public void RemoveEncryptedAssertionTest()
        {
            try
            {
                // https://docs.oasis-open.org/security/saml/v2.0/saml-schema-protocol-2.0.xsd

                Saml2Controller controller = new Saml2Controller();
                Saml2Serializer serializer = new Saml2Serializer();

                string keystorePath          = ConfigurationManager.AppSettings.Get("KeystoreDirectoryPathSP") + ConfigurationManager.AppSettings.Get("KeystoreNameSP");
                string keystorePassword      = ConfigurationManager.AppSettings.Get("KeystorePasswordSP");
                string friendlyName          = ConfigurationManager.AppSettings.Get("KeystoreFriendlyNameSP");
                string metadataDirectoryPath = ConfigurationManager.AppSettings.Get("MetadataDirectoryPath");

                controller.Init(keystorePath, keystorePassword, friendlyName, metadataDirectoryPath);

                string   xml      = ReadFile(responseFilenameHub);
                Response response = serializer.ConvertXMLToResponseObject(xml);

                controller.RemoveEncryptedAssertion(response);

                Assert.IsNotNull(response.Assertion);
            }
            catch (Exception e)
            {
                Assert.Fail(e.Message);
            }
        }
Example #2
0
        public void Saml2Controller_Acs_Throws_On_CommandResultHandled()
        {
            var request = Substitute.For <HttpRequestBase>();

            request.HttpMethod.Returns("POST");

            var response =
                @"<saml2p:Response xmlns:saml2p=""urn:oasis:names:tc:SAML:2.0:protocol""
                xmlns:saml2=""urn:oasis:names:tc:SAML:2.0:assertion""
                ID = """ + MethodBase.GetCurrentMethod().Name + @""" Version=""2.0"" IssueInstant=""2013-01-01T00:00:00Z"">
                <saml2:Issuer>
                    https://idp.example.com
                </saml2:Issuer>
                <saml2p:Status>
                    <saml2p:StatusCode Value=""urn:oasis:names:tc:SAML:2.0:status:Success"" />
                </saml2p:Status>
                <saml2:Assertion
                Version=""2.0"" ID=""" + MethodBase.GetCurrentMethod().Name + @"_Assertion1""
                IssueInstant=""2013-09-25T00:00:00Z"">
                    <saml2:Issuer>https://idp.example.com</saml2:Issuer>
                    <saml2:Subject>
                        <saml2:NameID>SomeUser</saml2:NameID>
                        <saml2:SubjectConfirmation Method=""urn:oasis:names:tc:SAML:2.0:cm:bearer"" />
                    </saml2:Subject>
                    <saml2:Conditions NotOnOrAfter=""2100-01-01T00:00:00Z"" />
                </saml2:Assertion>
            </saml2p:Response>";

            var formValue = Convert.ToBase64String(Encoding.UTF8.GetBytes(
                                                       SignedXmlHelper.SignXml(response)));

            request.Form.Returns(new NameValueCollection()
            {
                { "SAMLResponse", formValue }
            });
            request.Url.Returns(new Uri("http://url.example.com/url"));

            var httpContext = Substitute.For <HttpContextBase>();

            httpContext.Request.Returns(request);

            var subject = new Saml2Controller();

            subject.ControllerContext = new ControllerContext(httpContext, new RouteData(), subject);

            Saml2Controller.Options.Notifications.AcsCommandResultCreated = (cr, r) =>
            {
                cr.HandledResult = true;
            };

            subject.Invoking(s => s.Acs())
            .ShouldThrow <NotSupportedException>();
        }
Example #3
0
        public void Saml2Controller_Acs_Works()
        {
            var request = Substitute.For <HttpRequestBase>();

            request.HttpMethod.Returns("POST");

            var response =
                @"<saml2p:Response xmlns:saml2p=""urn:oasis:names:tc:SAML:2.0:protocol""
                xmlns:saml2=""urn:oasis:names:tc:SAML:2.0:assertion""
                ID = """ + MethodBase.GetCurrentMethod().Name + @""" Version=""2.0"" IssueInstant=""2013-01-01T00:00:00Z""
                InResponseTo=""InResponseToId"">
                <saml2:Issuer>
                    https://idp.example.com
                </saml2:Issuer>
                <saml2p:Status>
                    <saml2p:StatusCode Value=""urn:oasis:names:tc:SAML:2.0:status:Success"" />
                </saml2p:Status>
                <saml2:Assertion
                Version=""2.0"" ID=""" + MethodBase.GetCurrentMethod().Name + @"_Assertion1""
                IssueInstant=""2013-09-25T00:00:00Z"">
                    <saml2:Issuer>https://idp.example.com</saml2:Issuer>
                    <saml2:Subject>
                        <saml2:NameID>SomeUser</saml2:NameID>
                        <saml2:SubjectConfirmation Method=""urn:oasis:names:tc:SAML:2.0:cm:bearer"" />
                    </saml2:Subject>
                    <saml2:Conditions NotOnOrAfter=""2100-01-01T00:00:00Z"" />
                </saml2:Assertion>
            </saml2p:Response>";

            var formValue = Convert.ToBase64String(Encoding.UTF8.GetBytes(
                                                       SignedXmlHelper.SignXml(response)));

            var relayState = "rs1234";

            request.Form.Returns(new NameValueCollection()
            {
                { "SAMLResponse", formValue },
                { "RelayState", relayState }
            });
            request.Url.Returns(new Uri("http://url.example.com/url"));
            request.Cookies.Returns(new HttpCookieCollection());
            request.Cookies.Add(new HttpCookie(StoredRequestState.CookieNameBase + relayState,
                                               HttpRequestData.ConvertBinaryData(
                                                   MachineKey.Protect(
                                                       new StoredRequestState(null, null, new Saml2Id("InResponseToId"), null).Serialize(),
                                                       HttpRequestBaseExtensions.ProtectionPurpose))));

            var httpContext = Substitute.For <HttpContextBase>();

            httpContext.Request.Returns(request);

            var controller = new Saml2Controller();

            controller.ControllerContext = new ControllerContext(httpContext, new RouteData(), controller);

            var expected = new
            {
                Permanent = false,
                Url       = Saml2Controller.Options.SPOptions.ReturnUrl.OriginalString
            };

            controller.Acs().As <RedirectResult>().ShouldBeEquivalentTo(expected);

            controller.Response.Received().SetCookie(
                Arg.Is <HttpCookie>(c => c.Expires.Year == 1970));
        }