public void Saml2AssertionExtensions_ToXElement_NullCheck()
{
Saml2Assertion assertion = null;
Action a = () => assertion.ToXElement();
a.ShouldThrow <ArgumentNullException>().And.ParamName.Should().Be("assertion");
}
public void Saml2AssertionExtensions_ToXElement_Issuer()
{
var issuer = "http://idp.example.com";
var assertion = new Saml2Assertion(new Saml2NameIdentifier(issuer));
var subject = assertion.ToXElement();
subject.Element(Saml2Namespaces.Saml2 + "Issuer").Value.Should().Be(issuer);
}
public void Saml2AssertionExtensions_ToXElement_Statements()
{
var attributeValue = "Test";
var assertion = new Saml2Assertion(
new Saml2NameIdentifier("http://idp.example.com"));
assertion.Statements.Add(
new Saml2AttributeStatement(new Saml2Attribute(ClaimTypes.Role, attributeValue)));
assertion.Statements.Add(
new Saml2AuthenticationStatement(
new Saml2AuthenticationContext(
new Uri("urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified")))
{
SessionIndex = "SessionIndex"
});
// Grab time before and after to use when comparing times. Even if
// the time changes in the middle of the test, it should match one
// of these times (unless you're debugging and spending more than
// one second stepping through the code).
var timeBefore = DateTime.UtcNow;
var result = assertion.ToXElement();
var timeAfter = DateTime.UtcNow;
var actualAttributeXml = result.Element(Saml2Namespaces.Saml2 + "AttributeStatement");
var expectedAttributeXml = new XElement(Saml2Namespaces.Saml2 + "AttributeStatement",
new XElement(Saml2Namespaces.Saml2 + "Attribute",
new XAttribute("Name", ClaimTypes.Role),
new XElement(Saml2Namespaces.Saml2 + "AttributeValue",
attributeValue)));
actualAttributeXml.Should().BeEquivalentTo(expectedAttributeXml);
var actualAuthnXml = result.Element(Saml2Namespaces.Saml2 + "AuthnStatement");
// Compare time first and then drop it to avoid race issues
var authnInstant = actualAuthnXml.Attribute("AuthnInstant");
authnInstant.Value.Should().Match(
d => d == timeBefore.ToSaml2DateTimeString() || d == timeAfter.ToSaml2DateTimeString());
authnInstant.Remove();
var expectedAuthnXml = new XElement(Saml2Namespaces.Saml2 + "AuthnStatement",
new XAttribute("SessionIndex", "SessionIndex"),
new XElement(Saml2Namespaces.Saml2 + "AuthnContext",
new XElement(Saml2Namespaces.Saml2 + "AuthnContextClassRef",
"urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified")));
actualAuthnXml.Should().BeEquivalentTo(expectedAuthnXml);
}
public void Saml2AssertionExtensions_ToXElement_Subject()
{
var subjectName = "JohnDoe";
var assertion = new Saml2Assertion(
new Saml2NameIdentifier("http://idp.example.com"))
{
Subject = new Saml2Subject(new Saml2NameIdentifier(subjectName))
};
var subject = assertion.ToXElement();
subject.Element(Saml2Namespaces.Saml2 + "Subject").
Element(Saml2Namespaces.Saml2 + "NameID").Value.Should().Be(subjectName);
}
public void Saml2AssertionExtensions_ToXElement_Statements()
{
var attributeValue = "Test";
var assertion = new Saml2Assertion(
new Saml2NameIdentifier("http://idp.example.com"));
assertion.Statements.Add(
new Saml2AttributeStatement(new Saml2Attribute(ClaimTypes.Role, attributeValue)));
var subject = assertion.ToXElement();
subject.Element(Saml2Namespaces.Saml2 + "AttributeStatement").Element(Saml2Namespaces.Saml2 + "Attribute").Attribute("Name").Value.Should().Be(ClaimTypes.Role);
subject.Element(Saml2Namespaces.Saml2 + "AttributeStatement").Element(Saml2Namespaces.Saml2 + "Attribute").Element(Saml2Namespaces.Saml2 + "AttributeValue").Value.Should().Be(attributeValue);
}
public void Saml2AssertionExtensions_ToXElement_Conditions()
{
var assertion = new Saml2Assertion(
new Saml2NameIdentifier("http://idp.example.com"))
{
Conditions = new Saml2Conditions()
{
NotOnOrAfter = new DateTime(2099, 07, 25, 19, 52, 42, DateTimeKind.Utc)
}
};
var subject = assertion.ToXElement();
subject.Element(Saml2Namespaces.Saml2 + "Conditions")
.Attribute("NotOnOrAfter").Value.Should().Be("2099-07-25T19:52:42Z");
}
public void Saml2AssertionExtensions_ToXElement_SubjectConfirmationData()
{
var subjectName = "JohnDoe";
var destination = new Uri("http://sp.example.com");
var inResponseTo = new Saml2Id("abc123");
var notOnOrAfter = DateTime.UtcNow.AddMinutes(2);
var assertion = new Saml2Assertion(
new Saml2NameIdentifier("http://idp.example.com"))
{
Subject = new Saml2Subject(new Saml2NameIdentifier(subjectName))
{
SubjectConfirmations =
{
new Saml2SubjectConfirmation(
new Uri("urn:oasis:names:tc:SAML:2.0:cm:bearer"),
new Saml2SubjectConfirmationData
{
NotOnOrAfter = notOnOrAfter,
InResponseTo = inResponseTo,
Recipient = destination
})
}
}
};
var subject = assertion.ToXElement();
var confirmationData = subject.Element(Saml2Namespaces.Saml2 + "Subject").
Element(Saml2Namespaces.Saml2 + "SubjectConfirmation").
Element(Saml2Namespaces.Saml2 + "SubjectConfirmationData");
confirmationData.
Attribute("Recipient").Value.Should().Be(destination.OriginalString);
confirmationData.
Attribute("NotOnOrAfter").Value.Should().Be(notOnOrAfter.ToSaml2DateTimeString());
confirmationData.
Attribute("InResponseTo").Value.Should().Be(inResponseTo.Value);
}
public void Saml2AssertionExtensions_ToXElement_Xml_BasicAttributes()
{
// Grab the current time before and after creating the assertion to
// handle the unlikely event that the second part of the date time
// is incremented during the test run. We don't want any heisenbugs.
var before = DateTime.UtcNow.ToSaml2DateTimeString();
var issuer = "http://idp.example.com";
var assertion = new Saml2Assertion(new Saml2NameIdentifier(issuer));
var after = DateTime.UtcNow.ToSaml2DateTimeString();
var subject = assertion.ToXElement();
subject.ToString().Should().StartWith(
@"<saml2:Assertion xmlns:saml2=""urn:oasis:names:tc:SAML:2.0:assertion");
subject.Attribute("Version").Value.Should().Be("2.0");
subject.Attribute("ID").Value.Should().NotBeNullOrWhiteSpace();
subject.Attribute("IssueInstant").Value.Should().Match(
i => i == before || i == after);
}