public void Saml2RedirectBinding_Unbind_NullcheckRequest() { Saml2Binding.Get(Saml2BindingType.HttpRedirect) .Invoking(b => b.Unbind(null)) .ShouldThrow <ArgumentNullException>().And.ParamName.Should().Be("request"); }
public void Saml2PostBinding_Bind_Nullcheck_payload() { Saml2Binding.Get(Saml2BindingType.HttpRedirect) .Invoking(b => b.Bind(null, new Uri("http://host"), null)) .ShouldThrow <ArgumentNullException>().And.ParamName.Should().Be("payload"); }
public void LogoutCommand_Run_HandlesLogoutRequest_ReceivedThroughRedirectBinding() { var request = new Saml2LogoutRequest() { DestinationUrl = new Uri("http://sp.example.com/path/AuthServices/logout"), Issuer = new EntityId("https://idp.example.com"), SigningCertificate = SignedXmlHelper.TestCert, NameId = new Saml2NameIdentifier("NameId"), SessionIndex = "SessionID", SigningAlgorithm = SignedXml.XmlDsigRSASHA256Url }; var bindResult = Saml2Binding.Get(Saml2BindingType.HttpRedirect) .Bind(request); var httpRequest = new HttpRequestData("GET", bindResult.Location); var options = StubFactory.CreateOptions(); options.SPOptions.ServiceCertificates.Add(SignedXmlHelper.TestCert); CommandResult notifiedCommandResult = null; options.Notifications.LogoutCommandResultCreated = cr => { notifiedCommandResult = cr; }; // We're using unbind to verify the created message and UnBind // expects the issuer to be a known Idp for signature validation. // Add a dummy with the right issuer name and key. var dummyIdp = new IdentityProvider(options.SPOptions.EntityId, options.SPOptions); dummyIdp.SigningKeys.AddConfiguredKey(SignedXmlHelper.TestCert); options.IdentityProviders.Add(dummyIdp); var actual = CommandFactory.GetCommand(CommandFactory.LogoutCommandName) .Run(httpRequest, options); var expected = new CommandResult() { HttpStatusCode = HttpStatusCode.SeeOther, TerminateLocalSession = true // Deliberately not comparing Location }; HttpUtility.ParseQueryString(actual.Location.Query)["Signature"] .Should().NotBeNull("LogoutResponse should be signed"); actual.ShouldBeEquivalentTo(expected, opt => opt.Excluding(cr => cr.Location)); actual.Should().BeSameAs(notifiedCommandResult); var actualUnbindResult = Saml2Binding.Get(Saml2BindingType.HttpRedirect) .Unbind(new HttpRequestData("GET", actual.Location), options); var actualMessage = actualUnbindResult.Data; var expectedMessage = XmlHelpers.XmlDocumentFromString( $@"<samlp:LogoutResponse xmlns:samlp=""urn:oasis:names:tc:SAML:2.0:protocol"" xmlns=""urn:oasis:names:tc:SAML:2.0:assertion"" Destination=""https://idp.example.com/logout"" Version=""2.0""> <Issuer>{options.SPOptions.EntityId.Id}</Issuer> <samlp:Status> <samlp:StatusCode Value=""urn:oasis:names:tc:SAML:2.0:status:Success""/> </samlp:Status> </samlp:LogoutResponse>").DocumentElement; // Set generated attributes to actual values. expectedMessage.SetAttribute("ID", actualMessage.GetAttribute("ID")); expectedMessage.SetAttribute("IssueInstant", actualMessage.GetAttribute("IssueInstant")); expectedMessage.SetAttribute("InResponseTo", request.Id.Value); actualMessage.Should().BeEquivalentTo(expectedMessage); actualUnbindResult.RelayState.Should().Be(request.RelayState); actualUnbindResult.TrustLevel.Should().Be(TrustLevel.Signature); }
public void Saml2RedirectBinding_Bind_Nullcheck() { Saml2Binding.Get(Saml2BindingType.HttpRedirect) .Invoking(b => b.Bind(null)) .ShouldThrow <ArgumentNullException>().And.ParamName.Should().Be("message"); }
public ActionResult RespondToLogoutRequest(RespondToLogoutRequestModel model) { return(Saml2Binding.Get(Saml2BindingType.HttpRedirect) .Bind(model.ToLogoutResponse()) .ToActionResult()); }
public void Saml2ArtifactBinding_Bind_Nullcheck() { Saml2Binding.Get(Saml2BindingType.Artifact) .Invoking(b => b.Bind(null)) .ShouldThrow <ArgumentNullException>("message"); }
public void Saml2PostBinding_Unbind_ThrowsOnNotBase64Encoded() { Saml2Binding.Get(Saml2BindingType.HttpPost) .Invoking(b => b.Unbind(CreateRequest("foo"), StubFactory.CreateOptions())) .Should().Throw <FormatException>(); }
public void Saml2PostBinding_Bind_Nullcheck_messageName() { Saml2Binding.Get(Saml2BindingType.HttpPost) .Invoking(b => b.Bind("-", new Uri("http://host"), null)) .ShouldThrow <ArgumentNullException>().And.ParamName.Should().Be("messageName"); }
