHA/YWNzIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOXzVkOWUzMTljMWI4YTY3ZGE0ODIyNzk2NGMyOGQyODBlNzg2MGY4MDQiLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWw6U3ViamVjdD48c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxNC0wMy0yMVQxMzo0MDozOVoiIE5vdE9uT3JBZnRlcj0iMjAyMy0wOS0yMlQxOTowMTowOVoiPjxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PHNhbWw6QXVkaWVuY2U+aHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9tZXRhZGF0YS5waHA8L3NhbWw6QXVkaWVuY2U+PC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PC9zYW1sOkNvbmRpdGlvbnM+PHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDE0LTAzLTIxVDEzOjQxOjA5WiIgU2Vzc2lvbk5vdE9uT3JBZnRlcj0iMjAyMy0wMy0yMVQyMTo0MTowOVoiIFNlc3Npb25JbmRleD0iXzlmZTBjOGRjZDMzMDJlNzM2NGZjYWIyMmE1Mjc0OGViZjIyMjRkZjBhYSI+PHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDpBdXRobkNvbnRleHQ+PC9zYW1sOkF1dGhuU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGUgTmFtZT0idWlkIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5oYWNrZXI8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0ibWFpbCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+aGFja2VyQGV4YW1wbGUuY29tPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9ImNuIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5oYWNrZXI8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0ic24iIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPndhYTI8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0iZWR1UGVyc29uQWZmaWxpYXRpb24iIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPnVzZXI8L3NhbWw6QXR0cmlidXRlVmFsdWU+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+YWRtaW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+PC9zYW1scDpSZXNwb25zZT4=python3-saml-1.12.0/tests/data/responses/invalids/signed_assertion_response.xml.base64000066400000000000000000000162501410551756100311320ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIERlc3RpbmF0aW9uPSJodHRwczovL3BpdGJ1bGsubm8taXAub3JnL25ld29uZWxvZ2luL2RlbW8xL2luZGV4LnBocD9hY3MiIElEPSJwZnhkYjRkOWVmZS1kMGFkLTAwODYtY2U4OC1jMjg4Njg3Y2FjNjEiIEluUmVzcG9uc2VUbz0iT05FTE9HSU5fNjEyYmJmOWIxNjQ1Mjk0YWEwYjQ2MzdiMWJjNWYzOWRlOGI3OWNlYiIgSXNzdWVJbnN0YW50PSIyMDE0LTAzLTMxVDAwOjM3OjE2WiIgVmVyc2lvbj0iMi4wIj48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9zaW1wbGVzYW1sL3NhbWwyL2lkcC9tZXRhZGF0YS5waHA8L3NhbWw6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgogIDxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+CiAgICA8ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3JzYS1zaGExIi8+CiAgPGRzOlJlZmVyZW5jZSBVUkk9IiNwZnhkYjRkOWVmZS1kMGFkLTAwODYtY2U4OC1jMjg4Njg3Y2FjNjEiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+PGRzOkRpZ2VzdFZhbHVlPmpjMklRWFNoc3dzTG85TkdJSHp2cGtBaXY4ND08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU+aUVqR2QrdWFqSVArYU9ucGo4MjYxUzRBaWdMeXJqc0pheTJzdVFKakhhVHlETlh4TFhWQ3AxZG1PR0JhZGhmRUtnWVJsaTFBZDA1QktBejlpd3NBME14OGZ6SmFhSlBUbHM2NS93ODZTSEN4NTdrNXhteDBSUjhuR09MOU1vb2lidnZWeTVRODl2Z2lnVWN5cWJUY0dxaU5uSVNCWGZuYVR2dnpQYS9QbWJ3PTwvZHM6U2lnbmF0dXJlVmFsdWU+CjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUNWekNDQWNBQ0NRRElWSGFOU0JZTDZUQU5CZ2txaGtpRzl3MEJBUXNGQURCd01Rc3dDUVlEVlFRR0V3SkdVakVPTUF3R0ExVUVDQXdGVUdGeWFYTXhEakFNQmdOVkJBY01CVkJoY21sek1SWXdGQVlEVlFRS0RBMU9iM1poY0c5emRDQlVSVk5VTVNrd0p3WUpLb1pJaHZjTkFRa0JGaHBtYkc5eVpXNTBMbkJwWjI5MWRFQnViM1poY0c5emRDNW1jakFlRncweE5EQXlNVE14TXpVek5EQmFGdzB4TlRBeU1UTXhNelV6TkRCYU1IQXhDekFKQmdOVkJBWVRBa1pTTVE0d0RBWURWUVFJREFWUVlYSnBjekVPTUF3R0ExVUVCd3dGVUdGeWFYTXhGakFVQmdOVkJBb01EVTV2ZG1Gd2IzTjBJRlJGVTFReEtUQW5CZ2txaGtpRzl3MEJDUUVXR21ac2IzSmxiblF1Y0dsbmIzVjBRRzV2ZG1Gd2IzTjBMbVp5TUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FDaExGSG4zTG5ONEpRLzdXQ2RZdXB4a1VnY05PUW5QRit5bGwrL0RQcHV4OW5wZlkwNTlQSVVhdEI4WDdrQ241aTh0UndJeS9pa0hKUjZNcjgrTVB2YzZWT1pEeFBOZFp2TW8vOGxoeHJiTjNKZHJ3M3doWm1VL0tQUjlGM0JkRmR1K1NMenJNbDFURFVabFB0WTlYelVGWGNxTjhJWGN5OFRKekNCZU5leTNRSURBUUFCTUEwR0NTcUdTSWIzRFFFQkN3VUFBNEdCQUN0SjhmZUd6ZTFOSEI1VncxOGpNVVB2SG83SDNHd21qNlpEQVhRbGFpQVhNdU5CeE5YVldWd2lmbDZWK25XM3c5UWE3RmVvL25aL080VFVPSDFueithZGtsY0NENFFwWmFFSWJtQWJyaVBXSktnYjRMV0docVFydXdZUjdJdFRSMU1OWDlnTGJQMHowenZERVFubnQvVlVXRkVCTFNKcTRaNE5yZThMRm1TMjwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1scDpTdGF0dXM+PHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbHA6U3RhdHVzPjxzYW1sOkFzc2VydGlvbiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIElEPSJwZng3ZTNmMWYxMS0zZDM4LTdkYTUtNTVlZC05YjRkNmMwYTQ0ZWIiIElzc3VlSW5zdGFudD0iMjAxNC0wMy0zMVQwMDozNzoxNloiIFZlcnNpb249IjIuMCI+PHNhbWw6SXNzdWVyPmh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvc2ltcGxlc2FtbC9zYW1sMi9pZHAvbWV0YWRhdGEucGhwPC9zYW1sOklzc3Vlcj48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4KICA8ZHM6U2lnbmVkSW5mbz48ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPgogICAgPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIvPgogIDxkczpSZWZlcmVuY2UgVVJJPSIjcGZ4N2UzZjFmMTEtM2QzOC03ZGE1LTU1ZWQtOWI0ZDZjMGE0NGViIj48ZHM6VHJhbnNmb3Jtcz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PC9kczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIvPjxkczpEaWdlc3RWYWx1ZT42d1dzemxmRllidGRzNnR5K24rT3RESnZLRUE9PC9kczpEaWdlc3RWYWx1ZT48L2RzOlJlZmVyZW5jZT48L2RzOlNpZ25lZEluZm8+PGRzOlNpZ25hdHVyZVZhbHVlPmVVRTkxaFA2bTZ3VlVtd0liVkpTZnhWdkppOVFwd3QwZGpIUDRpcW5yMk42Y2ZWVmV3eERVM0dXQTlsOVpWanltV292RkltL1k0dGR3VTM0R2RiaS8yaWhvMmd0OGVWR3c4ajNSdVFoTVVIc1ZmK2hIaDJlSDhuMHhqZEFqdGRoTkhIT3pMMnREV3hYazg2T2VZbmw4Slp1VTdCRUVTZUtlQzlieDBPUW5ZTT08L2RzOlNpZ25hdHVyZVZhbHVlPgo8ZHM6S2V5SW5mbz48ZHM6WDUwOURhdGE+PGRzOlg1MDlDZXJ0aWZpY2F0ZT5NSUlDVnpDQ0FjQUNDUURJVkhhTlNCWUw2VEFOQmdrcWhraUc5dzBCQVFzRkFEQndNUXN3Q1FZRFZRUUdFd0pHVWpFT01Bd0dBMVVFQ0F3RlVHRnlhWE14RGpBTUJnTlZCQWNNQlZCaGNtbHpNUll3RkFZRFZRUUtEQTFPYjNaaGNHOXpkQ0JVUlZOVU1Ta3dKd1lKS29aSWh2Y05BUWtCRmhwbWJHOXlaVzUwTG5CcFoyOTFkRUJ1YjNaaGNHOXpkQzVtY2pBZUZ3MHhOREF5TVRNeE16VXpOREJhRncweE5UQXlNVE14TXpVek5EQmFNSEF4Q3pBSkJnTlZCQVlUQWtaU01RNHdEQVlEVlFRSURBVlFZWEpwY3pFT01Bd0dBMVVFQnd3RlVHRnlhWE14RmpBVUJnTlZCQW9NRFU1dmRtRndiM04wSUZSRlUxUXhLVEFuQmdrcWhraUc5dzBCQ1FFV0dtWnNiM0psYm5RdWNHbG5iM1YwUUc1dmRtRndiM04wTG1aeU1JR2ZNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0R05BRENCaVFLQmdRQ2hMRkhuM0xuTjRKUS83V0NkWXVweGtVZ2NOT1FuUEYreWxsKy9EUHB1eDlucGZZMDU5UElVYXRCOFg3a0NuNWk4dFJ3SXkvaWtISlI2TXI4K01QdmM2Vk9aRHhQTmRadk1vLzhsaHhyYk4zSmRydzN3aFptVS9LUFI5RjNCZEZkdStTTHpyTWwxVERVWmxQdFk5WHpVRlhjcU44SVhjeThUSnpDQmVOZXkzUUlEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRHQkFDdEo4ZmVHemUxTkhCNVZ3MThqTVVQdkhvN0gzR3dtajZaREFYUWxhaUFYTXVOQnhOWFZXVndpZmw2VituVzN3OVFhN0Zlby9uWi9PNFRVT0gxbnorYWRrbGNDRDRRcFphRUlibUFicmlQV0pLZ2I0TFdHaHFRcnV3WVI3SXRUUjFNTlg5Z0xiUDB6MHp2REVRbm50L1ZVV0ZFQkxTSnE0WjROcmU4TEZtUzI8L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48L2RzOlNpZ25hdHVyZT48c2FtbDpTdWJqZWN0PjxzYW1sOk5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OnRyYW5zaWVudCIgU1BOYW1lUXVhbGlmaWVyPSJodHRwczovL3BpdGJ1bGsubm8taXAub3JnL25ld29uZWxvZ2luL2RlbW8xL21ldGFkYXRhLnBocCI+XzNhZjYyZjFkMDM1MTNiZGQ2MWRkNWJmMDRkM2RlYjdhYTYxNzQ4MGUyMjwvc2FtbDpOYW1lSUQ+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIEluUmVzcG9uc2VUbz0iT05FTE9HSU5fNjEyYmJmOWIxNjQ1Mjk0YWEwYjQ2MzdiMWJjNWYzOWRlOGI3OWNlYiIgTm90T25PckFmdGVyPSIyMDIzLTEwLTAyVDA1OjU3OjE2WiIgUmVjaXBpZW50PSJodHRwczovL3BpdGJ1bGsubm8taXAub3JnL25ld29uZWxvZ2luL2RlbW8xL2luZGV4LnBocD9hY3MiLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWw6U3ViamVjdD48c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxNC0wMy0zMVQwMDozNjo0NloiIE5vdE9uT3JBZnRlcj0iMjAyMy0xMC0wMlQwNTo1NzoxNloiPjxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PHNhbWw6QXVkaWVuY2U+aHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9tZXRhZGF0YS5waHA8L3NhbWw6QXVkaWVuY2U+PC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PC9zYW1sOkNvbmRpdGlvbnM+PHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDE0LTAzLTMxVDAwOjM3OjE2WiIgU2Vzc2lvbkluZGV4PSJfODVlN2NmZTE2ZDZlN2U2MDBiZDk4YmJjMmI0MzcxZTFjNjk1ODhhNGRhIiBTZXNzaW9uTm90T25PckFmdGVyPSIyMDE0LTAzLTMxVDA4OjM3OjE2WiI+PHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDpBdXRobkNvbnRleHQ+PC9zYW1sOkF1dGhuU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+PC9zYW1scDpSZXNwb25zZT4=python3-saml-1.12.0/tests/data/responses/invalids/status_code_responder.xml.base64000066400000000000000000000014111410551756100302430ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlDQp4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIg0KQ29uc2VudD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNvbnNlbnQ6dW5zcGVjaWZpZWQiIERlc3RpbmF0aW9uPSINCmh0dHBzOi8vZXhhbXBsZS5jb20vb3BlbnNzby9Db25zdW1lci9tZXRhQWxpYXMvc3AiDQpJRD0iX2E3MWJiZjIyLTkwYTktNGE5Ni1iOWNlLWVhNWJhMzBhZWU2NSINCkluUmVzcG9uc2VUbz0iczIxMjAzYjI3ZDM4ZDBhMDdlYTJjNzEzZTdhMDA0NWNmOGQxZTMyODExIg0KSXNzdWVJbnN0YW50PSIyMDExLTA4LTI0VDE2OjM2OjMwLjM2NVoiIFZlcnNpb249IjIuMCI+PElzc3Vlcg0KeG1sbnM9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPg0KaHR0cDovL2lkcC5leGFtcGxlLmNvbS9hZGZzL3NlcnZpY2VzL3RydXN0PC9Jc3N1ZXI+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZQ0KVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6UmVzcG9uZGVyIi8+PC9zYW1scDpTdGF0dXM+PC9zYW1scDpSZXNwb25zZT4NCg== python3-saml-1.12.0/tests/data/responses/invalids/status_code_responer_and_msg.xml.base64000066400000000000000000000015251410551756100315750ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlDQp4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIg0KQ29uc2VudD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNvbnNlbnQ6dW5zcGVjaWZpZWQiIERlc3RpbmF0aW9uPSINCmh0dHBzOi8vZXhhbXBsZS5jb20vb3BlbnNzby9Db25zdW1lci9tZXRhQWxpYXMvc3AiDQpJRD0iX2E3MWJiZjIyLTkwYTktNGE5Ni1iOWNlLWVhNWJhMzBhZWU2NSINCkluUmVzcG9uc2VUbz0iczIxMjAzYjI3ZDM4ZDBhMDdlYTJjNzEzZTdhMDA0NWNmOGQxZTMyODExIg0KSXNzdWVJbnN0YW50PSIyMDExLTA4LTI0VDE2OjM2OjMwLjM2NVoiIFZlcnNpb249IjIuMCI+PElzc3Vlcg0KeG1sbnM9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPg0KaHR0cDovL2lkcC5leGFtcGxlLmNvbS9hZGZzL3NlcnZpY2VzL3RydXN0PC9Jc3N1ZXI+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpSZXNwb25kZXIiLz48c2FtbHA6U3RhdHVzTWVzc2FnZT5zb21ldGhpbmdfaXNfd3Jvbmc8L3NhbWxwOlN0YXR1c01lc3NhZ2U+PC9zYW1scDpTdGF0dXM+PC9zYW1scDpSZXNwb25zZT4= python3-saml-1.12.0/tests/data/responses/invalids/wrong_spnamequalifier.xml.base64000066400000000000000000000143541410551756100302600ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeDEzNzFkZmU1LTdlMmYtMTdiNy1hODE1LTVmNWU5YTRiNjVkYSIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDItMTlUMDE6Mzc6MDFaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9pbmRleC5waHA/YWNzIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOXzVmZTlkNmU0OTliMmYwOTEzMjA2YWFiM2Y3MTkxNzI5MDQ5YmI4MDciPjxzYW1sOklzc3Vlcj5odHRwczovL3BpdGJ1bGsubm8taXAub3JnL3NpbXBsZXNhbWwvc2FtbDIvaWRwL21ldGFkYXRhLnBocDwvc2FtbDpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+DQogIDxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+DQogICAgPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIvPg0KICA8ZHM6UmVmZXJlbmNlIFVSST0iI3BmeDEzNzFkZmU1LTdlMmYtMTdiNy1hODE1LTVmNWU5YTRiNjVkYSI+PGRzOlRyYW5zZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvZHM6VHJhbnNmb3Jtcz48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz48ZHM6RGlnZXN0VmFsdWU+c3lrMGNHOHAxOGpSMUtINThKNnR3Z0JNYlhzPTwvZHM6RGlnZXN0VmFsdWU+PC9kczpSZWZlcmVuY2U+PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT4yaytTbmhjWWhSV0FLQWdLR2hyMVpZN1ZsSWtWSytsbEFKZncxVnllKzRkWFpZTGh0TkwrMUJ3bWRlVHlLY1BEYjNWSmZtNXRzRGFWRDNtTHVUd2E5L0EvUCt0ZnY0d0t6YVQrdmJvTDl0RVFnNFAwR3hmaWRzbkYrQUM0Z2lLb0VBRE5RbmlaamExR1hhM3VOdi85TEVYV1h4YmZaVGJPNmxLNnlhbGR6UkU9PC9kczpTaWduYXR1cmVWYWx1ZT4NCjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUNnVENDQWVvQ0NRQ2JPbHJXRGRYN0ZUQU5CZ2txaGtpRzl3MEJBUVVGQURDQmhERUxNQWtHQTFVRUJoTUNUazh4R0RBV0JnTlZCQWdURDBGdVpISmxZWE1nVTI5c1ltVnlaekVNTUFvR0ExVUVCeE1EUm05dk1SQXdEZ1lEVlFRS0V3ZFZUa2xPUlZSVU1SZ3dGZ1lEVlFRREV3OW1aV2xrWlM1bGNteGhibWN1Ym04eElUQWZCZ2txaGtpRzl3MEJDUUVXRW1GdVpISmxZWE5BZFc1cGJtVjBkQzV1YnpBZUZ3MHdOekEyTVRVeE1qQXhNelZhRncwd056QTRNVFF4TWpBeE16VmFNSUdFTVFzd0NRWURWUVFHRXdKT1R6RVlNQllHQTFVRUNCTVBRVzVrY21WaGN5QlRiMnhpWlhKbk1Rd3dDZ1lEVlFRSEV3TkdiMjh4RURBT0JnTlZCQW9UQjFWT1NVNUZWRlF4R0RBV0JnTlZCQU1URDJabGFXUmxMbVZ5YkdGdVp5NXViekVoTUI4R0NTcUdTSWIzRFFFSkFSWVNZVzVrY21WaGMwQjFibWx1WlhSMExtNXZNSUdmTUEwR0NTcUdTSWIzRFFFQkFRVUFBNEdOQURDQmlRS0JnUURpdmJoUjdQNTE2eC9TM0JxS3h1cFFlMExPTm9saXVwaUJPZXNDTzNTSGJEcmwzK3E5SWJmbmZtRTA0ck51TWNQc0l4QjE2MVRkRHBJZXNMQ243YzhhUEhJU0tPdFBsQWVUWlNuYjhRQXU3YVJqWnEzK1BiclA1dVczVGNmQ0dQdEtUeXRIT2dlL09sSmJvMDc4ZFZoWFExNGQxRUR3WEpXMXJSWHVVdDRDOFFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQlFVQUE0R0JBQ0RWZnA4NkhPYnFZK2U4QlVvV1E5K1ZNUXgxQVNEb2hCandPc2cyV3lrVXFSWEYrZExmY1VIOWRXUjYzQ3RaSUtGRGJTdE5vbVBuUXo3bmJLK29ueWd3QnNwVkVibkh1VWloWnEzWlVkbXVtUXFDdzRVdnMvMVV2cTNvck9vL1dKVmhUeXZMZ0ZWSzJRYXJRNC82N09aZkhkN1IrUE9CWGhvcGhTTXYxWk9vPC9kczpYNTA5Q2VydGlmaWNhdGU+PC9kczpYNTA5RGF0YT48L2RzOktleUluZm8+PC9kczpTaWduYXR1cmU+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+PHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9InBmeGI0ZWM5YzhhLTQ4ZWItZmRhMi03Zjc0LWZhMWExMDVhOTlmZSIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDItMTlUMDE6Mzc6MDFaIj48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9zaW1wbGVzYW1sL3NhbWwyL2lkcC9tZXRhZGF0YS5waHA8L3NhbWw6SXNzdWVyPjxzYW1sOlN1YmplY3Q+PHNhbWw6TmFtZUlEIFNQTmFtZVF1YWxpZmllcj0id3Jvbmctc3AtZW50aXR5aWQiIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6ZW1haWxBZGRyZXNzIj50ZXN0QGV4YW1wbGUuY29tPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDIzLTA4LTIzVDA2OjU3OjAxWiIgUmVjaXBpZW50PSJodHRwczovL3BpdGJ1bGsubm8taXAub3JnL25ld29uZWxvZ2luL2RlbW8xL2luZGV4LnBocD9hY3MiIEluUmVzcG9uc2VUbz0iT05FTE9HSU5fNWZlOWQ2ZTQ5OWIyZjA5MTMyMDZhYWIzZjcxOTE3MjkwNDliYjgwNyIvPjwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE0LTAyLTE5VDAxOjM2OjMxWiIgTm90T25PckFmdGVyPSIyMDIzLTA4LTIzVDA2OjU3OjAxWiI+PHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48c2FtbDpBdWRpZW5jZT5odHRwczovL3BpdGJ1bGsubm8taXAub3JnL25ld29uZWxvZ2luL2RlbW8xL21ldGFkYXRhLnBocDwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMTQtMDItMTlUMDE6Mzc6MDFaIiBTZXNzaW9uTm90T25PckFmdGVyPSIyMDE0LTAyLTE5VDA5OjM3OjAxWiIgU2Vzc2lvbkluZGV4PSJfNjI3M2Q3N2I4Y2RlMGMzMzNlYzc5ZDIyYTlmYTAwMDNiOWZlMmQ3NWNiIj48c2FtbDpBdXRobkNvbnRleHQ+PHNhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmQ8L3NhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+PC9zYW1sOkF1dGhuQ29udGV4dD48L3NhbWw6QXV0aG5TdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJ1aWQiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPnNtYXJ0aW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0ibWFpbCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+dGVzdEBleGFtcGxlLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJjbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+U2l4dG8zPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9InNuIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5NYXJ0aW4yPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9ImVkdVBlcnNvbkFmZmlsaWF0aW9uIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj51c2VyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPmFkbWluPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48L3NhbWw6QXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+python3-saml-1.12.0/tests/data/responses/no_audience.xml.base64000066400000000000000000000053201410551756100243100ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeGMzMmFlZDY3LTgyMGYtNDI5Ni0wYzIwLTIwNWExMGRkNTc4NyIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIiBEZXN0aW5hdGlvbj0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiIEluUmVzcG9uc2VUbz0iXzU3YmNiZjcwLTdiMWYtMDEyZS1jODIxLTc4MmJjYjEzYmIzOCI+DQogIDxzYW1sOklzc3Vlcj5odHRwOi8vaWRwLmV4YW1wbGUuY29tLzwvc2FtbDpJc3N1ZXI+DQogIDxzYW1scDpTdGF0dXM+DQogICAgPHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPg0KICA8L3NhbWxwOlN0YXR1cz4NCiAgPHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9InBmeDc4NDE5OTFjLWM3M2YtNDAzNS1lMmVlLWMxNzBjMGUxZDNlNCIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIj4NCiAgICA8c2FtbDpJc3N1ZXI+aHR0cDovL2lkcC5leGFtcGxlLmNvbS88L3NhbWw6SXNzdWVyPiAgICANCiAgICA8c2FtbDpTdWJqZWN0Pg0KICAgICAgPHNhbWw6TmFtZUlEIFNQTmFtZVF1YWxpZmllcj0iaGVsbG8uY29tIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+c29tZW9uZUBleGFtcGxlLmNvbTwvc2FtbDpOYW1lSUQ+DQogICAgICA8c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+DQogICAgICAgIDxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAyMC0wNi0xN1QxNDo1OToxNFoiIFJlY2lwaWVudD0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiIEluUmVzcG9uc2VUbz0iXzU3YmNiZjcwLTdiMWYtMDEyZS1jODIxLTc4MmJjYjEzYmIzOCIvPg0KICAgICAgPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+DQogICAgPC9zYW1sOlN1YmplY3Q+DQogICAgPHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTAtMDYtMTdUMTQ6NTM6NDRaIiBOb3RPbk9yQWZ0ZXI9IjIwOTktMDYtMTdUMTQ6NTk6MTRaIj4NCiAgICA8L3NhbWw6Q29uZGl0aW9ucz4NCiAgICA8c2FtbDpBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MDdaIiBTZXNzaW9uTm90T25PckFmdGVyPSIyMDk5LTA2LTE3VDIyOjU0OjE0WiIgU2Vzc2lvbkluZGV4PSJfNTFiZTM3OTY1ZmViNTU3OWQ4MDMxNDEwNzY5MzZkYzJlOWQxZDk4ZWJmIj4NCiAgICAgIDxzYW1sOkF1dGhuQ29udGV4dD4NCiAgICAgICAgPHNhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmQ8L3NhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+DQogICAgICA8L3NhbWw6QXV0aG5Db250ZXh0Pg0KICAgIDwvc2FtbDpBdXRoblN0YXRlbWVudD4NCiAgICA8c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQogICAgICA8c2FtbDpBdHRyaWJ1dGUgTmFtZT0ibWFpbCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+DQogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPnNvbWVvbmVAZXhhbXBsZS5jb208L3NhbWw6QXR0cmlidXRlVmFsdWU+DQogICAgICA8L3NhbWw6QXR0cmlidXRlPg0KICAgIDwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQogIDwvc2FtbDpBc3NlcnRpb24+DQo8L3NhbWxwOlJlc3BvbnNlPg==python3-saml-1.12.0/tests/data/responses/open_saml_response.xml000066400000000000000000000066231410551756100246560ustar00rootroot00000000000000 https://idm.orademo.com uHuSry39P16Yh7srS32xESmj4Lw= fdghdfggfd= dfghjkl https://idm.orademo.com someone@example.org hello.com urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport Someone Special python3-saml-1.12.0/tests/data/responses/pretty_decrypted_valid_encrypted_assertion.xml000066400000000000000000000054341410551756100316770ustar00rootroot00000000000000 http://idp.example.com/ http://idp.example.com/_68392312d490db6d355555cfbbd8ec95d746516f60http://stuff.com/endpoints/metadata.phpurn:oasis:names:tc:SAML:2.0:ac:classes:Passwordtesttest@example.comtestwaa2useradmin python3-saml-1.12.0/tests/data/responses/pretty_signed_message_response.xml000066400000000000000000000117371410551756100272670ustar00rootroot00000000000000 https://pitbulk.no-ip.org/simplesaml/saml2/idp/metadata.php 1dQFiYU0o2OF7c/RVV8Gpgb4u3I=wRgBXOq/FiLZc2mureTC/j6zY709OikJ5HeUSruHTdYjEg9aZy1RbxlKIYEIfXpnX7NBoKxfAMm+O0fsrqOjgcYxTVkqZjOr71qiXNbtwjeAkdYSpk5brsAcnfcPdv8QReYr3D7t5ZVCgYuvXQ+dNELKeag7e1ASOzVqOdp5Z9Y= MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo https://pitbulk.no-ip.org/simplesaml/saml2/idp/metadata.php _b98f98bb1ab512ced653b58baaff543448daed535d https://pitbulk.no-ip.org/newonelogin/demo1/metadata.php urn:oasis:names:tc:SAML:2.0:ac:classes:Password test test@example.com test waa2 user admin python3-saml-1.12.0/tests/data/responses/response1.xml.base64000066400000000000000000000121141410551756100237550ustar00rootroot00000000000000DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgSUQ9IkdPU0FNTFIxMjkwMTE3NDU3MTc5NCIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTAtMTEtMThUMjE6NTc6MzdaIiBEZXN0aW5hdGlvbj0ie3JlY2lwaWVudH0iPg0KICA8c2FtbHA6U3RhdHVzPg0KICAgIDxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz48L3NhbWxwOlN0YXR1cz4NCiAgPHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgVmVyc2lvbj0iMi4wIiBJRD0icGZ4YTQ2NTc0ZGYtYjNiMC1hMDZhLTIzYzgtNjM2NDEzMTk4NzcyIiBJc3N1ZUluc3RhbnQ9IjIwMTAtMTEtMThUMjE6NTc6MzdaIj4NCiAgICA8c2FtbDpJc3N1ZXI+aHR0cHM6Ly9hcHAub25lbG9naW4uY29tL3NhbWwvbWV0YWRhdGEvMTM1OTA8L3NhbWw6SXNzdWVyPg0KICAgIDxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPg0KICAgICAgPGRzOlNpZ25lZEluZm8+DQogICAgICAgIDxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+DQogICAgICAgIDxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4NCiAgICAgICAgPGRzOlJlZmVyZW5jZSBVUkk9IiNwZnhhNDY1NzRkZi1iM2IwLWEwNmEtMjNjOC02MzY0MTMxOTg3NzIiPg0KICAgICAgICAgIDxkczpUcmFuc2Zvcm1zPg0KICAgICAgICAgICAgPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+DQogICAgICAgICAgICA8ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+DQogICAgICAgICAgPC9kczpUcmFuc2Zvcm1zPg0KICAgICAgICAgIDxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIvPg0KICAgICAgICAgIDxkczpEaWdlc3RWYWx1ZT5wSlE3TVMvZWs0S1JSV0dtdi9INDNSZUhZTXM9PC9kczpEaWdlc3RWYWx1ZT4NCiAgICAgICAgPC9kczpSZWZlcmVuY2U+DQogICAgICA8L2RzOlNpZ25lZEluZm8+DQogICAgICA8ZHM6U2lnbmF0dXJlVmFsdWU+eWl2ZUtjUGREcHVETmo2c2hyUTNBQndyL2NBM0NyeUQycGhHL3hMWnN6S1d4VTUvbWxhS3Q4ZXdiWk9kS0t2dE9zMnBIQnk1RHVhM2s5NEFGK3p4R3llbDVnT293bW95WEpyK0FPcitrUE8wdmxpMVY4bzNoUFBVWndSZ1NYNlE5cFMxQ3FRZ2hLaUVhc1J5eWxxcUpVYVBZem1Pek9FOC9YbE1rd2lXbU8wPTwvZHM6U2lnbmF0dXJlVmFsdWU+DQogICAgICA8ZHM6S2V5SW5mbz4NCiAgICAgICAgPGRzOlg1MDlEYXRhPg0KICAgICAgICAgIDxkczpYNTA5Q2VydGlmaWNhdGU+TUlJQnJUQ0NBYUdnQXdJQkFnSUJBVEFEQmdFQU1HY3hDekFKQmdOVkJBWVRBbFZUTVJNd0VRWURWUVFJREFwRFlXeHBabTl5Ym1saE1SVXdFd1lEVlFRSERBeFRZVzUwWVNCTmIyNXBZMkV4RVRBUEJnTlZCQW9NQ0U5dVpVeHZaMmx1TVJrd0Z3WURWUVFEREJCaGNIQXViMjVsYkc5bmFXNHVZMjl0TUI0WERURXdNRE13T1RBNU5UZzBOVm9YRFRFMU1ETXdPVEE1TlRnME5Wb3daekVMTUFrR0ExVUVCaE1DVlZNeEV6QVJCZ05WQkFnTUNrTmhiR2xtYjNKdWFXRXhGVEFUQmdOVkJBY01ERk5oYm5SaElFMXZibWxqWVRFUk1BOEdBMVVFQ2d3SVQyNWxURzluYVc0eEdUQVhCZ05WQkFNTUVHRndjQzV2Ym1Wc2IyZHBiaTVqYjIwd2daOHdEUVlKS29aSWh2Y05BUUVCQlFBRGdZMEFNSUdKQW9HQkFPalN1MWZqUHk4ZDV3NFF5TDEremQ0aEl3MU1ra2ZmNFdZL1RMRzhPWmtVNVlUU1dtbUhQRDVrdllINXVvWFMvNnFRODFxWHBSMndWOENUb3daSlVMZzA5ZGRSZFJuOFFzcWoxRnlPQzVzbEUzeTJiWjJvRnVhNzJvZi80OWZwdWpuRlQ2S25RNjFDQk1xbERvVFFxT1Q2MnZHSjhuUDZNWld2QTZzeHF1ZDVBZ01CQUFFd0F3WUJBQU1CQUE9PTwvZHM6WDUwOUNlcnRpZmljYXRlPg0KICAgICAgICA8L2RzOlg1MDlEYXRhPg0KICAgICAgPC9kczpLZXlJbmZvPg0KICAgIDwvZHM6U2lnbmF0dXJlPg0KICAgIDxzYW1sOlN1YmplY3Q+DQogICAgICA8c2FtbDpOYW1lSUQgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjE6bmFtZWlkLWZvcm1hdDplbWFpbEFkZHJlc3MiPnN1cHBvcnRAb25lbG9naW4uY29tPC9zYW1sOk5hbWVJRD4NCiAgICAgIDxzYW1sOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj4NCiAgICAgICAgPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDEwLTExLTE4VDIyOjAyOjM3WiIgUmVjaXBpZW50PSJ7cmVjaXBpZW50fSIvPjwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPg0KICAgIDwvc2FtbDpTdWJqZWN0Pg0KICAgIDxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDEwLTExLTE4VDIxOjUyOjM3WiIgTm90T25PckFmdGVyPSIyMDEwLTExLTE4VDIyOjAyOjM3WiI+DQogICAgICA8c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KICAgICAgICA8c2FtbDpBdWRpZW5jZT57YXVkaWVuY2V9PC9zYW1sOkF1ZGllbmNlPg0KICAgICAgPC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+DQogICAgPC9zYW1sOkNvbmRpdGlvbnM+DQogICAgPHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDEwLTExLTE4VDIxOjU3OjM3WiIgU2Vzc2lvbk5vdE9uT3JBZnRlcj0iMjAxMC0xMS0xOVQyMTo1NzozN1oiIFNlc3Npb25JbmRleD0iXzUzMWMzMmQyODNiZGZmN2UwNGU0ODdiY2RiYzRkZDhkIj4NCiAgICAgIDxzYW1sOkF1dGhuQ29udGV4dD4NCiAgICAgICAgPHNhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmQ8L3NhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+DQogICAgICA8L3NhbWw6QXV0aG5Db250ZXh0Pg0KICAgIDwvc2FtbDpBdXRoblN0YXRlbWVudD4NCiAgICA8c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQogICAgICA8c2FtbDpBdHRyaWJ1dGUgTmFtZT0idWlkIj4NCiAgICAgICAgPHNhbWw6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5kZW1vPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPg0KICAgICAgPC9zYW1sOkF0dHJpYnV0ZT4NCiAgICAgIDxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJhbm90aGVyX3ZhbHVlIj4NCiAgICAgICAgPHNhbWw6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj52YWx1ZTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4NCiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+DQogICAgPC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgPC9zYW1sOkFzc2VydGlvbj4NCjwvc2FtbHA6UmVzcG9uc2U+DQo=python3-saml-1.12.0/tests/data/responses/response1_with_duplicate_attributes.xml.base64000066400000000000000000000142501410551756100313130ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIElEPSJHT1NBTUxSMTI5MDExNzQ1NzE3OTQiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDEwLTExLTE4VDIxOjU3OjM3WiIgRGVzdGluYXRpb249IntyZWNpcGllbnR9Ij48c2FtbHA6U3RhdHVzPjxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz48L3NhbWxwOlN0YXR1cz48c2FtbDpBc3NlcnRpb24geG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiBWZXJzaW9uPSIyLjAiIElEPSJwZng4ZmZiMzk4My1jYmY2LTkyYTEtZjJjNC02MTlhZTFiZTFjODYiIElzc3VlSW5zdGFudD0iMjAxMC0xMS0xOFQyMTo1NzozN1oiPjxzYW1sOklzc3Vlcj5odHRwczovL2FwcC5vbmVsb2dpbi5jb20vc2FtbC9tZXRhZGF0YS8xMzU5MDwvc2FtbDpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PGRzOlNpZ25lZEluZm8+PGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3JzYS1zaGExIi8+PGRzOlJlZmVyZW5jZSBVUkk9IiNwZng4ZmZiMzk4My1jYmY2LTkyYTEtZjJjNC02MTlhZTFiZTFjODYiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+PGRzOkRpZ2VzdFZhbHVlPmhndVFiQ0hhbmliYkRDN3EzWnp4ekhjUG9uST08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU+R2FuY0Q5dlJvaDlNYlQwMDJEeTc5dDFtNkk2WWZoVUtQZmJsa21wMnVkb2xYdWp2NmUxTVd2c1ZteE56dHNJR2x4QWEwcUtEaVNNekNORFpzazNqc3lzVWwxbkFLbkFnMTg1amZYanN6aHNkbVIrTTkxZHhrNmtmY0xVb3NPb2xvdmFkV0xQV3FuN1AzajgvNXh6cDlMcFJBM2d2QjQxODJSU2lyV0NCWFBRPTwvZHM6U2lnbmF0dXJlVmFsdWU+PGRzOktleUluZm8+PGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJQ2dUQ0NBZW9DQ1FDYk9scldEZFg3RlRBTkJna3Foa2lHOXcwQkFRVUZBRENCaERFTE1Ba0dBMVVFQmhNQ1RrOHhHREFXQmdOVkJBZ1REMEZ1WkhKbFlYTWdVMjlzWW1WeVp6RU1NQW9HQTFVRUJ4TURSbTl2TVJBd0RnWURWUVFLRXdkVlRrbE9SVlJVTVJnd0ZnWURWUVFERXc5bVpXbGtaUzVsY214aGJtY3VibTh4SVRBZkJna3Foa2lHOXcwQkNRRVdFbUZ1WkhKbFlYTkFkVzVwYm1WMGRDNXViekFlRncwd056QTJNVFV4TWpBeE16VmFGdzB3TnpBNE1UUXhNakF4TXpWYU1JR0VNUXN3Q1FZRFZRUUdFd0pPVHpFWU1CWUdBMVVFQ0JNUFFXNWtjbVZoY3lCVGIyeGlaWEpuTVF3d0NnWURWUVFIRXdOR2IyOHhFREFPQmdOVkJBb1RCMVZPU1U1RlZGUXhHREFXQmdOVkJBTVREMlpsYVdSbExtVnliR0Z1Wnk1dWJ6RWhNQjhHQ1NxR1NJYjNEUUVKQVJZU1lXNWtjbVZoYzBCMWJtbHVaWFIwTG01dk1JR2ZNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0R05BRENCaVFLQmdRRGl2YmhSN1A1MTZ4L1MzQnFLeHVwUWUwTE9Ob2xpdXBpQk9lc0NPM1NIYkRybDMrcTlJYmZuZm1FMDRyTnVNY1BzSXhCMTYxVGREcEllc0xDbjdjOGFQSElTS090UGxBZVRaU25iOFFBdTdhUmpacTMrUGJyUDV1VzNUY2ZDR1B0S1R5dEhPZ2UvT2xKYm8wNzhkVmhYUTE0ZDFFRHdYSlcxclJYdVV0NEM4UUlEQVFBQk1BMEdDU3FHU0liM0RRRUJCUVVBQTRHQkFDRFZmcDg2SE9icVkrZThCVW9XUTkrVk1ReDFBU0RvaEJqd09zZzJXeWtVcVJYRitkTGZjVUg5ZFdSNjNDdFpJS0ZEYlN0Tm9tUG5RejduYksrb255Z3dCc3BWRWJuSHVVaWhacTNaVWRtdW1RcUN3NFV2cy8xVXZxM29yT28vV0pWaFR5dkxnRlZLMlFhclE0LzY3T1pmSGQ3UitQT0JYaG9waFNNdjFaT288L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48L2RzOlNpZ25hdHVyZT48c2FtbDpTdWJqZWN0PjxzYW1sOk5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+c3VwcG9ydEBvbmVsb2dpbi5jb208L3NhbWw6TmFtZUlEPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBOb3RPbk9yQWZ0ZXI9IjIwMTAtMTEtMThUMjI6MDI6MzdaIiBSZWNpcGllbnQ9IntyZWNpcGllbnR9Ii8+PC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+PC9zYW1sOlN1YmplY3Q+PHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTAtMTEtMThUMjE6NTI6MzdaIiBOb3RPbk9yQWZ0ZXI9IjIwMTAtMTEtMThUMjI6MDI6MzdaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPnthdWRpZW5jZX08L3NhbWw6QXVkaWVuY2U+PC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PC9zYW1sOkNvbmRpdGlvbnM+PHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDEwLTExLTE4VDIxOjU3OjM3WiIgU2Vzc2lvbk5vdE9uT3JBZnRlcj0iMjAxMC0xMS0xOVQyMTo1NzozN1oiIFNlc3Npb25JbmRleD0iXzUzMWMzMmQyODNiZGZmN2UwNGU0ODdiY2RiYzRkZDhkIj48c2FtbDpBdXRobkNvbnRleHQ+PHNhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmQ8L3NhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+PC9zYW1sOkF1dGhuQ29udGV4dD48L3NhbWw6QXV0aG5TdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJ1aWQiIEZyaWVuZGx5TmFtZT0idXNlcm5hbWUiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+ZGVtbzwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJmcmllbmRseTEiIEZyaWVuZGx5TmFtZT0iZnJpZW5kbHl0ZXN0Ij48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPmZyaWVuZGx5MTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJmcmllbmRseTIiIEZyaWVuZGx5TmFtZT0iZnJpZW5kbHl0ZXN0Ij48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPmZyaWVuZGx5Mjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJhbm90aGVyX3ZhbHVlIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPnZhbHVlPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9ImR1cGxpY2F0ZV9uYW1lIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPm5hbWUxPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9ImR1cGxpY2F0ZV9uYW1lIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPm5hbWUyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48L3NhbWw6QXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+python3-saml-1.12.0/tests/data/responses/response1_with_friendlyname.xml.base64000066400000000000000000000123501410551756100275470ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIElEPSJHT1NBTUxSMTI5MDExNzQ1NzE3OTQiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDEwLTExLTE4VDIxOjU3OjM3WiIgRGVzdGluYXRpb249IntyZWNpcGllbnR9Ij4NCiAgPHNhbWxwOlN0YXR1cz4NCiAgICA8c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+DQogIDxzYW1sOkFzc2VydGlvbiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIFZlcnNpb249IjIuMCIgSUQ9InBmeDhmZmIzOTgzLWNiZjYtOTJhMS1mMmM0LTYxOWFlMWJlMWM4NiIgSXNzdWVJbnN0YW50PSIyMDEwLTExLTE4VDIxOjU3OjM3WiI+DQogICAgPHNhbWw6SXNzdWVyPmh0dHBzOi8vYXBwLm9uZWxvZ2luLmNvbS9zYW1sL21ldGFkYXRhLzEzNTkwPC9zYW1sOklzc3Vlcj48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgPGRzOlNpZ25lZEluZm8+PGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4NCiAgICA8ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3JzYS1zaGExIi8+DQogIDxkczpSZWZlcmVuY2UgVVJJPSIjcGZ4OGZmYjM5ODMtY2JmNi05MmExLWYyYzQtNjE5YWUxYmUxYzg2Ij48ZHM6VHJhbnNmb3Jtcz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PC9kczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIvPjxkczpEaWdlc3RWYWx1ZT5oZ3VRYkNIYW5pYmJEQzdxM1p6eHpIY1Bvbkk9PC9kczpEaWdlc3RWYWx1ZT48L2RzOlJlZmVyZW5jZT48L2RzOlNpZ25lZEluZm8+PGRzOlNpZ25hdHVyZVZhbHVlPkdhbmNEOXZSb2g5TWJUMDAyRHk3OXQxbTZJNllmaFVLUGZibGttcDJ1ZG9sWHVqdjZlMU1XdnNWbXhOenRzSUdseEFhMHFLRGlTTXpDTkRac2szanN5c1VsMW5BS25BZzE4NWpmWGpzemhzZG1SK005MWR4azZrZmNMVW9zT29sb3ZhZFdMUFdxbjdQM2o4LzV4enA5THBSQTNndkI0MTgyUlNpcldDQlhQUT08L2RzOlNpZ25hdHVyZVZhbHVlPg0KPGRzOktleUluZm8+PGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJQ2dUQ0NBZW9DQ1FDYk9scldEZFg3RlRBTkJna3Foa2lHOXcwQkFRVUZBRENCaERFTE1Ba0dBMVVFQmhNQ1RrOHhHREFXQmdOVkJBZ1REMEZ1WkhKbFlYTWdVMjlzWW1WeVp6RU1NQW9HQTFVRUJ4TURSbTl2TVJBd0RnWURWUVFLRXdkVlRrbE9SVlJVTVJnd0ZnWURWUVFERXc5bVpXbGtaUzVsY214aGJtY3VibTh4SVRBZkJna3Foa2lHOXcwQkNRRVdFbUZ1WkhKbFlYTkFkVzVwYm1WMGRDNXViekFlRncwd056QTJNVFV4TWpBeE16VmFGdzB3TnpBNE1UUXhNakF4TXpWYU1JR0VNUXN3Q1FZRFZRUUdFd0pPVHpFWU1CWUdBMVVFQ0JNUFFXNWtjbVZoY3lCVGIyeGlaWEpuTVF3d0NnWURWUVFIRXdOR2IyOHhFREFPQmdOVkJBb1RCMVZPU1U1RlZGUXhHREFXQmdOVkJBTVREMlpsYVdSbExtVnliR0Z1Wnk1dWJ6RWhNQjhHQ1NxR1NJYjNEUUVKQVJZU1lXNWtjbVZoYzBCMWJtbHVaWFIwTG01dk1JR2ZNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0R05BRENCaVFLQmdRRGl2YmhSN1A1MTZ4L1MzQnFLeHVwUWUwTE9Ob2xpdXBpQk9lc0NPM1NIYkRybDMrcTlJYmZuZm1FMDRyTnVNY1BzSXhCMTYxVGREcEllc0xDbjdjOGFQSElTS090UGxBZVRaU25iOFFBdTdhUmpacTMrUGJyUDV1VzNUY2ZDR1B0S1R5dEhPZ2UvT2xKYm8wNzhkVmhYUTE0ZDFFRHdYSlcxclJYdVV0NEM4UUlEQVFBQk1BMEdDU3FHU0liM0RRRUJCUVVBQTRHQkFDRFZmcDg2SE9icVkrZThCVW9XUTkrVk1ReDFBU0RvaEJqd09zZzJXeWtVcVJYRitkTGZjVUg5ZFdSNjNDdFpJS0ZEYlN0Tm9tUG5RejduYksrb255Z3dCc3BWRWJuSHVVaWhacTNaVWRtdW1RcUN3NFV2cy8xVXZxM29yT28vV0pWaFR5dkxnRlZLMlFhclE0LzY3T1pmSGQ3UitQT0JYaG9waFNNdjFaT288L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48L2RzOlNpZ25hdHVyZT4NCiAgICA8c2FtbDpTdWJqZWN0Pg0KICAgICAgPHNhbWw6TmFtZUlEIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6ZW1haWxBZGRyZXNzIj5zdXBwb3J0QG9uZWxvZ2luLmNvbTwvc2FtbDpOYW1lSUQ+DQogICAgICA8c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+DQogICAgICAgIDxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAxMC0xMS0xOFQyMjowMjozN1oiIFJlY2lwaWVudD0ie3JlY2lwaWVudH0iLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4NCiAgICA8L3NhbWw6U3ViamVjdD4NCiAgICA8c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxMC0xMS0xOFQyMTo1MjozN1oiIE5vdE9uT3JBZnRlcj0iMjAxMC0xMS0xOFQyMjowMjozN1oiPg0KICAgICAgPHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj4NCiAgICAgICAgPHNhbWw6QXVkaWVuY2U+e2F1ZGllbmNlfTwvc2FtbDpBdWRpZW5jZT4NCiAgICAgIDwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KICAgIDwvc2FtbDpDb25kaXRpb25zPg0KICAgIDxzYW1sOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxMC0xMS0xOFQyMTo1NzozN1oiIFNlc3Npb25Ob3RPbk9yQWZ0ZXI9IjIwMTAtMTEtMTlUMjE6NTc6MzdaIiBTZXNzaW9uSW5kZXg9Il81MzFjMzJkMjgzYmRmZjdlMDRlNDg3YmNkYmM0ZGQ4ZCI+DQogICAgICA8c2FtbDpBdXRobkNvbnRleHQ+DQogICAgICAgIDxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPg0KICAgICAgPC9zYW1sOkF1dGhuQ29udGV4dD4NCiAgICA8L3NhbWw6QXV0aG5TdGF0ZW1lbnQ+DQogICAgPHNhbWw6QXR0cmlidXRlU3RhdGVtZW50Pg0KICAgICAgPHNhbWw6QXR0cmlidXRlIE5hbWU9InVpZCIgRnJpZW5kbHlOYW1lPSJ1c2VybmFtZSI+DQogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+ZGVtbzwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4NCiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+DQogICAgICA8c2FtbDpBdHRyaWJ1dGUgTmFtZT0iYW5vdGhlcl92YWx1ZSI+DQogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+dmFsdWU8L3NhbWw6QXR0cmlidXRlVmFsdWU+DQogICAgICA8L3NhbWw6QXR0cmlidXRlPg0KICAgIDwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQogIDwvc2FtbDpBc3NlcnRpb24+DQo8L3NhbWxwOlJlc3BvbnNlPg==python3-saml-1.12.0/tests/data/responses/response2.xml.base64000066400000000000000000000112621410551756100237610ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHNhbWwy cDpSZXNwb25zZSB4bWxuczpzYW1sMnA9InVybjpvYXNpczpuYW1lczp0YzpT QU1MOjIuMDpwcm90b2NvbCIgRGVzdGluYXRpb249Imh0dHBzOi8vd2liYmxl MTI5OTY5MzIwOC5leGFtcGxlLmNvbS9hY2Nlc3Mvc2FtbCIgSUQ9ImlkMTMw MzEzOTUyNjA0ODY2MjAwMDE1OTIzNzMwNDciIElzc3VlSW5zdGFudD0iMjAx MS0wNC0xOFQxNToxMjowNS45OTRaIiBWZXJzaW9uPSIyLjAiPgogIDxzYW1s MjpJc3N1ZXIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1M OjIuMDphc3NlcnRpb24iIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNB TUw6Mi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5Ij53aWJibGU8L3NhbWwyOklz c3Vlcj4KICA8c2FtbDJwOlN0YXR1cyB4bWxuczpzYW1sMnA9InVybjpvYXNp czpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCI+CiAgICA8c2FtbDJwOlN0 YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpz dGF0dXM6U3VjY2VzcyIvPgogIDwvc2FtbDJwOlN0YXR1cz4KICA8c2FtbDI6 QXNzZXJ0aW9uIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FN TDoyLjA6YXNzZXJ0aW9uIiBJRD0iaWQxMzAzMTM5NTI2MDU2NjkzMDAwOTI4 Mzg2OTY2IiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDQtMThUMTU6MTI6MDUuOTk0 WiIgVmVyc2lvbj0iMi4wIj4KICAgIDxzYW1sMjpJc3N1ZXIgeG1sbnM6c2Ft bDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIEZv cm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3Jt YXQ6ZW50aXR5Ij53aWJibGU8L3NhbWwyOklzc3Vlcj4KICAgIDxkczpTaWdu YXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1s ZHNpZyMiPgogICAgICA8ZHM6U2lnbmVkSW5mbyB4bWxuczpkcz0iaHR0cDov L3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+CiAgICAgICAgPGRzOkNh bm9uaWNhbGl6YXRpb25NZXRob2QgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMu b3JnLzIwMDAvMDkveG1sZHNpZyMiIEFsZ29yaXRobT0iaHR0cDovL3d3dy53 My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+CiAgICAgICAgPGRzOlNp Z25hdHVyZU1ldGhvZCB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAw MC8wOS94bWxkc2lnIyIgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8y MDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4KICAgICAgICA8ZHM6UmVmZXJl bmNlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRz aWcjIiBVUkk9IiNpZDEzMDMxMzk1MjYwNTY2OTMwMDA5MjgzODY5NjYiPgog ICAgICAgICAgPGRzOlRyYW5zZm9ybXMgeG1sbnM6ZHM9Imh0dHA6Ly93d3cu dzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgogICAgICAgICAgICA8ZHM6VHJh bnNmb3JtIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3ht bGRzaWcjIiBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkv eG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+CiAgICAgICAgICAgIDxk czpUcmFuc2Zvcm0geG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAv MDkveG1sZHNpZyMiIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAw MS8xMC94bWwtZXhjLWMxNG4jIj4KICAgICAgICAgICAgICA8ZWM6SW5jbHVz aXZlTmFtZXNwYWNlcyB4bWxuczplYz0iaHR0cDovL3d3dy53My5vcmcvMjAw MS8xMC94bWwtZXhjLWMxNG4jIiBQcmVmaXhMaXN0PSJkcyBzYW1sMiIvPgog ICAgICAgICAgICA8L2RzOlRyYW5zZm9ybT4KICAgICAgICAgIDwvZHM6VHJh bnNmb3Jtcz4KICAgICAgICAgIDxkczpEaWdlc3RNZXRob2QgeG1sbnM6ZHM9 Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIEFsZ29yaXRo bT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz4K ICAgICAgICAgIDxkczpEaWdlc3RWYWx1ZSB4bWxuczpkcz0iaHR0cDovL3d3 dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+RGlnZXN0IFN0dWZmPC9kczpE aWdlc3RWYWx1ZT4KICAgICAgICA8L2RzOlJlZmVyZW5jZT4KICAgICAgPC9k czpTaWduZWRJbmZvPgogICAgICA8ZHM6U2lnbmF0dXJlVmFsdWUgeG1sbnM6 ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPlNpZ25h dHVyZSBTdHVmZjwvZHM6U2lnbmF0dXJlVmFsdWU+CiAgICAgIDxkczpLZXlJ bmZvPgogICAgICAgIDxkczpYNTA5RGF0YT4KICAgICAgICAgIDxkczpYNTA5 Q2VydGlmaWNhdGU+Q2VydGlmaWNhdGUgU3R1ZmY8L2RzOlg1MDlDZXJ0aWZp Y2F0ZT4KICAgICAgICA8L2RzOlg1MDlEYXRhPgogICAgICA8L2RzOktleUlu Zm8+CiAgICA8L2RzOlNpZ25hdHVyZT4KICAgIDxzYW1sMjpTdWJqZWN0IHht bG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0 aW9uIj4KICAgICAgPHNhbWwyOk5hbWVJRD53aWJibGVAd2liYmxlLmNvbTwv c2FtbDI6TmFtZUlEPgogICAgICA8c2FtbDI6U3ViamVjdENvbmZpcm1hdGlv biBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFy ZXIiPgogICAgICAgIDxzYW1sMjpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBO b3RPbk9yQWZ0ZXI9IjIwMTEtMDQtMThUMTU6MTc6MDYuMDY0WiIgUmVjaXBp ZW50PSJodHRwczovL3dpYmJsZTEyOTk2OTMyMDguZXhhbXBsZS5jb20vYWNj ZXNzL3NhbWwvIi8+CiAgICAgIDwvc2FtbDI6U3ViamVjdENvbmZpcm1hdGlv bj4KICAgIDwvc2FtbDI6U3ViamVjdD4KICAgIDxzYW1sMjpDb25kaXRpb25z IHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNz ZXJ0aW9uIiBOb3RCZWZvcmU9IjIwMTEtMDQtMThUMTU6MDc6MDYuMDY3WiIg Tm90T25PckFmdGVyPSIyMDExLTA0LTE4VDE1OjE3OjA2LjA2NFoiPgogICAg ICA8c2FtbDI6QXVkaWVuY2VSZXN0cmljdGlvbj4KICAgICAgICA8c2FtbDI6 QXVkaWVuY2U+ZXhhbXBsZS5jb208L3NhbWwyOkF1ZGllbmNlPgogICAgICA8 L3NhbWwyOkF1ZGllbmNlUmVzdHJpY3Rpb24+CiAgICA8L3NhbWwyOkNvbmRp dGlvbnM+CiAgICA8c2FtbDI6QXV0aG5TdGF0ZW1lbnQgeG1sbnM6c2FtbDI9 InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIEF1dGhu SW5zdGFudD0iMjAxMS0wNC0xOFQxNToxMjowNS45OTRaIj4KICAgICAgPHNh bWwyOkF1dGhuQ29udGV4dD4KICAgICAgICA8c2FtbDI6QXV0aG5Db250ZXh0 Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNz ZXM6UGFzc3dvcmRQcm90ZWN0ZWRUcmFuc3BvcnQ8L3NhbWwyOkF1dGhuQ29u dGV4dENsYXNzUmVmPgogICAgICA8L3NhbWwyOkF1dGhuQ29udGV4dD4KICAg IDwvc2FtbDI6QXV0aG5TdGF0ZW1lbnQ+CiAgPC9zYW1sMjpBc3NlcnRpb24+ Cjwvc2FtbDJwOlJlc3BvbnNlPgo=python3-saml-1.12.0/tests/data/responses/response3.xml.base64000066400000000000000000000076161410551756100237720ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIj8+CjxzYW1scDpSZXNwb25zZSB4bWxuczpz YW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBJ RD0iXzZiODVkMGRkLWJmYTgtNGRlZi04MmMyLTg2MjFlMDQ1MjQ3NyIgVmVy c2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDUtMDJUMTk6NDM6NTQu NjkyWiIgRGVzdGluYXRpb249Imh0dHBzOi8vZXhhbXBsZS5jb20vYWNjZXNz L3NhbWwiIENvbnNlbnQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpj b25zZW50OnVuc3BlY2lmaWVkIiBJblJlc3BvbnNlVG89Il9mYjg0MThkMC01 NzFlLTAxMmUtZWVlMC0wMDUwNTY5MjAwZDAiPgogIDxJc3N1ZXIgeG1sbnM9 InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHA6 Ly9leGFtcGxlLmNvbS9zZXJ2aWNlcy90cnVzdDwvSXNzdWVyPgogIDxzYW1s cDpTdGF0dXM+CiAgICA8c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9h c2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+CiAgPC9z YW1scDpTdGF0dXM+CiAgPEFzc2VydGlvbiB4bWxucz0idXJuOm9hc2lzOm5h bWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9Il9kYmU2YTM2NS05NTgy LTQ2MGYtYjRiMS0xZjc5YmY3MGY3NmIiIElzc3VlSW5zdGFudD0iMjAxMS0w NS0wMlQxOTo0Mzo1NC42NDVaIiBWZXJzaW9uPSIyLjAiPgogICAgPElzc3Vl cj5odHRwOi8vZXhhbXBsZS5jb20vc2VydmljZXMvdHJ1c3Q8L0lzc3Vlcj4K ICAgIDxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3Jn LzIwMDAvMDkveG1sZHNpZyMiPgogICAgICA8ZHM6U2lnbmVkSW5mbz4KICAg ICAgICA8ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0 dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPgogICAg ICAgIDxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3 LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4KICAgICAgICA8 ZHM6UmVmZXJlbmNlIFVSST0iI19kYmU2YTM2NS05NTgyLTQ2MGYtYjRiMS0x Zjc5YmY3MGY3NmIiPgogICAgICAgICAgPGRzOlRyYW5zZm9ybXM+CiAgICAg ICAgICAgIDxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3Lncz Lm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPgog ICAgICAgICAgICA8ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3 dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+CiAgICAgICAgICA8 L2RzOlRyYW5zZm9ybXM+CiAgICAgICAgICA8ZHM6RGlnZXN0TWV0aG9kIEFs Z29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3No YTEiLz4KICAgICAgICAgIDxkczpEaWdlc3RWYWx1ZT5EaWdlc3Q8L2RzOkRp Z2VzdFZhbHVlPgogICAgICAgIDwvZHM6UmVmZXJlbmNlPgogICAgICA8L2Rz OlNpZ25lZEluZm8+CiAgICAgIDxkczpTaWduYXR1cmVWYWx1ZT5TaWduYXR1 cmU8L2RzOlNpZ25hdHVyZVZhbHVlPgogICAgICA8S2V5SW5mbyB4bWxucz0i aHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+CiAgICAgICAg PGRzOlg1MDlEYXRhPgogICAgICAgICAgPGRzOlg1MDlDZXJ0aWZpY2F0ZT5T dHVmZjwvZHM6WDUwOUNlcnRpZmljYXRlPgogICAgICAgIDwvZHM6WDUwOURh dGE+CiAgICAgIDwvS2V5SW5mbz4KICAgIDwvZHM6U2lnbmF0dXJlPgogICAg PFN1YmplY3Q+CiAgICAgIDxOYW1lSUQgRm9ybWF0PSJ1cm46b2FzaXM6bmFt ZXM6dGM6U0FNTDoxLjE6bmFtZWlkLWZvcm1hdDplbWFpbEFkZHJlc3MiPnNv bWVvbmVAZXhhbXBsZS5jb208L05hbWVJRD4KICAgICAgPFN1YmplY3RDb25m aXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6 Y206YmVhcmVyIj4KICAgICAgICA8U3ViamVjdENvbmZpcm1hdGlvbkRhdGEg SW5SZXNwb25zZVRvPSJfZmI4NDE4ZDAtNTcxZS0wMTJlLWVlZTAtMDA1MDU2 OTIwMGQwIiBOb3RPbk9yQWZ0ZXI9IjIwMTEtMDUtMDJUMTk6NDg6NTQuNzA3 WiIgUmVjaXBpZW50PSJodHRwczovL2V4YW1wbGUuY29tL2FjY2Vzcy9zYW1s Ii8+CiAgICAgIDwvU3ViamVjdENvbmZpcm1hdGlvbj4KICAgIDwvU3ViamVj dD4KICAgIDxDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxMS0wNS0wMlQxOTo0 Mzo1NC42NDVaIiBOb3RPbk9yQWZ0ZXI9IjIwMTEtMDUtMDJUMjA6NDM6NTQu NjQ1WiI+CiAgICAgIDxBdWRpZW5jZVJlc3RyaWN0aW9uPgogICAgICAgIDxB dWRpZW5jZT5jb25zdW1lci5leGFtcGxlLmNvbTwvQXVkaWVuY2U+CiAgICAg IDwvQXVkaWVuY2VSZXN0cmljdGlvbj4KICAgIDwvQ29uZGl0aW9ucz4KICAg IDxBdHRyaWJ1dGVTdGF0ZW1lbnQ+CiAgICAgIDxBdHRyaWJ1dGUgTmFtZT0i aHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0 eS9jbGFpbXMvZW1haWxhZGRyZXNzIj4KICAgICAgICA8QXR0cmlidXRlVmFs dWU+c29tZW9uZUBleGFtcGxlLmNvbTwvQXR0cmlidXRlVmFsdWU+CiAgICAg IDwvQXR0cmlidXRlPgogICAgPC9BdHRyaWJ1dGVTdGF0ZW1lbnQ+CiAgICA8 QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDExLTA1LTAyVDE5OjQz OjU0LjI4NVoiIFNlc3Npb25JbmRleD0iX2RiZTZhMzY1LTk1ODItNDYwZi1i NGIxLTFmNzliZjcwZjc2YiI+CiAgICAgIDxBdXRobkNvbnRleHQ+CiAgICAg ICAgPEF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpT QU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkUHJvdGVjdGVkVHJhbnNwb3J0 PC9BdXRobkNvbnRleHRDbGFzc1JlZj4KICAgICAgPC9BdXRobkNvbnRleHQ+ CiAgICA8L0F1dGhuU3RhdGVtZW50PgogIDwvQXNzZXJ0aW9uPgo8L3NhbWxw OlJlc3BvbnNlPgo= python3-saml-1.12.0/tests/data/responses/response4.xml.base64000066400000000000000000000130441410551756100237630ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0 YzpTQU1MOjIuMDphc3NlcnRpb24iIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6 bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIElEPSJHT1NBTUxSMTMwNzE1 NDEyMjM0MDkiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDExLTA2 LTA0VDAyOjIyOjAyWiIgRGVzdGluYXRpb249InJlY2lwaWVudCI+PHNhbWw6 SXNzdWVyPmh0dHBzOi8vYXBwLm9uZWxvZ2luLmNvbS9zYW1sMjwvc2FtbDpJ c3N1ZXI+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0i dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+ PC9zYW1scDpTdGF0dXM+PHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzPSJodHRw Oi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRw Oi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgVmVyc2lv bj0iMi4wIiBJRD0iZmFrZV9hc3NlcnRpb24iIElzc3VlSW5zdGFudD0iMjAx MS0wNi0wNFQwMjoyMjowMloiPjxzYW1sOklzc3Vlcj5odHRwczovL2FwcC5v bmVsb2dpbi5jb20vc2FtbDI8L3NhbWw6SXNzdWVyPjxzYW1sOlN1YmplY3Q+ PHNhbWw6TmFtZUlEIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6 MS4xOm5hbWVpZC1mb3JtYXQ6ZW1haWxBZGRyZXNzIj5ib2d1c0BvbmVsb2dp bi5jb208L3NhbWw6TmFtZUlEPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb24g TWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVy Ij48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBOb3RPbk9yQWZ0ZXI9 IjIwMTEtMDYtMDRUMDI6Mjc6MDJaIiBSZWNpcGllbnQ9InJlY2lwaWVudCIv Pjwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPjwvc2FtbDpTdWJqZWN0Pjxz YW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDExLTA2LTA0VDAyOjE3OjAy WiIgTm90T25PckFmdGVyPSIyMDExLTA2LTA0VDAyOjI3OjAyWiI+PHNhbWw6 QXVkaWVuY2VSZXN0cmljdGlvbj48c2FtbDpBdWRpZW5jZT5hdWRpZW5jZTwv c2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3Nh bWw6Q29uZGl0aW9ucz48c2FtbDpBdXRoblN0YXRlbWVudCBBdXRobkluc3Rh bnQ9IjIwMTEtMDYtMDRUMDI6MjI6MDJaIiBTZXNzaW9uTm90T25PckFmdGVy PSIyMDExLTA2LTA1VDAyOjIyOjAyWiIgU2Vzc2lvbkluZGV4PSJfMTZmNTcw ZmJjMDMxNTAwN2EwMzU1ZGZlYTZiM2M0NmMiPjxzYW1sOkF1dGhuQ29udGV4 dD48c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6 dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZFByb3RlY3RlZFRyYW5z cG9ydDwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj48L3NhbWw6QXV0aG5D b250ZXh0Pjwvc2FtbDpBdXRoblN0YXRlbWVudD48L3NhbWw6QXNzZXJ0aW9u PjxzYW1sOkFzc2VydGlvbiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcv MjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcv MjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIFZlcnNpb249IjIuMCIgSUQ9InBm eDk1MTZiMGYzLTQ1MzYtMTBmNi1jNmZhLTlkZDUyM2UxNDk4YyIgSXNzdWVJ bnN0YW50PSIyMDExLTA2LTA0VDAyOjIyOjAyWiI+PHNhbWw6SXNzdWVyPmh0 dHBzOi8vYXBwLm9uZWxvZ2luLmNvbS9zYW1sMjwvc2FtbDpJc3N1ZXI+PGRz OlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8w OS94bWxkc2lnIyI+CiAgPGRzOlNpZ25lZEluZm8+PGRzOkNhbm9uaWNhbGl6 YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAx LzEwL3htbC1leGMtYzE0biMiLz4KICAgIDxkczpTaWduYXR1cmVNZXRob2Qg QWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcj cnNhLXNoYTEiLz4KICA8ZHM6UmVmZXJlbmNlIFVSST0iI3BmeDk1MTZiMGYz LTQ1MzYtMTBmNi1jNmZhLTlkZDUyM2UxNDk4YyI+PGRzOlRyYW5zZm9ybXM+ PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIw MDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PGRzOlRyYW5z Zm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1s LWV4Yy1jMTRuIyIvPjwvZHM6VHJhbnNmb3Jtcz48ZHM6RGlnZXN0TWV0aG9k IEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2ln I3NoYTEiLz48ZHM6RGlnZXN0VmFsdWU+L0ZFUHRwVlhKTDJHNzJ1UDZMd2Vv R1ltYnpVPTwvZHM6RGlnZXN0VmFsdWU+PC9kczpSZWZlcmVuY2U+PC9kczpT aWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5rSEhrMFFOekMwTFlvVkVQ UnE0MGRNT1puckpSdzdlT1dkWWdJY240MXQ2N25xOHJwVjhpSEF2WWQva0RS MVJKcEc2UjU4K25LRVhtTUFLcFNDY29GeC9tQU1UNjNodzQ5RlhOYWZ4WWhj MGc1bjFSVGhaQURFNlJZSFZpV2pvRHdxZzVCT3FnNnNLNUxlZk5ZM080dVhn QXFyMUw4R3pVNXNtMGlMWm9xSUU9PC9kczpTaWduYXR1cmVWYWx1ZT4KPGRz OktleUluZm8+PGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJ QnJUQ0NBYUdnQXdJQkFnSUJBVEFEQmdFQU1HY3hDekFKQmdOVkJBWVRBbFZU TVJNd0VRWURWUVFJREFwRFlXeHBabTl5Ym1saE1SVXdFd1lEVlFRSERBeFRZ VzUwWVNCTmIyNXBZMkV4RVRBUEJnTlZCQW9NQ0U5dVpVeHZaMmx1TVJrd0Z3 WURWUVFEREJCaGNIQXViMjVsYkc5bmFXNHVZMjl0TUI0WERURXdNVEF4TVRJ eE1UVXhNbG9YRFRFMU1UQXhNVEl4TVRVeE1sb3daekVMTUFrR0ExVUVCaE1D VlZNeEV6QVJCZ05WQkFnTUNrTmhiR2xtYjNKdWFXRXhGVEFUQmdOVkJBY01E Rk5oYm5SaElFMXZibWxqWVRFUk1BOEdBMVVFQ2d3SVQyNWxURzluYVc0eEdU QVhCZ05WQkFNTUVHRndjQzV2Ym1Wc2IyZHBiaTVqYjIwd2daOHdEUVlKS29a SWh2Y05BUUVCQlFBRGdZMEFNSUdKQW9HQkFNUG1qZmp5N0wzNW9EcGVCWEJv UlZDZ2t0UGtMbm85RE9FV0I3TWdZTU1WS3MyQjZ5bVdRTEVXckR1Z01LMWhr eldGaEliNWZxV0xHYld5MEowdmVHUjkvZ0hPUUcrckQvSTM2eEFYbmtkaVhY aHpvaUFHL3pReE0wZWRNT1VmNDBuMzE0RkM4bW9FcmNVZzZRYWJ0dHplc081 OUhGejZzaFB1eGNXYVZBZ3hBZ01CQUFFd0F3WUJBQU1CQUE9PTwvZHM6WDUw OUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjwvZHM6 U2lnbmF0dXJlPjxzYW1sOlN1YmplY3Q+PHNhbWw6TmFtZUlEIEZvcm1hdD0i dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6ZW1h aWxBZGRyZXNzIj50ZXN0QG9uZWxvZ2luLmNvbTwvc2FtbDpOYW1lSUQ+PHNh bWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1l czp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJt YXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAxMS0wNi0wNFQwMjoyNzowMloi IFJlY2lwaWVudD0icmVjaXBpZW50Ii8+PC9zYW1sOlN1YmplY3RDb25maXJt YXRpb24+PC9zYW1sOlN1YmplY3Q+PHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZv cmU9IjIwMTEtMDYtMDRUMDI6MTc6MDJaIiBOb3RPbk9yQWZ0ZXI9IjIwMTEt MDYtMDRUMDI6Mjc6MDJaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxz YW1sOkF1ZGllbmNlPmF1ZGllbmNlPC9zYW1sOkF1ZGllbmNlPjwvc2FtbDpB dWRpZW5jZVJlc3RyaWN0aW9uPjwvc2FtbDpDb25kaXRpb25zPjxzYW1sOkF1 dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxMS0wNi0wNFQwMjoyMjow MloiIFNlc3Npb25Ob3RPbk9yQWZ0ZXI9IjIwMTEtMDYtMDVUMDI6MjI6MDJa IiBTZXNzaW9uSW5kZXg9Il8xNmY1NzBmYmMwMzE1MDA3YTAzNTVkZmVhNmIz YzQ2YyI+PHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENs YXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2Vz OlBhc3N3b3JkUHJvdGVjdGVkVHJhbnNwb3J0PC9zYW1sOkF1dGhuQ29udGV4 dENsYXNzUmVmPjwvc2FtbDpBdXRobkNvbnRleHQ+PC9zYW1sOkF1dGhuU3Rh dGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+PC9zYW1scDpSZXNwb25zZT4=python3-saml-1.12.0/tests/data/responses/response5.xml.base64000066400000000000000000000141121410551756100237610ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHNhbWwy cDpSZXNwb25zZSB4bWxuczpzYW1sMnA9InVybjpvYXNpczpuYW1lczp0YzpT QU1MOjIuMDpwcm90b2NvbCIKICAgICAgICAgICAgICAgICBEZXN0aW5hdGlv bj0iaHR0cHM6Ly9leGFtcGxlc2FtbC5mb29ibGUuY29tL2FjY2Vzcy9zYW1s IiBJRD0iaWQ0MzUwMDE5MDE0NzE3NzIxMDMwODIzNjI0IgogICAgICAgICAg ICAgICAgIElzc3VlSW5zdGFudD0iMjAxMS0wNi0xNFQxODoyNjowMS41MTVa IiBWZXJzaW9uPSIyLjAiPgogICAgPHNhbWwyOklzc3VlciB4bWxuczpzYW1s Mj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIKICAg ICAgICAgICAgICAgICAgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FN TDoyLjA6bmFtZWlkLWZvcm1hdDplbnRpdHkiPmV4YW1wbGUKICAgIDwvc2Ft bDI6SXNzdWVyPgogICAgPHNhbWwycDpTdGF0dXMgeG1sbnM6c2FtbDJwPSJ1 cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiPgogICAgICAg IDxzYW1sMnA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRj OlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+CiAgICA8L3NhbWwycDpTdGF0 dXM+CiAgICA8c2FtbDI6QXNzZXJ0aW9uIHhtbG5zOnNhbWwyPSJ1cm46b2Fz aXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBJRD0iaWQ0MzUwMDE5 MDE2NzIzNzcxNTg0NjA0NzQiCiAgICAgICAgICAgICAgICAgICAgIElzc3Vl SW5zdGFudD0iMjAxMS0wNi0xNFQxODoyNjowMS41MTVaIiBWZXJzaW9uPSIy LjAiPgogICAgICAgIDxzYW1sMjpJc3N1ZXIgRm9ybWF0PSJ1cm46b2FzaXM6 bmFtZXM6dGM6U0FNTDoyLjA6bmFtZWlkLWZvcm1hdDplbnRpdHkiCiAgICAg ICAgICAgICAgICAgICAgICB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVz OnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+ZXhhbXBsZQogICAgICAgIDwvc2Ft bDI6SXNzdWVyPgogICAgICAgIDxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0 dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgogICAgICAgICAg ICA8ZHM6U2lnbmVkSW5mbyB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC8wOS94bWxkc2lnIyI+CiAgICAgICAgICAgICAgICA8ZHM6Q2Fub25p Y2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3Jn LzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIKICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIHhtbG5zOmRzPSJodHRwOi8vd3d3Lncz Lm9yZy8yMDAwLzA5L3htbGRzaWcjIi8+CiAgICAgICAgICAgICAgICA8ZHM6 U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcv MjAwMC8wOS94bWxkc2lnI3JzYS1zaGExIgogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC8wOS94bWxkc2lnIyIvPgogICAgICAgICAgICAgICAgPGRzOlJlZmVy ZW5jZSBVUkk9IiNpZDQzNTAwMTkwMTY3MjM3NzE1ODQ2MDQ3NCIgeG1sbnM6 ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgogICAg ICAgICAgICAgICAgICAgIDxkczpUcmFuc2Zvcm1zIHhtbG5zOmRzPSJodHRw Oi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4KICAgICAgICAgICAg ICAgICAgICAgICAgPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93 d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJl IgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHhtbG5z OmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIi8+CiAg ICAgICAgICAgICAgICAgICAgICAgIDxkczpUcmFuc2Zvcm0gQWxnb3JpdGht PSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiCiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgeG1sbnM6ZHM9 Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgogICAgICAg ICAgICAgICAgICAgICAgICAgICAgPGVjOkluY2x1c2l2ZU5hbWVzcGFjZXMg eG1sbnM6ZWM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1j MTRuIyIKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIFByZWZpeExpc3Q9ImRzIHNhbWwyIi8+CiAgICAgICAg ICAgICAgICAgICAgICAgIDwvZHM6VHJhbnNmb3JtPgogICAgICAgICAgICAg ICAgICAgIDwvZHM6VHJhbnNmb3Jtcz4KICAgICAgICAgICAgICAgICAgICA8 ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcv MjAwMC8wOS94bWxkc2lnI3NoYTEiCiAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAw MC8wOS94bWxkc2lnIyIvPgogICAgICAgICAgICAgICAgICAgIDxkczpEaWdl c3RWYWx1ZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94 bWxkc2lnIyI+c3R1ZmZpZ0wyeTAybVBXUWxHSU9sbz0KICAgICAgICAgICAg ICAgICAgICA8L2RzOkRpZ2VzdFZhbHVlPgogICAgICAgICAgICAgICAgPC9k czpSZWZlcmVuY2U+CiAgICAgICAgICAgIDwvZHM6U2lnbmVkSW5mbz4KICAg ICAgICAgICAgPGRzOlNpZ25hdHVyZVZhbHVlIHhtbG5zOmRzPSJodHRwOi8v d3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4KICAgICAgICAgICAgICAg IE85REFPSWVFazFYbFgyWVZkaHFVemd4amJBam9XQjdnam1VQmtWdlRFb1dO akYrK2QvcnVFWkFicnVHMXhtblR2VHJ4TXN0S08wRmYKICAgICAgICAgICAg ICAgIDk0VVAyN05yeWM1OExmZlF0dzhEVXQ0WVNtR3k5OFM3aFVqS28yeTcy VTdPQVp1TnJoV0JYcTZodEc0ZzBJNDk4MTNkSWROS2xkS2QKICAgICAgICAg ICAgICAgIGJMSitRMTJIbEM1aUtUWG9pQjQ9CiAgICAgICAgICAgIDwvZHM6 U2lnbmF0dXJlVmFsdWU+CiAgICAgICAgICAgIDxkczpLZXlJbmZvPgogICAg ICAgICAgICAgICAgPGRzOlg1MDlEYXRhPgogICAgICAgICAgICAgICAgICAg IDxkczpYNTA5Q2VydGlmaWNhdGU+CiAgICAgICAgICAgICAgICAgICAgICAg IHN0dWZmLzZwTW9Mc2NaaDJHTUsrVkE9PQogICAgICAgICAgICAgICAgICAg IDwvZHM6WDUwOUNlcnRpZmljYXRlPgogICAgICAgICAgICAgICAgPC9kczpY NTA5RGF0YT4KICAgICAgICAgICAgPC9kczpLZXlJbmZvPgogICAgICAgIDwv ZHM6U2lnbmF0dXJlPgogICAgICAgIDxzYW1sMjpTdWJqZWN0IHhtbG5zOnNh bWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj4K ICAgICAgICAgICAgPHNhbWwyOk5hbWVJRD5zb21lb25lLmV4YW1wbGVAZ21h aWwuY29tPC9zYW1sMjpOYW1lSUQ+CiAgICAgICAgICAgIDxzYW1sMjpTdWJq ZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNB TUw6Mi4wOmNtOmJlYXJlciI+CiAgICAgICAgICAgICAgICA8c2FtbDI6U3Vi amVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDExLTA2LTE0 VDE4OjMxOjAxLjUxNloiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgUmVjaXBpZW50PSJodHRwczovL2V4YW1wbGVz YW1sLmZvb2JsZS5jb20vYWNjZXNzL3NhbWwvIi8+CiAgICAgICAgICAgIDwv c2FtbDI6U3ViamVjdENvbmZpcm1hdGlvbj4KICAgICAgICA8L3NhbWwyOlN1 YmplY3Q+CiAgICAgICAgPHNhbWwyOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIy MDExLTA2LTE0VDE4OjIxOjAxLjUxNloiIE5vdE9uT3JBZnRlcj0iMjAxMS0w Ni0xNFQxODozMTowMS41MTZaIgogICAgICAgICAgICAgICAgICAgICAgICAg IHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNz ZXJ0aW9uIj4KICAgICAgICAgICAgPHNhbWwyOkF1ZGllbmNlUmVzdHJpY3Rp b24+CiAgICAgICAgICAgICAgICA8c2FtbDI6QXVkaWVuY2U+Zm9vYmxlLmNv bTwvc2FtbDI6QXVkaWVuY2U+CiAgICAgICAgICAgIDwvc2FtbDI6QXVkaWVu Y2VSZXN0cmljdGlvbj4KICAgICAgICA8L3NhbWwyOkNvbmRpdGlvbnM+CiAg ICAgICAgPHNhbWwyOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAx MS0wNi0xNFQxODoyNjowMS41MTVaIgogICAgICAgICAgICAgICAgICAgICAg ICAgICAgICB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6 Mi4wOmFzc2VydGlvbiI+CiAgICAgICAgICAgIDxzYW1sMjpBdXRobkNvbnRl eHQ+CiAgICAgICAgICAgICAgICA8c2FtbDI6QXV0aG5Db250ZXh0Q2xhc3NS ZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFz c3dvcmRQcm90ZWN0ZWRUcmFuc3BvcnQKICAgICAgICAgICAgICAgIDwvc2Ft bDI6QXV0aG5Db250ZXh0Q2xhc3NSZWY+CiAgICAgICAgICAgIDwvc2FtbDI6 QXV0aG5Db250ZXh0PgogICAgICAgIDwvc2FtbDI6QXV0aG5TdGF0ZW1lbnQ+ CiAgICA8L3NhbWwyOkFzc2VydGlvbj4KPC9zYW1sMnA6UmVzcG9uc2U+ python3-saml-1.12.0/tests/data/responses/response_encrypted_nameid.xml.base64000066400000000000000000000235301410551756100272720ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeDQyN2JmMGJiLTI3MmMtMGFkMC05MGYyLTVmN2ZkOWJhYzQ2OCIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDMtMDlUMTI6MjM6MzdaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9pbmRleC5waHA/YWNzIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOX2JmMzcyYjlkNjdkMGM4OWQwY2YxYWYzZmY2MjVlYTdjMDUxYzk4ODUiPjxzYW1sOklzc3Vlcj5odHRwczovL3BpdGJ1bGsubm8taXAub3JnL3NpbXBsZXNhbWwvc2FtbDIvaWRwL21ldGFkYXRhLnBocDwvc2FtbDpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+DQogIDxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+DQogICAgPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIvPg0KICA8ZHM6UmVmZXJlbmNlIFVSST0iI3BmeDQyN2JmMGJiLTI3MmMtMGFkMC05MGYyLTVmN2ZkOWJhYzQ2OCI+PGRzOlRyYW5zZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvZHM6VHJhbnNmb3Jtcz48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz48ZHM6RGlnZXN0VmFsdWU+eHRBaE5WaUtVa3VmcUR1eUNHRDBVVE9SbVdBPTwvZHM6RGlnZXN0VmFsdWU+PC9kczpSZWZlcmVuY2U+PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5yL0E3SHhVVC9mZ1pXMVBGVkdHOXJTbW5sQU1QVjdnQm4zTjBVdFJ1V0VtTmlaQTVNUUVCSE9JeTA0dFFuSmRXYksrKzAxemh0TmdqRlhGeGduaE5VWFdKdVF4Rnp3SzdvaTRJbHc0amZjQ2tpSFJLVWxubGQ4U3Q1YVBGMUE5bFlWbWxtU0d5dUgzSnlrSjNnVjNaeVJRMjhDc0IvQnBtdi9mbmhleHBhYzQ9PC9kczpTaWduYXR1cmVWYWx1ZT4NCjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUNnVENDQWVvQ0NRQ2JPbHJXRGRYN0ZUQU5CZ2txaGtpRzl3MEJBUVVGQURDQmhERUxNQWtHQTFVRUJoTUNUazh4R0RBV0JnTlZCQWdURDBGdVpISmxZWE1nVTI5c1ltVnlaekVNTUFvR0ExVUVCeE1EUm05dk1SQXdEZ1lEVlFRS0V3ZFZUa2xPUlZSVU1SZ3dGZ1lEVlFRREV3OW1aV2xrWlM1bGNteGhibWN1Ym04eElUQWZCZ2txaGtpRzl3MEJDUUVXRW1GdVpISmxZWE5BZFc1cGJtVjBkQzV1YnpBZUZ3MHdOekEyTVRVeE1qQXhNelZhRncwd056QTRNVFF4TWpBeE16VmFNSUdFTVFzd0NRWURWUVFHRXdKT1R6RVlNQllHQTFVRUNCTVBRVzVrY21WaGN5QlRiMnhpWlhKbk1Rd3dDZ1lEVlFRSEV3TkdiMjh4RURBT0JnTlZCQW9UQjFWT1NVNUZWRlF4R0RBV0JnTlZCQU1URDJabGFXUmxMbVZ5YkdGdVp5NXViekVoTUI4R0NTcUdTSWIzRFFFSkFSWVNZVzVrY21WaGMwQjFibWx1WlhSMExtNXZNSUdmTUEwR0NTcUdTSWIzRFFFQkFRVUFBNEdOQURDQmlRS0JnUURpdmJoUjdQNTE2eC9TM0JxS3h1cFFlMExPTm9saXVwaUJPZXNDTzNTSGJEcmwzK3E5SWJmbmZtRTA0ck51TWNQc0l4QjE2MVRkRHBJZXNMQ243YzhhUEhJU0tPdFBsQWVUWlNuYjhRQXU3YVJqWnEzK1BiclA1dVczVGNmQ0dQdEtUeXRIT2dlL09sSmJvMDc4ZFZoWFExNGQxRUR3WEpXMXJSWHVVdDRDOFFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQlFVQUE0R0JBQ0RWZnA4NkhPYnFZK2U4QlVvV1E5K1ZNUXgxQVNEb2hCandPc2cyV3lrVXFSWEYrZExmY1VIOWRXUjYzQ3RaSUtGRGJTdE5vbVBuUXo3bmJLK29ueWd3QnNwVkVibkh1VWloWnEzWlVkbXVtUXFDdzRVdnMvMVV2cTNvck9vL1dKVmhUeXZMZ0ZWSzJRYXJRNC82N09aZkhkN1IrUE9CWGhvcGhTTXYxWk9vPC9kczpYNTA5Q2VydGlmaWNhdGU+PC9kczpYNTA5RGF0YT48L2RzOktleUluZm8+PC9kczpTaWduYXR1cmU+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+PHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9InBmeDczY2ZlZWM0LWZkOTMtMzE1OC05ZDI1LWVmZDgzYWM4MjQyYiIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDMtMDlUMTI6MjM6MzdaIj48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9zaW1wbGVzYW1sL3NhbWwyL2lkcC9tZXRhZGF0YS5waHA8L3NhbWw6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPg0KICA8ZHM6U2lnbmVkSW5mbz48ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPg0KICAgIDxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4NCiAgPGRzOlJlZmVyZW5jZSBVUkk9IiNwZng3M2NmZWVjNC1mZDkzLTMxNTgtOWQyNS1lZmQ4M2FjODI0MmIiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+PGRzOkRpZ2VzdFZhbHVlPjJpdzJPZUpRSjA1ellQTkIvSUp3TXdETFRjdz08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU+cFFiaUFReWEvKzVxbkhKWWlPQ0dFaUt5RHNSZThKdTlBUlJiVlFlUkd5NWF4VlU5aDYxV0tYSWcwcDI5NlFQMEJBem0rWmt5cXErTUdSVWE4OFNpaWFlbWRma3dRZnd1TS8rTk1FTkRqQmgrR2tob0RmcjN1ZDAzWjNDcHA3dDdTSldWVnF5NGZZVUtzNllaYmJRTG5PVjZPVVphb3R6eFBzUXVSVGlsWmVrPTwvZHM6U2lnbmF0dXJlVmFsdWU+DQo8ZHM6S2V5SW5mbz48ZHM6WDUwOURhdGE+PGRzOlg1MDlDZXJ0aWZpY2F0ZT5NSUlDZ1RDQ0Flb0NDUUNiT2xyV0RkWDdGVEFOQmdrcWhraUc5dzBCQVFVRkFEQ0JoREVMTUFrR0ExVUVCaE1DVGs4eEdEQVdCZ05WQkFnVEQwRnVaSEpsWVhNZ1UyOXNZbVZ5WnpFTU1Bb0dBMVVFQnhNRFJtOXZNUkF3RGdZRFZRUUtFd2RWVGtsT1JWUlVNUmd3RmdZRFZRUURFdzltWldsa1pTNWxjbXhoYm1jdWJtOHhJVEFmQmdrcWhraUc5dzBCQ1FFV0VtRnVaSEpsWVhOQWRXNXBibVYwZEM1dWJ6QWVGdzB3TnpBMk1UVXhNakF4TXpWYUZ3MHdOekE0TVRReE1qQXhNelZhTUlHRU1Rc3dDUVlEVlFRR0V3Sk9UekVZTUJZR0ExVUVDQk1QUVc1a2NtVmhjeUJUYjJ4aVpYSm5NUXd3Q2dZRFZRUUhFd05HYjI4eEVEQU9CZ05WQkFvVEIxVk9TVTVGVkZReEdEQVdCZ05WQkFNVEQyWmxhV1JsTG1WeWJHRnVaeTV1YnpFaE1COEdDU3FHU0liM0RRRUpBUllTWVc1a2NtVmhjMEIxYm1sdVpYUjBMbTV2TUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FEaXZiaFI3UDUxNngvUzNCcUt4dXBRZTBMT05vbGl1cGlCT2VzQ08zU0hiRHJsMytxOUliZm5mbUUwNHJOdU1jUHNJeEIxNjFUZERwSWVzTENuN2M4YVBISVNLT3RQbEFlVFpTbmI4UUF1N2FSalpxMytQYnJQNXVXM1RjZkNHUHRLVHl0SE9nZS9PbEpibzA3OGRWaFhRMTRkMUVEd1hKVzFyUlh1VXQ0QzhRSURBUUFCTUEwR0NTcUdTSWIzRFFFQkJRVUFBNEdCQUNEVmZwODZIT2JxWStlOEJVb1dROStWTVF4MUFTRG9oQmp3T3NnMld5a1VxUlhGK2RMZmNVSDlkV1I2M0N0WklLRkRiU3ROb21QblF6N25iSytvbnlnd0JzcFZFYm5IdVVpaFpxM1pVZG11bVFxQ3c0VXZzLzFVdnEzb3JPby9XSlZoVHl2TGdGVksyUWFyUTQvNjdPWmZIZDdSK1BPQlhob3BoU012MVpPbzwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1sOlN1YmplY3Q+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjA0My0wOS0xMFQxNzo0MzozN1oiIFJlY2lwaWVudD0iaHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9pbmRleC5waHA/YWNzIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOX2JmMzcyYjlkNjdkMGM4OWQwY2YxYWYzZmY2MjVlYTdjMDUxYzk4ODUiLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48c2FtbDpFbmNyeXB0ZWRJRD48eGVuYzpFbmNyeXB0ZWREYXRhIHhtbG5zOnhlbmM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jIyIgeG1sbnM6ZHNpZz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyIgVHlwZT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjRWxlbWVudCI+PHhlbmM6RW5jcnlwdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI2FlczEyOC1jYmMiLz48ZHNpZzpLZXlJbmZvIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjx4ZW5jOkVuY3J5cHRlZEtleT48eGVuYzpFbmNyeXB0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjcnNhLTFfNSIvPjx4ZW5jOkNpcGhlckRhdGE+PHhlbmM6Q2lwaGVyVmFsdWU+T0J0UmN6b2dyZWc1VmpOS29zL2JOaEEvMjZ1MnFiWko5ZzBvbWpsRGphWEp5N2FJRkJ4WTMyV3ZvcjY3T0VhNm5VV3dUcFpVT3FWR2NLQ1puMGtCWVZJUjFjSGJsTUdhRUNLdEthU25wdUR5UXZ4UDA1Ulp5cG5nUVJ3ZXdSZ0VaZkE5NmhCM2w1bmgzMFNqYmh4U09IbXk0Qi9lWEx1UHlOUWhiMEdadEFzPTwveGVuYzpDaXBoZXJWYWx1ZT48L3hlbmM6Q2lwaGVyRGF0YT48L3hlbmM6RW5jcnlwdGVkS2V5PjwvZHNpZzpLZXlJbmZvPg0KICAgPHhlbmM6Q2lwaGVyRGF0YT4NCiAgICAgIDx4ZW5jOkNpcGhlclZhbHVlPnNwZm8yNndVUlVCc3RnYzdBbG1PM25nem91OUFqUVU0NFhUOUt2ZWcvVTh6Q1FzNU43WXRyazZwREs2Tktic2gvQ1RMaFZKUy9kRFNwd3hzRy9QRDU0WlUrcmdKNGtndGt5YWduSzhydnBwNDJuYjc1YzBzUE1KK0M4dW42VHExeFBRRjlkcEJaVU1sZDI2WUJKQ0d6TG0vcmVDUlpiSk5iNEx3TmRjd3pQTnc4cnJsb1Z2SWhyQjlvWS80a3hwdExFemJmczVHcklxZXZNQnZjeWxpQVhBbFE1QitEZUdPWkhtODJnQmFBVHdxcXNuWkRsbmMyTUtiUWJyVXdLUTZ5NXdPcVByUmxXbFBJUnRLbzRZc2R3PT08L3hlbmM6Q2lwaGVyVmFsdWU+DQogICA8L3hlbmM6Q2lwaGVyRGF0YT4NCjwveGVuYzpFbmNyeXB0ZWREYXRhPjwvc2FtbDpFbmNyeXB0ZWRJRD48L3NhbWw6U3ViamVjdD48c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxNC0wMy0wOVQxMjoyMzowN1oiIE5vdE9uT3JBZnRlcj0iMjA0My0wOS0xMFQxNzo0MzozN1oiPjxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PHNhbWw6QXVkaWVuY2U+aHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvbWV0YWRhdGEucGhwPC9zYW1sOkF1ZGllbmNlPjwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjwvc2FtbDpDb25kaXRpb25zPjxzYW1sOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxNC0wMy0wOVQxMjoyMzozN1oiIFNlc3Npb25Ob3RPbk9yQWZ0ZXI9IjIwNDMtMDMtMDlUMjA6MjM6MzdaIiBTZXNzaW9uSW5kZXg9Il85NDRiZmNhY2IwZDgzMmIxMmU0YmNmNzc0ZTAyYmJlNWY2NDU1YzY4MDMiPjxzYW1sOkF1dGhuQ29udGV4dD48c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZDwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj48L3NhbWw6QXV0aG5Db250ZXh0Pjwvc2FtbDpBdXRoblN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9InVpZCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+dGVzdDwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJtYWlsIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj50ZXN0QGV4YW1wbGUuY29tPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9ImNuIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj50ZXN0PC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9InNuIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj53YWEyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9ImVkdVBlcnNvbkFmZmlsaWF0aW9uIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj51c2VyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPmFkbWluPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48L3NhbWw6QXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+python3-saml-1.12.0/tests/data/responses/response_node_text_attack.xml.base64000066400000000000000000000157401410551756100273040ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIElEPSJHT1NBTUxSMTI5MDExNzQ1NzE3OTQiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDEwLTExLTE4VDIxOjU3OjM3WiIgRGVzdGluYXRpb249IntyZWNpcGllbnR9Ij4NCiAgPHNhbWxwOlN0YXR1cz4NCiAgICA8c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+DQogIDxzYW1sOkFzc2VydGlvbiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIFZlcnNpb249IjIuMCIgSUQ9InBmeGE0NjU3NGRmLWIzYjAtYTA2YS0yM2M4LTYzNjQxMzE5ODc3MiIgSXNzdWVJbnN0YW50PSIyMDEwLTExLTE4VDIxOjU3OjM3WiI+DQogICAgPHNhbWw6SXNzdWVyPmh0dHBzOi8vYXBwLm9uZWxvZ2luLmNvbS9zYW1sL21ldGFkYXRhLzEzNTkwPC9zYW1sOklzc3Vlcj4NCiAgICA8ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgICAgIDxkczpTaWduZWRJbmZvPg0KICAgICAgICA8ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPg0KICAgICAgICA8ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3JzYS1zaGExIi8+DQogICAgICAgIDxkczpSZWZlcmVuY2UgVVJJPSIjcGZ4YTQ2NTc0ZGYtYjNiMC1hMDZhLTIzYzgtNjM2NDEzMTk4NzcyIj4NCiAgICAgICAgICA8ZHM6VHJhbnNmb3Jtcz4NCiAgICAgICAgICAgIDxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPg0KICAgICAgICAgICAgPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPg0KICAgICAgICAgIDwvZHM6VHJhbnNmb3Jtcz4NCiAgICAgICAgICA8ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz4NCiAgICAgICAgICA8ZHM6RGlnZXN0VmFsdWU+cEpRN01TL2VrNEtSUldHbXYvSDQzUmVIWU1zPTwvZHM6RGlnZXN0VmFsdWU+DQogICAgICAgIDwvZHM6UmVmZXJlbmNlPg0KICAgICAgPC9kczpTaWduZWRJbmZvPg0KICAgICAgPGRzOlNpZ25hdHVyZVZhbHVlPnlpdmVLY1BkRHB1RE5qNnNoclEzQUJ3ci9jQTNDcnlEMnBoRy94TFpzektXeFU1L21sYUt0OGV3YlpPZEtLdnRPczJwSEJ5NUR1YTNrOTRBRnp4R3llbDVnT293bW95WEpyQU9ya1BPMHZsaTFWOG8zaFBQVVp3UmdTWDZROXBTMUNxUWdoS2lFYXNSeXlscXFKVWFQWXptT3pPRTgvWGxNa3dpV21PMD08L2RzOlNpZ25hdHVyZVZhbHVlPg0KICAgICAgPGRzOktleUluZm8+DQogICAgICAgIDxkczpYNTA5RGF0YT4NCiAgICAgICAgICA8ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUJyVENDQWFHZ0F3SUJBZ0lCQVRBREJnRUFNR2N4Q3pBSkJnTlZCQVlUQWxWVE1STXdFUVlEVlFRSURBcERZV3hwWm05eWJtbGhNUlV3RXdZRFZRUUhEQXhUWVc1MFlTQk5iMjVwWTJFeEVUQVBCZ05WQkFvTUNFOXVaVXh2WjJsdU1Sa3dGd1lEVlFRRERCQmhjSEF1YjI1bGJHOW5hVzR1WTI5dE1CNFhEVEV3TURNd09UQTVOVGcwTlZvWERURTFNRE13T1RBNU5UZzBOVm93WnpFTE1Ba0dBMVVFQmhNQ1ZWTXhFekFSQmdOVkJBZ01Da05oYkdsbWIzSnVhV0V4RlRBVEJnTlZCQWNNREZOaGJuUmhJRTF2Ym1sallURVJNQThHQTFVRUNnd0lUMjVsVEc5bmFXNHhHVEFYQmdOVkJBTU1FR0Z3Y0M1dmJtVnNiMmRwYmk1amIyMHdnWjh3RFFZSktvWklodmNOQVFFQkJRQURnWTBBTUlHSkFvR0JBT2pTdTFmalB5OGQ1dzRReUwxemQ0aEl3MU1ra2ZmNFdZL1RMRzhPWmtVNVlUU1dtbUhQRDVrdllINXVvWFMvNnFRODFxWHBSMndWOENUb3daSlVMZzA5ZGRSZFJuOFFzcWoxRnlPQzVzbEUzeTJiWjJvRnVhNzJvZi80OWZwdWpuRlQ2S25RNjFDQk1xbERvVFFxT1Q2MnZHSjhuUDZNWld2QTZzeHF1ZDVBZ01CQUFFd0F3WUJBQU1CQUE9PTwvZHM6WDUwOUNlcnRpZmljYXRlPg0KICAgICAgICA8L2RzOlg1MDlEYXRhPg0KICAgICAgPC9kczpLZXlJbmZvPg0KICAgIDwvZHM6U2lnbmF0dXJlPg0KICAgIDxzYW1sOlN1YmplY3Q+DQogICAgICA8c2FtbDpOYW1lSUQgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjE6bmFtZWlkLWZvcm1hdDplbWFpbEFkZHJlc3MiPnN1cHBvcnQ8IS0tIGF0dGFjayEgLS0+QG9uZWxvZ2luLmNvbTwvc2FtbDpOYW1lSUQ+DQogICAgICA8c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+DQogICAgICAgIDxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAxMC0xMS0xOFQyMjowMjozN1oiIFJlY2lwaWVudD0ie3JlY2lwaWVudH0iLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4NCiAgICA8L3NhbWw6U3ViamVjdD4NCiAgICA8c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxMC0xMS0xOFQyMTo1MjozN1oiIE5vdE9uT3JBZnRlcj0iMjAxMC0xMS0xOFQyMjowMjozN1oiPg0KICAgICAgPHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj4NCiAgICAgICAgPHNhbWw6QXVkaWVuY2U+e2F1ZGllbmNlfTwvc2FtbDpBdWRpZW5jZT4NCiAgICAgIDwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KICAgIDwvc2FtbDpDb25kaXRpb25zPg0KICAgIDxzYW1sOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxMC0xMS0xOFQyMTo1NzozN1oiIFNlc3Npb25Ob3RPbk9yQWZ0ZXI9IjIwMTAtMTEtMTlUMjE6NTc6MzdaIiBTZXNzaW9uSW5kZXg9Il81MzFjMzJkMjgzYmRmZjdlMDRlNDg3YmNkYmM0ZGQ4ZCI+DQogICAgICA8c2FtbDpBdXRobkNvbnRleHQ+DQogICAgICAgIDxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPg0KICAgICAgPC9zYW1sOkF1dGhuQ29udGV4dD4NCiAgICA8L3NhbWw6QXV0aG5TdGF0ZW1lbnQ+DQogICAgPHNhbWw6QXR0cmlidXRlU3RhdGVtZW50Pg0KICAgICAgPHNhbWw6QXR0cmlidXRlIE5hbWU9InN1cm5hbWUiPg0KICAgICAgICA8c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPnM8IS0tIGF0dGFjayEgLS0+bWl0aDwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4NCiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+DQogICAgICA8c2FtbDpBdHRyaWJ1dGUgTmFtZT0iYW5vdGhlcl92YWx1ZSI+DQogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+dmFsdWUxPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPg0KICAgICAgICA8c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPnZhbHVlMjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4NCiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+DQogICAgICA8c2FtbDpBdHRyaWJ1dGUgTmFtZT0icm9sZSI+DQogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+cm9sZTE8L3NhbWw6QXR0cmlidXRlVmFsdWU+DQogICAgICA8L3NhbWw6QXR0cmlidXRlPg0KICAgIDwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQogICAgPHNhbWw6QXR0cmlidXRlU3RhdGVtZW50Pg0KICAgICAgPHNhbWw6QXR0cmlidXRlIE5hbWU9ImZpcnN0bmFtZSI+DQogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+Ym9iPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPg0KICAgICAgPC9zYW1sOkF0dHJpYnV0ZT4gIA0KICAgICAgPHNhbWw6QXR0cmlidXRlIE5hbWU9ImF0dHJpYnV0ZV93aXRoX25pbF92YWx1ZSI+DQogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOm5pbD0idHJ1ZSIvPg0KICAgICAgPC9zYW1sOkF0dHJpYnV0ZT4NCiAgICAgIDxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJhdHRyaWJ1dGVfd2l0aF9uaWxzX2FuZF9lbXB0eV9zdHJpbmdzIj4NCiAgICAgICAgPHNhbWw6QXR0cmlidXRlVmFsdWUvPg0KICAgICAgICA8c2FtbDpBdHRyaWJ1dGVWYWx1ZT52YWx1ZVByZXNlbnQ8L3NhbWw6QXR0cmlidXRlVmFsdWU+DQogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOm5pbD0idHJ1ZSIvPg0KICAgICAgICA8c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTpuaWw9IjEiLz4NCiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+DQogICAgPC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgPC9zYW1sOkFzc2VydGlvbj4NCjwvc2FtbHA6UmVzcG9uc2U+python3-saml-1.12.0/tests/data/responses/response_with_ampersands.xml000066400000000000000000000204231410551756100260630ustar00rootroot00000000000000PFJlc3BvbnNlIElzc3VlSW5zdGFudD0iMjAxMS0xMi0wOVQxMToyMzozNC4w