#!/usr/share/ucs-test/runner python
## desc: Test passwordless login at SP with existing session at IdP
## tags: [saml]
## roles-not: [domaincontroller_master]
## join: true
## exposure: safe
## tags:
##  - skip_admember

from __future__ import print_function
import univention.admin.modules as udm_modules
import univention.testing.utils as utils
import samltest
udm_modules.update()


def main():
	account = utils.UCSTestDomainAdminCredentials()
	SamlSession = samltest.SamlTest(account.username, account.bindpw)
	lo = utils.get_ldap_connection(admin_uldap=True)

	master = udm_modules.lookup('computers/domaincontroller_master', None, lo, scope='sub')
	master_hostname = "%s.%s" % (master[0]['name'], master[0]['domain'])
	try:
		SamlSession.login_with_new_session_at_IdP()
		SamlSession.test_login()
		SamlSession.target_sp_hostname = master_hostname
		SamlSession.login_with_existing_session_at_IdP()
		SamlSession.test_login()
	except samltest.SamlError as exc:
		utils.fail(exc.message)


if __name__ == '__main__':
	main()
	print("Success: SSO with existing session is working")
