private static Options LoadOptionsFromConfiguration() { var spOptions = new SPOptions(KentorAuthServicesSection.Current); var options = new Options(spOptions); KentorAuthServicesSection.Current.IdentityProviders.RegisterIdentityProviders(options); KentorAuthServicesSection.Current.Federations.RegisterFederations(options); return options; }
public void SignInCommand_Run_ReturnsRedirectToDiscoveryService() { var dsUrl = new Uri("http://ds.example.com"); var options = new Options(new SPOptions { DiscoveryServiceUrl = dsUrl, EntityId = new EntityId("https://github.com/KentorIT/authservices") }); var request = new HttpRequestData("GET", new Uri("http://localhost/signin?ReturnUrl=%2FReturn%2FPath")); var result = new SignInCommand().Run(request, options); result.HttpStatusCode.Should().Be(HttpStatusCode.SeeOther); var queryString = string.Format("?entityID={0}&return={1}&returnIDParam=idp", Uri.EscapeDataString(options.SPOptions.EntityId.Id), Uri.EscapeDataString( "http://localhost/AuthServices/SignIn?ReturnUrl=" + Uri.EscapeDataString("/Return/Path"))); var expectedLocation = new Uri(dsUrl + queryString); result.Location.Should().Be(expectedLocation); }
public void MetadataCommand_Run_MinimalMetadata() { var spOptions = new SPOptions() { EntityId = new EntityId("http://localhost/AuthServices"), }; var options = new Options(spOptions); var result = new MetadataCommand().Run(request, options); XDocument subject = XDocument.Parse(result.Content); // Ignore the ID attribute, it is just filled with a GUID that can't be easily tested. subject.Root.Attribute("ID").Remove(); var expectedXml = new XDocument(new XElement(Saml2Namespaces.Saml2Metadata + "EntityDescriptor", new XAttribute("entityID", "http://localhost/AuthServices"), new XAttribute("cacheDuration", "PT1H"), // Have to manually add the xmlns attribute here, as it will be present in the subject // data and the xml tree comparison will fail if it is not present in both. Just setting the // namespace of the elements does not inject the xmlns attribute into the node tree. It is // only done when outputting a string. // See http://stackoverflow.com/questions/24156689/xnode-deepequals-unexpectedly-returns-false new XAttribute(XNamespace.Xmlns + "saml2", Saml2Namespaces.Saml2), new XAttribute("xmlns", Saml2Namespaces.Saml2MetadataName), new XElement(Saml2Namespaces.Saml2Metadata + "SPSSODescriptor", new XAttribute("protocolSupportEnumeration", "urn:oasis:names:tc:SAML:2.0:protocol"), new XElement(Saml2Namespaces.Saml2Metadata + "AssertionConsumerService", new XAttribute("Binding", Saml2Binding.HttpPostUri), new XAttribute("Location", "http://localhost/AuthServices/Acs"), new XAttribute("index", 0), new XAttribute("isDefault", true)), new XElement(Saml2Namespaces.Saml2Metadata + "AssertionConsumerService", new XAttribute("Binding", Saml2Binding.HttpArtifactUri), new XAttribute("Location", "http://localhost/AuthServices/Acs"), new XAttribute("index", 1), new XAttribute("isDefault", false))))); subject.Should().BeEquivalentTo(expectedXml); }