NzlaIiBJRD0iWW9FUmhTRkFYYXhWUjFqNWpYMlp1TDhCSkJRIiBWZXJzaW9u PSIyLjAiIHhtbG5zPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJv dG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIu MDphc3NlcnRpb24iIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAw LzA5L3htbGRzaWcjIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIw MDEvWE1MU2NoZW1hLWluc3RhbmNlIj4KICA8c2FtbDpJc3N1ZXI+UEYtREVN Tzwvc2FtbDpJc3N1ZXI+CiAgPFN0YXR1cz4KICAgIDxTdGF0dXNDb2RlIFZh bHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nl c3MiLz4KICA8L1N0YXR1cz4KICA8c2FtbDpBc3NlcnRpb24gVmVyc2lvbj0i Mi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMTItMDlUMTE6MjM6MzQuMDgxWiIg SUQ9IlpMZGloS1VSV0JSd3RmOWNnXzBCLmxuZUxMUCI+CiAgICA8c2FtbDpJ c3N1ZXI+UEYtREVNTzwvc2FtbDpJc3N1ZXI+CiAgICA8ZHM6U2lnbmF0dXJl PgogICAgICA8ZHM6U2lnbmVkSW5mbz4KICAgICAgICA8ZHM6Q2Fub25pY2Fs aXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIw MDEvMTAveG1sLWV4Yy1jMTRuIyIvPgogICAgICAgIDxkczpTaWduYXR1cmVN ZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3ht bGRzaWcjcnNhLXNoYTEiLz4KICAgICAgICA8ZHM6UmVmZXJlbmNlIFVSST0i I1pMZGloS1VSV0JSd3RmOWNnXzBCLmxuZUxMUCI+CiAgICAgICAgICA8ZHM6 VHJhbnNmb3Jtcz4KICAgICAgICAgICAgPGRzOlRyYW5zZm9ybSBBbGdvcml0 aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9w ZWQtc2lnbmF0dXJlIi8+CiAgICAgICAgICAgIDxkczpUcmFuc2Zvcm0gQWxn b3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0 biMiLz4KICAgICAgICAgIDwvZHM6VHJhbnNmb3Jtcz4KICAgICAgICAgIDxk czpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8y MDAwLzA5L3htbGRzaWcjc2hhMSIvPgogICAgICAgICAgPGRzOkRpZ2VzdFZh bHVlPlBNWmVkc3ZISS80STNiWjNJNnFtTXA0bCtaRT08L2RzOkRpZ2VzdFZh bHVlPgogICAgICAgIDwvZHM6UmVmZXJlbmNlPgogICAgICA8L2RzOlNpZ25l ZEluZm8+CiAgICAgIDxkczpTaWduYXR1cmVWYWx1ZT5ncUYyM2NYSGErUW54 eElnamx3eU5vVnhoZ3p4WGlGMXRiUnUyOXY4OWFsYm1SMnkvREo1UU5XeW5t OWlPeEZUb3AwU0lzTDlBRFI1Cm41MGNkWlF6UkJaZldORFVWaFdHYmc2QTdq UVZuKzdXd216Z2ZZdFMzMjNwTjV5N1A4YkhEYTROMjlMQzNaT29odkdOTDFw d1RQUEUKemd5OTc4cFJNYXBRd0twNmFNMD08L2RzOlNpZ25hdHVyZVZhbHVl PgogICAgICA8ZHM6S2V5SW5mbz4KICAgICAgICA8ZHM6WDUwOURhdGE+CiAg ICAgICAgICA8ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUI3ekNDQVZpZ0F3SUJB Z0lHQVJicWVwZU9NQTBHQ1NxR1NJYjNEUUVCQlFVQU1Ec3hDekFKQmdOVkJB WVRBbFZUTVJnd0ZnWUQKVlFRS0V3OVJkV2xqYXlCVGRHRnlkQ0JCY0hBeEVq QVFCZ05WQkFNVENXeHZZMkZzYUc5emREQWVGdzB3TnpFeU1UY3lNelF3TVRG YQpGdzB4TWpFeU1UVXlNelF3TVRGYU1Ec3hDekFKQmdOVkJBWVRBbFZUTVJn d0ZnWURWUVFLRXc5UmRXbGpheUJUZEdGeWRDQkJjSEF4CkVqQVFCZ05WQkFN VENXeHZZMkZzYUc5emREQ0JuekFOQmdrcWhraUc5dzBCQVFFRkFBT0JqUUF3 Z1lrQ2dZRUFqZWhoMTZqWGE1ekgKTFhpaDhyTkxLTzJ1dlFVb0NXSVd3VFhX ZkZGd1krVXNQUjBDVm44WUlubkppS1hwOFlDZVhDa2hIRXFnU1dVYjJLS0J0 RituSm9NdwpETTNSbkoxeUNYMFoxa1ptTitubXVsR2Z0a1FJNmVrUDV2QnJY OGgvNXp1WThkTmp2TGJjenhCNzVpaDcwMHpoWVRoZUNzYVQ3STFZCmFBVDNB R01DQXdFQUFUQU5CZ2txaGtpRzl3MEJBUVVGQUFPQmdRQnJTOWtNVFR3QTVU M0VKbWpCMkd1RElnRUl1NFE3d3ZyWm9KeG0KWERNUm5IaTBMaHBLbGVUWGIv VlJ6dytRY0dIcVJzSjErUHRKRUhLdzRnNU10ZmtFVzNyYnJtWHVzdmNobXpa SUIxak9sRXRFdVp6TwpxZ2U0Z3JueFpBRzc2MDM2YmZQZmo2aVpLOFlOTWJz TEF5dzVnaGhvOStkUUI4ZWtoR0ROSGxmSjlBPT08L2RzOlg1MDlDZXJ0aWZp Y2F0ZT4KICAgICAgICA8L2RzOlg1MDlEYXRhPgogICAgICAgIDxkczpLZXlW YWx1ZT4KICAgICAgICAgIDxkczpSU0FLZXlWYWx1ZT4KICAgICAgICAgICAg PGRzOk1vZHVsdXM+amVoaDE2alhhNXpITFhpaDhyTkxLTzJ1dlFVb0NXSVd3 VFhXZkZGd1krVXNQUjBDVm44WUlubkppS1hwOFlDZVhDa2hIRXFnU1dVYgoy S0tCdEYrbkpvTXdETTNSbkoxeUNYMFoxa1ptTitubXVsR2Z0a1FJNmVrUDV2 QnJYOGgvNXp1WThkTmp2TGJjenhCNzVpaDcwMHpoCllUaGVDc2FUN0kxWWFB VDNBR009PC9kczpNb2R1bHVzPgogICAgICAgICAgICA8ZHM6RXhwb25lbnQ+ QVFBQjwvZHM6RXhwb25lbnQ+CiAgICAgICAgICA8L2RzOlJTQUtleVZhbHVl PgogICAgICAgIDwvZHM6S2V5VmFsdWU+CiAgICAgIDwvZHM6S2V5SW5mbz4K ICAgIDwvZHM6U2lnbmF0dXJlPgogICAgPHNhbWw6U3ViamVjdD4KICAgICAg PHNhbWw6TmFtZUlEIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6 MS4xOm5hbWVpZC1mb3JtYXQ6ZW1haWxBZGRyZXNzIj5qb2huPC9zYW1sOk5h bWVJRD4KICAgICAgPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9 InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPgogICAg ICAgIDxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRl cj0iMjAxMS0xMi0wOVQxMToyODozNC4wODFaIiBSZWNpcGllbnQ9Imh0dHA6 Ly9mYWMuc21hY2thaG8uc3Q6MzAwMC9hdXRoL3NhbWwvY2FsbGJhY2siLz4K ICAgICAgPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+CiAgICA8L3NhbWw6 U3ViamVjdD4KICAgIDxzYW1sOkNvbmRpdGlvbnMgTm90T25PckFmdGVyPSIy MDExLTEyLTA5VDExOjI4OjM0LjA4MVoiIE5vdEJlZm9yZT0iMjAxMS0xMi0w OVQxMToxODozNC4wODFaIj4KICAgICAgPHNhbWw6QXVkaWVuY2VSZXN0cmlj dGlvbj4KICAgICAgICA8c2FtbDpBdWRpZW5jZT5mYWM8L3NhbWw6QXVkaWVu Y2U+CiAgICAgIDwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPgogICAgPC9z YW1sOkNvbmRpdGlvbnM+CiAgICA8c2FtbDpBdXRoblN0YXRlbWVudCBBdXRo bkluc3RhbnQ9IjIwMTEtMTItMDlUMTE6MjM6MzQuMDgxWiIgU2Vzc2lvbklu ZGV4PSJaTGRpaEtVUldCUnd0ZjljZ18wQi5sbmVMTFAiPgogICAgICA8c2Ft bDpBdXRobkNvbnRleHQ+CiAgICAgICAgPHNhbWw6QXV0aG5Db250ZXh0Q2xh c3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6 dW5zcGVjaWZpZWQ8L3NhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+CiAgICAg IDwvc2FtbDpBdXRobkNvbnRleHQ+CiAgICA8L3NhbWw6QXV0aG5TdGF0ZW1l bnQ+CiAgICA8c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQgeG1sbnM6eHM9Imh0 dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIj4KICAgICAgPHNhbWw6 QXR0cmlidXRlIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1M OjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiIE5hbWU9IkNvbXBhbnlUeXBl Ij4KICAgICAgICA8c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6 c3RyaW5nIj5Va0xpbWl0ZWRDb21wYW55PC9zYW1sOkF0dHJpYnV0ZVZhbHVl PgogICAgICA8L3NhbWw6QXR0cmlidXRlPgogICAgICA8c2FtbDpBdHRyaWJ1 dGUgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0 dHJuYW1lLWZvcm1hdDpiYXNpYyIgTmFtZT0iZm9yZW5hbWUiPgogICAgICAg IDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPkpv aG4mYW1wOzwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4KICAgICAgPC9zYW1sOkF0 dHJpYnV0ZT4KICAgICAgPHNhbWw6QXR0cmlidXRlIE5hbWVGb3JtYXQ9InVy bjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFz aWMiIE5hbWU9InN1cm5hbWUiPgogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZh bHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPkRvZTwvc2FtbDpBdHRyaWJ1dGVW YWx1ZT4KICAgICAgPC9zYW1sOkF0dHJpYnV0ZT4KICAgICAgPHNhbWw6QXR0 cmlidXRlIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIu MDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiIE5hbWU9ImFkZHJlc3NfMSI+CiAg ICAgICAgPHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmlu ZyI+YWRkcmVzc18xPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPgogICAgICA8L3Nh bWw6QXR0cmlidXRlPgogICAgICA8c2FtbDpBdHRyaWJ1dGUgTmFtZUZvcm1h dD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1h dDpiYXNpYyIgTmFtZT0iYWRkcmVzc18yIj4KICAgICAgICA8c2FtbDpBdHRy aWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5hZGRyZXNzXzI8L3Nh bWw6QXR0cmlidXRlVmFsdWU+CiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+CiAg ICAgIDxzYW1sOkF0dHJpYnV0ZSBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFt ZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIiBOYW1lPSJj b21wYW55TmFtZSI+CiAgICAgICAgPHNhbWw6QXR0cmlidXRlVmFsdWUgeHNp OnR5cGU9InhzOnN0cmluZyI+QiAmYW1wOyBHPC9zYW1sOkF0dHJpYnV0ZVZh bHVlPgogICAgICA8L3NhbWw6QXR0cmlidXRlPgogICAgICA8c2FtbDpBdHRy aWJ1dGUgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4w OmF0dHJuYW1lLWZvcm1hdDpiYXNpYyIgTmFtZT0icG9zdGNvZGUiPgogICAg ICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmci PkVIMSAxQUI8L3NhbWw6QXR0cmlidXRlVmFsdWU+CiAgICAgIDwvc2FtbDpB dHRyaWJ1dGU+CiAgICAgIDxzYW1sOkF0dHJpYnV0ZSBOYW1lRm9ybWF0PSJ1 cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJh c2ljIiBOYW1lPSJjaXR5Ij4KICAgICAgICA8c2FtbDpBdHRyaWJ1dGVWYWx1 ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5jaXR5PC9zYW1sOkF0dHJpYnV0ZVZh bHVlPgogICAgICA8L3NhbWw6QXR0cmlidXRlPgogICAgICA8c2FtbDpBdHRy aWJ1dGUgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4w OmF0dHJuYW1lLWZvcm1hdDpiYXNpYyIgTmFtZT0iY291bnRyeSI+CiAgICAg ICAgPHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+ VW5pdGVkIEtpbmdkb208L3NhbWw6QXR0cmlidXRlVmFsdWU+CiAgICAgIDwv c2FtbDpBdHRyaWJ1dGU+CiAgICAgIDxzYW1sOkF0dHJpYnV0ZSBOYW1lRm9y bWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9y bWF0OmJhc2ljIiBOYW1lPSJ1c2VyRW1haWxJRCI+CiAgICAgICAgPHNhbWw6 QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+am9obkBleGFt cGxlLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4KICAgICAgPC9zYW1sOkF0 dHJpYnV0ZT4KICAgICAgPHNhbWw6QXR0cmlidXRlIE5hbWVGb3JtYXQ9InVy bjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFz aWMiIE5hbWU9ImNvdW50eSI+CiAgICAgICAgPHNhbWw6QXR0cmlidXRlVmFs dWUgeHNpOnR5cGU9InhzOnN0cmluZyI+Y291bnR5PC9zYW1sOkF0dHJpYnV0 ZVZhbHVlPgogICAgICA8L3NhbWw6QXR0cmlidXRlPgogICAgICA8c2FtbDpB dHRyaWJ1dGUgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6 Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyIgTmFtZT0ibW9iaWxlTnVtYmVy Ij4KICAgICAgICA8c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6 c3RyaW5nIj4xMjM0NTY3PC9zYW1sOkF0dHJpYnV0ZVZhbHVlPgogICAgICA8 L3NhbWw6QXR0cmlidXRlPgogICAgPC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVu dD4KICA8L3NhbWw6QXNzZXJ0aW9uPgo8L1Jlc3BvbnNlPgo= python3-saml-1.12.0/tests/data/responses/response_with_ampersands.xml.base64000066400000000000000000000130441410551756100271470ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0 YzpTQU1MOjIuMDphc3NlcnRpb24iIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6 bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIElEPSJHT1NBTUxSMTMwNzE1 NDEyMjM0MDkiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDExLTA2 LTA0VDAyOjIyOjAyWiIgRGVzdGluYXRpb249InJlY2lwaWVudCI+PHNhbWw6 SXNzdWVyPmh0dHBzOi8vYXBwLm9uZWxvZ2luLmNvbS9zYW1sMjwvc2FtbDpJ c3N1ZXI+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0i dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+ PC9zYW1scDpTdGF0dXM+PHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzPSJodHRw Oi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRw Oi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgVmVyc2lv bj0iMi4wIiBJRD0iZmFrZV9hc3NlcnRpb24iIElzc3VlSW5zdGFudD0iMjAx MS0wNi0wNFQwMjoyMjowMloiPjxzYW1sOklzc3Vlcj5odHRwczovL2FwcC5v bmVsb2dpbi5jb20vc2FtbDI8L3NhbWw6SXNzdWVyPjxzYW1sOlN1YmplY3Q+ PHNhbWw6TmFtZUlEIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6 MS4xOm5hbWVpZC1mb3JtYXQ6ZW1haWxBZGRyZXNzIj5ib2d1c0BvbmVsb2dp bi5jb208L3NhbWw6TmFtZUlEPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb24g TWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVy Ij48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBOb3RPbk9yQWZ0ZXI9 IjIwMTEtMDYtMDRUMDI6Mjc6MDJaIiBSZWNpcGllbnQ9InJlY2lwaWVudCIv Pjwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPjwvc2FtbDpTdWJqZWN0Pjxz YW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDExLTA2LTA0VDAyOjE3OjAy WiIgTm90T25PckFmdGVyPSIyMDExLTA2LTA0VDAyOjI3OjAyWiI+PHNhbWw6 QXVkaWVuY2VSZXN0cmljdGlvbj48c2FtbDpBdWRpZW5jZT5hdWRpZW5jZTwv c2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3Nh bWw6Q29uZGl0aW9ucz48c2FtbDpBdXRoblN0YXRlbWVudCBBdXRobkluc3Rh bnQ9IjIwMTEtMDYtMDRUMDI6MjI6MDJaIiBTZXNzaW9uTm90T25PckFmdGVy PSIyMDExLTA2LTA1VDAyOjIyOjAyWiIgU2Vzc2lvbkluZGV4PSJfMTZmNTcw ZmJjMDMxNTAwN2EwMzU1ZGZlYTZiM2M0NmMiPjxzYW1sOkF1dGhuQ29udGV4 dD48c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6 dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZFByb3RlY3RlZFRyYW5z cG9ydDwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj48L3NhbWw6QXV0aG5D b250ZXh0Pjwvc2FtbDpBdXRoblN0YXRlbWVudD48L3NhbWw6QXNzZXJ0aW9u PjxzYW1sOkFzc2VydGlvbiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcv MjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcv MjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIFZlcnNpb249IjIuMCIgSUQ9InBm eDk1MTZiMGYzLTQ1MzYtMTBmNi1jNmZhLTlkZDUyM2UxNDk4YyIgSXNzdWVJ bnN0YW50PSIyMDExLTA2LTA0VDAyOjIyOjAyWiI+PHNhbWw6SXNzdWVyPmh0 dHBzOi8vYXBwLm9uZWxvZ2luLmNvbS9zYW1sMjwvc2FtbDpJc3N1ZXI+PGRz OlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8w OS94bWxkc2lnIyI+CiAgPGRzOlNpZ25lZEluZm8+PGRzOkNhbm9uaWNhbGl6 YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAx LzEwL3htbC1leGMtYzE0biMiLz4KICAgIDxkczpTaWduYXR1cmVNZXRob2Qg QWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcj cnNhLXNoYTEiLz4KICA8ZHM6UmVmZXJlbmNlIFVSST0iI3BmeDk1MTZiMGYz LTQ1MzYtMTBmNi1jNmZhLTlkZDUyM2UxNDk4YyI+PGRzOlRyYW5zZm9ybXM+ PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIw MDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PGRzOlRyYW5z Zm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1s LWV4Yy1jMTRuIyIvPjwvZHM6VHJhbnNmb3Jtcz48ZHM6RGlnZXN0TWV0aG9k IEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2ln I3NoYTEiLz48ZHM6RGlnZXN0VmFsdWU+L0ZFUHRwVlhKTDJHNzJ1UDZMd2Vv R1ltYnpVPTwvZHM6RGlnZXN0VmFsdWU+PC9kczpSZWZlcmVuY2U+PC9kczpT aWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5rSEhrMFFOekMwTFlvVkVQ UnE0MGRNT1puckpSdzdlT1dkWWdJY240MXQ2N25xOHJwVjhpSEF2WWQva0RS MVJKcEc2UjU4K25LRVhtTUFLcFNDY29GeC9tQU1UNjNodzQ5RlhOYWZ4WWhj MGc1bjFSVGhaQURFNlJZSFZpV2pvRHdxZzVCT3FnNnNLNUxlZk5ZM080dVhn QXFyMUw4R3pVNXNtMGlMWm9xSUU9PC9kczpTaWduYXR1cmVWYWx1ZT4KPGRz OktleUluZm8+PGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJ QnJUQ0NBYUdnQXdJQkFnSUJBVEFEQmdFQU1HY3hDekFKQmdOVkJBWVRBbFZU TVJNd0VRWURWUVFJREFwRFlXeHBabTl5Ym1saE1SVXdFd1lEVlFRSERBeFRZ VzUwWVNCTmIyNXBZMkV4RVRBUEJnTlZCQW9NQ0U5dVpVeHZaMmx1TVJrd0Z3 WURWUVFEREJCaGNIQXViMjVsYkc5bmFXNHVZMjl0TUI0WERURXdNVEF4TVRJ eE1UVXhNbG9YRFRFMU1UQXhNVEl4TVRVeE1sb3daekVMTUFrR0ExVUVCaE1D VlZNeEV6QVJCZ05WQkFnTUNrTmhiR2xtYjNKdWFXRXhGVEFUQmdOVkJBY01E Rk5oYm5SaElFMXZibWxqWVRFUk1BOEdBMVVFQ2d3SVQyNWxURzluYVc0eEdU QVhCZ05WQkFNTUVHRndjQzV2Ym1Wc2IyZHBiaTVqYjIwd2daOHdEUVlKS29a SWh2Y05BUUVCQlFBRGdZMEFNSUdKQW9HQkFNUG1qZmp5N0wzNW9EcGVCWEJv UlZDZ2t0UGtMbm85RE9FV0I3TWdZTU1WS3MyQjZ5bVdRTEVXckR1Z01LMWhr eldGaEliNWZxV0xHYld5MEowdmVHUjkvZ0hPUUcrckQvSTM2eEFYbmtkaVhY aHpvaUFHL3pReE0wZWRNT1VmNDBuMzE0RkM4bW9FcmNVZzZRYWJ0dHplc081 OUhGejZzaFB1eGNXYVZBZ3hBZ01CQUFFd0F3WUJBQU1CQUE9PTwvZHM6WDUw OUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjwvZHM6 U2lnbmF0dXJlPjxzYW1sOlN1YmplY3Q+PHNhbWw6TmFtZUlEIEZvcm1hdD0i dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6ZW1h aWxBZGRyZXNzIj50ZXN0QG9uZWxvZ2luLmNvbTwvc2FtbDpOYW1lSUQ+PHNh bWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1l czp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJt YXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAxMS0wNi0wNFQwMjoyNzowMloi IFJlY2lwaWVudD0icmVjaXBpZW50Ii8+PC9zYW1sOlN1YmplY3RDb25maXJt YXRpb24+PC9zYW1sOlN1YmplY3Q+PHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZv cmU9IjIwMTEtMDYtMDRUMDI6MTc6MDJaIiBOb3RPbk9yQWZ0ZXI9IjIwMTEt MDYtMDRUMDI6Mjc6MDJaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxz YW1sOkF1ZGllbmNlPmF1ZGllbmNlPC9zYW1sOkF1ZGllbmNlPjwvc2FtbDpB dWRpZW5jZVJlc3RyaWN0aW9uPjwvc2FtbDpDb25kaXRpb25zPjxzYW1sOkF1 dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxMS0wNi0wNFQwMjoyMjow MloiIFNlc3Npb25Ob3RPbk9yQWZ0ZXI9IjIwMTEtMDYtMDVUMDI6MjI6MDJa IiBTZXNzaW9uSW5kZXg9Il8xNmY1NzBmYmMwMzE1MDA3YTAzNTVkZmVhNmIz YzQ2YyI+PHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENs YXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2Vz OlBhc3N3b3JkUHJvdGVjdGVkVHJhbnNwb3J0PC9zYW1sOkF1dGhuQ29udGV4 dENsYXNzUmVmPjwvc2FtbDpBdXRobkNvbnRleHQ+PC9zYW1sOkF1dGhuU3Rh dGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+PC9zYW1scDpSZXNwb25zZT4=python3-saml-1.12.0/tests/data/responses/response_with_nested_nameid_values.xml.base64000066400000000000000000000125401410551756100311700ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIElEPSJHT1NBTUxSMTI5MDExNzQ1NzE3OTQiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDEwLTExLTE4VDIxOjU3OjM3WiIgRGVzdGluYXRpb249IntyZWNpcGllbnR9Ij4NCiAgPHNhbWxwOlN0YXR1cz4NCiAgICA8c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+DQogIDxzYW1sOkFzc2VydGlvbiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIFZlcnNpb249IjIuMCIgSUQ9InBmeGE0NjU3NGRmLWIzYjAtYTA2YS0yM2M4LTYzNjQxMzE5ODc3MiIgSXNzdWVJbnN0YW50PSIyMDEwLTExLTE4VDIxOjU3OjM3WiI+DQogICAgPHNhbWw6SXNzdWVyPmh0dHBzOi8vYXBwLm9uZWxvZ2luLmNvbS9zYW1sL21ldGFkYXRhLzEzNTkwPC9zYW1sOklzc3Vlcj4NCiAgICA8ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgICAgIDxkczpTaWduZWRJbmZvPg0KICAgICAgICA8ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPg0KICAgICAgICA8ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3JzYS1zaGExIi8+DQogICAgICAgIDxkczpSZWZlcmVuY2UgVVJJPSIjcGZ4YTQ2NTc0ZGYtYjNiMC1hMDZhLTIzYzgtNjM2NDEzMTk4NzcyIj4NCiAgICAgICAgICA8ZHM6VHJhbnNmb3Jtcz4NCiAgICAgICAgICAgIDxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPg0KICAgICAgICAgICAgPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPg0KICAgICAgICAgIDwvZHM6VHJhbnNmb3Jtcz4NCiAgICAgICAgICA8ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz4NCiAgICAgICAgICA8ZHM6RGlnZXN0VmFsdWU+cEpRN01TL2VrNEtSUldHbXYvSDQzUmVIWU1zPTwvZHM6RGlnZXN0VmFsdWU+DQogICAgICAgIDwvZHM6UmVmZXJlbmNlPg0KICAgICAgPC9kczpTaWduZWRJbmZvPg0KICAgICAgPGRzOlNpZ25hdHVyZVZhbHVlPnlpdmVLY1BkRHB1RE5qNnNoclEzQUJ3ci9jQTNDcnlEMnBoRy94TFpzektXeFU1L21sYUt0OGV3YlpPZEtLdnRPczJwSEJ5NUR1YTNrOTRBRit6eEd5ZWw1Z09vd21veVhKcitBT3Ira1BPMHZsaTFWOG8zaFBQVVp3UmdTWDZROXBTMUNxUWdoS2lFYXNSeXlscXFKVWFQWXptT3pPRTgvWGxNa3dpV21PMD08L2RzOlNpZ25hdHVyZVZhbHVlPg0KICAgICAgPGRzOktleUluZm8+DQogICAgICAgIDxkczpYNTA5RGF0YT4NCiAgICAgICAgICA8ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUJyVENDQWFHZ0F3SUJBZ0lCQVRBREJnRUFNR2N4Q3pBSkJnTlZCQVlUQWxWVE1STXdFUVlEVlFRSURBcERZV3hwWm05eWJtbGhNUlV3RXdZRFZRUUhEQXhUWVc1MFlTQk5iMjVwWTJFeEVUQVBCZ05WQkFvTUNFOXVaVXh2WjJsdU1Sa3dGd1lEVlFRRERCQmhjSEF1YjI1bGJHOW5hVzR1WTI5dE1CNFhEVEV3TURNd09UQTVOVGcwTlZvWERURTFNRE13T1RBNU5UZzBOVm93WnpFTE1Ba0dBMVVFQmhNQ1ZWTXhFekFSQmdOVkJBZ01Da05oYkdsbWIzSnVhV0V4RlRBVEJnTlZCQWNNREZOaGJuUmhJRTF2Ym1sallURVJNQThHQTFVRUNnd0lUMjVsVEc5bmFXNHhHVEFYQmdOVkJBTU1FR0Z3Y0M1dmJtVnNiMmRwYmk1amIyMHdnWjh3RFFZSktvWklodmNOQVFFQkJRQURnWTBBTUlHSkFvR0JBT2pTdTFmalB5OGQ1dzRReUwxK3pkNGhJdzFNa2tmZjRXWS9UTEc4T1prVTVZVFNXbW1IUEQ1a3ZZSDV1b1hTLzZxUTgxcVhwUjJ3VjhDVG93WkpVTGcwOWRkUmRSbjhRc3FqMUZ5T0M1c2xFM3kyYloyb0Z1YTcyb2YvNDlmcHVqbkZUNktuUTYxQ0JNcWxEb1RRcU9UNjJ2R0o4blA2TVpXdkE2c3hxdWQ1QWdNQkFBRXdBd1lCQUFNQkFBPT08L2RzOlg1MDlDZXJ0aWZpY2F0ZT4NCiAgICAgICAgPC9kczpYNTA5RGF0YT4NCiAgICAgIDwvZHM6S2V5SW5mbz4NCiAgICA8L2RzOlNpZ25hdHVyZT4NCiAgICA8c2FtbDpTdWJqZWN0Pg0KICAgICAgPHNhbWw6TmFtZUlEIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6ZW1haWxBZGRyZXNzIj5zdXBwb3J0QG9uZWxvZ2luLmNvbTwvc2FtbDpOYW1lSUQ+DQogICAgICA8c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+DQogICAgICAgIDxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAxMC0xMS0xOFQyMjowMjozN1oiIFJlY2lwaWVudD0ie3JlY2lwaWVudH0iLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4NCiAgICA8L3NhbWw6U3ViamVjdD4NCiAgICA8c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxMC0xMS0xOFQyMTo1MjozN1oiIE5vdE9uT3JBZnRlcj0iMjAxMC0xMS0xOFQyMjowMjozN1oiPg0KICAgICAgPHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj4NCiAgICAgICAgPHNhbWw6QXVkaWVuY2U+e2F1ZGllbmNlfTwvc2FtbDpBdWRpZW5jZT4NCiAgICAgIDwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KICAgIDwvc2FtbDpDb25kaXRpb25zPg0KICAgIDxzYW1sOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxMC0xMS0xOFQyMTo1NzozN1oiIFNlc3Npb25Ob3RPbk9yQWZ0ZXI9IjIwMTAtMTEtMTlUMjE6NTc6MzdaIiBTZXNzaW9uSW5kZXg9Il81MzFjMzJkMjgzYmRmZjdlMDRlNDg3YmNkYmM0ZGQ4ZCI+DQogICAgICA8c2FtbDpBdXRobkNvbnRleHQ+DQogICAgICAgIDxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPg0KICAgICAgPC9zYW1sOkF1dGhuQ29udGV4dD4NCiAgICA8L3NhbWw6QXV0aG5TdGF0ZW1lbnQ+DQogICAgPHNhbWw6QXR0cmlidXRlU3RhdGVtZW50Pg0KICAgICAgPHNhbWw6QXR0cmlidXRlIE5hbWU9InVpZCI+DQogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+ZGVtbzwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4NCiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+DQogICAgICA8c2FtbDpBdHRyaWJ1dGUgTmFtZT0iYW5vdGhlcl92YWx1ZSIgRnJpZW5kbHlOYW1lPSJhbm90aGVyX2ZyaWVuZGx5X3ZhbHVlIj4NCiAgICAgICAgPHNhbWw6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj4NCiAgICAgICAgICAgIDxzYW1sOk5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OnBlcnNpc3RlbnQiIE5hbWVRdWFsaWZpZXI9Imh0dHBzOi8vaWRwSUQiIFNQTmFtZVF1YWxpZmllcj0iaHR0cHM6Ly9zcElEIj52YWx1ZTwvc2FtbDpOYW1lSUQ+DQogICAgICAgIDwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4NCiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+DQogICAgPC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgPC9zYW1sOkFzc2VydGlvbj4NCjwvc2FtbHA6UmVzcG9uc2U+python3-saml-1.12.0/tests/data/responses/response_without_assertion_reference_uri.xml.base64000066400000000000000000000115651410551756100324540ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIj8+CjxzYW1scDpSZXNwb25zZSB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBJRD0icGZ4ZDU5NDM0N2QtNDk1Zi1iOGQxLTBlZTItNDFjZmRhMTRkZDM1IiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxNS0wMS0wMlQyMjo0ODo0OFoiIERlc3RpbmF0aW9uPSJodHRwOi8vbG9jYWxob3N0OjkwMDEvdjEvdXNlcnMvYXV0aG9yaXplL3NhbWwiIENvbnNlbnQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjb25zZW50OnVuc3BlY2lmaWVkIiBJblJlc3BvbnNlVG89Il9lZDkxNWE0MC03NGZiLTAxMzItNWIxNi00OGUwZWIxNGExYzciPgogIDxJc3N1ZXIgeG1sbnM9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHA6Ly9leGFtcGxlLmNvbTwvSXNzdWVyPgogIDxzYW1scDpTdGF0dXM+CiAgICA8c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+CiAgPC9zYW1scDpTdGF0dXM+CgogIDxBc3NlcnRpb24geG1sbnM9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJfNzAwYWMzMjAtNzRmZi0wMTMyLTViMTQtNDhlMGViMTRhMWM3IiBJc3N1ZUluc3RhbnQ9IjIwMTUtMDEtMDJUMjI6NDg6NDhaIiBWZXJzaW9uPSIyLjAiPgogICAgPElzc3Vlcj5odHRwOi8vZXhhbXBsZS5jb208L0lzc3Vlcj4KICAgIDxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgogIDxkczpTaWduZWRJbmZvPgogICAgPGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KICAgIDxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4KICAgIDxkczpSZWZlcmVuY2UgVVJJPSIiPgogICAgICA8ZHM6VHJhbnNmb3Jtcz4KICAgICAgICA8ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz4KICAgICAgICA8ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+CiAgICAgIDwvZHM6VHJhbnNmb3Jtcz4KICAgICAgPGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+CiAgICAgIDxkczpEaWdlc3RWYWx1ZT5qQ2dlWENQREZsd2pUZ3FnUHAwbVUyVHF3OWc9PC9kczpEaWdlc3RWYWx1ZT4KICAgIDwvZHM6UmVmZXJlbmNlPgogIDwvZHM6U2lnbmVkSW5mbz4KICA8ZHM6U2lnbmF0dXJlVmFsdWU+bG9SN21DRmlNSURIUHBLeVgzRUd2dzJYeTZycEtFZWZVMDhYS1lWRXJ6MXB3a1BUUFFlYU5iK2RGMHZLai9rNQoyUmJ2Z3ZFUFN2ZGI3RDJOMTY5QjJMTGVmbXpaWTBDY0RKcThkK3lNbnZSNER3YitSUFl6bWJoS29XQ1ZyY3VPCnNvbEUxQTg3WFZjenNpd2JYRWllM2p4RHdDSk5vWi9GRFJRZy80RHRQVmc9PC9kczpTaWduYXR1cmVWYWx1ZT4KPGRzOktleUluZm8+CiAgPGRzOlg1MDlEYXRhPgogICAgPGRzOlg1MDlDZXJ0aWZpY2F0ZT5NSUlDVnpDQ0FjQUNDUURJVkhhTlNCWUw2VEFOQmdrcWhraUc5dzBCQVFzRkFEQndNUXN3Q1FZRFZRUUdFd0pHVWpFT01Bd0dBMVVFQ0F3RlVHRnlhWE14RGpBTUJnTlZCQWNNQlZCaGNtbHpNUll3RkFZRFZRUUtEQTFPYjNaaGNHOXpkQ0JVUlZOVU1Ta3dKd1lKS29aSWh2Y05BUWtCRmhwbWJHOXlaVzUwTG5CcFoyOTFkRUJ1YjNaaGNHOXpkQzVtY2pBZUZ3MHhOREF5TVRNeE16VXpOREJhRncweE5UQXlNVE14TXpVek5EQmFNSEF4Q3pBSkJnTlZCQVlUQWtaU01RNHdEQVlEVlFRSURBVlFZWEpwY3pFT01Bd0dBMVVFQnd3RlVHRnlhWE14RmpBVUJnTlZCQW9NRFU1dmRtRndiM04wSUZSRlUxUXhLVEFuQmdrcWhraUc5dzBCQ1FFV0dtWnNiM0psYm5RdWNHbG5iM1YwUUc1dmRtRndiM04wTG1aeU1JR2ZNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0R05BRENCaVFLQmdRQ2hMRkhuM0xuTjRKUS83V0NkWXVweGtVZ2NOT1FuUEYreWxsKy9EUHB1eDlucGZZMDU5UElVYXRCOFg3a0NuNWk4dFJ3SXkvaWtISlI2TXI4K01QdmM2Vk9aRHhQTmRadk1vLzhsaHhyYk4zSmRydzN3aFptVS9LUFI5RjNCZEZkdStTTHpyTWwxVERVWmxQdFk5WHpVRlhjcU44SVhjeThUSnpDQmVOZXkzUUlEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRHQkFDdEo4ZmVHemUxTkhCNVZ3MThqTVVQdkhvN0gzR3dtajZaREFYUWxhaUFYTXVOQnhOWFZXVndpZmw2VituVzN3OVFhN0Zlby9uWi9PNFRVT0gxbnorYWRrbGNDRDRRcFphRUlibUFicmlQV0pLZ2I0TFdHaHFRcnV3WVI3SXRUUjFNTlg5Z0xiUDB6MHp2REVRbm50L1ZVV0ZFQkxTSnE0WjROcmU4TEZtUzI8L2RzOlg1MDlDZXJ0aWZpY2F0ZT4KICA8L2RzOlg1MDlEYXRhPgo8L2RzOktleUluZm8+PC9kczpTaWduYXR1cmU+PFN1YmplY3Q+CiAgICAgIDxOYW1lSUQgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjE6bmFtZWlkLWZvcm1hdDplbWFpbEFkZHJlc3MiPnNhbWxAdXNlci5jb208L05hbWVJRD4KICAgICAgPFN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj4KICAgICAgICA8U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgSW5SZXNwb25zZVRvPSJfZWQ5MTVhNDAtNzRmYi0wMTMyLTViMTYtNDhlMGViMTRhMWM3IiBOb3RPbk9yQWZ0ZXI9IjIwMzgtMDEtMDJUMjI6NTE6NDhaIiBSZWNpcGllbnQ9Imh0dHA6Ly9sb2NhbGhvc3Q6OTAwMS92MS91c2Vycy9hdXRob3JpemUvc2FtbCIvPgogICAgICA8L1N1YmplY3RDb25maXJtYXRpb24+CiAgICA8L1N1YmplY3Q+CiAgICA8Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTUtMDEtMDJUMjI6NDg6NDNaIiBOb3RPbk9yQWZ0ZXI9IjIwMzgtMDEtMDJUMjM6NDg6NDhaIj4KICAgICAgPEF1ZGllbmNlUmVzdHJpY3Rpb24+CiAgICAgICAgPEF1ZGllbmNlPmh0dHA6Ly9sb2NhbGhvc3Q6OTAwMS88L0F1ZGllbmNlPgogICAgICAgIDxBdWRpZW5jZT5mbGF0X3dvcmxkPC9BdWRpZW5jZT4KICAgICAgPC9BdWRpZW5jZVJlc3RyaWN0aW9uPgogICAgPC9Db25kaXRpb25zPgogICAgPEF0dHJpYnV0ZVN0YXRlbWVudD4KICAgICAgPEF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiPgogICAgICAgIDxBdHRyaWJ1dGVWYWx1ZT5zYW1sQHVzZXIuY29tPC9BdHRyaWJ1dGVWYWx1ZT4KICAgICAgPC9BdHRyaWJ1dGU+CiAgICA8L0F0dHJpYnV0ZVN0YXRlbWVudD4KICAgIDxBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMTUtMDEtMDJUMjI6NDg6NDhaIiBTZXNzaW9uSW5kZXg9Il83MDBhYzMyMC03NGZmLTAxMzItNWIxNC00OGUwZWIxNGExYzciPgogICAgICA8QXV0aG5Db250ZXh0PgogICAgICAgIDxBdXRobkNvbnRleHRDbGFzc1JlZj51cm46ZmVkZXJhdGlvbjphdXRoZW50aWNhdGlvbjp3aW5kb3dzPC9BdXRobkNvbnRleHRDbGFzc1JlZj4KICAgICAgPC9BdXRobkNvbnRleHQ+CiAgICA8L0F1dGhuU3RhdGVtZW50PgogIDwvQXNzZXJ0aW9uPgo8L3NhbWxwOlJlc3BvbnNlPgo= python3-saml-1.12.0/tests/data/responses/response_without_reference_uri.xml.base64000066400000000000000000000115651410551756100303650ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIj8+CjxzYW1scDpSZXNwb25zZSB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBJRD0icGZ4ZDU5NDM0N2QtNDk1Zi1iOGQxLTBlZTItNDFjZmRhMTRkZDM1IiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxNS0wMS0wMlQyMjo0ODo0OFoiIERlc3RpbmF0aW9uPSJodHRwOi8vbG9jYWxob3N0OjkwMDEvdjEvdXNlcnMvYXV0aG9yaXplL3NhbWwiIENvbnNlbnQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjb25zZW50OnVuc3BlY2lmaWVkIiBJblJlc3BvbnNlVG89Il9lZDkxNWE0MC03NGZiLTAxMzItNWIxNi00OGUwZWIxNGExYzciPgogIDxJc3N1ZXIgeG1sbnM9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHA6Ly9leGFtcGxlLmNvbTwvSXNzdWVyPgogIDxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgogIDxkczpTaWduZWRJbmZvPgogICAgPGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KICAgIDxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4KICAgIDxkczpSZWZlcmVuY2UgVVJJPSIiPgogICAgICA8ZHM6VHJhbnNmb3Jtcz4KICAgICAgICA8ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz4KICAgICAgICA8ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+CiAgICAgIDwvZHM6VHJhbnNmb3Jtcz4KICAgICAgPGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+CiAgICAgIDxkczpEaWdlc3RWYWx1ZT5qQ2dlWENQREZsd2pUZ3FnUHAwbVUyVHF3OWc9PC9kczpEaWdlc3RWYWx1ZT4KICAgIDwvZHM6UmVmZXJlbmNlPgogIDwvZHM6U2lnbmVkSW5mbz4KICA8ZHM6U2lnbmF0dXJlVmFsdWU+bG9SN21DRmlNSURIUHBLeVgzRUd2dzJYeTZycEtFZWZVMDhYS1lWRXJ6MXB3a1BUUFFlYU5iK2RGMHZLai9rNQoyUmJ2Z3ZFUFN2ZGI3RDJOMTY5QjJMTGVmbXpaWTBDY0RKcThkK3lNbnZSNER3YitSUFl6bWJoS29XQ1ZyY3VPCnNvbEUxQTg3WFZjenNpd2JYRWllM2p4RHdDSk5vWi9GRFJRZy80RHRQVmc9PC9kczpTaWduYXR1cmVWYWx1ZT4KPGRzOktleUluZm8+CiAgPGRzOlg1MDlEYXRhPgogICAgPGRzOlg1MDlDZXJ0aWZpY2F0ZT5NSUlDVnpDQ0FjQUNDUURJVkhhTlNCWUw2VEFOQmdrcWhraUc5dzBCQVFzRkFEQndNUXN3Q1FZRFZRUUdFd0pHVWpFT01Bd0dBMVVFQ0F3RlVHRnlhWE14RGpBTUJnTlZCQWNNQlZCaGNtbHpNUll3RkFZRFZRUUtEQTFPYjNaaGNHOXpkQ0JVUlZOVU1Ta3dKd1lKS29aSWh2Y05BUWtCRmhwbWJHOXlaVzUwTG5CcFoyOTFkRUJ1YjNaaGNHOXpkQzVtY2pBZUZ3MHhOREF5TVRNeE16VXpOREJhRncweE5UQXlNVE14TXpVek5EQmFNSEF4Q3pBSkJnTlZCQVlUQWtaU01RNHdEQVlEVlFRSURBVlFZWEpwY3pFT01Bd0dBMVVFQnd3RlVHRnlhWE14RmpBVUJnTlZCQW9NRFU1dmRtRndiM04wSUZSRlUxUXhLVEFuQmdrcWhraUc5dzBCQ1FFV0dtWnNiM0psYm5RdWNHbG5iM1YwUUc1dmRtRndiM04wTG1aeU1JR2ZNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0R05BRENCaVFLQmdRQ2hMRkhuM0xuTjRKUS83V0NkWXVweGtVZ2NOT1FuUEYreWxsKy9EUHB1eDlucGZZMDU5UElVYXRCOFg3a0NuNWk4dFJ3SXkvaWtISlI2TXI4K01QdmM2Vk9aRHhQTmRadk1vLzhsaHhyYk4zSmRydzN3aFptVS9LUFI5RjNCZEZkdStTTHpyTWwxVERVWmxQdFk5WHpVRlhjcU44SVhjeThUSnpDQmVOZXkzUUlEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRHQkFDdEo4ZmVHemUxTkhCNVZ3MThqTVVQdkhvN0gzR3dtajZaREFYUWxhaUFYTXVOQnhOWFZXVndpZmw2VituVzN3OVFhN0Zlby9uWi9PNFRVT0gxbnorYWRrbGNDRDRRcFphRUlibUFicmlQV0pLZ2I0TFdHaHFRcnV3WVI3SXRUUjFNTlg5Z0xiUDB6MHp2REVRbm50L1ZVV0ZFQkxTSnE0WjROcmU4TEZtUzI8L2RzOlg1MDlDZXJ0aWZpY2F0ZT4KICA8L2RzOlg1MDlEYXRhPgo8L2RzOktleUluZm8+PC9kczpTaWduYXR1cmU+PHNhbWxwOlN0YXR1cz4KICAgIDxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz4KICA8L3NhbWxwOlN0YXR1cz4KCiAgPEFzc2VydGlvbiB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9Il83MDBhYzMyMC03NGZmLTAxMzItNWIxNC00OGUwZWIxNGExYzciIElzc3VlSW5zdGFudD0iMjAxNS0wMS0wMlQyMjo0ODo0OFoiIFZlcnNpb249IjIuMCI+CiAgICA8SXNzdWVyPmh0dHA6Ly9leGFtcGxlLmNvbTwvSXNzdWVyPgogICAgPFN1YmplY3Q+CiAgICAgIDxOYW1lSUQgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjE6bmFtZWlkLWZvcm1hdDplbWFpbEFkZHJlc3MiPnNhbWxAdXNlci5jb208L05hbWVJRD4KICAgICAgPFN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj4KICAgICAgICA8U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgSW5SZXNwb25zZVRvPSJfZWQ5MTVhNDAtNzRmYi0wMTMyLTViMTYtNDhlMGViMTRhMWM3IiBOb3RPbk9yQWZ0ZXI9IjIwMzgtMDEtMDJUMjI6NTE6NDhaIiBSZWNpcGllbnQ9Imh0dHA6Ly9sb2NhbGhvc3Q6OTAwMS92MS91c2Vycy9hdXRob3JpemUvc2FtbCIvPgogICAgICA8L1N1YmplY3RDb25maXJtYXRpb24+CiAgICA8L1N1YmplY3Q+CiAgICA8Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTUtMDEtMDJUMjI6NDg6NDNaIiBOb3RPbk9yQWZ0ZXI9IjIwMzgtMDEtMDJUMjM6NDg6NDhaIj4KICAgICAgPEF1ZGllbmNlUmVzdHJpY3Rpb24+CiAgICAgICAgPEF1ZGllbmNlPmh0dHA6Ly9sb2NhbGhvc3Q6OTAwMS88L0F1ZGllbmNlPgogICAgICAgIDxBdWRpZW5jZT5mbGF0X3dvcmxkPC9BdWRpZW5jZT4KICAgICAgPC9BdWRpZW5jZVJlc3RyaWN0aW9uPgogICAgPC9Db25kaXRpb25zPgogICAgPEF0dHJpYnV0ZVN0YXRlbWVudD4KICAgICAgPEF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiPgogICAgICAgIDxBdHRyaWJ1dGVWYWx1ZT5zYW1sQHVzZXIuY29tPC9BdHRyaWJ1dGVWYWx1ZT4KICAgICAgPC9BdHRyaWJ1dGU+CiAgICA8L0F0dHJpYnV0ZVN0YXRlbWVudD4KICAgIDxBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMTUtMDEtMDJUMjI6NDg6NDhaIiBTZXNzaW9uSW5kZXg9Il83MDBhYzMyMC03NGZmLTAxMzItNWIxNC00OGUwZWIxNGExYzciPgogICAgICA8QXV0aG5Db250ZXh0PgogICAgICAgIDxBdXRobkNvbnRleHRDbGFzc1JlZj51cm46ZmVkZXJhdGlvbjphdXRoZW50aWNhdGlvbjp3aW5kb3dzPC9BdXRobkNvbnRleHRDbGFzc1JlZj4KICAgICAgPC9BdXRobkNvbnRleHQ+CiAgICA8L0F1dGhuU3RhdGVtZW50PgogIDwvQXNzZXJ0aW9uPgo8L3NhbWxwOlJlc3BvbnNlPgo= python3-saml-1.12.0/tests/data/responses/signed_assertion_response.xml.base64000066400000000000000000000144311410551756100273200ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJfMmUwZjNlOGE3YzUxZGUyNjcxNjczNDE0YWE3ZDVhNjkyNDdmNmQ2NjI1IiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxNC0wMy0zMVQwMDozNzoxNloiIERlc3RpbmF0aW9uPSJodHRwczovL3BpdGJ1bGsubm8taXAub3JnL25ld29uZWxvZ2luL2RlbW8xL2luZGV4LnBocD9hY3MiIEluUmVzcG9uc2VUbz0iT05FTE9HSU5fNjEyYmJmOWIxNjQ1Mjk0YWEwYjQ2MzdiMWJjNWYzOWRlOGI3OWNlYiI+PHNhbWw6SXNzdWVyPmh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvc2ltcGxlc2FtbC9zYW1sMi9pZHAvbWV0YWRhdGEucGhwPC9zYW1sOklzc3Vlcj48c2FtbHA6U3RhdHVzPjxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz48L3NhbWxwOlN0YXR1cz48c2FtbDpBc3NlcnRpb24geG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiBJRD0icGZ4ZDdkZWFmOGQtYTlmOS1iNmQyLTU5ZjItZTQ2MjI5MmFjMTNkIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxNC0wMy0zMVQwMDozNzoxNloiPjxzYW1sOklzc3Vlcj5odHRwczovL3BpdGJ1bGsubm8taXAub3JnL3NpbXBsZXNhbWwvc2FtbDIvaWRwL21ldGFkYXRhLnBocDwvc2FtbDpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+CiAgPGRzOlNpZ25lZEluZm8+PGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KICAgIDxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4KICA8ZHM6UmVmZXJlbmNlIFVSST0iI3BmeGQ3ZGVhZjhkLWE5ZjktYjZkMi01OWYyLWU0NjIyOTJhYzEzZCI+PGRzOlRyYW5zZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvZHM6VHJhbnNmb3Jtcz48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz48ZHM6RGlnZXN0VmFsdWU+ckNaU2E0bHZydndRRVN6UnVjU1hKUW1aTGtVPTwvZHM6RGlnZXN0VmFsdWU+PC9kczpSZWZlcmVuY2U+PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5HZ1JSRjZkNXE2a01zUHNTUnZZbE43NHQ4aGNiWDB5QU9OYTZDS2xHT1ZuaUxaN2w5M1dBcDRQSEIrWFhZYnlCU0x1RnJsYW9JbzFnRk5pUk10aU5hRzIreWczK2IxTXRBaXRGdmFWeTZ3dnhRbDFhamdUYUFjbVdjYTNJckp6U3I0ZGtxL1ZVZWZuZFhmZ01Ga2NldWdDNk00UGw4MXZ3TVYzM1BFU1lDQm89PC9kczpTaWduYXR1cmVWYWx1ZT4KPGRzOktleUluZm8+PGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJQ2dUQ0NBZW9DQ1FDYk9scldEZFg3RlRBTkJna3Foa2lHOXcwQkFRVUZBRENCaERFTE1Ba0dBMVVFQmhNQ1RrOHhHREFXQmdOVkJBZ1REMEZ1WkhKbFlYTWdVMjlzWW1WeVp6RU1NQW9HQTFVRUJ4TURSbTl2TVJBd0RnWURWUVFLRXdkVlRrbE9SVlJVTVJnd0ZnWURWUVFERXc5bVpXbGtaUzVsY214aGJtY3VibTh4SVRBZkJna3Foa2lHOXcwQkNRRVdFbUZ1WkhKbFlYTkFkVzVwYm1WMGRDNXViekFlRncwd056QTJNVFV4TWpBeE16VmFGdzB3TnpBNE1UUXhNakF4TXpWYU1JR0VNUXN3Q1FZRFZRUUdFd0pPVHpFWU1CWUdBMVVFQ0JNUFFXNWtjbVZoY3lCVGIyeGlaWEpuTVF3d0NnWURWUVFIRXdOR2IyOHhFREFPQmdOVkJBb1RCMVZPU1U1RlZGUXhHREFXQmdOVkJBTVREMlpsYVdSbExtVnliR0Z1Wnk1dWJ6RWhNQjhHQ1NxR1NJYjNEUUVKQVJZU1lXNWtjbVZoYzBCMWJtbHVaWFIwTG01dk1JR2ZNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0R05BRENCaVFLQmdRRGl2YmhSN1A1MTZ4L1MzQnFLeHVwUWUwTE9Ob2xpdXBpQk9lc0NPM1NIYkRybDMrcTlJYmZuZm1FMDRyTnVNY1BzSXhCMTYxVGREcEllc0xDbjdjOGFQSElTS090UGxBZVRaU25iOFFBdTdhUmpacTMrUGJyUDV1VzNUY2ZDR1B0S1R5dEhPZ2UvT2xKYm8wNzhkVmhYUTE0ZDFFRHdYSlcxclJYdVV0NEM4UUlEQVFBQk1BMEdDU3FHU0liM0RRRUJCUVVBQTRHQkFDRFZmcDg2SE9icVkrZThCVW9XUTkrVk1ReDFBU0RvaEJqd09zZzJXeWtVcVJYRitkTGZjVUg5ZFdSNjNDdFpJS0ZEYlN0Tm9tUG5RejduYksrb255Z3dCc3BWRWJuSHVVaWhacTNaVWRtdW1RcUN3NFV2cy8xVXZxM29yT28vV0pWaFR5dkxnRlZLMlFhclE0LzY3T1pmSGQ3UitQT0JYaG9waFNNdjFaT288L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48L2RzOlNpZ25hdHVyZT48c2FtbDpTdWJqZWN0PjxzYW1sOk5hbWVJRCBTUE5hbWVRdWFsaWZpZXI9Imh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvbmV3b25lbG9naW4vZGVtbzEvbWV0YWRhdGEucGhwIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OnRyYW5zaWVudCI+XzNhZjYyZjFkMDM1MTNiZGQ2MWRkNWJmMDRkM2RlYjdhYTYxNzQ4MGUyMjwvc2FtbDpOYW1lSUQ+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAyMy0xMC0wMlQwNTo1NzoxNloiIFJlY2lwaWVudD0iaHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9pbmRleC5waHA/YWNzIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOXzYxMmJiZjliMTY0NTI5NGFhMGI0NjM3YjFiYzVmMzlkZThiNzljZWIiLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWw6U3ViamVjdD48c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxNC0wMy0zMVQwMDozNjo0NloiIE5vdE9uT3JBZnRlcj0iMjAyMy0xMC0wMlQwNTo1NzoxNloiPjxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PHNhbWw6QXVkaWVuY2U+aHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9tZXRhZGF0YS5waHA8L3NhbWw6QXVkaWVuY2U+PC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PC9zYW1sOkNvbmRpdGlvbnM+PHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDE0LTAzLTMxVDAwOjM3OjE2WiIgU2Vzc2lvbk5vdE9uT3JBZnRlcj0iMjAxNC0wMy0zMVQwODozNzoxNloiIFNlc3Npb25JbmRleD0iXzg1ZTdjZmUxNmQ2ZTdlNjAwYmQ5OGJiYzJiNDM3MWUxYzY5NTg4YTRkYSI+PHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDpBdXRobkNvbnRleHQ+PC9zYW1sOkF1dGhuU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGUgTmFtZT0idWlkIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj50ZXN0PC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Im1haWwiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPnRlc3RAZXhhbXBsZS5jb208L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0iY24iIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPnRlc3Q8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0ic24iIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPndhYTI8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0iZWR1UGVyc29uQWZmaWxpYXRpb24iIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPnVzZXI8L3NhbWw6QXR0cmlidXRlVmFsdWU+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+YWRtaW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+PC9zYW1scDpSZXNwb25zZT4= python3-saml-1.12.0/tests/data/responses/signed_assertion_response2.xml.base64000066400000000000000000000143741410551756100274100ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJfZTNmNzIwOThmYzU5MDcwMDE5YTc2YWQzMDU4NDcyMTNiMThjYmQ5YWRiIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxNC0wOS0yM1QxMjo0NToyMFoiIERlc3RpbmF0aW9uPSJodHRwOi8vcHl0b29sa2l0LmNvbTo4MDAwLz9hY3MiIEluUmVzcG9uc2VUbz0iT05FTE9HSU5fMDEzMzVlZTE1YjIyNzZlNTUwZTMzM2E1MDNiMzM3NDQyMzY2YzA2YyI+PHNhbWw6SXNzdWVyPmh0dHBzOi8vaWRwLmV4YW1wbGUuY29tL3NpbXBsZXNhbWwvc2FtbDIvaWRwL21ldGFkYXRhLnBocDwvc2FtbDpJc3N1ZXI+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+PHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9Il8yY2JlNjk2YzUxMTE0YzFiY2RiZGE4YjcxNWU1NmZhOTM1ZGMzMjZiOWYiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTA5LTIzVDEyOjQ1OjIwWiI+PHNhbWw6SXNzdWVyPmh0dHBzOi8vaWRwLmV4YW1wbGUuY29tL3NpbXBsZXNhbWwvc2FtbDIvaWRwL21ldGFkYXRhLnBocDwvc2FtbDpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+CiAgPGRzOlNpZ25lZEluZm8+PGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KICAgIDxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4KICA8ZHM6UmVmZXJlbmNlIFVSST0iI18yY2JlNjk2YzUxMTE0YzFiY2RiZGE4YjcxNWU1NmZhOTM1ZGMzMjZiOWYiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+PGRzOkRpZ2VzdFZhbHVlPk82SkJPdGxIczJNL2hDR205V2kzdHd2Y3lhZz08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU+TGJNdXNEMHFUczh2YUVyTjZ4bGtacnBjTEpmSmsvRkV0czdtSGU0YXVNK2hkeXQwaHdCL3NnUVBnUFBic3hCQ2NPNU5mM3ZsUHNRYTl4bGQ2ODhDcmljWTV6VnFmeFBMLytKSnU5bWdJL05NWmFaQ1B5YUorem0vTXQrUFJuVW56QWhTem1IQlIzK0JtU0VuVk9IenFtL0VVY0lOQy9HUFN0OTFWZnQ5eHRJPTwvZHM6U2lnbmF0dXJlVmFsdWU+CjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUNiRENDQWRXZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRMEZBREJUTVFzd0NRWURWUVFHRXdKMWN6RVRNQkVHQTFVRUNBd0tRMkZzYVdadmNtNXBZVEVWTUJNR0ExVUVDZ3dNVDI1bGJHOW5hVzRnU1c1ak1SZ3dGZ1lEVlFRRERBOXBaSEF1WlhoaGJYQnNaUzVqYjIwd0hoY05NVFF3T1RJek1USXlOREE0V2hjTk5ESXdNakE0TVRJeU5EQTRXakJUTVFzd0NRWURWUVFHRXdKMWN6RVRNQkVHQTFVRUNBd0tRMkZzYVdadmNtNXBZVEVWTUJNR0ExVUVDZ3dNVDI1bGJHOW5hVzRnU1c1ak1SZ3dGZ1lEVlFRRERBOXBaSEF1WlhoaGJYQnNaUzVqYjIwd2daOHdEUVlKS29aSWh2Y05BUUVCQlFBRGdZMEFNSUdKQW9HQkFPV0ErWUhVN2N2UE9yQk9meENzY3NZVEpCK2tIM01hQTlCRnJTSEZTK0tjUjZjdzdvUFNrdElKeFVndkRwUWJ0Zk5jT2tFL3R1T1BCRG9lY2g3QVhmdkg2ZDdCdzd4dFc4UFBKMm1CNUhuL0hHVzJyb1loeG1maDN0UjVTZHdONmk0RVJWRjhlTGt2d0NIc05ReUsyUmVmMERBSnZwQk5aTUhDcFMyNDkxNi9BZ01CQUFHalVEQk9NQjBHQTFVZERnUVdCQlE3Ny9xVmVpaWdmaFlESVRwbENOdEpLWlRNOERBZkJnTlZIU01FR0RBV2dCUTc3L3FWZWlpZ2ZoWURJVHBsQ050SktaVE04REFNQmdOVkhSTUVCVEFEQVFIL01BMEdDU3FHU0liM0RRRUJEUVVBQTRHQkFKTzJqLzF1TzgwRTVDMlBNNkZrOW16ZXJyYmt4bDdBWi9tdmxiT24rc05aRStWWjFBbnRZdUc4ZWtiSnBKdEcxWWZSZmM3RUE5bUV0cXZ2NGRodjd6Qnk0bks0OU9SK0twSUJqSXRXQjVrWXZycU1MS0JhMzJzTWJncXFVcWVGMUVOWEtqcHZMU3VQZGZHSlpBM2ROYS8rRHliOEdHcVdlNzA3ekx5YzVGOG08L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48L2RzOlNpZ25hdHVyZT48c2FtbDpTdWJqZWN0PjxzYW1sOk5hbWVJRCBTUE5hbWVRdWFsaWZpZXI9Imh0dHA6Ly9weXRvb2xraXQuY29tOjgwMDAvbWV0YWRhdGEvIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OnVuc3BlY2lmaWVkIj4yNWRkZDdkMzRhN2Q3OWRiNjkxNjc2MjVjZGE1NmEzMjBhZGYyODc2PC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDI0LTAzLTI2VDE4OjA1OjIwWiIgUmVjaXBpZW50PSJodHRwOi8vcHl0b29sa2l0LmNvbTo4MDAwLz9hY3MiIEluUmVzcG9uc2VUbz0iT05FTE9HSU5fMDEzMzVlZTE1YjIyNzZlNTUwZTMzM2E1MDNiMzM3NDQyMzY2YzA2YyIvPjwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE0LTA5LTIzVDEyOjQ0OjUwWiIgTm90T25PckFmdGVyPSIyMDI0LTAzLTI2VDE4OjA1OjIwWiI+PHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48c2FtbDpBdWRpZW5jZT5odHRwOi8vcHl0b29sa2l0LmNvbTo4MDAwL21ldGFkYXRhLzwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMTQtMDktMjNUMTI6NDU6MjBaIiBTZXNzaW9uTm90T25PckFmdGVyPSIyMDE0LTA5LTIzVDIwOjQ1OjIwWiIgU2Vzc2lvbkluZGV4PSJfYWVkNjA5MTJmODkzOWYwNzIzOWFiYjc3ZDhiMDI5ODI3YTMwY2NiMDNiIj48c2FtbDpBdXRobkNvbnRleHQ+PHNhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmQ8L3NhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+PC9zYW1sOkF1dGhuQ29udGV4dD48L3NhbWw6QXV0aG5TdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJ1aWQiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPnNtYXJ0aW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0ibWFpbCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+c21hcnRpbkB5YWNvLmVzPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9ImNuIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5TaXh0bzM8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0ic24iIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPk1hcnRpbjI8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0icGhvbmUiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiLz48c2FtbDpBdHRyaWJ1dGUgTmFtZT0iZWR1UGVyc29uQWZmaWxpYXRpb24iIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPnVzZXI8L3NhbWw6QXR0cmlidXRlVmFsdWU+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+YWRtaW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+PC9zYW1scDpSZXNwb25zZT4=python3-saml-1.12.0/tests/data/responses/signed_encrypted_assertion.xml.base64000066400000000000000000000233611410551756100274610ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiDQogICAgICAgICAgICAgICAgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiINCiAgICAgICAgICAgICAgICBJRD0iXzljMmFmOTQzNGUyOTRiMGNiMmQ1YzQ0ZWQ0OWIzYTcyNWYwNGExZDI2ZCINCiAgICAgICAgICAgICAgICBWZXJzaW9uPSIyLjAiDQogICAgICAgICAgICAgICAgSXNzdWVJbnN0YW50PSIyMDE0LTAzLTMwVDIwOjM5OjE5WiINCiAgICAgICAgICAgICAgICBEZXN0aW5hdGlvbj0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiDQogICAgICAgICAgICAgICAgSW5SZXNwb25zZVRvPSJPTkVMT0dJTl9mMjkyMzRlNzJhY2E2ZWQ1Y2MwMjExMmQyMWEzODIxOTFjYzc5ZjZmIg0KICAgICAgICAgICAgICAgID4NCiAgICA8c2FtbDpJc3N1ZXI+aHR0cDovL2lkcC5leGFtcGxlLmNvbS88L3NhbWw6SXNzdWVyPg0KICAgIDxzYW1scDpTdGF0dXM+DQogICAgICAgIDxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiIC8+DQogICAgPC9zYW1scDpTdGF0dXM+DQogICAgPHNhbWw6RW5jcnlwdGVkQXNzZXJ0aW9uPg0KICAgICAgICA8eGVuYzpFbmNyeXB0ZWREYXRhIHhtbG5zOnhlbmM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jIyINCiAgICAgICAgICAgICAgICAgICAgICAgICAgICB4bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgIFR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI0VsZW1lbnQiDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgPg0KICAgICAgICAgICAgPHhlbmM6RW5jcnlwdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI2FlczEyOC1jYmMiIC8+DQogICAgICAgICAgICA8ZHNpZzpLZXlJbmZvIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPg0KICAgICAgICAgICAgICAgIDx4ZW5jOkVuY3J5cHRlZEtleT4NCiAgICAgICAgICAgICAgICAgICAgPHhlbmM6RW5jcnlwdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3JzYS0xXzUiIC8+DQogICAgICAgICAgICAgICAgICAgIDx4ZW5jOkNpcGhlckRhdGE+DQogICAgICAgICAgICAgICAgICAgICAgICA8eGVuYzpDaXBoZXJWYWx1ZT5VYmdZN1VKU0V3ZnZlTWhNVkx3QTFpZGt4OFRad25ONVB6ZWNZdFo5bjdVbGd0aEtudGYydk1XYUNDdlpnbHEvOS9PRWgvQmFxVXFacFNRTkh2bU5TWDRsbFU5VzhDWTJMRGZFZW5ZQVZSelE1R0J3Q1c0b3JsYUw5TWpzQkJxeUQ0anBMVXkrdWxJaVpzK0ludlNUNmF6MThoSFBoZHdSUDFZek92Tzl0ajA9PC94ZW5jOkNpcGhlclZhbHVlPg0KICAgICAgICAgICAgICAgICAgICA8L3hlbmM6Q2lwaGVyRGF0YT4NCiAgICAgICAgICAgICAgICA8L3hlbmM6RW5jcnlwdGVkS2V5Pg0KICAgICAgICAgICAgPC9kc2lnOktleUluZm8+DQogICAgICAgICAgICA8eGVuYzpDaXBoZXJEYXRhPg0KICAgICAgICAgICAgICAgIDx4ZW5jOkNpcGhlclZhbHVlPjJoeWZhOUJTWXNUN090eUwvQTY0TlZsZDc0L2tNUlZxeVc2R0VyMmxHN2w1emhRNEptNEVURHN0VFZtb01ubVZ2RDk0SXpwcW8vaXNQaTNReHgwRkt3YmEwYys2OVZHY0xjODFEWnFHZTA1N2dmcG12dmRubEl6dDBwYUVjQUhNSjZrZmYrWmRHN0RXTlFwcHMrRTBkSW81d0wzNUVKWU5MVUZIR091S2JCQXhXbjN4UWlGQk85QnNZWFB5ZkNYejFJVXdKZ09aK2pZVlJZSjhMdlRsZDVNNG5FMFRORm5rRjZQMHRrS2U4SkYwMDRBbDd5bTRVdFY1S3o1YmhUNlI4bGo1NTBtcGxPWVlHd1RPbG1ZdStnZFJZL3NFdXJYSXc0bk5DQ1lHZE1qcEJZakg4MVJvUGJVYXBRc20vcXhqSEdyZHB1aUFmM2RlaFlNUGtNYzhoSHhVL2l6RXVsdEdZUzJIcE5aeWcvWkYvUm10eWN0TXFHczFJU21DVmYxcGN2QU5YcFVidmE3dlpkQ2NWajVMVFF4SktqQWN1bmlzZGxqYjdFdHpzeDZiS3lWcSt1czUvVzRoN014anBMaFZZNmhtcWRpdk0wdTVmd3NHRkJaZFI3T0FEQzIzUUhuTlViaDhhNlcvTmVwM0dwMzcxZHdQOHhDVVZ4dllsR21qZkppSVI5M0x2elA1RC9nWGIxbm5KemZXOHorNGt4ekNDZTNuOEFvd0YrYVd4cXlQdXplVXlEME92a3dKcXdCcGd2bGhaSzVBVUo2d1oxVllNY1FLYmRQeWpMbytuWFVxSEZyQ2cxejdaMEtKTFluNTJXZnJKSnNpUno2akxtSzJLa2RSUDkwR255UEdyalMzaFBjYkhHKzNvai9RTDZyRmtmelZZM1hOTlVNWWZnVzAzdW1PQXVHb2tDK3hmd2t4KzBwZkFxcUlQaHdDZEVrdU1sZWJLSHZkV1FWNktjK1UxWlFweWswVDdZaElIdGVjMmdUYVM1cGg2VlcyV2lLeWRuVGJEWmE0cHdKdVVyMTZQUW16Z1FvRFVaaGVVd3F2M2h4cHkrZ0VaUXdsMThyc1lidDhIVGh2UW84WXFkUUdORWprZzRVSE5uNUw4L1N3d3dESitTRitBRktOZWNzdENSNGRMd3N6U0R1QzcrbnFmRm9XamtILzVtOTd3RTNrUmtJY3BGQ01qVFlDZkNmVDAvSGFLMnFYZzRTSkZxVHpvcGFESFFUWTRJelR2N3FRaHQ4UEd5cDFxTTNPWnpmQ0x2SStIckc2SFhTY2dyNVd2SkFMZzFHeno3VDg0WGJ3OWFPSFZRdEZIL2MzQ0NiTE9nUVNsTmJ1bWZGYmcxRGJyWTdDVFgyOG5iMUc5bEtnZXZWQy9Idmo0NEJtREFiQ3VlSFArd1BsVms0MDdJV2lSSTJIZi9QSmh5K2ppU1E0bmp0d2pyV00yNEZiMUI4ZHJpVXpMeWhrOXpsYnVUdHJWRmtsRjI4cUQrUUVWY29Tb1gycWxoa1Q5K0hsUnlxYThucXV3RDZMdW5HdktreTduMVY2RW5FMUdKdU5SK2h2Ri9yN04yMTRnS1QweFVVN3Z5VzVlSWFqTEdLNjRKbFZjaE5YaVp6U244ckpwRitmVGZMTGdmVU5Kc0xBTTh2aXh5cjZGeGRBU3k1Rm9lbkZFNy9WVDdSb0l1QmZFSDNRUnoxYyt1V2ZhNWpjTnROQmZsZ1hNdVVzYVY2dXR1L2RPTnVjWk1KR0MweTN6NCs2aEFZbWdMVXJabEM2NlBlTm9XMmZTM2VJNzVvNlBScm9YaUJ5R0hCZUtsMTF4UVp4YTE4ZHRsV1AyK21ta2FRblAyMUZkR084Y1V6c2JwanZWSGlLMFZlamdHcHB1bzIvVHNOZ0tHdHBMb0hoeGhmOVR3eE05R1hZeUI5VVZSUm9pazdWUSt6MmFHN1cyK3RscWl1TzFxR2kvSmZnamN2UzUxRmthN3pJUFZQYXltL2pCNlNvT1R1LzlJNTQyd1RTZ3h3ZG8vTWlCaHd1SklFUzd2WlZDQ0s2M2tjalhBNzdDSlNDTkRDRDhvdEdPVzlMb0JNTjBzeGsyS1lDY1UvVGQ4MisvajZHQ09mb3JXUS9UbGFQZ3FWa3BDNzNIU3FObDZydGJKWUtkVlpJRjkxU2QrcGhzTTB0bTZwSldSV2pyc1U4YnA5cHZMNnRXbkNpVVhVVFdNVi9hdmpJdjd6clhIS1BsTXRwbkxIbjc4TjlTMG0wYlJjaE1nWmlEVXFMaW5yUlU1N1phUUZhUERCS0cza0NaNFlla0Nhc2RQU0dwd1B2Y21Ib1dvNVJzYnVaeWFXN0tCU2grQ0lCeDdCMlFmdWdLbXduTEVBSlNobUZYZ2JCcTBCVlJmdm8zM1AyRXo2VmVvamhPdzJaOTZ1R0IyLzJNRmkxMEZiNllzQ21zU2Q1eFNaVVhFcllVMG1nUkpXTlNCRFV2aTZ6ZVV3LzFtZWF4Y2RacmFuY0x1M1pDa3VoSmh1NlpVblFiOUtweVNRdTBZNldzUUp4RkdkU1ZJRzRuU3lsZUtrT0tPQXVacjMzempoNEVqNi8vNTRpMlJuOHJVSVFHRWxvc3BSUFRwdVN2aXNVc21uYncrNlhXRU1sNU5VbmU0ZlJFWkhBc0h1NXhoQmtYcXUzc2wvZFMzclBXdmxxM1A5ZktvUjJPVG81VlJyK2Z6cUxiUTdJdi9vK2pTMnlwWXBhZGVtcGh1L2swUFpTTGdyVS9ub0Q4eVNXWURhbG90MEdJOW5DSHkycVJQNWN2SE1xSDZUUWhQME1ZelVtL0NLaXZ3aTUwUXlBbUFoeFVrK2hIRk5iU0lBV3ZHdGhuZU9jT2QyVFAvR08xQXhlSFhGS2VIWlZzazhtMHdoYXZvZFgvcjRuWGNkVkVSenhOVnBKeXhJQ2lrQ1NzZjlYWDBSdzR3djlFRzB0WVI1dkQ1Qkw4TEJVaG9VWE8ydFRuMmFhNEJJeWRHWEcrRU5MTEhLL3VybUtYSDdMUFlHRmZPaXhKeGR2TWJjWHgwM0ZvcjBMc2xKcVZrNVFRZHFoWUlFUTVRdUsvT1phZXdISVFlT1lndGhhMkphTFlRMHltM2dTRklZdHE2eXJWMDRjMnZVNVdyTHJTOUZkeXBwaVhBUkNCT0FTZFU3cXFUdloxZ2xyd0VLMUU5ZDQ1dWFKT3N2cFdhWXc1aWdWYzlENnNLRENLeFFFdVdBeThVbithTkJMbHdxOSt3V2RvMDQ3alcvU2NsYm03K1NRVzE4K1BrbjM4YmpMNldWRUg0ZkduQVc3aFBLVDVzOXJUL3FhRW9yd05Zd3FYdm8rZjdySFBQUnNWd2kxNDNmUHI5U3FMTXdmb3pwb0hDcjdrTjcvcGRPdmVybXNPTy9xWENhUHF1anRyWEdTOHFNdzFSb200RXEydG9zc2NjSUdaUW02bGVlakh4bUtqK2ZSYjMvMG9USkhtVmJMWDZKL1RJMml6Y2F2SWRFNkc2RnpiaTE2QmRkU3pzVjlyMlhiMFc5TWdsY0ladks3NFNGMG1aSVpPVmtBUDVZYktCaU84N1BDQ0E3aXdtazdzc3JaNG9lUFBhbVVyQ1JmcTAwT0NPbHZWYURFRHZJWVdXekl0R01xYStadWUzdFYrRFNxUDR1bXdSWTJMSms2MzZJUkJjNnZSekI0cS9kdmx0VzV2YTlEbnAxWVAyQzJuTGwvSTgyTDduRDBoVU1WYjhVcVNjdWpISGRiSm5hSzUwUDdwamNQYlVOUXVXWmQ0MVh2dElXdHBTQkJxMTI1TkpjblZwaFI0VTNFb3N5S3hJMTAyMXFXMmU4bFVGS3gzQjNXSmVvYitsRG90bEZmcEJsaVRneWhxbitFV2diWHlQUEFDWm1TM1J0c2VMemxSTzZzcjUvQUQ2YmlBcVkwVldQbW04T2RaTm1kVHVQZ3JVLzFscy9IR2R1eTc2b0VQUTJpTmU0TzErOEN6a0d4Ykowbzcrd1AyejFPTVZUWFZtY3N1ejVoKzNzMU1veld0OXI4QVFCRnRuR3Z6Q2VVVGdCNmNONTM0akJCQnFlS3Zna1pTK2Y5NFQzaDVSSWRodldGa2JRZ29zcktkdGQvUEkvcjBXUTJHRHhlb2U0aDFvV09ldzBHbndHdzVyRzNxYnlremdsTFNZQmFHNmh3c1pTM2ZHU2JoQURvZXZMUUlNTlF4Tlk5MEk2ZWxMYllYTVowTmpzU05QWnlWa3JLU1RNUHphNGpJWS9lRnVhNWU2ZXZtUXh4TUxsdzFFbUp4SElaMSt4OVJLZy9Lb1cwOUdadDhyaytleFdMUGpBdXpzL043bnBObUd6Z2FNR1ZxSEI2TUFXY1hXODNjMG9mVXp0UlRBWStBR0hMWUE5ZzZHVmdCb3E0UHBXenZ4Z2dOQmRUUnlIdVk3V3ZyeEVSY0h1aWZHdjJ5QjVlaHZQR1U2bWgxNTNGcWJLeFozbC9KSlExUHUvd1o4ODJZL0tIc0dUQ0RDNGwwRXZ4ZVFCcVQ3TzFTZkRVUXVSUUFKNUIzOURDRjlvVHBqT3hQSkdSSW5RZE1oUU5tT1hNZGlNZTZCZDBZUlJPbUJaeG1xWWxwUGo2Ukhta3BiU3N0bGVxMDg5RDRmNTBKTU05S09SREV4R3B3SVFIMlp0YjFRdElwY2ZoNThsWWRGazd3N09HMzRZdGVlSFJUTDJxK0dhMVhIS2xQSnNlQzVDN2FoSzV4Y1BKNVJ4SW9kK2IrSnREejdJZk1zZUM4b2RTcmpqUnUrQUVNUmdLT3ZOVThHVHUzR09YRUpIekVkbklIRXM3R0V0enZyblFOVFNycmg2cWlFNUY1U09mT1JBbWdHVzJpV3dGRUUrL1hjSUYrUDJ1dVhtSWtwbmxqa0czbDJIU3ZiTW5EQ0VTdWo2NkRSNGVSMVE0bUxsUDdWMU80cEo0QTVXZmNOK1NmdGNEN2M3RERVRHNkOHBwZWF2Z1ZETndJbU5WazEzNWNIMzNmSmxUMUJsSWZWN3VxNnNEYTZJSEk2SHZwaTJPMTNsMDNmMHFaTEFFUkExN2NZaTRDTFBPQnlDSTFUekw0OFAwa0xBMDV1c0xFYW56Uzc0TW9QRFl1Qzh2NUZLK1VqZ1VGU3UrTTZkRDVXdm5pU3g3UkswVFJQNGNWSFlWblVyNFROcHVsSHFKZkhKYVJxcElvQzRsMmxHbS9RSnd2eEFkMkVPNlhNMk5KT1UyeFJPSGVuT2llWFJzSTBDUGJEZ3RQbWt6d3cyQWh6UHlUNWJjb3c5Ui96OVhhUDE2OHlDRllBNlRaME5aWmNiVG5zT2ZSYTdjOHhXS0Zic3RVU1BHQnE1V05MWnMxbTVBQlN6SCs2QUtEOFRpVjRBRG1hU2s5ZC8ySnFMbEZ3Ylk5NkxseU1iVVQ3OVY0OFg5UEpVWGFYZVJJVlE5VVZLdzJvT3d4VFgxZnV6M0Y0ckxkSUh2NnAxbWw2Rk9udUVteml5UElOeHJEVFErZlpjckZwRmxSK1llWVM3enYxVVVtZVRHZ0xhUk5zQ1h4ejViUnluelJtWFZKcE9EWm9VWnpiVC8vUWUwNlNYSncwOUhldXhvY3ZRZzAweTZLR2toNU45TXNJKzNKUE1WNnRNOCtYc3V3Q3Z5a0xYUDBoNGV1ZVFmU3F6bWxRMnZweVlHRmNEU3NBeHRaMmVsb3F6ak1tamczUmdGeW5tejBmcGZ1aitKU3JVRnY1c3JiTGFjNFJ5aXhqSStiM0krKzNOdGo0U1RLK2t6blRxbUlubmVaMzVlNmxyTlNubzJmZjZRaWpvUE40RVRIQkk5aThsMGNKNWJRM2dDd2J6Zjh0SEwvZXVTQ1hJa0xEZVVHaTVtbGxzRlBadlVLRkRkNjlTQU5oZXZCMXlLVld2azN5dlNhZmlYc3RsZ1FjVHVJT3o0Z3BZeVdOVWE1Q2dlMDhRZHZWVVZtUm83bWFHNjhNN3RsQ2VLSGU4ZDFyRlVBUytiTWpFWVJDSitSUTFiaElRUWhyUExYSG5kZnRJYTlmeGN6d1ZkdFg3ZEpPaWJyb2ZlZk84M2ZiMzlDSzFERXprcWk3eFR1VVlTRm9pRWtIclVKNFJnc1hFL0ZsWXVMS0xoQ29qMDJLd2Z3UE9ha0lzeWRQcndSVkp0MW02U1hFbE16ell1K25kZ2xyNHIyejJIOVRocXBTbWtuZjZOaS9YdDBvWFM1bjRrYmZ3SGl5ME5YbnplMk1vcStUQjJTa0QvM1JHbm5kNy9DRndiWGxjaTE3RE94T2NraTNaYjdrb3NZVjhBbythSnIvY3lOaW9YK01qUFdWRnd2eXJpS3Z3Sm5tK2Nra3AzU2lpUHMydnVUV1hDUG5Wa215SXpXWElKdWJ1U0g3OXdPQW1lMnI5T3l3eFVzUkVxTE04THZWVlQ1OGxvbDQ3ejhORlJVUU1wQzRJdEYzVk11OU04N2lVZ0xqMGVhaFZIdG14TXNNcDNwcmNMeWN2dnJnb3Nid1NJby9HOXNSdFcxQkc5Q25JYlVFUDAyRDlJM29MTkFEeFY4STd3RGVXcnduOGhRRG5mdExVOEpZRjVVLzBWRnlJSE1nK3lTdjZZS0VKUXk3M1lYMmtZSmlFREtnRDI2UnVnVUJRdk5VT1AzMDJjK1M4aWpNeTNMdDk0RHQvK3dOcFJiL1JlNzQvY1BnUTRzdGFmUTFIVmIzZFJ0UStURCtsRXJSaUdaWlQ1Q2RGb1ZMUmpXSXF4cG5oRVc0a0xIL2VZL3FPOTFKeERxdit1TDYyVnNud1R2YlRqNzUyd2N3Vm9kTzh6d0pTcG52YVVveXhuVjhwbTFvczVxbFA4cFg0MzhST211REpGdzVlRGJjdGlxbkt6RVNFZWc2NGEveUFPZ1dyeVZGVkY4RG5XZlgyV0xoUVhYTVRYM09ZaWdINE9iRDZtQnB2UVloU1J3SHZmMWJWcmptVFpySTR6MW81UnVPYnlsSDl2ZmhYSTdXTDRueHFqZm5lV3BUd0FsbWtXTWk3c1BpWFUrRG0yUTdSanc2NEV2MzdyZnVpWmRhbC9Ednh4MFg1eSs1Z1VyZEM1MjNMSE9OZWN3Q2xXRzBsZzI5NTNBK3NiOGFsWXcyYnl4RDI4enk1UXRzeTN1bkFCeWl4V1dBSGlPM2JpL3NCS01pVytnT0RWMWJ4NWFHSDIzaVR5dkp6S3dvbEc0M0hOVFFST0c4b2t0WVZWN2RBaGpLRXFBY1pTT2dFMWZmSDRhY0xGQWdVeDJvK1ZYQ0NqTUpVNVN2RWlCTUZlaGJQdXJSR1lPamFmOWRxZkRvNjdJMzVsazIvRTlJamJ3UEwxZEx1SXJ6c1hKcmgrcmNoNEUwSHBRZkNGbVRHQzhvd3dTNmMzYktGNkJLdStaZE9nQThDeWFueVVBajdmb0lhcU40NjdoS2c3dDMxK2JYZUJjNDRMNjNxd1dQbWNQbFEvUnh1bTRPcDdiaWFtdS8vd1pUMkNHNEViUGpHNllnPT08L3hlbmM6Q2lwaGVyVmFsdWU+DQogICAgICAgICAgICA8L3hlbmM6Q2lwaGVyRGF0YT4NCiAgICAgICAgPC94ZW5jOkVuY3J5cHRlZERhdGE+DQogICAgPC9zYW1sOkVuY3J5cHRlZEFzc2VydGlvbj4NCjwvc2FtbHA6UmVzcG9uc2U+ python3-saml-1.12.0/tests/data/responses/signed_encrypted_assertion2.xml.base64000066400000000000000000000226701410551756100275450ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJfNGIyYmQwYTk0ZmIzMDVjOGU2NGZkZmFkMTZhNzM1YjdiOGVhODIzOWJiIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxNC0wOS0yNFQwMDo0MTowOFoiIERlc3RpbmF0aW9uPSJodHRwOi8vcHl0b29sa2l0LmNvbTo4MDAwLz9hY3MiIEluUmVzcG9uc2VUbz0iT05FTE9HSU5fNTU4MGI4YTU2NzFjYTRiNjM2NTI3NTY0YjhhZWU3ZTdhYTZkZDM4NSI+PHNhbWw6SXNzdWVyPmh0dHBzOi8vaWRwLmV4YW1wbGUuY29tL3NpbXBsZXNhbWwvc2FtbDIvaWRwL21ldGFkYXRhLnBocDwvc2FtbDpJc3N1ZXI+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+PHNhbWw6RW5jcnlwdGVkQXNzZXJ0aW9uPjx4ZW5jOkVuY3J5cHRlZERhdGEgeG1sbnM6eGVuYz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjIiB4bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIiBUeXBlPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNFbGVtZW50Ij48eGVuYzpFbmNyeXB0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjYWVzMTI4LWNiYyIvPjxkc2lnOktleUluZm8geG1sbnM6ZHNpZz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PHhlbmM6RW5jcnlwdGVkS2V5Pjx4ZW5jOkVuY3J5cHRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNyc2Etb2FlcC1tZ2YxcCIvPjx4ZW5jOkNpcGhlckRhdGE+PHhlbmM6Q2lwaGVyVmFsdWU+VzUvSzI0Z0dFZ1piZEp6SWNsM1ZITW5IQWc5UkRKOENQMmJDNVFnNUtDejBHUVhSQ2FMVi9OWUs4bHArZE00cjhsdDh4RGo1c2xkNTlRZGNmUm1oZHhtaUh2L1A5ZXg3R1J4ZjZTTVMramIxQ3VSR2VoV0haL2c3dEFFd0w5M1dhcUdHZk0rZkZjS21pa2tkNVNxVG5XczE1a3QyWnpXSFkycmp2bzgva3lJPTwveGVuYzpDaXBoZXJWYWx1ZT48L3hlbmM6Q2lwaGVyRGF0YT48L3hlbmM6RW5jcnlwdGVkS2V5PjwvZHNpZzpLZXlJbmZvPgogICA8eGVuYzpDaXBoZXJEYXRhPgogICAgICA8eGVuYzpDaXBoZXJWYWx1ZT5GNW5aV3VzSTM4d2NpUmpUVnF5SDlGcVJhVXFqZDloRDJqYjB3S1NZY01xWDN0L28zamdrUmJVTlU3aU1hcDA2NTFpWkx0L0t6YnBMenJUQXBhdE1jMHdMOFp5NkllSWwwVkxDUWFTbjlBV08wV0MycEJjN2tJMUU0THloNmtQbmVJdGpDOTVFeFhZTXNiZ3Jic2VicGlNSUpFbDc5V1A2SGlrTUl3bWVmb3ljbWgyU3g2UytLR0haRVFUaHBDTzdBeDRjc0l3dWJSaWJSczBGaWxNODZDc3U3a1dxR1lGK1JSWjRaaWlnQ0h2TXlRc1JsaWgwSk9VYlZ2MjY1dnBWamJuNytJLzlnNGFVR2xsUFVMUERLVVBpZVhjSkx3UkJoU25vT21FY1k1R013ZU1tRlVmMjJKVkFIWm9McTJlMUttdi9nTk5kRUFHZmdQUkp2bnovTXpTampFZWhtZ3ExUXNSN092VEJiMFlUQ2VJL1h4V1crYXFZOVdITERCU3VzRFFuTlNDQWJ6b2ZPQngyTDg0Q3VLdGdDc0JtNjNoUm50YVdoMjRydzRXTzNqdUR3a2RZS2JCVmhjUGlKZHJxclo4bnEyNGV1a0pDU3BTQkRORG85MUsyQmR5RGVNOW5aeU5iQ3VFbk1COFczNUNQRHcreFJobXM5bnNxbVNBdW5JODFQY2NEM29BcjlrcEpoaHNRM01EVXVGaUJtU3Y0eU1HaDY1bU5Ta1lMWHhzTXB5ekpnZWRqdENTbWNTdEZtNERnVXFocnlUUXFkNnhLalJ2MVRIcHZBOXB2cDlib0NwK3JhSjlHaitYQ1A0cUhsQVdoU1dxVTQ3NXFyM25NUDF5cCtkNmpyMTFEZUNLa0hZN2lXY0kwRi9DVnVrRVVkWXAwUTJXMTlvdzlvWDRqc1F2cTJocDFaVWw0ZlhaUVNBM3BlUUdoMWh1TlRCOExtclM4QlhUVTFJSm5VT2xCd2hHNkZ3RE9VazlTZHMvS0VqV2xUVkhXemVrQ1FIcW5nNWVnWlJONWJST3NXVFVQUFBuaEIyTXFZWkg4SWJkdmh2UisxRTlGd1hkZ0lNUThCT1ZHdHpHZ1l0aXBIV1ZzbVpkcGlpSTVsWTdyMlFCQTBuOFFXVTdIQlcza3FVMEhSWSsxNkh2OEFyUlVFYlVOdHd5R0szSFlEaDhRclUzWWtqdHBobkk0K2R5eFR5SDY1MWhTK0pMSXRuYUVLY0UwY2dTZ21SbERxWnBLZk9zdUx4RnViWmZRNEFSS2J5TFVZN0t1V29MVzZjUUZNQStJYy9YNmRHVTZzUzEzblVWSzNzMXJqUFdOWi9zMHBsendETFQ4NkR3aFQway84dmtEQ3BicEc2WGZEeG9wUElUYlBHenRwMDd4RVQzUjQvSmNYSDdZWWtXd0RpNk9ITHpkWWw3SStlRmUwNTd3UlBWZmxlNDNES3ZLSi9tdHRHZ05qeGdwTkFnN2tlN0luZGJ6ZytBQlZUTjZMS2FpdUxmdmZZTFpCZ3hFeEJOeDZpZkJXSDY0UFI2bWVGWWZxbEJaeURacHNwUEpEQkl3MlNqc2pOUWZmcEhJTExqenZBQVM0anZUZHVaZ3JnYzZFMyt1YW81SS9QSUtvc0ZSL0VscjFrV3JVTzAzNThmTWpSaXZBSmNHcloxaTBHaEhWK1JEZk5zNGtkSEtTUVgvZERFTHExZ29NMFpmbkkwcmRINTVKWlNtR3RFZVdaemdVY2Vja1UrVUJwcUJtUVBmRlJ4QlJaaHhKTTNDTjUvdzVLMkVYaThpVUgwOGhhbmV4U1ZkR29VcmVQMWcva2Fwc1NueENaREFyaTFsNWNyaFhaMitYcjI0OWtHcTZYWTd4b0Y3MFlRY0lGUGFzOUk4eWVaTHpwNFI4YU9TbXJEQnRXc0NKYUVQWkVVa2ZRMUxqY0JzZTRlWVpyWDZVdm8wbjdNVXRheThQekNJSVJpQW9TWDdNM0VnZkZiYkZwcnJqMUtjSDhpRXdTaFlzQ3A4TU1qS09rbitXOER0ZkhoYnM2QlZkdVN1SVlNQUlucUc0QnpDMTNYdDZRWGg2cytOclhNRmlNUVUrdUFFK2Y0ZHNqaXJGRUpRK2VNV0lZOWJ2aHZyUFNBTmtqTHRFeWJFNUxIdUE1NGJQMDloMElwYm1weUpwRUhlaUVZdGhzNUJZMzBmWW5MaSs5NjB0a01zTkExMTlsUmpsZHA4ZGxvYXFsaWFUU1hSL0VaQVVqMUtQbkIyaWw0R1o4aWoySnQwbnRMYzFRcjFxSHBoU0dNL3hDcFRUR0ZWcGQ0OXkxVG9vZVR4VVFoVk1CUmwvMjFtTXYvaWVUZ3E3ZTdrd3JRY25rOEFNZkRYaVgzNzgwYmUrSlJ2NVE1NkZYR21UL0VOeUlhK25iTVdDdC82a3pvYjJjL1k3R0xhUkxqUEw1a0lYYnc3SWhNN1RKTU9FcnFndTJYcG5EN3VIQUlMZCtTVk1YazZaOUFmY21NUnVhN01MS01QeG1NNTZxSjVHT2Z1QnRFeVUvVnA1NUk0V1psK01qc1Y2Y0prNkV6dXdvZXk1U0V3MlVsUnVBWlBzTTlUZ1hLbDR5SG4vVnFIdWREKzNwbm13NTJSbUVFOEVxQ0dEYWVNektxRFgzbGsrVnd3WDBTRzVuNnNMR0Z4U2FKR2lQUEx0Y2ZNNDN4eFFwV2svOUdyaFU5VGw0SU43dTRjN0RLSHZQTWQ3VVF3Z3dwdzFqZkZ1ajVvSkNNZlhuOXRabkNaMkdRVjlEaSt0TXdqTDBBaDFtRWtHRjF4emFWbVhnVnpRWDgrWERGdkpudG40MzNoaHJhU1E4aTFuUXdhU1o1SWJMUEQxaFNPSEVodlVoekNjSW1WQ3ExazhTYjVWbmQrejViOVVoVHhQam1peTRRTkNlUGVveERZemNLMHY3U0xydVhyN3pmd0pqWUdmdkswWUl6Z1Q5elVieWxLVUFTdmx2bVU5RDlXTUVKU3I4SzVJanJFd0ZkbVRQdDlNOG5UR21LakxhenFyTGlaZ2FWMmhqY2w5ckhjWloxQjRoTWN1d015dS9qWUlMK1UzL3RxR1AwdGQyZFFrbENzMnp2YnJkZGRva092OTJXd1hVUFVzQXNGMHZJNTlrYmJFUklFRndSY0I0dkV5WFZkZXVIU0xOamJnNDJPK0x0OFR5Ly9sNmt3OW14ZVJoUklic1BEUGlQS1AxdnBxb2lYeThqR1JwOVFvd1lLWm82b3Zlak5lQUd0d0RWSGFFS2tPTXZDQ2hvTk5UNTNscStRTzVMTk9PRnoxTkxidzYvU2g5dG5ZcXNFR0lvbC91NTJGK1E1SFJnUGtNc1RiczBVSDl4RVBMdTlML1dCcXJxVCszajJtcHVmbzI2Q1NPcmt3Wmo0V3JNMzM2ZkRKMkV1Y2o0ako0cUFUYXNERGpvV1Y0SkZURFBnaDRkcm9HSkE3NnplSk5HcklOL1VzTGNHY1BFSEVwYnN4aU54QThTbTZkZWVSWjc1akFBNUVUaEFadHdscU9jUUZVV0hWSE9xVmVGTHpab2NNV0lVRGsrT2JkaEJTMit5MFptSnA3djRNV1NJeEZnWTU2Y24yamhwazZ0MzlobFBFTnNKY2wzeVphWU43ZDI3UENnVm5Rb1VkaHFoSXNQTDJBeDN2RUo5VVY1WHcrR0tWYk1JYS9rREFsTjY5SUxTdExQNnZmQ0JVV3VXdEtKZ0xaVHZERU5YR2dCdGVCcnZOc2oxTzBtY0d2Und5Y09yWkNnMDBNbmdNdVhKdE1ha2RTMTNPOVFlaFo1by9wNXB6RzFGSENtbzAvNmFVdmh4YjhFUWF5c1RIdU1rdmYxTmlFajRqQnB1MHZKWkFya2NmTElEUU1uakhnd1l3RDJZQk9uSkliWjZkTk9ZazNOZWpRRmNHbUFwUjhITUYrajdWcUlDREx5a2IvT2c2cEh0QktlMU1uYlQ5dVVOQ3J3QVd4LzYzK0NVMk9COXdTMmxmNWc5YjNvbm9oRmhOUTdrbytzZXNpUGZ3bFB2S08rU0ozbUpWQmxLWkRDSzM5eDhveitKWTZERTR4VjZReXBGQ3NBNHo4cGRxRWFKekcybmN6RXh6c1pEV0ZUTmx5Sk03SzFHMkN1UTR6MVZPOGl4NHdqYlJGRk5rbTJYbWRMZjhxdEJuQVhuWkdhMlR2bi9TZlVEZ2ZWQ1hoUGFkNnIzV28wdzVLZWtleGdUa2ZnQ0phaVlaZjZ2WmM4dHMwSkZ1ZkE0SWtoek5OZ25nR1ZVNEpEbS92MEI0TnJRcm14ekx3M1hUdGhCNjdOcDlDVmJjTVpIWll4eXNiMmRwbUJ2SFQzS01LbzJKNHdzbUZUQUlNcWlzMm5iVnBMb2tIWWlHNFRCdGhmUXRJVS9LVmJ5Ti9FV1pVL3RzOTlMREw5NngzNkZuRTQ1V0NESFM1ZTBNRysvT2RpVWRzc2F4eDJKc3BPTEFxWmxZQjFnM2dVZjJscFUyR1YrczAzT1B0SHBsdjBmaEV0YTJMKzJLTm9NNGNKZjU4LytLMUk3aWhBNXlYN0pvWVFpa2kxV3VxZEpmUWl3ZXF3VUJjUWgrbHNJemFlbFpZaTZ4TGpCSTRWQ2dkOGdjdDJHS3RrWnVWQ3l0aWcrQk0yMTJVc2l2ejBNYVhtaVdaZ0V5OVNLK3FBM1JPZWtJSU9sRmdJQXZpNUFvL2RrNXZuNjhzN0pXL2g2dERZbjBhT2JFQ2lPcmFGNmhHd0J5YWJDTFAvTnhEWDdpMDNlZGgvRU42ZC9BLzIyR1RkUzNUZWtkS0pyZVhwVExwLzBwcUxQQ29BYmFIUjJjaGRPQVUrSzR1dWQyeDQyK1hsUXJ6M3lKbWx0UDd4NXZ4YU1zV2wrKzlFQmdUcWsweHVJWVhBM0JNQnptbUkzSGFqUjl0b3dBNzRiNGFqaWJ4Nkw1eVJSTkEyT1Q4bzkveGs1Zk8vRDBJQ1U1UVpDU1VWS2ZWdWcxT2FwQytPVDkxa3RnV2ZEdTg2d2o1aVoxdUtuTXphSkJCRVZMQXFEYjA1clpxV2tlNFRrUmh4ZEpHQ2pUcERKSFBHYnNaeXJQMVI4T1BHTGVBUHJOaTJoMEhlUDBZcW5QYXVwRzVUSE0wVk02b2FNTE04eVlYRmRZbytsTjNnaEErZUMybkdZU3pMQjZ6NDdDdFBlUGhJb3JwQ1lUNDJubjlJN0MrTXh0UnNLZ3poRDZpaUlBL2plYVVMSmVybmZ1WUtTa0EySHlZWmhvQXVwb2ZqNWQ0cDVvdUVDdTQvRUNmdXdPdnJKYktQTTRhcW9xOTYwdWlzTXkzeGVIWkFNcFdrcXNoNzZmNjNQTkpibENaOURIUEhSSER0NGNTbDhXek9YSkhjVHk5enVZRVJ5L1M2OVp3dVlOMU5rM2RFN2F5Z1Z4MkxENG15Y0FVWHMxV1NNNFVVbXNGTkdTb0ZOZUE3eXhJM0JSZGg5d1NqNFpGdmNjYTVVRmUyWE9PUVlJMENIM3EvZEdHRjdockVKK1dDNms4U2puK05aM2xpMExnMkZIQ1RscFR5ZXZqQzBuWWJFMEExbjZaVHJ0aXVqWEpwRVZlVENJUGJoeEdHZXJIWmtMYjArNU5BcFhsZWRIVEZwdHZ5UWdLS0lGTEZQSHN5VTlBTlRKM3luTVBWWlQ5Q1VnTXpseUxBeEhON3Q5SVd5dWRiTzVaU2owa2Vrb01JaDNxMlBjQmNLbUlhbE1takEwTWRXOGZSaTliaVE1M1RwN1dtVDZFKzhwdHVsMTZWamhRVUpIYWE4aXBXSnl1dVVHWGVubTFNaXJQN3hSZk1Zc2dzRnFPMVFBUk8xZ2xjcmJIeTJpWGs2OVNnYWYxTmFkQWh1Rm03SE5FemZIN05MdVFqSTRsV0ptMXBCc2kxcnYwcDFBdWlieVVrcGVheE9QSnJaUVg3UnpacWtiWHRZV1BvZDhsMW9adEZFcWhMRFVKQXRFTU14ZC9LMnVPRThLV0EwRXpJcm9aNVFyVUdFeFN3bE14QndCMVhUaWZzVEU5SzVQQktVV2ZLNGNvNitwaHJnZ05CNDJta3ZkVitvZ21IZUc3Y3g1b25OK1EyZTl6Z3FHa2tEZndpN2N6clh4bFRpM3NpdFErakwzRHdqb2hINU9YREJEczNBbkFkTjIwQllyaGg5bnhtcHUxSXlRT3JVZmFhMzRLMlkzTWtGaDlwMWxEZmRSVEJIRmhnVFBTUlBWekp2Ty9TRy9aN2pFd1kzYytWSERiVU4raXZCbE5XeW0vZEl0RXY3elJ3UDRRVXRRd3J6dGFoZUJDSzBoaHc3TmRqWmxIeTJ3bmdVNFhLT0hDREpUWVIwRWlLdHJVRXl4RXZReVZhMm5MdlpBdHNhakwvWkdEVnZmbW05dmw0UjAyQ2hGMmtrbEJiMEQ0RkIxTmx4ZVV4cHMvRU5jbFhiRmxMMnh0WTN0K0c3d1FiWUNNRDdUOGFjREc0RWpqMmd6YThKRGV5K3dGTnVvL2RVSlowWDh6MStmMlpFSXVHNnlPK0g2ZkVnYWd6WTFOWURlMGp0b0FCc0ZGbVFJK3lqcCtwVDZZZlpWMXZIVW1vd1ZsNGQrZE1XNHVQVTBvdGJYR2l4bmZ2NHpLMnV2SEN6Y2d4OUNmNmJaajlud3lCYzYrVTA5N05uY1hGcndTb0VpSnJ6QWhsOFhxQTJSVDBCdGlDTVhERVhZdEpLRE03Sy9taVl6TXVFb1ZrY3lQRWQ5MkJ6Nkp0SjI4MUxzVUF1S2dKcmlhQWxKL1dBZXljM0hhWWxKei9CQ0UrV2I3R3BSQTZYS0o1U1ozaVV1SEdLczd5T2N4d1ArSjAzcmhob3Z5bkNSazRUR2hWRUhacThtVXpudFFJV1NOTTQ5L21mNWRqYmFJMGxJOFJka2xGYjNlOXVxWFpGbWxWcGllMDUvN1hZeXdPbXRTVmsyaU9sZm1aRVZmcE43eVAyQ0daMHF4VnhETGY0QkEzdTFXajVoMVdtcmt2R0Z0Y2s4bTVSdHdCek56SzdoNzdrRm5HUFgxaTgwSGpDblp6bWY0MnRGcStOWUdmRFVKWUJUeUhyVnZQbjFCUHJCS2FWa1gzMW9tcFFkcmYyZnVleVU5QWQ1R2lxbm1CTDFLa0lJMUFOTkdjeFIzN0hwdlQ5Y2Q4OXlsTTVHYSt2UWt2MHZLbGtNYXozbVFlRUdsWDI2MDh5Sy81VXVkZm1JM0dldzJTRnZyR2ZycWJCNkozWFhmTzc0SzR5N3N2Ym1QWU9EeklkdW4wQTFDQzNvMWh6d0NtUGRkVC9SUkFXaElTVGVYOUhaY1ZVNVNLd3QrSVlPaFpYa3RnUk1IRm9kczUyKzNZbVY4a0g0WDFUTlNNS2lhcWo3SXZJVEppWmxnYVAydnAzT3hWUU1UeHNPQzIxTnRGTENLQWZHdkFlQXBIcFlqaEU5SGJFSFl0dkpmeVM2OVR6cTBXSFk3NTNxclRvZHZZTDBud2Z6TGRIU2NVZkM4THl2Yyt3VGt3TFk2eERMV0wrNGx0UG5GaWk3TlVEdnN6TWxZdnQ5THdBRlA5YjZseG9NWmdncWhYU0VhMDVYSzJHSERkSVNrUUwzTCtVN004SWw3TWlxMi9CdTlvaG1hSGFkWWxqZzdTNHFBRnZEYkExTnlCbGJydlRwdVhQRXFCM3RDVEsya1JHc2tOY3BxT1VpUTYwU3dydm83ZTZObGp2SnV1eXNXRERoa1V2cG12aUcvQytSK2hMWFFWRkcxV0xpbXdqclp6alFieGdqT0dDZHRLamlmUT08L3hlbmM6Q2lwaGVyVmFsdWU+CiAgIDwveGVuYzpDaXBoZXJEYXRhPgo8L3hlbmM6RW5jcnlwdGVkRGF0YT48L3NhbWw6RW5jcnlwdGVkQXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+python3-saml-1.12.0/tests/data/responses/signed_message_encrypted_assertion.xml.base64000066400000000000000000000206451410551756100311670ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJwZnhjZGM0OTJmMy02Mzk0LTYyNzAtNmRlMS0zZDg2YjA3YTkwNWEiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTAzLTMwVDIwOjQ3OjMxWiIgRGVzdGluYXRpb249Imh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvbmV3b25lbG9naW4vZGVtbzEvaW5kZXgucGhwP2FjcyIgSW5SZXNwb25zZVRvPSJPTkVMT0dJTl9mY2UxY2JmZmNkZWEwMzQ5YmU3ODBhOTdhMzdlZjA2ODYyNjg4YzBjIj48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9zaW1wbGVzYW1sL3NhbWwyL2lkcC9tZXRhZGF0YS5waHA8L3NhbWw6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgogIDxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+CiAgICA8ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3JzYS1zaGExIi8+CiAgPGRzOlJlZmVyZW5jZSBVUkk9IiNwZnhjZGM0OTJmMy02Mzk0LTYyNzAtNmRlMS0zZDg2YjA3YTkwNWEiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+PGRzOkRpZ2VzdFZhbHVlPit1RXNQM3JaQ0ZuOUNDVnNoeFk2SnJVTHNKST08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU+T1RYS0ZySDI2YTRQRkgyU2pSWFU0ZHpOVEg4a21Cclg4WXdJUUZkYUdiMVFZc3UvWEE0Uk9YbEt0YzZEblp4akQwUzZ0K2RoKzB1VCtCZVJyZkpxZHM5cWdKdWtkVUVteG9kSEwwSVh1TDN5Q3FHU0hraXpYdUJhMVFhQW5HU1RlV2dRdW9QVmw4cXNDRGltcmZEcTU3amRoNmxiZkR5VW1DV3V4a0dmRzV3PTwvZHM6U2lnbmF0dXJlVmFsdWU+CjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUNnVENDQWVvQ0NRQ2JPbHJXRGRYN0ZUQU5CZ2txaGtpRzl3MEJBUVVGQURDQmhERUxNQWtHQTFVRUJoTUNUazh4R0RBV0JnTlZCQWdURDBGdVpISmxZWE1nVTI5c1ltVnlaekVNTUFvR0ExVUVCeE1EUm05dk1SQXdEZ1lEVlFRS0V3ZFZUa2xPUlZSVU1SZ3dGZ1lEVlFRREV3OW1aV2xrWlM1bGNteGhibWN1Ym04eElUQWZCZ2txaGtpRzl3MEJDUUVXRW1GdVpISmxZWE5BZFc1cGJtVjBkQzV1YnpBZUZ3MHdOekEyTVRVeE1qQXhNelZhRncwd056QTRNVFF4TWpBeE16VmFNSUdFTVFzd0NRWURWUVFHRXdKT1R6RVlNQllHQTFVRUNCTVBRVzVrY21WaGN5QlRiMnhpWlhKbk1Rd3dDZ1lEVlFRSEV3TkdiMjh4RURBT0JnTlZCQW9UQjFWT1NVNUZWRlF4R0RBV0JnTlZCQU1URDJabGFXUmxMbVZ5YkdGdVp5NXViekVoTUI4R0NTcUdTSWIzRFFFSkFSWVNZVzVrY21WaGMwQjFibWx1WlhSMExtNXZNSUdmTUEwR0NTcUdTSWIzRFFFQkFRVUFBNEdOQURDQmlRS0JnUURpdmJoUjdQNTE2eC9TM0JxS3h1cFFlMExPTm9saXVwaUJPZXNDTzNTSGJEcmwzK3E5SWJmbmZtRTA0ck51TWNQc0l4QjE2MVRkRHBJZXNMQ243YzhhUEhJU0tPdFBsQWVUWlNuYjhRQXU3YVJqWnEzK1BiclA1dVczVGNmQ0dQdEtUeXRIT2dlL09sSmJvMDc4ZFZoWFExNGQxRUR3WEpXMXJSWHVVdDRDOFFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQlFVQUE0R0JBQ0RWZnA4NkhPYnFZK2U4QlVvV1E5K1ZNUXgxQVNEb2hCandPc2cyV3lrVXFSWEYrZExmY1VIOWRXUjYzQ3RaSUtGRGJTdE5vbVBuUXo3bmJLK29ueWd3QnNwVkVibkh1VWloWnEzWlVkbXVtUXFDdzRVdnMvMVV2cTNvck9vL1dKVmhUeXZMZ0ZWSzJRYXJRNC82N09aZkhkN1IrUE9CWGhvcGhTTXYxWk9vPC9kczpYNTA5Q2VydGlmaWNhdGU+PC9kczpYNTA5RGF0YT48L2RzOktleUluZm8+PC9kczpTaWduYXR1cmU+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+PHNhbWw6RW5jcnlwdGVkQXNzZXJ0aW9uPjx4ZW5jOkVuY3J5cHRlZERhdGEgeG1sbnM6eGVuYz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjIiB4bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIiBUeXBlPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNFbGVtZW50Ij48eGVuYzpFbmNyeXB0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjYWVzMTI4LWNiYyIvPjxkc2lnOktleUluZm8geG1sbnM6ZHNpZz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PHhlbmM6RW5jcnlwdGVkS2V5Pjx4ZW5jOkVuY3J5cHRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNyc2EtMV81Ii8+PHhlbmM6Q2lwaGVyRGF0YT48eGVuYzpDaXBoZXJWYWx1ZT5xV3U2NnlqLzJtMDErZHJQUjdybHZhVVlnamlhQVdtZVFLdzV2ZW1HNjJUUmRtZEJpV3g2R3daNGtGcWNNSDFFKzM0Z3JuMXRkaU82REVpTmYza3Y3eVZBWmJvQzNRcmIyV3d2QnpvZEUyUkJJV2RieTY0SHdYa2g4cjM4RlYxQUFXdEJEa3BOSENhMnNHNmc3c1MxMVlOc0UvZ1g2a2FQRXpVRXlUT3ZQcDA9PC94ZW5jOkNpcGhlclZhbHVlPjwveGVuYzpDaXBoZXJEYXRhPjwveGVuYzpFbmNyeXB0ZWRLZXk+PC9kc2lnOktleUluZm8+CiAgIDx4ZW5jOkNpcGhlckRhdGE+CiAgICAgIDx4ZW5jOkNpcGhlclZhbHVlPnNNMjFIRzQrMEc4empibWJxT1NDWGorOWVueEMwcmNlS1JTdWlKamF5OG9TSlA3WDJsc1Z4NDFRdGh4U3B6MUJmRzIxOW81M3RzWXlFbCt1Q0hEdkVKR1EwVUJsaHcrc3hmdm5yejliK2hLVldwOHZNQlkzYkduNGhnNEVpQmk4N0lpRzlQRHpFMjM5T2lrcjgwWFlkaFY3TG1GbDdWSkIrUlozSUpsbHJCTmFuUlMzU01YTnBOVUNGaTZoWXoxYVFGL3p3VllsYzNVbEk1QjVQQW1LaHlMQVlhSUQwOXlqdDE1MUVnWDJ6TktyOHJ6SHpPWko2RExlLzVxV0NTaWgydFJBKytyY2I2WWRabE5GbTdrMkVVT1J4MUFaZ2tqZGY2UjcvWm54REFwQmhxU0tFbkN5UFhKd1IxSUk5S3A3dW85MzFnR3F5WU1QS0twbmpuRlZBZTNoTUNXNzBBeGtodkd0anFXM3NVaWpRQ2wxbHJkK2hrZlh2bXF3UUk1Tm9ZNHdVTlFwR2ZvVFhVKzlRT25jM1JCOGp4eTlQM0srY1hiVkZZNFlpSTBTOUU2MWU4eWdUL1BIMUtLOGlROFFIQUd1YWtBN3lMeHd2dnpGTjk5ZGZaVjYxUzhtNHcrOHY2SE9FamFYNHRtM1FEZ0VJZ3BHSFhRUDFVcU5MN0dKZ3VrTFJ4WWJ6c3NxbDRMZDZhOElma0JBUllTK0VYZ29GTWc2TDhSYU9mQ3dUZjhIN2RUY1hZTEhWMk5tN1RtelcxcjZENGs0R3I3d2h4eER6RG5TS2JlRUIvN2Zkay9sTHZ0QlAvQmVlZlkrV0lFL3BnVHVMYk1idEZKSU42QUdWQ0tSNHhUUDJPOVU2bWYrbUZDS282Y1lXMmdNVDJoWjJLRWljaW92THFTbUttTS9LaWgxcUtnaGRERTRVdmRIQkRsUmlxMFRHYWMrNXJJa0NiMG45VEtwWmNaT2FORkFjZjhmZk9obVpYRDlSSkZGYUg0QlJWWk9DdVBra3B2NERQakcrUzhNbE00K29MWnc2T2NPdTJTdTA2RklhOXc4RjM3N0psbE9MN1h0cC92Q1VGWlRYdUNjR1ltSExaYThWWHIvSjBzZExkVTNWK2xNVTZHMzNFaVlvMVV4MWNWNTN4TVhaMExSRmdnL3ZZT25HNjNqSHFkdk92dW5jNC82M2s3a2N0bjlwVGw3NlN1dzZkOXhHVzF6aUViTS9GYkxqdTZpb0s1Z3l3NThGRWZtdlgxN2xidnJGd3k0OVRYbHErVVdudmpOcmc0NldSYWhoYk9zdUlLeU9KVFhZNUJGOVc2Zzd0RFdDOG94a3BmSDcxRkU1QVhCNWlBRE1RTExMaEZQNzlGWDNWMEkycHhqREFMazQyazVwQVArcXdFZmwvY016NzVkQU9qL3EzMXp5a0xiODZqRE5jUmJzc3BQeFI1eDFTN1A5TjEvWjRZR2oya2xnRmNiT0U2SCtBTlo0RlYrMDcwQXpTL2h0M2UyUncyRXJKZVFXWHlXeTJaMlBZR3hzNjlDdktyREFqOTU1S2RqMnpkVDRESnhiNVltMDdpcXlwWnA3d3JWQUZTdENtazdEUW0raGhyTTFjOEM5aFE5aGRZdVV3Ky91cnpaZWVvd09pWXJJZnVDVktKTFZNZXZQY2VmLytPSXdXSHIzOFVkb3BNQ1FwZG93UjViZkI2TTRVTldzMmZKVmRqaFBKQXd5V1dWWjlUbS9RMDJOcWJRYWFpZGhkTlZOMEZqbGFQdStDRFg4ZGxLQzNPbjNXWUVQUFFQT3Y1OUlKWmYxd05aTjlES2xLdngyaDdHYlJBNjJqakRsWGo5NlVKcEFlTkJZY3J1Yng0OWFtZW44a2pMeWpTMkwwR3E5SGVHTGNCQmR2eVhHSjJhRlprOTh1L2RXYUdZd2x4Wjcra0Z3QURRcnNjQno1dk9aLytaZHgvYUpxYzNPOUs0T2s2TjNEZ3VHeW9aWlBoMDJuS1A2Y3I3ZlJZaUY2d0I4MTR1dUhkS0pRQURiK1Z6OUVVRU55OTZleFhFTWxFZTZhWUpTU25RVFVQNmE2TXJCM3IwSmZwZHhzNHY1djdlWnVacE9mY29BWUN0WmxHTUhLRWk0QU9jQXI4VXUwbkdPS25iOVMwZkpwQXJhZjVWejRzUUdCWlNuOTNSdWxiNnNlNkVWUlQ1M0NBak91SCsraDJNTUwzbWt3aVY1Z1A5NklYNHpYRGs1eHNtWlFoZGt4L296NnNDMXcxejRBaE4zcGs3TXVucUx5Z3UxUUI4MEx1T3k5K0swNG16dlFJVUtCK0t3K0ZncjczSDY1aW5WRk5vTEplUHJySEMwcGVrbjlKMEgwbE4wS1FwSGNKWG96QngvV1p5bG9uU092K0s5RzNrNmVEelhLeTFpME1HMmpWUzFEV0QrUStSTFF3dXVQZ3lZZkNnU3kzR01aNWQvN1o5Qit3Ui9jN3F2czVXYzFOeWxpL3FUU093VUZNSDErUmVJdEQ2V0J6bEtWbkdUbVFCSzFvWGtsZkZJYVZUSjBvK1pCeUFMaThBQmlLVlFGQW5EdExGaUMvY09XRFo0TFprOHo1YkFrc0duV2pLS1hQbFFNbWFBeUUvQkZCd1pRakFVNjlHUGxjRjJ6a1BNTkZHcUUwYWhHY09TZ3hZMStoUlozNFJhbEhXcmlFdGxjMGJXT1crQWt6UEFoazgzbG0vWFM4dVRieS9IeFh5RTVxd3JUTkg5eGFvYTBBV0hLT2o0bFJSajIxR3BhdWZVQkxhZTF0anhCUzRDdkJ5ODNUeVYvVzFGV1plRXY2MDh2NHV3VWxZTU5raWZZNmlISXhxd1l1RXRtc3lJVDRuOTVXNitnWm1henAwVTd0RkxQTFF0N01jQ1Z1Vmx5QmNEeSt2eStSRHJTZmVVVDhYc1M0VW1zWXdEbnNnQTZNcENsSWI1bDlITVU5UTQyTnJzMWowUlhiWi9CNVpCN2VzM3NQQkpuVTNzYWRncmNoVlU1MnFKS0Q1cDJVM3k4WVFoUFJPWHZscnBEbERsUjZINmJrQTdPMjR0WE9qSUtpR250Y1lXcTFSa29zcUsydjVtVFBpUkhuNDBlM2QzOUE4ZFFDWEx3TThvNWQrZVVuSVBVUW9HNnYzaWhsY05reVgwUUJXYTduNDdmcXVZeW4rZk8wWTlxRjNxcGdmekt5QTVaczlpUWNBMzBaU0E4VzdBaW1IMUxUNWVaRXdKNjJvcUxWa3ppWkU4dC9jVDZFV3NqTnNJWmkxNDRsRUd3TFM5UXRSVjF3Q1p3M2hYTVRpbi9FVlYxemN3bmtuMDJDVEt5UnB6SStjbnQ4V0JNMkRlN0M4Y000N0lvK0c4dmpqK3VmNmFnMFNzUHlYVzhqZEFrV3UvaERxSENrcGpHMWQyZTBUUFo1QXNBQWtNaUNiZXlpT1NpSzdtQkFmUEhZRENuUVdJQ0NMN3JOUlJSWWRiRTZ4TGlsWEdVazAzNXR1Z0pCYThQZnljTDNneWtmWVl3US92YStyZEMwdURHdEdkM0loaFNLRDN1dmxLUWtRT1k2RFZWZ2NGUk1LK2x4SkRkWU1La0NXRU8wSWVQQzdKUzZlZ3N4NzZwTkF5NCtjQzZUZGx1TkNVQmNyMVhZNWdxZXVOL3V4NFVkemwwUWdFeW9RNGRCYWYvSDF6SG15aDRFclNPbHhzWlExbnpkaUFuRy9nbmIvVkE1UkJtc1hiUUMrWjUvQ1hjRGxTNFVnOFJPaHZNYjh3eGVRSmNnV2lKSXcvaHdxeFFvUWhVR09weEJwTUlnWERXQUNyU0MyS2JpTE1ZM3FWYlFvdmhqSGpEelZHRk1FZE1ta09WeUw4bkIxYXQ5QWxkdEhGYnZqNFNQN0R4L042T0JTakNxNHZYOFo3Qng5ajBHTkt6QVlWRDl2QXRmNTRtaFVDSThKTWMwMGlOZXFvVDZwQlFyUWc5dzYzaWhjV1JZUWJxK3lXa1R6UUlYb0g4MG5ZU1d6ZE1HVks5TzkwZ2ViN1hHRm9rVGxzWDhqNzJ3empoa0RGbjBpNi9kTVF4ZnQ4bWM2ak0zZGcyWlAvMUJISXJsS0QreDBYS0hkR2xHSDU3OU9jQzcxYVorV0t2cUlHTk9ZZFhQck1maFlxbG5iRVF3Z0tFN01EdUswTWdzRnVuTW5zSTdTUFc2OUplN3A4dndlSHJZY1VoREUwTm43Rzd2SDFQbGw4UyttMEVyOG5JK3lBaEhkMHgyV0NYazY5UmxJVml2SVlBZFpRTkxNUERSTGNCMU9FRWhOMEg0aUFlRT08L3hlbmM6Q2lwaGVyVmFsdWU+CiAgIDwveGVuYzpDaXBoZXJEYXRhPgo8L3hlbmM6RW5jcnlwdGVkRGF0YT48L3NhbWw6RW5jcnlwdGVkQXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+ python3-saml-1.12.0/tests/data/responses/signed_message_encrypted_assertion2.xml.base64000066400000000000000000000212101410551756100312360ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJfNGEzNjdmY2M4ZTI0MTEyYTY4Y2Y1ODZlMmY0ZGNiYmY2MTgyZTBiZTRkIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxNC0wOS0yNFQwMDozOTo1OFoiIERlc3RpbmF0aW9uPSJodHRwOi8vcHl0b29sa2l0LmNvbTo4MDAwLz9hY3MiIEluUmVzcG9uc2VUbz0iT05FTE9HSU5fODFhNjhjYWIxNGU3MWFjM2I3NzFjYjA3YmExMjU2ODJlODkzOWQ4MCI+PHNhbWw6SXNzdWVyPmh0dHBzOi8vaWRwLmV4YW1wbGUuY29tL3NpbXBsZXNhbWwvc2FtbDIvaWRwL21ldGFkYXRhLnBocDwvc2FtbDpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+CiAgPGRzOlNpZ25lZEluZm8+PGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KICAgIDxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4KICA8ZHM6UmVmZXJlbmNlIFVSST0iI180YTM2N2ZjYzhlMjQxMTJhNjhjZjU4NmUyZjRkY2JiZjYxODJlMGJlNGQiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+PGRzOkRpZ2VzdFZhbHVlPnFTOWtJYjhlVEpPamRrbzlyLzZVZ0FmejJnTT08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU+akVESk8wdmcvTG9nN1BVUkRvSWRpQ2pSRXZFQVU1VjA3STB6U3hZaFFlT1FkaXFzTERQYUZjNDZ3UGlNUDZHcVFXZ053VlB3WTR1ekhZazhJWG56RElDQ2p6ak16SHJmWjRycERZRExiOC8wWlhwL3U2a1ZhSGtzUzhWT3A2RFlPdmFXWm02TU1kNjd5c3o3cDB1S0JJSWVVWEZxVUd0S0Z4cnVKVFJ3QktVPTwvZHM6U2lnbmF0dXJlVmFsdWU+CjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUNiRENDQWRXZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRMEZBREJUTVFzd0NRWURWUVFHRXdKMWN6RVRNQkVHQTFVRUNBd0tRMkZzYVdadmNtNXBZVEVWTUJNR0ExVUVDZ3dNVDI1bGJHOW5hVzRnU1c1ak1SZ3dGZ1lEVlFRRERBOXBaSEF1WlhoaGJYQnNaUzVqYjIwd0hoY05NVFF3T1RJek1USXlOREE0V2hjTk5ESXdNakE0TVRJeU5EQTRXakJUTVFzd0NRWURWUVFHRXdKMWN6RVRNQkVHQTFVRUNBd0tRMkZzYVdadmNtNXBZVEVWTUJNR0ExVUVDZ3dNVDI1bGJHOW5hVzRnU1c1ak1SZ3dGZ1lEVlFRRERBOXBaSEF1WlhoaGJYQnNaUzVqYjIwd2daOHdEUVlKS29aSWh2Y05BUUVCQlFBRGdZMEFNSUdKQW9HQkFPV0ErWUhVN2N2UE9yQk9meENzY3NZVEpCK2tIM01hQTlCRnJTSEZTK0tjUjZjdzdvUFNrdElKeFVndkRwUWJ0Zk5jT2tFL3R1T1BCRG9lY2g3QVhmdkg2ZDdCdzd4dFc4UFBKMm1CNUhuL0hHVzJyb1loeG1maDN0UjVTZHdONmk0RVJWRjhlTGt2d0NIc05ReUsyUmVmMERBSnZwQk5aTUhDcFMyNDkxNi9BZ01CQUFHalVEQk9NQjBHQTFVZERnUVdCQlE3Ny9xVmVpaWdmaFlESVRwbENOdEpLWlRNOERBZkJnTlZIU01FR0RBV2dCUTc3L3FWZWlpZ2ZoWURJVHBsQ050SktaVE04REFNQmdOVkhSTUVCVEFEQVFIL01BMEdDU3FHU0liM0RRRUJEUVVBQTRHQkFKTzJqLzF1TzgwRTVDMlBNNkZrOW16ZXJyYmt4bDdBWi9tdmxiT24rc05aRStWWjFBbnRZdUc4ZWtiSnBKdEcxWWZSZmM3RUE5bUV0cXZ2NGRodjd6Qnk0bks0OU9SK0twSUJqSXRXQjVrWXZycU1MS0JhMzJzTWJncXFVcWVGMUVOWEtqcHZMU3VQZGZHSlpBM2ROYS8rRHliOEdHcVdlNzA3ekx5YzVGOG08L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48L2RzOlNpZ25hdHVyZT48c2FtbHA6U3RhdHVzPjxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz48L3NhbWxwOlN0YXR1cz48c2FtbDpFbmNyeXB0ZWRBc3NlcnRpb24+PHhlbmM6RW5jcnlwdGVkRGF0YSB4bWxuczp4ZW5jPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyMiIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIFR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI0VsZW1lbnQiPjx4ZW5jOkVuY3J5cHRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNhZXMxMjgtY2JjIi8+PGRzaWc6S2V5SW5mbyB4bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48eGVuYzpFbmNyeXB0ZWRLZXk+PHhlbmM6RW5jcnlwdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3JzYS1vYWVwLW1nZjFwIi8+PHhlbmM6Q2lwaGVyRGF0YT48eGVuYzpDaXBoZXJWYWx1ZT5aMXhkeDFmNWV0NDFiM0MwbmZiWmNMWTdWcHZsQ3I4R3habFQxMGc0WDdWU2RBZC9nekFUQUpVbGlUajZyS2JQZ0NMZnBVZmdKSmYyY3hyeGs0bHNXbmROVERjelM2eExFZVp0WEJkREdtZjE4N0tLZjJGQnB5bHhGQlR6NmErYjFjb3RGY0ZQNjBSUGNIRXJTRys1WjdmU0EwUGozZXdtaGxhcTJ4Zmx4M0k9PC94ZW5jOkNpcGhlclZhbHVlPjwveGVuYzpDaXBoZXJEYXRhPjwveGVuYzpFbmNyeXB0ZWRLZXk+PC9kc2lnOktleUluZm8+CiAgIDx4ZW5jOkNpcGhlckRhdGE+CiAgICAgIDx4ZW5jOkNpcGhlclZhbHVlPnJ0ejFmMS93SDEzcGJ5ckZhVzVMT2svWlNYVDQ1Vi83c2VHbXpSUHlmK0c1ZzN0UGlKRWJoNnVWdVJHa1lRN2F6czdHYkZkNUY2NGd5WjJFTXlQYVkza1NuVEwvRG1tbndlWEgzU3l2d3NVekdLcWxiTWtWN2tiNG9WaFpXOWhFVzZhOG1odVU0TGx6RWdyK3hXUmI0U3N3SmxRb094bnBhVVlMaE9CNVlKUzRHcCtXcjFhZzRGcWM2K0tnSGhCZmtPcFNlN0NON3RSRGJLS1JCOWwrYkJlOEF1aWUzWDFEOHdCTWYvVHZXYlM3eXhuajVrVjYyRExpYXcrYWh4dndQQXJRU1ptVUdLbGhuYmpFNEs4U3pHMjdoTXJWUzdla1ZMU2RDaDhOZlQybDNEWjRVcFZhOExBNTBrNSs5TmxtQittMldsRjNDZmdmMG5JWHVBMlJqaWZmRWFJeVRBODFhOUVPOHdhR2p1VWZPT1ZGUjlIWVhnMHdWb3doSTBxZEd1L3p0MldBWUVZelNUTlNKcUxKVFhwUUpldUc3OWVMN0M4dGFsRllic3pyNjZWcEVFRk5TUnJWYVRaNjVNK2N1aktGemJidC9Jc3M1cEZzZ3pLbnorTmc4ZXR4N0hKSHdGMkFQRjhpS3J2VEJNZEEzZDBCS1hzZE5wd0RPb3luNEtrbVB3a3MvcDhCajkvbjd5Q3hnbzlwOUJ0Mnd6ZG5jbXlPTVZENXE4VUJYS25VQlp1MjE3T213bkNNZlo3QmN1TGJGenRKZ2krelBWa3F5ZGRDUytMUnBRRkl0SnF1RkRyblJ1eE9xaGJnaFVRS1RvT3hRVEZtZ0FoekxjMytrRm0zREM5MlAwR2tpTGZPMWxmNmozQTZsa0RNTmlXZFkvY0I2bFVyVFQ1ZVRVWWpOaXErUlNzOHptUUVnbWFJbG43NzQyYWJQY3FycHdBemFGajhpU25qckhuMmtualorUVZPdXNTODlpRHBzOVdZWlJEbjhkYm1SOGRjbjB5RlByQVZuR1NiV2dnb2oxM3pMM05VVzNXMUxhUFlTOVVjT210c2RadEY4YnVkK3g5MFR6QzkrT3R1ZjRDeGRnb1BrOWtUNlBvbDVSc0ZTN3FxWWNmRXlDUkpDSExKOXhsc2wzV0VFUHE0QzFUWFFvcGR0ZUMyM1MwZk40V2RWNWpiZWRyRmM0SFBDYlEwdHR0SHc2bklmQU9wY0dPWmxJZW5rVnEyenQzNndmaGh1SFJXRHlrYXNXOXczeWhoQzhhYldEYmRDbnZHZllVTmMwclBPaUdPemREQ0tpNmVRTUN2NU5WQUFPRlloa3ROOExwVlJvRldLc0dRNllCL3pPSjFvM29VMXQ5bi9manBVRnFTMXpBN1NRN09qdmovWXVYTExCWHZWNEpjUnFuamZ3R1BFNG9DT28zVkE4R1pBS2kvekYxS3Z1Z0lOb0N1dE84cTZ2QU5aa3FKMWUzNjlBaTVnYzJqd3FlV205WW5naHFJR3R4U0Z4MXN5bHI3QUlRQUVnbHc0Qk5TeWY5Rllxalo0ZTdRK3QwVm85bEIvVGhuemFoRDEzMXZQb2wyM2tVMk5iTWZTTHVUVWVSUGtPVCtLUFEzTHBIN2dPWERPdDFnNWtWWnBkTHVjbko0QXlXYTlvVGZyRkgrSWkvalE1NFdtUDFkM3N3TTFCckRYa0Nwd3BTVVJEdHZpVWpQZU0xYVhqMXhPL1ZqdFQrb1ZHd2pFK0lQclVLZjlndGloSFpRd1M2Mi9NN1lNVGxmMHdBUzdRWXdmcFJ5b1JDdk03bURjSEVpVVYwQURJcnVGbldTYTMwNHlpVWE1dkJFKzJ0amx1ZEVad3RTK1Mwa1lXMURzVHQ4RDdhUGxncWRwdWsrZjI0SlE3OHhzcWkra1dPVkRCNVJQOCtOOU1zcXl6enhiUG8vQXZUUUU5WGc4N01WcFcxcll3YTlJR0tmVzNMVlRPVFIwWFBZT0lwKy8yNU9zUUZxNy80VzFsclFPUWR1UUs3MzE0ZW9MV1hBejJ4K3FPbngrQi9tTG1iRlB0L3FpWkd5bHkyTk5oSWZHdy9rY2ZTSVBPUEx4WTg3RTlvN1JjUGVJQnJ1NUNoTnplTk9ObTBOaDdudGxJS0Y5R3ZqMTlaUlY3RXpCNU9CME8wU0V4bDhxVkpPUlM1UDBaNENDSGpZcWdkci81TVdsV0taVGJCa2RrSjhZc1lZYmVpaWRDRVNpTnJRYlFBa1h0MDluNmN6SWt1d3FlTkRNa1hLTW1VczlCVGNRN3ExTC9KTUowY0dkZ3ZQZmp3VFBHYlVRMldOZS9nOEJpQVk2OWVsZ0c3YjdBbC9GcC9lb0QwUGVlMy85MldnNzlxOGI2MzFJbTcwYWpMM2treEJuWFFVdFR5YnRWblF4b1hRU2FwMUFtNnM1NXM0Q3grV3Z4QWRKUXlVVWdhYmg2TG9TdTRFTVE1cXBCZmhjNFdLSnFHaS9wTktXaUdUUG8yWEVSa3FYWlYwMG9mZllzWExKNUlrdjZKTU16U3U2QnNINXZiRnpaQWRhTWlVWWhCdXFnVjNUYzZYNk1Jc0FJQ1gwV0E5eURrTEFhRE5WaHNJYk5aeHIrMmhKc2FkMnJFV09jY0M2aDlZbjV3Y3BXWTlheXdmN0hjd0lnRG9VblplWlRzV00xU3lFQWRzaWNTLytoa2xwOEx2V1FsZVdDYk9uZnpCOFZaUkNQakk5aXZFZGRwK2N3QTRPWXk5UUhhSjU5NW9Sdll1M2l6dlBMZVhMUmhhTUdOSkhvdk5LbFNEbHdQKzNBWUEzUmhXSTlITGV1cE5WdmxidDJsbEowSmZWVHlaM2dYQm04QjhlcXpabGprUkxGTytjZlNVY3hDbUtCL2pJMHJBQ2FuclN3azBPZWEyeng0TXpGU2JWWWVUQTRQQTFjSHo3NmxSK2QwcHdmNjdGTWdNNUpzcHFpVWsxNmYvQmxYM3BralBsZzZnalFwV0phQ3p0WFZvR3dtMHRLTDFBdjl2SFJ2MmVFVEQvUUhZMG5Md1lVTHgvQ0dselNMMzh4Z01mSVFSOHo1dUZHbmNJQ1pOUFpzNXIrR28xRjQvT0ZrK0ZyVnY2ckNsTWt4UEVJZk1JYVhFdXFBbFZyUlMwUWtUd1Z2Ti9tVmMzK2ora1ZOT1c5eVFaaHdpU3RTOUNSdEhSaFpKaUdjcHNFUmREWHkyTjZaMjBCcGZYaVNNeWFuSzVWV1lXZVIvV2JkVGVFV1JSNmtWVUVyNEFkU0dnekEvbUFVdGorUjNwSTI2b2k2VWZ1LzRRempLVGF2MmxZVjc2b01rVmVxLzRvTzhEYWhCWnd2aDYxVW9BUFcyWlF4UCtPYXB3QVlhTERrbjB4MnBWZTlTQk0xL1VOMHIwUzV5cDBFUU5va1pNTkw4cC9jTVQvRWxXWSt3VFJpc0FkZTJmUnk2c2dzaEZwdFZzdlNsWjdYZm1QQjcrNC9kcjhWZlJJUkNsRGd3d0YrakY2ZExEdnE5aytXMWtxQXJYdHFIcUFSS0kzSytCN01ITkV0Kyt1VEROSThIaEJmaEZac2loNUluRmNnckxvUEZxMldHamgyb2VoOWhSNWhJd1Bkbm1TZUtJNnc2S2cyd1p2NzBUUDBSdDVyTFRXSUNqVXZRY3hjSys5TU56bG5wN0YwWW5Nby93NTN6bnpvNkUyY3BFOFJIUFh6b3hFUG1XVzR5SU9hR1dsRVQ4Sno4RXRtMWNhQU1uWklxOUpMOGE0UlA5NDJVU3MyZ1JDQXk0M2hyRGw5UjhRaFdnOXhNdExnaHFwZ3RnZWRpWmNxRmMyZWJpK2dxMGFxNVNHVzJXUTEyeDN6SmJ3TTF0VkxlWmtUbkl3RG9BREJrYTRsZkYxVHNjOTU1dlVFbzhGMEdWMHZVSzg2akVXTis1czl1cTFydW1qSFEwdmZmTzRwbHVaQUtHb0g4eXNJZ3dpbWwybUNKVzJYaE8zSWNNWXJ4M2ZWcW5Ka05jOWNiTjhpd01VUnoySEdKSFA4bmtDdGpQaG1VdkczRlJQdW4yZnpyU1dUR29qQ1lBbDMzVk13dC8vSHowQWRzYXovUmxqSDh1bVMrRWJBOVdBb0VNUjdNYWxoaXZRaWNrRHlRck4wNzV4K1dJVm52VjlUKzBMNzN2TW1SbzUzWkNjZTJLdmhUMmpkZTFWbzQzZ2c2NnJsNWFiMVhJY3JmNHRZcUk1WXNISU93WStCbXQyRmtPamtJcGVLT1ZyYzRhVHp6SDhVN2ZnejF6MDduK0hLOEc4cTEzOUFOdGpucWJDbGR6dE84SEFZQkoweG9oSXVsMTYxMnhCR2F1M1NTd1NzQ01nK1lia0dmNVVEdmFJNW5qUDY1UzYreE1LelovSENvanBtMnNBUGY1R0g2bU53dWp0RTRzS3lGRXMvelFYYnVwS1Q3RVRCcUw4c1doMVErTDBLUzZwOFZqSWQ2T0U5eVZaVk1pY1hjYW40NmIvM0IxdGVMRWFudmZZcU9zZUttMVNXOWxPOGk2bitvOE55OEJGYnk3RnRmTy9LUEhwNXlYaEZhL05iL0RTaDFxeFdWMW94bzwveGVuYzpDaXBoZXJWYWx1ZT4KICAgPC94ZW5jOkNpcGhlckRhdGE+CjwveGVuYzpFbmNyeXB0ZWREYXRhPjwvc2FtbDpFbmNyeXB0ZWRBc3NlcnRpb24+PC9zYW1scDpSZXNwb25zZT4=python3-saml-1.12.0/tests/data/responses/signed_message_response.xml.base64000066400000000000000000000144311410551756100267350ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJwZnhjM2QyYjU0Mi0wZjdlLTg3NjctOGU4Ny01YjBkYzY5MTMzNzUiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTAzLTIxVDEzOjQxOjA5WiIgRGVzdGluYXRpb249Imh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvbmV3b25lbG9naW4vZGVtbzEvaW5kZXgucGhwP2FjcyIgSW5SZXNwb25zZVRvPSJPTkVMT0dJTl81ZDllMzE5YzFiOGE2N2RhNDgyMjc5NjRjMjhkMjgwZTc4NjBmODA0Ij48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9zaW1wbGVzYW1sL3NhbWwyL2lkcC9tZXRhZGF0YS5waHA8L3NhbWw6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgogIDxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+CiAgICA8ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3JzYS1zaGExIi8+CiAgPGRzOlJlZmVyZW5jZSBVUkk9IiNwZnhjM2QyYjU0Mi0wZjdlLTg3NjctOGU4Ny01YjBkYzY5MTMzNzUiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+PGRzOkRpZ2VzdFZhbHVlPjFkUUZpWVUwbzJPRjdjL1JWVjhHcGdiNHUzST08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU+d1JnQlhPcS9GaUxaYzJtdXJlVEMvajZ6WTcwOU9pa0o1SGVVU3J1SFRkWWpFZzlhWnkxUmJ4bEtJWUVJZlhwblg3TkJvS3hmQU1tK08wZnNycU9qZ2NZeFRWa3Faak9yNzFxaVhOYnR3amVBa2RZU3BrNWJyc0FjbmZjUGR2OFFSZVlyM0Q3dDVaVkNnWXV2WFErZE5FTEtlYWc3ZTFBU096VnFPZHA1WjlZPTwvZHM6U2lnbmF0dXJlVmFsdWU+CjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUNnVENDQWVvQ0NRQ2JPbHJXRGRYN0ZUQU5CZ2txaGtpRzl3MEJBUVVGQURDQmhERUxNQWtHQTFVRUJoTUNUazh4R0RBV0JnTlZCQWdURDBGdVpISmxZWE1nVTI5c1ltVnlaekVNTUFvR0ExVUVCeE1EUm05dk1SQXdEZ1lEVlFRS0V3ZFZUa2xPUlZSVU1SZ3dGZ1lEVlFRREV3OW1aV2xrWlM1bGNteGhibWN1Ym04eElUQWZCZ2txaGtpRzl3MEJDUUVXRW1GdVpISmxZWE5BZFc1cGJtVjBkQzV1YnpBZUZ3MHdOekEyTVRVeE1qQXhNelZhRncwd056QTRNVFF4TWpBeE16VmFNSUdFTVFzd0NRWURWUVFHRXdKT1R6RVlNQllHQTFVRUNCTVBRVzVrY21WaGN5QlRiMnhpWlhKbk1Rd3dDZ1lEVlFRSEV3TkdiMjh4RURBT0JnTlZCQW9UQjFWT1NVNUZWRlF4R0RBV0JnTlZCQU1URDJabGFXUmxMbVZ5YkdGdVp5NXViekVoTUI4R0NTcUdTSWIzRFFFSkFSWVNZVzVrY21WaGMwQjFibWx1WlhSMExtNXZNSUdmTUEwR0NTcUdTSWIzRFFFQkFRVUFBNEdOQURDQmlRS0JnUURpdmJoUjdQNTE2eC9TM0JxS3h1cFFlMExPTm9saXVwaUJPZXNDTzNTSGJEcmwzK3E5SWJmbmZtRTA0ck51TWNQc0l4QjE2MVRkRHBJZXNMQ243YzhhUEhJU0tPdFBsQWVUWlNuYjhRQXU3YVJqWnEzK1BiclA1dVczVGNmQ0dQdEtUeXRIT2dlL09sSmJvMDc4ZFZoWFExNGQxRUR3WEpXMXJSWHVVdDRDOFFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQlFVQUE0R0JBQ0RWZnA4NkhPYnFZK2U4QlVvV1E5K1ZNUXgxQVNEb2hCandPc2cyV3lrVXFSWEYrZExmY1VIOWRXUjYzQ3RaSUtGRGJTdE5vbVBuUXo3bmJLK29ueWd3QnNwVkVibkh1VWloWnEzWlVkbXVtUXFDdzRVdnMvMVV2cTNvck9vL1dKVmhUeXZMZ0ZWSzJRYXJRNC82N09aZkhkN1IrUE9CWGhvcGhTTXYxWk9vPC9kczpYNTA5Q2VydGlmaWNhdGU+PC9kczpYNTA5RGF0YT48L2RzOktleUluZm8+PC9kczpTaWduYXR1cmU+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+PHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9Il9jY2NkNjAyNDExNjY0MWZlNDhlMGFlMmM1MTIyMGQwMjc1NWY5NmM5OGQiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTAzLTIxVDEzOjQxOjA5WiI+PHNhbWw6SXNzdWVyPmh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvc2ltcGxlc2FtbC9zYW1sMi9pZHAvbWV0YWRhdGEucGhwPC9zYW1sOklzc3Vlcj48c2FtbDpTdWJqZWN0PjxzYW1sOk5hbWVJRCBTUE5hbWVRdWFsaWZpZXI9Imh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvbmV3b25lbG9naW4vZGVtbzEvbWV0YWRhdGEucGhwIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OnRyYW5zaWVudCI+X2I5OGY5OGJiMWFiNTEyY2VkNjUzYjU4YmFhZmY1NDM0NDhkYWVkNTM1ZDwvc2FtbDpOYW1lSUQ+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAyMy0wOS0yMlQxOTowMTowOVoiIFJlY2lwaWVudD0iaHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9pbmRleC5waHA/YWNzIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOXzVkOWUzMTljMWI4YTY3ZGE0ODIyNzk2NGMyOGQyODBlNzg2MGY4MDQiLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWw6U3ViamVjdD48c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxNC0wMy0yMVQxMzo0MDozOVoiIE5vdE9uT3JBZnRlcj0iMjAyMy0wOS0yMlQxOTowMTowOVoiPjxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PHNhbWw6QXVkaWVuY2U+aHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9tZXRhZGF0YS5waHA8L3NhbWw6QXVkaWVuY2U+PC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PC9zYW1sOkNvbmRpdGlvbnM+PHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDE0LTAzLTIxVDEzOjQxOjA5WiIgU2Vzc2lvbk5vdE9uT3JBZnRlcj0iMjAxNC0wMy0yMVQyMTo0MTowOVoiIFNlc3Npb25JbmRleD0iXzlmZTBjOGRjZDMzMDJlNzM2NGZjYWIyMmE1Mjc0OGViZjIyMjRkZjBhYSI+PHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDpBdXRobkNvbnRleHQ+PC9zYW1sOkF1dGhuU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGUgTmFtZT0idWlkIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj50ZXN0PC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Im1haWwiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPnRlc3RAZXhhbXBsZS5jb208L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0iY24iIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPnRlc3Q8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0ic24iIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPndhYTI8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0iZWR1UGVyc29uQWZmaWxpYXRpb24iIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPnVzZXI8L3NhbWw6QXR0cmlidXRlVmFsdWU+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+YWRtaW48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24+PC9zYW1scDpSZXNwb25zZT4= python3-saml-1.12.0/tests/data/responses/signed_message_response2.xml.base64000066400000000000000000000245551410551756100270270ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJfNjRmYzM3ZjY0OWQ2M2YxZjkyMzg0NTMyNDQ3NTgwMmFjMGZjMjQ1MzBiIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxNC0wOS0yM1QxMjozOToyN1oiIERlc3RpbmF0aW9uPSJodHRwOi8vcHl0b29sa2l0LmNvbTo4MDAwLz9hY3MiIEluUmVzcG9uc2VUbz0iT05FTE9HSU5fZTQwYjUwMTM4MDA2YTgzZjc4ODQwYzRiYjQ1MjY3MDQ5NDhkNmRjZCI+PHNhbWw6SXNzdWVyPmh0dHBzOi8vaWRwLmV4YW1wbGUuY29tL3NpbXBsZXNhbWwvc2FtbDIvaWRwL21ldGFkYXRhLnBocDwvc2FtbDpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+CiAgPGRzOlNpZ25lZEluZm8+PGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KICAgIDxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4KICA8ZHM6UmVmZXJlbmNlIFVSST0iI182NGZjMzdmNjQ5ZDYzZjFmOTIzODQ1MzI0NDc1ODAyYWMwZmMyNDUzMGIiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+PGRzOkRpZ2VzdFZhbHVlPmZGZ1hlbE8zdTBSU01vLzNFWkplNXhaNk5Fcz08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU+cDFsNVdETFlNNlQxa0plZDJJaE40Z0ZKRFhWeDdWaWlkM3N0Y3VKNHdJRXVRb2R4UXppcDhvNjZzcWJ3RW1haHhKbUx5NWxSUmE4UzBtMmRKZXB6NWVUTkZsdCtCbU94YUNlbVhPbTFzcFR6OFRTeEw4UmJRMUZPczJlaG4rN3E2a0F1S0wzY09yaUFuMHRxVzFEMzQzZDBicTdkTkJsYlhlNk9UUnFaTCtZPTwvZHM6U2lnbmF0dXJlVmFsdWU+CjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUNiRENDQWRXZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRMEZBREJUTVFzd0NRWURWUVFHRXdKMWN6RVRNQkVHQTFVRUNBd0tRMkZzYVdadmNtNXBZVEVWTUJNR0ExVUVDZ3dNVDI1bGJHOW5hVzRnU1c1ak1SZ3dGZ1lEVlFRRERBOXBaSEF1WlhoaGJYQnNaUzVqYjIwd0hoY05NVFF3T1RJek1USXlOREE0V2hjTk5ESXdNakE0TVRJeU5EQTRXakJUTVFzd0NRWURWUVFHRXdKMWN6RVRNQkVHQTFVRUNBd0tRMkZzYVdadmNtNXBZVEVWTUJNR0ExVUVDZ3dNVDI1bGJHOW5hVzRnU1c1ak1SZ3dGZ1lEVlFRRERBOXBaSEF1WlhoaGJYQnNaUzVqYjIwd2daOHdEUVlKS29aSWh2Y05BUUVCQlFBRGdZMEFNSUdKQW9HQkFPV0ErWUhVN2N2UE9yQk9meENzY3NZVEpCK2tIM01hQTlCRnJTSEZTK0tjUjZjdzdvUFNrdElKeFVndkRwUWJ0Zk5jT2tFL3R1T1BCRG9lY2g3QVhmdkg2ZDdCdzd4dFc4UFBKMm1CNUhuL0hHVzJyb1loeG1maDN0UjVTZHdONmk0RVJWRjhlTGt2d0NIc05ReUsyUmVmMERBSnZwQk5aTUhDcFMyNDkxNi9BZ01CQUFHalVEQk9NQjBHQTFVZERnUVdCQlE3Ny9xVmVpaWdmaFlESVRwbENOdEpLWlRNOERBZkJnTlZIU01FR0RBV2dCUTc3L3FWZWlpZ2ZoWURJVHBsQ050SktaVE04REFNQmdOVkhSTUVCVEFEQVFIL01BMEdDU3FHU0liM0RRRUJEUVVBQTRHQkFKTzJqLzF1TzgwRTVDMlBNNkZrOW16ZXJyYmt4bDdBWi9tdmxiT24rc05aRStWWjFBbnRZdUc4ZWtiSnBKdEcxWWZSZmM3RUE5bUV0cXZ2NGRodjd6Qnk0bks0OU9SK0twSUJqSXRXQjVrWXZycU1MS0JhMzJzTWJncXFVcWVGMUVOWEtqcHZMU3VQZGZHSlpBM2ROYS8rRHliOEdHcVdlNzA3ekx5YzVGOG08L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48L2RzOlNpZ25hdHVyZT48c2FtbHA6U3RhdHVzPjxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz48L3NhbWxwOlN0YXR1cz48c2FtbDpFbmNyeXB0ZWRBc3NlcnRpb24+PHhlbmM6RW5jcnlwdGVkRGF0YSB4bWxuczp4ZW5jPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyMiIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIFR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI0VsZW1lbnQiPjx4ZW5jOkVuY3J5cHRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNhZXMxMjgtY2JjIi8+PGRzaWc6S2V5SW5mbyB4bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48eGVuYzpFbmNyeXB0ZWRLZXk+PHhlbmM6RW5jcnlwdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3JzYS1vYWVwLW1nZjFwIi8+PHhlbmM6Q2lwaGVyRGF0YT48eGVuYzpDaXBoZXJWYWx1ZT5CK1pRQ2x2dFdMZTdGelZvQlNFZWcrZDllZ2Y0Ly9YMnRSSnlkWXMzbzF2OXY1YnE0dVB6Wng5U1I5aXl1OURmMm1CYS9JWlBUR0JZQ2loL1ZrUXZpejVHajZSZEYyV2hSRTVmLzkreFhsa1hRVU1qU0tReHhzblAzSUNOb25POGZlS216aWZHKzVnS3Fab0w2aUNzMkNNR3BJaURLTGFXdkxDWW13ZXZVb3c9PC94ZW5jOkNpcGhlclZhbHVlPjwveGVuYzpDaXBoZXJEYXRhPjwveGVuYzpFbmNyeXB0ZWRLZXk+PC9kc2lnOktleUluZm8+CiAgIDx4ZW5jOkNpcGhlckRhdGE+CiAgICAgIDx4ZW5jOkNpcGhlclZhbHVlPlBOUjNKd3VER0VxQjExb0tqVmJwQzJ5SDJTVXFvR3Zoa2NPNTAzeVVDK3g0M1NUdWlxWGpqVmFSeVV4cFI3eXFBQ2V5bWNSK0NLSVVXTzRVckFGd0RxSUlSY1Raa0FSeVJGVkl0M3ByUk9TVFRzZXNiMkdmTFA2Uk1JMGp1eUN4SmZKemx0SThTL01HSkhZaWRldlRiV1ErU254NlFTakE3SFJZdW1pWXpNUWZwMUp3SWU2cHdldGZxUDcxWVUvTUlWWnFEQzJLSU4xeWxUVnVrbzlvSHlGa25ERURqRlN0ZDRWQUZFQ0dJbnc4TUhnQkNFcGdZMFMrMzNPblRya1Q4QVFOWGdoVWxTajl3V2JQYXRnVExMb0swVG0xNEVKcC9WcGJyWWJkTUo0U2t5cGgxc2pDTXgzMGQ0U0I3a0JaQ3pEclhSRUFRbFRtVjJ3OVpuVFBnOXVDR1FKNDNvWUk0U2VGZENOd1llWFlhZ3l4dmRrbSt4NVNyc1BsNWg2Zm9QRWFLczBwMEFycndvNzNoaEJ6cU94TGk3a3JkRjNZVVEwMldtY0ZYOWlCZDRXWEdLSCtIYzFtbUtmSEZEekRqSWRUYVozVEhhRDVROCtLY2dndURrT0x6bXhwVnVJVkE3anVEWENKVXNBSGxLblVHSloreDFzZ1lKcTdGUFRjUjd2U1VIMG5BRHhMdHBCbmc2MXpXS3dNREFRcmw2azlodmREM2dkRXFGTzdFSFRDbTBJU0Y2K0hTODVHd2lDLzJwcDhqYlpEUFJLWndHZkZ1UlBnVmpMSTNHd1I0MDNHTThHMUZFWUsvb2RPVHZPWGd5aTNUQzRYc3VMVW1XWk9OVk54TEU2TlZ3cnRoeHZKMmtkY0VxUTVYSmhhME85MVRlU2dHV1U3MFZRc1VjdjZyakdRNitRV2F1cmxOVnltSk02YURIeEZLOHIxR2R2QU5VaTl5YzAzVHl2WmVtTGZpbGlQYmJ4WU0zV2FDUHRtZFA0bE55d0dya2djeEZDb2M4MWpNNnFDTHJRQ0dGenVRRGhhOUN5aUZIRFVHQWI3ekRMamRDQjFqR0NJTndXWHJyeWorWUdEeHhvYWZ2cFJvMGxZNFhDU3QxVkxyNlM3RU52bmxMdklESDZXNnR3ZE1jN2I2QkluVGRxQzdIT1I2NitLQVFKY2FVbDZWaHZzSEJmaitNeDdoTW5EenVGbWYzQjN6V05FcytyTjFnRDNSQTEwdWh3SGZpcjVBTVZCdFpuUk1xYlNEVGlpKzgwckVBWVplSlc3a2puYmhUbk9pZVZhMGErL0lkaFo3cDNSTEplcjZiUFhHdUgyS3VZT1hsU0srMHlZWUd0TXUvMjNSNVpEMi9PUmNJc3FvWENyREN4TnZmbzFpMkRKZmhvUStwTU9rK2doeGFwQjNnVTFEaW5FNzZnYUU4U2Z3QSsyc2lsbEdGVDFIU0FOQjlvS3pMV0JRR0lpSlZQTklQM2h5akhZUHgva0ZibU1QaFEvRVF2cjZMSEdKNUN1ZTJmUkZNRDdobTVTYlhTOFJST0wvYjh2Y3RqNTNhbG1IR3VJWVRveFBzcVd1aTdCQWpjZ1o2RnY2V2hKbkhkSW9DRWQxV0RCVTFSTm5yNVBPSW5QM2JZbXdXbEppeVNjYVFBZ1QxMHNRUkd5aTZ3UmJqdHFheUxUMlNJTGNteTBlYytjVWtvOU5KY0xXOVRQTEY0R3ZncFV0dEdoUlFHbEdINC9DVWNjRTF1d2pQR1htY05nN1QrZGNPK2U5eWQwYnlLWko0dHVPRy94ZzN5SFRzU3FSTFhxcXM3aU50cDAzZEJsVmdiNEJJM0hCMUFiNWsyMEN3MGluVTlMc3MveXZuS0hzVnJmY2poNlBIeUo3a3YyYnJjTXhhSjJhNHpSRDR3TmR5M0ptQk1icW94NU9namtoOXJ4Yy9mZFhuK2kxTXV5Yy9YcFgrS2p3M3o3aFdHMnNQOC9lUlNiLzlnWGVBdEJnRDkzZkNWTEtEWnQwOUh6WWhzN1ovaGc4YVBwOXNIR1hMcTI1c2JxdzdmQm5Kc2JDOU00Q0JUZW0vYUpLSktnd28rS3VtZlhERlI0SllzVlQrZGpFem1tTE8ya3I5R0pGNE9KaXF1aUZWV3pFZTA0YzA0NmJ1UGlSTlN2dzVkRGo3dmJwZzJaQ3MxalF0YTNzK0VKaEU0dDBFSFZBNzlYbXMrSnU2QURCTUtBY1ZDL1ZuS2FKdmJndVNva3NPcGExRHRmUE4rUy9pYytueVpNaEF1K1FZakdtTVJocFhSY3BlUXB5WUgyNmVTeWlmOEd2VkhJMkZhbUF3SXd6aHRnbDVkZkVlL1lzbHFBdjVNUHZFaXB2TzdlbUZpSmFpL0hrZ2VkbThpT3FPOENySldZcjFvanlvbDlnM013Tmo4Mm0rMTJ2Y3hoTU5pRFV2N3JTcENNZ2p0dVNIMXYrWkFTNjcwdVRiSlJEdEx3SU13NTU3SHBBTkx4VGNXaUZuRzdjZ05vaGsvOE05bVpwQTREVVdCZG0rNld2MTBTdGwxT21xVURIMkRCTnl6a0V0MjBXTFUxZEhpWUVWOTNEV29oK1J2WDRJcHhuaFBadk1rSWRTaUhDNnk3MnRGU1IrdlhzdWVJTmFBYWZLeWIrR1ZpR0tISXdUclAxZklqcXZaMlgvUzFYSkZSNHZoVHNITUJKTXA5dzNNZmxwMVlnd2xkWExOUTkvMzJhWXgwWks0WWJCL014bDJubUErNTRzT3BOZ0l3Sm5oZUVyajZJVXA1OU16NWM1d2lQOUZPd09MbXFtNG1ZaFZ0VTZWK1d5TzJ3QVNNK2tDKzNQUnltSlo3eEMzUXYzc0dhbktrQkptZEhja211ZkI0L0R1OVZ5MURlOUR3SmN2VXZ5b3paZnUxZGJUZWhOY0dXNjV4L0dubjNMb3JETGpsdDBTVnhFeEIzK29EK2djTjVSQ3JvM3VKTEtXQlppSCtSbG93allaZWxpakpadmZRb1JjQ29SbjF1ZWw0R0l3ZFViTlR3Z3RHYW45Sk9VdlJTK0dhcmFXck9LNURjTEQydlZaVmkyUUF1Q1dza2ZzQVBFV090ZHhrOWFOM2tDbGZsbWtyVjRIK1VGbHoyamZsNkxWNmVRTUdOQkxNVEZJNDEzZ0EwakNPQklRamtyMzVXcHpCdWw1RFN5ZHBvckxhdXFET1Nqa0lyWnZKMVdLZVRXWW1WSG5uMW5vMW02Yi8wYllLYW1ta3RIZ0swaGdkZzltcXFvTEUyT3VpaEJvbDJwS1VHMGJPak0ydDBKOEJjb2kxTzErRlFUVVNVeGJuMmwrVXpLb1RvQkxjNllnSFZrcUNHOTZxbU8yVkpjZVY0RW9RMHEwaEVDQTl3RUJHUWsrTGZpOUprVVNYdjRZZHZ0MEhvZHpRcGsrODUzSEdoVmhqRFFVYVh2SmQ4OEZROENuZzFXVS9XdTZycTJlOFBDRG92VFM2bStKN0tsY3BoanE4akU0Um1ySU1CcVF1bGl4NFNHZStOK2NFTmxjY0JrNlpHUEJSUTAyc1BCTXVFS04yWG5hL1BhbUcxTUhsN0w4cEthNU9BSWhYcHNFQXJUTHMvUnQ4aloyVnFHZndoVEJxVTJaL1g0d21zZzRUTllLQklJMExMVmJHYVZmQkZsOVNqcmJqMk12cmJJZlNtMERBeUUyTVc0Z2NuL1hzRFJ3ekI2T0hhdFh1YVZ5MENJb3ZvWGFuMHJadlRlTkF1WmNKUnE4ZGdGT0N3a1lqMXlONE1lZW00anRodFJ3d1VxK1ZLeW94YS92RStGTExieE5OakJnNyt5eW80R1BKcHE2d29ubFI0NUQ5ZU1uUUNXWjRBYSsrUmpRQWNsWjV0RWFEV1BMVlNoYWJxOVFxSjRHQnZxeCtDMTlDdExUaHpTOFZ0YlpvcHhkcytKRzdqOVdZOVNIY09MMys4T2k3YnJuZm5ySlp4VVV4NDFMS0ZORzdlT293eDR4L0w2Nm9UUm1iUHY5YUMrdm9hVmFCbm5EUjM5ZWhxMDZHeVNaQ29oQk9zN2JtMlQvdk0vZ1ViMVZpWTZURTg2Q2pZb3AxL1VnYnQwUXptNzNBRENEODZtVldReHhzMFkyeGFnTDlQWlQzTFhHdWFsRUlJZmxLUFV1QjViV0lmNG1ETmxtVEZHN1hTUmNCUHB0ekRhaUoweHU0Ym01aHJLZHViVlk1VU55N2FXRGpjRkJCSDRFRVFqd3B3QkcvUlNwMFlFRHEzeDNDVG8zbGZvYi9iaER3dUF4WVo4eFZGdk9OZkNLM216ZWtBRGlNQlBwVnJVNU9FUGl3c0V4alVyY21pUWNxdG1UOWdsamJ3bTF3ZEM2VFpxV1Y1ZjVFMEdMUGpGcWVERHJqV0xSeWZHODdPNEFkcHBSbTZqUC9MODR5WEE5N2Z2aGhCSkNvUVhGZTFiZi9na0gxSkZQcS9Lb0wxYUFYWUJiNE16OW8yN1VZM0NjdTlucTBNak94cG90MGNoWjJvalZObkpNQTE2Vjh5RlFJQkJnSzVRK1llWDNPak9BWEpDVEhDZDFqUEZEUmt6SHFuMWNMdFpyaFhiUlRjM0Y5MFlWekY2akZkdUZlU2tkTTJxRW90K0xvajhBQjBvTkNvb1dzVm4xTmltNzl6MTVEd2xuWVBrcmh0TzBWRzJvN3p0bDN2VmZZSFpMWWlqeS91QzI0YVVyWDJ0LzBUTzcvRlIwZTQ5UXQ5QzBRVWRYckFwSjRGc0l3TDBFUDJCeGJMU2F0WTNVZ3VLK1IzaXFGOEVUak45UmVacXBzcDcrcmFHMXdzb004YUdiVS9ZNkVhOEttcXlOUEpNNkV6ZC96VXd6N09FbWp5Z0ZDUTlmemdjTkxuTU5VYkJWVjRmVnlGbzVtU0hHaC9KMUswNkd1UHBhSTYxMGRubFY1aTNRcHk1bVFTNzZ5Ukp1SDVFaXl4b0k0d1ZmdFFGMnRFQ0R6bXNlbUJ2eXhnQlJFbEx0TnM5QUJGUXN2UTVidGRFOUh2MDBpaHdVWno3bmJjVVN1VlJhR1E3emtDSWxrQU5NVFd4aHQ1V0JwU1lURXhhV1Btc21leC9zaFZ5bjNHWEtMbWppb2NSUHFrajNVVG5PbkNIQ282eFBmaGp4TitEUHRLR3YwMXU0alNIWU9LVGtnSzVvSVRLbUIyeW84dkc3dDRmVlFRVTA5bDZQYXV5OG5yS1BRUjZTdGF0ZnlqRklneFhHMENCY3pTcWVCV1QxZkU5dHdUNmZjZ0s0aXIwbWhGejFKRENSSkdlY083UTJDVUJDVDN6TkxtTjRSSTVIblJ5T0V1bFlrdXQ1SmdTMjZ0Nnl5UnpLSHdidGE5aXdVdjdIZnN4NVJxbXVpME9EY3BFQ2JiNUQ2dkQ3YTNWU21DWFJSQ0ozZXZDTCt1cGlZQ2wxZXFMdzBtNStrU1dtMndXNkg2Qi8yYkVOZDVLTjNYd1pHSTB1MXZzNVozd2hOY3ArZWc2NXpFcXlQM1RCS2xtMDRlc2tVZVBWWHlaQVozQVRsV1EzZ3dtRTBkeGJqQmNVMXRYcGRyWDhIU3lhMDI0TUYwSjRwSlhtYnJwSmZzdmRIOEZOWGNpVzd4NjUvOGp4R2FmbzVaVVJ6NTVpbUo4WTF3U1RWa0ZBQ3d6SE5BWHRMbFdVRWtBcGxGUmRwTUFWVW02YWdGSi8xWU10V25aYW5OMlQxcjhGZXdnaW85czJNS1QzTVFoYlRXZDJKekg3QkhmL0xadlBRZjB3dVFxcG5RajJ1MzZ4dXV3KzFjMEgwMXJkdHZSaThwY21TaVJlRVBsdVpRc1VyZVZTc3JBbk1wWUdlNHBwR24yZE1UcFVGSDlZLzZIZG0zQUNUc1hvZDdjKy83bVNDeUp3MHJ1UkRRQkFQdUc1ZVE0RTA1R0dlY3UvR0JDK2lkbzNuNXpZYStNUmlNS0ZQV1FIK3F5VVhJRkc1Zm5HMWtJSjBUK0pxc3ErOUJ0T1V0TGZVWmQwQmNrYmVRWUtzV0RNTTl1OXI5cXJYYUhzRkxEOXJNdDFHTm1MNm5iZzBMeWpYdmM2MHNLOEFkUXlNcUpiQ2drN2M5UzdVWEZEYVBvays0eGtDU2tydGx0MkoyaGZuLzhjUDJMa2FNazZYQk1lRkp3TnJVblZtMFFyMkYzK0hGVVVMSkRETW9PajU0TkE0WkYwZ044NDFqajNyNmZkRy96NVdrL2lGWURoa3pnTHlqZE5RWEM0bVdhMlFKNkkvbnB5RlhkWG1RSHI0UGNLZlJSbHBHOVpjS2tDZE5MTHN3YmRuU0pwNkZCSTlmVktFWWFrdS9pbmw2V2pMRU5Cd3hCMD08L3hlbmM6Q2lwaGVyVmFsdWU+CiAgIDwveGVuYzpDaXBoZXJEYXRhPgo8L3hlbmM6RW5jcnlwdGVkRGF0YT48L3NhbWw6RW5jcnlwdGVkQXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+ python3-saml-1.12.0/tests/data/responses/simple_saml_php.xml000066400000000000000000000101131410551756100241240ustar00rootroot00000000000000 https://federate.example.net/saml/saml2/idp/metadata.php dVJ592k5xPjCHBCMiJ8eZkPUiT8= LHNK1FJfcOIUuWVKJmGABQ+W98+pQ== MIIQmS6WmmIht3k= https://federate.example.net/saml/saml2/idp/metadata.php mi0IAultZkpsZa1XxGx9X4iAPQg= LqkW39SOYbttYxlGhIBw== MIIGmmIht3k= someone@example.com hello.com urn:oasis:names:tc:SAML:2.0:ac:classes:Password someone@example.com python3-saml-1.12.0/tests/data/responses/unsigned_assertion.xml.base64000066400000000000000000000041151410551756100257430ustar00rootroot00000000000000PHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9InBmeDc4NDE5OTFjLWM3M2YtNDAzNS1lMmVlLWMxNzBjMGUxZDNlNCIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIj4NCjxzYW1sOklzc3Vlcj5odHRwczovL2ZlZGVyYXRlLmV4YW1wbGUubmV0L3NhbWwvc2FtbDIvaWRwL21ldGFkYXRhLnBocDwvc2FtbDpJc3N1ZXI+ICAgIA0KPHNhbWw6U3ViamVjdD4NCiAgPHNhbWw6TmFtZUlEIFNQTmFtZVF1YWxpZmllcj0iaGVsbG8uY29tIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+c29tZW9uZUBleGFtcGxlLmNvbTwvc2FtbDpOYW1lSUQ+DQogIDxzYW1sOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj4NCiAgICA8c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBOb3RPbk9yQWZ0ZXI9IjIwMTEtMDYtMTdUMTQ6NTk6MTRaIiBSZWNpcGllbnQ9Imh0dHBzOi8vZXhhbXBsZS5oZWxsby5jb20vYWNjZXNzL3NhbWwiIEluUmVzcG9uc2VUbz0iXzU3YmNiZjcwLTdiMWYtMDEyZS1jODIxLTc4MmJjYjEzYmIzOCIvPg0KICA8L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4NCjwvc2FtbDpTdWJqZWN0Pg0KPHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTEtMDYtMTdUMTQ6NTM6NDRaIiBOb3RPbk9yQWZ0ZXI9IjIwMTEtMDYtMTdUMTQ6NTk6MTRaIj4NCiAgPHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj4NCiAgICA8c2FtbDpBdWRpZW5jZT5oZWxsby5jb208L3NhbWw6QXVkaWVuY2U+DQogIDwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KPC9zYW1sOkNvbmRpdGlvbnM+DQo8c2FtbDpBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MDdaIiBTZXNzaW9uTm90T25PckFmdGVyPSIyMDExLTA2LTE3VDIyOjU0OjE0WiIgU2Vzc2lvbkluZGV4PSJfNTFiZTM3OTY1ZmViNTU3OWQ4MDMxNDEwNzY5MzZkYzJlOWQxZDk4ZWJmIj4NCiAgPHNhbWw6QXV0aG5Db250ZXh0Pg0KICAgIDxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPg0KICA8L3NhbWw6QXV0aG5Db250ZXh0Pg0KPC9zYW1sOkF1dGhuU3RhdGVtZW50Pg0KPHNhbWw6QXR0cmlidXRlU3RhdGVtZW50Pg0KICA8c2FtbDpBdHRyaWJ1dGUgTmFtZT0ibWFpbCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+DQogICAgPHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+c29tZW9uZUBleGFtcGxlLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4NCiAgPC9zYW1sOkF0dHJpYnV0ZT4NCjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQo8L3NhbWw6QXNzZXJ0aW9uPg== python3-saml-1.12.0/tests/data/responses/unsigned_response.xml.base64000066400000000000000000000056251410551756100256010ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeGMzMmFlZDY3LTgyMGYtNDI5Ni0wYzIwLTIwNWExMGRkNTc4NyIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIiBEZXN0aW5hdGlvbj0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiIEluUmVzcG9uc2VUbz0iXzU3YmNiZjcwLTdiMWYtMDEyZS1jODIxLTc4MmJjYjEzYmIzOCI+DQogIDxzYW1sOklzc3Vlcj5odHRwOi8vaWRwLmV4YW1wbGUuY29tLzwvc2FtbDpJc3N1ZXI+DQogIDxzYW1scDpTdGF0dXM+DQogICAgPHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPg0KICA8L3NhbWxwOlN0YXR1cz4NCiAgPHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9InBmeDc4NDE5OTFjLWM3M2YtNDAzNS1lMmVlLWMxNzBjMGUxZDNlNCIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIj4NCiAgICA8c2FtbDpJc3N1ZXI+aHR0cDovL2lkcC5leGFtcGxlLmNvbS88L3NhbWw6SXNzdWVyPiAgICANCiAgICA8c2FtbDpTdWJqZWN0Pg0KICAgICAgPHNhbWw6TmFtZUlEIFNQTmFtZVF1YWxpZmllcj0iaGVsbG8uY29tIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+c29tZW9uZUBleGFtcGxlLmNvbTwvc2FtbDpOYW1lSUQ+DQogICAgICA8c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+DQogICAgICAgIDxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjk5OS0wNi0xN1QxNDo1OToxNFoiIFJlY2lwaWVudD0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiIEluUmVzcG9uc2VUbz0iXzU3YmNiZjcwLTdiMWYtMDEyZS1jODIxLTc4MmJjYjEzYmIzOCIvPg0KICAgICAgPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+DQogICAgPC9zYW1sOlN1YmplY3Q+DQogICAgPHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTAtMDYtMTdUMTQ6NTM6NDRaIiBOb3RPbk9yQWZ0ZXI9IjI5OTktMDYtMTdUMTQ6NTk6MTRaIj4NCiAgICAgIDxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+DQogICAgICAgIDxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9zdHVmZi5jb20vZW5kcG9pbnRzL21ldGFkYXRhLnBocDwvc2FtbDpBdWRpZW5jZT4NCiAgICAgIDwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KICAgIDwvc2FtbDpDb25kaXRpb25zPg0KICAgIDxzYW1sOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxMS0wNi0xN1QxNDo1NDowN1oiIFNlc3Npb25Ob3RPbk9yQWZ0ZXI9IjI5OTktMDYtMTdUMjI6NTQ6MTRaIiBTZXNzaW9uSW5kZXg9Il81MWJlMzc5NjVmZWI1NTc5ZDgwMzE0MTA3NjkzNmRjMmU5ZDFkOThlYmYiPg0KICAgICAgPHNhbWw6QXV0aG5Db250ZXh0Pg0KICAgICAgICA8c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZDwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj4NCiAgICAgIDwvc2FtbDpBdXRobkNvbnRleHQ+DQogICAgPC9zYW1sOkF1dGhuU3RhdGVtZW50Pg0KICAgIDxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgICAgIDxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJtYWlsIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj4NCiAgICAgICAgPHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+c29tZW9uZUBleGFtcGxlLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4NCiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+DQogICAgPC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgPC9zYW1sOkFzc2VydGlvbj4NCjwvc2FtbHA6UmVzcG9uc2U+ python3-saml-1.12.0/tests/data/responses/unsigned_response_with_miliseconds.xm.base64000066400000000000000000000056641410551756100310540ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeGMzMmFlZDY3LTgyMGYtNDI5Ni0wYzIwLTIwNWExMGRkNTc4NyIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTQuMTIwWiIgRGVzdGluYXRpb249Imh0dHA6Ly9zdHVmZi5jb20vZW5kcG9pbnRzL2VuZHBvaW50cy9hY3MucGhwIiBJblJlc3BvbnNlVG89Il81N2JjYmY3MC03YjFmLTAxMmUtYzgyMS03ODJiY2IxM2JiMzgiPg0KICA8c2FtbDpJc3N1ZXI+aHR0cDovL2lkcC5leGFtcGxlLmNvbS88L3NhbWw6SXNzdWVyPg0KICA8c2FtbHA6U3RhdHVzPg0KICAgIDxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz4NCiAgPC9zYW1scDpTdGF0dXM+DQogIDxzYW1sOkFzc2VydGlvbiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIElEPSJwZng3ODQxOTkxYy1jNzNmLTQwMzUtZTJlZS1jMTcwYzBlMWQzZTQiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDExLTA2LTE3VDE0OjU0OjE0LjEyMFoiPg0KICAgIDxzYW1sOklzc3Vlcj5odHRwOi8vaWRwLmV4YW1wbGUuY29tLzwvc2FtbDpJc3N1ZXI+ICAgIA0KICAgIDxzYW1sOlN1YmplY3Q+DQogICAgICA8c2FtbDpOYW1lSUQgU1BOYW1lUXVhbGlmaWVyPSJoZWxsby5jb20iIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6ZW1haWxBZGRyZXNzIj5zb21lb25lQGV4YW1wbGUuY29tPC9zYW1sOk5hbWVJRD4NCiAgICAgIDxzYW1sOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj4NCiAgICAgICAgPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDIwLTA2LTE3VDE0OjU5OjE0WiIgUmVjaXBpZW50PSJodHRwOi8vc3R1ZmYuY29tL2VuZHBvaW50cy9lbmRwb2ludHMvYWNzLnBocCIgSW5SZXNwb25zZVRvPSJfNTdiY2JmNzAtN2IxZi0wMTJlLWM4MjEtNzgyYmNiMTNiYjM4Ii8+DQogICAgICA8L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4NCiAgICA8L3NhbWw6U3ViamVjdD4NCiAgICA8c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxMC0wNi0xN1QxNDo1Mzo0NC4xNzNaIiBOb3RPbk9yQWZ0ZXI9IjIwOTktMDYtMTdUMTQ6NTk6MTQuMjM1WiI+DQogICAgICA8c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KICAgICAgICA8c2FtbDpBdWRpZW5jZT5odHRwOi8vc3R1ZmYuY29tL2VuZHBvaW50cy9tZXRhZGF0YS5waHA8L3NhbWw6QXVkaWVuY2U+DQogICAgICA8L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj4NCiAgICA8L3NhbWw6Q29uZGl0aW9ucz4NCiAgICA8c2FtbDpBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MDcuMTIwWiIgU2Vzc2lvbk5vdE9uT3JBZnRlcj0iMjA5OS0wNi0xN1QyMjo1NDoxNC4xMjBaIiBTZXNzaW9uSW5kZXg9Il81MWJlMzc5NjVmZWI1NTc5ZDgwMzE0MTA3NjkzNmRjMmU5ZDFkOThlYmYiPg0KICAgICAgPHNhbWw6QXV0aG5Db250ZXh0Pg0KICAgICAgICA8c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZDwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj4NCiAgICAgIDwvc2FtbDpBdXRobkNvbnRleHQ+DQogICAgPC9zYW1sOkF1dGhuU3RhdGVtZW50Pg0KICAgIDxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgICAgIDxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJtYWlsIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj4NCiAgICAgICAgPHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+c29tZW9uZUBleGFtcGxlLmNvbTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4NCiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+DQogICAgPC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgPC9zYW1sOkFzc2VydGlvbj4NCjwvc2FtbHA6UmVzcG9uc2U+python3-saml-1.12.0/tests/data/responses/valid_encrypted_assertion.xml.base64000066400000000000000000000151411410551756100273040ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiDQogICAgICAgICAgICAgICAgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiINCiAgICAgICAgICAgICAgICBJRD0iXzVmNDY4MjQ5NjA5MDQwYzZhMzUxYWMxYmUwZTlmYzYwNTMzZmYwOWQzZCINCiAgICAgICAgICAgICAgICBWZXJzaW9uPSIyLjAiDQogICAgICAgICAgICAgICAgSXNzdWVJbnN0YW50PSIyMDE0LTAzLTI5VDEyOjAxOjU3WiINCiAgICAgICAgICAgICAgICBEZXN0aW5hdGlvbj0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiDQogICAgICAgICAgICAgICAgSW5SZXNwb25zZVRvPSJPTkVMT0dJTl9iZTYwYjhjYWY4ZTlkMTliN2EzNTUxYjI0NGYxMTZjOTQ3ZmYyNDdkIg0KICAgICAgICAgICAgICAgID4NCiAgICA8c2FtbDpJc3N1ZXI+aHR0cDovL2lkcC5leGFtcGxlLmNvbS88L3NhbWw6SXNzdWVyPg0KICAgIDxzYW1scDpTdGF0dXM+DQogICAgICAgIDxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiIC8+DQogICAgPC9zYW1scDpTdGF0dXM+DQogICAgPHNhbWw6RW5jcnlwdGVkQXNzZXJ0aW9uPg0KICAgICAgICA8eGVuYzpFbmNyeXB0ZWREYXRhIHhtbG5zOnhlbmM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jIyINCiAgICAgICAgICAgICAgICAgICAgICAgICAgICB4bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgIFR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI0VsZW1lbnQiDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgPg0KICAgICAgICAgICAgPHhlbmM6RW5jcnlwdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI2FlczEyOC1jYmMiIC8+DQogICAgICAgICAgICA8ZHNpZzpLZXlJbmZvIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPg0KICAgICAgICAgICAgICAgIDx4ZW5jOkVuY3J5cHRlZEtleT4NCiAgICAgICAgICAgICAgICAgICAgPHhlbmM6RW5jcnlwdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3JzYS0xXzUiIC8+DQogICAgICAgICAgICAgICAgICAgIDx4ZW5jOkNpcGhlckRhdGE+DQogICAgICAgICAgICAgICAgICAgICAgICA8eGVuYzpDaXBoZXJWYWx1ZT5JSDQwY3lrYkMzOUJYNDdLMmtpOC9vMjJXR2svbTRZZm9BVlNaRTBUcWwxZTJBdWxxYXlPWklIREZoL25XRzVSWXpWYzVyVjJZU0lXd2JhUmFrTUl0YTMzSDg2KzhaOCtPTXhPNFpRa3RIV2VUbHEvbFFnUm5TZ2gzZ3EwS3BnaUtBbFVBaTJ4Z1Q3ZEw5THlUWUwwejJrVXVLMzdSUDJnTGJjUEVjeVZXcTQ9PC94ZW5jOkNpcGhlclZhbHVlPg0KICAgICAgICAgICAgICAgICAgICA8L3hlbmM6Q2lwaGVyRGF0YT4NCiAgICAgICAgICAgICAgICA8L3hlbmM6RW5jcnlwdGVkS2V5Pg0KICAgICAgICAgICAgPC9kc2lnOktleUluZm8+DQogICAgICAgICAgICA8eGVuYzpDaXBoZXJEYXRhPg0KICAgICAgICAgICAgICAgIDx4ZW5jOkNpcGhlclZhbHVlPmFJWThnMVhJRVNOM1JhejkwMXA2QUNMaEpMNG4vcWp2Z1VIdG90WHk0enBrUG0wNmZxMnpHVlQvcDU4ejdwRGRtZEdtZy9jUTlWSTZiUGNjc0d5allaTnZwUXRVc042bVcyb2VkbTFXV3JsUUhVOFA0VlJkS0M5STJOQXUzc0doNHEyMDlMcE5scmwyRUI2eWw1eUw3N0ZSU2lCOGtDWGdHaks3SU1sUXo4WU1qWE93Z2tNa3BEVUNuSTlWbVhCTmJUNkp4NDdRU3Y1YThFU081RVdnRkdVc3NPZGtVVTA2a1J5YWRxQkl6eXhFM1NnbTR6Vi82ekdzL0xHYlhjRElkM0tyS3A1NlREOGJlQ1Zhei82VjI0WjJRSjFCbjNwZGJndk5XeS9CeFNuczg2bjRncnAvSUE2aU1NNUVlS3IvRWFlaHp1TU5XRlhqdEhWRWloQ3cxaHpVeHpTZ1ZBVmIxRHE0MktIWm5YNDdMUWRxaDdRVXNWamdBU3hrYisxM0hiRnV4eGVOWkkzdWZkcG1SNmtaNGlRZXdYMk10bnJrYUIyeU1VMytWblYzempvc2lYaCtDbEtZemcvMStCMUMvekw0V3RvUEZBUktwQ2ozd1FvQ3E4QWdFWllndkhMWGFObjAxSTN3QTl3dnlsNklEKzExajBQU1JzTzN6SXl5aE9xaDNlYm1TUk1Ya1Z4a2ZFUVg3MXoyMGtNOHovU2tJUjFSVWxvVzFyajJHaUNvQ0dodUY4YmVxeS9QWFZ4VFIxYUl1OUNvbCsxTUIvZldGNXN4c09lUGNSWjE5S21kVVRPZ3paS2R0MkNjcWo3TTVlVDhCTERRbVRQYWtsRWFuUDVYSFBhSGRGYnFldHBnQk5HMDVYd1A1TWczbDNZSmhqd010WWpGejdqSGw0ZzNpV09jaVVlaXNyS21DT0F3ZUFXT3JMYWNLZzh6QThJRjRyTWY5U2IrOWlvamtRQzBIR2FvUWxHKzZuODBRT0pOQkZ5TGRCSFNzZktacmVmZDdGazZFWjlkMDU5cEw1Yks5Q2IyLzFoUGZJRU1EVkpqSkVpeWh5VHllVllmdEJhcVZWa1AvYzRwdE5TSnN6a0lpdlV2YUExeXVHNktMYzcwanlFRUloTVBKVTN1aEtrSGthRnowQWF6a1ZjbG9wY3J3NWNyYVlSMUYweUpBWnBoWnZ1QXBlMGU5TG1iakcwaGNVRUJrOFFjclNZbXp6elgrc3Q4bFdNRjU1blZybFpsTmVBcmtXMXZER3FBT2RmRnlSSjQ2MnRVT3RYQkNVKy9KSzNPVTZmRjQxR2dONmdaNzJuWU5KMWU4Unl6RWxPdzlqNzdaRkxHK0lKMkZnVk1FWlV0a1RFaUwvYWtoc0RDUUI5Vk1rOTNPSFgvL1lVOTUwZXNGQ3RicTcyejloeFVEKzZ3Um5IUWlnMkU4VXo0Mk9WT3VEaEJxQi9sbXZEUmpMYk92NnJCTUVqOFE1VjFmTGpBckdEbWsrbDJKTFhzZm4xeVBLUHdmZ2VtR013RkdRaXM4OU9wY3NoNy9JS1c3VXBhTGFaTFJOeDI2ME9LMXR0RVV6bHkzWG5ZdGM1MjhCWUZtQ0ZybDhveGV0RVZkRVlrWWJEYzNpK1p5Y2t3MjRWeGEyd2ltdk5HY0JCTVVVT1djN3lHM1R6eklPVUpZZFlJUGs0WCtuM2dJS1Q2SGxjdGNvbmpwM1QxMzBSMUFYSGZWeFJyQ2ZsMzJnNDkrL2dsZmtlcnFoOXczeEFwTWVvNWlrNEFzU0lIY0ZKVGdZb2I4elNZbHcwKzd6Q2pIcSt5bkRxOXZ1R1ZGdmt2ODhHSkR3U0ZqQnR2R1pBRnh5Tk9wZVM2UGdsR3o0MjJCRXd3MlA0QUhwR05DaTBEc2pvVW5GKzNmTG1PYzZnZFpvRGpzMHRoN2dLRmE0THd1RWg4RzAxTzc3TUJUVWFqd3ZxMVlldE1CQnBmakY5S1NqYjhtb05yWCttYnY1L2FuT2xzVzJ6cUhwb3Z6QTJWSkVGdmpJcUVqaGtxejFDR25TMUg0aHg5Ny9jS2VqMHZwbmphSjdoL0ZJZVhHUnNRd3h3b3JUNDQ0UW4xSThQUWpBdUN1cjdsWmlvMnRtSDZMakxneDB2TExXdFNWQWx0U0ZydWZlMHoxNE82a1NpZndGelA3cTM0VjQzVmlpelVmZllpQ0FYSDhtRnN3MnBQQ2MvcGdUVXBQMCtJY1pESWY2WGE3M3k2cnd5RkxZZTVuVTJKN0I4YnpIUlh0Ym83Szg2N3IzMzRicWoxbjU0RGFzbDlYQkFQdlpxWU1ac1lEMFJJS2gyZFFwQ3pLeDc4RVdMRHozSndkYy9OZEMyOHRTVDRUVDFVWTBVSTAvNDNPRWlxeHlUUndyMXZrMDNuTEdza00zQlVNUXJRMk9VY3c0RUlCcWpNRW9pQUNWM3QyMmZXcDE2dDAwV2h3U3JPVW9mR25MWEdGcmQ1Q2ZwbE5OQjJqcloxYW1yMlE0QkNaazFRYkpMZkdGTFhDT2ptR24yZlNEY3M0bDNSSTNBdkk4aGx0TWw3NHdDaS9lTjNaVjM3MlZHOG1JendTNzhrc3ViT05lWHJwVUNCNkI1VUdCVzlKS0xBRnVXd2p0STFtOHROTjJaVDZzM2tKb3l5bjZ6S2REWnVLS09ndmIwbURtV0dHZ1VCWnNrOGpUNGNoUUR6aWlCUTZoRjQrZS95MDdVem14QnBENXlNM0VXKzlTVUY5N1g4V3pwamFUNGUycWVwSnlvekkvanA2NitzNkJlV1Fha3hEM05rL0NleHFib0pNNk1jYWdxa3lVeUVBd0JjNWx2djl0RThsRWQxbmlyTlZaa0QwVmxsNm1WcngrYzNxdHNIc1lUdC9YWkF0Q0x2NXpoL2ZDSzF5aXZWRGVmVUdtMXhFbGZMdzVVNnlScEdRWmpETDkxL2kyMUkzS2pJRTc3VVhqdm54OE56Q2RqK2V6blNVNTRZRU5iczdTaWZzWUpoVjB1U3VJeC9MUVZ4ZWtJSjlwMWFzNktnNEJtTDlBdFZ6d25OUi9uVHREcVZRcGlobzBZTUdmVnM0a3dVaGpubjY4ZzFMcEtlL0wwUTZoT3R3d3lRZVhBTkw5cHRzUzBOQWMrQWVrWWNJWHphTFhrblB1VEFFY2lRQnJUR0JEbk83aThoOU9PblVqekZhVnFKY01Pd1A1cnRnMFcxck9PclpoNTNpOWxNY0JwNnhkeWEzWkJ4aGVYL0hkRFdNZ0NUQklmS09vN1hHZFNPWUhhNkpDVmNWb0R1a3dYS1FZTkI1VUhKMHFLNmFyUmR6VTBTaUxEKzhLbFVmb2c5azZTanQzSFFvMkxybEI3Y3dGTFJybW1nWk5wd0RTeTBvTDBKQ1YwUXd6djlKalg2bDVFcnVwWU9QQ3RuWmYvYzUwc0NHUTlBMGkwYUJsdzhsZGRtTFhaa3VJQXdxSUErUlE2czBpWldkRm1TY2RmWncybCsvU0xEMzl6ekxDbTdQdE5CT3MybWVpbjJEMjlPZHdiZ05GYitzc1JRLzNPaW8yYmx4V01rSCtLcXFpU1RHZmlvMUlkdW9QYzVHanhTVEFPbXNmalBkeHJpY1EwdWw1RCt0MXNyaHU2Vm9rYm1JN0xGbURVWjRaRWhsTVZMTHhDWGsvV0pWWTVYK0Fkcmc1MGRKLzJjbW42VmFiWW5FczF5TXFEeDZZUXFObGhvR0l6MHpRRmtuM1g2T0JsRWkrVzBQeFpiVmxJT1hjRmMva0x4VUwxY0V6WkwxV3haUldFanpIdVZPcnFCVEMxNjluWUZUdVdLdWVSN2VxQitXbEl3ekpHZ2RnYUYwVWR3dzNGdnJxYURzSFZhTVFPWDBQSVdsb0xhOWNFSmRVS1dWOW9DeU4wWHpNcERMVC8xYkVkdmVRUXEyNGhSM1FyUitVMGJWdkJNdFptc0g3MTRMdVNtUFovR1ZSaXcwSHErRjhRV2R4bDZmdWJud1ZsV0JtcUlJRVE4VTQ4cXd4WWJaZW1uMVFtS2UvNnRucWU1ZkVVSTlxOXNPSXFDdlFMOGVuUGNLOTBwa3dEYk1EajBxMXRqSFhQeXBzR1VLTkFEUERDOUl1TTFjZ2JLWEUrUWtJOGppOS9EdjUwNnFyam9vb21kVGgvWEs5eXB3ZmorMTY1b0hIOXBrcXE3RHBYbzR5b0RpNVlXeVluOUhObkYzRkc3NXQrRXRUSGtiWjdhUE13R2RISHVob0NERXhtUVJwc1BkQmJDOFBiL3Q5U3ZmSjZ6S05sT2dON2pFYTYvMzVoVXlhMD08L3hlbmM6Q2lwaGVyVmFsdWU+DQogICAgICAgICAgICA8L3hlbmM6Q2lwaGVyRGF0YT4NCiAgICAgICAgPC94ZW5jOkVuY3J5cHRlZERhdGE+DQogICAgPC9zYW1sOkVuY3J5cHRlZEFzc2VydGlvbj4NCjwvc2FtbHA6UmVzcG9uc2U+ python3-saml-1.12.0/tests/data/responses/valid_encrypted_assertion_encrypted_nameid.xml.base64000066400000000000000000000200201410551756100326660ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJfYzIzZjAwODk2NmZmMjcxMGI5ZDQ3NjA4NDIyNDRkZGM4MTE2NzY2NjkyIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxNC0wOS0yMlQxNjozMzoxNVoiIERlc3RpbmF0aW9uPSJodHRwOi8vcHl0b29sa2l0LmNvbTo4MDAwLz9hY3MiIEluUmVzcG9uc2VUbz0iT05FTE9HSU5fOTlmYjdiOWQ4OTYzNDdmY2UxMjEyZDE5MjRkNDQ3M2I1NDcyZjJhOSI+PHNhbWw6SXNzdWVyPmh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvc2ltcGxlc2FtbC9zYW1sMi9pZHAvbWV0YWRhdGEucGhwPC9zYW1sOklzc3Vlcj48c2FtbHA6U3RhdHVzPjxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz48L3NhbWxwOlN0YXR1cz48c2FtbDpFbmNyeXB0ZWRBc3NlcnRpb24+PHhlbmM6RW5jcnlwdGVkRGF0YSB4bWxuczp4ZW5jPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyMiIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIFR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI0VsZW1lbnQiPjx4ZW5jOkVuY3J5cHRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNhZXMxMjgtY2JjIi8+PGRzaWc6S2V5SW5mbyB4bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48eGVuYzpFbmNyeXB0ZWRLZXk+PHhlbmM6RW5jcnlwdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3JzYS1vYWVwLW1nZjFwIi8+PHhlbmM6Q2lwaGVyRGF0YT48eGVuYzpDaXBoZXJWYWx1ZT4yd09rZERoNXVaL25BNTRZeHdEdVljbTFFTXdlNXRvZ2NqOGxpeVdXWmNaUGROS3FYdzJuWmUxVVpBTlAxZ2V6WFFMa0xidTMzbUE3Z0JQQ0NRQ3J4Q1gramtycEpPbnFpNFoyaklVc2FteFQycGVmaW1NRUM0ZE54bWdub2hxWFFHTEhvN0VrMnprTGU0ZEtDdTBmVEl6WkRNRERjSXdyclQ4MmcwYjdQL1U9PC94ZW5jOkNpcGhlclZhbHVlPjwveGVuYzpDaXBoZXJEYXRhPjwveGVuYzpFbmNyeXB0ZWRLZXk+PC9kc2lnOktleUluZm8+CiAgIDx4ZW5jOkNpcGhlckRhdGE+CiAgICAgIDx4ZW5jOkNpcGhlclZhbHVlPk5jYVlxSVhzUFZlU1dQUUpGZXAwVzJVNHZ2Ym9xVitQWlgrdlNMa0pldXR5VW16Qzk3aGpsZUNyQ3VXN3BPYy9xWXZia1lPUlE0NmhsR1VqT2FTWmJ6d2R0MlBBWmZRbUQ2M05uSzFZS084ek42TEhhUVRkUFI0c1Q5UUFwUkFDNndhbDV6cDAyU1dQVlpzNzlIaGk2Z0pXdTZyL1R6U3c2czN2YkNXTThBeWs5MU8wWURwaXpvSHlFYTR3U29SQ0NEemFFTHFaNyszUEFNaWVyRklYWHBWUDh0aE9RNXEwNmt5Yi92YTdRK1ZLMW0vL1ZxZnpYdnhMNmlsKzFWSzVFbTF1T2xlaU14bG9tRnZzdnRBNmpocU1WQ0dNQkZvdXBzWWwybTVPS3VNNWxuRTl4NEk1dnpFS0xaa3lRY0pETVo2aVE4T2FQMWRFY0dITU1vRmNuTmpheG9hTFhrUDBaMEptM3RxTE9Ka2ZjNW9RS2puWjNQYTJkelVDS1YvWllLYTlmR1R6b2ZuSVFzRURKbk9pd21UeXExcHVLWW5MaWdycEpxYWJKQjFUVXIzTTFkVWtMVTBIaWk5T2Nod1NrZVU1bm0wTmVXRG02KzA5dkFlWmZzKzB1WmdBUHpsNHU3TlM3bTJpRkxhbFdxYmhYWnpkZXlHWVQ0K24xNEdGZFNYcmhTcW9tNDVBTVNwREY4MFl4dXVESGg4ZzIydGcvSVBvT2JvVG4xelFKaFBjbi8rYnFMYkE0bjd2K0VmU1JRdjh4TFQ4SGZza25DSWpzNzhsU3NqSVpJRVU2V0ZKUUhkNWlGS0MvRXNUT3N4UTNsR1hleVBaVlNBYU1jcUQ4YllheXQ5eVJ5NXNVTUtkWmJMMXJVWUp0enZJb1pwY3dDM0xtc3VEM3FKdXZZbyt6K1MzVG9vUXNOWnlTeU9pYThRL2k2MFhmQ0lZOW1LSnAzbTZwYnBjNk5ETmJuRWJyNmJ0U2pvalFZUVlDWStKUEZtdWd0c2tNeVdkbEY4cWhYN2wvbGVHTzE1UUZDRkY1Qld0c1lmMmI2SWFKbGRlRDAxcTZsRFpYTjI1RkJQRDNVanZNS0RFZVkyblA1TkJqRUdKb09MMzlQWU5tNVJIMVBxaVhYVUVQNWVvcVN3UExSM2hQN1NtRUNkbVhHMDhUVlErQUMvbEQrNHB6ZEhEbjVQWUhsZWhqQ2dZb1lteWFxaVVONTUreDdUR0hWZXF5SXBHSVBQNWV2aURDZC95RHBEMXJwUXhVdVVESU1hTms4SHBOR1ZnUzR0UFdKZHBtdUtxb3hEbGY4SmZDaDRCc2pxVnRoeVVEMUY4ci9MdmlQU2UyS1RwbVJrSGhvOFVMZXVlZFZOS0p0S0hScGIyTUxtblY3T3M0Sk0vaStoT3pXWnVsU2JjMjhoTk1ua09tVEZabEV5Q1dpdWRoUEp6Tkd4S0F3M0E2amZYRHp0Wkl2RDBPM1ZHaGkxR1hOQmc3NUJrSEpIV3Vka09NR0JtMmR0MWpUT3FJajA2b1c2czhnVjB5M2ErV1RMaUhhV1ZucGV0a0t4elJhRlFGNmZNMnhTSmFNNmp2alJWTVk5ZGtrckZqZVFYTHp5dVNoczZuSzI2elFKdVJhY1VybEJrK0hHVS9DM1JiVVhDaElza1N0ajZ4YXF4MHQrbENzK3dQWUVubEZwckluSWR4SmhrcEJ2b0xmRGI1U1FEZnhmdTdoSXBaY2xDUGs0QWM4MWUySElPNHFHSGtwNWxaYUxkSjU3WldFRmpGc2FIRkV6RitCcFVoZExoUzdVMksxaWlhd2x0QlZQcnpEZUU5Y09VRFpuQ3pQNEthbFFnZlRENDNSUzJNS0Z4MWFMWElKdnUrUlBYOHZzd1NHdjN0Q29LNHI0K3ptVWhmM3JZaFFwWFhCd0EyUVJGS1F0ODhRb290bVJIcitRU0ZneHBnUm1iTjhnQnF6SHRYOFIyVUNWOExvSy8ySXhrRDVQWUlsVWN3Qm40SzUxNFZMMWRGZmtWMENOUnNPTG1NNDJxSm9EK09tQUJ0VEJkVHBkcWVLUVdlZjNjcjlSY1pBSUlzMHBOS2NvMUpVVTIyN2poYVJVTWkrbnZzYjJqemloZGUzdnYyY09BTHN5NWRIWDlOREZqOWs4elVhejJ2UGZXYURoMlFqTWJleFNuWFZGWk1BeFAvZGNET09PaDBzMHRGL20wMmJ4RE1IV1cvdkFwWnMxT0VXQ2xyZGFRMWF6RFdXQ2FTeHNnQy9MV2Y0SmVwR1Jhc3JhZDNVc0ZDWE9kYmJTWG52UnlSbU5IbjUyZUFjOWFHdlNhQWtLaDl4YnQwdTRjU3FEUThrOENkclpDb21VUnJFb1Z2TW9Gb0ZtVy8xWENWRFZvQ29OZmtGZnhJMXVRS3ZJTHBBbzNwZC9Wa0xqQW8zNU5mMlI4WW9QVXJPZFVVQ2JBb3NLTkQ0c1Z5QTgrMElIOE50OWhZYUZSWnNyNkRPdzNkQjFwWVh6TktyUDdNakVOMVhoVlNJZW9VNmE3VnRDbnNtLzE5dVpIa3dpb09rMm9UVXJyY1pzMW9oZlM2dDdIbUI0SEdSeE9QQzNjSzBMWVVreVF2bXlINEk0V0RIdmdOVE5BS2E1M0k4Ym94ZDNnSG5Dd3pUUXFXQjVWM1BXQUd3NFJUOUM2QXo5TTdlcHZGemw4VFpQZEJjbGR1Qi9JNzlIZE9LTVM3OFNIOFFKL1FSSUZXV1MvSG1GU3lqVFZoVG9Na2llT1p6aXk1SW5XTlJFaXlIS0oyazZNaGJETUZKOW4wRTJZVStETWhWZkFadFFzYXFFd2xaSURseHl1UmRqYVBGQjljalo5UGJlZWtoVi9BeEtuMklIenUyRW51ZHZuUUhvUHBmUVFTSk4wZEk4ekMxRXVlQTJCZjdDazRBc3c1RFVlUnQ5N2lBMkFEeitJbU95dHZDa1J0b2k4YUgxTG5mQzRKRGMzdGwxU0d4YXJEOGdVR0drSUd2ZkhHdFlncE5PamZhUURPOTZzVHBCVU8xcWI3SlRFU0VzbkxkaVpxRzlCTm8rWGlNQmxuYWRKdE1DMWttMHY0MWVGY2s1dWVveDZJQlhCVngxVkMvN01KdnhaV2Q1ZDBhaFptWEg0c1p6OHdFdVR3djdzanBBUk5VM1IvSkJsY3k3VXVjZnBCQmZycVkvWU9zMUQ4SVRjSlNZMjh4dlVrblFGVjJLSWM3NkFwMzNCR3NJclFSTTlxaWZNMU9TNWdKeVBCMWZsa3RHcmlSc1lmeGdlanVaZEM5N0FqNTdzQkgrS2VTdUxINmwzRVJOODJ0SXB5MDBRVFk1NlJQMzdCclI0RkFhSXVHVTgzWWJxK3V3ZUo3aFFXeUt3VGlkYmJjS1hSNWlsOXFwNW1JazJlbDBkSXRiUzhPenBTek5XYzJaTU9zSVhlUVdMWTd1QVNyVGR5Q1dyQmRrZXhuZnB0QUgzM1JuWkI4Q0lKVVlmQWxCYk81MWxpd2tmeEhaR2ZVeEtOSFlvTjF2b2dZOGRKUk13YUxMQ3B5dlgyT29FVXBEOEZZNWRPbVZGQUxWMnZMeUluVWRSaVZKQ3Yxb1A1RU9lbHZ4MjlsUlFCN0NJVDlJOElRdUhCa3ZYeUw1K1FKZERITXF6ZjI0OHZjU3diUXE0ZVpWNktlemxNVVFWYmJXWHVVOEFTd0VneThjLzREZ2FBZjdSZE1ZcUhYWWZENTR6TjJtNzZ2WkZ4SDRBZUswM3JveHBBeVc3ZVMwL0NJcThKSWJ0QmNQVk1NVHAvR1d2Z1RwUUlZT0FtOFhNRGhFSGtsaVl5ZjlMUHd0UEw5eFZPdHBhSzIrOW4vdFpUQm9qdFd0TE9JMm9HYUZvS29Wb0dYMVlMZVdBZGZXTUxUU1pEQy9XRVhMcWtSZjhKY3VOa3VGSm1NTGpuNUNBaUljTExueW43YlZKZUY4L3FxR3NNNzNja2ViWDY0cEkrRENuMmpBZGcxSENXSE80TEc3N3FqS3d5WmpqWndjWHpOb1lGYnh0aGNQZUY3ajU4eXpTUEJ1UFFEMkFaT3BRc3ZMVXplb2QxY0E0eDlEdnB3OVBxeWEzSkIxYUdOdEVUR0FqTVRVOHg1ejJjRHRBWHFhWXpVK1d4S1NEUW5qc3FLK0xhdm9iTkx2YXZqK2xVRkl3Yk1kMU9Yc1FOU2RPY2dhNHhYeHpxWUFpWXUvZkRQN2lDQlMvN1RuMWFBT0lvb2JPQmovcHVFMUREMEFkRVpBN3hpU1BJbjhBbmRBbVhtdDlTSElpUTBpcnlPWjhQQ1pzd09odDNIYitOaGV1SlhCYWlBRSs5UGtxYmowV3dZQkZIWXhlSFFFWmhMTXdiUEFZVHVELzBQbUhyTFl6V3BPemI5bHZGY3B3VE1QTFdsVlNjbkozbVd0MmRyYllHV0NGTlYrQXYyU01OVzF0TnpML2xXWVh3ZGl2bWRQYWp3czl6K2E5Y2FNSlFSWWlDemFaVHJpbTRpQmovZmREY1UzUHZHRUpyZGZUbTJRbWJ2S1lqdDRtM3lBbTBXbWpZK2RJZkJQNUpEZFIrZmFPME1KYlRVM3BNU1RKdmJYOWY2M1Z4T0JaNjNyZ0dKVkhlTit2ZW9WdmJ5LzJYeUtWUWJYSEtmQ2I5cjh0Wkk0Mk1sQ0hBdHJzbEdUaVVBN0xMUWFVVlpUVENxcGY0VzhMdk0yaEoraC9CTjFJZGlNc2h5MmhMb2JDdjk0TmwrVDFQc1l4alU5aUtTcmt0OG53eGo2V3NFejlJOHVJMlFkSGNwZStSODBoY1Q2NHRpSGZCa2FiMlp4N3NaQ1A2TlZqRC9MYk5EUDdwalk5aHZWQWpxNWJucjdQQ1RueEZtYW1GTjUrcklVWTBieHRpRU9HajFDeGV6N3J5Ym52VlJ5QjVDOFRPSmF2UlQ0TEhyek5aVzRPOFNhUVYzVmpXMGY2dzU1NFlZRHZuS0UxSzYxZ2x6eDVrWU9Mc2J0eEt3NVhmd2VocEEySVNnbjc3OWhHV0drak81QkV0N1QzWWNsSEpsZzFIcHU1YTNRdmEwVHEzWXBOSEljWTFQZ2VCMlRVQnpubVRDWjVPbDVKSndQNllUY3YvZWRRVUtVbDBIYVJnb29TNDBTWkVsN2hhZmZzYWtqS29pZmV1S3doWE9mREN4Sm9NdXVJanBwSzNSNmJCN3liY1FDTjJHMFczOUR1UkJvSitzZ1Y5Q0NwN3NmUnY1OE5tZnVXNHdMRnIydnRITlZsdnRkWEtNcG5qTEJvWno1dGEyTFRXbFlsaktuRi9DZUtsakVYTGErRG45WkVKR2x1a3NZZFFEREdFZlBvcWUwZXhUR08vZXhmR3JNMERZMW9iWXJ0OFZ5Q2lIK3JPT1NMSVcxV1pIb1NXdmxZaFNYbitSd0Q4a1ZqUE5CaCszZWpOMU1INEIwWi9nVmRmcXFXYWVmTW4vUEZzNENvL0dNUDFHeEhLTmNsZVIzZllpalhVdWhzcU5ibXZocXRUcG5Ya2QxeklrTnFBZ3dLTGdpSlNlRkVSNklLSGpEUE9iRjJSNGFKRTB3U3lla0hDNjNWQ3ErdjIxc096eXRXSEo2eTdadHh1UlZOSHZjYmsxVDBVSjVxZXQ2US9qcjNZMm13ejBSQk1pVXEvMjZ0RDh1K0c4TjJzOGR6c0gyLzlFcHhhNWRPYWRwRUNXQ3hoRDdtNGVmbmVVK3RGbVVhUFRURmpFWU05K3l3WHRCbUEzbytkeHVmMkJKMXJCNmtZZXBRTmRNNG5VVUZRYkgzL3hKTlE1TFdubVYrS1lnSC9mS1hnOUIyaHM5SFpOMXM4WCtjckJQby8rSUZUOVEwbGgxRkN0VzFDV29CclMxeUViakhjVEFxR21PVDhySmNndGhGRVc3ZHRZSFg1VUJZRXBSQzFOT2pPTjhoeXhtdU16OGhFNU9tSUo3b1RkMUxoeUt4TmNBVlRaWHhNOUJIN3ZFaXk3UFM0c2xpN3RFVXduTlhBNUpwWnFEVEx5anBNd3N5djk5YUlib1haTDlwaFZ0QzRrZGt0aTlid0xtNEJZeU9wcFpWakYwRzl4MEpxbEpjT01WVi9YMnR0ZWUwc2tralVqZmE0VkI5MG5FKy8wYUl2SS92d0ZZUHNGVDVOY0RWSDdQZDB6bERNZnZUcTgvVzJEbHhkRTZrUnpGUldYcjhNdDhWTFBldVp1UDFoZ1JBS0tsb2RZc2NFVjh6UVY1bGNjdnFGMmdHY01YbCtnUk52aXMvS3VJclc2QjlUSkMwanJGWDFXQUZKZUdURXBTTGhSTmlTdWVDb0VCNUFKcWN0Q0VmMkdCVUlkWXVjM2JwRjRiNWVqcz08L3hlbmM6Q2lwaGVyVmFsdWU+CiAgIDwveGVuYzpDaXBoZXJEYXRhPgo8L3hlbmM6RW5jcnlwdGVkRGF0YT48L3NhbWw6RW5jcnlwdGVkQXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+python3-saml-1.12.0/tests/data/responses/valid_response.xml.base64000066400000000000000000000210701410551756100250540ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeDQyYmU0MGJmLTM5YzMtNzdmMC1jNmFlLThiZjJlMjNhMWEyZSIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDItMTlUMDE6Mzc6MDFaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9pbmRleC5waHA/YWNzIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOXzVmZTlkNmU0OTliMmYwOTEzMjA2YWFiM2Y3MTkxNzI5MDQ5YmI4MDciPjxzYW1sOklzc3Vlcj5odHRwOi8vaWRwLmV4YW1wbGUuY29tLzwvc2FtbDpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+DQogIDxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+DQogICAgPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIvPg0KICA8ZHM6UmVmZXJlbmNlIFVSST0iI3BmeDQyYmU0MGJmLTM5YzMtNzdmMC1jNmFlLThiZjJlMjNhMWEyZSI+PGRzOlRyYW5zZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvZHM6VHJhbnNmb3Jtcz48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz48ZHM6RGlnZXN0VmFsdWU+M1JNaTI0V0F2cjlnTHdWZ0NtUDlsM2NneCtFPTwvZHM6RGlnZXN0VmFsdWU+PC9kczpSZWZlcmVuY2U+PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5FR2ZSVnRTblJqVkJwdkpMdjExNnhWcmovaDVVQnJlTDNnV0V3ZnNORHkrMU9iaC9XTHZlR01uS2xIN0draHU5eXNIUVkxYzRnSER4SVgyaXZtM3YzVFhqK0V3ZDVhMVE2dXgvbXZJSFRvSUR5SnFLL25LSUtVZFEwTWhIcHVXUnF1OEJoWGZQcnRGdWkzOHRhamJpNjFTUnMxN0ZJc3YvbFJLb1JScWJIYlU9PC9kczpTaWduYXR1cmVWYWx1ZT4NCjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUNnVENDQWVvQ0NRQ2JPbHJXRGRYN0ZUQU5CZ2txaGtpRzl3MEJBUVVGQURDQmhERUxNQWtHQTFVRUJoTUNUazh4R0RBV0JnTlZCQWdURDBGdVpISmxZWE1nVTI5c1ltVnlaekVNTUFvR0ExVUVCeE1EUm05dk1SQXdEZ1lEVlFRS0V3ZFZUa2xPUlZSVU1SZ3dGZ1lEVlFRREV3OW1aV2xrWlM1bGNteGhibWN1Ym04eElUQWZCZ2txaGtpRzl3MEJDUUVXRW1GdVpISmxZWE5BZFc1cGJtVjBkQzV1YnpBZUZ3MHdOekEyTVRVeE1qQXhNelZhRncwd056QTRNVFF4TWpBeE16VmFNSUdFTVFzd0NRWURWUVFHRXdKT1R6RVlNQllHQTFVRUNCTVBRVzVrY21WaGN5QlRiMnhpWlhKbk1Rd3dDZ1lEVlFRSEV3TkdiMjh4RURBT0JnTlZCQW9UQjFWT1NVNUZWRlF4R0RBV0JnTlZCQU1URDJabGFXUmxMbVZ5YkdGdVp5NXViekVoTUI4R0NTcUdTSWIzRFFFSkFSWVNZVzVrY21WaGMwQjFibWx1WlhSMExtNXZNSUdmTUEwR0NTcUdTSWIzRFFFQkFRVUFBNEdOQURDQmlRS0JnUURpdmJoUjdQNTE2eC9TM0JxS3h1cFFlMExPTm9saXVwaUJPZXNDTzNTSGJEcmwzK3E5SWJmbmZtRTA0ck51TWNQc0l4QjE2MVRkRHBJZXNMQ243YzhhUEhJU0tPdFBsQWVUWlNuYjhRQXU3YVJqWnEzK1BiclA1dVczVGNmQ0dQdEtUeXRIT2dlL09sSmJvMDc4ZFZoWFExNGQxRUR3WEpXMXJSWHVVdDRDOFFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQlFVQUE0R0JBQ0RWZnA4NkhPYnFZK2U4QlVvV1E5K1ZNUXgxQVNEb2hCandPc2cyV3lrVXFSWEYrZExmY1VIOWRXUjYzQ3RaSUtGRGJTdE5vbVBuUXo3bmJLK29ueWd3QnNwVkVibkh1VWloWnEzWlVkbXVtUXFDdzRVdnMvMVV2cTNvck9vL1dKVmhUeXZMZ0ZWSzJRYXJRNC82N09aZkhkN1IrUE9CWGhvcGhTTXYxWk9vPC9kczpYNTA5Q2VydGlmaWNhdGU+PC9kczpYNTA5RGF0YT48L2RzOktleUluZm8+PC9kczpTaWduYXR1cmU+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+PHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9InBmeDU3ZGZkYTYwLWIyMTEtNGNkYS0wZjYzLTZkNWRlYjY5ZTViYiIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDItMTlUMDE6Mzc6MDFaIj48c2FtbDpJc3N1ZXI+aHR0cDovL2lkcC5leGFtcGxlLmNvbS88L3NhbWw6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPg0KICA8ZHM6U2lnbmVkSW5mbz48ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPg0KICAgIDxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4NCiAgPGRzOlJlZmVyZW5jZSBVUkk9IiNwZng1N2RmZGE2MC1iMjExLTRjZGEtMGY2My02ZDVkZWI2OWU1YmIiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+PGRzOkRpZ2VzdFZhbHVlPndIVUpDalpLRWVtd3E2eGZzMkNIbUd3UXNIND08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU+Y2VFd0NtbFQ2d3lpdGVLZE5JaVNFLzBoTG5rMkRweEh0K24vdzlhTHp4MmpneDJOTzBiUTFjb0xyYlBmc1A1SjhNYkNBQWRUb20yUkxaTUxIdTNwZjBHeXJ6cUUxTkhIMmthaGJiSWtKYnZJWkhhaE1JaFZNUW1RMzhJMDdQRC8wc3BjdkJqQS9lblk0SWtWR2VQdmUwV3FhaU5ZUGNOeDNaTDJPdENMZEtzPTwvZHM6U2lnbmF0dXJlVmFsdWU+DQo8ZHM6S2V5SW5mbz48ZHM6WDUwOURhdGE+PGRzOlg1MDlDZXJ0aWZpY2F0ZT5NSUlDZ1RDQ0Flb0NDUUNiT2xyV0RkWDdGVEFOQmdrcWhraUc5dzBCQVFVRkFEQ0JoREVMTUFrR0ExVUVCaE1DVGs4eEdEQVdCZ05WQkFnVEQwRnVaSEpsWVhNZ1UyOXNZbVZ5WnpFTU1Bb0dBMVVFQnhNRFJtOXZNUkF3RGdZRFZRUUtFd2RWVGtsT1JWUlVNUmd3RmdZRFZRUURFdzltWldsa1pTNWxjbXhoYm1jdWJtOHhJVEFmQmdrcWhraUc5dzBCQ1FFV0VtRnVaSEpsWVhOQWRXNXBibVYwZEM1dWJ6QWVGdzB3TnpBMk1UVXhNakF4TXpWYUZ3MHdOekE0TVRReE1qQXhNelZhTUlHRU1Rc3dDUVlEVlFRR0V3Sk9UekVZTUJZR0ExVUVDQk1QUVc1a2NtVmhjeUJUYjJ4aVpYSm5NUXd3Q2dZRFZRUUhFd05HYjI4eEVEQU9CZ05WQkFvVEIxVk9TVTVGVkZReEdEQVdCZ05WQkFNVEQyWmxhV1JsTG1WeWJHRnVaeTV1YnpFaE1COEdDU3FHU0liM0RRRUpBUllTWVc1a2NtVmhjMEIxYm1sdVpYUjBMbTV2TUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FEaXZiaFI3UDUxNngvUzNCcUt4dXBRZTBMT05vbGl1cGlCT2VzQ08zU0hiRHJsMytxOUliZm5mbUUwNHJOdU1jUHNJeEIxNjFUZERwSWVzTENuN2M4YVBISVNLT3RQbEFlVFpTbmI4UUF1N2FSalpxMytQYnJQNXVXM1RjZkNHUHRLVHl0SE9nZS9PbEpibzA3OGRWaFhRMTRkMUVEd1hKVzFyUlh1VXQ0QzhRSURBUUFCTUEwR0NTcUdTSWIzRFFFQkJRVUFBNEdCQUNEVmZwODZIT2JxWStlOEJVb1dROStWTVF4MUFTRG9oQmp3T3NnMld5a1VxUlhGK2RMZmNVSDlkV1I2M0N0WklLRkRiU3ROb21QblF6N25iSytvbnlnd0JzcFZFYm5IdVVpaFpxM1pVZG11bVFxQ3c0VXZzLzFVdnEzb3JPby9XSlZoVHl2TGdGVksyUWFyUTQvNjdPWmZIZDdSK1BPQlhob3BoU012MVpPbzwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1sOlN1YmplY3Q+PHNhbWw6TmFtZUlEIFNQTmFtZVF1YWxpZmllcj0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvbWV0YWRhdGEucGhwIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+NDkyODgyNjE1YWNmMzFjODA5NmI2MjcyNDVkNzZhZTUzMDM2YzA5MDwvc2FtbDpOYW1lSUQ+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjA1NC0wOC0yM1QwNjo1NzowMVoiIFJlY2lwaWVudD0iaHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9pbmRleC5waHA/YWNzIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOXzVmZTlkNmU0OTliMmYwOTEzMjA2YWFiM2Y3MTkxNzI5MDQ5YmI4MDciLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWw6U3ViamVjdD48c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxNC0wMi0xOVQwMTozNjozMVoiIE5vdE9uT3JBZnRlcj0iMjA1NC0wOC0yM1QwNjo1NzowMVoiPjxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PHNhbWw6QXVkaWVuY2U+aHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvbWV0YWRhdGEucGhwPC9zYW1sOkF1ZGllbmNlPjwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjwvc2FtbDpDb25kaXRpb25zPjxzYW1sOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxNC0wMi0xOVQwMTozNzowMVoiIFNlc3Npb25Ob3RPbk9yQWZ0ZXI9IjIwNTQtMDItMTlUMDk6Mzc6MDFaIiBTZXNzaW9uSW5kZXg9Il82MjczZDc3YjhjZGUwYzMzM2VjNzlkMjJhOWZhMDAwM2I5ZmUyZDc1Y2IiPjxzYW1sOkF1dGhuQ29udGV4dD48c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZDwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj48L3NhbWw6QXV0aG5Db250ZXh0Pjwvc2FtbDpBdXRoblN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9InVpZCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+c21hcnRpbjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJtYWlsIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5zbWFydGluQHlhY28uZXM8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0iY24iIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPlNpeHRvMzwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJzbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+TWFydGluMjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJlZHVQZXJzb25BZmZpbGlhdGlvbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+dXNlcjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5hZG1pbjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PC9zYW1sOkFzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg==python3-saml-1.12.0/tests/data/responses/valid_response2.xml.base64000066400000000000000000000211351410551756100251400ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJfNTkxYzA3OGRhY2MwYzE4MWM1MTIzY2RmMzA2NmQwNmY1ZjRlNjRmMmRjIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxNC0wOS0yNFQwMDoxNjo1OVoiIERlc3RpbmF0aW9uPSJodHRwOi8vcHl0b29sa2l0LmNvbTo4MDAwLz9hY3MiIEluUmVzcG9uc2VUbz0iT05FTE9HSU5fMDMwZDViMWNlNmQ1OTM4NDQ0ZDI0ZDQyY2U5MWVjNDkwZTUwMDFjNyI+PHNhbWw6SXNzdWVyPmh0dHBzOi8vaWRwLmV4YW1wbGUuY29tL3NpbXBsZXNhbWwvc2FtbDIvaWRwL21ldGFkYXRhLnBocDwvc2FtbDpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+CiAgPGRzOlNpZ25lZEluZm8+PGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KICAgIDxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4KICA8ZHM6UmVmZXJlbmNlIFVSST0iI181OTFjMDc4ZGFjYzBjMTgxYzUxMjNjZGYzMDY2ZDA2ZjVmNGU2NGYyZGMiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+PGRzOkRpZ2VzdFZhbHVlPnZMN3BFb3dZS1pHM0FYRWdKUjZzQVQ0NTF3Yz08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU+ZnZOQ3QrcngzaFdjM3VUeXRHd09qYk9taTQ3ektRTFRXLzdlY0RwS2xRNFZhZVc2YnRzNWNqb2wxR2hOZnIxdW5taFF0NXhVMkJsbXRTSzlQekVaNzFYWVlyMWRrNDlaam5EWUtQeFhFQXlBWDlEMWljbjF4cjltL2JiNzcvYkhUZ25PNjBSbk5yMGlrUktQYVAzNFlNSjUzRUcyWTJDZlVhRHRmb2lKSno4PTwvZHM6U2lnbmF0dXJlVmFsdWU+CjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUNiRENDQWRXZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRMEZBREJUTVFzd0NRWURWUVFHRXdKMWN6RVRNQkVHQTFVRUNBd0tRMkZzYVdadmNtNXBZVEVWTUJNR0ExVUVDZ3dNVDI1bGJHOW5hVzRnU1c1ak1SZ3dGZ1lEVlFRRERBOXBaSEF1WlhoaGJYQnNaUzVqYjIwd0hoY05NVFF3T1RJek1USXlOREE0V2hjTk5ESXdNakE0TVRJeU5EQTRXakJUTVFzd0NRWURWUVFHRXdKMWN6RVRNQkVHQTFVRUNBd0tRMkZzYVdadmNtNXBZVEVWTUJNR0ExVUVDZ3dNVDI1bGJHOW5hVzRnU1c1ak1SZ3dGZ1lEVlFRRERBOXBaSEF1WlhoaGJYQnNaUzVqYjIwd2daOHdEUVlKS29aSWh2Y05BUUVCQlFBRGdZMEFNSUdKQW9HQkFPV0ErWUhVN2N2UE9yQk9meENzY3NZVEpCK2tIM01hQTlCRnJTSEZTK0tjUjZjdzdvUFNrdElKeFVndkRwUWJ0Zk5jT2tFL3R1T1BCRG9lY2g3QVhmdkg2ZDdCdzd4dFc4UFBKMm1CNUhuL0hHVzJyb1loeG1maDN0UjVTZHdONmk0RVJWRjhlTGt2d0NIc05ReUsyUmVmMERBSnZwQk5aTUhDcFMyNDkxNi9BZ01CQUFHalVEQk9NQjBHQTFVZERnUVdCQlE3Ny9xVmVpaWdmaFlESVRwbENOdEpLWlRNOERBZkJnTlZIU01FR0RBV2dCUTc3L3FWZWlpZ2ZoWURJVHBsQ050SktaVE04REFNQmdOVkhSTUVCVEFEQVFIL01BMEdDU3FHU0liM0RRRUJEUVVBQTRHQkFKTzJqLzF1TzgwRTVDMlBNNkZrOW16ZXJyYmt4bDdBWi9tdmxiT24rc05aRStWWjFBbnRZdUc4ZWtiSnBKdEcxWWZSZmM3RUE5bUV0cXZ2NGRodjd6Qnk0bks0OU9SK0twSUJqSXRXQjVrWXZycU1MS0JhMzJzTWJncXFVcWVGMUVOWEtqcHZMU3VQZGZHSlpBM2ROYS8rRHliOEdHcVdlNzA3ekx5YzVGOG08L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48L2RzOlNpZ25hdHVyZT48c2FtbHA6U3RhdHVzPjxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz48L3NhbWxwOlN0YXR1cz48c2FtbDpBc3NlcnRpb24geG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiBJRD0iX2VlMDIxYjg5N2U5NjgyM2ZiOWI3MjFkZDgxYTU4MjI4ZGUxZDE1ODNmMiIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDktMjRUMDA6MTY6NTlaIj48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9pZHAuZXhhbXBsZS5jb20vc2ltcGxlc2FtbC9zYW1sMi9pZHAvbWV0YWRhdGEucGhwPC9zYW1sOklzc3Vlcj48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4KICA8ZHM6U2lnbmVkSW5mbz48ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPgogICAgPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIvPgogIDxkczpSZWZlcmVuY2UgVVJJPSIjX2VlMDIxYjg5N2U5NjgyM2ZiOWI3MjFkZDgxYTU4MjI4ZGUxZDE1ODNmMiI+PGRzOlRyYW5zZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvZHM6VHJhbnNmb3Jtcz48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz48ZHM6RGlnZXN0VmFsdWU+TmFsL2J4MTBsc1NJUHZvcmo0VjV5dFpqdXRBPTwvZHM6RGlnZXN0VmFsdWU+PC9kczpSZWZlcmVuY2U+PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5iMnVkaDAvT3NZcU5yREJEWi8wVlNKdm5XZmVqU2FtZU1pdC9EN3FoRmtsLzRjSUNjTm9jMTlmTUE0aFdIWHU4TDNnYXRyc0YvWE9mOGJlMmlyUmxZbm5CTithMmFyUVRJQUwyNzlhSlJ5MDVtYVJZV2lvUzBaemdpV2tLSEw1YVovaWFlT2Exbkt5eDZpTWxhbW9KdG14b3hxRmQxUWEzUEdzc2JScmZFZlE9PC9kczpTaWduYXR1cmVWYWx1ZT4KPGRzOktleUluZm8+PGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJQ2JEQ0NBZFdnQXdJQkFnSUJBREFOQmdrcWhraUc5dzBCQVEwRkFEQlRNUXN3Q1FZRFZRUUdFd0oxY3pFVE1CRUdBMVVFQ0F3S1EyRnNhV1p2Y201cFlURVZNQk1HQTFVRUNnd01UMjVsYkc5bmFXNGdTVzVqTVJnd0ZnWURWUVFEREE5cFpIQXVaWGhoYlhCc1pTNWpiMjB3SGhjTk1UUXdPVEl6TVRJeU5EQTRXaGNOTkRJd01qQTRNVEl5TkRBNFdqQlRNUXN3Q1FZRFZRUUdFd0oxY3pFVE1CRUdBMVVFQ0F3S1EyRnNhV1p2Y201cFlURVZNQk1HQTFVRUNnd01UMjVsYkc5bmFXNGdTVzVqTVJnd0ZnWURWUVFEREE5cFpIQXVaWGhoYlhCc1pTNWpiMjB3Z1o4d0RRWUpLb1pJaHZjTkFRRUJCUUFEZ1kwQU1JR0pBb0dCQU9XQStZSFU3Y3ZQT3JCT2Z4Q3Njc1lUSkIra0gzTWFBOUJGclNIRlMrS2NSNmN3N29QU2t0SUp4VWd2RHBRYnRmTmNPa0UvdHVPUEJEb2VjaDdBWGZ2SDZkN0J3N3h0VzhQUEoybUI1SG4vSEdXMnJvWWh4bWZoM3RSNVNkd042aTRFUlZGOGVMa3Z3Q0hzTlF5SzJSZWYwREFKdnBCTlpNSENwUzI0OTE2L0FnTUJBQUdqVURCT01CMEdBMVVkRGdRV0JCUTc3L3FWZWlpZ2ZoWURJVHBsQ050SktaVE04REFmQmdOVkhTTUVHREFXZ0JRNzcvcVZlaWlnZmhZRElUcGxDTnRKS1pUTThEQU1CZ05WSFJNRUJUQURBUUgvTUEwR0NTcUdTSWIzRFFFQkRRVUFBNEdCQUpPMmovMXVPODBFNUMyUE02Rms5bXplcnJia3hsN0FaL212bGJPbitzTlpFK1ZaMUFudFl1Rzhla2JKcEp0RzFZZlJmYzdFQTltRXRxdnY0ZGh2N3pCeTRuSzQ5T1IrS3BJQmpJdFdCNWtZdnJxTUxLQmEzMnNNYmdxcVVxZUYxRU5YS2pwdkxTdVBkZkdKWkEzZE5hLytEeWI4R0dxV2U3MDd6THljNUY4bTwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1sOlN1YmplY3Q+PHNhbWw6TmFtZUlEIFNQTmFtZVF1YWxpZmllcj0iaHR0cDovL3B5dG9vbGtpdC5jb206ODAwMC9tZXRhZGF0YS8iIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6dW5zcGVjaWZpZWQiPjI1ZGRkN2QzNGE3ZDc5ZGI2OTE2NzYyNWNkYTU2YTMyMGFkZjI4NzY8L3NhbWw6TmFtZUlEPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBOb3RPbk9yQWZ0ZXI9IjIwMjQtMDMtMjdUMDU6MzY6NTlaIiBSZWNpcGllbnQ9Imh0dHA6Ly9weXRvb2xraXQuY29tOjgwMDAvP2FjcyIgSW5SZXNwb25zZVRvPSJPTkVMT0dJTl8wMzBkNWIxY2U2ZDU5Mzg0NDRkMjRkNDJjZTkxZWM0OTBlNTAwMWM3Ii8+PC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+PC9zYW1sOlN1YmplY3Q+PHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTQtMDktMjRUMDA6MTY6MjlaIiBOb3RPbk9yQWZ0ZXI9IjIwMjQtMDMtMjdUMDU6MzY6NTlaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPmh0dHA6Ly9weXRvb2xraXQuY29tOjgwMDAvbWV0YWRhdGEvPC9zYW1sOkF1ZGllbmNlPjwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjwvc2FtbDpDb25kaXRpb25zPjxzYW1sOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxNC0wOS0yNFQwMDoxNjo1OVoiIFNlc3Npb25Ob3RPbk9yQWZ0ZXI9IjIwMTQtMDktMjRUMDg6MTY6NTlaIiBTZXNzaW9uSW5kZXg9Il9hMzNkYzlmNTkwYjdiNDVmMGE2ZDZiMzIwOTBjYzRiNDY4YzYwN2Q0N2YiPjxzYW1sOkF1dGhuQ29udGV4dD48c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZDwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj48L3NhbWw6QXV0aG5Db250ZXh0Pjwvc2FtbDpBdXRoblN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9InVpZCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+c21hcnRpbjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJtYWlsIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5zbWFydGluQHlhY28uZXM8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0iY24iIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPlNpeHRvMzwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJzbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+TWFydGluMjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJwaG9uZSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyIvPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJlZHVQZXJzb25BZmZpbGlhdGlvbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+dXNlcjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5hZG1pbjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PC9zYW1sOkFzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg== python3-saml-1.12.0/tests/data/responses/valid_response_with_namequalifier.xml.base64000066400000000000000000000210641410551756100310140ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeDhmZWI5YWNkLTFlODYtYWMxMi05MDIzLTEzYjg0NDc5YjI1YiIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDItMTlUMDE6Mzc6MDFaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9pbmRleC5waHA/YWNzIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOXzVmZTlkNmU0OTliMmYwOTEzMjA2YWFiM2Y3MTkxNzI5MDQ5YmI4MDciPjxzYW1sOklzc3Vlcj5odHRwOi8vaWRwLmV4YW1wbGUuY29tLzwvc2FtbDpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+DQogIDxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+DQogICAgPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIvPg0KICA8ZHM6UmVmZXJlbmNlIFVSST0iI3BmeDhmZWI5YWNkLTFlODYtYWMxMi05MDIzLTEzYjg0NDc5YjI1YiI+PGRzOlRyYW5zZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvZHM6VHJhbnNmb3Jtcz48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz48ZHM6RGlnZXN0VmFsdWU+NVRWZURYbGQ3YzhURmtybVlDeFpuL2ZHRTRzPTwvZHM6RGlnZXN0VmFsdWU+PC9kczpSZWZlcmVuY2U+PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5hZlFaVUE2REpHa0hLNjVMMENBaTJBSDJkOWNwbExuekNPTHBCYm9hUmVmaWdtVC92L0tJZGcyYXpWRzY2Ykk1aFA1NTBNR0c2ZVVzaWJ1N2N3ZytFbG9tejVBalE3dzlGZG8waHdWWWhib3JaSkN2TUxLUzBEWkFzc01XZnZ3RGNUNmhra3UreXFlS2RhZ1BBOTYwQ25YcUMxeHpjMk43WS82dlBCU081bVU9PC9kczpTaWduYXR1cmVWYWx1ZT4NCjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUNnVENDQWVvQ0NRQ2JPbHJXRGRYN0ZUQU5CZ2txaGtpRzl3MEJBUVVGQURDQmhERUxNQWtHQTFVRUJoTUNUazh4R0RBV0JnTlZCQWdURDBGdVpISmxZWE1nVTI5c1ltVnlaekVNTUFvR0ExVUVCeE1EUm05dk1SQXdEZ1lEVlFRS0V3ZFZUa2xPUlZSVU1SZ3dGZ1lEVlFRREV3OW1aV2xrWlM1bGNteGhibWN1Ym04eElUQWZCZ2txaGtpRzl3MEJDUUVXRW1GdVpISmxZWE5BZFc1cGJtVjBkQzV1YnpBZUZ3MHdOekEyTVRVeE1qQXhNelZhRncwd056QTRNVFF4TWpBeE16VmFNSUdFTVFzd0NRWURWUVFHRXdKT1R6RVlNQllHQTFVRUNCTVBRVzVrY21WaGN5QlRiMnhpWlhKbk1Rd3dDZ1lEVlFRSEV3TkdiMjh4RURBT0JnTlZCQW9UQjFWT1NVNUZWRlF4R0RBV0JnTlZCQU1URDJabGFXUmxMbVZ5YkdGdVp5NXViekVoTUI4R0NTcUdTSWIzRFFFSkFSWVNZVzVrY21WaGMwQjFibWx1WlhSMExtNXZNSUdmTUEwR0NTcUdTSWIzRFFFQkFRVUFBNEdOQURDQmlRS0JnUURpdmJoUjdQNTE2eC9TM0JxS3h1cFFlMExPTm9saXVwaUJPZXNDTzNTSGJEcmwzK3E5SWJmbmZtRTA0ck51TWNQc0l4QjE2MVRkRHBJZXNMQ243YzhhUEhJU0tPdFBsQWVUWlNuYjhRQXU3YVJqWnEzK1BiclA1dVczVGNmQ0dQdEtUeXRIT2dlL09sSmJvMDc4ZFZoWFExNGQxRUR3WEpXMXJSWHVVdDRDOFFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQlFVQUE0R0JBQ0RWZnA4NkhPYnFZK2U4QlVvV1E5K1ZNUXgxQVNEb2hCandPc2cyV3lrVXFSWEYrZExmY1VIOWRXUjYzQ3RaSUtGRGJTdE5vbVBuUXo3bmJLK29ueWd3QnNwVkVibkh1VWloWnEzWlVkbXVtUXFDdzRVdnMvMVV2cTNvck9vL1dKVmhUeXZMZ0ZWSzJRYXJRNC82N09aZkhkN1IrUE9CWGhvcGhTTXYxWk9vPC9kczpYNTA5Q2VydGlmaWNhdGU+PC9kczpYNTA5RGF0YT48L2RzOktleUluZm8+PC9kczpTaWduYXR1cmU+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+PHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9InBmeDQxN2ZiOTc2LTk0NGEtNDNiZi05ZTUyLWZiOWM1OTYxNzYxZiIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDItMTlUMDE6Mzc6MDFaIj48c2FtbDpJc3N1ZXI+aHR0cDovL2lkcC5leGFtcGxlLmNvbS88L3NhbWw6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPg0KICA8ZHM6U2lnbmVkSW5mbz48ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPg0KICAgIDxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4NCiAgPGRzOlJlZmVyZW5jZSBVUkk9IiNwZng0MTdmYjk3Ni05NDRhLTQzYmYtOWU1Mi1mYjljNTk2MTc2MWYiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+PGRzOkRpZ2VzdFZhbHVlPmxSbTJ3UW13ZGhmZVZuMDFaS1Ewb05CN1JqQT08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU+aktwQUNmMWkxR0FMSWQ5Y0liQlFsTkJQMVhpZDhhYXFKOUxyTkFIZ1lpR2VIc0NscldVUkZJREprOGI0T3RmdHdXTGZKeXBXbXgwWm15M2hpTTJyVHBIbDBLMGVqSFNsOS9Ed0pabkNEQW1CS1lhZ0ZFR0xxWXYwaXI0Y2lYaForTkdXSDY1czhBRlVibjU2SytaS3lpMFkwMWc4TmVqaS92OTNlZFZ6ZTZnPTwvZHM6U2lnbmF0dXJlVmFsdWU+DQo8ZHM6S2V5SW5mbz48ZHM6WDUwOURhdGE+PGRzOlg1MDlDZXJ0aWZpY2F0ZT5NSUlDZ1RDQ0Flb0NDUUNiT2xyV0RkWDdGVEFOQmdrcWhraUc5dzBCQVFVRkFEQ0JoREVMTUFrR0ExVUVCaE1DVGs4eEdEQVdCZ05WQkFnVEQwRnVaSEpsWVhNZ1UyOXNZbVZ5WnpFTU1Bb0dBMVVFQnhNRFJtOXZNUkF3RGdZRFZRUUtFd2RWVGtsT1JWUlVNUmd3RmdZRFZRUURFdzltWldsa1pTNWxjbXhoYm1jdWJtOHhJVEFmQmdrcWhraUc5dzBCQ1FFV0VtRnVaSEpsWVhOQWRXNXBibVYwZEM1dWJ6QWVGdzB3TnpBMk1UVXhNakF4TXpWYUZ3MHdOekE0TVRReE1qQXhNelZhTUlHRU1Rc3dDUVlEVlFRR0V3Sk9UekVZTUJZR0ExVUVDQk1QUVc1a2NtVmhjeUJUYjJ4aVpYSm5NUXd3Q2dZRFZRUUhFd05HYjI4eEVEQU9CZ05WQkFvVEIxVk9TVTVGVkZReEdEQVdCZ05WQkFNVEQyWmxhV1JsTG1WeWJHRnVaeTV1YnpFaE1COEdDU3FHU0liM0RRRUpBUllTWVc1a2NtVmhjMEIxYm1sdVpYUjBMbTV2TUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FEaXZiaFI3UDUxNngvUzNCcUt4dXBRZTBMT05vbGl1cGlCT2VzQ08zU0hiRHJsMytxOUliZm5mbUUwNHJOdU1jUHNJeEIxNjFUZERwSWVzTENuN2M4YVBISVNLT3RQbEFlVFpTbmI4UUF1N2FSalpxMytQYnJQNXVXM1RjZkNHUHRLVHl0SE9nZS9PbEpibzA3OGRWaFhRMTRkMUVEd1hKVzFyUlh1VXQ0QzhRSURBUUFCTUEwR0NTcUdTSWIzRFFFQkJRVUFBNEdCQUNEVmZwODZIT2JxWStlOEJVb1dROStWTVF4MUFTRG9oQmp3T3NnMld5a1VxUlhGK2RMZmNVSDlkV1I2M0N0WklLRkRiU3ROb21QblF6N25iSytvbnlnd0JzcFZFYm5IdVVpaFpxM1pVZG11bVFxQ3c0VXZzLzFVdnEzb3JPby9XSlZoVHl2TGdGVksyUWFyUTQvNjdPWmZIZDdSK1BPQlhob3BoU012MVpPbzwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1sOlN1YmplY3Q+PHNhbWw6TmFtZUlEIE5hbWVRdWFsaWZpZXI9Imh0dHBzOi8vdGVzdC5leGFtcGxlLmNvbS9zYW1sL21ldGFkYXRhIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+NDkyODgyNjE1YWNmMzFjODA5NmI2MjcyNDVkNzZhZTUzMDM2YzA5MDwvc2FtbDpOYW1lSUQ+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjA1NC0wOC0yM1QwNjo1NzowMVoiIFJlY2lwaWVudD0iaHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9pbmRleC5waHA/YWNzIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOXzVmZTlkNmU0OTliMmYwOTEzMjA2YWFiM2Y3MTkxNzI5MDQ5YmI4MDciLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWw6U3ViamVjdD48c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxNC0wMi0xOVQwMTozNjozMVoiIE5vdE9uT3JBZnRlcj0iMjA1NC0wOC0yM1QwNjo1NzowMVoiPjxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PHNhbWw6QXVkaWVuY2U+aHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvbWV0YWRhdGEucGhwPC9zYW1sOkF1ZGllbmNlPjwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjwvc2FtbDpDb25kaXRpb25zPjxzYW1sOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxNC0wMi0xOVQwMTozNzowMVoiIFNlc3Npb25Ob3RPbk9yQWZ0ZXI9IjIwNTQtMDItMTlUMDk6Mzc6MDFaIiBTZXNzaW9uSW5kZXg9Il82MjczZDc3YjhjZGUwYzMzM2VjNzlkMjJhOWZhMDAwM2I5ZmUyZDc1Y2IiPjxzYW1sOkF1dGhuQ29udGV4dD48c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZDwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj48L3NhbWw6QXV0aG5Db250ZXh0Pjwvc2FtbDpBdXRoblN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlIE5hbWU9InVpZCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+c21hcnRpbjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJtYWlsIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5zbWFydGluQHlhY28uZXM8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0iY24iIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPlNpeHRvMzwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJzbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+TWFydGluMjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJlZHVQZXJzb25BZmZpbGlhdGlvbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+dXNlcjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5hZG1pbjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PC9zYW1sOkFzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg==python3-saml-1.12.0/tests/data/responses/valid_response_without_inresponseto.xml.base64000066400000000000000000000127211410551756100314520ustar00rootroot00000000000000PD94bWwgdmVyc2lvbj0iMS4wIj8+CjxzYW1scDpSZXNwb25zZSB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBJRD0icGZ4MDVmM2NlMTAtMTYxNS1mM2VhLWE5ODgtNjBlMzgwYjMyOTlmIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxNC0wMi0xOVQwMTozNzowMVoiIERlc3RpbmF0aW9uPSJodHRwczovL3BpdGJ1bGsubm8taXAub3JnL25ld29uZWxvZ2luL2RlbW8xL2luZGV4LnBocD9hY3MiPgogIDxzYW1sOklzc3Vlcj5odHRwczovL3BpdGJ1bGsubm8taXAub3JnL3NpbXBsZXNhbWwvc2FtbDIvaWRwL21ldGFkYXRhLnBocDwvc2FtbDpJc3N1ZXI+CiAgPGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+CiAgICA8ZHM6U2lnbmVkSW5mbz4KICAgICAgPGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KICAgICAgPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIvPgogICAgICA8ZHM6UmVmZXJlbmNlIFVSST0iI3BmeDA1ZjNjZTEwLTE2MTUtZjNlYS1hOTg4LTYwZTM4MGIzMjk5ZiI+CiAgICAgICAgPGRzOlRyYW5zZm9ybXM+CiAgICAgICAgICA8ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz4KICAgICAgICAgIDxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KICAgICAgICA8L2RzOlRyYW5zZm9ybXM+CiAgICAgICAgPGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+CiAgICAgICAgPGRzOkRpZ2VzdFZhbHVlPkRjUWNDL1BoS05qRTlLa29YRXZZRlhXMHZGdz08L2RzOkRpZ2VzdFZhbHVlPgogICAgICA8L2RzOlJlZmVyZW5jZT4KICAgIDwvZHM6U2lnbmVkSW5mbz4KICAgIDxkczpTaWduYXR1cmVWYWx1ZT5xVjcvc2YvVEt1S0x5allaMGNDSlhCWnZSYmF1RXNoMXQvaEtJeStpVHJRSjYxWG0rMXZDcEtvVXdleGNuL1ZpCitsemZlaHZjL2tDMjE5TjZVTUUxZnRLTDY2OSsxYkpFb1NLejQrN2VhWi9XTFdYL0hRYndMVmh6dlh3bWdMQVAKUEhLNmZJZHpocGRkLzRydjlXVnpjaGoveGcxWVNkaXFrcnU3YUhhS2FEOD08L2RzOlNpZ25hdHVyZVZhbHVlPgogIDwvZHM6U2lnbmF0dXJlPgogIDxzYW1scDpTdGF0dXM+CiAgICA8c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+CiAgPC9zYW1scDpTdGF0dXM+CiAgPHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9InBmeGI0ZWM5YzhhLTQ4ZWItZmRhMi03Zjc0LWZhMWExMDVhOTlmZSIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDItMTlUMDE6Mzc6MDFaIj4KICAgIDxzYW1sOklzc3Vlcj5odHRwczovL3BpdGJ1bGsubm8taXAub3JnL3NpbXBsZXNhbWwvc2FtbDIvaWRwL21ldGFkYXRhLnBocDwvc2FtbDpJc3N1ZXI+CiAgICA8c2FtbDpTdWJqZWN0PgogICAgICA8c2FtbDpOYW1lSUQgU1BOYW1lUXVhbGlmaWVyPSJodHRwczovL3BpdGJ1bGsubm8taXAub3JnL25ld29uZWxvZ2luL2RlbW8xL21ldGFkYXRhLnBocCIgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjE6bmFtZWlkLWZvcm1hdDplbWFpbEFkZHJlc3MiPjQ5Mjg4MjYxNWFjZjMxYzgwOTZiNjI3MjQ1ZDc2YWU1MzAzNmMwOTA8L3NhbWw6TmFtZUlEPgogICAgICA8c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+CiAgICAgICAgPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDIzLTA4LTIzVDA2OjU3OjAxWiIgUmVjaXBpZW50PSJodHRwczovL3BpdGJ1bGsubm8taXAub3JnL25ld29uZWxvZ2luL2RlbW8xL2luZGV4LnBocD9hY3MiIEluUmVzcG9uc2VUbz0iT05FTE9HSU5fNWZlOWQ2ZTQ5OWIyZjA5MTMyMDZhYWIzZjcxOTE3MjkwNDliYjgwNyIvPgogICAgICA8L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4KICAgIDwvc2FtbDpTdWJqZWN0PgogICAgPHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTQtMDItMTlUMDE6MzY6MzFaIiBOb3RPbk9yQWZ0ZXI9IjIwMjMtMDgtMjNUMDY6NTc6MDFaIj4KICAgICAgPHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj4KICAgICAgICA8c2FtbDpBdWRpZW5jZT5odHRwczovL3BpdGJ1bGsubm8taXAub3JnL25ld29uZWxvZ2luL2RlbW8xL21ldGFkYXRhLnBocDwvc2FtbDpBdWRpZW5jZT4KICAgICAgPC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+CiAgICA8L3NhbWw6Q29uZGl0aW9ucz4KICAgIDxzYW1sOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxNC0wMi0xOVQwMTozNzowMVoiIFNlc3Npb25Ob3RPbk9yQWZ0ZXI9IjIwMTQtMDItMTlUMDk6Mzc6MDFaIiBTZXNzaW9uSW5kZXg9Il82MjczZDc3YjhjZGUwYzMzM2VjNzlkMjJhOWZhMDAwM2I5ZmUyZDc1Y2IiPgogICAgICA8c2FtbDpBdXRobkNvbnRleHQ+CiAgICAgICAgPHNhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmQ8L3NhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+CiAgICAgIDwvc2FtbDpBdXRobkNvbnRleHQ+CiAgICA8L3NhbWw6QXV0aG5TdGF0ZW1lbnQ+CiAgICA8c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+CiAgICAgIDxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJ1aWQiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPgogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPnNtYXJ0aW48L3NhbWw6QXR0cmlidXRlVmFsdWU+CiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+CiAgICAgIDxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJtYWlsIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj4KICAgICAgICA8c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5zbWFydGluQHlhY28uZXM8L3NhbWw6QXR0cmlidXRlVmFsdWU+CiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+CiAgICAgIDxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJjbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+CiAgICAgICAgPHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+U2l4dG8zPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPgogICAgICA8L3NhbWw6QXR0cmlidXRlPgogICAgICA8c2FtbDpBdHRyaWJ1dGUgTmFtZT0ic24iIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPgogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPk1hcnRpbjI8L3NhbWw6QXR0cmlidXRlVmFsdWU+CiAgICAgIDwvc2FtbDpBdHRyaWJ1dGU+CiAgICAgIDxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJlZHVQZXJzb25BZmZpbGlhdGlvbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+CiAgICAgICAgPHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+dXNlcjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4KICAgICAgICA8c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5hZG1pbjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT4KICAgICAgPC9zYW1sOkF0dHJpYnV0ZT4KICAgIDwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+CiAgPC9zYW1sOkFzc2VydGlvbj4KPC9zYW1scDpSZXNwb25zZT4K