public void Saml2PostBinding_Bind_SignsXmlAndPreserversXmlDeclaration() { var message = new Saml2MessageImplementation { DestinationUrl = new Uri("http://www.example.com/acs"), XmlData = "<root ID=\"id\">\r\n <content>data</content>\r\n</root>", MessageName = "SAMLMessageName", RelayState = "ABC1234", SigningCertificate = SignedXmlHelper.TestCert, SigningAlgorithm = SecurityAlgorithms.RsaSha256Signature }; var signedXml = "<?xml version=\"1.0\" encoding=\"blaha\"?>\r\n" + SignedXmlHelper.SignXml(message.XmlData, true); var expectedValue = Convert.ToBase64String(Encoding.UTF8.GetBytes(signedXml)); var notificationCalled = false; var result = Saml2Binding.Get(Saml2BindingType.HttpPost).Bind(message, null, (m, xd, bt) => { xd.Declaration = new XDeclaration("1.0", "blaha", null); m.Should().BeSameAs(message); bt.Should().Be(Saml2BindingType.HttpPost); notificationCalled = true; }); var expected = new CommandResult() { ContentType = "text/html", Content = @"<?xml version=""1.0"" encoding=""UTF-8""?> <!DOCTYPE html PUBLIC ""-//W3C//DTD XHTML 1.1//EN"" ""http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd""> <html xmlns=""http://www.w3.org/1999/xhtml"" xml:lang=""en""> <head> <meta http-equiv=""Content-Security-Policy"" content=""script-src 'sha256-H3SVZBYrbqBt3ncrT/nNmOb6nwCjC12cPQzh5jnW4Y0='""> </head> <body> <noscript> <p> <strong>Note:</strong> Since your browser does not support JavaScript, you must press the Continue button once to proceed. </p> </noscript> <form action=""http://www.example.com/acs"" method=""post"" name=""sustainsysSamlPostBindingSubmit""> <div> <input type=""hidden"" name=""RelayState"" value=""ABC1234""/> <input type=""hidden"" name=""SAMLMessageName"" value=""" + expectedValue + @"""/> </div> <noscript> <div> <input type=""submit"" value=""Continue""/> </div> </noscript> </form> <script type=""text/javascript""> document.forms.sustainsysSamlPostBindingSubmit.submit(); </script> </body> </html>" }; result.Should().BeEquivalentTo(expected); notificationCalled.Should().BeTrue(); }
public void Saml2PostBinding_CanUnbind_Nullcheck_Request() { Saml2Binding.Get(Saml2BindingType.HttpPost) .Invoking(b => b.CanUnbind(null)) .Should().Throw <ArgumentNullException>().And.ParamName.Should().Be("request"); }
/// <summary> /// Bind a Saml2AuthenticateRequest using the active binding of the idp, /// producing a CommandResult with the result of the binding. /// </summary> /// <param name="request">The AuthnRequest to bind.</param> /// <returns>CommandResult with the bound request.</returns> public CommandResult Bind(ISaml2Message request) { return(Saml2Binding.Get(Binding).Bind(request)); }
public void Saml2Binding_Get_NullOnPlainGet() { var r = new HttpRequestData("GET", new Uri("http://example.com")); Saml2Binding.Get(r).Should().BeNull(); }
public void Saml2Binding_Get_NullOnPostWithSamlartQuery() { var r = new HttpRequestData("POST", new Uri("http://example.com?Samlart=foo")); Saml2Binding.Get(r).Should().BeNull(); }
public void Saml2PostBinding_Bind_Nullcheck_destinationUri() { Saml2Binding.Get(Saml2BindingType.HttpRedirect) .Invoking(b => b.Bind("-", null, null)) .ShouldThrow <ArgumentNullException>().And.ParamName.Should().Be("destinationUri"); }
public ActionResult InitiateLogout(InitiateLogoutModel model) { return(Saml2Binding.Get(Saml2BindingType.HttpRedirect) .Bind(model.ToLogoutRequest()) .ToActionResult()); }
public void Saml2PostBinding_Unind_Nullcheck() { Saml2Binding.Get(Saml2BindingType.HttpRedirect) .Unbind(null).Should().BeNull(); }
/// <summary> /// Bind a Saml2 message using the active binding of hte idp, /// producing a CommandResult with the result of the binding. /// </summary> /// <typeparam name="TMessage">Type of the message.</typeparam> /// <param name="message">The Saml2 message to bind.</param> /// <param name="xmlCreatedNotification">Notification to call with Xml structure</param> /// <returns>CommandResult with the bound message.</returns> public CommandResult Bind <TMessage>( TMessage message, Action <TMessage, XDocument, Saml2BindingType> xmlCreatedNotification) where TMessage : ISaml2Message { return(Saml2Binding.Get(Binding).Bind(message, spOptions.Logger, xmlCreatedNotification)); }