public void AuthServicesController_SignOut()
{
using (ShimsContext.Create())
{
var substituteSessionAuthModule = Substitute.For <SessionAuthenticationModule>();
System.IdentityModel.Services.Fakes.ShimFederatedAuthentication.SessionAuthenticationModuleGet =
() => substituteSessionAuthModule;
var substituteRequestContext = Substitute.For <RequestContext>();
substituteRequestContext.HttpContext = Substitute.For <HttpContextBase>();
substituteRequestContext.HttpContext.Request.Returns(Substitute.For <HttpRequestBase>());
substituteRequestContext.HttpContext.Request.ApplicationPath.Returns("/path");
var subject = new AuthServicesController()
{
Url = new UrlHelper(substituteRequestContext)
}.SignOut();
subject.Should().BeOfType <RedirectResult>().And
.Subject.As <RedirectResult>().Url.Should().Be("/path/");
substituteSessionAuthModule.Received().SignOut();
}
}
public void AuthServicesController_SignIn_Returns_SignIn()
{
var subject = new AuthServicesController().SignIn();
subject.Should().BeOfType <RedirectResult>().And
.Subject.As <RedirectResult>().Url
.Should().Contain("?SAMLRequest");
}
public void AuthServicesController_Acs_Works()
{
var request = Substitute.For <HttpRequestBase>();
request.HttpMethod.Returns("POST");
var response =
@"<saml2p:Response xmlns:saml2p=""urn:oasis:names:tc:SAML:2.0:protocol""
xmlns:saml2=""urn:oasis:names:tc:SAML:2.0:assertion""
ID = ""AuthServicesController_Acs_Should_SetIdentity"" Version=""2.0"" IssueInstant=""2013-01-01T00:00:00Z"">
<saml2:Issuer>
https://idp.example.com
</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode Value=""urn:oasis:names:tc:SAML:2.0:status:Success"" />
</saml2p:Status>
<saml2:Assertion
Version=""2.0"" ID=""AuthServicesController_Acs_Should_SetIdentity_Assertion1""
IssueInstant=""2013-09-25T00:00:00Z"">
<saml2:Issuer>https://idp.example.com</saml2:Issuer>
<saml2:Subject>
<saml2:NameID>SomeUser</saml2:NameID>
<saml2:SubjectConfirmation Method=""urn:oasis:names:tc:SAML:2.0:cm:bearer"" />
</saml2:Subject>
<saml2:Conditions NotOnOrAfter=""2100-01-01T00:00:00Z"" />
</saml2:Assertion>
</saml2p:Response>";
var formValue = Convert.ToBase64String(Encoding.UTF8.GetBytes(
SignedXmlHelper.SignXml(response)));
request.Form.Returns(new NameValueCollection()
{
{ "SAMLResponse", formValue }
});
var httpContext = Substitute.For <HttpContextBase>();
httpContext.Request.Returns(request);
var ids = new ClaimsIdentity[]
{ new ClaimsIdentity("Federation"), new ClaimsIdentity("ClaimsAuthenticationManager") };
ids[0].AddClaim(new Claim(ClaimTypes.NameIdentifier, "SomeUser", null, "https://idp.example.com"));
ids[1].AddClaim(new Claim(ClaimTypes.Role, "RoleFromClaimsAuthManager", null, "ClaimsAuthenticationManagerMock"));
var controller = new AuthServicesController();
controller.ControllerContext = new ControllerContext(httpContext, new RouteData(), controller);
var expected = new { Permanent = false, Url = "http://localhost/LoggedIn" };
controller.Acs().As <RedirectResult>().ShouldBeEquivalentTo(expected);
}
public void AuthServicesController_Acs_Throws_On_CommandResultHandled()
{
var request = Substitute.For <HttpRequestBase>();
request.HttpMethod.Returns("POST");
var response =
@"<saml2p:Response xmlns:saml2p=""urn:oasis:names:tc:SAML:2.0:protocol""
xmlns:saml2=""urn:oasis:names:tc:SAML:2.0:assertion""
ID = """ + MethodBase.GetCurrentMethod().Name + @""" Version=""2.0"" IssueInstant=""2013-01-01T00:00:00Z"">
<saml2:Issuer>
https://idp.example.com
</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode Value=""urn:oasis:names:tc:SAML:2.0:status:Success"" />
</saml2p:Status>
<saml2:Assertion
Version=""2.0"" ID=""" + MethodBase.GetCurrentMethod().Name + @"_Assertion1""
IssueInstant=""2013-09-25T00:00:00Z"">
<saml2:Issuer>https://idp.example.com</saml2:Issuer>
<saml2:Subject>
<saml2:NameID>SomeUser</saml2:NameID>
<saml2:SubjectConfirmation Method=""urn:oasis:names:tc:SAML:2.0:cm:bearer"" />
</saml2:Subject>
<saml2:Conditions NotOnOrAfter=""2100-01-01T00:00:00Z"" />
</saml2:Assertion>
</saml2p:Response>";
var formValue = Convert.ToBase64String(Encoding.UTF8.GetBytes(
SignedXmlHelper.SignXml(response)));
request.Form.Returns(new NameValueCollection()
{
{ "SAMLResponse", formValue }
});