python3-saml-1.12.0/tests/data/responses/valid_unsigned_response.xml000066400000000000000000000076351410551756100257000ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJwZngwNWYzY2UxMC0xNjE1LWYzZWEtYTk4OC02MGUzODBiMzI5OWYiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTAyLTE5VDAxOjM3OjAxWiIgRGVzdGluYXRpb249Imh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvbmV3b25lbG9naW4vZGVtbzEvaW5kZXgucGhwP2FjcyIgSW5SZXNwb25zZVRvPSJPTkVMT0dJTl81ZmU5ZDZlNDk5YjJmMDkxMzIwNmFhYjNmNzE5MTcyOTA0OWJiODA3Ij48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9zaW1wbGVzYW1sL3NhbWwyL2lkcC9tZXRhZGF0YS5waHA8L3NhbWw6SXNzdWVyPjxzYW1scDpTdGF0dXM+PHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbHA6U3RhdHVzPjxzYW1sOkFzc2VydGlvbiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIElEPSJwZnhiNGVjOWM4YS00OGViLWZkYTItN2Y3NC1mYTFhMTA1YTk5ZmUiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTAyLTE5VDAxOjM3OjAxWiI+PHNhbWw6SXNzdWVyPmh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvc2ltcGxlc2FtbC9zYW1sMi9pZHAvbWV0YWRhdGEucGhwPC9zYW1sOklzc3Vlcj48c2FtbDpTdWJqZWN0PjxzYW1sOk5hbWVJRCBTUE5hbWVRdWFsaWZpZXI9Imh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvbmV3b25lbG9naW4vZGVtbzEvbWV0YWRhdGEucGhwIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+NDkyODgyNjE1YWNmMzFjODA5NmI2MjcyNDVkNzZhZTUzMDM2YzA5MDwvc2FtbDpOYW1lSUQ+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAyMy0wOC0yM1QwNjo1NzowMVoiIFJlY2lwaWVudD0iaHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9pbmRleC5waHA/YWNzIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOXzVmZTlkNmU0OTliMmYwOTEzMjA2YWFiM2Y3MTkxNzI5MDQ5YmI4MDciLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWw6U3ViamVjdD48c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxNC0wMi0xOVQwMTozNjozMVoiIE5vdE9uT3JBZnRlcj0iMjAyMy0wOC0yM1QwNjo1NzowMVoiPjxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PHNhbWw6QXVkaWVuY2U+aHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9tZXRhZGF0YS5waHA8L3NhbWw6QXVkaWVuY2U+PC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PC9zYW1sOkNvbmRpdGlvbnM+PHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDE0LTAyLTE5VDAxOjM3OjAxWiIgU2Vzc2lvbk5vdE9uT3JBZnRlcj0iMjAxNC0wMi0xOVQwOTozNzowMVoiIFNlc3Npb25JbmRleD0iXzYyNzNkNzdiOGNkZTBjMzMzZWM3OWQyMmE5ZmEwMDAzYjlmZTJkNzVjYiI+PHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDpBdXRobkNvbnRleHQ+PC9zYW1sOkF1dGhuU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGUgTmFtZT0idWlkIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5zbWFydGluPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Im1haWwiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPnNtYXJ0aW5AeWFjby5lczwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJjbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+U2l4dG8zPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9InNuIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5NYXJ0aW4yPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9ImVkdVBlcnNvbkFmZmlsaWF0aW9uIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj51c2VyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPmFkbWluPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48L3NhbWw6QXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+ python3-saml-1.12.0/tests/data/responses/valid_unsigned_response.xml.base64000066400000000000000000000076351410551756100267630ustar00rootroot00000000000000PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJwZngwNWYzY2UxMC0xNjE1LWYzZWEtYTk4OC02MGUzODBiMzI5OWYiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTAyLTE5VDAxOjM3OjAxWiIgRGVzdGluYXRpb249Imh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvbmV3b25lbG9naW4vZGVtbzEvaW5kZXgucGhwP2FjcyIgSW5SZXNwb25zZVRvPSJPTkVMT0dJTl81ZmU5ZDZlNDk5YjJmMDkxMzIwNmFhYjNmNzE5MTcyOTA0OWJiODA3Ij48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9zaW1wbGVzYW1sL3NhbWwyL2lkcC9tZXRhZGF0YS5waHA8L3NhbWw6SXNzdWVyPjxzYW1scDpTdGF0dXM+PHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbHA6U3RhdHVzPjxzYW1sOkFzc2VydGlvbiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIElEPSJwZnhiNGVjOWM4YS00OGViLWZkYTItN2Y3NC1mYTFhMTA1YTk5ZmUiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTAyLTE5VDAxOjM3OjAxWiI+PHNhbWw6SXNzdWVyPmh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvc2ltcGxlc2FtbC9zYW1sMi9pZHAvbWV0YWRhdGEucGhwPC9zYW1sOklzc3Vlcj48c2FtbDpTdWJqZWN0PjxzYW1sOk5hbWVJRCBTUE5hbWVRdWFsaWZpZXI9Imh0dHBzOi8vcGl0YnVsay5uby1pcC5vcmcvbmV3b25lbG9naW4vZGVtbzEvbWV0YWRhdGEucGhwIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+NDkyODgyNjE1YWNmMzFjODA5NmI2MjcyNDVkNzZhZTUzMDM2YzA5MDwvc2FtbDpOYW1lSUQ+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAyMy0wOC0yM1QwNjo1NzowMVoiIFJlY2lwaWVudD0iaHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9pbmRleC5waHA/YWNzIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOXzVmZTlkNmU0OTliMmYwOTEzMjA2YWFiM2Y3MTkxNzI5MDQ5YmI4MDciLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWw6U3ViamVjdD48c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxNC0wMi0xOVQwMTozNjozMVoiIE5vdE9uT3JBZnRlcj0iMjAyMy0wOC0yM1QwNjo1NzowMVoiPjxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PHNhbWw6QXVkaWVuY2U+aHR0cHM6Ly9waXRidWxrLm5vLWlwLm9yZy9uZXdvbmVsb2dpbi9kZW1vMS9tZXRhZGF0YS5waHA8L3NhbWw6QXVkaWVuY2U+PC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PC9zYW1sOkNvbmRpdGlvbnM+PHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDE0LTAyLTE5VDAxOjM3OjAxWiIgU2Vzc2lvbk5vdE9uT3JBZnRlcj0iMjAxNC0wMi0xOVQwOTozNzowMVoiIFNlc3Npb25JbmRleD0iXzYyNzNkNzdiOGNkZTBjMzMzZWM3OWQyMmE5ZmEwMDAzYjlmZTJkNzVjYiI+PHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDpBdXRobkNvbnRleHQ+PC9zYW1sOkF1dGhuU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGUgTmFtZT0idWlkIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5zbWFydGluPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Im1haWwiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPnNtYXJ0aW5AeWFjby5lczwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJjbiIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDpiYXNpYyI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+U2l4dG8zPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9InNuIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5NYXJ0aW4yPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9ImVkdVBlcnNvbkFmZmlsaWF0aW9uIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj51c2VyPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPmFkbWluPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48L3NhbWw6QXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+ python3-saml-1.12.0/tests/data/responses/wrapped_response_2.xml.base64000066400000000000000000000227721410551756100256520ustar00rootroot0000000000000077u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4NCjxzYW1s cDpSZXNwb25zZSB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6 Mi4wOnByb3RvY29sIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FN TDoyLjA6YXNzZXJ0aW9uIiBJRD0iXzI2NTAyNGI0NjAyZmM2OGMwMTQ1YzZlOWM1 NzFkOGY2MjE5ZTZjZmVlMCIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIw MTEtMDYtMTNUMTY6MDI6MjVaIiBEZXN0aW5hdGlvbj0iaHR0cDovL2xvY2FsaG9z dC9waHAtc2FtbC1maXhlZC9jb25zdW1lLnBocCIgSW5SZXNwb25zZVRvPSJfMzI0 NDJhOGMzZDFiYThlYTEzNmMiPg0KICA8c2FtbDpJc3N1ZXI+aHR0cHM6Ly9pZHAv c2ltcGxlc2FtbC9zYW1sMi9pZHAvbWV0YWRhdGEucGhwPC9zYW1sOklzc3Vlcj4N CiAgPHNhbWxwOlN0YXR1cz4NCiAgICA8c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0i dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIiAvPg0K ICA8L3NhbWxwOlN0YXR1cz4NCiAgPHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0i aHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5z OnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9Il82M2Iw YWVhZWMyYmJiNDU4ZjcxMTUzZjIxODBjNzJjNDM5MzFkM2M5MjAiIFZlcnNpb249 IjIuMCIgSXNzdWVJbnN0YW50PSIyMDExLTA2LTEzVDE2OjAyOjI1WiI+DQogICAg PHNhbWw6SXNzdWVyPmh0dHBzOi8vaWRwL3NpbXBsZXNhbWwvc2FtbDIvaWRwL21l dGFkYXRhLnBocDwvc2FtbDpJc3N1ZXI+DQogICAgPHNhbWw6U3ViamVjdD4NCiAg ICAgIDxzYW1sOk5hbWVJRCBTUE5hbWVRdWFsaWZpZXI9InBocC1zYW1sLWZpeGVk IiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9y bWF0OmVtYWlsQWRkcmVzcyI+cm9vdEBleGFtcGxlLmNvbTwvc2FtbDpOYW1lSUQ+ DQogICAgICA8c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9h c2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+DQogICAgICAgIDxzYW1s OlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAxMS0wNi0x M1QxNjowNzoyNVoiIFJlY2lwaWVudD0iaHR0cDovL2xvY2FsaG9zdC9waHAtc2Ft bC1maXhlZC9jb25zdW1lLnBocCIgSW5SZXNwb25zZVRvPSJfMzI0NDJhOGMzZDFi YThlYTEzNmMiIC8+DQogICAgICA8L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4N CiAgICA8L3NhbWw6U3ViamVjdD4NCiAgICA8c2FtbDpDb25kaXRpb25zIE5vdEJl Zm9yZT0iMjAxMS0wNi0xM1QxNjowMTo1NVoiIE5vdE9uT3JBZnRlcj0iMjAxMS0w Ni0xM1QxNjowNzoyNVoiPg0KICAgICAgPHNhbWw6QXVkaWVuY2VSZXN0cmljdGlv bj4NCiAgICAgICAgPHNhbWw6QXVkaWVuY2U+cGhwLXNhbWwtZml4ZWQ8L3NhbWw6 QXVkaWVuY2U+DQogICAgICA8L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj4NCiAg ICA8L3NhbWw6Q29uZGl0aW9ucz4NCiAgICA8c2FtbDpBdXRoblN0YXRlbWVudCBB dXRobkluc3RhbnQ9IjIwMTEtMDYtMTNUMTI6NDc6MzNaIiBTZXNzaW9uTm90T25P ckFmdGVyPSIyMDExLTA2LTE0VDAwOjAyOjI1WiIgU2Vzc2lvbkluZGV4PSJfNTk5 NGFjYjUyODc4MTc4ZjAyYjY2ZTY5M2RlYmUzNDA3MjU3OTZjZDJjIj4NCiAgICAg IDxzYW1sOkF1dGhuQ29udGV4dD4NCiAgICAgICAgPHNhbWw6QXV0aG5Db250ZXh0 Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6 UGFzc3dvcmQ8L3NhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+DQogICAgICA8L3Nh bWw6QXV0aG5Db250ZXh0Pg0KICAgIDwvc2FtbDpBdXRoblN0YXRlbWVudD4NCiAg PC9zYW1sOkFzc2VydGlvbj4NCiAgPG1kOkVudGl0eURlc2NyaXB0b3IgeG1sbnM6 bWQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDptZXRhZGF0YSIgeG1sbnM6 ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIGVudGl0eUlE PSJodHRwczovL2lkcC9zaW1wbGVzYW1sL3NhbWwyL2lkcC9tZXRhZGF0YS5waHAi IElEPSJwZng4YjhmZTFkMC0wZjhmLTJlMDAtYTAwOC1iOThiYmM1ZGExZDAiPg0K ICAgIDxkczpTaWduYXR1cmU+DQogICAgICA8ZHM6U2lnbmVkSW5mbz4NCiAgICAg ICAgPGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8v d3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+DQogICAgICAgIDxk czpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8y MDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiIC8+DQogICAgICAgIDxkczpSZWZlcmVu Y2UgVVJJPSIjcGZ4OGI4ZmUxZDAtMGY4Zi0yZTAwLWEwMDgtYjk4YmJjNWRhMWQw Ij4NCiAgICAgICAgICA8ZHM6VHJhbnNmb3Jtcz4NCiAgICAgICAgICAgIDxkczpU cmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3ht bGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIgLz4NCiAgICAgICAgICAgIDxkczpU cmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3ht bC1leGMtYzE0biMiIC8+DQogICAgICAgICAgPC9kczpUcmFuc2Zvcm1zPg0KICAg ICAgICAgIDxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3Lncz Lm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIgLz4NCiAgICAgICAgICA8ZHM6RGln ZXN0VmFsdWU+NVVmdy9lUlMwVHpIbC9vc2pMVCtJOGxlUDZVPTwvZHM6RGlnZXN0 VmFsdWU+DQogICAgICAgIDwvZHM6UmVmZXJlbmNlPg0KICAgICAgPC9kczpTaWdu ZWRJbmZvPg0KICAgICAgPGRzOlNpZ25hdHVyZVZhbHVlPkM0OFpLQ2FwQVdsNHBx WlM1ZFhMTmVmdjZSYS9hMXZGSDlGWDZsd3c3RS94VmxtZXFTbHh1WGEra0JicE4r RWFzWmJaMGE4blYxTE1oNGN5TER2ajVnVURyYkhvMG1aOVNhRDBZaFhxcnBQY21H djVmSGZxZFRtRTVJUUs2MjQ0UkFPdk05MklyYU0vU0hRQ0dROE1hdkhTNSs4Nm11 MGdkbjVuNWJrcUU1ND08L2RzOlNpZ25hdHVyZVZhbHVlPg0KICAgICAgPGRzOktl eUluZm8+DQogICAgICAgIDxkczpYNTA5RGF0YT4NCiAgICAgICAgICA8ZHM6WDUw OUNlcnRpZmljYXRlPk1JSUNnVENDQWVvQ0NRQ2JPbHJXRGRYN0ZUQU5CZ2txaGtp Rzl3MEJBUVVGQURDQmhERUxNQWtHQTFVRUJoTUNUazh4R0RBV0JnTlZCQWdURDBG dVpISmxZWE1nVTI5c1ltVnlaekVNTUFvR0ExVUVCeE1EUm05dk1SQXdEZ1lEVlFR S0V3ZFZUa2xPUlZSVU1SZ3dGZ1lEVlFRREV3OW1aV2xrWlM1bGNteGhibWN1Ym04 eElUQWZCZ2txaGtpRzl3MEJDUUVXRW1GdVpISmxZWE5BZFc1cGJtVjBkQzV1YnpB ZUZ3MHdOekEyTVRVeE1qQXhNelZhRncwd056QTRNVFF4TWpBeE16VmFNSUdFTVFz d0NRWURWUVFHRXdKT1R6RVlNQllHQTFVRUNCTVBRVzVrY21WaGN5QlRiMnhpWlhK bk1Rd3dDZ1lEVlFRSEV3TkdiMjh4RURBT0JnTlZCQW9UQjFWT1NVNUZWRlF4R0RB V0JnTlZCQU1URDJabGFXUmxMbVZ5YkdGdVp5NXViekVoTUI4R0NTcUdTSWIzRFFF SkFSWVNZVzVrY21WaGMwQjFibWx1WlhSMExtNXZNSUdmTUEwR0NTcUdTSWIzRFFF QkFRVUFBNEdOQURDQmlRS0JnUURpdmJoUjdQNTE2eC9TM0JxS3h1cFFlMExPTm9s aXVwaUJPZXNDTzNTSGJEcmwzK3E5SWJmbmZtRTA0ck51TWNQc0l4QjE2MVRkRHBJ ZXNMQ243YzhhUEhJU0tPdFBsQWVUWlNuYjhRQXU3YVJqWnEzK1BiclA1dVczVGNm Q0dQdEtUeXRIT2dlL09sSmJvMDc4ZFZoWFExNGQxRUR3WEpXMXJSWHVVdDRDOFFJ REFRQUJNQTBHQ1NxR1NJYjNEUUVCQlFVQUE0R0JBQ0RWZnA4NkhPYnFZK2U4QlVv V1E5K1ZNUXgxQVNEb2hCandPc2cyV3lrVXFSWEYrZExmY1VIOWRXUjYzQ3RaSUtG RGJTdE5vbVBuUXo3bmJLK29ueWd3QnNwVkVibkh1VWloWnEzWlVkbXVtUXFDdzRV dnMvMVV2cTNvck9vL1dKVmhUeXZMZ0ZWSzJRYXJRNC82N09aZkhkN1IrUE9CWGhv cGhTTXYxWk9vPC9kczpYNTA5Q2VydGlmaWNhdGU+DQogICAgICAgIDwvZHM6WDUw OURhdGE+DQogICAgICA8L2RzOktleUluZm8+DQogICAgPC9kczpTaWduYXR1cmU+ DQogICAgPG1kOklEUFNTT0Rlc2NyaXB0b3IgcHJvdG9jb2xTdXBwb3J0RW51bWVy YXRpb249InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCI+DQog ICAgICA8bWQ6S2V5RGVzY3JpcHRvciB1c2U9InNpZ25pbmciPg0KICAgICAgICA8 ZHM6S2V5SW5mbyB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94 bWxkc2lnIyI+DQogICAgICAgICAgPGRzOlg1MDlEYXRhPg0KICAgICAgICAgICAg PGRzOlg1MDlDZXJ0aWZpY2F0ZT5NSUlDZ1RDQ0Flb0NDUUNiT2xyV0RkWDdGVEFO QmdrcWhraUc5dzBCQVFVRkFEQ0JoREVMTUFrR0ExVUVCaE1DVGs4eEdEQVdCZ05W QkFnVEQwRnVaSEpsWVhNZ1UyOXNZbVZ5WnpFTU1Bb0dBMVVFQnhNRFJtOXZNUkF3 RGdZRFZRUUtFd2RWVGtsT1JWUlVNUmd3RmdZRFZRUURFdzltWldsa1pTNWxjbXho Ym1jdWJtOHhJVEFmQmdrcWhraUc5dzBCQ1FFV0VtRnVaSEpsWVhOQWRXNXBibVYw ZEM1dWJ6QWVGdzB3TnpBMk1UVXhNakF4TXpWYUZ3MHdOekE0TVRReE1qQXhNelZh TUlHRU1Rc3dDUVlEVlFRR0V3Sk9UekVZTUJZR0ExVUVDQk1QUVc1a2NtVmhjeUJU YjJ4aVpYSm5NUXd3Q2dZRFZRUUhFd05HYjI4eEVEQU9CZ05WQkFvVEIxVk9TVTVG VkZReEdEQVdCZ05WQkFNVEQyWmxhV1JsTG1WeWJHRnVaeTV1YnpFaE1COEdDU3FH U0liM0RRRUpBUllTWVc1a2NtVmhjMEIxYm1sdVpYUjBMbTV2TUlHZk1BMEdDU3FH U0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FEaXZiaFI3UDUxNngvUzNCcUt4dXBR ZTBMT05vbGl1cGlCT2VzQ08zU0hiRHJsMytxOUliZm5mbUUwNHJOdU1jUHNJeEIx NjFUZERwSWVzTENuN2M4YVBISVNLT3RQbEFlVFpTbmI4UUF1N2FSalpxMytQYnJQ NXVXM1RjZkNHUHRLVHl0SE9nZS9PbEpibzA3OGRWaFhRMTRkMUVEd1hKVzFyUlh1 VXQ0QzhRSURBUUFCTUEwR0NTcUdTSWIzRFFFQkJRVUFBNEdCQUNEVmZwODZIT2Jx WStlOEJVb1dROStWTVF4MUFTRG9oQmp3T3NnMld5a1VxUlhGK2RMZmNVSDlkV1I2 M0N0WklLRkRiU3ROb21QblF6N25iSytvbnlnd0JzcFZFYm5IdVVpaFpxM1pVZG11 bVFxQ3c0VXZzLzFVdnEzb3JPby9XSlZoVHl2TGdGVksyUWFyUTQvNjdPWmZIZDdS K1BPQlhob3BoU012MVpPbzwvZHM6WDUwOUNlcnRpZmljYXRlPg0KICAgICAgICAg IDwvZHM6WDUwOURhdGE+DQogICAgICAgIDwvZHM6S2V5SW5mbz4NCiAgICAgIDwv bWQ6S2V5RGVzY3JpcHRvcj4NCiAgICAgIDxtZDpLZXlEZXNjcmlwdG9yIHVzZT0i ZW5jcnlwdGlvbiI+DQogICAgICAgIDxkczpLZXlJbmZvIHhtbG5zOmRzPSJodHRw Oi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgICAgICAgICA8ZHM6 WDUwOURhdGE+DQogICAgICAgICAgICA8ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUNn VENDQWVvQ0NRQ2JPbHJXRGRYN0ZUQU5CZ2txaGtpRzl3MEJBUVVGQURDQmhERUxN QWtHQTFVRUJoTUNUazh4R0RBV0JnTlZCQWdURDBGdVpISmxZWE1nVTI5c1ltVnla ekVNTUFvR0ExVUVCeE1EUm05dk1SQXdEZ1lEVlFRS0V3ZFZUa2xPUlZSVU1SZ3dG Z1lEVlFRREV3OW1aV2xrWlM1bGNteGhibWN1Ym04eElUQWZCZ2txaGtpRzl3MEJD UUVXRW1GdVpISmxZWE5BZFc1cGJtVjBkQzV1YnpBZUZ3MHdOekEyTVRVeE1qQXhN elZhRncwd056QTRNVFF4TWpBeE16VmFNSUdFTVFzd0NRWURWUVFHRXdKT1R6RVlN QllHQTFVRUNCTVBRVzVrY21WaGN5QlRiMnhpWlhKbk1Rd3dDZ1lEVlFRSEV3Tkdi Mjh4RURBT0JnTlZCQW9UQjFWT1NVNUZWRlF4R0RBV0JnTlZCQU1URDJabGFXUmxM bVZ5YkdGdVp5NXViekVoTUI4R0NTcUdTSWIzRFFFSkFSWVNZVzVrY21WaGMwQjFi bWx1WlhSMExtNXZNSUdmTUEwR0NTcUdTSWIzRFFFQkFRVUFBNEdOQURDQmlRS0Jn UURpdmJoUjdQNTE2eC9TM0JxS3h1cFFlMExPTm9saXVwaUJPZXNDTzNTSGJEcmwz K3E5SWJmbmZtRTA0ck51TWNQc0l4QjE2MVRkRHBJZXNMQ243YzhhUEhJU0tPdFBs QWVUWlNuYjhRQXU3YVJqWnEzK1BiclA1dVczVGNmQ0dQdEtUeXRIT2dlL09sSmJv MDc4ZFZoWFExNGQxRUR3WEpXMXJSWHVVdDRDOFFJREFRQUJNQTBHQ1NxR1NJYjNE UUVCQlFVQUE0R0JBQ0RWZnA4NkhPYnFZK2U4QlVvV1E5K1ZNUXgxQVNEb2hCandP c2cyV3lrVXFSWEYrZExmY1VIOWRXUjYzQ3RaSUtGRGJTdE5vbVBuUXo3bmJLK29u eWd3QnNwVkVibkh1VWloWnEzWlVkbXVtUXFDdzRVdnMvMVV2cTNvck9vL1dKVmhU eXZMZ0ZWSzJRYXJRNC82N09aZkhkN1IrUE9CWGhvcGhTTXYxWk9vPC9kczpYNTA5 Q2VydGlmaWNhdGU+DQogICAgICAgICAgPC9kczpYNTA5RGF0YT4NCiAgICAgICAg PC9kczpLZXlJbmZvPg0KICAgICAgPC9tZDpLZXlEZXNjcmlwdG9yPg0KICAgICAg PG1kOlNpbmdsZUxvZ291dFNlcnZpY2UgQmluZGluZz0idXJuOm9hc2lzOm5hbWVz OnRjOlNBTUw6Mi4wOmJpbmRpbmdzOkhUVFAtUmVkaXJlY3QiIExvY2F0aW9uPSJo dHRwczovL2lkcC9zaW1wbGVzYW1sL3NhbWwyL2lkcC9TaW5nbGVMb2dvdXRTZXJ2 aWNlLnBocCIgLz4NCiAgICAgIDxtZDpOYW1lSURGb3JtYXQ+dXJuOm9hc2lzOm5h bWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6dHJhbnNpZW50PC9tZDpOYW1l SURGb3JtYXQ+DQogICAgICA8bWQ6U2luZ2xlU2lnbk9uU2VydmljZSBCaW5kaW5n PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YmluZGluZ3M6SFRUUC1SZWRp cmVjdCIgTG9jYXRpb249Imh0dHBzOi8vaWRwL3NpbXBsZXNhbWwvc2FtbDIvaWRw L1NTT1NlcnZpY2UucGhwIiAvPg0KICAgIDwvbWQ6SURQU1NPRGVzY3JpcHRvcj4N CiAgICA8bWQ6Q29udGFjdFBlcnNvbiBjb250YWN0VHlwZT0idGVjaG5pY2FsIj4N CiAgICAgIDxtZDpHaXZlbk5hbWU+QW5kcmVhczwvbWQ6R2l2ZW5OYW1lPg0KICAg ICAgPG1kOlN1ck5hbWU+TWF5ZXI8L21kOlN1ck5hbWU+DQogICAgICA8bWQ6RW1h aWxBZGRyZXNzPmFuZHJlYXMubWF5ZXJAd3VlcnRoLmNvbTwvbWQ6RW1haWxBZGRy ZXNzPg0KICAgIDwvbWQ6Q29udGFjdFBlcnNvbj4NCiAgPC9tZDpFbnRpdHlEZXNj cmlwdG9yPg0KPC9zYW1scDpSZXNwb25zZT4= python3-saml-1.12.0/tests/pylint.rc000066400000000000000000000040351410551756100171470ustar00rootroot00000000000000[MASTER] profile=no persistent=yes ignore= cache-size=500 [REPORTS] output-format=text files-output=no reports=yes [BASIC] no-docstring-rgx=__.*__|_.* class-rgx=[A-Z_][a-zA-Z0-9_]+$ function-rgx=[a-zA_][a-zA-Z0-9_]{2,70}$ method-rgx=[a-z_][a-zA-Z0-9_]{2,70}$ const-rgx=(([A-Z_][A-Z0-9_]*)|([a-z_][a-z0-9_]*)|(__.*__)|register|urlpatterns)$ good-names=_,i,j,k,e,qs,pk,setUp,tearDown,el,ns,fd,js,nb,na,sp,SAML_SINGLE_LOGOUT_NOT_SUPPORTED,SAML_SINGLE_LOGOUT_NOT_SUPPORTED,NAMEID_WINDOWS_DOMAIN_QUALIFIED_NAME docstring-min-length=1 disable=E0611,W0703,W0511,W1401,F0401,W0102,E1103,W0212,I0011 [TYPECHECK] # Tells whether missing members accessed in mixin class should be ignored. A # mixin class is detected if its name ends with "mixin" (case insensitive). ignore-mixin-members=yes # List of module names for which member attributes should not be checked # (useful for modules/projects where namespaces are manipulated during runtime # and thus extisting member attributes cannot be deduced by static analysis ignored-modules= # List of classes names for which member attributes should not be checked # (useful for classes with attributes dynamically set). ignored-classes=SQLObject,WSGIRequest # When zope mode is activated, add a predefined set of Zope acquired attributes # to generated-members. zope=no # List of members which are set dynamically and missed by pylint inference # system, and so shouldn't trigger E0201 when accessed. generated-members=objects,DoesNotExist,id,pk,_meta,base_fields,context,views,save # List of method names used to declare (i.e. assign) instance attributes defining-attr-methods=__init__,__new__,setUp [VARIABLES] init-import=no dummy-variables-rgx=_|dummy [SIMILARITIES] min-similarity-lines=6 ignore-comments=yes ignore-docstrings=yes [MISCELLANEOUS] notes=FIXME,XXX,TODO [FORMAT] max-line-length=200 max-module-lines=1200 indent-string=' ' indent-after-paren=4 [DESIGN] max-args=10 max-locals=40 max-returns=6 max-branches=50 max-statements=120 max-parents=10 max-attributes=10 min-public-methods=0 max-public-methods=100 python3-saml-1.12.0/tests/settings/000077500000000000000000000000001410551756100171405ustar00rootroot00000000000000python3-saml-1.12.0/tests/settings/settings.json000077700000000000000000000000001410551756100245022settings1.jsonustar00rootroot00000000000000python3-saml-1.12.0/tests/settings/settings1.json000066400000000000000000000042761410551756100217650ustar00rootroot00000000000000{ "strict": false, "debug": false, "custom_base_path": "../../../tests/data/customPath/", "sp": { "entityId": "http://stuff.com/endpoints/metadata.php", "assertionConsumerService": { "url": "http://stuff.com/endpoints/endpoints/acs.php" }, "singleLogoutService": { "url": "http://stuff.com/endpoints/endpoints/sls.php" }, "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" }, "idp": { "entityId": "http://idp.example.com/", "singleSignOnService": { "url": "http://idp.example.com/SSOService.php" }, "singleLogoutService": { "url": "http://idp.example.com/SingleLogoutService.php" }, "x509cert": "MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo" }, "security": { "authnRequestsSigned": false, "wantAssertionsSigned": false, "signMetadata": false }, "contactPerson": { "technical": { "givenName": "technical_name", "emailAddress": "technical@example.com" }, "support": { "givenName": "support_name", "emailAddress": "support@example.com" } }, "organization": { "en-US": { "name": "sp_test", "displayname": "SP test", "url": "http://sp.example.com" } } } python3-saml-1.12.0/tests/settings/settings10.json000066400000000000000000000041471410551756100220420ustar00rootroot00000000000000{ "strict": false, "debug": false, "sp": { "entityId": "http://stuff.com/endpoints/metadata.php", "assertionConsumerService": { "url": "http://stuff.com/endpoints/endpoints/acs.php" }, "singleLogoutService": { "url": "http://stuff.com/endpoints/endpoints/sls.php" }, "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" }, "idp": { "entityId": "http://idp.example.com/", "singleSignOnService": { "url": "http://idp.example.com/SSOService.php" }, "singleLogoutService": { "url": "http://idp.example.com/SingleLogoutService.php" }, "x509cert": "MIICbDCCAdWgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBTMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRgwFgYDVQQDDA9pZHAuZXhhbXBsZS5jb20wHhcNMTQwOTIzMTIyNDA4WhcNNDIwMjA4MTIyNDA4WjBTMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRgwFgYDVQQDDA9pZHAuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOWA+YHU7cvPOrBOfxCscsYTJB+kH3MaA9BFrSHFS+KcR6cw7oPSktIJxUgvDpQbtfNcOkE/tuOPBDoech7AXfvH6d7Bw7xtW8PPJ2mB5Hn/HGW2roYhxmfh3tR5SdwN6i4ERVF8eLkvwCHsNQyK2Ref0DAJvpBNZMHCpS24916/AgMBAAGjUDBOMB0GA1UdDgQWBBQ77/qVeiigfhYDITplCNtJKZTM8DAfBgNVHSMEGDAWgBQ77/qVeiigfhYDITplCNtJKZTM8DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAJO2j/1uO80E5C2PM6Fk9mzerrbkxl7AZ/mvlbOn+sNZE+VZ1AntYuG8ekbJpJtG1YfRfc7EA9mEtqvv4dhv7zBy4nK49OR+KpIBjItWB5kYvrqMLKBa32sMbgqqUqeF1ENXKjpvLSuPdfGJZA3dNa/+Dyb8GGqWe707zLyc5F8m" }, "security": { "authnRequestsSigned": false, "wantAssertionsSigned": false, "signMetadata": false }, "contactPerson": { "technical": { "givenName": "technical_name", "emailAddress": "technical@example.com" }, "support": { "givenName": "support_name", "emailAddress": "support@example.com" } }, "organization": { "en-US": { "name": "sp_test", "displayname": "SP test", "url": "http://sp.example.com" } } } python3-saml-1.12.0/tests/settings/settings11.json000066400000000000000000000043501410551756100220370ustar00rootroot00000000000000{ "strict": false, "debug": false, "custom_base_path": "../../../tests/data/customPath/", "sp": { "entityId": "http://stuff.com/endpoints/metadata.php", "assertionConsumerService": { "url": "http://stuff.com/endpoints/endpoints/acs.php" }, "singleLogoutService": { "url": "http://stuff.com/endpoints/endpoints/sls.php" }, "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" }, "idp": { "entityId": "http://idp.example.com/", "singleSignOnService": { "url": "http://idp.example.com/SSOService.php" }, "singleLogoutService": { "url": "http://idp.example.com/SingleLogoutService.php" }, "x509cert": "MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo" }, "security": { "authnRequestsSigned": false, "wantAssertionsSigned": false, "signMetadata": false, "allowRepeatAttributeName": true }, "contactPerson": { "technical": { "givenName": "technical_name", "emailAddress": "technical@example.com" }, "support": { "givenName": "support_name", "emailAddress": "support@example.com" } }, "organization": { "en-US": { "name": "sp_test", "displayname": "SP test", "url": "http://sp.example.com" } } } python3-saml-1.12.0/tests/settings/settings2.json000066400000000000000000000043041410551756100217560ustar00rootroot00000000000000{ "strict": false, "debug": false, "custom_base_path": "../../../tests/data/customPath/", "sp": { "entityId": "http://stuff.com/endpoints/metadata.php", "assertionConsumerService": { "url": "http://stuff.com/endpoints/endpoints/acs.php" }, "singleLogoutService": { "url": "http://stuff.com/endpoints/endpoints/sls.php" }, "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" }, "idp": { "entityId": "https://idp.example.com/simplesaml/saml2/idp/metadata.php", "singleSignOnService": { "url": "http://idp.example.com/SSOService.php" }, "singleLogoutService": { "url": "http://idp.example.com/SingleLogoutService.php" }, "x509cert": "MIICbDCCAdWgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBTMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRgwFgYDVQQDDA9pZHAuZXhhbXBsZS5jb20wHhcNMTQwOTIzMTIyNDA4WhcNNDIwMjA4MTIyNDA4WjBTMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRgwFgYDVQQDDA9pZHAuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOWA+YHU7cvPOrBOfxCscsYTJB+kH3MaA9BFrSHFS+KcR6cw7oPSktIJxUgvDpQbtfNcOkE/tuOPBDoech7AXfvH6d7Bw7xtW8PPJ2mB5Hn/HGW2roYhxmfh3tR5SdwN6i4ERVF8eLkvwCHsNQyK2Ref0DAJvpBNZMHCpS24916/AgMBAAGjUDBOMB0GA1UdDgQWBBQ77/qVeiigfhYDITplCNtJKZTM8DAfBgNVHSMEGDAWgBQ77/qVeiigfhYDITplCNtJKZTM8DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAJO2j/1uO80E5C2PM6Fk9mzerrbkxl7AZ/mvlbOn+sNZE+VZ1AntYuG8ekbJpJtG1YfRfc7EA9mEtqvv4dhv7zBy4nK49OR+KpIBjItWB5kYvrqMLKBa32sMbgqqUqeF1ENXKjpvLSuPdfGJZA3dNa/+Dyb8GGqWe707zLyc5F8m" }, "security": { "authnRequestsSigned": false, "wantAssertionsSigned": false, "signMetadata": false }, "contactPerson": { "technical": { "givenName": "technical_name", "emailAddress": "technical@example.com" }, "support": { "givenName": "support_name", "emailAddress": "support@example.com" } }, "organization": { "en-US": { "name": "sp_test", "displayname": "SP test", "url": "http://sp.example.com" } } } python3-saml-1.12.0/tests/settings/settings3.json000066400000000000000000000042521410551756100217610ustar00rootroot00000000000000{ "strict": false, "debug": false, "custom_base_path": "../../../tests/data/customPath/", "sp": { "entityId": "http://pytoolkit.com:8000/metadata/", "assertionConsumerService": { "url": "http://pytoolkit.com:8000/?acs" }, "singleLogoutService": { "url": "http://pytoolkit.com:8000/?sls" }, "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" }, "idp": { "entityId": "https://pitbulk.no-ip.org/simplesaml/saml2/idp/metadata.php", "singleSignOnService": { "url": "http://pitbulk.no-ip.org/SSOService.php" }, "singleLogoutService": { "url": "http://pitbulk.no-ip.org/SingleLogoutService.php" }, "x509cert": "MIICbDCCAdWgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBTMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRgwFgYDVQQDDA9pZHAuZXhhbXBsZS5jb20wHhcNMTQwOTIzMTIyNDA4WhcNNDIwMjA4MTIyNDA4WjBTMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRgwFgYDVQQDDA9pZHAuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOWA+YHU7cvPOrBOfxCscsYTJB+kH3MaA9BFrSHFS+KcR6cw7oPSktIJxUgvDpQbtfNcOkE/tuOPBDoech7AXfvH6d7Bw7xtW8PPJ2mB5Hn/HGW2roYhxmfh3tR5SdwN6i4ERVF8eLkvwCHsNQyK2Ref0DAJvpBNZMHCpS24916/AgMBAAGjUDBOMB0GA1UdDgQWBBQ77/qVeiigfhYDITplCNtJKZTM8DAfBgNVHSMEGDAWgBQ77/qVeiigfhYDITplCNtJKZTM8DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAJO2j/1uO80E5C2PM6Fk9mzerrbkxl7AZ/mvlbOn+sNZE+VZ1AntYuG8ekbJpJtG1YfRfc7EA9mEtqvv4dhv7zBy4nK49OR+KpIBjItWB5kYvrqMLKBa32sMbgqqUqeF1ENXKjpvLSuPdfGJZA3dNa/+Dyb8GGqWe707zLyc5F8m" }, "security": { "authnRequestsSigned": false, "wantAssertionsSigned": false, "signMetadata": false }, "contactPerson": { "technical": { "givenName": "technical_name", "emailAddress": "technical@example.com" }, "support": { "givenName": "support_name", "emailAddress": "support@example.com" } }, "organization": { "en-US": { "name": "sp_test", "displayname": "SP test", "url": "http://sp.example.com" } } } python3-saml-1.12.0/tests/settings/settings4.json000066400000000000000000000072541410551756100217670ustar00rootroot00000000000000{ "strict": false, "debug": false, "custom_base_path": "../../../tests/data/customPath/", "sp": { "entityId": "http://pytoolkit.com:8000/metadata/", "assertionConsumerService": { "url": "http://pytoolkit.com:8000/?acs" }, "attributeConsumingService": { "isDefault": false, "serviceName": "Test Service", "serviceDescription": "Test Service", "requestedAttributes": [ { "name": "urn:oid:2.5.4.42", "nameFormat": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "friendlyName": "givenName", "isRequired": false }, { "name": "urn:oid:2.5.4.4", "nameFormat": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "friendlyName": "sn", "isRequired": false }, { "name": "urn:oid:2.16.840.1.113730.3.1.241", "nameFormat": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "friendlyName": "displayName", "isRequired": false }, { "name": "urn:oid:0.9.2342.19200300.100.1.3", "nameFormat": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "friendlyName": "mail", "isRequired": false }, { "name": "urn:oid:0.9.2342.19200300.100.1.1", "nameFormat": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "friendlyName": "uid", "isRequired": false } ] }, "singleLogoutService": { "url": "http://pytoolkit.com:8000/?sls" }, "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" }, "idp": { "entityId": "https://pitbulk.no-ip.org/simplesaml/saml2/idp/metadata.php", "singleSignOnService": { "url": "http://pitbulk.no-ip.org/SSOService.php" }, "singleLogoutService": { "url": "http://pitbulk.no-ip.org/SingleLogoutService.php" }, "x509cert": "MIICbDCCAdWgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBTMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRgwFgYDVQQDDA9pZHAuZXhhbXBsZS5jb20wHhcNMTQwOTIzMTIyNDA4WhcNNDIwMjA4MTIyNDA4WjBTMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRgwFgYDVQQDDA9pZHAuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOWA+YHU7cvPOrBOfxCscsYTJB+kH3MaA9BFrSHFS+KcR6cw7oPSktIJxUgvDpQbtfNcOkE/tuOPBDoech7AXfvH6d7Bw7xtW8PPJ2mB5Hn/HGW2roYhxmfh3tR5SdwN6i4ERVF8eLkvwCHsNQyK2Ref0DAJvpBNZMHCpS24916/AgMBAAGjUDBOMB0GA1UdDgQWBBQ77/qVeiigfhYDITplCNtJKZTM8DAfBgNVHSMEGDAWgBQ77/qVeiigfhYDITplCNtJKZTM8DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAJO2j/1uO80E5C2PM6Fk9mzerrbkxl7AZ/mvlbOn+sNZE+VZ1AntYuG8ekbJpJtG1YfRfc7EA9mEtqvv4dhv7zBy4nK49OR+KpIBjItWB5kYvrqMLKBa32sMbgqqUqeF1ENXKjpvLSuPdfGJZA3dNa/+Dyb8GGqWe707zLyc5F8m" }, "security": { "authnRequestsSigned": false, "wantAssertionsSigned": false, "signMetadata": false }, "contactPerson": { "technical": { "givenName": "technical_name", "emailAddress": "technical@example.com" }, "support": { "givenName": "support_name", "emailAddress": "support@example.com" } }, "organization": { "en-US": { "name": "sp_test", "displayname": "SP test", "url": "http://sp.example.com" } } } python3-saml-1.12.0/tests/settings/settings5.json000066400000000000000000000056211410551756100217640ustar00rootroot00000000000000{ "strict": false, "debug": false, "custom_base_path": "../../../tests/data/customPath/", "sp": { "entityId": "http://pytoolkit.com:8000/metadata/", "assertionConsumerService": { "url": "http://pytoolkit.com:8000/?acs" }, "attributeConsumingService": { "isDefault": false, "serviceName": "Test Service", "serviceDescription": "Test Service", "requestedAttributes": [ { "name": "userType", "nameFormat": "urn:oasis:names:tc:SAML:2.0:attrname-format:basic", "isRequired": false, "attributeValue": ["userType","admin"] }, { "name": "urn:oid:0.9.2342.19200300.100.1.1", "nameFormat": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "friendlyName": "uid", "isRequired": false } ] }, "singleLogoutService": { "url": "http://pytoolkit.com:8000/?sls" }, "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" }, "idp": { "entityId": "https://pitbulk.no-ip.org/simplesaml/saml2/idp/metadata.php", "singleSignOnService": { "url": "http://pitbulk.no-ip.org/SSOService.php" }, "singleLogoutService": { "url": "http://pitbulk.no-ip.org/SingleLogoutService.php" }, "x509cert": "MIICbDCCAdWgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBTMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRgwFgYDVQQDDA9pZHAuZXhhbXBsZS5jb20wHhcNMTQwOTIzMTIyNDA4WhcNNDIwMjA4MTIyNDA4WjBTMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRgwFgYDVQQDDA9pZHAuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOWA+YHU7cvPOrBOfxCscsYTJB+kH3MaA9BFrSHFS+KcR6cw7oPSktIJxUgvDpQbtfNcOkE/tuOPBDoech7AXfvH6d7Bw7xtW8PPJ2mB5Hn/HGW2roYhxmfh3tR5SdwN6i4ERVF8eLkvwCHsNQyK2Ref0DAJvpBNZMHCpS24916/AgMBAAGjUDBOMB0GA1UdDgQWBBQ77/qVeiigfhYDITplCNtJKZTM8DAfBgNVHSMEGDAWgBQ77/qVeiigfhYDITplCNtJKZTM8DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAJO2j/1uO80E5C2PM6Fk9mzerrbkxl7AZ/mvlbOn+sNZE+VZ1AntYuG8ekbJpJtG1YfRfc7EA9mEtqvv4dhv7zBy4nK49OR+KpIBjItWB5kYvrqMLKBa32sMbgqqUqeF1ENXKjpvLSuPdfGJZA3dNa/+Dyb8GGqWe707zLyc5F8m" }, "security": { "authnRequestsSigned": false, "wantAssertionsSigned": false, "signMetadata": false }, "contactPerson": { "technical": { "givenName": "technical_name", "emailAddress": "technical@example.com" }, "support": { "givenName": "support_name", "emailAddress": "support@example.com" } }, "organization": { "en-US": { "name": "sp_test", "displayname": "SP test", "url": "http://sp.example.com" } } } python3-saml-1.12.0/tests/settings/settings6.json000066400000000000000000000027171410551756100217700ustar00rootroot00000000000000{ "strict": false, "debug": false, "custom_base_path": "../../../tests/data/customPath/", "sp": { "entityId": "http://stuff.com/endpoints/metadata.php", "assertionConsumerService": { "url": "http://stuff.com/endpoints/endpoints/acs.php" }, "singleLogoutService": { "url": "http://stuff.com/endpoints/endpoints/sls.php" }, "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" }, "idp": { "entityId": "http://idp.example.com/", "singleSignOnService": { "url": "http://idp.example.com/SSOService.php" }, "singleLogoutService": { "url": "http://idp.example.com/SingleLogoutService.php" }, "certFingerprint": "AF:E7:1C:28:EF:74:0B:C8:74:25:BE:13:A2:26:3D:37:97:1D:A1:F9", "certFingerprintAlgorithm": "sha1" }, "security": { "authnRequestsSigned": true, "wantAssertionsSigned": false, "signMetadata": false }, "contactPerson": { "technical": { "givenName": "technical_name", "emailAddress": "technical@example.com" }, "support": { "givenName": "support_name", "emailAddress": "support@example.com" } }, "organization": { "en-US": { "name": "sp_test", "displayname": "SP test", "url": "http://sp.example.com" } } } python3-saml-1.12.0/tests/settings/settings7.json000066400000000000000000000112661410551756100217700ustar00rootroot00000000000000{ "strict": false, "debug": false, "custom_base_path": "../../../tests/data/customPath/", "sp": { "entityId": "http://stuff.com/endpoints/metadata.php", "assertionConsumerService": { "url": "http://stuff.com/endpoints/endpoints/acs.php" }, "singleLogoutService": { "url": "http://stuff.com/endpoints/endpoints/sls.php" }, "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", "privateKey": "MIICXgIBAAKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABAoGAD4/Z4LWVWV6D1qMIp1Gzr0ZmdWTE1SPdZ7Ej8glGnCzPdguCPuzbhGXmIg0VJ5D+02wsqws1zd48JSMXXM8zkYZVwQYIPUsNn5FetQpwxDIMPmhHg+QNBgwOnk8JK2sIjjLPL7qY7Itv7LT7Gvm5qSOkZ33RCgXcgz+okEIQMYkCQQDzbTOyDL0c5WQV6A2k06T/azdhUdGXF9C0+WkWSfNaovmTgRXh1G+jMlr82Snz4p4/STt7P/XtyWzF3pkVgZr3AkEA7nPjXwHlttNEMo6AtxHd47nizK2NUN803ElIUT8P9KSCoERmSXq66PDekGNic4ldpsSvOeYCk8MAYoDBy9kvVwJBAMLgX4xg6lzhv7hR5+pWjTb1rIY6rCHbrPfU264+UZXz9v2BT/VUznLF81WMvStD9xAPHpFS6R0OLghSZhdzhI0CQQDL8Duvfxzrn4b9QlmduV8wLERoT6rEVxKLsPVz316TGrxJvBZLk/cV0SRZE1cZf4ukXSWMfEcJ/0Zt+LdG1CqjAkEAqwLSglJ9Dy3HpgMz4vAAyZWzAxvyA1zW0no9GOLcPQnYaNUN/Fy2SYtETXTb0CQ9X1rt8ffkFP7ya+5TC83aMg==", "x509cert": "MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo", "x509certNew": "MIICVDCCAb2gAwIBAgIBADANBgkqhkiG9w0BAQ0FADBHMQswCQYDVQQGEwJ1czEQMA4GA1UECAwHZXhhbXBsZTEQMA4GA1UECgwHZXhhbXBsZTEUMBIGA1UEAwwLZXhhbXBsZS5jb20wHhcNMTcwNDA3MDgzMDAzWhcNMjcwNDA1MDgzMDAzWjBHMQswCQYDVQQGEwJ1czEQMA4GA1UECAwHZXhhbXBsZTEQMA4GA1UECgwHZXhhbXBsZTEUMBIGA1UEAwwLZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKhPS4/0azxbQekHHewQGKD7Pivr3CDpsrKxY3xlVanxj427OwzOb5KUVzsDEazumt6sZFY8HfidsjXY4EYA4ZzyL7ciIAR5vlAsIYN9nJ4AwVDnN/RjVwj+TN6BqWPLpVIpHc6Dl005HyE0zJnk1DZDn2tQVrIzbD3FhCp7YeotAgMBAAGjUDBOMB0GA1UdDgQWBBRYZx4thASfNvR/E7NsCF2IaZ7wIDAfBgNVHSMEGDAWgBRYZx4thASfNvR/E7NsCF2IaZ7wIDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBACz4aobx9aG3kh+rNyrlgM3K6dYfnKG1/YH5sJCAOvg8kDr0fQAQifH8lFVWumKUMoAe0bFTfwWtp/VJ8MprrEJth6PFeZdczpuv+fpLcNj2VmNVJqvQYvS4m36OnBFh1QFZW8UrbFIfdtm2nuZ+twSKqfKwjLdqcoX0p39h7Uw/" }, "idp": { "entityId": "http://idp.example.com/", "singleSignOnService": { "url": "http://idp.example.com/SSOService.php" }, "singleLogoutService": { "url": "http://idp.example.com/SingleLogoutService.php" }, "x509cert": "MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo" }, "security": { "authnRequestsSigned": false, "wantAssertionsSigned": false, "signMetadata": false }, "contactPerson": { "technical": { "givenName": "technical_name", "emailAddress": "technical@example.com" }, "support": { "givenName": "support_name", "emailAddress": "support@example.com" } }, "organization": { "en-US": { "name": "sp_test", "displayname": "SP test", "url": "http://sp.example.com" } } }python3-saml-1.12.0/tests/settings/settings8.json000066400000000000000000000133111410551756100217620ustar00rootroot00000000000000{ "strict": false, "debug": false, "custom_base_path": "../../../tests/data/customPath/", "sp": { "entityId": "http://stuff.com/endpoints/metadata.php", "assertionConsumerService": { "url": "http://stuff.com/endpoints/endpoints/acs.php" }, "singleLogoutService": { "url": "http://stuff.com/endpoints/endpoints/sls.php" }, "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", "privateKey": "MIICXgIBAAKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABAoGAD4/Z4LWVWV6D1qMIp1Gzr0ZmdWTE1SPdZ7Ej8glGnCzPdguCPuzbhGXmIg0VJ5D+02wsqws1zd48JSMXXM8zkYZVwQYIPUsNn5FetQpwxDIMPmhHg+QNBgwOnk8JK2sIjjLPL7qY7Itv7LT7Gvm5qSOkZ33RCgXcgz+okEIQMYkCQQDzbTOyDL0c5WQV6A2k06T/azdhUdGXF9C0+WkWSfNaovmTgRXh1G+jMlr82Snz4p4/STt7P/XtyWzF3pkVgZr3AkEA7nPjXwHlttNEMo6AtxHd47nizK2NUN803ElIUT8P9KSCoERmSXq66PDekGNic4ldpsSvOeYCk8MAYoDBy9kvVwJBAMLgX4xg6lzhv7hR5+pWjTb1rIY6rCHbrPfU264+UZXz9v2BT/VUznLF81WMvStD9xAPHpFS6R0OLghSZhdzhI0CQQDL8Duvfxzrn4b9QlmduV8wLERoT6rEVxKLsPVz316TGrxJvBZLk/cV0SRZE1cZf4ukXSWMfEcJ/0Zt+LdG1CqjAkEAqwLSglJ9Dy3HpgMz4vAAyZWzAxvyA1zW0no9GOLcPQnYaNUN/Fy2SYtETXTb0CQ9X1rt8ffkFP7ya+5TC83aMg==", "x509cert": "MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo" }, "idp": { "entityId": "http://idp.example.com/", "singleSignOnService": { "url": "http://idp.example.com/SSOService.php" }, "singleLogoutService": { "url": "http://idp.example.com/SingleLogoutService.php" }, "x509cert": "", "x509certMulti": { "signing": [ "MIICbDCCAdWgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBTMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRgwFgYDVQQDDA9pZHAuZXhhbXBsZS5jb20wHhcNMTQwOTIzMTIyNDA4WhcNNDIwMjA4MTIyNDA4WjBTMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRgwFgYDVQQDDA9pZHAuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOWA+YHU7cvPOrBOfxCscsYTJB+kH3MaA9BFrSHFS+KcR6cw7oPSktIJxUgvDpQbtfNcOkE/tuOPBDoech7AXfvH6d7Bw7xtW8PPJ2mB5Hn/HGW2roYhxmfh3tR5SdwN6i4ERVF8eLkvwCHsNQyK2Ref0DAJvpBNZMHCpS24916/AgMBAAGjUDBOMB0GA1UdDgQWBBQ77/qVeiigfhYDITplCNtJKZTM8DAfBgNVHSMEGDAWgBQ77/qVeiigfhYDITplCNtJKZTM8DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAJO2j/1uO80E5C2PM6Fk9mzerrbkxl7AZ/mvlbOn+sNZE+VZ1AntYuG8ekbJpJtG1YfRfc7EA9mEtqvv4dhv7zBy4nK49OR+KpIBjItWB5kYvrqMLKBa32sMbgqqUqeF1ENXKjpvLSuPdfGJZA3dNa/+Dyb8GGqWe707zLyc5F8m", "MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo" ], "encryption": [ "MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo" ] } }, "security": { "authnRequestsSigned": false, "wantAssertionsSigned": false, "signMetadata": false }, "contactPerson": { "technical": { "givenName": "technical_name", "emailAddress": "technical@example.com" }, "support": { "givenName": "support_name", "emailAddress": "support@example.com" } }, "organization": { "en-US": { "name": "sp_test", "displayname": "SP test", "url": "http://sp.example.com" } } }python3-saml-1.12.0/tests/settings/settings9.json000066400000000000000000000025121410551756100217640ustar00rootroot00000000000000{ "strict": false, "debug": false, "custom_base_path": "../../../tests/data/customPath/", "sp": { "entityId": "http://stuff.com/endpoints/metadata.php", "assertionConsumerService": { "url": "http://stuff.com/endpoints/endpoints/acs.php" }, "singleLogoutService": { "url": "http://stuff.com/endpoints/endpoints/sls.php" }, "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" }, "idp": { "entityId": "http://idp.example.com/", "singleSignOnService": { "url": "http://idp.example.com/SSOService.php" }, "singleLogoutService": { "url": "http://idp.example.com/SingleLogoutService.php" } }, "security": { "authnRequestsSigned": false, "wantAssertionsSigned": false, "signMetadata": false }, "contactPerson": { "technical": { "givenName": "technical_name", "emailAddress": "technical@example.com" }, "support": { "givenName": "support_name", "emailAddress": "support@example.com" } }, "organization": { "en-US": { "name": "sp_test", "displayname": "SP test", "url": "http://sp.example.com" } } } python3-saml-1.12.0/tests/src/000077500000000000000000000000001410551756100160675ustar00rootroot00000000000000python3-saml-1.12.0/tests/src/OneLogin/000077500000000000000000000000001410551756100176015ustar00rootroot00000000000000python3-saml-1.12.0/tests/src/OneLogin/__init__.py000066400000000000000000000000001410551756100217000ustar00rootroot00000000000000python3-saml-1.12.0/tests/src/OneLogin/saml2_tests/000077500000000000000000000000001410551756100220415ustar00rootroot00000000000000python3-saml-1.12.0/tests/src/OneLogin/saml2_tests/__init__.py000066400000000000000000000000001410551756100241400ustar00rootroot00000000000000python3-saml-1.12.0/tests/src/OneLogin/saml2_tests/auth_test.py000066400000000000000000002173221410551756100244220ustar00rootroot00000000000000# -*- coding: utf-8 -*- # Copyright (c) 2010-2021 OneLogin, Inc. # MIT License from base64 import b64decode, b64encode import json from os.path import dirname, join, exists import unittest from onelogin.saml2 import compat from onelogin.saml2.auth import OneLogin_Saml2_Auth from onelogin.saml2.constants import OneLogin_Saml2_Constants from onelogin.saml2.settings import OneLogin_Saml2_Settings from onelogin.saml2.utils import OneLogin_Saml2_Utils, OneLogin_Saml2_Error from onelogin.saml2.logout_request import OneLogin_Saml2_Logout_Request try: from urllib.parse import urlparse, parse_qs except ImportError: from urlparse import urlparse, parse_qs class OneLogin_Saml2_Auth_Test(unittest.TestCase): data_path = join(dirname(dirname(dirname(dirname(__file__)))), 'data') settings_path = join(dirname(dirname(dirname(dirname(__file__)))), 'settings') # assertRaisesRegexp deprecated on python3 def assertRaisesRegex(self, exception, regexp, msg=None): if hasattr(unittest.TestCase, 'assertRaisesRegex'): return super(OneLogin_Saml2_Auth_Test, self).assertRaisesRegex(exception, regexp, msg=msg) else: return self.assertRaisesRegexp(exception, regexp) def loadSettingsJSON(self, name='settings1.json'): filename = join(self.settings_path, name) if exists(filename): stream = open(filename, 'r') settings = json.load(stream) stream.close() return settings def file_contents(self, filename): f = open(filename, 'r') content = f.read() f.close() return content def get_request(self): return { 'http_host': 'example.com', 'script_name': '/index.html', 'get_data': {} } def testGetSettings(self): """ Tests the get_settings method of the OneLogin_Saml2_Auth class Build a OneLogin_Saml2_Settings object with a setting array and compare the value returned from the method of the auth object """ settings_info = self.loadSettingsJSON() settings = OneLogin_Saml2_Settings(settings_info) auth = OneLogin_Saml2_Auth(self.get_request(), old_settings=settings_info) auth_settings = auth.get_settings() self.assertEqual(settings.get_sp_data(), auth_settings.get_sp_data()) def testGetSSOurl(self): """ Tests the get_sso_url method of the OneLogin_Saml2_Auth class """ settings_info = self.loadSettingsJSON() auth = OneLogin_Saml2_Auth(self.get_request(), old_settings=settings_info) sso_url = settings_info['idp']['singleSignOnService']['url'] self.assertEqual(auth.get_sso_url(), sso_url) def testGetSLOurl(self): """ Tests the get_slo_url method of the OneLogin_Saml2_Auth class """ settings_info = self.loadSettingsJSON() auth = OneLogin_Saml2_Auth(self.get_request(), old_settings=settings_info) slo_url = settings_info['idp']['singleLogoutService']['url'] self.assertEqual(auth.get_slo_url(), slo_url) def testGetSLOresponseUrl(self): """ Tests the get_slo_response_url method of the OneLogin_Saml2_Auth class """ settings_info = self.loadSettingsJSON() settings_info['idp']['singleLogoutService']['responseUrl'] = "http://idp.example.com/SingleLogoutReturn.php" auth = OneLogin_Saml2_Auth(self.get_request(), old_settings=settings_info) slo_url = settings_info['idp']['singleLogoutService']['responseUrl'] self.assertEqual(auth.get_slo_response_url(), slo_url) # test that the function falls back to the url setting if responseUrl is not set settings_info['idp']['singleLogoutService'].pop('responseUrl') auth = OneLogin_Saml2_Auth(self.get_request(), old_settings=settings_info) slo_url = settings_info['idp']['singleLogoutService']['url'] self.assertEqual(auth.get_slo_response_url(), slo_url) def testGetSessionIndex(self): """ Tests the get_session_index method of the OneLogin_Saml2_Auth class """ settings_info = self.loadSettingsJSON() auth = OneLogin_Saml2_Auth(self.get_request(), old_settings=settings_info) self.assertIsNone(auth.get_session_index()) request_data = self.get_request() message = self.file_contents(join(self.data_path, 'responses', 'valid_response.xml.base64')) del request_data['get_data'] request_data['post_data'] = { 'SAMLResponse': message } auth2 = OneLogin_Saml2_Auth(request_data, old_settings=self.loadSettingsJSON()) self.assertIsNone(auth2.get_session_index()) auth2.process_response() self.assertEqual('_6273d77b8cde0c333ec79d22a9fa0003b9fe2d75cb', auth2.get_session_index()) def testGetSessionExpiration(self): """ Tests the get_session_expiration method of the OneLogin_Saml2_Auth class """ settings_info = self.loadSettingsJSON() auth = OneLogin_Saml2_Auth(self.get_request(), old_settings=settings_info) self.assertIsNone(auth.get_session_expiration()) request_data = self.get_request() message = self.file_contents(join(self.data_path, 'responses', 'valid_response.xml.base64')) del request_data['get_data'] request_data['post_data'] = { 'SAMLResponse': message } auth2 = OneLogin_Saml2_Auth(request_data, old_settings=self.loadSettingsJSON()) self.assertIsNone(auth2.get_session_expiration()) auth2.process_response() self.assertEqual(2655106621, auth2.get_session_expiration()) def testGetLastErrorReason(self): """ Tests the get_last_error_reason method of the OneLogin_Saml2_Auth class Case Invalid Response """ request_data = self.get_request() message = self.file_contents(join(self.data_path, 'responses', 'response1.xml.base64')) del request_data['get_data'] request_data['post_data'] = { 'SAMLResponse': message } auth = OneLogin_Saml2_Auth(request_data, old_settings=self.loadSettingsJSON()) auth.process_response() self.assertEqual(auth.get_last_error_reason(), 'Signature validation failed. SAML Response rejected') def testProcessNoResponse(self): """ Tests the process_response method of the OneLogin_Saml2_Auth class Case No Response, An exception is throw """ auth = OneLogin_Saml2_Auth(self.get_request(), old_settings=self.loadSettingsJSON()) with self.assertRaisesRegex(OneLogin_Saml2_Error, 'SAML Response not found'): auth.process_response() self.assertEqual(auth.get_errors(), ['invalid_binding']) def testProcessResponseInvalid(self): """ Tests the process_response method of the OneLogin_Saml2_Auth class Case Invalid Response, After processing the response the user is not authenticated, attributes are notreturned, no nameID and the error array is not empty, contains 'invalid_response """ request_data = self.get_request() message = self.file_contents(join(self.data_path, 'responses', 'response1.xml.base64')) del request_data['get_data'] request_data['post_data'] = { 'SAMLResponse': message } auth = OneLogin_Saml2_Auth(request_data, old_settings=self.loadSettingsJSON()) auth.process_response() self.assertFalse(auth.is_authenticated()) self.assertEqual(len(auth.get_attributes()), 0) self.assertEqual(auth.get_nameid(), None) self.assertEqual(auth.get_attribute('uid'), None) self.assertEqual(auth.get_errors(), ['invalid_response']) def testProcessResponseInvalidRequestId(self): """ Tests the process_response method of the OneLogin_Saml2_Auth class Case Invalid Response, Invalid requestID """ request_data = self.get_request() message = self.file_contents(join(self.data_path, 'responses', 'unsigned_response.xml.base64')) plain_message = compat.to_string(b64decode(message)) current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data) plain_message = plain_message.replace('http://stuff.com/endpoints/endpoints/acs.php', current_url) del request_data['get_data'] request_data['post_data'] = { 'SAMLResponse': compat.to_string(b64encode(compat.to_bytes(plain_message))) } auth = OneLogin_Saml2_Auth(request_data, old_settings=self.loadSettingsJSON()) request_id = 'invalid' auth.process_response(request_id) self.assertEqual('No Signature found. SAML Response rejected', auth.get_last_error_reason()) auth.set_strict(True) auth.process_response(request_id) self.assertEqual(auth.get_errors(), ['invalid_response']) self.assertEqual('The InResponseTo of the Response: _57bcbf70-7b1f-012e-c821-782bcb13bb38, does not match the ID of the AuthNRequest sent by the SP: invalid', auth.get_last_error_reason()) valid_request_id = '_57bcbf70-7b1f-012e-c821-782bcb13bb38' auth.process_response(valid_request_id) self.assertEqual('No Signature found. SAML Response rejected', auth.get_last_error_reason()) def testProcessResponseValid(self): """ Tests the process_response method of the OneLogin_Saml2_Auth class Case Valid Response, After processing the response the user is authenticated, attributes are returned, also has a nameID and the error array is empty """ request_data = self.get_request() message = self.file_contents(join(self.data_path, 'responses', 'valid_response.xml.base64')) del request_data['get_data'] request_data['post_data'] = { 'SAMLResponse': message } auth = OneLogin_Saml2_Auth(request_data, old_settings=self.loadSettingsJSON()) auth.process_response() self.assertTrue(auth.is_authenticated()) self.assertEqual(len(auth.get_errors()), 0) self.assertEqual('492882615acf31c8096b627245d76ae53036c090', auth.get_nameid()) attributes = auth.get_attributes() self.assertNotEqual(len(attributes), 0) self.assertEqual(auth.get_attribute('mail'), attributes['mail']) friendlyname_attributes = auth.get_friendlyname_attributes() self.assertEqual(len(friendlyname_attributes), 0) session_index = auth.get_session_index() self.assertEqual('_6273d77b8cde0c333ec79d22a9fa0003b9fe2d75cb', session_index) self.assertEqual("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", auth.get_nameid_format()) self.assertIsNone(auth.get_nameid_nq()) self.assertEqual("http://stuff.com/endpoints/metadata.php", auth.get_nameid_spnq()) def testRedirectTo(self): """ Tests the redirect_to method of the OneLogin_Saml2_Auth class (phpunit raises an exception when a redirect is executed, the exception is catched and we check that the targetURL is correct) Case redirect without url parameter """ request_data = self.get_request() relay_state = 'http://sp.example.com' request_data['get_data']['RelayState'] = relay_state auth = OneLogin_Saml2_Auth(request_data, old_settings=self.loadSettingsJSON()) target_url = auth.redirect_to() self.assertEqual(target_url, relay_state) def testRedirectTowithUrl(self): """ Tests the redirect_to method of the OneLogin_Saml2_Auth class (phpunit raises an exception when a redirect is executed, the exception is catched and we check that the targetURL is correct) Case redirect with url parameter """ request_data = self.get_request() relay_state = 'http://sp.example.com' url_2 = 'http://sp2.example.com' request_data['get_data']['RelayState'] = relay_state auth = OneLogin_Saml2_Auth(request_data, old_settings=self.loadSettingsJSON()) target_url = auth.redirect_to(url_2) self.assertEqual(target_url, url_2) def testProcessNoSLO(self): """ Tests the process_slo method of the OneLogin_Saml2_Auth class Case No Message, An exception is throw """ auth = OneLogin_Saml2_Auth(self.get_request(), old_settings=self.loadSettingsJSON()) with self.assertRaisesRegex(OneLogin_Saml2_Error, 'SAML LogoutRequest/LogoutResponse not found'): auth.process_slo(True) self.assertEqual(auth.get_errors(), ['invalid_binding']) def testProcessSLOResponseInvalid(self): """ Tests the process_slo method of the OneLogin_Saml2_Auth class Case Invalid Logout Response """ request_data = self.get_request() message = self.file_contents(join(self.data_path, 'logout_responses', 'logout_response_deflated.xml.base64')) request_data['get_data']['SAMLResponse'] = message auth = OneLogin_Saml2_Auth(request_data, old_settings=self.loadSettingsJSON()) auth.process_slo(True) self.assertEqual(len(auth.get_errors()), 0) auth.set_strict(True) auth.process_slo(True) # The Destination fails self.assertEqual(auth.get_errors(), ['invalid_logout_response']) auth.set_strict(False) auth.process_slo(True) self.assertEqual(len(auth.get_errors()), 0) def testProcessSLOResponseNoSucess(self): """ Tests the process_slo method of the OneLogin_Saml2_Auth class Case Logout Response not sucess """ request_data = self.get_request() message = self.file_contents(join(self.data_path, 'logout_responses', 'invalids', 'status_code_responder.xml.base64')) # In order to avoid the destination problem plain_message = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(message)) current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data) plain_message = plain_message.replace('http://stuff.com/endpoints/endpoints/sls.php', current_url) message = OneLogin_Saml2_Utils.deflate_and_base64_encode(plain_message) request_data['get_data']['SAMLResponse'] = message auth = OneLogin_Saml2_Auth(request_data, old_settings=self.loadSettingsJSON()) auth.set_strict(True) auth.process_slo(True) self.assertEqual(auth.get_errors(), ['logout_not_success']) def testProcessSLOResponseRequestId(self): """ Tests the process_slo method of the OneLogin_Saml2_Auth class Case Logout Response with valid and invalid Request ID """ request_data = self.get_request() message = self.file_contents(join(self.data_path, 'logout_responses', 'logout_response_deflated.xml.base64')) # In order to avoid the destination problem plain_message = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(message)) current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data) plain_message = plain_message.replace('http://stuff.com/endpoints/endpoints/sls.php', current_url) message = OneLogin_Saml2_Utils.deflate_and_base64_encode(plain_message) request_data['get_data']['SAMLResponse'] = message auth = OneLogin_Saml2_Auth(request_data, old_settings=self.loadSettingsJSON()) request_id = 'wrongID' auth.set_strict(True) auth.process_slo(True, request_id) self.assertEqual(auth.get_errors(), ['invalid_logout_response']) request_id = 'ONELOGIN_21584ccdfaca36a145ae990442dcd96bfe60151e' auth.process_slo(True, request_id) self.assertEqual(len(auth.get_errors()), 0) def testProcessSLOResponseValid(self): """ Tests the process_slo method of the OneLogin_Saml2_Auth class Case Valid Logout Response """ request_data = self.get_request() message = self.file_contents(join(self.data_path, 'logout_responses', 'logout_response_deflated.xml.base64')) # In order to avoid the destination problem plain_message = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(message)) current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data) plain_message = plain_message.replace('http://stuff.com/endpoints/endpoints/sls.php', current_url) message = OneLogin_Saml2_Utils.deflate_and_base64_encode(plain_message) request_data['get_data']['SAMLResponse'] = message auth = OneLogin_Saml2_Auth(request_data, old_settings=self.loadSettingsJSON()) # FIXME # if (!isset($_SESSION)) { # $_SESSION = array(); # } # $_SESSION['samltest'] = true; auth.set_strict(True) auth.process_slo(True) self.assertEqual(len(auth.get_errors()), 0) # FIXME # // Session keep alive # $this->assertTrue(isset($_SESSION['samltest'])); # $this->assertTrue($_SESSION['samltest']); def testProcessSLOResponseValidDeletingSession(self): """ Tests the process_slo method of the OneLogin_Saml2_Auth class Case Valid Logout Response, validating deleting the local session """ request_data = self.get_request() message = self.file_contents(join(self.data_path, 'logout_responses', 'logout_response_deflated.xml.base64')) # FIXME # if (!isset($_SESSION)) { # $_SESSION = array(); # } # $_SESSION['samltest'] = true; # In order to avoid the destination problem plain_message = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(message)) current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data) plain_message = plain_message.replace('http://stuff.com/endpoints/endpoints/sls.php', current_url) message = OneLogin_Saml2_Utils.deflate_and_base64_encode(plain_message) request_data['get_data']['SAMLResponse'] = message auth = OneLogin_Saml2_Auth(request_data, old_settings=self.loadSettingsJSON()) auth.set_strict(True) auth.process_slo(False) self.assertEqual(len(auth.get_errors()), 0) # FIXME # $this->assertFalse(isset($_SESSION['samltest'])); def testProcessSLORequestInvalidValid(self): """ Tests the process_slo method of the OneLogin_Saml2_Auth class Case Invalid Logout Request """ settings_info = self.loadSettingsJSON() request_data = self.get_request() message = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request_deflated.xml.base64')) request_data['get_data']['SAMLRequest'] = message auth = OneLogin_Saml2_Auth(request_data, old_settings=settings_info) target_url = auth.process_slo(True) parsed_query = parse_qs(urlparse(target_url)[4]) self.assertEqual(len(auth.get_errors()), 0) slo_url = settings_info['idp']['singleLogoutService']['url'] self.assertIn(slo_url, target_url) self.assertIn('SAMLResponse', parsed_query) # self.assertNotIn('RelayState', parsed_query) auth.set_strict(True) auth.process_slo(True) # Fail due destination missmatch self.assertEqual(auth.get_errors(), ['invalid_logout_request']) auth.set_strict(False) target_url_2 = auth.process_slo(True) parsed_query_2 = parse_qs(urlparse(target_url_2)[4]) self.assertEqual(len(auth.get_errors()), 0) slo_url = settings_info['idp']['singleLogoutService']['url'] self.assertIn(slo_url, target_url_2) self.assertIn('SAMLResponse', parsed_query_2) # self.assertNotIn('RelayState', parsed_query_2) def testProcessSLORequestNotOnOrAfterFailed(self): """ Tests the process_slo method of the OneLogin_Saml2_Auth class Case Logout Request NotOnOrAfter failed """ request_data = self.get_request() message = self.file_contents(join(self.data_path, 'logout_requests', 'invalids', 'not_after_failed.xml.base64')) # In order to avoid the destination problem plain_message = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(message)) current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data) plain_message = plain_message.replace('http://stuff.com/endpoints/endpoints/sls.php', current_url) message = OneLogin_Saml2_Utils.deflate_and_base64_encode(plain_message) request_data['get_data']['SAMLRequest'] = message auth = OneLogin_Saml2_Auth(request_data, old_settings=self.loadSettingsJSON()) auth.set_strict(True) auth.process_slo(True) self.assertEqual(auth.get_errors(), ['invalid_logout_request']) def testProcessSLORequestDeletingSession(self): """ Tests the process_slo method of the OneLogin_Saml2_Auth class Case Valid Logout Request, validating that the local session is deleted, a LogoutResponse is created and a redirection executed """ settings_info = self.loadSettingsJSON() request_data = self.get_request() message = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request_deflated.xml.base64')) # In order to avoid the destination problem plain_message = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(message)) current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data) plain_message = plain_message.replace('http://stuff.com/endpoints/endpoints/sls.php', current_url) message = OneLogin_Saml2_Utils.deflate_and_base64_encode(plain_message) request_data['get_data']['SAMLRequest'] = message # FIXME # if (!isset($_SESSION)) { # $_SESSION = array(); # } # $_SESSION['samltest'] = true; auth = OneLogin_Saml2_Auth(request_data, old_settings=settings_info) auth.set_strict(True) target_url = auth.process_slo(True) parsed_query = parse_qs(urlparse(target_url)[4]) slo_url = settings_info['idp']['singleLogoutService']['url'] self.assertIn(slo_url, target_url) self.assertIn('SAMLResponse', parsed_query) # self.assertNotIn('RelayState', parsed_query) # FIXME // Session is not alive # $this->assertFalse(isset($_SESSION['samltest'])); # $_SESSION['samltest'] = true; auth.set_strict(True) target_url_2 = auth.process_slo(True) target_url_2 = auth.process_slo(True) parsed_query_2 = parse_qs(urlparse(target_url_2)[4]) slo_url = settings_info['idp']['singleLogoutService']['url'] self.assertIn(slo_url, target_url_2) self.assertIn('SAMLResponse', parsed_query_2) # self.assertNotIn('RelayState', parsed_query_2) # FIXME // Session is alive # $this->assertTrue(isset($_SESSION['samltest'])); # $this->assertTrue($_SESSION['samltest']); def testProcessSLORequestRelayState(self): """ Tests the process_slo method of the OneLogin_Saml2_Auth class Case Valid Logout Request, validating the relayState, a LogoutResponse is created and a redirection executed """ settings_info = self.loadSettingsJSON() request_data = self.get_request() message = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request_deflated.xml.base64')) # In order to avoid the destination problem plain_message = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(message)) current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data) plain_message = plain_message.replace('http://stuff.com/endpoints/endpoints/sls.php', current_url) message = OneLogin_Saml2_Utils.deflate_and_base64_encode(plain_message) request_data['get_data']['SAMLRequest'] = message request_data['get_data']['RelayState'] = 'http://relaystate.com' auth = OneLogin_Saml2_Auth(request_data, old_settings=settings_info) auth.set_strict(True) target_url = auth.process_slo(False) parsed_query = parse_qs(urlparse(target_url)[4]) slo_url = settings_info['idp']['singleLogoutService']['url'] self.assertIn(slo_url, target_url) self.assertIn('SAMLResponse', parsed_query) self.assertIn('RelayState', parsed_query) self.assertIn('http://relaystate.com', parsed_query['RelayState']) def testProcessSLORequestSignedResponse(self): """ Tests the process_slo method of the OneLogin_Saml2_Auth class Case Valid Logout Request, validating the relayState, a signed LogoutResponse is created and a redirection executed """ settings_info = self.loadSettingsJSON() settings_info['security']['logoutResponseSigned'] = True request_data = self.get_request() message = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request_deflated.xml.base64')) # In order to avoid the destination problem plain_message = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(message)) current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data) plain_message = plain_message.replace('http://stuff.com/endpoints/endpoints/sls.php', current_url) message = OneLogin_Saml2_Utils.deflate_and_base64_encode(plain_message) request_data['get_data']['SAMLRequest'] = message request_data['get_data']['RelayState'] = 'http://relaystate.com' auth = OneLogin_Saml2_Auth(request_data, old_settings=settings_info) auth.set_strict(True) target_url = auth.process_slo(False) parsed_query = parse_qs(urlparse(target_url)[4]) slo_url = settings_info['idp']['singleLogoutService']['url'] self.assertIn(slo_url, target_url) self.assertIn('SAMLResponse', parsed_query) self.assertIn('RelayState', parsed_query) self.assertIn('SigAlg', parsed_query) self.assertIn('Signature', parsed_query) self.assertIn('http://relaystate.com', parsed_query['RelayState']) self.assertIn(OneLogin_Saml2_Constants.RSA_SHA1, parsed_query['SigAlg']) def testLogin(self): """ Tests the login method of the OneLogin_Saml2_Auth class Case Login with no parameters. An AuthnRequest is built an redirect executed """ settings_info = self.loadSettingsJSON() request_data = self.get_request() auth = OneLogin_Saml2_Auth(request_data, old_settings=settings_info) target_url = auth.login() parsed_query = parse_qs(urlparse(target_url)[4]) sso_url = settings_info['idp']['singleSignOnService']['url'] self.assertIn(sso_url, target_url) self.assertIn('SAMLRequest', parsed_query) self.assertIn('RelayState', parsed_query) hostname = OneLogin_Saml2_Utils.get_self_host(request_data) self.assertIn(u'http://%s/index.html' % hostname, parsed_query['RelayState']) def testLoginWithRelayState(self): """ Tests the login method of the OneLogin_Saml2_Auth class Case Login with relayState. An AuthnRequest is built with a the RelayState in the assertion is built and redirect executed """ settings_info = self.loadSettingsJSON() auth = OneLogin_Saml2_Auth(self.get_request(), old_settings=settings_info) relay_state = 'http://sp.example.com' target_url = auth.login(relay_state) parsed_query = parse_qs(urlparse(target_url)[4]) sso_url = settings_info['idp']['singleSignOnService']['url'] self.assertIn(sso_url, target_url) self.assertIn('SAMLRequest', parsed_query) self.assertIn('RelayState', parsed_query) self.assertIn(relay_state, parsed_query['RelayState']) def testLoginSigned(self): """ Tests the login method of the OneLogin_Saml2_Auth class Case Login signed. An AuthnRequest signed is built an redirect executed """ settings_info = self.loadSettingsJSON() settings_info['security']['authnRequestsSigned'] = True auth = OneLogin_Saml2_Auth(self.get_request(), old_settings=settings_info) return_to = u'http://example.com/returnto' target_url = auth.login(return_to) parsed_query = parse_qs(urlparse(target_url)[4]) sso_url = settings_info['idp']['singleSignOnService']['url'] self.assertIn(sso_url, target_url) self.assertIn('SAMLRequest', parsed_query) self.assertIn('RelayState', parsed_query) self.assertIn('SigAlg', parsed_query) self.assertIn('Signature', parsed_query) self.assertIn(return_to, parsed_query['RelayState']) self.assertIn(OneLogin_Saml2_Constants.RSA_SHA1, parsed_query['SigAlg']) def testLoginForceAuthN(self): """ Tests the login method of the OneLogin_Saml2_Auth class Case AuthN Request is built with ForceAuthn and redirect executed """ settings_info = self.loadSettingsJSON() return_to = u'http://example.com/returnto' auth = OneLogin_Saml2_Auth(self.get_request(), old_settings=settings_info) target_url = auth.login(return_to) parsed_query = parse_qs(urlparse(target_url)[4]) sso_url = settings_info['idp']['singleSignOnService']['url'] self.assertIn(sso_url, target_url) self.assertIn('SAMLRequest', parsed_query) request = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(parsed_query['SAMLRequest'][0])) self.assertNotIn('ForceAuthn="true"', request) auth_2 = OneLogin_Saml2_Auth(self.get_request(), old_settings=settings_info) target_url_2 = auth_2.login(return_to, False, False) parsed_query_2 = parse_qs(urlparse(target_url_2)[4]) self.assertIn(sso_url, target_url_2) self.assertIn('SAMLRequest', parsed_query_2) request_2 = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(parsed_query_2['SAMLRequest'][0])) self.assertNotIn('ForceAuthn="true"', request_2) auth_3 = OneLogin_Saml2_Auth(self.get_request(), old_settings=settings_info) target_url_3 = auth_3.login(return_to, True, False) parsed_query_3 = parse_qs(urlparse(target_url_3)[4]) self.assertIn(sso_url, target_url_3) self.assertIn('SAMLRequest', parsed_query_3) request_3 = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(parsed_query_3['SAMLRequest'][0])) self.assertIn('ForceAuthn="true"', request_3) def testLoginIsPassive(self): """ Tests the login method of the OneLogin_Saml2_Auth class Case AuthN Request is built with IsPassive and redirect executed """ settings_info = self.loadSettingsJSON() return_to = u'http://example.com/returnto' settings_info['idp']['singleSignOnService']['url'] auth = OneLogin_Saml2_Auth(self.get_request(), old_settings=settings_info) target_url = auth.login(return_to) parsed_query = parse_qs(urlparse(target_url)[4]) sso_url = settings_info['idp']['singleSignOnService']['url'] self.assertIn(sso_url, target_url) self.assertIn('SAMLRequest', parsed_query) request = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(parsed_query['SAMLRequest'][0])) self.assertNotIn('IsPassive="true"', request) auth_2 = OneLogin_Saml2_Auth(self.get_request(), old_settings=settings_info) target_url_2 = auth_2.login(return_to, False, False) parsed_query_2 = parse_qs(urlparse(target_url_2)[4]) self.assertIn(sso_url, target_url_2) self.assertIn('SAMLRequest', parsed_query_2) request_2 = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(parsed_query_2['SAMLRequest'][0])) self.assertNotIn('IsPassive="true"', request_2) auth_3 = OneLogin_Saml2_Auth(self.get_request(), old_settings=settings_info) target_url_3 = auth_3.login(return_to, False, True) parsed_query_3 = parse_qs(urlparse(target_url_3)[4]) self.assertIn(sso_url, target_url_3) self.assertIn('SAMLRequest', parsed_query_3) request_3 = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(parsed_query_3['SAMLRequest'][0])) self.assertIn('IsPassive="true"', request_3) def testLoginSetNameIDPolicy(self): """ Tests the login method of the OneLogin_Saml2_Auth class Case AuthN Request is built with and without NameIDPolicy """ settings_info = self.loadSettingsJSON() return_to = u'http://example.com/returnto' settings_info['idp']['singleSignOnService']['url'] auth = OneLogin_Saml2_Auth(self.get_request(), old_settings=settings_info) target_url = auth.login(return_to) parsed_query = parse_qs(urlparse(target_url)[4]) sso_url = settings_info['idp']['singleSignOnService']['url'] self.assertIn(sso_url, target_url) self.assertIn('SAMLRequest', parsed_query) request = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(parsed_query['SAMLRequest'][0])) self.assertIn('', request) self.assertNotIn('', request_2) self.assertIn('Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">testuser@example.com', request_2) self.assertIn('', request_2) settings_info['sp']['NameIDFormat'] = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress' auth_3 = OneLogin_Saml2_Auth(self.get_request(), old_settings=settings_info) target_url_3 = auth_3.login(return_to, name_id_value_req='testuser@example.com') parsed_query_3 = parse_qs(urlparse(target_url_3)[4]) self.assertIn(sso_url, target_url_3) self.assertIn('SAMLRequest', parsed_query_3) request_3 = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(parsed_query_3['SAMLRequest'][0])) self.assertIn('', request_3) self.assertIn('Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">testuser@example.com', request_3) self.assertIn('', request_3) def testLogout(self): """ Tests the logout method of the OneLogin_Saml2_Auth class Case Logout with no parameters. A logout Request is built and redirect executed """ settings_info = self.loadSettingsJSON() request_data = self.get_request() auth = OneLogin_Saml2_Auth(request_data, old_settings=settings_info) target_url = auth.logout() parsed_query = parse_qs(urlparse(target_url)[4]) slo_url = settings_info['idp']['singleLogoutService']['url'] self.assertIn(slo_url, target_url) self.assertIn('SAMLRequest', parsed_query) self.assertIn('RelayState', parsed_query) hostname = OneLogin_Saml2_Utils.get_self_host(request_data) self.assertIn(u'http://%s/index.html' % hostname, parsed_query['RelayState']) def testLogoutWithRelayState(self): """ Tests the logout method of the OneLogin_Saml2_Auth class Case Logout with relayState. A logout Request with a the RelayState in the assertion is built and redirect executed """ settings_info = self.loadSettingsJSON() auth = OneLogin_Saml2_Auth(self.get_request(), old_settings=settings_info) relay_state = 'http://sp.example.com' target_url = auth.logout(relay_state) parsed_query = parse_qs(urlparse(target_url)[4]) slo_url = settings_info['idp']['singleLogoutService']['url'] self.assertIn(slo_url, target_url) self.assertIn('SAMLRequest', parsed_query) self.assertIn('RelayState', parsed_query) self.assertIn(relay_state, parsed_query['RelayState']) def testLogoutSigned(self): """ Tests the logout method of the OneLogin_Saml2_Auth class Case Logout signed. A logout Request signed in the assertion is built and redirect executed """ settings_info = self.loadSettingsJSON() settings_info['security']['logoutRequestSigned'] = True auth = OneLogin_Saml2_Auth(self.get_request(), old_settings=settings_info) return_to = u'http://example.com/returnto' target_url = auth.logout(return_to) parsed_query = parse_qs(urlparse(target_url)[4]) slo_url = settings_info['idp']['singleLogoutService']['url'] self.assertIn(slo_url, target_url) self.assertIn('SAMLRequest', parsed_query) self.assertIn('RelayState', parsed_query) self.assertIn('SigAlg', parsed_query) self.assertIn('Signature', parsed_query) self.assertIn(return_to, parsed_query['RelayState']) self.assertIn(OneLogin_Saml2_Constants.RSA_SHA1, parsed_query['SigAlg']) def testLogoutNoSLO(self): """ Tests the logout method of the OneLogin_Saml2_Auth class Case IdP no SLO endpoint. """ settings_info = self.loadSettingsJSON() del settings_info['idp']['singleLogoutService'] auth = OneLogin_Saml2_Auth(self.get_request(), old_settings=settings_info) # The Header of the redirect produces an Exception with self.assertRaisesRegex(OneLogin_Saml2_Error, 'The IdP does not support Single Log Out'): auth.logout('http://example.com/returnto') def testLogoutNameIDandSessionIndex(self): """ Tests the logout method of the OneLogin_Saml2_Auth class Case nameID and sessionIndex as parameters. """ settings_info = self.loadSettingsJSON() request_data = self.get_request() auth = OneLogin_Saml2_Auth(request_data, old_settings=settings_info) name_id = 'name_id_example' session_index = 'session_index_example' target_url = auth.logout(name_id=name_id, session_index=session_index) parsed_query = parse_qs(urlparse(target_url)[4]) slo_url = settings_info['idp']['singleLogoutService']['url'] self.assertIn(slo_url, target_url) self.assertIn('SAMLRequest', parsed_query) logout_request = OneLogin_Saml2_Utils.decode_base64_and_inflate(parsed_query['SAMLRequest'][0]) name_id_from_request = OneLogin_Saml2_Logout_Request.get_nameid(logout_request) sessions_index_in_request = OneLogin_Saml2_Logout_Request.get_session_indexes(logout_request) self.assertIn(session_index, sessions_index_in_request) self.assertEqual(name_id, name_id_from_request) def testLogoutNameID(self): """ Tests the logout method of the OneLogin_Saml2_Auth class Case nameID loaded after process SAML Response """ request_data = self.get_request() message = self.file_contents(join(self.data_path, 'responses', 'valid_response.xml.base64')) del request_data['get_data'] request_data['post_data'] = { 'SAMLResponse': message } auth = OneLogin_Saml2_Auth(request_data, old_settings=self.loadSettingsJSON()) auth.process_response() name_id_from_response = auth.get_nameid() name_id_format_from_response = auth.get_nameid_format() target_url = auth.logout() parsed_query = parse_qs(urlparse(target_url)[4]) self.assertIn('SAMLRequest', parsed_query) logout_request = OneLogin_Saml2_Utils.decode_base64_and_inflate(parsed_query['SAMLRequest'][0]) name_id_from_request = OneLogin_Saml2_Logout_Request.get_nameid(logout_request) name_id_format_from_request = OneLogin_Saml2_Logout_Request.get_nameid_format(logout_request) self.assertEqual(name_id_from_response, name_id_from_request) self.assertEqual(name_id_format_from_response, name_id_format_from_request) new_name_id = "new_name_id" new_name_id_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" target_url_2 = auth.logout(name_id=new_name_id, name_id_format=new_name_id_format) parsed_query = parse_qs(urlparse(target_url_2)[4]) self.assertIn('SAMLRequest', parsed_query) logout_request = OneLogin_Saml2_Utils.decode_base64_and_inflate(parsed_query['SAMLRequest'][0]) name_id_from_request = OneLogin_Saml2_Logout_Request.get_nameid(logout_request) name_id_format_from_request = OneLogin_Saml2_Logout_Request.get_nameid_format(logout_request) self.assertEqual(new_name_id, name_id_from_request) self.assertEqual(new_name_id_format, name_id_format_from_request) def testSetStrict(self): """ Tests the set_strict method of the OneLogin_Saml2_Auth """ settings_info = self.loadSettingsJSON() settings_info['strict'] = False auth = OneLogin_Saml2_Auth(self.get_request(), old_settings=settings_info) settings = auth.get_settings() self.assertFalse(settings.is_strict()) auth.set_strict(True) settings = auth.get_settings() self.assertTrue(settings.is_strict()) auth.set_strict(False) settings = auth.get_settings() self.assertFalse(settings.is_strict()) self.assertRaises(AssertionError, auth.set_strict, '42') def testIsAuthenticated(self): """ Tests the is_authenticated method of the OneLogin_Saml2_Auth """ request_data = self.get_request() del request_data['get_data'] message = self.file_contents(join(self.data_path, 'responses', 'response1.xml.base64')) request_data['post_data'] = { 'SAMLResponse': message } auth = OneLogin_Saml2_Auth(request_data, old_settings=self.loadSettingsJSON()) auth.process_response() self.assertFalse(auth.is_authenticated()) message = self.file_contents(join(self.data_path, 'responses', 'valid_response.xml.base64')) request_data['post_data'] = { 'SAMLResponse': message } auth = OneLogin_Saml2_Auth(request_data, old_settings=self.loadSettingsJSON()) auth.process_response() self.assertTrue(auth.is_authenticated()) def testGetNameId(self): """ Tests the get_nameid method of the OneLogin_Saml2_Auth """ settings = self.loadSettingsJSON() request_data = self.get_request() del request_data['get_data'] message = self.file_contents(join(self.data_path, 'responses', 'response1.xml.base64')) request_data['post_data'] = { 'SAMLResponse': message } auth = OneLogin_Saml2_Auth(request_data, old_settings=settings) auth.process_response() self.assertFalse(auth.is_authenticated()) self.assertEqual(auth.get_nameid(), None) message = self.file_contents(join(self.data_path, 'responses', 'valid_response.xml.base64')) request_data['post_data'] = { 'SAMLResponse': message } auth = OneLogin_Saml2_Auth(request_data, old_settings=settings) auth.process_response() self.assertTrue(auth.is_authenticated()) self.assertEqual("492882615acf31c8096b627245d76ae53036c090", auth.get_nameid()) settings_2 = self.loadSettingsJSON('settings2.json') message = self.file_contents(join(self.data_path, 'responses', 'signed_message_encrypted_assertion2.xml.base64')) request_data['post_data'] = { 'SAMLResponse': message } auth = OneLogin_Saml2_Auth(request_data, old_settings=settings_2) auth.process_response() self.assertTrue(auth.is_authenticated()) self.assertEqual("25ddd7d34a7d79db69167625cda56a320adf2876", auth.get_nameid()) def testGetNameIdFormat(self): """ Tests the get_nameid_format method of the OneLogin_Saml2_Auth """ settings = self.loadSettingsJSON() request_data = self.get_request() del request_data['get_data'] message = self.file_contents(join(self.data_path, 'responses', 'response1.xml.base64')) request_data['post_data'] = { 'SAMLResponse': message } auth = OneLogin_Saml2_Auth(request_data, old_settings=settings) auth.process_response() self.assertFalse(auth.is_authenticated()) self.assertEqual(auth.get_nameid_format(), None) message = self.file_contents(join(self.data_path, 'responses', 'valid_response.xml.base64')) request_data['post_data'] = { 'SAMLResponse': message } auth = OneLogin_Saml2_Auth(request_data, old_settings=settings) auth.process_response() self.assertTrue(auth.is_authenticated()) self.assertEqual("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", auth.get_nameid_format()) settings_2 = self.loadSettingsJSON('settings2.json') message = self.file_contents(join(self.data_path, 'responses', 'signed_message_encrypted_assertion2.xml.base64')) request_data['post_data'] = { 'SAMLResponse': message } auth = OneLogin_Saml2_Auth(request_data, old_settings=settings_2) auth.process_response() self.assertTrue(auth.is_authenticated()) self.assertEqual("urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified", auth.get_nameid_format()) def testGetNameIdNameQualifier(self): """ Tests the get_nameid_nq method of the OneLogin_Saml2_Auth """ settings = self.loadSettingsJSON() message = self.file_contents(join(self.data_path, 'responses', 'valid_response_with_namequalifier.xml.base64')) request_data = self.get_request() request_data['post_data'] = { 'SAMLResponse': message } auth = OneLogin_Saml2_Auth(request_data, old_settings=settings) self.assertIsNone(auth.get_nameid_nq()) auth.process_response() self.assertTrue(auth.is_authenticated()) self.assertEqual("https://test.example.com/saml/metadata", auth.get_nameid_nq()) def testGetNameIdNameQualifier2(self): """ Tests the get_nameid_nq method of the OneLogin_Saml2_Auth """ settings = self.loadSettingsJSON() message = self.file_contents(join(self.data_path, 'responses', 'valid_response.xml.base64')) request_data = self.get_request() request_data['post_data'] = { 'SAMLResponse': message } auth = OneLogin_Saml2_Auth(request_data, old_settings=settings) self.assertIsNone(auth.get_nameid_nq()) auth.process_response() self.assertTrue(auth.is_authenticated()) self.assertIsNone(auth.get_nameid_nq()) def testGetNameIdSPNameQualifier(self): """ Tests the get_nameid_spnq method of the OneLogin_Saml2_Auth """ settings = self.loadSettingsJSON() message = self.file_contents(join(self.data_path, 'responses', 'valid_response_with_namequalifier.xml.base64')) request_data = self.get_request() request_data['post_data'] = { 'SAMLResponse': message } auth = OneLogin_Saml2_Auth(request_data, old_settings=settings) self.assertIsNone(auth.get_nameid_spnq()) auth.process_response() self.assertTrue(auth.is_authenticated()) self.assertIsNone(auth.get_nameid_spnq()) def testGetNameIdSPNameQualifier2(self): """ Tests the get_nameid_spnq method of the OneLogin_Saml2_Auth """ settings = self.loadSettingsJSON() message = self.file_contents(join(self.data_path, 'responses', 'valid_response.xml.base64')) request_data = self.get_request() request_data['post_data'] = { 'SAMLResponse': message } auth = OneLogin_Saml2_Auth(request_data, old_settings=settings) self.assertIsNone(auth.get_nameid_spnq()) auth.process_response() self.assertTrue(auth.is_authenticated()) self.assertEqual("http://stuff.com/endpoints/metadata.php", auth.get_nameid_spnq()) def testBuildRequestSignature(self): """ Tests the build_request_signature method of the OneLogin_Saml2_Auth """ settings = self.loadSettingsJSON() message = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request_deflated.xml.base64')) relay_state = 'http://relaystate.com' parameters = {"SAMLRequest": message, "RelayState": relay_state} auth = OneLogin_Saml2_Auth(self.get_request(), old_settings=settings) auth.add_request_signature(parameters) valid_signature = 'Pb1EXAX5TyipSJ1SndEKZstLQTsT+1D00IZAhEepBM+OkAZQSToivu3njgJu47HZiZAqgXZFgloBuuWE/+GdcSsRYEMkEkiSDWTpUr25zKYLJDSg6GNo6iAHsKSuFt46Z54Xe/keYxYP03Hdy97EwuuSjBzzgRc5tmpV+KC7+a0=' self.assertEqual(valid_signature, parameters["Signature"]) settings['sp']['privateKey'] = '' settings['custom_base_path'] = u'invalid/path/' auth2 = OneLogin_Saml2_Auth(self.get_request(), old_settings=settings) with self.assertRaisesRegex(OneLogin_Saml2_Error, "Trying to sign the SAMLRequest but can't load the SP private key"): auth2.add_request_signature(parameters) def testBuildResponseSignature(self): """ Tests the build_response_signature method of the OneLogin_Saml2_Auth """ settings = self.loadSettingsJSON() message = self.file_contents(join(self.data_path, 'logout_responses', 'logout_response_deflated.xml.base64')) relay_state = 'http://relaystate.com' auth = OneLogin_Saml2_Auth(self.get_request(), old_settings=settings) parameters = {"SAMLResponse": message, 'RelayState': relay_state} auth.add_response_signature(parameters) valid_signature = 'IcyWLRX6Dz3wHBfpcUaNLVDMGM3uo6z2Z11Gjq0/APPJaHboKGljffsgMVAGBml497yckq+eYKmmz+jpURV9yTj2sF9qfD6CwX2dEzSzMdRzB40X7pWyHgEJGIhs6BhaOt5oXEk4T+h3AczERqpVYFpL00yo7FNtyQkhZFpHFhM=' self.assertEqual(valid_signature, parameters['Signature']) settings['sp']['privateKey'] = '' settings['custom_base_path'] = u'invalid/path/' auth2 = OneLogin_Saml2_Auth(self.get_request(), old_settings=settings) with self.assertRaisesRegex(OneLogin_Saml2_Error, "Trying to sign the SAMLResponse but can't load the SP private key"): auth2.add_response_signature(parameters) def testIsInValidLogoutResponseSign(self): """ Tests the is_valid method of the OneLogin_Saml2_LogoutResponse """ request_data = { 'http_host': 'example.com', 'script_name': 'index.html', 'get_data': {} } settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) settings.set_strict(False) request_data['get_data'] = { 'SAMLResponse': 'fZJva8IwEMa/Ssl7TZrW/gnqGHMMwSlM8cXeyLU9NaxNQi9lfvxVZczB5ptwSe733MPdjQma2qmFPdjOvyE5awiDU1MbUpevCetaoyyQJmWgQVK+VOvH14WSQ6Fca70tbc1ukPsEEGHrtTUsmM8mbDfKUhnFci8gliGINI/yXIAAiYnsw6JIRgWWAKlkwRZb6skJ64V6nKjDuSEPxvdPIowHIhpIsQkTFaYqSt9ZMEPy2oC/UEfvHSnOnfZFV38MjR1oN7TtgRv8tAZre9CGV9jYkGtT4Wnoju6Bauprme/ebOyErZbPi9XLfLnDoohwhHGc5WVSVhjCKM6rBMpYQpWJrIizfZ4IZNPxuTPqYrmd/m+EdONqPOfy8yG5rhxv0EMFHs52xvxWaHyd3tqD7+j37clWGGyh7vD+POiSrdZdWSIR49NrhR9R/teGTL8A', 'RelayState': 'https://pitbulk.no-ip.org/newonelogin/demo1/index.php', 'SigAlg': 'http://www.w3.org/2000/09/xmldsig#rsa-sha1', 'Signature': 'vfWbbc47PkP3ejx4bjKsRX7lo9Ml1WRoE5J5owF/0mnyKHfSY6XbhO1wwjBV5vWdrUVX+xp6slHyAf4YoAsXFS0qhan6txDiZY4Oec6yE+l10iZbzvie06I4GPak4QrQ4gAyXOSzwCrRmJu4gnpeUxZ6IqKtdrKfAYRAcVfNKGA=' } auth = OneLogin_Saml2_Auth(request_data, old_settings=settings) auth.process_slo() self.assertEqual([], auth.get_errors()) relay_state = request_data['get_data']['RelayState'] del request_data['get_data']['RelayState'] auth = OneLogin_Saml2_Auth(request_data, old_settings=settings) auth.process_slo() self.assertIn("invalid_logout_response_signature", auth.get_errors()) request_data['get_data']['RelayState'] = relay_state settings.set_strict(True) auth = OneLogin_Saml2_Auth(request_data, old_settings=settings) auth.process_slo() self.assertIn('invalid_logout_response', auth.get_errors()) settings.set_strict(False) old_signature = request_data['get_data']['Signature'] request_data['get_data']['Signature'] = 'vfWbbc47PkP3ejx4bjKsRX7lo9Ml1WRoE5J5owF/0mnyKHfSY6XbhO1wwjBV5vWdrUVX+xp6slHyAf4YoAsXFS0qhan6txDiZY4Oec6yE+l10iZbzvie06I4GPak4QrQ4gAyXOSzwCrRmJu4gnpeUxZ6IqKtdrKfAYRAcVf3333=' auth = OneLogin_Saml2_Auth(request_data, old_settings=settings) auth.process_slo() self.assertIn('invalid_logout_response_signature', auth.get_errors()) request_data['get_data']['Signature'] = old_signature old_signature_algorithm = request_data['get_data']['SigAlg'] del request_data['get_data']['SigAlg'] auth = OneLogin_Saml2_Auth(request_data, old_settings=settings) auth.process_slo() self.assertEqual([], auth.get_errors()) request_data['get_data']['RelayState'] = 'http://example.com/relaystate' auth = OneLogin_Saml2_Auth(request_data, old_settings=settings) auth.process_slo() self.assertIn('invalid_logout_response_signature', auth.get_errors()) settings.set_strict(True) current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data) plain_message_6 = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(request_data['get_data']['SAMLResponse'])) plain_message_6 = plain_message_6.replace('https://pitbulk.no-ip.org/newonelogin/demo1/index.php?sls', current_url) plain_message_6 = plain_message_6.replace('https://pitbulk.no-ip.org/simplesaml/saml2/idp/metadata.php', 'http://idp.example.com/') request_data['get_data']['SAMLResponse'] = compat.to_string(OneLogin_Saml2_Utils.deflate_and_base64_encode(plain_message_6)) auth = OneLogin_Saml2_Auth(request_data, old_settings=settings) auth.process_slo() self.assertIn('invalid_logout_response_signature', auth.get_errors()) settings.set_strict(False) auth = OneLogin_Saml2_Auth(request_data, old_settings=settings) auth.process_slo() self.assertIn('invalid_logout_response_signature', auth.get_errors()) request_data['get_data']['SigAlg'] = 'http://www.w3.org/2000/09/xmldsig#dsa-sha1' auth = OneLogin_Saml2_Auth(request_data, old_settings=settings) auth.process_slo() self.assertIn('invalid_logout_response_signature', auth.get_errors()) settings_info = self.loadSettingsJSON() settings_info['strict'] = True settings_info['security']['wantMessagesSigned'] = True settings = OneLogin_Saml2_Settings(settings_info) request_data['get_data']['SigAlg'] = old_signature_algorithm old_signature = request_data['get_data']['Signature'] del request_data['get_data']['Signature'] request_data['get_data']['SAMLResponse'] = OneLogin_Saml2_Utils.deflate_and_base64_encode(plain_message_6) auth = OneLogin_Saml2_Auth(request_data, old_settings=settings) auth.process_slo() self.assertIn('Signature validation failed. Logout Response rejected', auth.get_errors()) request_data['get_data']['Signature'] = old_signature settings_info['idp']['certFingerprint'] = 'afe71c28ef740bc87425be13a2263d37971da1f9' del settings_info['idp']['x509cert'] settings_2 = OneLogin_Saml2_Settings(settings_info) auth = OneLogin_Saml2_Auth(request_data, old_settings=settings_2) auth.process_slo() self.assertIn('Signature validation failed. Logout Response rejected', auth.get_errors()) def testIsValidLogoutRequestSign(self): """ Tests the is_valid method of the OneLogin_Saml2_LogoutRequest """ request_data = { 'http_host': 'example.com', 'script_name': 'index.html', 'get_data': { 'SAMLRequest': 'lVLBitswEP0Vo7tjeWzJtki8LIRCYLvbNksPewmyPc6K2pJqyXQ/v1LSQlroQi/DMJr33rwZbZ2cJysezNms/gt+X9H55G2etBOXlx1ZFy2MdMoJLWd0wvfieP/xQcCGCrsYb3ozkRvI+wjpHC5eGU2Sw35HTg3lA8hqZFwWFcMKsStpxbEsxoLXeQN9OdY1VAgk+YqLC8gdCUQB7tyKB+281D6UaF6mtEiBPudcABcMXkiyD26Ulv6CevXeOpFlVvlunb5ttEmV3ZjlnGn8YTRO5qx0NuBs8kzpAd829tXeucmR5NH4J/203I8el6gFRUqbFPJnyEV51Wq30by4TLW0/9ZyarYTxt4sBsjUYLMZvRykl1Fxm90SXVkfwx4P++T4KSafVzmpUcVJ/sfSrQZJPphllv79W8WKGtLx0ir8IrVTqD1pT2MH3QAMSs4KTvui71jeFFiwirOmprwPkYW063+5uRq4urHiiC4e8hCX3J5wqAEGaPpw9XB5JmkBdeDqSlkz6CmUXdl0Qae5kv2F/1384wu3PwE=', 'RelayState': '_1037fbc88ec82ce8e770b2bed1119747bb812a07e6', 'SigAlg': 'http://www.w3.org/2000/09/xmldsig#rsa-sha1', 'Signature': 'XCwCyI5cs7WhiJlB5ktSlWxSBxv+6q2xT3c8L7dLV6NQG9LHWhN7gf8qNsahSXfCzA0Ey9dp5BQ0EdRvAk2DIzKmJY6e3hvAIEp1zglHNjzkgcQmZCcrkK9Czi2Y1WkjOwR/WgUTUWsGJAVqVvlRZuS3zk3nxMrLH6f7toyvuJc=' } } settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data) request = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(request_data['get_data']['SAMLRequest'])) settings.set_strict(False) auth = OneLogin_Saml2_Auth(request_data, old_settings=settings) auth.process_slo() self.assertEqual([], auth.get_errors()) relay_state = request_data['get_data']['RelayState'] del request_data['get_data']['RelayState'] auth = OneLogin_Saml2_Auth(request_data, old_settings=settings) auth.process_slo() self.assertIn('invalid_logout_request_signature', auth.get_errors()) request_data['get_data']['RelayState'] = relay_state settings.set_strict(True) auth = OneLogin_Saml2_Auth(request_data, old_settings=settings) auth.process_slo() self.assertIn('invalid_logout_request', auth.get_errors()) settings.set_strict(False) old_signature = request_data['get_data']['Signature'] request_data['get_data']['Signature'] = 'vfWbbc47PkP3ejx4bjKsRX7lo9Ml1WRoE5J5owF/0mnyKHfSY6XbhO1wwjBV5vWdrUVX+xp6slHyAf4YoAsXFS0qhan6txDiZY4Oec6yE+l10iZbzvie06I4GPak4QrQ4gAyXOSzwCrRmJu4gnpeUxZ6IqKtdrKfAYRAcVf3333=' auth = OneLogin_Saml2_Auth(request_data, old_settings=settings) auth.process_slo() self.assertIn('invalid_logout_request_signature', auth.get_errors()) request_data['get_data']['Signature'] = old_signature old_signature_algorithm = request_data['get_data']['SigAlg'] del request_data['get_data']['SigAlg'] auth = OneLogin_Saml2_Auth(request_data, old_settings=settings) auth.process_slo() self.assertEqual([], auth.get_errors()) settings.set_strict(True) request_2 = request.replace('https://pitbulk.no-ip.org/newonelogin/demo1/index.php?sls', current_url) request_2 = request_2.replace('https://pitbulk.no-ip.org/simplesaml/saml2/idp/metadata.php', 'http://idp.example.com/') request_data['get_data']['SAMLRequest'] = OneLogin_Saml2_Utils.deflate_and_base64_encode(request_2) auth = OneLogin_Saml2_Auth(request_data, old_settings=settings) auth.process_slo() self.assertIn('invalid_logout_request_signature', auth.get_errors()) settings.set_strict(False) auth = OneLogin_Saml2_Auth(request_data, old_settings=settings) auth.process_slo() self.assertIn('invalid_logout_request_signature', auth.get_errors()) request_data['get_data']['SigAlg'] = 'http://www.w3.org/2000/09/xmldsig#dsa-sha1' auth = OneLogin_Saml2_Auth(request_data, old_settings=settings) auth.process_slo() self.assertIn('invalid_logout_request_signature', auth.get_errors()) settings_info = self.loadSettingsJSON() settings_info['strict'] = True settings_info['security']['wantMessagesSigned'] = True settings = OneLogin_Saml2_Settings(settings_info) request_data['get_data']['SigAlg'] = old_signature_algorithm old_signature = request_data['get_data']['Signature'] del request_data['get_data']['Signature'] auth = OneLogin_Saml2_Auth(request_data, old_settings=settings) auth.process_slo() self.assertIn('Signature validation failed. Logout Request rejected', auth.get_errors()) request_data['get_data']['Signature'] = old_signature settings_info['idp']['certFingerprint'] = 'afe71c28ef740bc87425be13a2263d37971da1f9' del settings_info['idp']['x509cert'] settings_2 = OneLogin_Saml2_Settings(settings_info) auth = OneLogin_Saml2_Auth(request_data, old_settings=settings_2) auth.process_slo() self.assertIn('Signature validation failed. Logout Request rejected', auth.get_errors()) def testGetLastRequestID(self): settings_info = self.loadSettingsJSON() request_data = self.get_request() auth = OneLogin_Saml2_Auth(request_data, old_settings=settings_info) auth.login() id1 = auth.get_last_request_id() self.assertNotEqual(id1, None) auth.logout() id2 = auth.get_last_request_id() self.assertNotEqual(id2, None) self.assertNotEqual(id1, id2) def testGetLastSAMLResponse(self): settings = self.loadSettingsJSON() message = self.file_contents(join(self.data_path, 'responses', 'signed_message_response.xml.base64')) message_wrapper = {'post_data': {'SAMLResponse': message}} auth = OneLogin_Saml2_Auth(message_wrapper, old_settings=settings) auth.process_response() expected_message = self.file_contents(join(self.data_path, 'responses', 'pretty_signed_message_response.xml')) self.assertEqual(auth.get_last_response_xml(True), expected_message) # with encrypted assertion message = self.file_contents(join(self.data_path, 'responses', 'valid_encrypted_assertion.xml.base64')) message_wrapper = {'post_data': {'SAMLResponse': message}} auth = OneLogin_Saml2_Auth(message_wrapper, old_settings=settings) auth.process_response() decrypted_response = self.file_contents(join(self.data_path, 'responses', 'decrypted_valid_encrypted_assertion.xml')) self.assertEqual(auth.get_last_response_xml(False), decrypted_response) pretty_decrypted_response = self.file_contents(join(self.data_path, 'responses', 'pretty_decrypted_valid_encrypted_assertion.xml')) self.assertEqual(auth.get_last_response_xml(True), pretty_decrypted_response) def testGetLastAuthnRequest(self): settings = self.loadSettingsJSON() auth = OneLogin_Saml2_Auth({'http_host': 'localhost', 'script_name': 'thing'}, old_settings=settings) auth.login() expectedFragment = ( ' Destination="http://idp.example.com/SSOService.php"\n' ' ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"\n' ' AssertionConsumerServiceURL="http://stuff.com/endpoints/endpoints/acs.php">\n' ' http://stuff.com/endpoints/metadata.php\n' ' \n' ' \n' ' urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport\n' ' \n' ) self.assertIn(expectedFragment, auth.get_last_request_xml()) def testGetLastAuthnContexts(self): settings = self.loadSettingsJSON() request_data = self.get_request() message = self.file_contents( join(self.data_path, 'responses', 'valid_response.xml.base64')) del request_data['get_data'] request_data['post_data'] = { 'SAMLResponse': message } auth = OneLogin_Saml2_Auth(request_data, old_settings=settings) auth.process_response() self.assertEqual(auth.get_last_authn_contexts(), ['urn:oasis:names:tc:SAML:2.0:ac:classes:Password']) def testGetLastLogoutRequest(self): settings = self.loadSettingsJSON() auth = OneLogin_Saml2_Auth({'http_host': 'localhost', 'script_name': 'thing'}, old_settings=settings) auth.logout() expectedFragment = ( ' Destination="http://idp.example.com/SingleLogoutService.php">\n' ' http://stuff.com/endpoints/metadata.php\n' ' http://idp.example.com/\n' ' \n' ) self.assertIn(expectedFragment, auth.get_last_request_xml()) request = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request.xml')) message = OneLogin_Saml2_Utils.deflate_and_base64_encode(request) message_wrapper = {'get_data': {'SAMLRequest': message}} auth = OneLogin_Saml2_Auth(message_wrapper, old_settings=settings) auth.process_slo() self.assertEqual(request, auth.get_last_request_xml()) def testGetLastLogoutResponse(self): settings = self.loadSettingsJSON() request = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request.xml')) message = OneLogin_Saml2_Utils.deflate_and_base64_encode(request) message_wrapper = {'get_data': {'SAMLRequest': message}} auth = OneLogin_Saml2_Auth(message_wrapper, old_settings=settings) auth.process_slo() expectedFragment = ( ' Destination="http://idp.example.com/SingleLogoutService.php"\n' ' InResponseTo="ONELOGIN_21584ccdfaca36a145ae990442dcd96bfe60151e">\n' ' http://stuff.com/endpoints/metadata.php\n' ' \n' ' \n' ' \n' '' ) self.assertIn(expectedFragment, auth.get_last_response_xml()) response = self.file_contents(join(self.data_path, 'logout_responses', 'logout_response.xml')) message = OneLogin_Saml2_Utils.deflate_and_base64_encode(response) message_wrapper = {'get_data': {'SAMLResponse': message}} auth = OneLogin_Saml2_Auth(message_wrapper, old_settings=settings) auth.process_slo() self.assertEqual(response, auth.get_last_response_xml()) def testGetInfoFromLastResponseReceived(self): """ Tests the get_last_message_id, get_last_assertion_id and get_last_assertion_not_on_or_after of the OneLogin_Saml2_Auth class """ settings = self.loadSettingsJSON() request_data = self.get_request() message = self.file_contents(join(self.data_path, 'responses', 'valid_response.xml.base64')) del request_data['get_data'] request_data['post_data'] = { 'SAMLResponse': message } auth = OneLogin_Saml2_Auth(request_data, old_settings=settings) auth.process_response() self.assertEqual(auth.get_last_message_id(), 'pfx42be40bf-39c3-77f0-c6ae-8bf2e23a1a2e') self.assertEqual(auth.get_last_assertion_id(), 'pfx57dfda60-b211-4cda-0f63-6d5deb69e5bb') self.assertIsNone(auth.get_last_assertion_not_on_or_after()) # NotOnOrAfter is only calculated with strict = true # If invalid, response id and assertion id are not obtained settings['strict'] = True auth = OneLogin_Saml2_Auth(request_data, old_settings=settings) auth.process_response() self.assertNotEqual(len(auth.get_errors()), 0) self.assertIsNone(auth.get_last_message_id()) self.assertIsNone(auth.get_last_assertion_id()) self.assertIsNone(auth.get_last_assertion_not_on_or_after()) request_data['https'] = 'on' request_data['http_host'] = 'pitbulk.no-ip.org' request_data['script_name'] = '/newonelogin/demo1/index.php?acs' auth = OneLogin_Saml2_Auth(request_data, old_settings=settings) auth.process_response() self.assertEqual(len(auth.get_errors()), 0) self.assertEqual(auth.get_last_message_id(), 'pfx42be40bf-39c3-77f0-c6ae-8bf2e23a1a2e') self.assertEqual(auth.get_last_assertion_id(), 'pfx57dfda60-b211-4cda-0f63-6d5deb69e5bb') self.assertEqual(auth.get_last_assertion_not_on_or_after(), 2671081021) def testGetIdFromLogoutRequest(self): """ Tests the get_last_message_id of the OneLogin_Saml2_Auth class Case Valid Logout request """ settings = self.loadSettingsJSON() request = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request.xml')) message = OneLogin_Saml2_Utils.deflate_and_base64_encode(request) message_wrapper = {'get_data': {'SAMLRequest': message}} auth = OneLogin_Saml2_Auth(message_wrapper, old_settings=settings) auth.process_slo() self.assertIn(auth.get_last_message_id(), 'ONELOGIN_21584ccdfaca36a145ae990442dcd96bfe60151e') def testGetIdFromLogoutResponse(self): """ Tests the get_last_message_id of the OneLogin_Saml2_Auth class Case Valid Logout response """ settings = self.loadSettingsJSON() response = self.file_contents(join(self.data_path, 'logout_responses', 'logout_response.xml')) message = OneLogin_Saml2_Utils.deflate_and_base64_encode(response) message_wrapper = {'get_data': {'SAMLResponse': message}} auth = OneLogin_Saml2_Auth(message_wrapper, old_settings=settings) auth.process_slo() self.assertIn(auth.get_last_message_id(), '_f9ee61bd9dbf63606faa9ae3b10548d5b3656fb859') python3-saml-1.12.0/tests/src/OneLogin/saml2_tests/authn_request_test.py000066400000000000000000000447321410551756100263530ustar00rootroot00000000000000# -*- coding: utf-8 -*- # Copyright (c) 2010-2021 OneLogin, Inc. # MIT License import json from os.path import dirname, join, exists import unittest from onelogin.saml2 import compat from onelogin.saml2.authn_request import OneLogin_Saml2_Authn_Request from onelogin.saml2.constants import OneLogin_Saml2_Constants from onelogin.saml2.settings import OneLogin_Saml2_Settings from onelogin.saml2.utils import OneLogin_Saml2_Utils from onelogin.saml2.xml_utils import OneLogin_Saml2_XML try: from urllib.parse import urlparse, parse_qs except ImportError: from urlparse import urlparse, parse_qs class OneLogin_Saml2_Authn_Request_Test(unittest.TestCase): settings_path = join(dirname(dirname(dirname(dirname(__file__)))), 'settings') # assertRegexpMatches deprecated on python3 def assertRegex(self, text, regexp, msg=None): if hasattr(unittest.TestCase, 'assertRegex'): return super(OneLogin_Saml2_Authn_Request_Test, self).assertRegex(text, regexp, msg) else: return self.assertRegexpMatches(text, regexp, msg) def loadSettingsJSON(self, name='settings1.json'): filename = join(self.settings_path, name) if exists(filename): stream = open(filename, 'r') settings = json.load(stream) stream.close() return settings else: raise Exception('Settings json file does not exist') def setUp(self): self.__settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) def testCreateRequest(self): """ Tests the OneLogin_Saml2_Authn_Request Constructor. The creation of a deflated SAML Request """ saml_settings = self.loadSettingsJSON() settings = OneLogin_Saml2_Settings(saml_settings) settings._OneLogin_Saml2_Settings__organization = { u'en-US': { u'url': u'http://sp.example.com', u'name': u'sp_test' } } authn_request = OneLogin_Saml2_Authn_Request(settings) authn_request_encoded = authn_request.get_request() inflated = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(authn_request_encoded)) self.assertRegex(inflated, '^', inflated) authn_request_2 = OneLogin_Saml2_Authn_Request(settings, name_id_value_req='testuser@example.com') authn_request_encoded_2 = authn_request_2.get_request() inflated_2 = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(authn_request_encoded_2)) self.assertRegex(inflated_2, '^', inflated_2) self.assertIn('Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">testuser@example.com', inflated_2) self.assertIn('', inflated_2) saml_settings['sp']['NameIDFormat'] = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress' settings = OneLogin_Saml2_Settings(saml_settings) authn_request_3 = OneLogin_Saml2_Authn_Request(settings, name_id_value_req='testuser@example.com') authn_request_encoded_3 = authn_request_3.get_request() inflated_3 = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(authn_request_encoded_3)) self.assertRegex(inflated_3, '^', inflated_3) self.assertIn('Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">testuser@example.com', inflated_3) self.assertIn('', inflated_3) def testCreateDeflatedSAMLRequestURLParameter(self): """ Tests the OneLogin_Saml2_Authn_Request Constructor. The creation of a deflated SAML Request """ authn_request = OneLogin_Saml2_Authn_Request(self.__settings) parameters = { 'SAMLRequest': authn_request.get_request() } auth_url = OneLogin_Saml2_Utils.redirect('http://idp.example.com/SSOService.php', parameters, True) self.assertRegex(auth_url, r'^http://idp\.example\.com\/SSOService\.php\?SAMLRequest=') exploded = urlparse(auth_url) exploded = parse_qs(exploded[4]) payload = exploded['SAMLRequest'][0] inflated = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(payload)) self.assertRegex(inflated, '^') self.assertRegex(inflated, 'http://stuff.com/endpoints/metadata.php') self.assertRegex(inflated, 'Format="urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted"') self.assertRegex(inflated, 'ProviderName="SP prueba"') def testGetID(self): """ Tests the get_id method of the OneLogin_Saml2_Authn_Request. """ saml_settings = self.loadSettingsJSON() settings = OneLogin_Saml2_Settings(saml_settings) authn_request = OneLogin_Saml2_Authn_Request(settings) authn_request_encoded = authn_request.get_request() inflated = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(authn_request_encoded)) document = OneLogin_Saml2_XML.to_etree(inflated) self.assertEqual(authn_request.get_id(), document.get('ID', None)) def testAttributeConsumingService(self): """ Tests that the attributeConsumingServiceIndex is present as an attribute """ saml_settings = self.loadSettingsJSON() settings = OneLogin_Saml2_Settings(saml_settings) authn_request = OneLogin_Saml2_Authn_Request(settings) authn_request_encoded = authn_request.get_request() inflated = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(authn_request_encoded)) self.assertNotIn('AttributeConsumingServiceIndex="1"', inflated) saml_settings = self.loadSettingsJSON('settings4.json') settings = OneLogin_Saml2_Settings(saml_settings) authn_request = OneLogin_Saml2_Authn_Request(settings) authn_request_encoded = authn_request.get_request() inflated = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(authn_request_encoded)) self.assertRegex(inflated, 'AttributeConsumingServiceIndex="1"') python3-saml-1.12.0/tests/src/OneLogin/saml2_tests/error_test.py000066400000000000000000000006101410551756100246000ustar00rootroot00000000000000# -*- coding: utf-8 -*- # Copyright (c) 2010-2021 OneLogin, Inc. # MIT License import unittest from onelogin.saml2.errors import OneLogin_Saml2_Error class OneLogin_Saml2_Error_Test(unittest.TestCase): """ Tests the OneLogin_Saml2_Error Constructor. """ def runTest(self): exception = OneLogin_Saml2_Error('test') self.assertEqual(str(exception), 'test') python3-saml-1.12.0/tests/src/OneLogin/saml2_tests/idp_metadata_parser_test.py000066400000000000000000001427131410551756100274520ustar00rootroot00000000000000# -*- coding: utf-8 -*- # Copyright (c) 2010-2021 OneLogin, Inc. # MIT License try: from urllib.error import URLError except ImportError: from urllib2 import URLError from copy import deepcopy import json from os.path import dirname, join, exists from lxml.etree import XMLSyntaxError import unittest from onelogin.saml2.idp_metadata_parser import OneLogin_Saml2_IdPMetadataParser from onelogin.saml2.constants import OneLogin_Saml2_Constants class OneLogin_Saml2_IdPMetadataParser_Test(unittest.TestCase): # Instruct unittest to not hide diffs upon test failure, even for complex # dictionaries. This prevents the message "Diff is 907 characters long. # Set self.maxDiff to None to see it." from showing up. maxDiff = None data_path = join(dirname(dirname(dirname(dirname(__file__)))), 'data') settings_path = join(dirname(dirname(dirname(dirname(__file__)))), 'settings') def loadSettingsJSON(self, filename='settings1.json'): filename = join(self.settings_path, filename) if exists(filename): stream = open(filename, 'r') settings = json.load(stream) stream.close() return settings else: raise Exception('Settings json file does not exist') def file_contents(self, filename): f = open(filename, 'r') content = f.read() f.close() return content def testGetMetadata(self): """ Tests the get_metadata method of the OneLogin_Saml2_IdPMetadataParser """ with self.assertRaises(Exception): data = OneLogin_Saml2_IdPMetadataParser.get_metadata('http://google.es') try: data = OneLogin_Saml2_IdPMetadataParser.get_metadata('https://idp.testshib.org/idp/shibboleth') self.assertTrue(data is not None and data is not {}) except URLError: pass def testParseRemote(self): """ Tests the parse_remote method of the OneLogin_Saml2_IdPMetadataParser """ with self.assertRaises(Exception): data = OneLogin_Saml2_IdPMetadataParser.parse_remote('http://google.es') try: data = OneLogin_Saml2_IdPMetadataParser.parse_remote('https://idp.testshib.org/idp/shibboleth') except URLError: xml = self.file_contents(join(self.data_path, 'metadata', 'testshib-providers.xml')) data = OneLogin_Saml2_IdPMetadataParser.parse(xml) self.assertTrue(data is not None and data is not {}) expected_settings_json = """ { "sp": { "NameIDFormat": "urn:mace:shibboleth:1.0:nameIdentifier" }, "idp": { "entityId": "https://idp.testshib.org/idp/shibboleth", "x509cert": "MIIDAzCCAeugAwIBAgIVAPX0G6LuoXnKS0Muei006mVSBXbvMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAMMEGlkcC50ZXN0c2hpYi5vcmcwHhcNMTYwODIzMjEyMDU0WhcNMzYwODIzMjEyMDU0WjAbMRkwFwYDVQQDDBBpZHAudGVzdHNoaWIub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9C4J2DiRTEhJAWzPt1S3ryhm3M2P3hPpwJwvt2q948vdTUxhhvNMuc3M3S4WNh6JYBs53R+YmjqJAII4ShMGNEmlGnSVfHorex7IxikpuDPKV3SNf28mCAZbQrX+hWA+ann/uifVzqXktOjs6DdzdBnxoVhniXgC8WCJwKcx6JO/hHsH1rG/0DSDeZFpTTcZHj4S9MlLNUtt5JxRzV/MmmB3ObaX0CMqsSWUOQeE4nylSlp5RWHCnx70cs9kwz5WrflnbnzCeHU2sdbNotBEeTHot6a2cj/pXlRJIgPsrL/4VSicPZcGYMJMPoLTJ8mdy6mpR6nbCmP7dVbCIm/DQIDAQABoz4wPDAdBgNVHQ4EFgQUUfaDa2mPi24x09yWp1OFXmZ2GPswGwYDVR0RBBQwEoIQaWRwLnRlc3RzaGliLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEASKKgqTxhqBzROZ1eVy++si+eTTUQZU4+8UywSKLia2RattaAPMAcXUjO+3cYOQXLVASdlJtt+8QPdRkfp8SiJemHPXC8BES83pogJPYEGJsKo19l4XFJHPnPy+Dsn3mlJyOfAa8RyWBS80u5lrvAcr2TJXt9fXgkYs7BOCigxtZoR8flceGRlAZ4p5FPPxQR6NDYb645jtOTMVr3zgfjP6Wh2dt+2p04LG7ENJn8/gEwtXVuXCsPoSCDx9Y0QmyXTJNdV1aB0AhORkWPlFYwp+zOyOIR+3m1+pqWFpn0eT/HrxpdKa74FA3R2kq4R7dXe4G0kUgXTdqXMLRKhDgdmA==", "singleSignOnService": { "url": "https://idp.testshib.org/idp/profile/SAML2/Redirect/SSO", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" } } } """ expected_settings = json.loads(expected_settings_json) self.assertEqual(expected_settings, data) def testParse(self): """ Tests the parse method of the OneLogin_Saml2_IdPMetadataParser """ with self.assertRaises(XMLSyntaxError): data = OneLogin_Saml2_IdPMetadataParser.parse('') xml_sp_metadata = self.file_contents(join(self.data_path, 'metadata', 'metadata_settings1.xml')) data = OneLogin_Saml2_IdPMetadataParser.parse(xml_sp_metadata) self.assertEqual({}, data) xml_idp_metadata = self.file_contents(join(self.data_path, 'metadata', 'idp_metadata.xml')) data = OneLogin_Saml2_IdPMetadataParser.parse(xml_idp_metadata) # W/o further specification, expect to get the redirect binding SSO # URL extracted. expected_settings_json = """ { "idp": { "singleSignOnService": { "url": "https://app.onelogin.com/trust/saml2/http-post/sso/383123", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" }, "x509cert": "MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UEBwwMU2FudGEgTW9uaWNhMREwDwYDVQQKDAhPbmVMb2dpbjEZMBcGA1UEAwwQYXBwLm9uZWxvZ2luLmNvbTAeFw0xMzA2MDUxNzE2MjBaFw0xODA2MDUxNzE2MjBaMGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRUwEwYDVQQHDAxTYW50YSBNb25pY2ExETAPBgNVBAoMCE9uZUxvZ2luMRkwFwYDVQQDDBBhcHAub25lbG9naW4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAse8rnep4qL2GmhH10pMQyJ2Jae+AQHyfgVjaQZ7Z0QQog5jX91vcJRSMi0XWJnUtOr6lF0dq1+yckjZ92wyLrH+7fvngNO1aV4Mjk9sTgf+iqMrae6y6fRxDt9PXrEFVjvd3vv7QTJf2FuIPy4vVP06Dt8EMkQIr8rmLmU0mTr1k2DkrdtdlCuNFTXuAu3QqfvNCRrRwfNObn9MP6JeOUdcGLJsBjGF8exfcN1SFzRF0JFr3dmOlx761zK5liD0T1sYWnDquatj/JD9fZMbKecBKni1NglH/LVd+b6aJUAr5LulERULUjLqYJRKW31u91/4Qazdo9tbvwqyFxaoUrwIDAQABo4HUMIHRMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFPWcXvQSlTXnzZD2xziuoUvrrDedMIGRBgNVHSMEgYkwgYaAFPWcXvQSlTXnzZD2xziuoUvrrDedoWukaTBnMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UEBwwMU2FudGEgTW9uaWNhMREwDwYDVQQKDAhPbmVMb2dpbjEZMBcGA1UEAwwQYXBwLm9uZWxvZ2luLmNvbYIBATAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADggEBAB/8xe3rzqXQVxzHyAHuAuPa73ClDoL1cko0Fp8CGcqEIyj6Te9gx5z6wyfv+Lo8RFvBLlnB1lXqbC+fTGcVgG/4oKLJ5UwRFxInqpZPnOAudVNnd0PYOODn9FWs6u+OTIQIaIcPUv3MhB9lwHIJsTk/bs9xcru5TPyLIxLLd6ib/pRceKH2mTkzUd0DYk9CQNXXeoGx/du5B9nh3ClPTbVakRzl3oswgI5MQIphYxkW70SopEh4kOFSRE1ND31NNIq1YrXlgtkguQBFsZWuQOPR6cEwFZzP0tHTYbI839WgxX6hfhIUTUz6mLqq4+3P4BG3+1OXeVDg63y8Uh781sE=", "entityId": "https://app.onelogin.com/saml/metadata/383123" }, "sp": { "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" } } """ expected_settings = json.loads(expected_settings_json) self.assertEqual(expected_settings, data) def test_parse_testshib_required_binding_sso_redirect(self): """ Test with testshib metadata. Especially test extracting SSO with REDIRECT binding. Note that the testshib metadata does not contain an SLO specification in the first tag. """ expected_settings_json = """ { "sp": { "NameIDFormat": "urn:mace:shibboleth:1.0:nameIdentifier" }, "idp": { "entityId": "https://idp.testshib.org/idp/shibboleth", "x509cert": "MIIDAzCCAeugAwIBAgIVAPX0G6LuoXnKS0Muei006mVSBXbvMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAMMEGlkcC50ZXN0c2hpYi5vcmcwHhcNMTYwODIzMjEyMDU0WhcNMzYwODIzMjEyMDU0WjAbMRkwFwYDVQQDDBBpZHAudGVzdHNoaWIub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9C4J2DiRTEhJAWzPt1S3ryhm3M2P3hPpwJwvt2q948vdTUxhhvNMuc3M3S4WNh6JYBs53R+YmjqJAII4ShMGNEmlGnSVfHorex7IxikpuDPKV3SNf28mCAZbQrX+hWA+ann/uifVzqXktOjs6DdzdBnxoVhniXgC8WCJwKcx6JO/hHsH1rG/0DSDeZFpTTcZHj4S9MlLNUtt5JxRzV/MmmB3ObaX0CMqsSWUOQeE4nylSlp5RWHCnx70cs9kwz5WrflnbnzCeHU2sdbNotBEeTHot6a2cj/pXlRJIgPsrL/4VSicPZcGYMJMPoLTJ8mdy6mpR6nbCmP7dVbCIm/DQIDAQABoz4wPDAdBgNVHQ4EFgQUUfaDa2mPi24x09yWp1OFXmZ2GPswGwYDVR0RBBQwEoIQaWRwLnRlc3RzaGliLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEASKKgqTxhqBzROZ1eVy++si+eTTUQZU4+8UywSKLia2RattaAPMAcXUjO+3cYOQXLVASdlJtt+8QPdRkfp8SiJemHPXC8BES83pogJPYEGJsKo19l4XFJHPnPy+Dsn3mlJyOfAa8RyWBS80u5lrvAcr2TJXt9fXgkYs7BOCigxtZoR8flceGRlAZ4p5FPPxQR6NDYb645jtOTMVr3zgfjP6Wh2dt+2p04LG7ENJn8/gEwtXVuXCsPoSCDx9Y0QmyXTJNdV1aB0AhORkWPlFYwp+zOyOIR+3m1+pqWFpn0eT/HrxpdKa74FA3R2kq4R7dXe4G0kUgXTdqXMLRKhDgdmA==", "singleSignOnService": { "url": "https://idp.testshib.org/idp/profile/SAML2/Redirect/SSO", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" } } } """ try: xmldoc = OneLogin_Saml2_IdPMetadataParser.get_metadata( 'https://idp.testshib.org/idp/shibboleth') except URLError: xmldoc = self.file_contents(join(self.data_path, 'metadata', 'testshib-providers.xml')) # Parse, require SSO REDIRECT binding, implicitly. settings1 = OneLogin_Saml2_IdPMetadataParser.parse(xmldoc) # Parse, require SSO REDIRECT binding, explicitly. settings2 = OneLogin_Saml2_IdPMetadataParser.parse( xmldoc, required_sso_binding=OneLogin_Saml2_Constants.BINDING_HTTP_REDIRECT ) expected_settings = json.loads(expected_settings_json) self.assertEqual(expected_settings, settings1) self.assertEqual(expected_settings, settings2) def test_parse_testshib_required_binding_sso_post(self): """ Test with testshib metadata. Especially test extracting SSO with POST binding. """ expected_settings_json = """ { "sp": { "NameIDFormat": "urn:mace:shibboleth:1.0:nameIdentifier" }, "idp": { "entityId": "https://idp.testshib.org/idp/shibboleth", "x509cert": "MIIDAzCCAeugAwIBAgIVAPX0G6LuoXnKS0Muei006mVSBXbvMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAMMEGlkcC50ZXN0c2hpYi5vcmcwHhcNMTYwODIzMjEyMDU0WhcNMzYwODIzMjEyMDU0WjAbMRkwFwYDVQQDDBBpZHAudGVzdHNoaWIub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9C4J2DiRTEhJAWzPt1S3ryhm3M2P3hPpwJwvt2q948vdTUxhhvNMuc3M3S4WNh6JYBs53R+YmjqJAII4ShMGNEmlGnSVfHorex7IxikpuDPKV3SNf28mCAZbQrX+hWA+ann/uifVzqXktOjs6DdzdBnxoVhniXgC8WCJwKcx6JO/hHsH1rG/0DSDeZFpTTcZHj4S9MlLNUtt5JxRzV/MmmB3ObaX0CMqsSWUOQeE4nylSlp5RWHCnx70cs9kwz5WrflnbnzCeHU2sdbNotBEeTHot6a2cj/pXlRJIgPsrL/4VSicPZcGYMJMPoLTJ8mdy6mpR6nbCmP7dVbCIm/DQIDAQABoz4wPDAdBgNVHQ4EFgQUUfaDa2mPi24x09yWp1OFXmZ2GPswGwYDVR0RBBQwEoIQaWRwLnRlc3RzaGliLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEASKKgqTxhqBzROZ1eVy++si+eTTUQZU4+8UywSKLia2RattaAPMAcXUjO+3cYOQXLVASdlJtt+8QPdRkfp8SiJemHPXC8BES83pogJPYEGJsKo19l4XFJHPnPy+Dsn3mlJyOfAa8RyWBS80u5lrvAcr2TJXt9fXgkYs7BOCigxtZoR8flceGRlAZ4p5FPPxQR6NDYb645jtOTMVr3zgfjP6Wh2dt+2p04LG7ENJn8/gEwtXVuXCsPoSCDx9Y0QmyXTJNdV1aB0AhORkWPlFYwp+zOyOIR+3m1+pqWFpn0eT/HrxpdKa74FA3R2kq4R7dXe4G0kUgXTdqXMLRKhDgdmA==", "singleSignOnService": { "url": "https://idp.testshib.org/idp/profile/SAML2/POST/SSO", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" } } } """ try: xmldoc = OneLogin_Saml2_IdPMetadataParser.get_metadata( 'https://idp.testshib.org/idp/shibboleth') except URLError: xmldoc = self.file_contents(join(self.data_path, 'metadata', 'testshib-providers.xml')) # Parse, require POST binding. settings = OneLogin_Saml2_IdPMetadataParser.parse( xmldoc, required_sso_binding=OneLogin_Saml2_Constants.BINDING_HTTP_POST ) expected_settings = json.loads(expected_settings_json) self.assertEqual(expected_settings, settings) def test_parse_required_binding_all(self): """ Test all combinations of the `require_slo_binding` and `require_sso_binding` parameters. Note: IdP metadata contains a single logout (SLO) service and does not specify any endpoint for the POST binding. """ expected_settings_json = """ { "sp": { "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" }, "idp": { "entityId": "urn:example:idp", "x509cert": "MIIDPDCCAiQCCQDydJgOlszqbzANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEQMA4GA1UEChMHSmFua3lDbzESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTE0MDMxMjE5NDYzM1oXDTI3MTExOTE5NDYzM1owYDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xEDAOBgNVBAoTB0phbmt5Q28xEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMGvJpRTTasRUSPqcbqCG+ZnTAurnu0vVpIG9lzExnh11o/BGmzu7lB+yLHcEdwrKBBmpepDBPCYxpVajvuEhZdKFx/Fdy6j5mH3rrW0Bh/zd36CoUNjbbhHyTjeM7FN2yF3u9lcyubuvOzr3B3gX66IwJlU46+wzcQVhSOlMk2tXR+fIKQExFrOuK9tbX3JIBUqItpI+HnAow509CnM134svw8PTFLkR6/CcMqnDfDK1m993PyoC1Y+N4X9XkhSmEQoAlAHPI5LHrvuujM13nvtoVYvKYoj7ScgumkpWNEvX652LfXOnKYlkB8ZybuxmFfIkzedQrbJsyOhfL03cMECAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAeHwzqwnzGEkxjzSD47imXaTqtYyETZow7XwBc0ZaFS50qRFJUgKTAmKS1xQBP/qHpStsROT35DUxJAE6NY1Kbq3ZbCuhGoSlY0L7VzVT5tpu4EY8+Dq/u2EjRmmhoL7UkskvIZ2n1DdERtd+YUMTeqYl9co43csZwDno/IKomeN5qaPc39IZjikJ+nUC6kPFKeu/3j9rgHNlRtocI6S1FdtFz9OZMQlpr0JbUt2T3xS/YoQJn6coDmJL5GTiiKM6cOe+Ur1VwzS1JEDbSS2TWWhzq8ojLdrotYLGd9JOsoQhElmz+tMfCFQUFLExinPAyy7YHlSiVX13QH2XTu/iQQ==", "singleSignOnService": { "url": "http://idp.example.com", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" }, "singleLogoutService": { "url": "http://idp.example.com/logout", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" } } } """ xmldoc = self.file_contents(join(self.data_path, 'metadata', 'idp_metadata2.xml')) expected_settings = json.loads(expected_settings_json) # Parse, require SLO and SSO REDIRECT binding, implicitly. settings1 = OneLogin_Saml2_IdPMetadataParser.parse(xmldoc) # Parse, require SLO and SSO REDIRECT binding, explicitly. settings2 = OneLogin_Saml2_IdPMetadataParser.parse( xmldoc, required_sso_binding=OneLogin_Saml2_Constants.BINDING_HTTP_REDIRECT, required_slo_binding=OneLogin_Saml2_Constants.BINDING_HTTP_REDIRECT ) expected_settings1_2 = deepcopy(expected_settings) self.assertEqual(expected_settings1_2, settings1) self.assertEqual(expected_settings1_2, settings2) settings3 = OneLogin_Saml2_IdPMetadataParser.parse( xmldoc, required_sso_binding=OneLogin_Saml2_Constants.BINDING_HTTP_POST, required_slo_binding=OneLogin_Saml2_Constants.BINDING_HTTP_POST ) expected_settings3 = deepcopy(expected_settings) del expected_settings3['idp']['singleLogoutService'] del expected_settings3['idp']['singleSignOnService'] self.assertEqual(expected_settings3, settings3) settings4 = OneLogin_Saml2_IdPMetadataParser.parse( xmldoc, required_sso_binding=OneLogin_Saml2_Constants.BINDING_HTTP_POST, required_slo_binding=OneLogin_Saml2_Constants.BINDING_HTTP_REDIRECT ) settings5 = OneLogin_Saml2_IdPMetadataParser.parse( xmldoc, required_sso_binding=OneLogin_Saml2_Constants.BINDING_HTTP_POST ) expected_settings4_5 = deepcopy(expected_settings) del expected_settings4_5['idp']['singleSignOnService'] self.assertEqual(expected_settings4_5, settings4) self.assertEqual(expected_settings4_5, settings5) settings6 = OneLogin_Saml2_IdPMetadataParser.parse( xmldoc, required_sso_binding=OneLogin_Saml2_Constants.BINDING_HTTP_REDIRECT, required_slo_binding=OneLogin_Saml2_Constants.BINDING_HTTP_POST ) settings7 = OneLogin_Saml2_IdPMetadataParser.parse( xmldoc, required_slo_binding=OneLogin_Saml2_Constants.BINDING_HTTP_POST ) expected_settings6_7 = deepcopy(expected_settings) del expected_settings6_7['idp']['singleLogoutService'] self.assertEqual(expected_settings6_7, settings6) self.assertEqual(expected_settings6_7, settings7) def test_parse_with_entity_id(self): """ Tests the parse method of the OneLogin_Saml2_IdPMetadataParser Case: Provide entity_id to identify the desired IdPDescriptor from EntitiesDescriptor """ xml_idp_metadata = self.file_contents(join(self.data_path, 'metadata', 'idp_multiple_descriptors.xml')) # should find first descriptor data = OneLogin_Saml2_IdPMetadataParser.parse(xml_idp_metadata) self.assertEqual("https://foo.example.com/access/saml/idp.xml", data["idp"]["entityId"]) # should find desired descriptor data2 = OneLogin_Saml2_IdPMetadataParser.parse(xml_idp_metadata, entity_id="https://bar.example.com/access/saml/idp.xml") self.assertEqual("https://bar.example.com/access/saml/idp.xml", data2["idp"]["entityId"]) expected_settings_json = """ { "sp": { "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" }, "idp": { "singleLogoutService": { "url": "https://hello.example.com/access/saml/logout", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" }, "entityId": "https://bar.example.com/access/saml/idp.xml", "x509cert": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURxekNDQXhTZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBRENCaGpFTE1Ba0dBMVVFQmhNQ1FWVXgKRERBS0JnTlZCQWdUQTA1VFZ6RVBNQTBHQTFVRUJ4TUdVM2xrYm1WNU1Rd3dDZ1lEVlFRS0RBTlFTVlF4Q1RBSApCZ05WQkFzTUFERVlNQllHQTFVRUF3d1BiR0YzY21WdVkyVndhWFF1WTI5dE1TVXdJd1lKS29aSWh2Y05BUWtCCkRCWnNZWGR5Wlc1alpTNXdhWFJBWjIxaGFXd3VZMjl0TUI0WERURXlNRFF4T1RJeU5UUXhPRm9YRFRNeU1EUXgKTkRJeU5UUXhPRm93Z1lZeEN6QUpCZ05WQkFZVEFrRlZNUXd3Q2dZRFZRUUlFd05PVTFjeER6QU5CZ05WQkFjVApCbE41Wkc1bGVURU1NQW9HQTFVRUNnd0RVRWxVTVFrd0J3WURWUVFMREFBeEdEQVdCZ05WQkFNTUQyeGhkM0psCmJtTmxjR2wwTG1OdmJURWxNQ01HQ1NxR1NJYjNEUUVKQVF3V2JHRjNjbVZ1WTJVdWNHbDBRR2R0WVdsc0xtTnYKYlRDQm56QU5CZ2txaGtpRzl3MEJBUUVGQUFPQmpRQXdnWWtDZ1lFQXFqaWUzUjJvaStwRGFldndJeXMvbWJVVApubkdsa3h0ZGlrcnExMXZleHd4SmlQTmhtaHFSVzNtVXVKRXpsbElkVkw2RW14R1lUcXBxZjkzSGxoa3NhZUowCjhVZ2pQOVVtTVlyaFZKdTFqY0ZXVjdmei9yKzIxL2F3VG5EVjlzTVlRcXVJUllZeTdiRzByMU9iaXdkb3ZudGsKN2dGSTA2WjB2WmFjREU1Ym9xVUNBd0VBQWFPQ0FTVXdnZ0VoTUFrR0ExVWRFd1FDTUFBd0N3WURWUjBQQkFRRApBZ1VnTUIwR0ExVWREZ1FXQkJTUk9OOEdKOG8rOGpnRnRqa3R3WmRxeDZCUnlUQVRCZ05WSFNVRUREQUtCZ2dyCkJnRUZCUWNEQVRBZEJnbGdoa2dCaHZoQ0FRMEVFQllPVkdWemRDQllOVEE1SUdObGNuUXdnYk1HQTFVZEl3U0IKcXpDQnFJQVVrVGpmQmlmS1B2STRCYlk1TGNHWGFzZWdVY21oZ1l5a2dZa3dnWVl4Q3pBSkJnTlZCQVlUQWtGVgpNUXd3Q2dZRFZRUUlFd05PVTFjeER6QU5CZ05WQkFjVEJsTjVaRzVsZVRFTU1Bb0dBMVVFQ2d3RFVFbFVNUWt3CkJ3WURWUVFMREFBeEdEQVdCZ05WQkFNTUQyeGhkM0psYm1ObGNHbDBMbU52YlRFbE1DTUdDU3FHU0liM0RRRUoKQVF3V2JHRjNjbVZ1WTJVdWNHbDBRR2R0WVdsc0xtTnZiWUlCQVRBTkJna3Foa2lHOXcwQkFRc0ZBQU9CZ1FDRQpUQWVKVERTQVc2ejFVRlRWN1FyZWg0VUxGT1JhajkrZUN1RjNLV0RIYyswSVFDajlyZG5ERzRRL3dmNy9yYVEwCkpuUFFDU0NkclBMSmV5b1BIN1FhVHdvYUY3ZHpWdzRMQ3N5TkpURld4NGNNNTBWdzZSNWZET2dpQzhic2ZmUzgKQkptb3VscnJaRE5OVmpHOG1XNmNMeHJZdlZRT3JSVmVjQ0ZJZ3NzQ2JBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=", "singleSignOnService": { "url": "https://hello.example.com/access/saml/login", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" } } } """ expected_settings = json.loads(expected_settings_json) self.assertEqual(expected_settings, data2) def test_parse_multi_certs(self): """ Tests the parse method of the OneLogin_Saml2_IdPMetadataParser Case: IdP metadata contains multiple certs """ xml_idp_metadata = self.file_contents(join(self.data_path, 'metadata', 'idp_metadata_multi_certs.xml')) data = OneLogin_Saml2_IdPMetadataParser.parse(xml_idp_metadata) expected_settings_json = """ { "sp": { "NameIDFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:transient" }, "idp": { "singleLogoutService": { "url": "https://idp.examle.com/saml/slo", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" }, "x509certMulti": { "encryption": [ "MIIEZTCCA02gAwIBAgIUPyy/A3bZAZ4m28PzEUUoT7RJhxIwDQYJKoZIhvcNAQEFBQAwcjELMAkGA1UEBhMCVVMxKzApBgNVBAoMIk9uZUxvZ2luIFRlc3QgKHNnYXJjaWEtdXMtcHJlcHJvZCkxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEfMB0GA1UEAwwWT25lTG9naW4gQWNjb3VudCA4OTE0NjAeFw0xNjA4MDQyMjI5MzdaFw0yMTA4MDUyMjI5MzdaMHIxCzAJBgNVBAYTAlVTMSswKQYDVQQKDCJPbmVMb2dpbiBUZXN0IChzZ2FyY2lhLXVzLXByZXByb2QpMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxHzAdBgNVBAMMFk9uZUxvZ2luIEFjY291bnQgODkxNDYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN6iqQGcLOCglNO42I2rkzE05UXSiMXT6c8ALThMMiaDw6qqzo3sd/tKK+NcNKWLIIC8TozWVyh5ykUiVZps+08xil7VsTU7E+wKu3kvmOsvw2wlRwtnoKZJwYhnr+RkBa+h1r3ZYUgXm1ZPeHMKj1g18KaWz9+MxYL6BhKqrOzfW/P2xxVRcFH7/pq+ZsDdgNzD2GD+apzY4MZyZj/N6BpBWJ0GlFsmtBegpbX3LBitJuFkk5L4/U/jjF1AJa3boBdCUVfATqO5G03H4XS1GySjBIRQXmlUF52rLjg6xCgWJ30/+t1X+IHLJeixiQ0vxyh6C4/usCEt94cgD1r8ADAgMBAAGjgfIwge8wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUPW0DcH0G3IwynWgi74co4wZ6n7gwga8GA1UdIwSBpzCBpIAUPW0DcH0G3IwynWgi74co4wZ6n7ihdqR0MHIxCzAJBgNVBAYTAlVTMSswKQYDVQQKDCJPbmVMb2dpbiBUZXN0IChzZ2FyY2lhLXVzLXByZXByb2QpMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxHzAdBgNVBAMMFk9uZUxvZ2luIEFjY291bnQgODkxNDaCFD8svwN22QGeJtvD8xFFKE+0SYcSMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQUFAAOCAQEAQhB4q9jrycwbHrDSoYR1X4LFFzvJ9Us75wQquRHXpdyS9D6HUBXMGI6ahPicXCQrfLgN8vzMIiqZqfySXXv/8/dxe/X4UsWLYKYJHDJmxXD5EmWTa65chjkeP1oJAc8f3CKCpcP2lOBTthbnk2fEVAeLHR4xNdQO0VvGXWO9BliYPpkYqUIBvlm+Fg9mF7AM/Uagq2503XXIE1Lq//HON68P10vNMwLSKOtYLsoTiCnuIKGJqG37MsZVjQ1ZPRcO+LSLkq0i91gFxrOrVCrgztX4JQi5XkvEsYZGIXXjwHqxTVyt3adZWQO0LPxPqRiUqUzyhDhLo/xXNrHCu4VbMw==" ], "signing": [ "MIIEZTCCA02gAwIBAgIUPyy/A3bZAZ4m28PzEUUoT7RJhxIwDQYJKoZIhvcNAQEFBQAwcjELMAkGA1UEBhMCVVMxKzApBgNVBAoMIk9uZUxvZ2luIFRlc3QgKHNnYXJjaWEtdXMtcHJlcHJvZCkxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEfMB0GA1UEAwwWT25lTG9naW4gQWNjb3VudCA4OTE0NjAeFw0xNjA4MDQyMjI5MzdaFw0yMTA4MDUyMjI5MzdaMHIxCzAJBgNVBAYTAlVTMSswKQYDVQQKDCJPbmVMb2dpbiBUZXN0IChzZ2FyY2lhLXVzLXByZXByb2QpMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxHzAdBgNVBAMMFk9uZUxvZ2luIEFjY291bnQgODkxNDYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN6iqQGcLOCglNO42I2rkzE05UXSiMXT6c8ALThMMiaDw6qqzo3sd/tKK+NcNKWLIIC8TozWVyh5ykUiVZps+08xil7VsTU7E+wKu3kvmOsvw2wlRwtnoKZJwYhnr+RkBa+h1r3ZYUgXm1ZPeHMKj1g18KaWz9+MxYL6BhKqrOzfW/P2xxVRcFH7/pq+ZsDdgNzD2GD+apzY4MZyZj/N6BpBWJ0GlFsmtBegpbX3LBitJuFkk5L4/U/jjF1AJa3boBdCUVfATqO5G03H4XS1GySjBIRQXmlUF52rLjg6xCgWJ30/+t1X+IHLJeixiQ0vxyh6C4/usCEt94cgD1r8ADAgMBAAGjgfIwge8wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUPW0DcH0G3IwynWgi74co4wZ6n7gwga8GA1UdIwSBpzCBpIAUPW0DcH0G3IwynWgi74co4wZ6n7ihdqR0MHIxCzAJBgNVBAYTAlVTMSswKQYDVQQKDCJPbmVMb2dpbiBUZXN0IChzZ2FyY2lhLXVzLXByZXByb2QpMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxHzAdBgNVBAMMFk9uZUxvZ2luIEFjY291bnQgODkxNDaCFD8svwN22QGeJtvD8xFFKE+0SYcSMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQUFAAOCAQEAQhB4q9jrycwbHrDSoYR1X4LFFzvJ9Us75wQquRHXpdyS9D6HUBXMGI6ahPicXCQrfLgN8vzMIiqZqfySXXv/8/dxe/X4UsWLYKYJHDJmxXD5EmWTa65chjkeP1oJAc8f3CKCpcP2lOBTthbnk2fEVAeLHR4xNdQO0VvGXWO9BliYPpkYqUIBvlm+Fg9mF7AM/Uagq2503XXIE1Lq//HON68P10vNMwLSKOtYLsoTiCnuIKGJqG37MsZVjQ1ZPRcO+LSLkq0i91gFxrOrVCrgztX4JQi5XkvEsYZGIXXjwHqxTVyt3adZWQO0LPxPqRiUqUzyhDhLo/xXNrHCu4VbMw==", "MIICZDCCAc2gAwIBAgIBADANBgkqhkiG9w0BAQ0FADBPMQswCQYDVQQGEwJ1czEUMBIGA1UECAwLZXhhbXBsZS5jb20xFDASBgNVBAoMC2V4YW1wbGUuY29tMRQwEgYDVQQDDAtleGFtcGxlLmNvbTAeFw0xNzA0MTUxNjMzMThaFw0xODA0MTUxNjMzMThaME8xCzAJBgNVBAYTAnVzMRQwEgYDVQQIDAtleGFtcGxlLmNvbTEUMBIGA1UECgwLZXhhbXBsZS5jb20xFDASBgNVBAMMC2V4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6GLkl5lDUZdHNDAojp5i24OoPlqrt5TGXJIPqAZYT1hQvJW5nv17MFDHrjmtEnmW4ACKEy0fAX80QWIcHunZSkbEGHb+NG/6oTi5RipXMvmHnfFnPJJ0AdtiLiPE478CV856gXekV4Xx5u3KrylcOgkpYsp0GMIQBDzleMUXlYQIDAQABo1AwTjAdBgNVHQ4EFgQUnP8vlYPGPL2n6ZzDYij2kMDC8wMwHwYDVR0jBBgwFoAUnP8vlYPGPL2n6ZzDYij2kMDC8wMwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOBgQAlQGAl+b8Cpot1g+65lLLjVoY7APJPWLW0klKQNlMU0s4MU+71Y3ExUEOXDAZgKcFoavb1fEOGMwEf38NaJAy1e/l6VNuixXShffq20ymqHQxOG0q8ujeNkgZF9k6XDfn/QZ3AD0o/IrCT7UMc/0QsfgIjWYxwCvp2syApc5CYfQ==" ] }, "entityId": "https://idp.examle.com/saml/metadata", "singleSignOnService": { "url": "https://idp.examle.com/saml/sso", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" } } } """ expected_settings = json.loads(expected_settings_json) self.assertEqual(expected_settings, data) def test_parse_multi_singing_certs(self): """ Tests the parse method of the OneLogin_Saml2_IdPMetadataParser Case: IdP metadata contains multiple signing certs and no encryption certs """ xml_idp_metadata = self.file_contents(join(self.data_path, 'metadata', 'idp_metadata_multi_signing_certs.xml')) data = OneLogin_Saml2_IdPMetadataParser.parse(xml_idp_metadata) expected_settings_json = """ { "sp": { "NameIDFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:transient" }, "idp": { "singleLogoutService": { "url": "https://idp.examle.com/saml/slo", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" }, "x509certMulti": { "signing": [ "MIIEZTCCA02gAwIBAgIUPyy/A3bZAZ4m28PzEUUoT7RJhxIwDQYJKoZIhvcNAQEFBQAwcjELMAkGA1UEBhMCVVMxKzApBgNVBAoMIk9uZUxvZ2luIFRlc3QgKHNnYXJjaWEtdXMtcHJlcHJvZCkxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEfMB0GA1UEAwwWT25lTG9naW4gQWNjb3VudCA4OTE0NjAeFw0xNjA4MDQyMjI5MzdaFw0yMTA4MDUyMjI5MzdaMHIxCzAJBgNVBAYTAlVTMSswKQYDVQQKDCJPbmVMb2dpbiBUZXN0IChzZ2FyY2lhLXVzLXByZXByb2QpMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxHzAdBgNVBAMMFk9uZUxvZ2luIEFjY291bnQgODkxNDYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN6iqQGcLOCglNO42I2rkzE05UXSiMXT6c8ALThMMiaDw6qqzo3sd/tKK+NcNKWLIIC8TozWVyh5ykUiVZps+08xil7VsTU7E+wKu3kvmOsvw2wlRwtnoKZJwYhnr+RkBa+h1r3ZYUgXm1ZPeHMKj1g18KaWz9+MxYL6BhKqrOzfW/P2xxVRcFH7/pq+ZsDdgNzD2GD+apzY4MZyZj/N6BpBWJ0GlFsmtBegpbX3LBitJuFkk5L4/U/jjF1AJa3boBdCUVfATqO5G03H4XS1GySjBIRQXmlUF52rLjg6xCgWJ30/+t1X+IHLJeixiQ0vxyh6C4/usCEt94cgD1r8ADAgMBAAGjgfIwge8wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUPW0DcH0G3IwynWgi74co4wZ6n7gwga8GA1UdIwSBpzCBpIAUPW0DcH0G3IwynWgi74co4wZ6n7ihdqR0MHIxCzAJBgNVBAYTAlVTMSswKQYDVQQKDCJPbmVMb2dpbiBUZXN0IChzZ2FyY2lhLXVzLXByZXByb2QpMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxHzAdBgNVBAMMFk9uZUxvZ2luIEFjY291bnQgODkxNDaCFD8svwN22QGeJtvD8xFFKE+0SYcSMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQUFAAOCAQEAQhB4q9jrycwbHrDSoYR1X4LFFzvJ9Us75wQquRHXpdyS9D6HUBXMGI6ahPicXCQrfLgN8vzMIiqZqfySXXv/8/dxe/X4UsWLYKYJHDJmxXD5EmWTa65chjkeP1oJAc8f3CKCpcP2lOBTthbnk2fEVAeLHR4xNdQO0VvGXWO9BliYPpkYqUIBvlm+Fg9mF7AM/Uagq2503XXIE1Lq//HON68P10vNMwLSKOtYLsoTiCnuIKGJqG37MsZVjQ1ZPRcO+LSLkq0i91gFxrOrVCrgztX4JQi5XkvEsYZGIXXjwHqxTVyt3adZWQO0LPxPqRiUqUzyhDhLo/xXNrHCu4VbMw==", "MIICZDCCAc2gAwIBAgIBADANBgkqhkiG9w0BAQ0FADBPMQswCQYDVQQGEwJ1czEUMBIGA1UECAwLZXhhbXBsZS5jb20xFDASBgNVBAoMC2V4YW1wbGUuY29tMRQwEgYDVQQDDAtleGFtcGxlLmNvbTAeFw0xNzA0MTUxNjMzMThaFw0xODA0MTUxNjMzMThaME8xCzAJBgNVBAYTAnVzMRQwEgYDVQQIDAtleGFtcGxlLmNvbTEUMBIGA1UECgwLZXhhbXBsZS5jb20xFDASBgNVBAMMC2V4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6GLkl5lDUZdHNDAojp5i24OoPlqrt5TGXJIPqAZYT1hQvJW5nv17MFDHrjmtEnmW4ACKEy0fAX80QWIcHunZSkbEGHb+NG/6oTi5RipXMvmHnfFnPJJ0AdtiLiPE478CV856gXekV4Xx5u3KrylcOgkpYsp0GMIQBDzleMUXlYQIDAQABo1AwTjAdBgNVHQ4EFgQUnP8vlYPGPL2n6ZzDYij2kMDC8wMwHwYDVR0jBBgwFoAUnP8vlYPGPL2n6ZzDYij2kMDC8wMwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOBgQAlQGAl+b8Cpot1g+65lLLjVoY7APJPWLW0klKQNlMU0s4MU+71Y3ExUEOXDAZgKcFoavb1fEOGMwEf38NaJAy1e/l6VNuixXShffq20ymqHQxOG0q8ujeNkgZF9k6XDfn/QZ3AD0o/IrCT7UMc/0QsfgIjWYxwCvp2syApc5CYfQ==", "MIIEZTCCA02gAwIBAgIUPyy/A3bZAZ4m28PzEUUoT7RJhxIwDQYJKoZIhvcNAQEFBQAwcjELMAkGA1UEBhMCVVMxKzApBgNVBAoMIk9uZUxvZ2luIFRlc3QgKHNnYXJjaWEtdXMtcHJlcHJvZCkxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEfMB0GA1UEAwwWT25lTG9naW4gQWNjb3VudCA4OTE0NjAeFw0xNjA4MDQyMjI5MzdaFw0yMTA4MDUyMjI5MzdaMHIxCzAJBgNVBAYTAlVTMSswKQYDVQQKDCJPbmVMb2dpbiBUZXN0IChzZ2FyY2lhLXVzLXByZXByb2QpMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxHzAdBgNVBAMMFk9uZUxvZ2luIEFjY291bnQgODkxNDYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN6iqQGcLOCglNO42I2rkzE05UXSiMXT6c8ALThMMiaDw6qqzo3sd/tKK+NcNKWLIIC8TozWVyh5ykUiVZps+08xil7VsTU7E+wKu3kvmOsvw2wlRwtnoKZJwYhnr+RkBa+h1r3ZYUgXm1ZPeHMKj1g18KaWz9+MxYL6BhKqrOzfW/P2xxVRcFH7/pq+ZsDdgNzD2GD+apzY4MZyZj/N6BpBWJ0GlFsmtBegpbX3LBitJuFkk5L4/U/jjF1AJa3boBdCUVfATqO5G03H4XS1GySjBIRQXmlUF52rLjg6xCgWJ30/+t1X+IHLJeixiQ0vxyh6C4/usCEt94cgD1r8ADAgMBAAGjgfIwge8wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUPW0DcH0G3IwynWgi74co4wZ6n7gwga8GA1UdIwSBpzCBpIAUPW0DcH0G3IwynWgi74co4wZ6n7ihdqR0MHIxCzAJBgNVBAYTAlVTMSswKQYDVQQKDCJPbmVMb2dpbiBUZXN0IChzZ2FyY2lhLXVzLXByZXByb2QpMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxHzAdBgNVBAMMFk9uZUxvZ2luIEFjY291bnQgODkxNDaCFD8svwN22QGeJtvD8xFFKE+0SYcSMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQUFAAOCAQEAQhB4q9jrycwbHrDSoYR1X4LFFzvJ9Us75wQquRHXpdyS9D6HUBXMGI6ahPicXCQrfLgN8vzMIiqZqfySXXv/8/dxe/X4UsWLYKYJHDJmxXD5EmWTa65chjkeP1oJAc8f3CKCpcP2lOBTthbnk2fEVAeLHR4xNdQO0VvGXWO9BliYPpkYqUIBvlm+Fg9mF7AM/Uagq2503XXIE1Lq//HON68P10vNMwLSKOtYLsoTiCnuIKGJqG37MsZVjQ1ZPRcO+LSLkq0i91gFxrOrVCrgztX4JQi5XkvEsYZGIXXjwHqxTVyt3adZWQO0LPxPqRiUqUzyhDhLo/xXNrHCu4VbMw==" ] }, "entityId": "https://idp.examle.com/saml/metadata", "singleSignOnService": { "url": "https://idp.examle.com/saml/sso", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" } } } """ expected_settings = json.loads(expected_settings_json) self.assertEqual(expected_settings, data) def test_parse_multi_same_signing_and_encrypt_cert(self): """ Tests the parse method of the OneLogin_Saml2_IdPMetadataParser Case: IdP metadata contains multiple signature cert and encrypt cert that is the same """ xml_idp_metadata = self.file_contents(join(self.data_path, 'metadata', 'idp_metadata_same_sign_and_encrypt_cert.xml')) data = OneLogin_Saml2_IdPMetadataParser.parse(xml_idp_metadata) expected_settings_json = """ { "sp": { "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" }, "idp": { "x509cert": "MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UEBwwMU2FudGEgTW9uaWNhMREwDwYDVQQKDAhPbmVMb2dpbjEZMBcGA1UEAwwQYXBwLm9uZWxvZ2luLmNvbTAeFw0xMzA2MDUxNzE2MjBaFw0xODA2MDUxNzE2MjBaMGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRUwEwYDVQQHDAxTYW50YSBNb25pY2ExETAPBgNVBAoMCE9uZUxvZ2luMRkwFwYDVQQDDBBhcHAub25lbG9naW4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAse8rnep4qL2GmhH10pMQyJ2Jae+AQHyfgVjaQZ7Z0QQog5jX91vcJRSMi0XWJnUtOr6lF0dq1+yckjZ92wyLrH+7fvngNO1aV4Mjk9sTgf+iqMrae6y6fRxDt9PXrEFVjvd3vv7QTJf2FuIPy4vVP06Dt8EMkQIr8rmLmU0mTr1k2DkrdtdlCuNFTXuAu3QqfvNCRrRwfNObn9MP6JeOUdcGLJsBjGF8exfcN1SFzRF0JFr3dmOlx761zK5liD0T1sYWnDquatj/JD9fZMbKecBKni1NglH/LVd+b6aJUAr5LulERULUjLqYJRKW31u91/4Qazdo9tbvwqyFxaoUrwIDAQABo4HUMIHRMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFPWcXvQSlTXnzZD2xziuoUvrrDedMIGRBgNVHSMEgYkwgYaAFPWcXvQSlTXnzZD2xziuoUvrrDedoWukaTBnMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UEBwwMU2FudGEgTW9uaWNhMREwDwYDVQQKDAhPbmVMb2dpbjEZMBcGA1UEAwwQYXBwLm9uZWxvZ2luLmNvbYIBATAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADggEBAB/8xe3rzqXQVxzHyAHuAuPa73ClDoL1cko0Fp8CGcqEIyj6Te9gx5z6wyfv+Lo8RFvBLlnB1lXqbC+fTGcVgG/4oKLJ5UwRFxInqpZPnOAudVNnd0PYOODn9FWs6u+OTIQIaIcPUv3MhB9lwHIJsTk/bs9xcru5TPyLIxLLd6ib/pRceKH2mTkzUd0DYk9CQNXXeoGx/du5B9nh3ClPTbVakRzl3oswgI5MQIphYxkW70SopEh4kOFSRE1ND31NNIq1YrXlgtkguQBFsZWuQOPR6cEwFZzP0tHTYbI839WgxX6hfhIUTUz6mLqq4+3P4BG3+1OXeVDg63y8Uh781sE=", "entityId": "https://app.onelogin.com/saml/metadata/383123", "singleSignOnService": { "url": "https://app.onelogin.com/trust/saml2/http-post/sso/383123", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" } } } """ expected_settings = json.loads(expected_settings_json) self.assertEqual(expected_settings, data) xml_idp_metadata_2 = self.file_contents(join(self.data_path, 'metadata', 'idp_metadata_different_sign_and_encrypt_cert.xml')) data_2 = OneLogin_Saml2_IdPMetadataParser.parse(xml_idp_metadata_2) expected_settings_json_2 = """ { "sp": { "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" }, "idp": { "x509certMulti": { "encryption": [ "MIIEZTCCA02gAwIBAgIUPyy/A3bZAZ4m28PzEUUoT7RJhxIwDQYJKoZIhvcNAQEFBQAwcjELMAkGA1UEBhMCVVMxKzApBgNVBAoMIk9uZUxvZ2luIFRlc3QgKHNnYXJjaWEtdXMtcHJlcHJvZCkxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEfMB0GA1UEAwwWT25lTG9naW4gQWNjb3VudCA4OTE0NjAeFw0xNjA4MDQyMjI5MzdaFw0yMTA4MDUyMjI5MzdaMHIxCzAJBgNVBAYTAlVTMSswKQYDVQQKDCJPbmVMb2dpbiBUZXN0IChzZ2FyY2lhLXVzLXByZXByb2QpMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxHzAdBgNVBAMMFk9uZUxvZ2luIEFjY291bnQgODkxNDYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN6iqQGcLOCglNO42I2rkzE05UXSiMXT6c8ALThMMiaDw6qqzo3sd/tKK+NcNKWLIIC8TozWVyh5ykUiVZps+08xil7VsTU7E+wKu3kvmOsvw2wlRwtnoKZJwYhnr+RkBa+h1r3ZYUgXm1ZPeHMKj1g18KaWz9+MxYL6BhKqrOzfW/P2xxVRcFH7/pq+ZsDdgNzD2GD+apzY4MZyZj/N6BpBWJ0GlFsmtBegpbX3LBitJuFkk5L4/U/jjF1AJa3boBdCUVfATqO5G03H4XS1GySjBIRQXmlUF52rLjg6xCgWJ30/+t1X+IHLJeixiQ0vxyh6C4/usCEt94cgD1r8ADAgMBAAGjgfIwge8wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUPW0DcH0G3IwynWgi74co4wZ6n7gwga8GA1UdIwSBpzCBpIAUPW0DcH0G3IwynWgi74co4wZ6n7ihdqR0MHIxCzAJBgNVBAYTAlVTMSswKQYDVQQKDCJPbmVMb2dpbiBUZXN0IChzZ2FyY2lhLXVzLXByZXByb2QpMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxHzAdBgNVBAMMFk9uZUxvZ2luIEFjY291bnQgODkxNDaCFD8svwN22QGeJtvD8xFFKE+0SYcSMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQUFAAOCAQEAQhB4q9jrycwbHrDSoYR1X4LFFzvJ9Us75wQquRHXpdyS9D6HUBXMGI6ahPicXCQrfLgN8vzMIiqZqfySXXv/8/dxe/X4UsWLYKYJHDJmxXD5EmWTa65chjkeP1oJAc8f3CKCpcP2lOBTthbnk2fEVAeLHR4xNdQO0VvGXWO9BliYPpkYqUIBvlm+Fg9mF7AM/Uagq2503XXIE1Lq//HON68P10vNMwLSKOtYLsoTiCnuIKGJqG37MsZVjQ1ZPRcO+LSLkq0i91gFxrOrVCrgztX4JQi5XkvEsYZGIXXjwHqxTVyt3adZWQO0LPxPqRiUqUzyhDhLo/xXNrHCu4VbMw==" ], "signing": [ "MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UEBwwMU2FudGEgTW9uaWNhMREwDwYDVQQKDAhPbmVMb2dpbjEZMBcGA1UEAwwQYXBwLm9uZWxvZ2luLmNvbTAeFw0xMzA2MDUxNzE2MjBaFw0xODA2MDUxNzE2MjBaMGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRUwEwYDVQQHDAxTYW50YSBNb25pY2ExETAPBgNVBAoMCE9uZUxvZ2luMRkwFwYDVQQDDBBhcHAub25lbG9naW4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAse8rnep4qL2GmhH10pMQyJ2Jae+AQHyfgVjaQZ7Z0QQog5jX91vcJRSMi0XWJnUtOr6lF0dq1+yckjZ92wyLrH+7fvngNO1aV4Mjk9sTgf+iqMrae6y6fRxDt9PXrEFVjvd3vv7QTJf2FuIPy4vVP06Dt8EMkQIr8rmLmU0mTr1k2DkrdtdlCuNFTXuAu3QqfvNCRrRwfNObn9MP6JeOUdcGLJsBjGF8exfcN1SFzRF0JFr3dmOlx761zK5liD0T1sYWnDquatj/JD9fZMbKecBKni1NglH/LVd+b6aJUAr5LulERULUjLqYJRKW31u91/4Qazdo9tbvwqyFxaoUrwIDAQABo4HUMIHRMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFPWcXvQSlTXnzZD2xziuoUvrrDedMIGRBgNVHSMEgYkwgYaAFPWcXvQSlTXnzZD2xziuoUvrrDedoWukaTBnMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UEBwwMU2FudGEgTW9uaWNhMREwDwYDVQQKDAhPbmVMb2dpbjEZMBcGA1UEAwwQYXBwLm9uZWxvZ2luLmNvbYIBATAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADggEBAB/8xe3rzqXQVxzHyAHuAuPa73ClDoL1cko0Fp8CGcqEIyj6Te9gx5z6wyfv+Lo8RFvBLlnB1lXqbC+fTGcVgG/4oKLJ5UwRFxInqpZPnOAudVNnd0PYOODn9FWs6u+OTIQIaIcPUv3MhB9lwHIJsTk/bs9xcru5TPyLIxLLd6ib/pRceKH2mTkzUd0DYk9CQNXXeoGx/du5B9nh3ClPTbVakRzl3oswgI5MQIphYxkW70SopEh4kOFSRE1ND31NNIq1YrXlgtkguQBFsZWuQOPR6cEwFZzP0tHTYbI839WgxX6hfhIUTUz6mLqq4+3P4BG3+1OXeVDg63y8Uh781sE=" ] }, "entityId": "https://app.onelogin.com/saml/metadata/383123", "singleSignOnService": { "url": "https://app.onelogin.com/trust/saml2/http-post/sso/383123", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" } } } """ expected_settings_2 = json.loads(expected_settings_json_2) self.assertEqual(expected_settings_2, data_2) def test_merge_settings(self): """ Tests the merge_settings method of the OneLogin_Saml2_IdPMetadataParser """ with self.assertRaises(TypeError): settings_result = OneLogin_Saml2_IdPMetadataParser.merge_settings(None, {}) with self.assertRaises(TypeError): settings_result = OneLogin_Saml2_IdPMetadataParser.merge_settings({}, None) xml_idp_metadata = self.file_contents(join(self.data_path, 'metadata', 'idp_metadata.xml')) # Parse XML metadata. data = OneLogin_Saml2_IdPMetadataParser.parse(xml_idp_metadata) # Read base settings. settings = self.loadSettingsJSON() # Merge settings from XML metadata into base settings, # let XML metadata have priority if there are conflicting # attributes. settings_result = OneLogin_Saml2_IdPMetadataParser.merge_settings(settings, data) # Generate readable JSON representation: # print("%s" % json.dumps(settings_result, indent=2) expected_settings_json = """ { "custom_base_path": "../../../tests/data/customPath/", "contactPerson": { "support": { "emailAddress": "support@example.com", "givenName": "support_name" }, "technical": { "emailAddress": "technical@example.com", "givenName": "technical_name" } }, "idp": { "singleSignOnService": { "url": "https://app.onelogin.com/trust/saml2/http-post/sso/383123", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" }, "entityId": "https://app.onelogin.com/saml/metadata/383123", "singleLogoutService": { "url": "http://idp.example.com/SingleLogoutService.php" }, "x509cert": "MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UEBwwMU2FudGEgTW9uaWNhMREwDwYDVQQKDAhPbmVMb2dpbjEZMBcGA1UEAwwQYXBwLm9uZWxvZ2luLmNvbTAeFw0xMzA2MDUxNzE2MjBaFw0xODA2MDUxNzE2MjBaMGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRUwEwYDVQQHDAxTYW50YSBNb25pY2ExETAPBgNVBAoMCE9uZUxvZ2luMRkwFwYDVQQDDBBhcHAub25lbG9naW4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAse8rnep4qL2GmhH10pMQyJ2Jae+AQHyfgVjaQZ7Z0QQog5jX91vcJRSMi0XWJnUtOr6lF0dq1+yckjZ92wyLrH+7fvngNO1aV4Mjk9sTgf+iqMrae6y6fRxDt9PXrEFVjvd3vv7QTJf2FuIPy4vVP06Dt8EMkQIr8rmLmU0mTr1k2DkrdtdlCuNFTXuAu3QqfvNCRrRwfNObn9MP6JeOUdcGLJsBjGF8exfcN1SFzRF0JFr3dmOlx761zK5liD0T1sYWnDquatj/JD9fZMbKecBKni1NglH/LVd+b6aJUAr5LulERULUjLqYJRKW31u91/4Qazdo9tbvwqyFxaoUrwIDAQABo4HUMIHRMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFPWcXvQSlTXnzZD2xziuoUvrrDedMIGRBgNVHSMEgYkwgYaAFPWcXvQSlTXnzZD2xziuoUvrrDedoWukaTBnMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UEBwwMU2FudGEgTW9uaWNhMREwDwYDVQQKDAhPbmVMb2dpbjEZMBcGA1UEAwwQYXBwLm9uZWxvZ2luLmNvbYIBATAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADggEBAB/8xe3rzqXQVxzHyAHuAuPa73ClDoL1cko0Fp8CGcqEIyj6Te9gx5z6wyfv+Lo8RFvBLlnB1lXqbC+fTGcVgG/4oKLJ5UwRFxInqpZPnOAudVNnd0PYOODn9FWs6u+OTIQIaIcPUv3MhB9lwHIJsTk/bs9xcru5TPyLIxLLd6ib/pRceKH2mTkzUd0DYk9CQNXXeoGx/du5B9nh3ClPTbVakRzl3oswgI5MQIphYxkW70SopEh4kOFSRE1ND31NNIq1YrXlgtkguQBFsZWuQOPR6cEwFZzP0tHTYbI839WgxX6hfhIUTUz6mLqq4+3P4BG3+1OXeVDg63y8Uh781sE=" }, "sp": { "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "entityId": "http://stuff.com/endpoints/metadata.php", "assertionConsumerService": { "url": "http://stuff.com/endpoints/endpoints/acs.php" }, "singleLogoutService": { "url": "http://stuff.com/endpoints/endpoints/sls.php" } }, "security": { "wantAssertionsSigned": false, "authnRequestsSigned": false, "signMetadata": false }, "debug": false, "organization": { "en-US": { "displayname": "SP test", "url": "http://sp.example.com", "name": "sp_test" } }, "strict": false } """ expected_settings = json.loads(expected_settings_json) self.assertEqual(expected_settings, settings_result) # Commute merge operation. As the order determines which settings # dictionary has priority, here we expect a different result. settings_result2 = OneLogin_Saml2_IdPMetadataParser.merge_settings(data, settings) expected_settings2_json = """ { "debug": false, "idp": { "singleLogoutService": { "url": "http://idp.example.com/SingleLogoutService.php" }, "singleSignOnService": { "url": "http://idp.example.com/SSOService.php", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" }, "entityId": "http://idp.example.com/", "x509cert": "MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo" }, "security": { "authnRequestsSigned": false, "wantAssertionsSigned": false, "signMetadata": false }, "contactPerson": { "technical": { "emailAddress": "technical@example.com", "givenName": "technical_name" }, "support": { "emailAddress": "support@example.com", "givenName": "support_name" } }, "strict": false, "sp": { "singleLogoutService": { "url": "http://stuff.com/endpoints/endpoints/sls.php" }, "assertionConsumerService": { "url": "http://stuff.com/endpoints/endpoints/acs.php" }, "entityId": "http://stuff.com/endpoints/metadata.php", "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" }, "custom_base_path": "../../../tests/data/customPath/", "organization": { "en-US": { "displayname": "SP test", "url": "http://sp.example.com", "name": "sp_test" } } } """ expected_settings2 = json.loads(expected_settings2_json) self.assertEqual(expected_settings2, settings_result2) # Test merging multiple certs xml_idp_metadata = self.file_contents(join(self.data_path, 'metadata', 'idp_metadata_multi_certs.xml')) data3 = OneLogin_Saml2_IdPMetadataParser.parse(xml_idp_metadata) settings_result3 = OneLogin_Saml2_IdPMetadataParser.merge_settings(settings, data3) expected_settings3_json = """ { "debug": false, "strict": false, "custom_base_path": "../../../tests/data/customPath/", "sp": { "singleLogoutService": { "url": "http://stuff.com/endpoints/endpoints/sls.php" }, "assertionConsumerService": { "url": "http://stuff.com/endpoints/endpoints/acs.php" }, "entityId": "http://stuff.com/endpoints/metadata.php", "NameIDFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:transient" }, "idp": { "singleLogoutService": { "url": "https://idp.examle.com/saml/slo", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" }, "x509certMulti": { "encryption": [ "MIIEZTCCA02gAwIBAgIUPyy/A3bZAZ4m28PzEUUoT7RJhxIwDQYJKoZIhvcNAQEFBQAwcjELMAkGA1UEBhMCVVMxKzApBgNVBAoMIk9uZUxvZ2luIFRlc3QgKHNnYXJjaWEtdXMtcHJlcHJvZCkxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEfMB0GA1UEAwwWT25lTG9naW4gQWNjb3VudCA4OTE0NjAeFw0xNjA4MDQyMjI5MzdaFw0yMTA4MDUyMjI5MzdaMHIxCzAJBgNVBAYTAlVTMSswKQYDVQQKDCJPbmVMb2dpbiBUZXN0IChzZ2FyY2lhLXVzLXByZXByb2QpMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxHzAdBgNVBAMMFk9uZUxvZ2luIEFjY291bnQgODkxNDYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN6iqQGcLOCglNO42I2rkzE05UXSiMXT6c8ALThMMiaDw6qqzo3sd/tKK+NcNKWLIIC8TozWVyh5ykUiVZps+08xil7VsTU7E+wKu3kvmOsvw2wlRwtnoKZJwYhnr+RkBa+h1r3ZYUgXm1ZPeHMKj1g18KaWz9+MxYL6BhKqrOzfW/P2xxVRcFH7/pq+ZsDdgNzD2GD+apzY4MZyZj/N6BpBWJ0GlFsmtBegpbX3LBitJuFkk5L4/U/jjF1AJa3boBdCUVfATqO5G03H4XS1GySjBIRQXmlUF52rLjg6xCgWJ30/+t1X+IHLJeixiQ0vxyh6C4/usCEt94cgD1r8ADAgMBAAGjgfIwge8wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUPW0DcH0G3IwynWgi74co4wZ6n7gwga8GA1UdIwSBpzCBpIAUPW0DcH0G3IwynWgi74co4wZ6n7ihdqR0MHIxCzAJBgNVBAYTAlVTMSswKQYDVQQKDCJPbmVMb2dpbiBUZXN0IChzZ2FyY2lhLXVzLXByZXByb2QpMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxHzAdBgNVBAMMFk9uZUxvZ2luIEFjY291bnQgODkxNDaCFD8svwN22QGeJtvD8xFFKE+0SYcSMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQUFAAOCAQEAQhB4q9jrycwbHrDSoYR1X4LFFzvJ9Us75wQquRHXpdyS9D6HUBXMGI6ahPicXCQrfLgN8vzMIiqZqfySXXv/8/dxe/X4UsWLYKYJHDJmxXD5EmWTa65chjkeP1oJAc8f3CKCpcP2lOBTthbnk2fEVAeLHR4xNdQO0VvGXWO9BliYPpkYqUIBvlm+Fg9mF7AM/Uagq2503XXIE1Lq//HON68P10vNMwLSKOtYLsoTiCnuIKGJqG37MsZVjQ1ZPRcO+LSLkq0i91gFxrOrVCrgztX4JQi5XkvEsYZGIXXjwHqxTVyt3adZWQO0LPxPqRiUqUzyhDhLo/xXNrHCu4VbMw==" ], "signing": [ "MIIEZTCCA02gAwIBAgIUPyy/A3bZAZ4m28PzEUUoT7RJhxIwDQYJKoZIhvcNAQEFBQAwcjELMAkGA1UEBhMCVVMxKzApBgNVBAoMIk9uZUxvZ2luIFRlc3QgKHNnYXJjaWEtdXMtcHJlcHJvZCkxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEfMB0GA1UEAwwWT25lTG9naW4gQWNjb3VudCA4OTE0NjAeFw0xNjA4MDQyMjI5MzdaFw0yMTA4MDUyMjI5MzdaMHIxCzAJBgNVBAYTAlVTMSswKQYDVQQKDCJPbmVMb2dpbiBUZXN0IChzZ2FyY2lhLXVzLXByZXByb2QpMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxHzAdBgNVBAMMFk9uZUxvZ2luIEFjY291bnQgODkxNDYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN6iqQGcLOCglNO42I2rkzE05UXSiMXT6c8ALThMMiaDw6qqzo3sd/tKK+NcNKWLIIC8TozWVyh5ykUiVZps+08xil7VsTU7E+wKu3kvmOsvw2wlRwtnoKZJwYhnr+RkBa+h1r3ZYUgXm1ZPeHMKj1g18KaWz9+MxYL6BhKqrOzfW/P2xxVRcFH7/pq+ZsDdgNzD2GD+apzY4MZyZj/N6BpBWJ0GlFsmtBegpbX3LBitJuFkk5L4/U/jjF1AJa3boBdCUVfATqO5G03H4XS1GySjBIRQXmlUF52rLjg6xCgWJ30/+t1X+IHLJeixiQ0vxyh6C4/usCEt94cgD1r8ADAgMBAAGjgfIwge8wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUPW0DcH0G3IwynWgi74co4wZ6n7gwga8GA1UdIwSBpzCBpIAUPW0DcH0G3IwynWgi74co4wZ6n7ihdqR0MHIxCzAJBgNVBAYTAlVTMSswKQYDVQQKDCJPbmVMb2dpbiBUZXN0IChzZ2FyY2lhLXVzLXByZXByb2QpMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxHzAdBgNVBAMMFk9uZUxvZ2luIEFjY291bnQgODkxNDaCFD8svwN22QGeJtvD8xFFKE+0SYcSMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQUFAAOCAQEAQhB4q9jrycwbHrDSoYR1X4LFFzvJ9Us75wQquRHXpdyS9D6HUBXMGI6ahPicXCQrfLgN8vzMIiqZqfySXXv/8/dxe/X4UsWLYKYJHDJmxXD5EmWTa65chjkeP1oJAc8f3CKCpcP2lOBTthbnk2fEVAeLHR4xNdQO0VvGXWO9BliYPpkYqUIBvlm+Fg9mF7AM/Uagq2503XXIE1Lq//HON68P10vNMwLSKOtYLsoTiCnuIKGJqG37MsZVjQ1ZPRcO+LSLkq0i91gFxrOrVCrgztX4JQi5XkvEsYZGIXXjwHqxTVyt3adZWQO0LPxPqRiUqUzyhDhLo/xXNrHCu4VbMw==", "MIICZDCCAc2gAwIBAgIBADANBgkqhkiG9w0BAQ0FADBPMQswCQYDVQQGEwJ1czEUMBIGA1UECAwLZXhhbXBsZS5jb20xFDASBgNVBAoMC2V4YW1wbGUuY29tMRQwEgYDVQQDDAtleGFtcGxlLmNvbTAeFw0xNzA0MTUxNjMzMThaFw0xODA0MTUxNjMzMThaME8xCzAJBgNVBAYTAnVzMRQwEgYDVQQIDAtleGFtcGxlLmNvbTEUMBIGA1UECgwLZXhhbXBsZS5jb20xFDASBgNVBAMMC2V4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6GLkl5lDUZdHNDAojp5i24OoPlqrt5TGXJIPqAZYT1hQvJW5nv17MFDHrjmtEnmW4ACKEy0fAX80QWIcHunZSkbEGHb+NG/6oTi5RipXMvmHnfFnPJJ0AdtiLiPE478CV856gXekV4Xx5u3KrylcOgkpYsp0GMIQBDzleMUXlYQIDAQABo1AwTjAdBgNVHQ4EFgQUnP8vlYPGPL2n6ZzDYij2kMDC8wMwHwYDVR0jBBgwFoAUnP8vlYPGPL2n6ZzDYij2kMDC8wMwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOBgQAlQGAl+b8Cpot1g+65lLLjVoY7APJPWLW0klKQNlMU0s4MU+71Y3ExUEOXDAZgKcFoavb1fEOGMwEf38NaJAy1e/l6VNuixXShffq20ymqHQxOG0q8ujeNkgZF9k6XDfn/QZ3AD0o/IrCT7UMc/0QsfgIjWYxwCvp2syApc5CYfQ==" ] }, "entityId": "https://idp.examle.com/saml/metadata", "singleSignOnService": { "url": "https://idp.examle.com/saml/sso", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" } }, "security": { "authnRequestsSigned": false, "wantAssertionsSigned": false, "signMetadata": false }, "contactPerson": { "technical": { "emailAddress": "technical@example.com", "givenName": "technical_name" }, "support": { "emailAddress": "support@example.com", "givenName": "support_name" } }, "organization": { "en-US": { "displayname": "SP test", "url": "http://sp.example.com", "name": "sp_test" } } } """ expected_settings3 = json.loads(expected_settings3_json) self.assertEqual(expected_settings3, settings_result3) python3-saml-1.12.0/tests/src/OneLogin/saml2_tests/logout_request_test.py000066400000000000000000000640551410551756100265450ustar00rootroot00000000000000# -*- coding: utf-8 -*- # Copyright (c) 2010-2021 OneLogin, Inc. # MIT License import json from os.path import dirname, join, exists import unittest from xml.dom.minidom import parseString from onelogin.saml2 import compat from onelogin.saml2.logout_request import OneLogin_Saml2_Logout_Request from onelogin.saml2.settings import OneLogin_Saml2_Settings from onelogin.saml2.utils import OneLogin_Saml2_Utils try: from urllib.parse import urlparse, parse_qs except ImportError: from urlparse import urlparse, parse_qs class OneLogin_Saml2_Logout_Request_Test(unittest.TestCase): data_path = join(dirname(dirname(dirname(dirname(__file__)))), 'data') settings_path = join(dirname(dirname(dirname(dirname(__file__)))), 'settings') # assertRegexpMatches deprecated on python3 def assertRegex(self, text, regexp, msg=None): if hasattr(unittest.TestCase, 'assertRegex'): return super(OneLogin_Saml2_Logout_Request_Test, self).assertRegex(text, regexp, msg) else: return self.assertRegexpMatches(text, regexp, msg) # assertRaisesRegexp deprecated on python3 def assertRaisesRegex(self, exception, regexp, msg=None): if hasattr(unittest.TestCase, 'assertRaisesRegex'): return super(OneLogin_Saml2_Logout_Request_Test, self).assertRaisesRegex(exception, regexp, msg=msg) else: return self.assertRaisesRegexp(exception, regexp) def loadSettingsJSON(self, name='settings1.json'): filename = join(self.settings_path, name) if exists(filename): stream = open(filename, 'r') settings = json.load(stream) stream.close() return settings else: raise Exception('Settings json file does not exist') def file_contents(self, filename): f = open(filename, 'r') content = f.read() f.close() return content def testConstructor(self): """ Tests the OneLogin_Saml2_LogoutRequest Constructor. """ settings_info = self.loadSettingsJSON() settings_info['security']['nameIdEncrypted'] = True settings = OneLogin_Saml2_Settings(settings_info) logout_request = OneLogin_Saml2_Logout_Request(settings) parameters = {'SAMLRequest': logout_request.get_request()} logout_url = OneLogin_Saml2_Utils.redirect('http://idp.example.com/SingleLogoutService.php', parameters, True) self.assertRegex(logout_url, r'^http://idp\.example\.com\/SingleLogoutService\.php\?SAMLRequest=') url_parts = urlparse(logout_url) exploded = parse_qs(url_parts.query) payload = exploded['SAMLRequest'][0] inflated = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(payload)) self.assertRegex(inflated, '^') def testGetIDFromSAMLLogoutRequest(self): """ Tests the get_id method of the OneLogin_Saml2_LogoutRequest """ logout_request = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request.xml')) id1 = OneLogin_Saml2_Logout_Request.get_id(logout_request) self.assertEqual('ONELOGIN_21584ccdfaca36a145ae990442dcd96bfe60151e', id1) dom = parseString(logout_request) id2 = OneLogin_Saml2_Logout_Request.get_id(dom.toxml()) self.assertEqual('ONELOGIN_21584ccdfaca36a145ae990442dcd96bfe60151e', id2) def testGetIDFromDeflatedSAMLLogoutRequest(self): """ Tests the get_id method of the OneLogin_Saml2_LogoutRequest """ deflated_logout_request = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request_deflated.xml.base64')) logout_request = OneLogin_Saml2_Utils.decode_base64_and_inflate(deflated_logout_request) id1 = OneLogin_Saml2_Logout_Request.get_id(logout_request) self.assertEqual('ONELOGIN_21584ccdfaca36a145ae990442dcd96bfe60151e', id1) def testGetNameIdData(self): """ Tests the get_nameid_data method of the OneLogin_Saml2_LogoutRequest """ expected_name_id_data = { 'Value': 'ONELOGIN_1e442c129e1f822c8096086a1103c5ee2c7cae1c', 'Format': 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified', 'SPNameQualifier': 'http://idp.example.com/' } request = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request.xml')) name_id_data = OneLogin_Saml2_Logout_Request.get_nameid_data(request) self.assertEqual(expected_name_id_data, name_id_data) dom = parseString(request) name_id_data_2 = OneLogin_Saml2_Logout_Request.get_nameid_data(dom.toxml()) self.assertEqual(expected_name_id_data, name_id_data_2) request_2 = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request_encrypted_nameid.xml')) with self.assertRaisesRegex(Exception, 'Key is required in order to decrypt the NameID'): OneLogin_Saml2_Logout_Request.get_nameid(request_2) settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) key = settings.get_sp_key() name_id_data_4 = OneLogin_Saml2_Logout_Request.get_nameid_data(request_2, key) expected_name_id_data = { 'Value': 'ONELOGIN_9c86c4542ab9d6fce07f2f7fd335287b9b3cdf69', 'Format': 'urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress', 'SPNameQualifier': 'https://pitbulk.no-ip.org/newonelogin/demo1/metadata.php' } self.assertEqual(expected_name_id_data, name_id_data_4) dom_2 = parseString(request_2) encrypted_id_nodes = dom_2.getElementsByTagName('saml:EncryptedID') encrypted_data = encrypted_id_nodes[0].firstChild.nextSibling encrypted_id_nodes[0].removeChild(encrypted_data) with self.assertRaisesRegex(Exception, 'NameID not found in the Logout Request'): OneLogin_Saml2_Logout_Request.get_nameid(dom_2.toxml(), key) inv_request = self.file_contents(join(self.data_path, 'logout_requests', 'invalids', 'no_nameId.xml')) with self.assertRaisesRegex(Exception, 'NameID not found in the Logout Request'): OneLogin_Saml2_Logout_Request.get_nameid(inv_request) idp_data = settings.get_idp_data() expected_name_id_data = { 'Format': 'urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress', 'NameQualifier': idp_data['entityId'], 'Value': 'ONELOGIN_9c86c4542ab9d6fce07f2f7fd335287b9b3cdf69' } logout_request = OneLogin_Saml2_Logout_Request(settings, None, expected_name_id_data['Value'], None, idp_data['entityId'], expected_name_id_data['Format']) name_id_data_3 = OneLogin_Saml2_Logout_Request.get_nameid_data(logout_request.get_xml()) self.assertEqual(expected_name_id_data, name_id_data_3) expected_name_id_data = { 'Format': 'urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress', 'Value': 'ONELOGIN_9c86c4542ab9d6fce07f2f7fd335287b9b3cdf69' } logout_request = OneLogin_Saml2_Logout_Request(settings, None, expected_name_id_data['Value'], None, None, expected_name_id_data['Format']) name_id_data_4 = OneLogin_Saml2_Logout_Request.get_nameid_data(logout_request.get_xml()) self.assertEqual(expected_name_id_data, name_id_data_4) expected_name_id_data = { 'Format': 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity', 'Value': 'http://idp.example.com/' } logout_request = OneLogin_Saml2_Logout_Request(settings) name_id_data_5 = OneLogin_Saml2_Logout_Request.get_nameid_data(logout_request.get_xml()) self.assertEqual(expected_name_id_data, name_id_data_5) def testGetNameId(self): """ Tests the get_nameid of the OneLogin_Saml2_LogoutRequest """ request = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request.xml')) name_id = OneLogin_Saml2_Logout_Request.get_nameid(request) self.assertEqual(name_id, 'ONELOGIN_1e442c129e1f822c8096086a1103c5ee2c7cae1c') request_2 = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request_encrypted_nameid.xml')) with self.assertRaisesRegex(Exception, 'Key is required in order to decrypt the NameID'): OneLogin_Saml2_Logout_Request.get_nameid(request_2) settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) key = settings.get_sp_key() name_id_3 = OneLogin_Saml2_Logout_Request.get_nameid(request_2, key) self.assertEqual('ONELOGIN_9c86c4542ab9d6fce07f2f7fd335287b9b3cdf69', name_id_3) def testGetIssuer(self): """ Tests the get_issuer of the OneLogin_Saml2_LogoutRequest """ request = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request.xml')) issuer = OneLogin_Saml2_Logout_Request.get_issuer(request) self.assertEqual('http://idp.example.com/', issuer) dom = parseString(request) issuer_2 = OneLogin_Saml2_Logout_Request.get_issuer(dom.toxml()) self.assertEqual('http://idp.example.com/', issuer_2) issuer_node = dom.getElementsByTagName('saml:Issuer')[0] issuer_node.parentNode.removeChild(issuer_node) issuer_3 = OneLogin_Saml2_Logout_Request.get_issuer(dom.toxml()) self.assertIsNone(issuer_3) def testGetSessionIndexes(self): """ Tests the get_session_indexes of the OneLogin_Saml2_LogoutRequest """ request = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request.xml')) session_indexes = OneLogin_Saml2_Logout_Request.get_session_indexes(request) self.assertEqual(len(session_indexes), 0) dom = parseString(request) session_indexes_2 = OneLogin_Saml2_Logout_Request.get_session_indexes(dom.toxml()) self.assertEqual(len(session_indexes_2), 0) request_2 = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request_with_sessionindex.xml')) session_indexes_3 = OneLogin_Saml2_Logout_Request.get_session_indexes(request_2) self.assertEqual(['_ac72a76526cb6ca19f8438e73879a0e6c8ae5131'], session_indexes_3) def testIsInvalidXML(self): """ Tests the is_valid method of the OneLogin_Saml2_LogoutRequest Case Invalid XML """ request = OneLogin_Saml2_Utils.b64encode('invalid') request_data = { 'http_host': 'example.com', 'script_name': 'index.html', } settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) logout_request = OneLogin_Saml2_Logout_Request(settings, request) self.assertTrue(logout_request.is_valid(request_data)) settings.set_strict(True) logout_request2 = OneLogin_Saml2_Logout_Request(settings, request) self.assertFalse(logout_request2.is_valid(request_data)) def testIsInvalidIssuer(self): """ Tests the is_valid method of the OneLogin_Saml2_LogoutRequest Case Invalid Issuer """ request = self.file_contents(join(self.data_path, 'logout_requests', 'invalids', 'invalid_issuer.xml')) request_data = { 'http_host': 'example.com', 'script_name': 'index.html' } current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data) request = request.replace('http://stuff.com/endpoints/endpoints/sls.php', current_url) settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) logout_request = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(request)) self.assertTrue(logout_request.is_valid(request_data)) settings.set_strict(True) logout_request2 = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(request)) with self.assertRaisesRegex(Exception, 'Invalid issuer in the Logout Request'): logout_request2.is_valid(request_data, raise_exceptions=True) def testIsInvalidDestination(self): """ Tests the is_valid method of the OneLogin_Saml2_LogoutRequest Case Invalid Destination """ request_data = { 'http_host': 'example.com', 'script_name': 'index.html' } request = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request.xml')) settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) logout_request = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(request)) self.assertTrue(logout_request.is_valid(request_data)) settings.set_strict(True) logout_request2 = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(request)) with self.assertRaisesRegex(Exception, 'The LogoutRequest was received at'): logout_request2.is_valid(request_data, raise_exceptions=True) dom = parseString(request) dom.documentElement.setAttribute('Destination', None) logout_request3 = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(dom.toxml())) self.assertTrue(logout_request3.is_valid(request_data)) dom.documentElement.removeAttribute('Destination') logout_request4 = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(dom.toxml())) self.assertTrue(logout_request4.is_valid(request_data)) def testIsInvalidNotOnOrAfter(self): """ Tests the is_valid method of the OneLogin_Saml2_LogoutRequest Case Invalid NotOnOrAfter """ request_data = { 'http_host': 'example.com', 'script_name': 'index.html' } request = self.file_contents(join(self.data_path, 'logout_requests', 'invalids', 'not_after_failed.xml')) current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data) request = request.replace('http://stuff.com/endpoints/endpoints/sls.php', current_url) settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) logout_request = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(request)) self.assertTrue(logout_request.is_valid(request_data)) settings.set_strict(True) logout_request2 = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(request)) with self.assertRaisesRegex(Exception, 'Could not validate timestamp: expired. Check system clock.'): logout_request2.is_valid(request_data, raise_exceptions=True) def testIsValid(self): """ Tests the is_valid method of the OneLogin_Saml2_LogoutRequest """ request_data = { 'http_host': 'example.com', 'script_name': 'index.html' } request = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request.xml')) settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) logout_request = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(request)) self.assertTrue(logout_request.is_valid(request_data)) settings.set_strict(True) logout_request2 = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(request)) self.assertFalse(logout_request2.is_valid(request_data)) settings.set_strict(False) dom = parseString(request) logout_request3 = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(dom.toxml())) self.assertTrue(logout_request3.is_valid(request_data)) settings.set_strict(True) logout_request4 = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(dom.toxml())) self.assertFalse(logout_request4.is_valid(request_data)) current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data) request = request.replace('http://stuff.com/endpoints/endpoints/sls.php', current_url) logout_request5 = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(request)) self.assertTrue(logout_request5.is_valid(request_data)) def testIsValidWithCapitalization(self): """ Tests the is_valid method of the OneLogin_Saml2_LogoutRequest """ request_data = { 'http_host': 'exaMPLe.com', 'script_name': 'index.html' } request = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request.xml')) settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) logout_request = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(request)) self.assertTrue(logout_request.is_valid(request_data)) settings.set_strict(True) logout_request2 = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(request)) self.assertFalse(logout_request2.is_valid(request_data)) settings.set_strict(False) dom = parseString(request) logout_request3 = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(dom.toxml())) self.assertTrue(logout_request3.is_valid(request_data)) settings.set_strict(True) logout_request4 = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(dom.toxml())) self.assertFalse(logout_request4.is_valid(request_data)) current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data) request = request.replace('http://stuff.com/endpoints/endpoints/sls.php', current_url.lower()) logout_request5 = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(request)) self.assertTrue(logout_request5.is_valid(request_data)) def testIsInValidWithCapitalization(self): """ Tests the is_valid method of the OneLogin_Saml2_LogoutRequest """ request_data = { 'http_host': 'example.com', 'script_name': 'INdex.html' } request = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request.xml')) settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) logout_request = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(request)) self.assertTrue(logout_request.is_valid(request_data)) settings.set_strict(True) logout_request2 = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(request)) self.assertFalse(logout_request2.is_valid(request_data)) settings.set_strict(False) dom = parseString(request) logout_request3 = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(dom.toxml())) self.assertTrue(logout_request3.is_valid(request_data)) settings.set_strict(True) logout_request4 = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(dom.toxml())) self.assertFalse(logout_request4.is_valid(request_data)) current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data) request = request.replace('http://stuff.com/endpoints/endpoints/sls.php', current_url.lower()) logout_request5 = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(request)) self.assertFalse(logout_request5.is_valid(request_data)) def testIsValidWithXMLEncoding(self): """ Tests the is_valid method of the OneLogin_Saml2_LogoutRequest """ request_data = { 'http_host': 'example.com', 'script_name': 'index.html' } request = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request_with_encoding.xml')) settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) logout_request = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(request)) self.assertTrue(logout_request.is_valid(request_data)) settings.set_strict(True) logout_request2 = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(request)) self.assertFalse(logout_request2.is_valid(request_data)) settings.set_strict(False) dom = parseString(request) logout_request3 = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(dom.toxml())) self.assertTrue(logout_request3.is_valid(request_data)) settings.set_strict(True) logout_request4 = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(dom.toxml())) self.assertFalse(logout_request4.is_valid(request_data)) current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data) request = request.replace('http://stuff.com/endpoints/endpoints/sls.php', current_url) logout_request5 = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(request)) self.assertTrue(logout_request5.is_valid(request_data)) def testIsValidRaisesExceptionWhenRaisesArgumentIsTrue(self): request = OneLogin_Saml2_Utils.b64encode('invalid') request_data = { 'http_host': 'example.com', 'script_name': 'index.html', } settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) settings.set_strict(True) logout_request = OneLogin_Saml2_Logout_Request(settings, request) self.assertFalse(logout_request.is_valid(request_data)) with self.assertRaises(Exception): logout_request.is_valid(request_data, raise_exceptions=True) def testGetXML(self): """ Tests that we can get the logout request XML directly without going through intermediate steps """ request = self.file_contents(join(self.data_path, 'logout_requests', 'logout_request.xml')) settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) logout_request_generated = OneLogin_Saml2_Logout_Request(settings) expectedFragment = ( 'Destination="http://idp.example.com/SingleLogoutService.php">\n' ' http://stuff.com/endpoints/metadata.php\n' ' http://idp.example.com/\n' ' \n' ) self.assertIn(expectedFragment, logout_request_generated.get_xml()) logout_request_processed = OneLogin_Saml2_Logout_Request(settings, OneLogin_Saml2_Utils.b64encode(request)) self.assertEqual(request, logout_request_processed.get_xml()) python3-saml-1.12.0/tests/src/OneLogin/saml2_tests/logout_response_test.py000066400000000000000000000441001410551756100267000ustar00rootroot00000000000000# -*- coding: utf-8 -*- # Copyright (c) 2010-2021 OneLogin, Inc. # MIT License import json from os.path import dirname, join, exists import unittest from xml.dom.minidom import parseString from onelogin.saml2 import compat from onelogin.saml2.constants import OneLogin_Saml2_Constants from onelogin.saml2.logout_response import OneLogin_Saml2_Logout_Response from onelogin.saml2.settings import OneLogin_Saml2_Settings from onelogin.saml2.utils import OneLogin_Saml2_Utils from onelogin.saml2.utils import OneLogin_Saml2_XML try: from urllib.parse import urlparse, parse_qs except ImportError: from urlparse import urlparse, parse_qs class OneLogin_Saml2_Logout_Response_Test(unittest.TestCase): data_path = join(dirname(dirname(dirname(dirname(__file__)))), 'data') settings_path = join(dirname(dirname(dirname(dirname(__file__)))), 'settings') # assertRegexpMatches deprecated on python3 def assertRegex(self, text, regexp, msg=None): if hasattr(unittest.TestCase, 'assertRegex'): return super(OneLogin_Saml2_Logout_Response_Test, self).assertRegex(text, regexp, msg) else: return self.assertRegexpMatches(text, regexp, msg) # assertRaisesRegexp deprecated on python3 def assertRaisesRegex(self, exception, regexp, msg=None): if hasattr(unittest.TestCase, 'assertRaisesRegex'): return super(OneLogin_Saml2_Logout_Response_Test, self).assertRaisesRegex(exception, regexp, msg=msg) else: return self.assertRaisesRegexp(exception, regexp) def loadSettingsJSON(self, name='settings1.json'): filename = join(self.settings_path, name) if exists(filename): stream = open(filename, 'r') settings = json.load(stream) stream.close() return settings else: raise Exception('Settings json file does not exist') def file_contents(self, filename): f = open(filename, 'r') content = f.read() f.close() return content def testConstructor(self): """ Tests the OneLogin_Saml2_LogoutResponse Constructor. """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) message = self.file_contents(join(self.data_path, 'logout_responses', 'logout_response_deflated.xml.base64')) response = OneLogin_Saml2_Logout_Response(settings, message) self.assertRegex(compat.to_string(OneLogin_Saml2_XML.to_string(response.document)), 'invalid') request_data = { 'http_host': 'example.com', 'script_name': 'index.html', 'get_data': {} } settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) response = OneLogin_Saml2_Logout_Response(settings, message) self.assertTrue(response.is_valid(request_data)) settings.set_strict(True) response_2 = OneLogin_Saml2_Logout_Response(settings, message) self.assertFalse(response_2.is_valid(request_data)) def testIsInValidRequestId(self): """ Tests the is_valid method of the OneLogin_Saml2_LogoutResponse Case invalid request Id """ request_data = { 'http_host': 'example.com', 'script_name': 'index.html', 'get_data': {} } settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) message = self.file_contents(join(self.data_path, 'logout_responses', 'logout_response_deflated.xml.base64')) plain_message = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(message)) current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data) plain_message = plain_message.replace('http://stuff.com/endpoints/endpoints/sls.php', current_url) message = OneLogin_Saml2_Utils.deflate_and_base64_encode(plain_message) request_id = 'invalid_request_id' settings.set_strict(False) response = OneLogin_Saml2_Logout_Response(settings, message) self.assertTrue(response.is_valid(request_data, request_id)) settings.set_strict(True) response_2 = OneLogin_Saml2_Logout_Response(settings, message) self.assertFalse(response_2.is_valid(request_data, request_id)) self.assertIn('The InResponseTo of the Logout Response:', response_2.get_error()) with self.assertRaisesRegex(Exception, 'The InResponseTo of the Logout Response:'): response_2.is_valid(request_data, request_id, raise_exceptions=True) def testIsInValidIssuer(self): """ Tests the is_valid method of the OneLogin_Saml2_LogoutResponse Case invalid Issuer """ request_data = { 'http_host': 'example.com', 'script_name': 'index.html', 'get_data': {} } settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) message = self.file_contents(join(self.data_path, 'logout_responses', 'logout_response_deflated.xml.base64')) plain_message = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(message)) current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data) plain_message = plain_message.replace('http://stuff.com/endpoints/endpoints/sls.php', current_url) plain_message = plain_message.replace('http://idp.example.com/', 'http://invalid.issuer.example.com') message = OneLogin_Saml2_Utils.deflate_and_base64_encode(plain_message) settings.set_strict(False) response = OneLogin_Saml2_Logout_Response(settings, message) self.assertTrue(response.is_valid(request_data)) settings.set_strict(True) response_2 = OneLogin_Saml2_Logout_Response(settings, message) with self.assertRaisesRegex(Exception, 'Invalid issuer in the Logout Response'): response_2.is_valid(request_data, raise_exceptions=True) def testIsInValidDestination(self): """ Tests the is_valid method of the OneLogin_Saml2_LogoutResponse Case invalid Destination """ request_data = { 'http_host': 'example.com', 'script_name': 'index.html', 'get_data': {} } settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) message = self.file_contents(join(self.data_path, 'logout_responses', 'logout_response_deflated.xml.base64')) settings.set_strict(False) response = OneLogin_Saml2_Logout_Response(settings, message) self.assertTrue(response.is_valid(request_data)) settings.set_strict(True) response_2 = OneLogin_Saml2_Logout_Response(settings, message) with self.assertRaisesRegex(Exception, 'The LogoutResponse was received at'): response_2.is_valid(request_data, raise_exceptions=True) # Empty destination dom = parseString(OneLogin_Saml2_Utils.decode_base64_and_inflate(message)) dom.firstChild.setAttribute('Destination', '') xml = dom.toxml() message_3 = OneLogin_Saml2_Utils.deflate_and_base64_encode(xml) response_3 = OneLogin_Saml2_Logout_Response(settings, message_3) self.assertTrue(response_3.is_valid(request_data)) # No destination dom.firstChild.removeAttribute('Destination') xml = dom.toxml() message_4 = OneLogin_Saml2_Utils.deflate_and_base64_encode(xml) response_4 = OneLogin_Saml2_Logout_Response(settings, message_4) self.assertTrue(response_4.is_valid(request_data)) def testIsValid(self): """ Tests the is_valid method of the OneLogin_Saml2_LogoutResponse """ request_data = { 'http_host': 'example.com', 'script_name': 'index.html', 'get_data': {} } settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) message = self.file_contents(join(self.data_path, 'logout_responses', 'logout_response_deflated.xml.base64')) response = OneLogin_Saml2_Logout_Response(settings, message) self.assertTrue(response.is_valid(request_data)) settings.set_strict(True) response_2 = OneLogin_Saml2_Logout_Response(settings, message) with self.assertRaisesRegex(Exception, 'The LogoutResponse was received at'): response_2.is_valid(request_data, raise_exceptions=True) plain_message = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(message)) current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data) plain_message = plain_message.replace('http://stuff.com/endpoints/endpoints/sls.php', current_url) message_3 = OneLogin_Saml2_Utils.deflate_and_base64_encode(plain_message) response_3 = OneLogin_Saml2_Logout_Response(settings, message_3) self.assertTrue(response_3.is_valid(request_data)) def testIsValidWithCapitalization(self): """ Tests the is_valid method of the OneLogin_Saml2_LogoutResponse """ request_data = { 'http_host': 'exaMPLe.com', 'script_name': 'index.html', 'get_data': {} } settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) message = self.file_contents(join(self.data_path, 'logout_responses', 'logout_response_deflated.xml.base64')) response = OneLogin_Saml2_Logout_Response(settings, message) self.assertTrue(response.is_valid(request_data)) settings.set_strict(True) response_2 = OneLogin_Saml2_Logout_Response(settings, message) with self.assertRaisesRegex(Exception, 'The LogoutResponse was received at'): response_2.is_valid(request_data, raise_exceptions=True) plain_message = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(message)) current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data).lower() plain_message = plain_message.replace('http://stuff.com/endpoints/endpoints/sls.php', current_url) message_3 = OneLogin_Saml2_Utils.deflate_and_base64_encode(plain_message) response_3 = OneLogin_Saml2_Logout_Response(settings, message_3) self.assertTrue(response_3.is_valid(request_data)) def testIsInValidWithCapitalization(self): """ Tests the is_valid method of the OneLogin_Saml2_LogoutResponse """ request_data = { 'http_host': 'example.com', 'script_name': 'INdex.html', 'get_data': {} } settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) message = self.file_contents(join(self.data_path, 'logout_responses', 'logout_response_deflated.xml.base64')) response = OneLogin_Saml2_Logout_Response(settings, message) self.assertTrue(response.is_valid(request_data)) settings.set_strict(True) response_2 = OneLogin_Saml2_Logout_Response(settings, message) with self.assertRaisesRegex(Exception, 'The LogoutResponse was received at'): response_2.is_valid(request_data, raise_exceptions=True) plain_message = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(message)) current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data).lower() plain_message = plain_message.replace('http://stuff.com/endpoints/endpoints/sls.php', current_url) message_3 = OneLogin_Saml2_Utils.deflate_and_base64_encode(plain_message) response_3 = OneLogin_Saml2_Logout_Response(settings, message_3) self.assertFalse(response_3.is_valid(request_data)) def testIsValidWithXMLEncoding(self): """ Tests the is_valid method of the OneLogin_Saml2_LogoutResponse """ request_data = { 'http_host': 'example.com', 'script_name': 'index.html', 'get_data': {} } settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) message = self.file_contents(join(self.data_path, 'logout_responses', 'logout_response_with_encoding_deflated.xml.base64')) response = OneLogin_Saml2_Logout_Response(settings, message) self.assertTrue(response.is_valid(request_data)) settings.set_strict(True) response_2 = OneLogin_Saml2_Logout_Response(settings, message) with self.assertRaisesRegex(Exception, 'The LogoutResponse was received at'): response_2.is_valid(request_data, raise_exceptions=True) plain_message = compat.to_string(OneLogin_Saml2_Utils.decode_base64_and_inflate(message)) current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data) plain_message = plain_message.replace('http://stuff.com/endpoints/endpoints/sls.php', current_url) message_3 = OneLogin_Saml2_Utils.deflate_and_base64_encode(plain_message) response_3 = OneLogin_Saml2_Logout_Response(settings, message_3) self.assertTrue(response_3.is_valid(request_data)) def testIsValidRaisesExceptionWhenRaisesArgumentIsTrue(self): message = OneLogin_Saml2_Utils.deflate_and_base64_encode('invalid') request_data = { 'http_host': 'example.com', 'script_name': 'index.html', 'get_data': {} } settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) settings.set_strict(True) response = OneLogin_Saml2_Logout_Response(settings, message) self.assertFalse(response.is_valid(request_data)) with self.assertRaises(Exception): response.is_valid(request_data, raise_exceptions=True) def testGetXML(self): """ Tests that we can get the logout response XML directly without going through intermediate steps """ response = self.file_contents(join(self.data_path, 'logout_responses', 'logout_response.xml')) settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) logout_response_generated = OneLogin_Saml2_Logout_Response(settings) logout_response_generated.build("InResponseValue") expectedFragment = ( 'Destination="http://idp.example.com/SingleLogoutService.php"\n' ' InResponseTo="InResponseValue">\n' ' http://stuff.com/endpoints/metadata.php\n' ' \n' ' \n' ' \n' '' ) self.assertIn(expectedFragment, logout_response_generated.get_xml()) logout_response_processed = OneLogin_Saml2_Logout_Response(settings, OneLogin_Saml2_Utils.deflate_and_base64_encode(response)) self.assertEqual(response, logout_response_processed.get_xml()) python3-saml-1.12.0/tests/src/OneLogin/saml2_tests/metadata_test.py000066400000000000000000000357611410551756100252460ustar00rootroot00000000000000# -*- coding: utf-8 -*- # Copyright (c) 2010-2021 OneLogin, Inc. # MIT License import json from os.path import dirname, join, exists from time import strftime from datetime import datetime import unittest from onelogin.saml2 import compat from onelogin.saml2.metadata import OneLogin_Saml2_Metadata from onelogin.saml2.settings import OneLogin_Saml2_Settings from onelogin.saml2.constants import OneLogin_Saml2_Constants from onelogin.saml2.utils import OneLogin_Saml2_Utils from onelogin.saml2.xml_utils import OneLogin_Saml2_XML class OneLogin_Saml2_Metadata_Test(unittest.TestCase): def loadSettingsJSON(self, filename='settings1.json'): filename = join(dirname(__file__), '..', '..', '..', 'settings', filename) if exists(filename): stream = open(filename, 'r') settings = json.load(stream) stream.close() return settings else: raise Exception('Settings json file does not exist') def file_contents(self, filename): f = open(filename, 'r') content = f.read() f.close() return content def testBuilder(self): """ Tests the builder method of the OneLogin_Saml2_Metadata """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) sp_data = settings.get_sp_data() security = settings.get_security_data() organization = settings.get_organization() contacts = settings.get_contacts() metadata = OneLogin_Saml2_Metadata.builder( sp_data, security['authnRequestsSigned'], security['wantAssertionsSigned'], None, None, contacts, organization ) self.assertIsNotNone(metadata) self.assertIn('urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified', metadata) self.assertIn('sp_test', metadata) self.assertIn('', metadata) self.assertIn('technical_name', metadata) security['authnRequestsSigned'] = True security['wantAssertionsSigned'] = True del sp_data['singleLogoutService']['url'] metadata2 = OneLogin_Saml2_Metadata.builder( sp_data, security['authnRequestsSigned'], security['wantAssertionsSigned'] ) self.assertIsNotNone(metadata2) self.assertIn('', metadata2) metadata3 = OneLogin_Saml2_Metadata.builder( sp_data, security['authnRequestsSigned'], security['wantAssertionsSigned'], '2014-10-01T11:04:29Z', 'P1Y', contacts, organization ) self.assertIsNotNone(metadata3) self.assertIn(' Test Service Test Service """, metadata) def testBuilderAttributeConsumingServiceWithMultipleAttributeValue(self): settings = OneLogin_Saml2_Settings(self.loadSettingsJSON('settings5.json')) sp_data = settings.get_sp_data() security = settings.get_security_data() organization = settings.get_organization() contacts = settings.get_contacts() metadata = OneLogin_Saml2_Metadata.builder( sp_data, security['authnRequestsSigned'], security['wantAssertionsSigned'], None, None, contacts, organization ) self.assertIn(""" Test Service Test Service userType admin """, metadata) def testSignMetadata(self): """ Tests the signMetadata method of the OneLogin_Saml2_Metadata """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) sp_data = settings.get_sp_data() security = settings.get_security_data() metadata = OneLogin_Saml2_Metadata.builder( sp_data, security['authnRequestsSigned'], security['wantAssertionsSigned'] ) self.assertIsNotNone(metadata) cert_path = settings.get_cert_path() key = self.file_contents(join(cert_path, 'sp.key')) cert = self.file_contents(join(cert_path, 'sp.crt')) signed_metadata = compat.to_string(OneLogin_Saml2_Metadata.sign_metadata(metadata, key, cert)) self.assertTrue(OneLogin_Saml2_Utils.validate_metadata_sign(signed_metadata, cert)) self.assertIn('', signed_metadata) self.assertIn('urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified', signed_metadata) self.assertIn('\n', signed_metadata) self.assertIn('', signed_metadata) self.assertIn('', signed_metadata) self.assertIn('\n\n', signed_metadata) with self.assertRaises(Exception) as context: OneLogin_Saml2_Metadata.sign_metadata('', key, cert) exception = context.exception self.assertIn("Empty string supplied as input", str(exception)) signed_metadata_2 = compat.to_string(OneLogin_Saml2_Metadata.sign_metadata(metadata, key, cert, OneLogin_Saml2_Constants.RSA_SHA256, OneLogin_Saml2_Constants.SHA384)) self.assertTrue(OneLogin_Saml2_Utils.validate_metadata_sign(signed_metadata_2, cert)) self.assertIn('', signed_metadata_2) self.assertIn('urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified', signed_metadata_2) self.assertIn('\n', signed_metadata_2) self.assertIn('', signed_metadata_2) self.assertIn('', signed_metadata_2) self.assertIn('\n\n', signed_metadata_2) root = OneLogin_Saml2_XML.to_etree(signed_metadata_2) first_child = OneLogin_Saml2_XML.query(root, '/md:EntityDescriptor/*[1]')[0] self.assertEqual('{http://www.w3.org/2000/09/xmldsig#}Signature', first_child.tag) def testAddX509KeyDescriptors(self): """ Tests the addX509KeyDescriptors method of the OneLogin_Saml2_Metadata """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) sp_data = settings.get_sp_data() metadata = OneLogin_Saml2_Metadata.builder(sp_data) self.assertNotIn(' something_is_wrong'): response_3.check_status() def testCheckOneCondition(self): """ Tests the check_one_condition method of SamlResponse """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) xml = self.file_contents(join(self.data_path, 'responses', 'invalids', 'no_conditions.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) self.assertFalse(response.check_one_condition()) self.assertTrue(response.is_valid(self.get_request_data())) settings.set_strict(True) response = OneLogin_Saml2_Response(settings, xml) self.assertFalse(response.is_valid(self.get_request_data())) self.assertEqual('The Assertion must include a Conditions element', response.get_error()) xml_2 = self.file_contents(join(self.data_path, 'responses', 'valid_response.xml.base64')) response_2 = OneLogin_Saml2_Response(settings, xml_2) self.assertTrue(response_2.check_one_condition()) def testCheckOneAuthnStatement(self): """ Tests the check_one_authnstatement method of SamlResponse """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) xml = self.file_contents(join(self.data_path, 'responses', 'invalids', 'no_authnstatement.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) self.assertFalse(response.check_one_authnstatement()) self.assertTrue(response.is_valid(self.get_request_data())) settings.set_strict(True) response = OneLogin_Saml2_Response(settings, xml) self.assertFalse(response.is_valid(self.get_request_data())) self.assertEqual('The Assertion must include an AuthnStatement element', response.get_error()) xml_2 = self.file_contents(join(self.data_path, 'responses', 'valid_response.xml.base64')) response_2 = OneLogin_Saml2_Response(settings, xml_2) self.assertTrue(response_2.check_one_authnstatement()) def testGetAudiences(self): """ Tests the get_audiences method of the OneLogin_Saml2_Response """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) xml = self.file_contents(join(self.data_path, 'responses', 'no_audience.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) self.assertEqual([], response.get_audiences()) xml_2 = self.file_contents(join(self.data_path, 'responses', 'response1.xml.base64')) response_2 = OneLogin_Saml2_Response(settings, xml_2) self.assertEqual(['{audience}'], response_2.get_audiences()) xml_3 = self.file_contents(join(self.data_path, 'responses', 'valid_encrypted_assertion.xml.base64')) response_3 = OneLogin_Saml2_Response(settings, xml_3) self.assertEqual(['http://stuff.com/endpoints/metadata.php'], response_3.get_audiences()) def testQueryAssertions(self): """ Tests the __query_assertion and __query methods of the OneLogin_Saml2_Response using the get_issuers call """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) xml = self.file_contents(join(self.data_path, 'responses', 'adfs_response.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) self.assertEqual(['http://login.example.com/issuer'], response.get_issuers()) xml_2 = self.file_contents(join(self.data_path, 'responses', 'valid_encrypted_assertion.xml.base64')) response_2 = OneLogin_Saml2_Response(settings, xml_2) self.assertEqual(['http://idp.example.com/'], response_2.get_issuers()) xml_3 = self.file_contents(join(self.data_path, 'responses', 'double_signed_encrypted_assertion.xml.base64')) response_3 = OneLogin_Saml2_Response(settings, xml_3) self.assertEqual(['http://idp.example.com/', 'https://pitbulk.no-ip.org/simplesaml/saml2/idp/metadata.php'], sorted(response_3.get_issuers())) xml_4 = self.file_contents(join(self.data_path, 'responses', 'double_signed_response.xml.base64')) response_4 = OneLogin_Saml2_Response(settings, xml_4) self.assertEqual(['https://pitbulk.no-ip.org/simplesaml/saml2/idp/metadata.php'], response_4.get_issuers()) xml_5 = self.file_contents(join(self.data_path, 'responses', 'signed_message_encrypted_assertion.xml.base64')) response_5 = OneLogin_Saml2_Response(settings, xml_5) self.assertEqual(['http://idp.example.com/', 'https://pitbulk.no-ip.org/simplesaml/saml2/idp/metadata.php'], sorted(response_5.get_issuers())) xml_6 = self.file_contents(join(self.data_path, 'responses', 'signed_assertion_response.xml.base64')) response_6 = OneLogin_Saml2_Response(settings, xml_6) self.assertEqual(['https://pitbulk.no-ip.org/simplesaml/saml2/idp/metadata.php'], response_6.get_issuers()) xml_7 = self.file_contents(join(self.data_path, 'responses', 'signed_encrypted_assertion.xml.base64')) response_7 = OneLogin_Saml2_Response(settings, xml_7) self.assertEqual(['http://idp.example.com/'], response_7.get_issuers()) def testGetIssuers(self): """ Tests the get_issuers method of the OneLogin_Saml2_Response """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) xml = self.file_contents(join(self.data_path, 'responses', 'adfs_response.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) self.assertEqual(['http://login.example.com/issuer'], response.get_issuers()) xml_2 = self.file_contents(join(self.data_path, 'responses', 'valid_encrypted_assertion.xml.base64')) response_2 = OneLogin_Saml2_Response(settings, xml_2) self.assertEqual(['http://idp.example.com/'], response_2.get_issuers()) xml_3 = self.file_contents(join(self.data_path, 'responses', 'double_signed_encrypted_assertion.xml.base64')) response_3 = OneLogin_Saml2_Response(settings, xml_3) self.assertEqual(['http://idp.example.com/', 'https://pitbulk.no-ip.org/simplesaml/saml2/idp/metadata.php'], sorted(response_3.get_issuers())) xml_4 = self.file_contents(join(self.data_path, 'responses', 'invalids', 'no_issuer_response.xml.base64')) response_4 = OneLogin_Saml2_Response(settings, xml_4) response_4.get_issuers() self.assertEqual(['https://pitbulk.no-ip.org/simplesaml/saml2/idp/metadata.php'], response_4.get_issuers()) xml_5 = self.file_contents(join(self.data_path, 'responses', 'invalids', 'no_issuer_assertion.xml.base64')) response_5 = OneLogin_Saml2_Response(settings, xml_5) with self.assertRaisesRegex(Exception, 'Issuer of the Assertion not found or multiple.'): response_5.get_issuers() def testGetSessionIndex(self): """ Tests the get_session_index method of the OneLogin_Saml2_Response """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) xml = self.file_contents(join(self.data_path, 'responses', 'response1.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) self.assertEqual('_531c32d283bdff7e04e487bcdbc4dd8d', response.get_session_index()) xml_2 = self.file_contents(join(self.data_path, 'responses', 'valid_encrypted_assertion.xml.base64')) response_2 = OneLogin_Saml2_Response(settings, xml_2) self.assertEqual('_7164a9a9f97828bfdb8d0ebc004a05d2e7d873f70c', response_2.get_session_index()) def testGetAttributes(self): """ Tests the get_attributes method of the OneLogin_Saml2_Response """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) xml = self.file_contents(join(self.data_path, 'responses', 'response1.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) expected_attributes = { 'uid': ['demo'], 'another_value': ['value'] } self.assertEqual(expected_attributes, response.get_attributes()) # An assertion that has no attributes should return an empty # array when asked for the attributes xml_2 = self.file_contents(join(self.data_path, 'responses', 'response2.xml.base64')) response_2 = OneLogin_Saml2_Response(settings, xml_2) self.assertEqual({}, response_2.get_attributes()) # Encrypted Attributes are not supported xml_3 = self.file_contents(join(self.data_path, 'responses', 'invalids', 'encrypted_attrs.xml.base64')) response_3 = OneLogin_Saml2_Response(settings, xml_3) self.assertEqual({}, response_3.get_attributes()) # Test retrieving duplicate attributes xml_4 = self.file_contents(join(self.data_path, 'responses', 'response1_with_duplicate_attributes.xml.base64')) response_4 = OneLogin_Saml2_Response(settings, xml_4) with self.assertRaises(OneLogin_Saml2_ValidationError) as duplicate_name_exc: response_4.get_attributes() self.assertIn('Found an Attribute element with duplicated Name', str(duplicate_name_exc.exception)) settings = OneLogin_Saml2_Settings(self.loadSettingsJSON('settings11.json')) expected_attributes = {'another_value': ['value'], 'duplicate_name': ['name1', 'name2'], 'friendly1': ['friendly1'], 'friendly2': ['friendly2'], 'uid': ['demo']} response_5 = OneLogin_Saml2_Response(settings, xml_4) self.assertEqual(expected_attributes, response_5.get_attributes()) def testGetFriendlyAttributes(self): """ Tests the get_friendlyname_attributes method of the OneLogin_Saml2_Response """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) xml = self.file_contents(join(self.data_path, 'responses', 'response1.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) self.assertEqual({}, response.get_friendlyname_attributes()) expected_attributes = { 'username': ['demo'] } xml_2 = self.file_contents(join(self.data_path, 'responses', 'response1_with_friendlyname.xml.base64')) response_2 = OneLogin_Saml2_Response(settings, xml_2) self.assertEqual(expected_attributes, response_2.get_friendlyname_attributes()) xml_3 = self.file_contents(join(self.data_path, 'responses', 'response2.xml.base64')) response_3 = OneLogin_Saml2_Response(settings, xml_3) self.assertEqual({}, response_3.get_friendlyname_attributes()) xml_4 = self.file_contents(join(self.data_path, 'responses', 'invalids', 'encrypted_attrs.xml.base64')) response_4 = OneLogin_Saml2_Response(settings, xml_4) self.assertEqual({}, response_4.get_friendlyname_attributes()) # Test retrieving duplicate attributes xml_5 = self.file_contents(join(self.data_path, 'responses', 'response1_with_duplicate_attributes.xml.base64')) response_5 = OneLogin_Saml2_Response(settings, xml_5) with self.assertRaises(OneLogin_Saml2_ValidationError) as duplicate_name_exc: response_5.get_friendlyname_attributes() self.assertIn('Found an Attribute element with duplicated FriendlyName', str(duplicate_name_exc.exception)) settings = OneLogin_Saml2_Settings(self.loadSettingsJSON('settings11.json')) expected_attributes = { 'username': ['demo'], 'friendlytest': ['friendly1', 'friendly2'] } response_6 = OneLogin_Saml2_Response(settings, xml_5) self.assertEqual(expected_attributes, response_6.get_friendlyname_attributes()) def testGetNestedNameIDAttributes(self): """ Tests the getAttributes method of the OneLogin_Saml2_Response with nested nameID data """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) xml = self.file_contents(join(self.data_path, 'responses', 'response_with_nested_nameid_values.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) expected_attributes = { 'uid': ['demo'], 'another_value': [{ 'NameID': { 'Format': 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', 'NameQualifier': 'https://idpID', 'value': 'value' } }] } self.assertEqual(expected_attributes, response.get_attributes()) expected_attributes = { 'another_friendly_value': [{ 'NameID': { 'Format': 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', 'NameQualifier': 'https://idpID', 'value': 'value' } }] } self.assertEqual(expected_attributes, response.get_friendlyname_attributes()) def testOnlyRetrieveAssertionWithIDThatMatchesSignatureReference(self): """ Tests the get_nameid method of the OneLogin_Saml2_Response The Assertion is unsigned so the method fails """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) xml = self.file_contents(join(self.data_path, 'responses', 'wrapped_response_2.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) with self.assertRaisesRegex(Exception, 'Invalid Signature Element {urn:oasis:names:tc:SAML:2.0:metadata}EntityDescriptor SAML Response rejected'): response.is_valid(self.get_request_data(), raise_exceptions=True) nameid = response.get_nameid() self.assertEqual('root@example.com', nameid) def testDoesNotAllowSignatureWrappingAttack(self): """ Tests the get_nameid method of the OneLogin_Saml2_Response Test that the SignatureWrappingAttack is not allowed """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) xml = self.file_contents(join(self.data_path, 'responses', 'response4.