public void Saml2Response_GetClaims_ChecksSha256WhenEnabled() { Options.GlobalEnableSha256XmlSignatures(); var signedResponse = @"<saml2p:Response xmlns:saml2p=""urn:oasis:names:tc:SAML:2.0:protocol"" xmlns:saml2=""urn:oasis:names:tc:SAML:2.0:assertion"" ID = """ + MethodBase.GetCurrentMethod().Name + @"_Response"" Version=""2.0"" IssueInstant=""2013-01-01T00:00:00Z""> <saml2:Issuer>https://idp.example.com</saml2:Issuer> <saml2p:Status> <saml2p:StatusCode Value=""urn:oasis:names:tc:SAML:2.0:status:Success"" /> </saml2p:Status> <Assertion ID=""" + MethodBase.GetCurrentMethod().Name + @""" IssueInstant=""2015-03-13T20:43:33.466Z"" Version=""2.0"" xmlns=""urn:oasis:names:tc:SAML:2.0:assertion""><Issuer>https://idp.example.com</Issuer><Signature xmlns=""http://www.w3.org/2000/09/xmldsig#""><SignedInfo><CanonicalizationMethod Algorithm=""http://www.w3.org/2001/10/xml-exc-c14n#"" /><SignatureMethod Algorithm=""http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"" /><Reference URI=""#Saml2Response_GetClaims_ChecksSha256WhenEnabled""><Transforms><Transform Algorithm=""http://www.w3.org/2000/09/xmldsig#enveloped-signature"" /><Transform Algorithm=""http://www.w3.org/2001/10/xml-exc-c14n#"" /></Transforms><DigestMethod Algorithm=""http://www.w3.org/2001/04/xmlenc#sha256"" /><DigestValue>8s5HDYeicqbNwESGyrvYYXinJeJJgl4t6O27KGE0ejc=</DigestValue></Reference></SignedInfo><SignatureValue>mS2TFErenJHyvUbyIDUItOvH6AavUNGg5zL3hVueWDGjhaft2mlWSlQIFm9ajVQKrZq2Q/V4oZYGTQ8muTfrhdCL3fyu453nEWcNgQ+gm1H1e89N75XWonfL+UQDl73O95SX0dD4DjqQAC4MlSwMOkwOR7GakhjPbSzRct7lFbRx/3k+TUZNj9rfV4uzlf79ebkw9EaaSfu0tR6bAfGyrefFaNTZs2NeRICfD/GKn7HRo9zSdVPBHfEW2UUy0x/aWREG4GgUs7qObWL4uhDZ6oyy5FbsRcrUJMiXCFNXA8dr9EtZ2VafHz3d4kJFLiq63xjqpjGk/ng2gP+47F/9Rw==</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIDIzCCAg+gAwIBAgIQg7mOjTf994NAVxZu4jqXpzAJBgUrDgMCHQUAMCQxIjAgBgNVBAMTGUtlbnRvci5BdXRoU2VydmljZXMuVGVzdHMwHhcNMTMwOTI1MTMzNTQ0WhcNMzkxMjMxMjM1OTU5WjAkMSIwIAYDVQQDExlLZW50b3IuQXV0aFNlcnZpY2VzLlRlc3RzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVGpfvK9N//MnA5Jo1q2liyPR24406Dp25gv7LB3HK4DWgqsb7xXM6KIV/WVOyCV2g/O1ErBlB+HLhVZ4XUJvbqBbgAJqFO+TZwcCIe8u4nTEXeU660FdtkKClA17sbtMrAGdDfOPwVBHSuavdHeD7jHNI4RUDGKnEW13/0EvnHDilIetwODRxrX/+41R24sJThFbMczByS3OAL2dcIxoAynaGeM90gXsVYow1QhJUy21+cictikb7jW4mW6dvFCBrWIceom9J295DcQIHoxJy5NoZwMir/JV00qs1wDVoN20Ve1DC5ImwcG46XPF7efQ44yLh2j5Yexw+xloA81dwIDAQABo1kwVzBVBgNVHQEETjBMgBAWIahoZhXVUogbAqkS7zwfoSYwJDEiMCAGA1UEAxMZS2VudG9yLkF1dGhTZXJ2aWNlcy5UZXN0c4IQg7mOjTf994NAVxZu4jqXpzAJBgUrDgMCHQUAA4IBAQA2aGzmuKw4AYXWMhrGj5+i8vyAoifUn1QVOFsUukEA77CrqhqqaWFoeagfJp/45vlvrfrEwtF0QcWfmO9w1VvHwm7sk1G/cdYyJ71sU+llDsdPZm7LxQvWZYkK+xELcinQpSwt4ExavS+jLcHoOYHYwIZMBn3U8wZw7Kq29oGnoFQz7HLCEl/G9i3QRyvFITNlWTjoScaqMjHTzq6HCMaRsL09DLcY3KB+cedfpC0/MBlzaxZv0DctTulyaDfM9DCYOyokGN/rQ6qkAR0DDm8fVwknbJY7kURXNGoUetulTb5ow8BvD1gncOaYHSD0kbHZG+bLsUZDFatEr2KW8jbG</X509Certificate></X509Data></KeyInfo></Signature><Subject><NameID>SomeUser</NameID><SubjectConfirmation Method=""urn:oasis:names:tc:SAML:2.0:cm:bearer"" /></Subject><Conditions NotOnOrAfter=""2100-01-01T05:00:00.000Z"" /></Assertion> </saml2p:Response>"; var spOptions = StubFactory.CreateSPOptions(); var options = new Options(spOptions); var idp = new IdentityProvider(new EntityId("https://idp.example.com"), spOptions) { AllowUnsolicitedAuthnResponse = true }; idp.SigningKeys.AddConfiguredKey(SignedXmlHelper.TestKeySignOnly); options.IdentityProviders.Add(idp); Action a = () => Saml2Response.Read(signedResponse).GetClaims(options); a.ShouldNotThrow(); }