SAML2 SPID Service Provider validation tool that can be run from the command line
Project description
spid-sp-test
spid-sp-test is a SAML2 SPID Service Provider validation tool that can be run from the command line. This tool was born by separating the test library already present in spid-saml-check.
Features
spid-sp-test is:
- extremely faster in execution time than spid-saml-check
- extremely easy to setup
- able to test a SAML2 SPID Metadata file
- able to test a SAML2 SPID AuthnRequest
- integrable in CI
- able to export a detailed report in json format, in stdout or in a file.
Roadmap
- Next releases: a hundred of SAML2 SPID fake Responses ... For security assessment!
How to handle Http Response checks?
- python
requestsand SAML2 needs to use a POST method to a ACS service. Thenrequestschecks http status page in the HTTP response page, then saves HTML to a browsable folder for any further human analisys - selenium HQ -> very huge to be loaded in a CI!
it is possible to think of getting screenshots using selenium HQ but the use of selenium should be completely optional for the needs of CI.
Setup
apt install libxml2-dev libxmlsec1-dev libxmlsec1-openssl
pip install spid-sp-test --upgrade --no-cache
Examples
Run spid_sp_test -h for inline documentation.
optional arguments:
-h, --help show this help message and exit
--metadata-url METADATA_URL
URL where SAML2 Metadata resides: it can be file://path or https://fqdn
--idp-metadata get example IdP metadata
-l [LIST [LIST ...]], --list [LIST [LIST ...]]
esecute only selected checks
--extra execute extra checks
--authn-url AUTHN_URL
URL where the SP initializes the Authentication Request to this IDP,it can also be a file:///
-tr, --test-response execute SAML2 responses
-tp TEMPLATE_PATH, --template-path TEMPLATE_PATH
templates containing SAML2 xml templates, for responses
-tn [TEST_NAMES [TEST_NAMES ...]], --test-names [TEST_NAMES [TEST_NAMES ...]]
response test to be executed, eg: 01 02 03
-tj [TEST_JSONS [TEST_JSONS ...]], --test-jsons [TEST_JSONS [TEST_JSONS ...]]
custom test via json file, eg: tests/example.test-suite.json
-aj ATTR_JSON, --attr-json ATTR_JSON
loads user attributes via json, eg: tests/example.attributes.json
-json json output
-o O json output to file
-d {CRITICAL,ERROR,WARNING,INFO,DEBUG}, --debug {CRITICAL,ERROR,WARNING,INFO,DEBUG}
Debug level, see python logging
-xp XMLSEC_PATH, --xmlsec-path XMLSEC_PATH
xmlsec1 executable path, eg: /usr/bin/xmlsec1
examples:
src/spid_sp_test/spid_sp_test --metadata-url file://metadata.xml
src/spid_sp_test/spid_sp_test --metadata-url http://localhost:8000/spid/metadata --extra
src/spid_sp_test/spid_sp_test --metadata-url http://localhost:8000/spid/metadata -l test_Organization test_Signature
# export idp metadata
src/spid_sp_test/spid_sp_test --idp-metadata
# test an authentication request made by a SP
src/spid_sp_test/spid_sp_test --metadata-url http://localhost:8000/spid/metadata --authn-url http://localhost:8000/spid/login/?idp=spid-idp-test
# select which tests to execute
src/spid_sp_test/spid_sp_test --metadata-url http://localhost:8000/spid/metadata --authn-url http://localhost:8000/spid/login/?idp=http://localhost:8080 --extra -debug ERROR -json -l xsd_check
# execute Response tests
src/spid_sp_test/spid_sp_test --metadata-url http://localhost:8000/spid/metadata --authn-url http://localhost:8000/spid/login/?idp=http://localhost:54321 --extra -debug ERROR -tr
# select which response test to execute
src/spid_sp_test/spid_sp_test --metadata-url http://localhost:8000/spid/metadata --authn-url http://localhost:8000/spid/login/?idp=http://localhost:54321 --extra --debug INFO -tr -tn 1 8 9 24 63
# run a test suite configured in a json file
src/spid_sp_test/spid_sp_test --metadata-url http://localhost:8000/spid/metadata --authn-url http://localhost:8000/spid/login/?idp=http://localhost:54321 --extra --debug INFO -tr -tj tests/example.test-suite.json
# select which user attribute to return in response via json file
src/spid_sp_test/spid_sp_test --metadata-url http://localhost:8000/spid/metadata --authn-url http://localhost:8000/spid/login/?idp=http://localhost:54321 --extra --debug DEBUG -aj tests/example.attributes.json
Test metadata passing a file
spid_sp_test --metadata-url file://metadata.xml
Test metadata from a URL
spid_sp_test --metadata-url http://localhost:8000/spid/metadata
Get fake IdP metadata and copy it to your SP metadatastore folder
spid_sp_test --idp-metadata > /path/to/spid-django/example/spid_config/metadata/spid-sp-test.xml
A quite standard test
spid_sp_test --metadata-url http://localhost:8000/spid/metadata --authn-url http://localhost:8000/spid/login/?idp=http://localhost:8088 --extra
Print only ERRORs
spid_sp_test --metadata-url http://localhost:8000/spid/metadata --authn-url http://localhost:8000/spid/login/?idp=http://localhost:8080 --extra -debug ERROR
JSON report (add -o filename.json to write to a file)
spid_sp_test --metadata-url http://localhost:8000/spid/metadata --authn-url http://localhost:8000/spid/login/?idp=http://localhost:8080 --extra -debug CRITICAL -json
Authors
References
TLS/SSL tests
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
spid_sp_test-0.4.0.tar.gz
(83.2 kB
view details)
File details
Details for the file spid_sp_test-0.4.0.tar.gz.
File metadata
- Download URL: spid_sp_test-0.4.0.tar.gz
- Upload date:
- Size: 83.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/51.3.3 requests-toolbelt/0.9.1 tqdm/4.58.0 CPython/3.8.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 4b9e81209a74cb95408cd2ae3ed89a40e2662192b8f6624c41138e0df629275f |
|
| MD5 | d6e69f941fa06feacb708e43aa29e290 |
|
| BLAKE2b-256 | 9c47faa20bc820a9c63e6d80e952cb7f28aa86f9a94b05593f9a64f2625de71c |