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) self.assertEqual('test@onelogin.com', response.get_nameid()) self.assertFalse(response.is_valid(self.get_request_data())) def testNodeTextAttack(self): """ Tests the get_nameid and get_attributes methods of the OneLogin_Saml2_Response Test that the node text with comment attack (VU#475445) is not allowed """ xml = self.file_contents(join(self.data_path, 'responses', 'response_node_text_attack.xml.base64')) settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) response = OneLogin_Saml2_Response(settings, xml) attributes = response.get_attributes() nameid = response.get_nameid() self.assertEqual("smith", attributes.get('surname')[0]) self.assertEqual('support@onelogin.com', nameid) def testGetSessionNotOnOrAfter(self): """ Tests the get_session_not_on_or_after method of the OneLogin_Saml2_Response """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) xml = self.file_contents(join(self.data_path, 'responses', 'response1.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) self.assertEqual(1290203857, response.get_session_not_on_or_after()) # An assertion that do not specified Session timeout should return NULL xml_2 = self.file_contents(join(self.data_path, 'responses', 'response2.xml.base64')) response_2 = OneLogin_Saml2_Response(settings, xml_2) self.assertEqual(None, response_2.get_session_not_on_or_after()) xml_3 = self.file_contents(join(self.data_path, 'responses', 'valid_encrypted_assertion.xml.base64')) response_3 = OneLogin_Saml2_Response(settings, xml_3) self.assertEqual(2696012228, response_3.get_session_not_on_or_after()) def testGetInResponseTo(self): """ Tests the retrieval of the InResponseTo attribute """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) # Response without an InResponseTo element should return None xml = self.file_contents(join(self.data_path, 'responses', 'response1.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) self.assertIsNone(response.get_in_response_to()) xml_3 = self.file_contents(join(self.data_path, 'responses', 'valid_encrypted_assertion.xml.base64')) response_3 = OneLogin_Saml2_Response(settings, xml_3) self.assertEqual('ONELOGIN_be60b8caf8e9d19b7a3551b244f116c947ff247d', response_3.get_in_response_to()) def testIsInvalidXML(self): """ Tests the is_valid method of the OneLogin_Saml2_Response Case Invalid XML """ message = compat.to_string(OneLogin_Saml2_Utils.b64encode('invalid')) request_data = { 'http_host': 'example.com', 'script_name': 'index.html', 'get_data': {} } settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) response = OneLogin_Saml2_Response(settings, message) response.is_valid(request_data) self.assertEqual('No Signature found. SAML Response rejected', response.get_error()) settings.set_strict(True) response_2 = OneLogin_Saml2_Response(settings, message) self.assertFalse(response_2.is_valid(request_data)) self.assertEqual('Invalid SAML Response. Not match the saml-schema-protocol-2.0.xsd', response_2.get_error()) def testValidateNumAssertions(self): """ Tests the validate_num_assertions method of the OneLogin_Saml2_Response """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) xml = self.file_contents(join(self.data_path, 'responses', 'response1.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) self.assertTrue(response.validate_num_assertions()) xml_multi_assertion = self.file_contents(join(self.data_path, 'responses', 'invalids', 'multiple_assertions.xml.base64')) response_2 = OneLogin_Saml2_Response(settings, xml_multi_assertion) self.assertFalse(response_2.validate_num_assertions()) def testValidateTimestamps(self): """ Tests the validate_timestamps method of the OneLogin_Saml2_Response """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) xml = self.file_contents(join(self.data_path, 'responses', 'valid_response.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) self.assertTrue(response.validate_timestamps()) xml_2 = self.file_contents(join(self.data_path, 'responses', 'valid_encrypted_assertion.xml.base64')) response_2 = OneLogin_Saml2_Response(settings, xml_2) self.assertTrue(response_2.validate_timestamps()) xml_3 = self.file_contents(join(self.data_path, 'responses', 'expired_response.xml.base64')) response_3 = OneLogin_Saml2_Response(settings, xml_3) self.assertFalse(response_3.validate_timestamps()) xml_4 = self.file_contents(join(self.data_path, 'responses', 'invalids', 'not_after_failed.xml.base64')) response_4 = OneLogin_Saml2_Response(settings, xml_4) self.assertFalse(response_4.validate_timestamps()) xml_5 = self.file_contents(join(self.data_path, 'responses', 'invalids', 'not_before_failed.xml.base64')) response_5 = OneLogin_Saml2_Response(settings, xml_5) self.assertFalse(response_5.validate_timestamps()) def testValidateVersion(self): """ Tests the is_valid method of the OneLogin_Saml2_Response Case invalid version """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) xml = self.file_contents(join(self.data_path, 'responses', 'invalids', 'no_saml2.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) with self.assertRaisesRegex(Exception, 'Unsupported SAML version'): response.is_valid(self.get_request_data(), raise_exceptions=True) def testValidateID(self): """ Tests the is_valid method of the OneLogin_Saml2_Response Case invalid no ID """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) xml = self.file_contents(join(self.data_path, 'responses', 'invalids', 'no_id.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) with self.assertRaisesRegex(Exception, 'Missing ID attribute on SAML Response'): response.is_valid(self.get_request_data(), raise_exceptions=True) def testIsInValidReference(self): """ Tests the is_valid method of the OneLogin_Saml2_Response Case invalid reference """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) xml = self.file_contents(join(self.data_path, 'responses', 'response1.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) self.assertFalse(response.is_valid(self.get_request_data())) self.assertEqual('Signature validation failed. SAML Response rejected', response.get_error()) with self.assertRaisesRegex(Exception, 'Signature validation failed. SAML Response rejected'): response.is_valid(self.get_request_data(), raise_exceptions=True) def testIsInValidExpired(self): """ Tests the is_valid method of the OneLogin_Saml2_Response Case expired response """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) xml = self.file_contents(join(self.data_path, 'responses', 'expired_response.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) response.is_valid(self.get_request_data()) self.assertEqual('No Signature found. SAML Response rejected', response.get_error()) settings.set_strict(True) response_2 = OneLogin_Saml2_Response(settings, xml) with self.assertRaisesRegex(Exception, 'Could not validate timestamp: expired. Check system clock.'): response_2.is_valid(self.get_request_data(), raise_exceptions=True) def testIsInValidNoStatement(self): """ Tests the is_valid method of the OneLogin_Saml2_Response Case no statement """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) xml = self.file_contents(join(self.data_path, 'responses', 'invalids', 'no_signature.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) response.is_valid(self.get_request_data()) self.assertEqual('No Signature found. SAML Response rejected', response.get_error()) settings.set_strict(True) response_2 = OneLogin_Saml2_Response(settings, xml) self.assertFalse(response_2.is_valid(self.get_request_data())) self.assertEqual('There is no AttributeStatement on the Response', response_2.get_error()) def testIsValidOptionalStatement(self): """ Tests the is_valid method of the OneLogin_Saml2_Response Case AttributeStatement is optional """ # shortcut json_settings = self.loadSettingsJSON() settings = OneLogin_Saml2_Settings(json_settings) settings.set_strict(True) # want AttributeStatement True by default self.assertTrue(settings.get_security_data()['wantAttributeStatement']) xml = self.file_contents(join(self.data_path, 'responses', 'invalids', 'signed_assertion_response.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) self.assertFalse(response.is_valid(self.get_request_data())) self.assertEqual('There is no AttributeStatement on the Response', response.get_error()) # change wantAttributeStatement to optional json_settings['security']['wantAttributeStatement'] = False settings = OneLogin_Saml2_Settings(json_settings) # check settings self.assertFalse(settings.get_security_data()['wantAttributeStatement']) response = OneLogin_Saml2_Response(settings, xml) response.is_valid(self.get_request_data()) self.assertNotEqual('There is no AttributeStatement on the Response', response.get_error()) self.assertEqual('Signature validation failed. SAML Response rejected', response.get_error()) def testIsInValidNoKey(self): """ Tests the is_valid method of the OneLogin_Saml2_Response Case no key """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) xml = self.file_contents(join(self.data_path, 'responses', 'invalids', 'no_key.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) with self.assertRaisesRegex(Exception, 'Signature validation failed. SAML Response rejected'): response.is_valid(self.get_request_data(), raise_exceptions=True) def testIsInValidMultipleAssertions(self): """ Tests the is_valid method of the OneLogin_Saml2_Response Case invalid multiple assertions """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) xml = self.file_contents(join(self.data_path, 'responses', 'invalids', 'multiple_assertions.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) with self.assertRaisesRegex(Exception, 'SAML Response must contain 1 assertion'): response.is_valid(self.get_request_data(), raise_exceptions=True) def testIsInValidEncAttrs(self): """ Tests the is_valid method of the OneLogin_Saml2_Response Case invalid Encrypted Attrs """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) xml = self.file_contents(join(self.data_path, 'responses', 'invalids', 'encrypted_attrs.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) response.is_valid(self.get_request_data()) self.assertEqual('No Signature found. SAML Response rejected', response.get_error()) settings.set_strict(True) response_2 = OneLogin_Saml2_Response(settings, xml) with self.assertRaisesRegex(Exception, 'There is an EncryptedAttribute in the Response and this SP not support them'): response_2.is_valid(self.get_request_data(), raise_exceptions=True) def testIsInValidDuplicatedAttrs(self): """ Tests the getAttributes method of the OneLogin_Saml2_Response Case duplicated Attrs """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) xml = self.file_contents(join(self.data_path, 'responses', 'invalids', 'duplicated_attributes.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) with self.assertRaisesRegex(Exception, 'Found an Attribute element with duplicated Name'): response.get_attributes() def testIsInValidDestination(self): """ Tests the is_valid method of the OneLogin_Saml2_Response class Case Invalid Response, Invalid Destination """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) message = self.file_contents(join(self.data_path, 'responses', 'unsigned_response.xml.base64')) response = OneLogin_Saml2_Response(settings, message) response.is_valid(self.get_request_data()) self.assertEqual('No Signature found. SAML Response rejected', response.get_error()) settings.set_strict(True) response_2 = OneLogin_Saml2_Response(settings, message) self.assertFalse(response_2.is_valid(self.get_request_data())) self.assertIn('The response was received at', response_2.get_error()) # Empty Destination dom = parseString(b64decode(message)) dom.firstChild.setAttribute('Destination', '') message_2 = OneLogin_Saml2_Utils.b64encode(dom.toxml()) response_3 = OneLogin_Saml2_Response(settings, message_2) self.assertFalse(response_3.is_valid(self.get_request_data())) self.assertIn('The response has an empty Destination value', response_3.get_error()) message_3 = self.file_contents(join(self.data_path, 'responses', 'invalids', 'empty_destination.xml.base64')) response_4 = OneLogin_Saml2_Response(settings, message_3) self.assertFalse(response_4.is_valid(self.get_request_data())) self.assertEqual('The response has an empty Destination value', response_4.get_error()) # No Destination dom.firstChild.removeAttribute('Destination') message_4 = OneLogin_Saml2_Utils.b64encode(dom.toxml()) response_5 = OneLogin_Saml2_Response(settings, message_4) self.assertFalse(response_5.is_valid(self.get_request_data())) self.assertIn('A valid SubjectConfirmation was not found on this Response', response_5.get_error()) settings.set_strict(True) response_2 = OneLogin_Saml2_Response(settings, message) self.assertFalse(response_2.is_valid(self.get_request_data())) self.assertIn('The response was received at', response_2.get_error()) def testIsInValidDestinationCapitalizationOfElements(self): """ Tests the is_valid method of the OneLogin_Saml2_Response class Case Invalid Response due to differences in capitalization of path """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) message = self.file_contents(join(self.data_path, 'responses', 'unsigned_response.xml.base64')) # Test path capitalized settings.set_strict(True) response = OneLogin_Saml2_Response(settings, message) self.assertFalse(response.is_valid(self.get_request_data_path_capitalized())) self.assertIn('The response was received at', response.get_error()) # Test both domain and path capitalized response_2 = OneLogin_Saml2_Response(settings, message) self.assertFalse(response_2.is_valid(self.get_request_data_both_capitalized())) self.assertIn('The response was received at', response_2.get_error()) def testIsValidDestinationCapitalizationOfHost(self): """ Tests the is_valid method of the OneLogin_Saml2_Response class Case Valid Response, even if host is differently capitalized (per RFC) """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) message = self.file_contents(join(self.data_path, 'responses', 'unsigned_response.xml.base64')) # Test domain capitalized settings.set_strict(True) response = OneLogin_Saml2_Response(settings, message) self.assertFalse(response.is_valid(self.get_request_data_domain_capitalized())) self.assertNotIn('The response was received at', response.get_error()) # Assert we got past the destination check, which appears later self.assertIn('A valid SubjectConfirmation was not found', response.get_error()) def testIsInValidAudience(self): """ Tests the is_valid method of the OneLogin_Saml2_Response class Case Invalid Response, Invalid Audience """ request_data = { 'http_host': 'stuff.com', 'script_name': '/endpoints/endpoints/acs.php', } settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) message = self.file_contents(join(self.data_path, 'responses', 'invalids', 'invalid_audience.xml.base64')) response = OneLogin_Saml2_Response(settings, message) response.is_valid(request_data) self.assertEqual('No Signature found. SAML Response rejected', response.get_error()) settings.set_strict(True) response_2 = OneLogin_Saml2_Response(settings, message) self.assertFalse(response_2.is_valid(request_data)) self.assertIn('is not a valid audience for this Response', response_2.get_error()) def testIsInValidAuthenticationContext(self): """ Tests that requestedAuthnContext, when set, is compared against the response AuthnContext, which is what you use for two-factor authentication. Without this check you can get back a valid response that didn't complete the two-factor step. """ request_data = self.get_request_data() message = self.file_contents(join(self.data_path, 'responses', 'valid_response.xml.base64')) two_factor_context = 'urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken' password_context = 'urn:oasis:names:tc:SAML:2.0:ac:classes:Password' settings_dict = self.loadSettingsJSON() settings_dict['security']['requestedAuthnContext'] = [two_factor_context] settings_dict['security']['failOnAuthnContextMismatch'] = True settings_dict['strict'] = True settings = OneLogin_Saml2_Settings(settings_dict) # check that we catch when the contexts don't match response = OneLogin_Saml2_Response(settings, message) self.assertFalse(response.is_valid(request_data)) self.assertIn('The AuthnContext "%s" was not a requested context "%s"' % (password_context, two_factor_context), response.get_error()) # now drop in the expected AuthnContextClassRef and see that it passes original_message = compat.to_string(OneLogin_Saml2_Utils.b64decode(message)) two_factor_message = original_message.replace(password_context, two_factor_context) two_factor_message = OneLogin_Saml2_Utils.b64encode(two_factor_message) response = OneLogin_Saml2_Response(settings, two_factor_message) response.is_valid(request_data) # check that we got as far as destination validation, which comes later self.assertIn('The response was received at', response.get_error()) # with the default setting, check that we succeed with our original context settings_dict['security']['requestedAuthnContext'] = True settings = OneLogin_Saml2_Settings(settings_dict) response = OneLogin_Saml2_Response(settings, message) response.is_valid(request_data) self.assertIn('The response was received at', response.get_error()) def testIsInValidIssuer(self): """ Tests the is_valid method of the OneLogin_Saml2_Response class Case Invalid Response, Invalid Issuer """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) request_data = { 'http_host': 'example.com', 'script_name': 'index.html' } current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data) xml = self.file_contents(join(self.data_path, 'responses', 'invalids', 'invalid_issuer_assertion.xml.base64')) plain_message = compat.to_string(OneLogin_Saml2_Utils.b64decode(xml)) plain_message = plain_message.replace('http://stuff.com/endpoints/endpoints/acs.php', current_url) message = OneLogin_Saml2_Utils.b64encode(plain_message) xml_2 = self.file_contents(join(self.data_path, 'responses', 'invalids', 'invalid_issuer_message.xml.base64')) plain_message_2 = compat.to_string(OneLogin_Saml2_Utils.b64decode(xml_2)) plain_message_2 = plain_message_2.replace('http://stuff.com/endpoints/endpoints/acs.php', current_url) message_2 = OneLogin_Saml2_Utils.b64encode(plain_message_2) response = OneLogin_Saml2_Response(settings, message) response.is_valid(request_data) self.assertEqual('No Signature found. SAML Response rejected', response.get_error()) response_2 = OneLogin_Saml2_Response(settings, message_2) response_2.is_valid(request_data) self.assertEqual('No Signature found. SAML Response rejected', response_2.get_error()) settings.set_strict(True) response_3 = OneLogin_Saml2_Response(settings, message) with self.assertRaisesRegex(Exception, 'Invalid issuer in the Assertion/Response'): response_3.is_valid(request_data, raise_exceptions=True) response_4 = OneLogin_Saml2_Response(settings, message_2) with self.assertRaisesRegex(Exception, 'Invalid issuer in the Assertion/Response'): response_4.is_valid(request_data, raise_exceptions=True) def testIsInValidSessionIndex(self): """ Tests the is_valid method of the OneLogin_Saml2_Response class Case Invalid Response, Invalid SessionIndex """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) request_data = { 'http_host': 'example.com', 'script_name': 'index.html' } current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data) xml = self.file_contents(join(self.data_path, 'responses', 'invalids', 'invalid_sessionindex.xml.base64')) plain_message = compat.to_string(OneLogin_Saml2_Utils.b64decode(xml)) plain_message = plain_message.replace('http://stuff.com/endpoints/endpoints/acs.php', current_url) message = OneLogin_Saml2_Utils.b64encode(plain_message) response = OneLogin_Saml2_Response(settings, message) response.is_valid(request_data) self.assertEqual('No Signature found. SAML Response rejected', response.get_error()) settings.set_strict(True) response_2 = OneLogin_Saml2_Response(settings, message) with self.assertRaisesRegex(Exception, 'The attributes have expired, based on the SessionNotOnOrAfter of the AttributeStatement of this Response'): response_2.is_valid(request_data, raise_exceptions=True) def testDatetimeWithMiliseconds(self): """ Tests the is_valid method of the OneLogin_Saml2_Response class Somtimes IdPs uses datetimes with miliseconds, this test is to verify that the toolkit supports them """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) request_data = { 'http_host': 'example.com', 'script_name': 'index.html' } current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data) xml = self.file_contents(join(self.data_path, 'responses', 'unsigned_response_with_miliseconds.xm.base64')) plain_message = compat.to_string(OneLogin_Saml2_Utils.b64decode(xml)) plain_message = plain_message.replace('http://stuff.com/endpoints/endpoints/acs.php', current_url) message = OneLogin_Saml2_Utils.b64encode(plain_message) response = OneLogin_Saml2_Response(settings, message) response.is_valid(request_data) self.assertEqual('No Signature found. SAML Response rejected', response.get_error()) def testIsInValidSubjectConfirmation(self): """ Tests the is_valid method of the OneLogin_Saml2_Response class Case Invalid Response, Invalid SubjectConfirmation """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) request_data = { 'http_host': 'example.com', 'script_name': 'index.html' } current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data) xml = self.file_contents(join(self.data_path, 'responses', 'invalids', 'no_subjectconfirmation_method.xml.base64')) plain_message = compat.to_string(OneLogin_Saml2_Utils.b64decode(xml)) plain_message = plain_message.replace('http://stuff.com/endpoints/endpoints/acs.php', current_url) message = OneLogin_Saml2_Utils.b64encode(plain_message) xml_2 = self.file_contents(join(self.data_path, 'responses', 'invalids', 'no_subjectconfirmation_data.xml.base64')) plain_message_2 = compat.to_string(OneLogin_Saml2_Utils.b64decode(xml_2)) plain_message_2 = plain_message_2.replace('http://stuff.com/endpoints/endpoints/acs.php', current_url) message_2 = OneLogin_Saml2_Utils.b64encode(plain_message_2) xml_3 = self.file_contents(join(self.data_path, 'responses', 'invalids', 'invalid_subjectconfirmation_inresponse.xml.base64')) plain_message_3 = compat.to_string(OneLogin_Saml2_Utils.b64decode(xml_3)) plain_message_3 = plain_message_3.replace('http://stuff.com/endpoints/endpoints/acs.php', current_url) message_3 = OneLogin_Saml2_Utils.b64encode(plain_message_3) xml_4 = self.file_contents(join(self.data_path, 'responses', 'invalids', 'invalid_subjectconfirmation_recipient.xml.base64')) plain_message_4 = compat.to_string(OneLogin_Saml2_Utils.b64decode(xml_4)) plain_message_4 = plain_message_4.replace('http://stuff.com/endpoints/endpoints/acs.php', current_url) message_4 = OneLogin_Saml2_Utils.b64encode(plain_message_4) xml_5 = self.file_contents(join(self.data_path, 'responses', 'invalids', 'invalid_subjectconfirmation_noa.xml.base64')) plain_message_5 = compat.to_string(OneLogin_Saml2_Utils.b64decode(xml_5)) plain_message_5 = plain_message_5.replace('http://stuff.com/endpoints/endpoints/acs.php', current_url) message_5 = OneLogin_Saml2_Utils.b64encode(plain_message_5) xml_6 = self.file_contents(join(self.data_path, 'responses', 'invalids', 'invalid_subjectconfirmation_nb.xml.base64')) plain_message_6 = compat.to_string(OneLogin_Saml2_Utils.b64decode(xml_6)) plain_message_6 = plain_message_6.replace('http://stuff.com/endpoints/endpoints/acs.php', current_url) message_6 = OneLogin_Saml2_Utils.b64encode(plain_message_6) response = OneLogin_Saml2_Response(settings, message) response.is_valid(request_data) self.assertEqual('No Signature found. SAML Response rejected', response.get_error()) response_2 = OneLogin_Saml2_Response(settings, message_2) response_2.is_valid(request_data) self.assertEqual('No Signature found. SAML Response rejected', response_2.get_error()) response_3 = OneLogin_Saml2_Response(settings, message_3) response_3.is_valid(request_data) self.assertEqual('No Signature found. SAML Response rejected', response_3.get_error()) response_4 = OneLogin_Saml2_Response(settings, message_4) response_4.is_valid(request_data) self.assertEqual('No Signature found. SAML Response rejected', response_4.get_error()) response_5 = OneLogin_Saml2_Response(settings, message_5) response_5.is_valid(request_data) self.assertEqual('No Signature found. SAML Response rejected', response_5.get_error()) response_6 = OneLogin_Saml2_Response(settings, message_6) response_6.is_valid(request_data) self.assertEqual('No Signature found. SAML Response rejected', response_6.get_error()) settings.set_strict(True) response = OneLogin_Saml2_Response(settings, message) with self.assertRaisesRegex(Exception, 'A valid SubjectConfirmation was not found on this Response'): response.is_valid(request_data, raise_exceptions=True) response_2 = OneLogin_Saml2_Response(settings, message_2) with self.assertRaisesRegex(Exception, 'A valid SubjectConfirmation was not found on this Response'): response_2.is_valid(request_data, raise_exceptions=True) response_3 = OneLogin_Saml2_Response(settings, message_3) with self.assertRaisesRegex(Exception, 'A valid SubjectConfirmation was not found on this Response'): response_3.is_valid(request_data, raise_exceptions=True) response_4 = OneLogin_Saml2_Response(settings, message_4) with self.assertRaisesRegex(Exception, 'A valid SubjectConfirmation was not found on this Response'): response_4.is_valid(request_data, raise_exceptions=True) response_5 = OneLogin_Saml2_Response(settings, message_5) with self.assertRaisesRegex(Exception, 'A valid SubjectConfirmation was not found on this Response'): response_5.is_valid(request_data, raise_exceptions=True) response_6 = OneLogin_Saml2_Response(settings, message_6) with self.assertRaisesRegex(Exception, 'A valid SubjectConfirmation was not found on this Response'): response_6.is_valid(request_data, raise_exceptions=True) def testIsInValidRequestId(self): """ Tests the is_valid method of the OneLogin_Saml2_Response class Case Invalid Response, Invalid requestID """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) request_data = { 'http_host': 'example.com', 'script_name': 'index.html' } current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data) xml = self.file_contents(join(self.data_path, 'responses', 'unsigned_response.xml.base64')) plain_message = compat.to_string(OneLogin_Saml2_Utils.b64decode(xml)) plain_message = plain_message.replace('http://stuff.com/endpoints/endpoints/acs.php', current_url) message = OneLogin_Saml2_Utils.b64encode(plain_message) response = OneLogin_Saml2_Response(settings, message) request_id = 'invalid' response.is_valid(request_data, request_id) self.assertEqual('No Signature found. SAML Response rejected', response.get_error()) settings.set_strict(True) response = OneLogin_Saml2_Response(settings, message) with self.assertRaisesRegex(Exception, 'The InResponseTo of the Response'): response.is_valid(request_data, request_id, raise_exceptions=True) valid_request_id = '_57bcbf70-7b1f-012e-c821-782bcb13bb38' response.is_valid(request_data, valid_request_id) self.assertEqual('No Signature found. SAML Response rejected', response.get_error()) def testIsInValidSignIssues(self): """ Tests the is_valid method of the OneLogin_Saml2_Response class Case Invalid Response, Invalid signing issues """ settings_info = self.loadSettingsJSON() request_data = { 'http_host': 'example.com', 'script_name': 'index.html' } current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data) xml = self.file_contents(join(self.data_path, 'responses', 'unsigned_response.xml.base64')) plain_message = compat.to_string(OneLogin_Saml2_Utils.b64decode(xml)) plain_message = plain_message.replace('http://stuff.com/endpoints/endpoints/acs.php', current_url) message = OneLogin_Saml2_Utils.b64encode(plain_message) settings_info['security']['wantAssertionsSigned'] = False settings = OneLogin_Saml2_Settings(settings_info) response = OneLogin_Saml2_Response(settings, message) response.is_valid(request_data) self.assertEqual('No Signature found. SAML Response rejected', response.get_error()) settings_info['security']['wantAssertionsSigned'] = True settings_2 = OneLogin_Saml2_Settings(settings_info) response_2 = OneLogin_Saml2_Response(settings_2, message) response_2.is_valid(request_data) self.assertEqual('No Signature found. SAML Response rejected', response_2.get_error()) settings_info['strict'] = True settings_info['security']['wantAssertionsSigned'] = False settings_3 = OneLogin_Saml2_Settings(settings_info) response_3 = OneLogin_Saml2_Response(settings_3, message) response_3.is_valid(request_data) self.assertEqual('No Signature found. SAML Response rejected', response_3.get_error()) settings_info['security']['wantAssertionsSigned'] = True settings_4 = OneLogin_Saml2_Settings(settings_info) response_4 = OneLogin_Saml2_Response(settings_4, message) with self.assertRaisesRegex(Exception, 'The Assertion of the Response is not signed and the SP require it'): response_4.is_valid(request_data, raise_exceptions=True) settings_info['security']['wantAssertionsSigned'] = False settings_info['strict'] = False settings_info['security']['wantMessagesSigned'] = False settings_5 = OneLogin_Saml2_Settings(settings_info) response_5 = OneLogin_Saml2_Response(settings_5, message) response_5.is_valid(request_data) self.assertEqual('No Signature found. SAML Response rejected', response_5.get_error()) settings_info['security']['wantMessagesSigned'] = True settings_6 = OneLogin_Saml2_Settings(settings_info) response_6 = OneLogin_Saml2_Response(settings_6, message) response_6.is_valid(request_data) self.assertEqual('No Signature found. SAML Response rejected', response_6.get_error()) settings_info['strict'] = True settings_info['security']['wantMessagesSigned'] = False settings_7 = OneLogin_Saml2_Settings(settings_info) response_7 = OneLogin_Saml2_Response(settings_7, message) response_7.is_valid(request_data) self.assertEqual('No Signature found. SAML Response rejected', response_7.get_error()) settings_info['security']['wantMessagesSigned'] = True settings_8 = OneLogin_Saml2_Settings(settings_info) response_8 = OneLogin_Saml2_Response(settings_8, message) with self.assertRaisesRegex(Exception, 'The Message of the Response is not signed and the SP require it'): response_8.is_valid(request_data, raise_exceptions=True) def testIsInValidEncIssues(self): """ Tests the is_valid method of the OneLogin_Saml2_Response class Case Invalid Response, Invalid encryptation issues """ settings_info = self.loadSettingsJSON() request_data = { 'http_host': 'example.com', 'script_name': 'index.html' } current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data) xml = self.file_contents(join(self.data_path, 'responses', 'unsigned_response.xml.base64')) plain_message = compat.to_string(OneLogin_Saml2_Utils.b64decode(xml)) plain_message = plain_message.replace('http://stuff.com/endpoints/endpoints/acs.php', current_url) message = OneLogin_Saml2_Utils.b64encode(plain_message) settings_info['security']['wantAssertionsEncrypted'] = True settings = OneLogin_Saml2_Settings(settings_info) response = OneLogin_Saml2_Response(settings, message) response.is_valid(request_data) self.assertEqual('No Signature found. SAML Response rejected', response.get_error()) settings_info['strict'] = True settings_info['security']['wantAssertionsEncrypted'] = False settings = OneLogin_Saml2_Settings(settings_info) response_2 = OneLogin_Saml2_Response(settings, message) response_2.is_valid(request_data) self.assertEqual('No Signature found. SAML Response rejected', response_2.get_error()) settings_info['security']['wantAssertionsEncrypted'] = True settings = OneLogin_Saml2_Settings(settings_info) response_3 = OneLogin_Saml2_Response(settings, message) self.assertFalse(response_3.is_valid(request_data)) self.assertEqual('The assertion of the Response is not encrypted and the SP require it', response_3.get_error()) settings_info['security']['wantAssertionsEncrypted'] = False settings_info['security']['wantNameIdEncrypted'] = True settings_info['strict'] = False settings = OneLogin_Saml2_Settings(settings_info) response_4 = OneLogin_Saml2_Response(settings, message) response_4.is_valid(request_data) self.assertEqual('No Signature found. SAML Response rejected', response_4.get_error()) settings_info['strict'] = True settings = OneLogin_Saml2_Settings(settings_info) response_5 = OneLogin_Saml2_Response(settings, message) self.assertFalse(response_5.is_valid(request_data)) self.assertEqual('The NameID of the Response is not encrypted and the SP require it', response_5.get_error()) def testIsInValidEncIssues_2(self): settings_info_2 = self.loadSettingsJSON('settings3.json') settings_info_2['strict'] = True settings_info_2['security']['wantNameIdEncrypted'] = True settings_2 = OneLogin_Saml2_Settings(settings_info_2) request_data = { 'script_name': '', 'request_uri': '?acs', } for separate_port in (False, True): if separate_port: request_data.update({ 'http_host': 'pytoolkit.com', 'server_port': 8000, }) else: request_data.update({ 'http_host': 'pytoolkit.com:8000', }) message_2 = self.file_contents(join(self.data_path, 'responses', 'valid_encrypted_assertion_encrypted_nameid.xml.base64')) response_6 = OneLogin_Saml2_Response(settings_2, message_2) self.assertFalse(response_6.is_valid(request_data)) self.assertEqual('The attributes have expired, based on the SessionNotOnOrAfter of the AttributeStatement of this Response', response_6.get_error()) def testIsInValidCert(self): """ Tests the is_valid method of the OneLogin_Saml2_Response Case invalid cert """ settings_info = self.loadSettingsJSON() settings_info['idp']['x509cert'] = 'NotValidCert' settings = OneLogin_Saml2_Settings(settings_info) xml = self.file_contents(join(self.data_path, 'responses', 'valid_response.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) with self.assertRaisesRegex(Exception, 'Signature validation failed. SAML Response rejected'): response.is_valid(self.get_request_data(), raise_exceptions=True) def testIsInValidCert2(self): """ Tests the is_valid method of the OneLogin_Saml2_Response Case invalid cert2 """ settings_info = self.loadSettingsJSON() settings_info['idp']['x509cert'] = 'MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=' settings = OneLogin_Saml2_Settings(settings_info) xml = self.file_contents(join(self.data_path, 'responses', 'valid_response.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) self.assertFalse(response.is_valid(self.get_request_data())) def testIsValid(self): """ Tests the is_valid method of the OneLogin_Saml2_Response Case valid unsigned response """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) xml = self.file_contents(join(self.data_path, 'responses', 'valid_unsigned_response.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) response.is_valid(self.get_request_data()) self.assertEqual('No Signature found. SAML Response rejected', response.get_error()) def testIsValid2(self): """ Tests the is_valid method of the OneLogin_Saml2_Response Case valid response2 """ settings_info = self.loadSettingsJSON() settings = OneLogin_Saml2_Settings(settings_info) # expired cert xml = self.file_contents(join(self.data_path, 'responses', 'valid_response.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) self.assertTrue(response.is_valid(self.get_request_data())) settings_info_2 = self.loadSettingsJSON('settings2.json') settings_2 = OneLogin_Saml2_Settings(settings_info_2) xml_2 = self.file_contents(join(self.data_path, 'responses', 'valid_response2.xml.base64')) response_2 = OneLogin_Saml2_Response(settings_2, xml_2) self.assertTrue(response_2.is_valid(self.get_request_data())) settings_info_3 = self.loadSettingsJSON('settings10.json') idp_cert = OneLogin_Saml2_Utils.format_cert(settings_info_3['idp']['x509cert']) settings_info_3['idp']['certFingerprint'] = OneLogin_Saml2_Utils.calculate_x509_fingerprint(idp_cert) settings_info_3['idp']['x509cert'] = '' settings_3 = OneLogin_Saml2_Settings(settings_info_3) response_3 = OneLogin_Saml2_Response(settings_3, xml_2) self.assertTrue(response_3.is_valid(self.get_request_data())) settings_info_3['idp']['certFingerprintAlgorithm'] = 'sha1' settings_4 = OneLogin_Saml2_Settings(settings_info_3) response_4 = OneLogin_Saml2_Response(settings_4, xml_2) self.assertTrue(response_4.is_valid(self.get_request_data())) settings_info_3['idp']['certFingerprintAlgorithm'] = 'sha256' settings_5 = OneLogin_Saml2_Settings(settings_info_3) response_5 = OneLogin_Saml2_Response(settings_5, xml_2) self.assertFalse(response_5.is_valid(self.get_request_data())) settings_info_3['idp']['certFingerprint'] = OneLogin_Saml2_Utils.calculate_x509_fingerprint(idp_cert, 'sha256') settings_6 = OneLogin_Saml2_Settings(settings_info_3) response_6 = OneLogin_Saml2_Response(settings_6, xml_2) self.assertTrue(response_6.is_valid(self.get_request_data())) def testIsValidEnc(self): """ Tests the is_valid method of the OneLogin_Saml2_Response Case valid encrypted assertion Signed data can't be modified, so Destination will always fail in strict mode """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) # expired cert xml = self.file_contents(join(self.data_path, 'responses', 'double_signed_encrypted_assertion.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) self.assertTrue(response.is_valid(self.get_request_data())) xml_2 = self.file_contents(join(self.data_path, 'responses', 'signed_encrypted_assertion.xml.base64')) response_2 = OneLogin_Saml2_Response(settings, xml_2) self.assertTrue(response_2.is_valid(self.get_request_data())) xml_3 = self.file_contents(join(self.data_path, 'responses', 'signed_message_encrypted_assertion.xml.base64')) response_3 = OneLogin_Saml2_Response(settings, xml_3) self.assertTrue(response_3.is_valid(self.get_request_data())) settings_2 = OneLogin_Saml2_Settings(self.loadSettingsJSON('settings2.json')) xml_4 = self.file_contents(join(self.data_path, 'responses', 'double_signed_encrypted_assertion2.xml.base64')) response_4 = OneLogin_Saml2_Response(settings_2, xml_4) self.assertTrue(response_4.is_valid(self.get_request_data())) xml_5 = self.file_contents(join(self.data_path, 'responses', 'signed_encrypted_assertion2.xml.base64')) response_5 = OneLogin_Saml2_Response(settings_2, xml_5) self.assertTrue(response_5.is_valid(self.get_request_data())) xml_6 = self.file_contents(join(self.data_path, 'responses', 'signed_message_encrypted_assertion2.xml.base64')) response_6 = OneLogin_Saml2_Response(settings_2, xml_6) self.assertTrue(response_6.is_valid(self.get_request_data())) settings.set_strict(True) xml_7 = self.file_contents(join(self.data_path, 'responses', 'valid_encrypted_assertion.xml.base64')) # In order to avoid the destination problem plain_message = compat.to_string(OneLogin_Saml2_Utils.b64decode(xml_7)) request_data = { 'http_host': 'example.com', 'script_name': 'index.html' } current_url = OneLogin_Saml2_Utils.get_self_url_no_query(request_data) plain_message = plain_message.replace('http://stuff.com/endpoints/endpoints/acs.php', current_url) message = compat.to_string(OneLogin_Saml2_Utils.b64encode(plain_message)) response_7 = OneLogin_Saml2_Response(settings, message) response_7.is_valid(request_data) self.assertEqual('No Signature found. SAML Response rejected', response_7.get_error()) def testIsValidSign(self): """ Tests the is_valid method of the OneLogin_Saml2_Response Case valid sign response / sign assertion / both signed Strict mode will always fail due destination problem, if we manipulate it the sign will fail. """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) # expired cert xml = self.file_contents(join(self.data_path, 'responses', 'signed_message_response.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) self.assertTrue(response.is_valid(self.get_request_data())) xml_2 = self.file_contents(join(self.data_path, 'responses', 'signed_assertion_response.xml.base64')) response_2 = OneLogin_Saml2_Response(settings, xml_2) self.assertTrue(response_2.is_valid(self.get_request_data())) xml_3 = self.file_contents(join(self.data_path, 'responses', 'double_signed_response.xml.base64')) response_3 = OneLogin_Saml2_Response(settings, xml_3) self.assertTrue(response_3.is_valid(self.get_request_data())) settings_2 = OneLogin_Saml2_Settings(self.loadSettingsJSON('settings2.json')) xml_4 = self.file_contents(join(self.data_path, 'responses', 'signed_message_response2.xml.base64')) response_4 = OneLogin_Saml2_Response(settings_2, xml_4) self.assertTrue(response_4.is_valid(self.get_request_data())) xml_5 = self.file_contents(join(self.data_path, 'responses', 'signed_assertion_response2.xml.base64')) response_5 = OneLogin_Saml2_Response(settings_2, xml_5) self.assertTrue(response_5.is_valid(self.get_request_data())) xml_6 = self.file_contents(join(self.data_path, 'responses', 'double_signed_response2.xml.base64')) response_6 = OneLogin_Saml2_Response(settings_2, xml_6) self.assertTrue(response_6.is_valid(self.get_request_data())) dom = parseString(b64decode(xml_4)) dom.firstChild.firstChild.firstChild.nodeValue = 'https://example.com/other-idp' xml_7 = OneLogin_Saml2_Utils.b64encode(dom.toxml()) response_7 = OneLogin_Saml2_Response(settings, xml_7) # Modified message self.assertFalse(response_7.is_valid(self.get_request_data())) dom_2 = parseString(OneLogin_Saml2_Utils.b64decode(xml_5)) dom_2.firstChild.firstChild.firstChild.nodeValue = 'https://example.com/other-idp' xml_8 = OneLogin_Saml2_Utils.b64encode(dom_2.toxml()) response_8 = OneLogin_Saml2_Response(settings, xml_8) # Modified message self.assertFalse(response_8.is_valid(self.get_request_data())) dom_3 = parseString(OneLogin_Saml2_Utils.b64decode(xml_6)) dom_3.firstChild.firstChild.firstChild.nodeValue = 'https://example.com/other-idp' xml_9 = OneLogin_Saml2_Utils.b64encode(dom_3.toxml()) response_9 = OneLogin_Saml2_Response(settings, xml_9) # Modified message self.assertFalse(response_9.is_valid(self.get_request_data())) def testIsValidSignFingerprint(self): """ Tests the is_valid method of the OneLogin_Saml2_Response Case valid sign response / sign assertion / both signed with fingerprint Strict mode will always fail due destination problem, if we manipulate it the sign will fail. """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON("settings6.json")) # expired cert xml = self.file_contents(join(self.data_path, 'responses', 'signed_message_response.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) self.assertTrue(response.is_valid(self.get_request_data())) xml_2 = self.file_contents(join(self.data_path, 'responses', 'signed_assertion_response.xml.base64')) response_2 = OneLogin_Saml2_Response(settings, xml_2) self.assertTrue(response_2.is_valid(self.get_request_data())) xml_3 = self.file_contents(join(self.data_path, 'responses', 'double_signed_response.xml.base64')) response_3 = OneLogin_Saml2_Response(settings, xml_3) self.assertTrue(response_3.is_valid(self.get_request_data())) settings_2 = OneLogin_Saml2_Settings(self.loadSettingsJSON('settings2.json')) xml_4 = self.file_contents(join(self.data_path, 'responses', 'signed_message_response2.xml.base64')) response_4 = OneLogin_Saml2_Response(settings_2, xml_4) self.assertTrue(response_4.is_valid(self.get_request_data())) xml_5 = self.file_contents(join(self.data_path, 'responses', 'signed_assertion_response2.xml.base64')) response_5 = OneLogin_Saml2_Response(settings_2, xml_5) self.assertTrue(response_5.is_valid(self.get_request_data())) xml_6 = self.file_contents(join(self.data_path, 'responses', 'double_signed_response2.xml.base64')) response_6 = OneLogin_Saml2_Response(settings_2, xml_6) self.assertTrue(response_6.is_valid(self.get_request_data())) dom = parseString(b64decode(xml_4)) dom.firstChild.firstChild.firstChild.nodeValue = 'https://example.com/other-idp' xml_7 = OneLogin_Saml2_Utils.b64encode(dom.toxml()) response_7 = OneLogin_Saml2_Response(settings, xml_7) # Modified message self.assertFalse(response_7.is_valid(self.get_request_data())) dom_2 = parseString(OneLogin_Saml2_Utils.b64decode(xml_5)) dom_2.firstChild.firstChild.firstChild.nodeValue = 'https://example.com/other-idp' xml_8 = OneLogin_Saml2_Utils.b64encode(dom_2.toxml()) response_8 = OneLogin_Saml2_Response(settings, xml_8) # Modified message self.assertFalse(response_8.is_valid(self.get_request_data())) dom_3 = parseString(OneLogin_Saml2_Utils.b64decode(xml_6)) dom_3.firstChild.firstChild.firstChild.nodeValue = 'https://example.com/other-idp' xml_9 = OneLogin_Saml2_Utils.b64encode(dom_3.toxml()) response_9 = OneLogin_Saml2_Response(settings, xml_9) # Modified message self.assertFalse(response_9.is_valid(self.get_request_data())) def testMessageSignedIsValidSignWithEmptyReferenceURI(self): settings_info = self.loadSettingsJSON("settings10.json") del settings_info['idp']['x509cert'] settings_info['idp']['certFingerprint'] = "657302a5e11a4794a1e50a705988d66c9377575d" settings = OneLogin_Saml2_Settings(settings_info) xml = self.file_contents(join(self.data_path, 'responses', 'response_without_reference_uri.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) self.assertTrue(response.is_valid(self.get_request_data())) def testAssertionSignedIsValidSignWithEmptyReferenceURI(self): settings_info = self.loadSettingsJSON('settings10.json') del settings_info['idp']['x509cert'] settings_info['idp']['certFingerprint'] = "657302a5e11a4794a1e50a705988d66c9377575d" settings = OneLogin_Saml2_Settings(settings_info) xml = self.file_contents(join(self.data_path, 'responses', 'response_without_assertion_reference_uri.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) self.assertTrue(response.is_valid(self.get_request_data())) def testIsValidWithoutInResponseTo(self): """ If assertion contains InResponseTo but not the Response tag, we should not compare the assertion InResponseTo value to None. """ # prepare strict settings settings_info = self.loadSettingsJSON() settings_info['strict'] = True settings_info['idp']['entityId'] = 'https://pitbulk.no-ip.org/simplesaml/saml2/idp/metadata.php' settings_info['sp']['entityId'] = 'https://pitbulk.no-ip.org/newonelogin/demo1/metadata.php' settings = OneLogin_Saml2_Settings(settings_info) xml = self.file_contents(join(self.data_path, 'responses', 'valid_response_without_inresponseto.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) not_on_or_after = datetime.strptime('2014-02-19T09:37:01Z', '%Y-%m-%dT%H:%M:%SZ') not_on_or_after -= timedelta(seconds=150) with freeze_time(not_on_or_after): self.assertTrue(response.is_valid({ 'https': 'on', 'http_host': 'pitbulk.no-ip.org', 'script_name': 'newonelogin/demo1/index.php?acs' })) def testIsValidRaisesExceptionWhenRaisesArgumentIsTrue(self): """ Tests that the internal exception gets raised if the raise parameter is True. """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) settings.set_strict(True) xml = self.file_contents(join(self.data_path, 'responses', 'invalids', 'no_conditions.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) self.assertFalse(response.is_valid(self.get_request_data())) with self.assertRaises(Exception): response.is_valid(self.get_request_data(), raise_exceptions=True) def testStatusCheckBeforeAssertionCheck(self): """ Tests the status of a response is checked before the assertion count. As failed statuses will have no assertions """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) xml = self.file_contents(join(self.data_path, 'responses', 'invalids', 'status_code_responder.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) with self.assertRaisesRegex(Exception, 'The status code of the Response was not Success, was Responder'): response.is_valid(self.get_request_data(), raise_exceptions=True) def testGetId(self): """ Tests that we can retrieve the ID of the Response """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) xml = self.file_contents(join(self.data_path, 'responses', 'signed_message_response.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) self.assertEqual(response.get_id(), 'pfxc3d2b542-0f7e-8767-8e87-5b0dc6913375') def testGetAssertionId(self): """ Tests that we can retrieve the ID of the Assertion """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) xml = self.file_contents(join(self.data_path, 'responses', 'signed_message_response.xml.base64')) response = OneLogin_Saml2_Response(settings, xml) self.assertEqual(response.get_assertion_id(), '_cccd6024116641fe48e0ae2c51220d02755f96c98d') def testGetAssertionNotOnOrAfter(self): """ Tests that we can retrieve the NotOnOrAfter value of the valid SubjectConfirmationData """ settings_data = self.loadSettingsJSON() request_data = self.get_request_data() settings = OneLogin_Saml2_Settings(settings_data) message = self.file_contents(join(self.data_path, 'responses', 'valid_response.xml.base64')) response = OneLogin_Saml2_Response(settings, message) self.assertIsNone(response.get_assertion_not_on_or_after()) response.is_valid(request_data) self.assertIsNone(response.get_error()) self.assertIsNone(response.get_assertion_not_on_or_after()) settings_data['strict'] = True settings = OneLogin_Saml2_Settings(settings_data) response = OneLogin_Saml2_Response(settings, message) response.is_valid(request_data) self.assertNotEqual(response.get_error(), None) self.assertIsNone(response.get_assertion_not_on_or_after()) request_data['https'] = 'on' request_data['http_host'] = 'pitbulk.no-ip.org' request_data['script_name'] = '/newonelogin/demo1/index.php?acs' response.is_valid(request_data) self.assertIsNone(response.get_error()) self.assertEqual(response.get_assertion_not_on_or_after(), 2671081021) python3-saml-1.12.0/tests/src/OneLogin/saml2_tests/settings_test.py000066400000000000000000001435701410551756100253240ustar00rootroot00000000000000# -*- coding: utf-8 -*- # Copyright (c) 2010-2021 OneLogin, Inc. # MIT License import json from os.path import dirname, join, exists, sep import unittest from onelogin.saml2 import compat from onelogin.saml2.errors import OneLogin_Saml2_Error from onelogin.saml2.settings import OneLogin_Saml2_Settings from onelogin.saml2.utils import OneLogin_Saml2_Utils class OneLogin_Saml2_Settings_Test(unittest.TestCase): data_path = join(dirname(dirname(dirname(dirname(__file__)))), 'data') settings_path = join(dirname(dirname(dirname(dirname(__file__)))), 'settings') def loadSettingsJSON(self, name='settings1.json'): filename = join(self.settings_path, name) if exists(filename): stream = open(filename, 'r') settings = json.load(stream) stream.close() return settings else: raise Exception('Settings json file does not exist') def file_contents(self, filename): f = open(filename, 'r') content = f.read() f.close() return content def testLoadSettingsFromDict(self): """ Tests the OneLogin_Saml2_Settings Constructor. Case load setting from dict """ settings_info = self.loadSettingsJSON() settings = OneLogin_Saml2_Settings(settings_info) self.assertEqual(len(settings.get_errors()), 0) del settings_info['contactPerson'] del settings_info['organization'] settings = OneLogin_Saml2_Settings(settings_info) self.assertEqual(len(settings.get_errors()), 0) del settings_info['security'] settings = OneLogin_Saml2_Settings(settings_info) self.assertEqual(len(settings.get_errors()), 0) del settings_info['sp']['NameIDFormat'] del settings_info['idp']['x509cert'] settings_info['idp']['certFingerprint'] = 'afe71c28ef740bc87425be13a2263d37971daA1f9' settings = OneLogin_Saml2_Settings(settings_info) self.assertEqual(len(settings.get_errors()), 0) settings_info['idp']['singleSignOnService']['url'] = 'invalid_url' try: settings_2 = OneLogin_Saml2_Settings(settings_info) self.assertNotEqual(len(settings_2.get_errors()), 0) except Exception as e: self.assertIn('Invalid dict settings: idp_sso_url_invalid', str(e)) settings_info['idp']['singleSignOnService']['url'] = 'http://invalid_domain' try: settings_3 = OneLogin_Saml2_Settings(settings_info) self.assertNotEqual(len(settings_3.get_errors()), 0) except Exception as e: self.assertIn('Invalid dict settings: idp_sso_url_invalid', str(e)) settings_info['idp']['singleSignOnService']['url'] = 'http://single-label-domain' settings_info['security'] = {} settings_info['security']['allowSingleLabelDomains'] = True settings_4 = OneLogin_Saml2_Settings(settings_info) self.assertEqual(len(settings_4.get_errors()), 0) del settings_info['security'] del settings_info['sp'] del settings_info['idp'] try: settings_5 = OneLogin_Saml2_Settings(settings_info) self.assertNotEqual(len(settings_5.get_errors()), 0) except Exception as e: self.assertIn('Invalid dict settings', str(e)) self.assertIn('idp_not_found', str(e)) self.assertIn('sp_not_found', str(e)) settings_info = self.loadSettingsJSON() settings_info['security']['authnRequestsSigned'] = True settings_info['custom_base_path'] = dirname(__file__) try: settings_6 = OneLogin_Saml2_Settings(settings_info) self.assertNotEqual(len(settings_6.get_errors()), 0) except Exception as e: self.assertIn('Invalid dict settings: sp_cert_not_found_and_required', str(e)) settings_info = self.loadSettingsJSON() settings_info['security']['nameIdEncrypted'] = True del settings_info['idp']['x509cert'] try: settings_7 = OneLogin_Saml2_Settings(settings_info) self.assertNotEqual(len(settings_7.get_errors()), 0) except Exception as e: self.assertIn('Invalid dict settings: idp_cert_not_found_and_required', str(e)) def testLoadSettingsFromInvalidData(self): """ Tests the OneLogin_Saml2_Settings Constructor. Case load setting """ invalid_settings = ('param1', 'param2') try: OneLogin_Saml2_Settings(invalid_settings) self.assertTrue(False) except Exception as e: self.assertIn('Unsupported settings object', str(e)) settings = OneLogin_Saml2_Settings(custom_base_path=self.settings_path) self.assertEqual(len(settings.get_errors()), 0) def testLoadSettingsFromFile(self): """ Tests the OneLogin_Saml2_Settings Constructor. Case load setting from file """ custom_base_path = join(dirname(__file__), '..', '..', '..', 'settings') settings = OneLogin_Saml2_Settings(custom_base_path=custom_base_path) self.assertEqual(len(settings.get_errors()), 0) custom_base_path = dirname(__file__) try: OneLogin_Saml2_Settings(custom_base_path=custom_base_path) except Exception as e: self.assertIn('Settings file not found', str(e)) custom_base_path = join(dirname(__file__), '..', '..', '..', 'data', 'customPath') settings_3 = OneLogin_Saml2_Settings(custom_base_path=custom_base_path) self.assertEqual(len(settings_3.get_errors()), 0) def testGetCertPath(self): """ Tests getCertPath method of the OneLogin_Saml2_Settings """ settings = OneLogin_Saml2_Settings(custom_base_path=self.settings_path) self.assertEqual(self.settings_path + sep + 'certs' + sep, settings.get_cert_path()) def testSetCertPath(self): """ Tests setCertPath method of the OneLogin_Saml2_Settings """ settings = OneLogin_Saml2_Settings(custom_base_path=self.settings_path) self.assertEqual(self.settings_path + sep + 'certs' + sep, settings.get_cert_path()) settings.set_cert_path('/tmp') self.assertEqual('/tmp', settings.get_cert_path()) def testGetLibPath(self): """ Tests getLibPath method of the OneLogin_Saml2_Settings """ settingsInfo = self.loadSettingsJSON() settings = OneLogin_Saml2_Settings(settingsInfo) path = settings.get_base_path() self.assertEqual(settings.get_lib_path(), join(dirname(dirname(dirname(dirname(dirname(__file__))))), 'src/onelogin/saml2/')) self.assertEqual(path, join(dirname(dirname(dirname(dirname(dirname(__file__))))), 'src/onelogin/saml2/../../../tests/data/customPath/')) del settingsInfo['custom_base_path'] settings = OneLogin_Saml2_Settings(settingsInfo) path = settings.get_base_path() self.assertEqual(settings.get_lib_path(), join(dirname(dirname(dirname(dirname(dirname(__file__))))), 'src/onelogin/saml2/')) self.assertEqual(path, join(dirname(dirname(dirname(dirname(dirname(__file__))))), 'src/')) settings = OneLogin_Saml2_Settings(custom_base_path=self.settings_path) path = settings.get_base_path() self.assertEqual(settings.get_lib_path(), join(dirname(dirname(dirname(dirname(dirname(__file__))))), 'src/onelogin/saml2/')) self.assertEqual(path, join(dirname(dirname(dirname(dirname(__file__)))), 'settings/')) def testGetSchemasPath(self): """ Tests getSchemasPath method of the OneLogin_Saml2_Settings """ settingsInfo = self.loadSettingsJSON() settings = OneLogin_Saml2_Settings(settingsInfo) path = settings.get_base_path() self.assertEqual(settings.get_schemas_path(), join(dirname(dirname(dirname(dirname(dirname(__file__))))), 'src/onelogin/saml2/schemas/')) self.assertEqual(path, join(dirname(dirname(dirname(dirname(dirname(__file__))))), 'src/onelogin/saml2/../../../tests/data/customPath/')) del settingsInfo['custom_base_path'] settings = OneLogin_Saml2_Settings(settingsInfo) path = settings.get_base_path() self.assertEqual(settings.get_schemas_path(), join(dirname(dirname(dirname(dirname(dirname(__file__))))), 'src/onelogin/saml2/schemas/')) self.assertEqual(path, join(dirname(dirname(dirname(dirname(dirname(__file__))))), 'src/')) settings = OneLogin_Saml2_Settings(custom_base_path=self.settings_path) path = settings.get_base_path() self.assertEqual(settings.get_schemas_path(), join(dirname(dirname(dirname(dirname(dirname(__file__))))), 'src/onelogin/saml2/schemas/')) self.assertEqual(path, join(dirname(dirname(dirname(dirname(__file__)))), 'settings/')) def testGetIdPSSOurl(self): """ Tests the get_idp_sso_url method of the OneLogin_Saml2_Settings class """ settings_info = self.loadSettingsJSON() settings = OneLogin_Saml2_Settings(settings_info) sso_url = settings_info['idp']['singleSignOnService']['url'] self.assertEqual(settings.get_idp_sso_url(), sso_url) def testGetIdPSLOurl(self): """ Tests the get_idp_slo_url method of the OneLogin_Saml2_Settings class """ settings_info = self.loadSettingsJSON() settings = OneLogin_Saml2_Settings(settings_info) slo_url = settings_info['idp']['singleLogoutService']['url'] self.assertEqual(settings.get_idp_slo_url(), slo_url) def testGetIdPSLOresponseUrl(self): """ Tests the get_idp_slo_response_url method of the OneLogin_Saml2_Settings class """ settings_info = self.loadSettingsJSON() settings_info['idp']['singleLogoutService']['responseUrl'] = "http://idp.example.com/SingleLogoutReturn.php" settings = OneLogin_Saml2_Settings(settings_info) slo_url = settings_info['idp']['singleLogoutService']['responseUrl'] self.assertEqual(settings.get_idp_slo_response_url(), slo_url) # test that the function falls back to the url setting if responseUrl is not set settings_info['idp']['singleLogoutService'].pop('responseUrl') settings = OneLogin_Saml2_Settings(settings_info) slo_url = settings_info['idp']['singleLogoutService']['url'] self.assertEqual(settings.get_idp_slo_response_url(), slo_url) def testGetSPCert(self): """ Tests the get_sp_cert method of the OneLogin_Saml2_Settings """ settings_data = self.loadSettingsJSON() cert = "-----BEGIN CERTIFICATE-----\nMIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMC\nTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYD\nVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG\n9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4\nMTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xi\nZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2Zl\naWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5v\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LO\nNoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHIS\nKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d\n1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8\nBUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7n\nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2Qar\nQ4/67OZfHd7R+POBXhophSMv1ZOo\n-----END CERTIFICATE-----\n" settings = OneLogin_Saml2_Settings(settings_data) self.assertEqual(cert, settings.get_sp_cert()) cert_2 = "-----BEGIN CERTIFICATE-----\nMIICbDCCAdWgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBTMQswCQYDVQQGEwJ1czET\nMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRgwFgYD\nVQQDDA9pZHAuZXhhbXBsZS5jb20wHhcNMTQwOTIzMTIyNDA4WhcNNDIwMjA4MTIy\nNDA4WjBTMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UE\nCgwMT25lbG9naW4gSW5jMRgwFgYDVQQDDA9pZHAuZXhhbXBsZS5jb20wgZ8wDQYJ\nKoZIhvcNAQEBBQADgY0AMIGJAoGBAOWA+YHU7cvPOrBOfxCscsYTJB+kH3MaA9BF\nrSHFS+KcR6cw7oPSktIJxUgvDpQbtfNcOkE/tuOPBDoech7AXfvH6d7Bw7xtW8PP\nJ2mB5Hn/HGW2roYhxmfh3tR5SdwN6i4ERVF8eLkvwCHsNQyK2Ref0DAJvpBNZMHC\npS24916/AgMBAAGjUDBOMB0GA1UdDgQWBBQ77/qVeiigfhYDITplCNtJKZTM8DAf\nBgNVHSMEGDAWgBQ77/qVeiigfhYDITplCNtJKZTM8DAMBgNVHRMEBTADAQH/MA0G\nCSqGSIb3DQEBDQUAA4GBAJO2j/1uO80E5C2PM6Fk9mzerrbkxl7AZ/mvlbOn+sNZ\nE+VZ1AntYuG8ekbJpJtG1YfRfc7EA9mEtqvv4dhv7zBy4nK49OR+KpIBjItWB5kY\nvrqMLKBa32sMbgqqUqeF1ENXKjpvLSuPdfGJZA3dNa/+Dyb8GGqWe707zLyc5F8m\n-----END CERTIFICATE-----\n" settings_data['sp']['x509cert'] = cert_2 settings = OneLogin_Saml2_Settings(settings_data) self.assertEqual(cert_2, settings.get_sp_cert()) del settings_data['sp']['x509cert'] del settings_data['custom_base_path'] custom_base_path = dirname(__file__) settings_3 = OneLogin_Saml2_Settings(settings_data, custom_base_path=custom_base_path) self.assertIsNone(settings_3.get_sp_cert()) def testGetSPCertNew(self): """ Tests the get_sp_cert_new method of the OneLogin_Saml2_Settings """ settings_data = self.loadSettingsJSON() cert = "-----BEGIN CERTIFICATE-----\nMIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMC\nTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYD\nVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG\n9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4\nMTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xi\nZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2Zl\naWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5v\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LO\nNoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHIS\nKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d\n1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8\nBUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7n\nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2Qar\nQ4/67OZfHd7R+POBXhophSMv1ZOo\n-----END CERTIFICATE-----\n" settings = OneLogin_Saml2_Settings(settings_data) self.assertEqual(cert, settings.get_sp_cert()) self.assertIsNone(settings.get_sp_cert_new()) settings = OneLogin_Saml2_Settings(self.loadSettingsJSON('settings7.json')) cert_new = "-----BEGIN CERTIFICATE-----\nMIICVDCCAb2gAwIBAgIBADANBgkqhkiG9w0BAQ0FADBHMQswCQYDVQQGEwJ1czEQ\nMA4GA1UECAwHZXhhbXBsZTEQMA4GA1UECgwHZXhhbXBsZTEUMBIGA1UEAwwLZXhh\nbXBsZS5jb20wHhcNMTcwNDA3MDgzMDAzWhcNMjcwNDA1MDgzMDAzWjBHMQswCQYD\nVQQGEwJ1czEQMA4GA1UECAwHZXhhbXBsZTEQMA4GA1UECgwHZXhhbXBsZTEUMBIG\nA1UEAwwLZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKhP\nS4/0azxbQekHHewQGKD7Pivr3CDpsrKxY3xlVanxj427OwzOb5KUVzsDEazumt6s\nZFY8HfidsjXY4EYA4ZzyL7ciIAR5vlAsIYN9nJ4AwVDnN/RjVwj+TN6BqWPLpVIp\nHc6Dl005HyE0zJnk1DZDn2tQVrIzbD3FhCp7YeotAgMBAAGjUDBOMB0GA1UdDgQW\nBBRYZx4thASfNvR/E7NsCF2IaZ7wIDAfBgNVHSMEGDAWgBRYZx4thASfNvR/E7Ns\nCF2IaZ7wIDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBACz4aobx9aG3\nkh+rNyrlgM3K6dYfnKG1/YH5sJCAOvg8kDr0fQAQifH8lFVWumKUMoAe0bFTfwWt\np/VJ8MprrEJth6PFeZdczpuv+fpLcNj2VmNVJqvQYvS4m36OnBFh1QFZW8UrbFIf\ndtm2nuZ+twSKqfKwjLdqcoX0p39h7Uw/\n-----END CERTIFICATE-----\n" self.assertEqual(cert, settings.get_sp_cert()) self.assertEqual(cert_new, settings.get_sp_cert_new()) def testGetSPKey(self): """ Tests the get_sp_key method of the OneLogin_Saml2_Settings """ settings_data = self.loadSettingsJSON() key = "-----BEGIN RSA PRIVATE KEY-----\nMIICXgIBAAKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9\nIbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+\nPbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQAB\nAoGAD4/Z4LWVWV6D1qMIp1Gzr0ZmdWTE1SPdZ7Ej8glGnCzPdguCPuzbhGXmIg0V\nJ5D+02wsqws1zd48JSMXXM8zkYZVwQYIPUsNn5FetQpwxDIMPmhHg+QNBgwOnk8J\nK2sIjjLPL7qY7Itv7LT7Gvm5qSOkZ33RCgXcgz+okEIQMYkCQQDzbTOyDL0c5WQV\n6A2k06T/azdhUdGXF9C0+WkWSfNaovmTgRXh1G+jMlr82Snz4p4/STt7P/XtyWzF\n3pkVgZr3AkEA7nPjXwHlttNEMo6AtxHd47nizK2NUN803ElIUT8P9KSCoERmSXq6\n6PDekGNic4ldpsSvOeYCk8MAYoDBy9kvVwJBAMLgX4xg6lzhv7hR5+pWjTb1rIY6\nrCHbrPfU264+UZXz9v2BT/VUznLF81WMvStD9xAPHpFS6R0OLghSZhdzhI0CQQDL\n8Duvfxzrn4b9QlmduV8wLERoT6rEVxKLsPVz316TGrxJvBZLk/cV0SRZE1cZf4uk\nXSWMfEcJ/0Zt+LdG1CqjAkEAqwLSglJ9Dy3HpgMz4vAAyZWzAxvyA1zW0no9GOLc\nPQnYaNUN/Fy2SYtETXTb0CQ9X1rt8ffkFP7ya+5TC83aMg==\n-----END RSA PRIVATE KEY-----\n" settings = OneLogin_Saml2_Settings(settings_data) self.assertEqual(key, settings.get_sp_key()) key_2 = "-----BEGIN PRIVATE KEY-----\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAOWA+YHU7cvPOrBO\nfxCscsYTJB+kH3MaA9BFrSHFS+KcR6cw7oPSktIJxUgvDpQbtfNcOkE/tuOPBDoe\nch7AXfvH6d7Bw7xtW8PPJ2mB5Hn/HGW2roYhxmfh3tR5SdwN6i4ERVF8eLkvwCHs\nNQyK2Ref0DAJvpBNZMHCpS24916/AgMBAAECgYEA0wDXZPS9hKqMTNh+nnfONioX\nBjhA6fQ7GVtWKDxa3ofMoPyt7ejGL/Hnvcv13Vn02UAsFx1bKrCstDqVtYwrWrnm\nywXyH+o9paJnTmd+cRIjWU8mRvCrxzH5I/Bcvbp1qZoASuqZEaGwNjM6JpW2o3QT\nmHGMALcLUPfEvhApssECQQDy2e65E86HcFhi/Ta8TQ0odDCNbiWA0bI1Iu8B7z+N\nAy1D1+WnCd7w2u9U6CF/k2nFHCsvxEoeANM0z7h5T/XvAkEA8e4JqKmDrfdiakQT\n7nf9svU2jXZtxSbPiIRMafNikDvzZ1vJCZkvdmaWYL70GlDZIwc9ad67rHZ/n/fq\nX1d0MQJAbRpRsJ5gY+KqItbFt3UaWzlP8sowWR5cZJjsLb9RmsV5mYguKYw6t5R0\nf33GRu1wUFimYlBaR/5w5MIJi57LywJATO1a5uWX+G5MPewNxmsjIY91XEAHIYR4\nwzkGLz5z3dciS4BVCZdLD0QJlxPA/MkuckPwFET9uhYn+M7VGKHvUQJBANSDwsY+\nBdCGpi/WRV37HUfwLl07damaFbW3h08PQx8G8SuF7DpN+FPBcI6VhzrIWNRBxWpr\nkgeGioKNfFWzSaM=\n-----END PRIVATE KEY-----\n" settings_data['sp']['privateKey'] = key_2 settings_2 = OneLogin_Saml2_Settings(settings_data) self.assertEqual(key_2, settings_2.get_sp_key()) del settings_data['sp']['privateKey'] del settings_data['custom_base_path'] custom_base_path = dirname(__file__) settings_3 = OneLogin_Saml2_Settings(settings_data, custom_base_path=custom_base_path) self.assertIsNone(settings_3.get_sp_key()) def testGetIDPCert(self): """ Tests the get_idp_cert method of the OneLogin_Saml2_Settings """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON('settings9.json')) cert = "-----BEGIN CERTIFICATE-----\nMIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMC\nTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYD\nVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG\n9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4\nMTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xi\nZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2Zl\naWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5v\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LO\nNoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHIS\nKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d\n1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8\nBUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7n\nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2Qar\nQ4/67OZfHd7R+POBXhophSMv1ZOo\n-----END CERTIFICATE-----" self.assertEqual(cert, settings.get_idp_cert()) settings_data = self.loadSettingsJSON() settings = OneLogin_Saml2_Settings(settings_data) settings_data['idp']['x509cert'] = cert self.assertEqual(cert, settings.get_idp_cert()) del settings_data['idp']['x509cert'] del settings_data['custom_base_path'] custom_base_path = dirname(__file__) settings_3 = OneLogin_Saml2_Settings(settings_data, custom_base_path=custom_base_path) self.assertIsNone(settings_3.get_idp_cert()) def testFormatIdPCert(self): """ Tests the format_idp_cert method of the OneLogin_Saml2_Settings """ settings_data = self.loadSettingsJSON() cert = "-----BEGIN CERTIFICATE-----\nMIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMC\nTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYD\nVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG\n9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4\nMTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xi\nZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2Zl\naWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5v\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LO\nNoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHIS\nKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d\n1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8\nBUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7n\nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2Qar\nQ4/67OZfHd7R+POBXhophSMv1ZOo\n-----END