request.Url.Returns(new Uri("http://url.example.com/url"));
var httpContext = Substitute.For <HttpContextBase>();
httpContext.Request.Returns(request);
var subject = new AuthServicesController();
subject.ControllerContext = new ControllerContext(httpContext, new RouteData(), subject);
AuthServicesController.Options.Notifications.AcsCommandResultCreated = (cr, r) =>
{
cr.HandledResult = true;
};
subject.Invoking(s => s.Acs())
.ShouldThrow <NotSupportedException>();
}
public void AuthServicesController_Acs_Works()
{
var request = Substitute.For <HttpRequestBase>();
request.HttpMethod.Returns("POST");
var response =
@"<saml2p:Response xmlns:saml2p=""urn:oasis:names:tc:SAML:2.0:protocol""
xmlns:saml2=""urn:oasis:names:tc:SAML:2.0:assertion""
ID = """ + MethodBase.GetCurrentMethod().Name + @""" Version=""2.0"" IssueInstant=""2013-01-01T00:00:00Z"">
<saml2:Issuer>
https://idp.example.com
</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode Value=""urn:oasis:names:tc:SAML:2.0:status:Success"" />
</saml2p:Status>
<saml2:Assertion
Version=""2.0"" ID=""" + MethodBase.GetCurrentMethod().Name + @"_Assertion1""
IssueInstant=""2013-09-25T00:00:00Z"">
<saml2:Issuer>https://idp.example.com</saml2:Issuer>
<saml2:Subject>
<saml2:NameID>SomeUser</saml2:NameID>
<saml2:SubjectConfirmation Method=""urn:oasis:names:tc:SAML:2.0:cm:bearer"" />
</saml2:Subject>
<saml2:Conditions NotOnOrAfter=""2100-01-01T00:00:00Z"" />
</saml2:Assertion>
</saml2p:Response>";
var formValue = Convert.ToBase64String(Encoding.UTF8.GetBytes(
SignedXmlHelper.SignXml(response)));
request.Form.Returns(new NameValueCollection()
{
{ "SAMLResponse", formValue }
});
request.Url.Returns(new Uri("http://url.example.com/url"));
var httpContext = Substitute.For <HttpContextBase>();
httpContext.Request.Returns(request);
var controller = new AuthServicesController();
controller.ControllerContext = new ControllerContext(httpContext, new RouteData(), controller);
var expected = new { Permanent = false, Url = "http://localhost/LoggedIn" };
controller.Acs().As <RedirectResult>().ShouldBeEquivalentTo(expected);
}
public void AuthServicesController_Acs_Works()
{
var request = Substitute.For <HttpRequestBase>();
request.HttpMethod.Returns("POST");
var response =
@"<saml2p:Response xmlns:saml2p=""urn:oasis:names:tc:SAML:2.0:protocol""
xmlns:saml2=""urn:oasis:names:tc:SAML:2.0:assertion""
ID = """ + MethodBase.GetCurrentMethod().Name + @""" Version=""2.0"" IssueInstant=""2013-01-01T00:00:00Z""
InResponseTo=""InResponseToId"">
<saml2:Issuer>
https://idp.example.com
</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode Value=""urn:oasis:names:tc:SAML:2.0:status:Success"" />
</saml2p:Status>
<saml2:Assertion
Version=""2.0"" ID=""" + MethodBase.GetCurrentMethod().Name + @"_Assertion1""
IssueInstant=""2013-09-25T00:00:00Z"">
<saml2:Issuer>https://idp.example.com</saml2:Issuer>
<saml2:Subject>
<saml2:NameID>SomeUser</saml2:NameID>
<saml2:SubjectConfirmation Method=""urn:oasis:names:tc:SAML:2.0:cm:bearer"" />
</saml2:Subject>
<saml2:Conditions NotOnOrAfter=""2100-01-01T00:00:00Z"" />
</saml2:Assertion>
</saml2p:Response>";
var formValue = Convert.ToBase64String(Encoding.UTF8.GetBytes(
SignedXmlHelper.SignXml(response)));
var relayState = "rs1234";
request.Form.Returns(new NameValueCollection()
{
{ "SAMLResponse", formValue },
{ "RelayState", relayState }
});
request.Url.Returns(new Uri("http://url.example.com/url"));
request.Cookies.Returns(new HttpCookieCollection());
request.Cookies.Add(new HttpCookie("Kentor." + relayState,
HttpRequestData.ConvertBinaryData(
MachineKey.Protect(
new StoredRequestState(null, null, new Saml2Id("InResponseToId"), null).Serialize(),
HttpRequestBaseExtensions.ProtectionPurpose))));
var httpContext = Substitute.For <HttpContextBase>();
httpContext.Request.Returns(request);
var controller = new AuthServicesController();
controller.ControllerContext = new ControllerContext(httpContext, new RouteData(), controller);
var expected = new
{
Permanent = false,
Url = AuthServicesController.Options.SPOptions.ReturnUrl.OriginalString
};
controller.Acs().As <RedirectResult>().ShouldBeEquivalentTo(expected);
controller.Response.Received().SetCookie(
Arg.Is <HttpCookie>(c => c.Expires.Year == 1970));
}