CERTIFICATE-----\n" settings = OneLogin_Saml2_Settings(settings_data) self.assertEqual(cert, settings.get_idp_cert()) cert_2 = "-----BEGIN CERTIFICATE-----\nMIICbDCCAdWgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBTMQswCQYDVQQGEwJ1czET\nMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRgwFgYD\nVQQDDA9pZHAuZXhhbXBsZS5jb20wHhcNMTQwOTIzMTIyNDA4WhcNNDIwMjA4MTIy\nNDA4WjBTMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UE\nCgwMT25lbG9naW4gSW5jMRgwFgYDVQQDDA9pZHAuZXhhbXBsZS5jb20wgZ8wDQYJ\nKoZIhvcNAQEBBQADgY0AMIGJAoGBAOWA+YHU7cvPOrBOfxCscsYTJB+kH3MaA9BF\nrSHFS+KcR6cw7oPSktIJxUgvDpQbtfNcOkE/tuOPBDoech7AXfvH6d7Bw7xtW8PP\nJ2mB5Hn/HGW2roYhxmfh3tR5SdwN6i4ERVF8eLkvwCHsNQyK2Ref0DAJvpBNZMHC\npS24916/AgMBAAGjUDBOMB0GA1UdDgQWBBQ77/qVeiigfhYDITplCNtJKZTM8DAf\nBgNVHSMEGDAWgBQ77/qVeiigfhYDITplCNtJKZTM8DAMBgNVHRMEBTADAQH/MA0G\nCSqGSIb3DQEBDQUAA4GBAJO2j/1uO80E5C2PM6Fk9mzerrbkxl7AZ/mvlbOn+sNZ\nE+VZ1AntYuG8ekbJpJtG1YfRfc7EA9mEtqvv4dhv7zBy4nK49OR+KpIBjItWB5kY\nvrqMLKBa32sMbgqqUqeF1ENXKjpvLSuPdfGJZA3dNa/+Dyb8GGqWe707zLyc5F8m\n-----END CERTIFICATE-----\n" settings_data['idp']['x509cert'] = cert_2 settings = OneLogin_Saml2_Settings(settings_data) self.assertEqual(cert_2, settings.get_idp_cert()) def testFormatSPCert(self): """ Tests the format_sp_cert method of the OneLogin_Saml2_Settings """ settings_data = self.loadSettingsJSON() cert = "-----BEGIN CERTIFICATE-----\nMIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMC\nTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYD\nVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG\n9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4\nMTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xi\nZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2Zl\naWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5v\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LO\nNoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHIS\nKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d\n1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8\nBUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7n\nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2Qar\nQ4/67OZfHd7R+POBXhophSMv1ZOo\n-----END CERTIFICATE-----\n" settings = OneLogin_Saml2_Settings(settings_data) self.assertEqual(cert, settings.get_sp_cert()) settings_data['sp']['x509cert'] = cert settings = OneLogin_Saml2_Settings(settings_data) self.assertEqual(cert, settings.get_sp_cert()) cert_2 = "-----BEGIN CERTIFICATE-----\nMIICbDCCAdWgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBTMQswCQYDVQQGEwJ1czET\nMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMT25lbG9naW4gSW5jMRgwFgYD\nVQQDDA9pZHAuZXhhbXBsZS5jb20wHhcNMTQwOTIzMTIyNDA4WhcNNDIwMjA4MTIy\nNDA4WjBTMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UE\nCgwMT25lbG9naW4gSW5jMRgwFgYDVQQDDA9pZHAuZXhhbXBsZS5jb20wgZ8wDQYJ\nKoZIhvcNAQEBBQADgY0AMIGJAoGBAOWA+YHU7cvPOrBOfxCscsYTJB+kH3MaA9BF\nrSHFS+KcR6cw7oPSktIJxUgvDpQbtfNcOkE/tuOPBDoech7AXfvH6d7Bw7xtW8PP\nJ2mB5Hn/HGW2roYhxmfh3tR5SdwN6i4ERVF8eLkvwCHsNQyK2Ref0DAJvpBNZMHC\npS24916/AgMBAAGjUDBOMB0GA1UdDgQWBBQ77/qVeiigfhYDITplCNtJKZTM8DAf\nBgNVHSMEGDAWgBQ77/qVeiigfhYDITplCNtJKZTM8DAMBgNVHRMEBTADAQH/MA0G\nCSqGSIb3DQEBDQUAA4GBAJO2j/1uO80E5C2PM6Fk9mzerrbkxl7AZ/mvlbOn+sNZ\nE+VZ1AntYuG8ekbJpJtG1YfRfc7EA9mEtqvv4dhv7zBy4nK49OR+KpIBjItWB5kY\nvrqMLKBa32sMbgqqUqeF1ENXKjpvLSuPdfGJZA3dNa/+Dyb8GGqWe707zLyc5F8m\n-----END CERTIFICATE-----\n" settings_data['sp']['x509cert'] = cert_2 settings = OneLogin_Saml2_Settings(settings_data) self.assertEqual(cert_2, settings.get_sp_cert()) def testFormatSPKey(self): """ Tests the format_sp_key method of the OneLogin_Saml2_Settings """ settings_data = self.loadSettingsJSON() key = "-----BEGIN RSA PRIVATE KEY-----\nMIICXgIBAAKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9\nIbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+\nPbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQAB\nAoGAD4/Z4LWVWV6D1qMIp1Gzr0ZmdWTE1SPdZ7Ej8glGnCzPdguCPuzbhGXmIg0V\nJ5D+02wsqws1zd48JSMXXM8zkYZVwQYIPUsNn5FetQpwxDIMPmhHg+QNBgwOnk8J\nK2sIjjLPL7qY7Itv7LT7Gvm5qSOkZ33RCgXcgz+okEIQMYkCQQDzbTOyDL0c5WQV\n6A2k06T/azdhUdGXF9C0+WkWSfNaovmTgRXh1G+jMlr82Snz4p4/STt7P/XtyWzF\n3pkVgZr3AkEA7nPjXwHlttNEMo6AtxHd47nizK2NUN803ElIUT8P9KSCoERmSXq6\n6PDekGNic4ldpsSvOeYCk8MAYoDBy9kvVwJBAMLgX4xg6lzhv7hR5+pWjTb1rIY6\nrCHbrPfU264+UZXz9v2BT/VUznLF81WMvStD9xAPHpFS6R0OLghSZhdzhI0CQQDL\n8Duvfxzrn4b9QlmduV8wLERoT6rEVxKLsPVz316TGrxJvBZLk/cV0SRZE1cZf4uk\nXSWMfEcJ/0Zt+LdG1CqjAkEAqwLSglJ9Dy3HpgMz4vAAyZWzAxvyA1zW0no9GOLc\nPQnYaNUN/Fy2SYtETXTb0CQ9X1rt8ffkFP7ya+5TC83aMg==\n-----END RSA PRIVATE KEY-----\n" settings_data['sp']['privateKey'] = key settings = OneLogin_Saml2_Settings(settings_data) self.assertEqual(key, settings.get_sp_key()) key_2 = "-----BEGIN PRIVATE KEY-----\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAOWA+YHU7cvPOrBO\nfxCscsYTJB+kH3MaA9BFrSHFS+KcR6cw7oPSktIJxUgvDpQbtfNcOkE/tuOPBDoe\nch7AXfvH6d7Bw7xtW8PPJ2mB5Hn/HGW2roYhxmfh3tR5SdwN6i4ERVF8eLkvwCHs\nNQyK2Ref0DAJvpBNZMHCpS24916/AgMBAAECgYEA0wDXZPS9hKqMTNh+nnfONioX\nBjhA6fQ7GVtWKDxa3ofMoPyt7ejGL/Hnvcv13Vn02UAsFx1bKrCstDqVtYwrWrnm\nywXyH+o9paJnTmd+cRIjWU8mRvCrxzH5I/Bcvbp1qZoASuqZEaGwNjM6JpW2o3QT\nmHGMALcLUPfEvhApssECQQDy2e65E86HcFhi/Ta8TQ0odDCNbiWA0bI1Iu8B7z+N\nAy1D1+WnCd7w2u9U6CF/k2nFHCsvxEoeANM0z7h5T/XvAkEA8e4JqKmDrfdiakQT\n7nf9svU2jXZtxSbPiIRMafNikDvzZ1vJCZkvdmaWYL70GlDZIwc9ad67rHZ/n/fq\nX1d0MQJAbRpRsJ5gY+KqItbFt3UaWzlP8sowWR5cZJjsLb9RmsV5mYguKYw6t5R0\nf33GRu1wUFimYlBaR/5w5MIJi57LywJATO1a5uWX+G5MPewNxmsjIY91XEAHIYR4\nwzkGLz5z3dciS4BVCZdLD0QJlxPA/MkuckPwFET9uhYn+M7VGKHvUQJBANSDwsY+\nBdCGpi/WRV37HUfwLl07damaFbW3h08PQx8G8SuF7DpN+FPBcI6VhzrIWNRBxWpr\nkgeGioKNfFWzSaM=\n-----END PRIVATE KEY-----\n" settings_data['sp']['privateKey'] = key_2 settings_2 = OneLogin_Saml2_Settings(settings_data) self.assertEqual(key_2, settings_2.get_sp_key()) def testCheckSPCerts(self): """ Tests the checkSPCerts method of the OneLogin_Saml2_Settings """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) self.assertTrue(settings.check_sp_certs()) def testCheckSettings(self): """ Tests the checkSettings method of the OneLogin_Saml2_Settings The checkSettings method is private and is used at the constructor """ settings_info = {} try: OneLogin_Saml2_Settings(settings_info) self.assertTrue(False) except Exception as e: self.assertIn('Invalid dict settings: invalid_syntax', str(e)) settings_info['strict'] = True try: OneLogin_Saml2_Settings(settings_info) self.assertTrue(False) except Exception as e: self.assertIn('idp_not_found', str(e)) self.assertIn('sp_not_found', str(e)) settings_info['idp'] = {} settings_info['idp']['x509cert'] = '' settings_info['sp'] = {} settings_info['sp']['entityID'] = 'SPentityId' settings_info['security'] = {} settings_info['security']['signMetadata'] = False try: OneLogin_Saml2_Settings(settings_info) self.assertTrue(False) except Exception as e: self.assertIn('idp_entityId_not_found', str(e)) self.assertIn('idp_sso_not_found', str(e)) self.assertIn('sp_entityId_not_found', str(e)) self.assertIn('sp_acs_not_found', str(e)) # AttributeConsumingService tests # serviceName, requestedAttributes are required settings_info['sp']['attributeConsumingService'] = { "serviceDescription": "Test Service" } try: OneLogin_Saml2_Settings(settings_info) self.assertTrue(False) except Exception as e: self.assertIn('sp_attributeConsumingService_serviceName_not_found', str(e)) self.assertIn('sp_attributeConsumingService_requestedAttributes_not_found', str(e)) # requestedAttributes/name is required settings_info['sp']['attributeConsumingService'] = { "serviceName": {}, "serviceDescription": ["Test Service"], "requestedAttributes": [{ "nameFormat": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", "friendlyName": "givenName", "isRequired": "False" } ] } try: OneLogin_Saml2_Settings(settings_info) self.assertTrue(False) except Exception as e: self.assertIn('sp_attributeConsumingService_requestedAttributes_name_not_found', str(e)) self.assertIn('sp_attributeConsumingService_requestedAttributes_isRequired_type_invalid', str(e)) self.assertIn('sp_attributeConsumingService_serviceDescription_type_invalid', str(e)) self.assertIn('sp_attributeConsumingService_serviceName_type_invalid', str(e)) settings_info['idp']['entityID'] = 'entityId' settings_info['idp']['singleSignOnService'] = {} settings_info['idp']['singleSignOnService']['url'] = 'invalid_value' settings_info['idp']['singleLogoutService'] = {} settings_info['idp']['singleLogoutService']['url'] = 'invalid_value' settings_info['sp']['assertionConsumerService'] = {} settings_info['sp']['assertionConsumerService']['url'] = 'invalid_value' settings_info['sp']['singleLogoutService'] = {} settings_info['sp']['singleLogoutService']['url'] = 'invalid_value' try: OneLogin_Saml2_Settings(settings_info) self.assertTrue(False) except Exception as e: self.assertIn('idp_sso_url_invalid', str(e)) self.assertIn('idp_slo_url_invalid', str(e)) self.assertIn('sp_acs_url_invalid', str(e)) self.assertIn('sp_sls_url_invalid', str(e)) settings_info['security']['wantAssertionsSigned'] = True try: OneLogin_Saml2_Settings(settings_info) self.assertTrue(False) except Exception as e: self.assertIn('idp_cert_or_fingerprint_not_found_and_required', str(e)) settings_info = self.loadSettingsJSON() settings_info['security']['signMetadata'] = {} settings_info['security']['signMetadata']['keyFileName'] = 'metadata.key' settings_info['organization'] = { 'en-US': { 'name': 'miss_information' } } settings_info['contactPerson'] = { 'support': { 'givenName': 'support_name' }, 'auxiliar': { 'givenName': 'auxiliar_name', 'emailAddress': 'auxiliar@example.com' } } try: OneLogin_Saml2_Settings(settings_info) self.assertTrue(False) except Exception as e: self.assertIn('sp_signMetadata_invalid', str(e)) self.assertIn('organization_not_enought_data', str(e)) self.assertIn('contact_type_invalid', str(e)) def testGetSPMetadata(self): """ Tests the getSPMetadata method of the OneLogin_Saml2_Settings Case unsigned metadata """ settings_info = self.loadSettingsJSON() settings_info['security']['wantNameIdEncrypted'] = False settings_info['security']['wantAssertionsEncrypted'] = False settings = OneLogin_Saml2_Settings(settings_info) metadata = compat.to_string(settings.get_sp_metadata()) self.assertNotEqual(len(metadata), 0) self.assertIn('', metadata) self.assertIn('', metadata) self.assertIn('urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified', metadata) self.assertEqual(1, metadata.count('', metadata) self.assertIn('', metadata) self.assertIn('urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified', metadata) self.assertIn('\n', metadata) self.assertIn('', metadata) self.assertIn('\n\n', metadata) def testGetSPMetadataSignedNoMetadataCert(self): """ Tests the getSPMetadata method of the OneLogin_Saml2_Settings Case signed metadata with specific certs """ settings_info = self.loadSettingsJSON() if 'security' not in settings_info: settings_info['security'] = {} settings_info['security']['signMetadata'] = {} with self.assertRaises(Exception) as context: OneLogin_Saml2_Settings(settings_info) exception = context.exception self.assertIn("sp_signMetadata_invalid", str(exception)) settings_info['security']['signMetadata'] = { 'keyFileName': 'noexist.key', 'certFileName': 'sp.crt' } settings = OneLogin_Saml2_Settings(settings_info) with self.assertRaises(Exception) as context: settings.get_sp_metadata() exception = context.exception self.assertIn("Private key file not readable", str(exception)) settings_info['security']['signMetadata'] = { 'keyFileName': 'sp.key', 'certFileName': 'noexist.crt' } settings = OneLogin_Saml2_Settings(settings_info) with self.assertRaises(Exception) as context: settings.get_sp_metadata() exception = context.exception self.assertIn("Public cert file not readable", str(exception)) settings_info['security']['signMetadata'] = 'invalid_value' settings = OneLogin_Saml2_Settings(settings_info) with self.assertRaises(Exception) as context: settings.get_sp_metadata() exception = context.exception self.assertIn("Invalid Setting: signMetadata value of the sp is not valid", str(exception)) def testValidateMetadata(self): """ Tests the validateMetadata method of the OneLogin_Saml2_Settings Case valid metadata """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) metadata = settings.get_sp_metadata() self.assertEqual(len(settings.validate_metadata(metadata)), 0) xml = self.file_contents(join(self.data_path, 'metadata', 'metadata_settings1.xml')) self.assertEqual(len(settings.validate_metadata(xml)), 0) xml_2 = 'invalid' self.assertIn('invalid_xml', settings.validate_metadata(xml_2)) xml_3 = self.file_contents(join(self.data_path, 'metadata', 'entities_metadata.xml')) self.assertIn('noEntityDescriptor_xml', settings.validate_metadata(xml_3)) xml_4 = self.file_contents(join(self.data_path, 'metadata', 'idp_metadata.xml')) self.assertIn('onlySPSSODescriptor_allowed_xml', settings.validate_metadata(xml_4)) xml_5 = self.file_contents(join(self.data_path, 'metadata', 'no_expiration_mark_metadata.xml')) self.assertEqual(len(settings.validate_metadata(xml_5)), 0) def testValidateMetadataExpired(self): """ Tests the validateMetadata method of the OneLogin_Saml2_Settings """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) metadata = self.file_contents(join(self.data_path, 'metadata', 'expired_metadata_settings1.xml')) errors = settings.validate_metadata(metadata) self.assertNotEqual(len(metadata), 0) self.assertIn('expired_xml', errors) def testValidateMetadataNoXML(self): """ Tests the validateMetadata method of the OneLogin_Saml2_Settings Case no metadata """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) metadata = '' with self.assertRaises(Exception) as context: settings.validate_metadata(metadata) exception = context.exception self.assertIn("t", str(exception)) metadata = '' errors = settings.validate_metadata(metadata) self.assertNotEqual(len(errors), 0) self.assertIn('unloaded_xml', errors) def testValidateMetadataNoEntity(self): """ Tests the validateMetadata method of the OneLogin_Saml2_Settings Case invalid xml metadata """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) metadata = self.file_contents(join(self.data_path, 'metadata', 'noentity_metadata_settings1.xml')) errors = settings.validate_metadata(metadata) self.assertNotEqual(len(metadata), 0) self.assertIn('invalid_xml', errors) def testGetIdPData(self): """ Tests the getIdPData method of the OneLogin_Saml2_Settings """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) idp_data = settings.get_idp_data() self.assertNotEqual(len(idp_data), 0) self.assertIn('entityId', idp_data) self.assertIn('singleSignOnService', idp_data) self.assertIn('singleLogoutService', idp_data) self.assertIn('x509cert', idp_data) self.assertEqual('http://idp.example.com/', idp_data['entityId']) self.assertEqual('http://idp.example.com/SSOService.php', idp_data['singleSignOnService']['url']) self.assertEqual('http://idp.example.com/SingleLogoutService.php', idp_data['singleLogoutService']['url']) x509cert = 'MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo' formated_x509_cert = OneLogin_Saml2_Utils.format_cert(x509cert) self.assertEqual(formated_x509_cert, idp_data['x509cert']) def testGetSPData(self): """ Tests the getSPData method of the OneLogin_Saml2_Settings """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) sp_data = settings.get_sp_data() self.assertNotEqual(len(sp_data), 0) self.assertIn('entityId', sp_data) self.assertIn('assertionConsumerService', sp_data) self.assertIn('singleLogoutService', sp_data) self.assertIn('NameIDFormat', sp_data) self.assertEqual('http://stuff.com/endpoints/metadata.php', sp_data['entityId']) self.assertEqual('http://stuff.com/endpoints/endpoints/acs.php', sp_data['assertionConsumerService']['url']) self.assertEqual('http://stuff.com/endpoints/endpoints/sls.php', sp_data['singleLogoutService']['url']) self.assertEqual('urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified', sp_data['NameIDFormat']) def testGetSecurityData(self): """ Tests the getSecurityData method of the OneLogin_Saml2_Settings """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) security = settings.get_security_data() self.assertNotEqual(len(security), 0) self.assertIn('nameIdEncrypted', security) self.assertIn('authnRequestsSigned', security) self.assertIn('logoutRequestSigned', security) self.assertIn('logoutResponseSigned', security) self.assertIn('signMetadata', security) self.assertIn('wantMessagesSigned', security) self.assertIn('wantAssertionsSigned', security) self.assertIn('requestedAuthnContext', security) self.assertIn('wantNameId', security) self.assertIn('wantNameIdEncrypted', security) def testGetDefaultSecurityValues(self): """ Tests default values of Security advanced sesettings """ settings_json = self.loadSettingsJSON() del settings_json['security'] settings = OneLogin_Saml2_Settings(settings_json) security = settings.get_security_data() self.assertIn('nameIdEncrypted', security) self.assertFalse(security.get('nameIdEncrypted')) self.assertIn('authnRequestsSigned', security) self.assertFalse(security.get('authnRequestsSigned')) self.assertIn('logoutRequestSigned', security) self.assertFalse(security.get('logoutRequestSigned')) self.assertIn('logoutResponseSigned', security) self.assertFalse(security.get('logoutResponseSigned')) self.assertIn('signMetadata', security) self.assertFalse(security.get('signMetadata')) self.assertIn('wantMessagesSigned', security) self.assertFalse(security.get('wantMessagesSigned')) self.assertIn('wantAssertionsSigned', security) self.assertFalse(security.get('wantAssertionsSigned')) self.assertIn('requestedAuthnContext', security) self.assertTrue(security.get('requestedAuthnContext')) self.assertIn('wantNameId', security) self.assertTrue(security.get('wantNameId')) self.assertIn('wantNameIdEncrypted', security) self.assertFalse(security.get('wantNameIdEncrypted')) def testGetContacts(self): """ Tests the getContacts method of the OneLogin_Saml2_Settings """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) contacts = settings.get_contacts() self.assertNotEqual(len(contacts), 0) self.assertEqual('technical_name', contacts['technical']['givenName']) self.assertEqual('technical@example.com', contacts['technical']['emailAddress']) self.assertEqual('support_name', contacts['support']['givenName']) self.assertEqual('support@example.com', contacts['support']['emailAddress']) def testGetOrganization(self): """ Tests the getOrganization method of the OneLogin_Saml2_Settings """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) organization = settings.get_organization() self.assertNotEqual(len(organization), 0) self.assertEqual('sp_test', organization['en-US']['name']) self.assertEqual('SP test', organization['en-US']['displayname']) self.assertEqual('http://sp.example.com', organization['en-US']['url']) def testSetStrict(self): """ Tests the setStrict method of the OneLogin_Saml2_Settings """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) self.assertFalse(settings.is_strict()) settings.set_strict(True) self.assertTrue(settings.is_strict()) settings.set_strict(False) self.assertFalse(settings.is_strict()) self.assertRaises(AssertionError, settings.set_strict, 'a') def testIsStrict(self): """ Tests the isStrict method of the OneLogin_Saml2_Settings """ settings_info = self.loadSettingsJSON() del settings_info['strict'] settings = OneLogin_Saml2_Settings(settings_info) self.assertTrue(settings.is_strict()) settings_info['strict'] = False settings_2 = OneLogin_Saml2_Settings(settings_info) self.assertFalse(settings_2.is_strict()) settings_info['strict'] = True settings_3 = OneLogin_Saml2_Settings(settings_info) self.assertTrue(settings_3.is_strict()) def testIsDebugActive(self): """ Tests the isDebugActive method of the OneLogin_Saml2_Settings """ settings_info = self.loadSettingsJSON() del settings_info['debug'] settings = OneLogin_Saml2_Settings(settings_info) self.assertFalse(settings.is_debug_active()) settings_info['debug'] = False settings_2 = OneLogin_Saml2_Settings(settings_info) self.assertFalse(settings_2.is_debug_active()) settings_info['debug'] = True settings_3 = OneLogin_Saml2_Settings(settings_info) self.assertTrue(settings_3.is_debug_active()) python3-saml-1.12.0/tests/src/OneLogin/saml2_tests/signed_response_test.py000066400000000000000000000037271410551756100266520ustar00rootroot00000000000000# -*- coding: utf-8 -*- # Copyright (c) 2010-2021 OneLogin, Inc. # MIT License import json from os.path import dirname, join, exists import unittest from onelogin.saml2.response import OneLogin_Saml2_Response from onelogin.saml2.settings import OneLogin_Saml2_Settings from onelogin.saml2.utils import OneLogin_Saml2_Utils class OneLogin_Saml2_SignedResponse_Test(unittest.TestCase): data_path = join(dirname(__file__), '..', '..', '..', 'data') def loadSettingsJSON(self): filename = join(dirname(__file__), '..', '..', '..', 'settings', 'settings1.json') if exists(filename): stream = open(filename, 'r') settings = json.load(stream) stream.close() return settings else: raise Exception('Settings json file does not exist') def file_contents(self, filename): f = open(filename, 'r') content = f.read() f.close() return content def testResponseSignedAssertionNot(self): """ Tests the getNameId method of the OneLogin_Saml2_Response Case valid signed response, unsigned assertion """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) message = self.file_contents(join(self.data_path, 'responses', 'open_saml_response.xml')) response = OneLogin_Saml2_Response(settings, OneLogin_Saml2_Utils.b64encode(message)) self.assertEqual('someone@example.org', response.get_nameid()) def testResponseAndAssertionSigned(self): """ Tests the getNameId method of the OneLogin_Saml2_Response Case valid signed response, signed assertion """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) message = self.file_contents(join(self.data_path, 'responses', 'simple_saml_php.xml')) response = OneLogin_Saml2_Response(settings, OneLogin_Saml2_Utils.b64encode(message)) self.assertEqual('someone@example.com', response.get_nameid()) python3-saml-1.12.0/tests/src/OneLogin/saml2_tests/utils_test.py000066400000000000000000001372621410551756100246250ustar00rootroot00000000000000# -*- coding: utf-8 -*- # Copyright (c) 2010-2021 OneLogin, Inc. # MIT License from base64 import b64decode import json from lxml import etree from os.path import dirname, join, exists import unittest from xml.dom.minidom import parseString from onelogin.saml2 import compat from onelogin.saml2.constants import OneLogin_Saml2_Constants from onelogin.saml2.settings import OneLogin_Saml2_Settings from onelogin.saml2.utils import OneLogin_Saml2_Utils from onelogin.saml2.xmlparser import fromstring class OneLogin_Saml2_Utils_Test(unittest.TestCase): data_path = join(dirname(dirname(dirname(dirname(__file__)))), 'data') settings_path = join(dirname(dirname(dirname(dirname(__file__)))), 'settings') # assertRegexpMatches deprecated on python3 def assertRaisesRegex(self, exception, regexp, msg=None): if hasattr(unittest.TestCase, 'assertRaisesRegex'): return super(OneLogin_Saml2_Utils_Test, self).assertRaisesRegex(exception, regexp, msg=msg) else: return self.assertRaisesRegexp(exception, regexp) def loadSettingsJSON(self, name='settings1.json'): filename = join(self.settings_path, name) if exists(filename): stream = open(filename, 'r') settings = json.load(stream) stream.close() return settings else: raise Exception('Settings json file does not exist') def file_contents(self, filename): f = open(filename, 'r') content = f.read() f.close() return content def testFormatCert(self): """ Tests the format_cert method of the OneLogin_Saml2_Utils """ settings_info = self.loadSettingsJSON() cert = settings_info['idp']['x509cert'] self.assertNotIn('-----BEGIN CERTIFICATE-----', cert) self.assertNotIn('-----END CERTIFICATE-----', cert) self.assertEqual(len(cert), 860) formated_cert1 = OneLogin_Saml2_Utils.format_cert(cert) self.assertIn('-----BEGIN CERTIFICATE-----', formated_cert1) self.assertIn('-----END CERTIFICATE-----', formated_cert1) formated_cert2 = OneLogin_Saml2_Utils.format_cert(cert, True) self.assertEqual(formated_cert1, formated_cert2) formated_cert3 = OneLogin_Saml2_Utils.format_cert(cert, False) self.assertNotIn('-----BEGIN CERTIFICATE-----', formated_cert3) self.assertNotIn('-----END CERTIFICATE-----', formated_cert3) self.assertEqual(len(formated_cert3), 860) def testFormatPrivateKey(self): """ Tests the format_private_key method of the OneLogin_Saml2_Utils """ key = "-----BEGIN RSA PRIVATE KEY-----\nMIICXgIBAAKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9\nIbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+\nPbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQAB\nAoGAD4/Z4LWVWV6D1qMIp1Gzr0ZmdWTE1SPdZ7Ej8glGnCzPdguCPuzbhGXmIg0V\nJ5D+02wsqws1zd48JSMXXM8zkYZVwQYIPUsNn5FetQpwxDIMPmhHg+QNBgwOnk8J\nK2sIjjLPL7qY7Itv7LT7Gvm5qSOkZ33RCgXcgz+okEIQMYkCQQDzbTOyDL0c5WQV\n6A2k06T/azdhUdGXF9C0+WkWSfNaovmTgRXh1G+jMlr82Snz4p4/STt7P/XtyWzF\n3pkVgZr3AkEA7nPjXwHlttNEMo6AtxHd47nizK2NUN803ElIUT8P9KSCoERmSXq6\n6PDekGNic4ldpsSvOeYCk8MAYoDBy9kvVwJBAMLgX4xg6lzhv7hR5+pWjTb1rIY6\nrCHbrPfU264+UZXz9v2BT/VUznLF81WMvStD9xAPHpFS6R0OLghSZhdzhI0CQQDL\n8Duvfxzrn4b9QlmduV8wLERoT6rEVxKLsPVz316TGrxJvBZLk/cV0SRZE1cZf4uk\nXSWMfEcJ/0Zt+LdG1CqjAkEAqwLSglJ9Dy3HpgMz4vAAyZWzAxvyA1zW0no9GOLc\nPQnYaNUN/Fy2SYtETXTb0CQ9X1rt8ffkFP7ya+5TC83aMg==\n-----END RSA PRIVATE KEY-----\n" formated_key = OneLogin_Saml2_Utils.format_private_key(key, True) self.assertIn('-----BEGIN RSA PRIVATE KEY-----', formated_key) self.assertIn('-----END RSA PRIVATE KEY-----', formated_key) self.assertEqual(len(formated_key), 891) formated_key = OneLogin_Saml2_Utils.format_private_key(key, False) self.assertNotIn('-----BEGIN RSA PRIVATE KEY-----', formated_key) self.assertNotIn('-----END RSA PRIVATE KEY-----', formated_key) self.assertEqual(len(formated_key), 816) key_2 = "-----BEGIN PRIVATE KEY-----\nMIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAM62buSW9Zgh7CmZ\nouJekK0ac9sgEZkspemjv7SyE6Hbdz+KmUr3C7MI6JuPfVyJbxvMDf3FbgBBK7r5\nyfGgehXwplLMZj8glvV3NkdLMLPWmaw9U5sOzRoym46pVvsEo1PUL2qDK5Wrsm1g\nuY1KIDSHL59NQ7PzDKgm1dxioeXFAgMBAAECgYA/fvRzTReloo3rfWD2Tfv84EpE\nPgaJ2ZghO4Zwl97F8icgIo/R4i760Lq6xgnI+gJiNHz7vcB7XYl0RrRMf3HgbA7z\npJxREmOVltESDHy6lH0TmCdv9xMmHltB+pbGOhqBvuGgFbEOR73lDDV0ln2rEITJ\nA2zjYF+hWe8b0JFeQQJBAOsIIIlHAMngjhCQDD6kla/vce972gCFU7ZeFw16ZMmb\n8W4rGRfQoQWYxSLAFIFsYewSBTccanyYbBNe3njki3ECQQDhJ4cgV6VpTwez4dkp\nU/xCHKoReedAEJhXucTNGpiIqu+TDgIz9aRbrgnUKkS1s06UJhcDRTl/+pCSRRt/\nCA2VAkBkPw4pn1hNwvK1S8t9OJQD+5xcKjZcvIFtKoqonAi7GUGL3OQSDVFw4q1K\n2iSk40aM+06wJ/WfeR+3z2ISrGBxAkAJ20YiF1QpcQlASbHNCl0vs7uKOlDyUAer\nR3mjFPf6e6kzQdi815MTZGIPxK3vWmMlPymgvgYPYTO1A4t5myulAkEA1QioAWcJ\noO26qhUlFRBCR8BMJoVPImV7ndVHE7usHdJvP7V2P9RyuRcMCTVul8RRmyoh/+yG\n4ghMaHo/v0YY5Q==\n-----END PRIVATE KEY-----\n" formated_key_2 = OneLogin_Saml2_Utils.format_private_key(key_2, True) self.assertIn('-----BEGIN PRIVATE KEY-----', formated_key_2) self.assertIn('-----END PRIVATE KEY-----', formated_key_2) self.assertEqual(len(formated_key_2), 916) formated_key_2 = OneLogin_Saml2_Utils.format_private_key(key_2, False) self.assertNotIn('-----BEGIN PRIVATE KEY-----', formated_key_2) self.assertNotIn('-----END PRIVATE KEY-----', formated_key_2) self.assertEqual(len(formated_key_2), 848) key_3 = 'MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAM62buSW9Zgh7CmZouJekK0ac9sgEZkspemjv7SyE6Hbdz+KmUr3C7MI6JuPfVyJbxvMDf3FbgBBK7r5yfGgehXwplLMZj8glvV3NkdLMLPWmaw9U5sOzRoym46pVvsEo1PUL2qDK5Wrsm1guY1KIDSHL59NQ7PzDKgm1dxioeXFAgMBAAECgYA/fvRzTReloo3rfWD2Tfv84EpEPgaJ2ZghO4Zwl97F8icgIo/R4i760Lq6xgnI+gJiNHz7vcB7XYl0RrRMf3HgbA7zpJxREmOVltESDHy6lH0TmCdv9xMmHltB+pbGOhqBvuGgFbEOR73lDDV0ln2rEITJA2zjYF+hWe8b0JFeQQJBAOsIIIlHAMngjhCQDD6kla/vce972gCFU7ZeFw16ZMmb8W4rGRfQoQWYxSLAFIFsYewSBTccanyYbBNe3njki3ECQQDhJ4cgV6VpTwez4dkpU/xCHKoReedAEJhXucTNGpiIqu+TDgIz9aRbrgnUKkS1s06UJhcDRTl/+pCSRRt/CA2VAkBkPw4pn1hNwvK1S8t9OJQD+5xcKjZcvIFtKoqonAi7GUGL3OQSDVFw4q1K2iSk40aM+06wJ/WfeR+3z2ISrGBxAkAJ20YiF1QpcQlASbHNCl0vs7uKOlDyUAerR3mjFPf6e6kzQdi815MTZGIPxK3vWmMlPymgvgYPYTO1A4t5myulAkEA1QioAWcJoO26qhUlFRBCR8BMJoVPImV7ndVHE7usHdJvP7V2P9RyuRcMCTVul8RRmyoh/+yG4ghMaHo/v0YY5Q==' formated_key_3 = OneLogin_Saml2_Utils.format_private_key(key_3, True) self.assertIn('-----BEGIN RSA PRIVATE KEY-----', formated_key_3) self.assertIn('-----END RSA PRIVATE KEY-----', formated_key_3) self.assertEqual(len(formated_key_3), 924) formated_key_3 = OneLogin_Saml2_Utils.format_private_key(key_3, False) self.assertNotIn('-----BEGIN PRIVATE KEY-----', formated_key_3) self.assertNotIn('-----END PRIVATE KEY-----', formated_key_3) self.assertNotIn('-----BEGIN RSA PRIVATE KEY-----', formated_key_3) self.assertNotIn('-----END RSA PRIVATE KEY-----', formated_key_3) self.assertEqual(len(formated_key_3), 848) def testRedirect(self): """ Tests the redirect method of the OneLogin_Saml2_Utils """ request_data = { 'http_host': 'example.com' } # Check relative and absolute hostname = OneLogin_Saml2_Utils.get_self_host(request_data) url = 'http://%s/example' % hostname url2 = '/example' target_url = OneLogin_Saml2_Utils.redirect(url, {}, request_data) target_url2 = OneLogin_Saml2_Utils.redirect(url2, {}, request_data) self.assertEqual(target_url, target_url2) # Check that accept http/https and reject other protocols url3 = 'https://%s/example?test=true' % hostname url4 = 'ftp://%s/example' % hostname target_url3 = OneLogin_Saml2_Utils.redirect(url3, {}, request_data) self.assertIn('test=true', target_url3) with self.assertRaises(Exception) as context: OneLogin_Saml2_Utils.redirect(url4, {}, request_data) exception = context.exception self.assertIn("Redirect to invalid URL", str(exception)) # Review parameter prefix parameters1 = { 'value1': 'a' } target_url5 = OneLogin_Saml2_Utils.redirect(url, parameters1, request_data) self.assertEqual('http://%s/example?value1=a' % hostname, target_url5) target_url6 = OneLogin_Saml2_Utils.redirect(url3, parameters1, request_data) self.assertEqual('https://%s/example?test=true&value1=a' % hostname, target_url6) # Review parameters parameters2 = { 'alphavalue': 'a', 'numvaluelist': ['1', '2'], 'testing': None } target_url7 = OneLogin_Saml2_Utils.redirect(url, parameters2, request_data) parameters2_decoded = {"alphavalue": "alphavalue=a", "numvaluelist": "numvaluelist[]=1&numvaluelist[]=2", "testing": "testing"} parameters2_str = "&".join(parameters2_decoded[x] for x in parameters2) self.assertEqual('http://%s/example?%s' % (hostname, parameters2_str), target_url7) parameters3 = { 'alphavalue': 'a', 'emptynumvaluelist': [], 'numvaluelist': [''], } parameters3_decoded = {"alphavalue": "alphavalue=a", "numvaluelist": "numvaluelist[]="} parameters3_str = "&".join((parameters3_decoded[x] for x in parameters3.keys() if x in parameters3_decoded)) target_url8 = OneLogin_Saml2_Utils.redirect(url, parameters3, request_data) self.assertEqual('http://%s/example?%s' % (hostname, parameters3_str), target_url8) def testGetselfhost(self): """ Tests the get_self_host method of the OneLogin_Saml2_Utils """ request_data = {} with self.assertRaises(Exception) as context: OneLogin_Saml2_Utils.get_self_url_host(request_data) exception = context.exception self.assertIn("No hostname defined", str(exception)) request_data = { 'server_name': 'example.com' } self.assertEqual('example.com', OneLogin_Saml2_Utils.get_self_host(request_data)) request_data = { 'http_host': 'example.com' } self.assertEqual('example.com', OneLogin_Saml2_Utils.get_self_host(request_data)) request_data = { 'http_host': 'example.com:443' } self.assertEqual('example.com:443', OneLogin_Saml2_Utils.get_self_host(request_data)) request_data = { 'http_host': 'example.com:ok' } self.assertEqual('example.com:ok', OneLogin_Saml2_Utils.get_self_host(request_data)) def testisHTTPS(self): """ Tests the is_https method of the OneLogin_Saml2_Utils """ request_data = { 'https': 'off' } self.assertFalse(OneLogin_Saml2_Utils.is_https(request_data)) request_data = { 'https': 'on' } self.assertTrue(OneLogin_Saml2_Utils.is_https(request_data)) request_data = { 'server_port': '443' } self.assertTrue(OneLogin_Saml2_Utils.is_https(request_data)) def testGetSelfURLhost(self): """ Tests the get_self_url_host method of the OneLogin_Saml2_Utils """ request_data = { 'http_host': 'example.com' } self.assertEqual('http://example.com', OneLogin_Saml2_Utils.get_self_url_host(request_data)) request_data['server_port'] = '80' self.assertEqual('http://example.com', OneLogin_Saml2_Utils.get_self_url_host(request_data)) request_data['server_port'] = '81' self.assertEqual('http://example.com:81', OneLogin_Saml2_Utils.get_self_url_host(request_data)) request_data['server_port'] = '443' self.assertEqual('https://example.com', OneLogin_Saml2_Utils.get_self_url_host(request_data)) del request_data['server_port'] request_data['https'] = 'on' self.assertEqual('https://example.com', OneLogin_Saml2_Utils.get_self_url_host(request_data)) request_data['server_port'] = '444' self.assertEqual('https://example.com:444', OneLogin_Saml2_Utils.get_self_url_host(request_data)) request_data['server_port'] = '443' request_data['request_uri'] = '' self.assertEqual('https://example.com', OneLogin_Saml2_Utils.get_self_url_host(request_data)) request_data['request_uri'] = '/' self.assertEqual('https://example.com', OneLogin_Saml2_Utils.get_self_url_host(request_data)) request_data['request_uri'] = 'onelogin/' self.assertEqual('https://example.com', OneLogin_Saml2_Utils.get_self_url_host(request_data)) request_data['request_uri'] = '/onelogin' self.assertEqual('https://example.com', OneLogin_Saml2_Utils.get_self_url_host(request_data)) request_data['request_uri'] = 'https://example.com/onelogin/sso' self.assertEqual('https://example.com', OneLogin_Saml2_Utils.get_self_url_host(request_data)) request_data2 = { 'request_uri': 'example.com/onelogin/sso' } with self.assertRaises(Exception) as context: OneLogin_Saml2_Utils.get_self_url_host(request_data2) exception = context.exception self.assertIn("No hostname defined", str(exception)) def testGetSelfURL(self): """ Tests the get_self_url method of the OneLogin_Saml2_Utils """ request_data = { 'http_host': 'example.com' } url = OneLogin_Saml2_Utils.get_self_url_host(request_data) self.assertEqual(url, OneLogin_Saml2_Utils.get_self_url(request_data)) request_data['request_uri'] = '' self.assertEqual(url, OneLogin_Saml2_Utils.get_self_url(request_data)) request_data['request_uri'] = '/' self.assertEqual(url + '/', OneLogin_Saml2_Utils.get_self_url(request_data)) request_data['request_uri'] = 'index.html' self.assertEqual(url + 'index.html', OneLogin_Saml2_Utils.get_self_url(request_data)) request_data['request_uri'] = '?index.html' self.assertEqual(url + '?index.html', OneLogin_Saml2_Utils.get_self_url(request_data)) request_data['request_uri'] = '/index.html' self.assertEqual(url + '/index.html', OneLogin_Saml2_Utils.get_self_url(request_data)) request_data['request_uri'] = '/index.html?testing' self.assertEqual(url + '/index.html?testing', OneLogin_Saml2_Utils.get_self_url(request_data)) request_data['request_uri'] = '/test/index.html?testing' self.assertEqual(url + '/test/index.html?testing', OneLogin_Saml2_Utils.get_self_url(request_data)) request_data['request_uri'] = 'https://example.com/testing' self.assertEqual(url + '/testing', OneLogin_Saml2_Utils.get_self_url(request_data)) def testGetSelfURLNoQuery(self): """ Tests the get_self_url_no_query method of the OneLogin_Saml2_Utils """ request_data = { 'http_host': 'example.com', 'script_name': '/index.html' } url = OneLogin_Saml2_Utils.get_self_url_host(request_data) + request_data['script_name'] self.assertEqual(url, OneLogin_Saml2_Utils.get_self_url_no_query(request_data)) request_data['path_info'] = '/test' self.assertEqual(url + '/test', OneLogin_Saml2_Utils.get_self_url_no_query(request_data)) def testGetSelfRoutedURLNoQuery(self): """ Tests the get_self_routed_url_no_query method of the OneLogin_Saml2_Utils """ request_data = { 'http_host': 'example.com', 'request_uri': '/example1/route?x=test', 'query_string': '?x=test' } url = OneLogin_Saml2_Utils.get_self_url_host(request_data) + '/example1/route' self.assertEqual(url, OneLogin_Saml2_Utils.get_self_routed_url_no_query(request_data)) request_data_2 = { 'http_host': 'example.com', 'request_uri': '', } url_2 = OneLogin_Saml2_Utils.get_self_url_host(request_data_2) self.assertEqual(url_2, OneLogin_Saml2_Utils.get_self_routed_url_no_query(request_data_2)) request_data_3 = { 'http_host': 'example.com', } url_3 = OneLogin_Saml2_Utils.get_self_url_host(request_data_3) self.assertEqual(url_3, OneLogin_Saml2_Utils.get_self_routed_url_no_query(request_data_3)) request_data_4 = { 'http_host': 'example.com', 'request_uri': '/example1/route/test/', 'query_string': '?invalid=1' } url_4 = OneLogin_Saml2_Utils.get_self_url_host(request_data_4) + '/example1/route/test/' self.assertEqual(url_4, OneLogin_Saml2_Utils.get_self_routed_url_no_query(request_data_4)) request_data_5 = { 'http_host': 'example.com', 'request_uri': '/example1/route/test/', 'query_string': '' } url_5 = OneLogin_Saml2_Utils.get_self_url_host(request_data_5) + '/example1/route/test/' self.assertEqual(url_5, OneLogin_Saml2_Utils.get_self_routed_url_no_query(request_data_5)) request_data_6 = { 'http_host': 'example.com', 'request_uri': '/example1/route/test/', } url_6 = OneLogin_Saml2_Utils.get_self_url_host(request_data_6) + '/example1/route/test/' self.assertEqual(url_6, OneLogin_Saml2_Utils.get_self_routed_url_no_query(request_data_6)) def testGetStatus(self): """ Gets the status of a message """ xml = self.file_contents(join(self.data_path, 'responses', 'response1.xml.base64')) xml = b64decode(xml) dom = etree.fromstring(xml) status = OneLogin_Saml2_Utils.get_status(dom) self.assertEqual(OneLogin_Saml2_Constants.STATUS_SUCCESS, status['code']) xml2 = self.file_contents(join(self.data_path, 'responses', 'invalids', 'status_code_responder.xml.base64')) xml2 = b64decode(xml2) dom2 = etree.fromstring(xml2) status2 = OneLogin_Saml2_Utils.get_status(dom2) self.assertEqual(OneLogin_Saml2_Constants.STATUS_RESPONDER, status2['code']) self.assertEqual('', status2['msg']) xml3 = self.file_contents(join(self.data_path, 'responses', 'invalids', 'status_code_responer_and_msg.xml.base64')) xml3 = b64decode(xml3) dom3 = etree.fromstring(xml3) status3 = OneLogin_Saml2_Utils.get_status(dom3) self.assertEqual(OneLogin_Saml2_Constants.STATUS_RESPONDER, status3['code']) self.assertEqual('something_is_wrong', status3['msg']) xml_inv = self.file_contents(join(self.data_path, 'responses', 'invalids', 'no_status.xml.base64')) xml_inv = b64decode(xml_inv) dom_inv = etree.fromstring(xml_inv) with self.assertRaisesRegex(Exception, 'Missing Status on response'): OneLogin_Saml2_Utils.get_status(dom_inv) xml_inv2 = self.file_contents(join(self.data_path, 'responses', 'invalids', 'no_status_code.xml.base64')) xml_inv2 = b64decode(xml_inv2) dom_inv2 = etree.fromstring(xml_inv2) with self.assertRaisesRegex(Exception, 'Missing Status Code on response'): OneLogin_Saml2_Utils.get_status(dom_inv2) def testParseDuration(self): """ Tests the parse_duration method of the OneLogin_Saml2_Utils """ duration = 'PT1393462294S' timestamp = 1393876825 parsed_duration = OneLogin_Saml2_Utils.parse_duration(duration, timestamp) self.assertEqual(2787339119, parsed_duration) parsed_duration_2 = OneLogin_Saml2_Utils.parse_duration(duration) self.assertTrue(parsed_duration_2 > parsed_duration) invalid_duration = 'PT1Y' with self.assertRaises(Exception) as context: OneLogin_Saml2_Utils.parse_duration(invalid_duration) exception = context.exception self.assertIn("Unrecognised ISO 8601 date format", str(exception)) new_duration = 'P1Y1M' parsed_duration_4 = OneLogin_Saml2_Utils.parse_duration(new_duration, timestamp) self.assertEqual(1428091225, parsed_duration_4) neg_duration = '-P14M' parsed_duration_5 = OneLogin_Saml2_Utils.parse_duration(neg_duration, timestamp) self.assertEqual(1357243225, parsed_duration_5) def testParseSAML2Time(self): """ Tests the parse_SAML_to_time method of the OneLogin_Saml2_Utils """ time = 1386650371 saml_time = '2013-12-10T04:39:31Z' self.assertEqual(time, OneLogin_Saml2_Utils.parse_SAML_to_time(saml_time)) with self.assertRaises(Exception) as context: OneLogin_Saml2_Utils.parse_SAML_to_time('invalidSAMLTime') exception = context.exception self.assertIn("does not match format", str(exception)) # Now test if toolkit supports miliseconds saml_time2 = '2013-12-10T04:39:31.120Z' self.assertEqual(time, OneLogin_Saml2_Utils.parse_SAML_to_time(saml_time2)) # Now test if toolkit supports microseconds saml_time3 = '2013-12-10T04:39:31.120240Z' self.assertEqual(time, OneLogin_Saml2_Utils.parse_SAML_to_time(saml_time3)) # Now test if toolkit supports nanoseconds saml_time4 = '2013-12-10T04:39:31.120240360Z' self.assertEqual(time, OneLogin_Saml2_Utils.parse_SAML_to_time(saml_time4)) def testParseTime2SAML(self): """ Tests the parse_time_to_SAML method of the OneLogin_Saml2_Utils """ time = 1386650371 saml_time = '2013-12-10T04:39:31Z' self.assertEqual(saml_time, OneLogin_Saml2_Utils.parse_time_to_SAML(time)) with self.assertRaises(Exception) as context: OneLogin_Saml2_Utils.parse_time_to_SAML('invalidtime') exception = context.exception self.assertIn("could not convert string to float", str(exception)) def testGetExpireTime(self): """ Tests the get_expire_time method of the OneLogin_Saml2_Utils """ self.assertEqual(None, OneLogin_Saml2_Utils.get_expire_time()) self.assertNotEqual(None, OneLogin_Saml2_Utils.get_expire_time('PT360000S')) self.assertEqual('1291955971', OneLogin_Saml2_Utils.get_expire_time('PT360000S', '2010-12-10T04:39:31Z')) self.assertEqual('1291955971', OneLogin_Saml2_Utils.get_expire_time('PT360000S', 1291955971)) self.assertNotEqual('3311642371', OneLogin_Saml2_Utils.get_expire_time('PT360000S', '2074-12-10T04:39:31Z')) self.assertNotEqual('3311642371', OneLogin_Saml2_Utils.get_expire_time('PT360000S', 1418186371)) def _generate_name_id_element(self, name_qualifier): name_id_value = 'value' entity_id = 'sp-entity-id' name_id_format = 'name-id-format' raw_name_id = OneLogin_Saml2_Utils.generate_name_id( name_id_value, entity_id, name_id_format, nq=name_qualifier, ) parser = etree.XMLParser(recover=True) return etree.fromstring(raw_name_id, parser) def testNameidGenerationIncludesNameQualifierAttribute(self): """ Tests the inclusion of NameQualifier in the generateNameId method of the OneLogin_Saml2_Utils """ idp_name_qualifier = 'idp-name-qualifier' idp_name_qualifier_attribute = ('NameQualifier', idp_name_qualifier) name_id = self._generate_name_id_element(idp_name_qualifier) self.assertIn(idp_name_qualifier_attribute, name_id.attrib.items()) def testNameidGenerationDoesNotIncludeNameQualifierAttribute(self): """ Tests the (not) inclusion of NameQualifier in the generateNameId method of the OneLogin_Saml2_Utils """ idp_name_qualifier = None not_expected_attribute = 'NameQualifier' name_id = self._generate_name_id_element(idp_name_qualifier) self.assertNotIn(not_expected_attribute, name_id.attrib.keys()) def testGenerateNameIdWithoutFormat(self): """ Tests the generateNameId method of the OneLogin_Saml2_Utils """ name_id_value = 'ONELOGIN_ce998811003f4e60f8b07a311dc641621379cfde' name_id_format = None name_id = OneLogin_Saml2_Utils.generate_name_id(name_id_value, None, name_id_format) expected_name_id = 'ONELOGIN_ce998811003f4e60f8b07a311dc641621379cfde' self.assertEqual(name_id, expected_name_id) def testGenerateNameIdWithSPNameQualifier(self): """ Tests the generateNameId method of the OneLogin_Saml2_Utils """ name_id_value = 'ONELOGIN_ce998811003f4e60f8b07a311dc641621379cfde' entity_id = 'http://stuff.com/endpoints/metadata.php' name_id_format = 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified' name_id = OneLogin_Saml2_Utils.generate_name_id(name_id_value, entity_id, name_id_format) expected_name_id = 'ONELOGIN_ce998811003f4e60f8b07a311dc641621379cfde' self.assertEqual(expected_name_id, name_id) settings_info = self.loadSettingsJSON() x509cert = settings_info['idp']['x509cert'] key = OneLogin_Saml2_Utils.format_cert(x509cert) name_id_enc = OneLogin_Saml2_Utils.generate_name_id(name_id_value, entity_id, name_id_format, key) expected_name_id_enc = '\n\n\n\n\n\n' self.assertIn(expected_name_id_enc, name_id_enc) def testGenerateNameIdWithoutSPNameQualifier(self): """ Tests the generateNameId method of the OneLogin_Saml2_Utils """ name_id_value = 'ONELOGIN_ce998811003f4e60f8b07a311dc641621379cfde' name_id_format = 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified' name_id = OneLogin_Saml2_Utils.generate_name_id(name_id_value, None, name_id_format) expected_name_id = 'ONELOGIN_ce998811003f4e60f8b07a311dc641621379cfde' self.assertEqual(expected_name_id, name_id) settings_info = self.loadSettingsJSON() x509cert = settings_info['idp']['x509cert'] key = OneLogin_Saml2_Utils.format_cert(x509cert) name_id_enc = OneLogin_Saml2_Utils.generate_name_id(name_id_value, None, name_id_format, key) expected_name_id_enc = '\n\n\n\n\n\n' self.assertIn(expected_name_id_enc, name_id_enc) def testCalculateX509Fingerprint(self): """ Tests the calculateX509Fingerprint method of the OneLogin_Saml2_Utils """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) cert_path = settings.get_cert_path() key = self.file_contents(cert_path + 'sp.key') cert = self.file_contents(cert_path + 'sp.crt') self.assertEqual(None, OneLogin_Saml2_Utils.calculate_x509_fingerprint(key)) self.assertEqual('afe71c28ef740bc87425be13a2263d37971da1f9', OneLogin_Saml2_Utils.calculate_x509_fingerprint(cert)) self.assertEqual('afe71c28ef740bc87425be13a2263d37971da1f9', OneLogin_Saml2_Utils.calculate_x509_fingerprint(cert, 'sha1')) self.assertEqual('c51cfa06c7a49767f6eab18238eae1c56708e29264da3d11f538a12cd2c357ba', OneLogin_Saml2_Utils.calculate_x509_fingerprint(cert, 'sha256')) self.assertEqual('bc5826e6f9429247254bae5e3c650e6968a36a62d23075eb168134978d88600559c10830c28711b2c29c7947c0c2eb1d', OneLogin_Saml2_Utils.calculate_x509_fingerprint(cert, 'sha384')) self.assertEqual('3db29251b97559c67988ea0754cb0573fc409b6f75d89282d57cfb75089539b0bbdb2dcd9ec6e032549ecbc466439d5992e18db2cf5494ca2fe1b2e16f348dff', OneLogin_Saml2_Utils.calculate_x509_fingerprint(cert, 'sha512')) def testDeleteLocalSession(self): """ Tests the delete_local_session method of the OneLogin_Saml2_Utils """ global local_session_test local_session_test = 1 OneLogin_Saml2_Utils.delete_local_session() self.assertEqual(1, local_session_test) dscb = lambda: self.session_cear() OneLogin_Saml2_Utils.delete_local_session(dscb) self.assertEqual(0, local_session_test) def session_cear(self): """ Auxiliar method to test the delete_local_session method of the OneLogin_Saml2_Utils """ global local_session_test local_session_test = 0 def testFormatFingerPrint(self): """ Tests the format_finger_print method of the OneLogin_Saml2_Utils """ finger_print_1 = 'AF:E7:1C:28:EF:74:0B:C8:74:25:BE:13:A2:26:3D:37:97:1D:A1:F9' self.assertEqual('afe71c28ef740bc87425be13a2263d37971da1f9', OneLogin_Saml2_Utils.format_finger_print(finger_print_1)) finger_print_2 = 'afe71c28ef740bc87425be13a2263d37971da1f9' self.assertEqual('afe71c28ef740bc87425be13a2263d37971da1f9', OneLogin_Saml2_Utils.format_finger_print(finger_print_2)) def testDecryptElement(self): """ Tests the decrypt_element method of the OneLogin_Saml2_Utils """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) key = settings.get_sp_key() xml_nameid_enc = b64decode(self.file_contents(join(self.data_path, 'responses', 'response_encrypted_nameid.xml.base64'))) dom_nameid_enc = etree.fromstring(xml_nameid_enc) encrypted_nameid_nodes = dom_nameid_enc.find('.//saml:EncryptedID', namespaces=OneLogin_Saml2_Constants.NSMAP) encrypted_data = encrypted_nameid_nodes[0] decrypted_nameid = OneLogin_Saml2_Utils.decrypt_element(encrypted_data, key) self.assertEqual('saml:NameID', decrypted_nameid.tag) self.assertEqual('2de11defd199f8d5bb63f9b7deb265ba5c675c10', decrypted_nameid.text) xml_assertion_enc = b64decode(self.file_contents(join(self.data_path, 'responses', 'valid_encrypted_assertion_encrypted_nameid.xml.base64'))) dom_assertion_enc = etree.fromstring(xml_assertion_enc) encrypted_assertion_enc_nodes = dom_assertion_enc.find('.//saml:EncryptedAssertion', namespaces=OneLogin_Saml2_Constants.NSMAP) encrypted_data_assert = encrypted_assertion_enc_nodes[0] decrypted_assertion = OneLogin_Saml2_Utils.decrypt_element(encrypted_data_assert, key) self.assertEqual('{%s}Assertion' % OneLogin_Saml2_Constants.NS_SAML, decrypted_assertion.tag) self.assertEqual('_6fe189b1c241827773902f2b1d3a843418206a5c97', decrypted_assertion.get('ID')) encrypted_nameid_nodes = decrypted_assertion.xpath('./saml:Subject/saml:EncryptedID', namespaces=OneLogin_Saml2_Constants.NSMAP) encrypted_data = encrypted_nameid_nodes[0][0] decrypted_nameid = OneLogin_Saml2_Utils.decrypt_element(encrypted_data, key) self.assertEqual('{%s}NameID' % OneLogin_Saml2_Constants.NS_SAML, decrypted_nameid.tag) self.assertEqual('457bdb600de717891c77647b0806ce59c089d5b8', decrypted_nameid.text) key_2_file_name = join(self.data_path, 'misc', 'sp2.key') f = open(key_2_file_name, 'r') key2 = f.read() f.close() # sp.key and sp2.key are equivalent we should be able to decrypt the nameID again decrypted_nameid = OneLogin_Saml2_Utils.decrypt_element(encrypted_data, key2) self.assertIn('{%s}NameID' % (OneLogin_Saml2_Constants.NS_SAML), decrypted_nameid.tag) self.assertEqual('457bdb600de717891c77647b0806ce59c089d5b8', decrypted_nameid.text) key_3_file_name = join(self.data_path, 'misc', 'sp3.key') f = open(key_3_file_name, 'r') key3 = f.read() f.close() # sp.key and sp3.key are equivalent we should be able to decrypt the nameID again decrypted_nameid = OneLogin_Saml2_Utils.decrypt_element(encrypted_data, key3) self.assertIn('{%s}NameID' % (OneLogin_Saml2_Constants.NS_SAML), decrypted_nameid.tag) self.assertEqual('457bdb600de717891c77647b0806ce59c089d5b8', decrypted_nameid.text) key_4_file_name = join(self.data_path, 'misc', 'sp4.key') f = open(key_4_file_name, 'r') key4 = f.read() f.close() with self.assertRaisesRegex(Exception, "(1, 'failed to decrypt')"): OneLogin_Saml2_Utils.decrypt_element(encrypted_data, key4) xml_nameid_enc_2 = b64decode(self.file_contents(join(self.data_path, 'responses', 'invalids', 'encrypted_nameID_without_EncMethod.xml.base64'))) dom_nameid_enc_2 = parseString(xml_nameid_enc_2) encrypted_nameid_nodes_2 = dom_nameid_enc_2.getElementsByTagName('saml:EncryptedID') encrypted_data_2 = encrypted_nameid_nodes_2[0].firstChild with self.assertRaisesRegex(Exception, "(1, 'failed to decrypt')"): OneLogin_Saml2_Utils.decrypt_element(encrypted_data_2, key) xml_nameid_enc_3 = b64decode(self.file_contents(join(self.data_path, 'responses', 'invalids', 'encrypted_nameID_without_keyinfo.xml.base64'))) dom_nameid_enc_3 = parseString(xml_nameid_enc_3) encrypted_nameid_nodes_3 = dom_nameid_enc_3.getElementsByTagName('saml:EncryptedID') encrypted_data_3 = encrypted_nameid_nodes_3[0].firstChild with self.assertRaisesRegex(Exception, "(1, 'failed to decrypt')"): OneLogin_Saml2_Utils.decrypt_element(encrypted_data_3, key) def testDecryptElementInplace(self): """ Tests the decrypt_element method of the OneLogin_Saml2_Utils with inplace=True """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) key = settings.get_sp_key() xml_nameid_enc = b64decode(self.file_contents(join(self.data_path, 'responses', 'response_encrypted_nameid.xml.base64'))) dom = fromstring(xml_nameid_enc) encrypted_node = dom.xpath('//saml:EncryptedID/xenc:EncryptedData', namespaces=OneLogin_Saml2_Constants.NSMAP)[0] # can be decrypted twice when copy the node first for _ in range(2): decrypted_nameid = OneLogin_Saml2_Utils.decrypt_element(encrypted_node, key, inplace=False) self.assertIn('NameID', decrypted_nameid.tag) self.assertEqual('2de11defd199f8d5bb63f9b7deb265ba5c675c10', decrypted_nameid.text) # can only be decrypted once in place decrypted_nameid = OneLogin_Saml2_Utils.decrypt_element(encrypted_node, key, inplace=True) self.assertIn('NameID', decrypted_nameid.tag) self.assertEqual('2de11defd199f8d5bb63f9b7deb265ba5c675c10', decrypted_nameid.text) # can't be decrypted twice since it has been decrypted inplace with self.assertRaisesRegex(Exception, "(1, 'failed to decrypt')"): OneLogin_Saml2_Utils.decrypt_element(encrypted_node, key, inplace=True) def testAddSign(self): """ Tests the add_sign method of the OneLogin_Saml2_Utils """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) key = settings.get_sp_key() cert = settings.get_sp_cert() xml_authn = b64decode(self.file_contents(join(self.data_path, 'requests', 'authn_request.xml.base64'))) xml_authn_signed = compat.to_string(OneLogin_Saml2_Utils.add_sign(xml_authn, key, cert)) self.assertIn('', xml_authn_signed) res = parseString(xml_authn_signed) ds_signature = res.firstChild.firstChild.nextSibling.nextSibling self.assertIn('ds:Signature', ds_signature.tagName) xml_authn_dom = parseString(xml_authn) xml_authn_signed_2 = compat.to_string(OneLogin_Saml2_Utils.add_sign(xml_authn_dom.toxml(), key, cert)) self.assertIn('', xml_authn_signed_2) res_2 = parseString(xml_authn_signed_2) ds_signature_2 = res_2.firstChild.firstChild.nextSibling.nextSibling self.assertIn('ds:Signature', ds_signature_2.tagName) xml_authn_signed_3 = compat.to_string(OneLogin_Saml2_Utils.add_sign(xml_authn_dom.firstChild.toxml(), key, cert)) self.assertIn('', xml_authn_signed_3) res_3 = parseString(xml_authn_signed_3) ds_signature_3 = res_3.firstChild.firstChild.nextSibling.nextSibling self.assertIn('ds:Signature', ds_signature_3.tagName) xml_authn_etree = etree.fromstring(xml_authn) xml_authn_signed_4 = compat.to_string(OneLogin_Saml2_Utils.add_sign(xml_authn_etree, key, cert)) self.assertIn('', xml_authn_signed_4) res_4 = parseString(xml_authn_signed_4) ds_signature_4 = res_4.firstChild.firstChild.nextSibling.nextSibling self.assertIn('ds:Signature', ds_signature_4.tagName) xml_authn_signed_5 = compat.to_string(OneLogin_Saml2_Utils.add_sign(xml_authn_etree, key, cert)) self.assertIn('', xml_authn_signed_5) res_5 = parseString(xml_authn_signed_5) ds_signature_5 = res_5.firstChild.firstChild.nextSibling.nextSibling self.assertIn('ds:Signature', ds_signature_5.tagName) xml_logout_req = b64decode(self.file_contents(join(self.data_path, 'logout_requests', 'logout_request.xml.base64'))) xml_logout_req_signed = compat.to_string(OneLogin_Saml2_Utils.add_sign(xml_logout_req, key, cert)) self.assertIn('', xml_logout_req_signed) res_6 = parseString(xml_logout_req_signed) ds_signature_6 = res_6.firstChild.firstChild.nextSibling.nextSibling self.assertIn('ds:Signature', ds_signature_6.tagName) xml_logout_res = b64decode(self.file_contents(join(self.data_path, 'logout_responses', 'logout_response.xml.base64'))) xml_logout_res_signed = compat.to_string(OneLogin_Saml2_Utils.add_sign(xml_logout_res, key, cert)) self.assertIn('', xml_logout_res_signed) res_7 = parseString(xml_logout_res_signed) ds_signature_7 = res_7.firstChild.firstChild.nextSibling.nextSibling self.assertIn('ds:Signature', ds_signature_7.tagName) xml_metadata = self.file_contents(join(self.data_path, 'metadata', 'metadata_settings1.xml')) xml_metadata_signed = compat.to_string(OneLogin_Saml2_Utils.add_sign(xml_metadata, key, cert)) self.assertIn('', xml_metadata_signed) res_8 = parseString(xml_metadata_signed) ds_signature_8 = res_8.firstChild.firstChild.nextSibling self.assertIn('ds:Signature', ds_signature_8.tagName) def testAddSignCheckAlg(self): """ Tests the add_sign method of the OneLogin_Saml2_Utils Case: Review signature & digest algorithm """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) key = settings.get_sp_key() cert = settings.get_sp_cert() xml_authn = b64decode(self.file_contents(join(self.data_path, 'requests', 'authn_request.xml.base64'))) xml_authn_signed = compat.to_string(OneLogin_Saml2_Utils.add_sign(xml_authn, key, cert)) self.assertIn('', xml_authn_signed) self.assertIn('', xml_authn_signed) self.assertIn('', xml_authn_signed) xml_authn_signed_2 = compat.to_string(OneLogin_Saml2_Utils.add_sign(xml_authn, key, cert, False, OneLogin_Saml2_Constants.RSA_SHA256, OneLogin_Saml2_Constants.SHA384)) self.assertIn('', xml_authn_signed_2) self.assertIn('', xml_authn_signed_2) self.assertIn('', xml_authn_signed_2) xml_authn_signed_3 = compat.to_string(OneLogin_Saml2_Utils.add_sign(xml_authn, key, cert, False, OneLogin_Saml2_Constants.RSA_SHA384, OneLogin_Saml2_Constants.SHA512)) self.assertIn('', xml_authn_signed_3) self.assertIn('', xml_authn_signed_3) self.assertIn('', xml_authn_signed_3) def testValidateSign(self): """ Tests the validate_sign method of the OneLogin_Saml2_Utils """ settings = OneLogin_Saml2_Settings(self.loadSettingsJSON()) idp_data = settings.get_idp_data() cert = idp_data['x509cert'] settings_2 = OneLogin_Saml2_Settings(self.loadSettingsJSON('settings2.json')) idp_data2 = settings_2.get_idp_data() cert_2 = idp_data2['x509cert'] fingerprint_2 = OneLogin_Saml2_Utils.calculate_x509_fingerprint(cert_2) fingerprint_2_256 = OneLogin_Saml2_Utils.calculate_x509_fingerprint(cert_2, 'sha256') try: self.assertFalse(OneLogin_Saml2_Utils.validate_sign('', cert)) except Exception as e: self.assertEqual('Empty string supplied as input', str(e)) # expired cert xml_metadata_signed = self.file_contents(join(self.data_path, 'metadata', 'signed_metadata_settings1.xml')) self.assertTrue(OneLogin_Saml2_Utils.validate_metadata_sign(xml_metadata_signed, cert)) # expired cert, verified it self.assertFalse(OneLogin_Saml2_Utils.validate_metadata_sign(xml_metadata_signed, cert, validatecert=True)) xml_metadata_signed_2 = self.file_contents(join(self.data_path, 'metadata', 'signed_metadata_settings2.xml')) self.assertTrue(OneLogin_Saml2_Utils.validate_metadata_sign(xml_metadata_signed_2, cert_2)) self.assertTrue(OneLogin_Saml2_Utils.validate_metadata_sign(xml_metadata_signed_2, None, fingerprint_2)) xml_response_msg_signed = b64decode(self.file_contents(join(self.data_path, 'responses', 'signed_message_response.xml.base64'))) # expired cert self.assertTrue(OneLogin_Saml2_Utils.validate_sign(xml_response_msg_signed, cert)) # expired cert, verified it self.assertFalse(OneLogin_Saml2_Utils.validate_sign(xml_response_msg_signed, cert, validatecert=True)) # modified cert other_cert_path = join(dirname(__file__), '..', '..', '..', 'certs') f = open(other_cert_path + '/certificate1', 'r') cert_x = f.read() f.close() self.assertFalse(OneLogin_Saml2_Utils.validate_sign(xml_response_msg_signed, cert_x)) self.assertFalse(OneLogin_Saml2_Utils.validate_sign(xml_response_msg_signed, cert_x, validatecert=True)) xml_response_msg_signed_2 = b64decode(self.file_contents(join(self.data_path, 'responses', 'signed_message_response2.xml.base64'))) self.assertTrue(OneLogin_Saml2_Utils.validate_sign(xml_response_msg_signed_2, cert_2)) self.assertTrue(OneLogin_Saml2_Utils.validate_sign(xml_response_msg_signed_2, None, fingerprint_2)) self.assertTrue(OneLogin_Saml2_Utils.validate_sign(xml_response_msg_signed_2, None, fingerprint_2, 'sha1')) self.assertTrue(OneLogin_Saml2_Utils.validate_sign(xml_response_msg_signed_2, None, fingerprint_2_256, 'sha256')) xml_response_assert_signed = b64decode(self.file_contents(join(self.data_path, 'responses', 'signed_assertion_response.xml.base64'))) # expired cert self.assertTrue(OneLogin_Saml2_Utils.validate_sign(xml_response_assert_signed, cert)) # expired cert, verified it self.assertFalse(OneLogin_Saml2_Utils.validate_sign(xml_response_assert_signed, cert, validatecert=True)) xml_response_assert_signed_2 = b64decode(self.file_contents(join(self.data_path, 'responses', 'signed_assertion_response2.xml.base64'))) self.assertTrue(OneLogin_Saml2_Utils.validate_sign(xml_response_assert_signed_2, cert_2)) self.assertTrue(OneLogin_Saml2_Utils.validate_sign(xml_response_assert_signed_2, None, fingerprint_2)) xml_response_double_signed = b64decode(self.file_contents(join(self.data_path, 'responses', 'double_signed_response.xml.base64'))) # expired cert self.assertTrue(OneLogin_Saml2_Utils.validate_sign(xml_response_double_signed, cert)) # expired cert, verified it self.assertFalse(OneLogin_Saml2_Utils.validate_sign(xml_response_double_signed, cert, validatecert=True)) xml_response_double_signed_2 = b64decode(self.file_contents(join(self.data_path, 'responses', 'double_signed_response2.xml.base64'))) self.assertTrue(OneLogin_Saml2_Utils.validate_sign(xml_response_double_signed_2, cert_2)) self.assertTrue(OneLogin_Saml2_Utils.validate_sign(xml_response_double_signed_2, None, fingerprint_2)) dom = parseString(xml_response_msg_signed_2) self.assertTrue(OneLogin_Saml2_Utils.validate_sign(dom.toxml(), cert_2)) dom.firstChild.firstChild.firstChild.nodeValue = 'https://idp.example.com/simplesaml/saml2/idp/metadata.php' dom.firstChild.getAttributeNode('ID').nodeValue = u'_34fg27g212d63k1f923845324475802ac0fc24530b' # Reference validation failed self.assertFalse(OneLogin_Saml2_Utils.validate_sign(dom.toxml(), cert_2)) invalid_fingerprint = 'afe71c34ef740bc87434be13a2263d31271da1f9' # Wrong fingerprint self.assertFalse(OneLogin_Saml2_Utils.validate_metadata_sign(xml_metadata_signed_2, None, invalid_fingerprint)) dom_2 = parseString(xml_response_double_signed_2) self.assertTrue(OneLogin_Saml2_Utils.validate_sign(dom_2.toxml(), cert_2)) dom_2.firstChild.firstChild.firstChild.nodeValue = 'https://example.com/other-idp' # Modified message self.assertFalse(OneLogin_Saml2_Utils.validate_sign(dom_2.toxml(), cert_2)) # Try to validate directly the Assertion dom_3 = parseString(xml_response_double_signed_2) assert_elem_3 = dom_3.firstChild.firstChild.nextSibling.nextSibling.nextSibling assert_elem_3.setAttributeNS(OneLogin_Saml2_Constants.NS_SAML, 'xmlns:saml', OneLogin_Saml2_Constants.NS_SAML) self.assertFalse(OneLogin_Saml2_Utils.validate_sign(assert_elem_3.toxml(), cert_2)) # Wrong scheme no_signed = b64decode(self.file_contents(join(self.data_path, 'responses', 'invalids', 'no_signature.xml.base64'))) self.assertFalse(OneLogin_Saml2_Utils.validate_sign(no_signed, cert)) no_key = b64decode(self.file_contents(join(self.data_path, 'responses', 'invalids', 'no_key.xml.base64'))) self.assertFalse(OneLogin_Saml2_Utils.validate_sign(no_key, cert)) # Signature Wrapping attack wrapping_attack1 = b64decode(self.file_contents(join(self.data_path, 'responses', 'invalids', 'signature_wrapping_attack.xml.base64'))) self.assertFalse(OneLogin_Saml2_Utils.validate_sign(wrapping_attack1, cert)) def testNormalizeUrl(self): base_url = 'https://blah.com/path' capital_scheme = 'hTTps://blah.com/path' capital_domain = 'https://blAH.Com/path' capital_path = 'https://blah.com/PAth' capital_all = 'HTTPS://BLAH.COM/PATH' self.assertIn(base_url, OneLogin_Saml2_Utils.normalize_url(capital_scheme)) self.assertIn(base_url, OneLogin_Saml2_Utils.normalize_url(capital_domain)) self.assertNotIn(base_url, OneLogin_Saml2_Utils.normalize_url(capital_path)) self.assertNotIn(base_url, OneLogin_Saml2_Utils.normalize_url(capital_all)) python3-saml-1.12.0/tests/src/OneLogin/saml2_tests/xml_utils_test.py000066400000000000000000000137731410551756100255050ustar00rootroot00000000000000# -*- coding: utf-8 -*- # Copyright (c) 2010-2021 OneLogin, Inc. # MIT License import json import unittest from base64 import b64decode from lxml import etree from os.path import dirname, join, exists from onelogin.saml2.utils import OneLogin_Saml2_XML class TestOneLoginSaml2Xml(unittest.TestCase): data_path = join(dirname(__file__), '..', '..', '..', 'data') def loadSettingsJSON(self, filename=None): if filename: filename = join(dirname(__file__), '..', '..', '..', 'settings', filename) else: filename = join(dirname(__file__), '..', '..', '..', 'settings', 'settings1.json') if exists(filename): stream = open(filename, 'r') settings = json.load(stream) stream.close() return settings else: raise Exception('Settings json file does not exist') def file_contents(self, filename): f = open(filename, 'r') content = f.read() f.close() return content def testValidateXML(self): """ Tests the validate_xml method of the OneLogin_Saml2_XML """ metadata_unloaded = '' res = OneLogin_Saml2_XML.validate_xml(metadata_unloaded, 'saml-schema-metadata-2.0.xsd') self.assertIsInstance(res, str) self.assertIn('unloaded_xml', res) metadata_invalid = self.file_contents(join(self.data_path, 'metadata', 'noentity_metadata_settings1.xml')) res = OneLogin_Saml2_XML.validate_xml(metadata_invalid, 'saml-schema-metadata-2.0.xsd') self.assertIsInstance(res, str) self.assertIn('invalid_xml', res) metadata_expired = self.file_contents(join(self.data_path, 'metadata', 'expired_metadata_settings1.xml')) res = OneLogin_Saml2_XML.validate_xml(metadata_expired, 'saml-schema-metadata-2.0.xsd') self.assertIsInstance(res, OneLogin_Saml2_XML._element_class) metadata_ok = self.file_contents(join(self.data_path, 'metadata', 'metadata_settings1.xml')) res = OneLogin_Saml2_XML.validate_xml(metadata_ok, 'saml-schema-metadata-2.0.xsd') self.assertIsInstance(res, OneLogin_Saml2_XML._element_class) def testToString(self): """ Tests the to_string method of the OneLogin_Saml2_XML """ xml = 'test1' elem = etree.fromstring(xml) bxml = xml.encode('utf8') self.assertIs(xml, OneLogin_Saml2_XML.to_string(xml)) self.assertIs(bxml, OneLogin_Saml2_XML.to_string(bxml)) self.assertEqual(etree.tostring(elem), OneLogin_Saml2_XML.to_string(elem)) with self.assertRaises(ValueError) as context: OneLogin_Saml2_XML.to_string(1) exception = context.exception self.assertIn("unsupported type", str(exception)) def testToElement(self): """ Tests the to_etree method of the OneLogin_Saml2_XML """ xml = 'test1' elem = etree.fromstring(xml) xml_expected = etree.tostring(elem) res = OneLogin_Saml2_XML.to_etree(xml) self.assertIsInstance(res, etree._Element) self.assertEqual(xml_expected, etree.tostring(res)) res = OneLogin_Saml2_XML.to_etree(xml.encode('utf8')) self.assertIsInstance(res, etree._Element) self.assertEqual(xml_expected, etree.tostring(res)) self.assertIsInstance(res, etree._Element) self.assertEqual(xml_expected, etree.tostring(res)) res = OneLogin_Saml2_XML.to_etree(elem) self.assertIs(res, elem) with self.assertRaises(ValueError) as context: OneLogin_Saml2_XML.to_etree(1) exception = context.exception self.assertIn("unsupported type", str(exception)) def testQuery(self): """ Tests the query method of the OneLogin_Saml2_Utils """ xml = self.file_contents(join(self.data_path, 'responses', 'valid_response.xml.base64')) xml = b64decode(xml) dom = etree.fromstring(xml) assertion_nodes = OneLogin_Saml2_XML.query(dom, '/samlp:Response/saml:Assertion') self.assertEqual(1, len(assertion_nodes)) assertion = assertion_nodes[0] self.assertIn('Assertion', assertion.tag) attribute_statement_nodes = OneLogin_Saml2_XML.query(dom, '/samlp:Response/saml:Assertion/saml:AttributeStatement') self.assertEqual(1, len(assertion_nodes)) attribute_statement = attribute_statement_nodes[0] self.assertIn('AttributeStatement', attribute_statement.tag) attribute_statement_nodes_2 = OneLogin_Saml2_XML.query(dom, './saml:AttributeStatement', assertion) self.assertEqual(1, len(attribute_statement_nodes_2)) attribute_statement_2 = attribute_statement_nodes_2[0] self.assertEqual(attribute_statement, attribute_statement_2) signature_res_nodes = OneLogin_Saml2_XML.query(dom, '/samlp:Response/ds:Signature') self.assertEqual(1, len(signature_res_nodes)) signature_res = signature_res_nodes[0] self.assertIn('Signature', signature_res.tag) signature_nodes = OneLogin_Saml2_XML.query(dom, '/samlp:Response/saml:Assertion/ds:Signature') self.assertEqual(1, len(signature_nodes)) signature = signature_nodes[0] self.assertIn('Signature', signature.tag) signature_nodes_2 = OneLogin_Saml2_XML.query(dom, './ds:Signature', assertion) self.assertEqual(1, len(signature_nodes_2)) signature2 = signature_nodes_2[0] self.assertNotEqual(signature_res, signature2) self.assertEqual(signature, signature2) signature_nodes_3 = OneLogin_Saml2_XML.query(dom, './ds:SignatureValue', assertion) self.assertEqual(0, len(signature_nodes_3)) signature_nodes_4 = OneLogin_Saml2_XML.query(dom, './ds:Signature/ds:SignatureValue', assertion) self.assertEqual(1, len(signature_nodes_4)) signature_nodes_5 = OneLogin_Saml2_XML.query(dom, './/ds:SignatureValue', assertion) self.assertEqual(1, len(signature_nodes_5)) python3-saml-1.12.0/tests/src/__init__.py000066400000000000000000000000001410551756100201660ustar00rootroot00000000000000