public void RemoveEncryptedAssertionTest()
{
try
{
// https://docs.oasis-open.org/security/saml/v2.0/saml-schema-protocol-2.0.xsd
Saml2Controller controller = new Saml2Controller();
Saml2Serializer serializer = new Saml2Serializer();
string keystorePath = ConfigurationManager.AppSettings.Get("KeystoreDirectoryPathSP") + ConfigurationManager.AppSettings.Get("KeystoreNameSP");
string keystorePassword = ConfigurationManager.AppSettings.Get("KeystorePasswordSP");
string friendlyName = ConfigurationManager.AppSettings.Get("KeystoreFriendlyNameSP");
string metadataDirectoryPath = ConfigurationManager.AppSettings.Get("MetadataDirectoryPath");
controller.Init(keystorePath, keystorePassword, friendlyName, metadataDirectoryPath);
string xml = ReadFile(responseFilenameHub);
Response response = serializer.ConvertXMLToResponseObject(xml);
controller.RemoveEncryptedAssertion(response);
Assert.IsNotNull(response.Assertion);
}
catch (Exception e)
{
Assert.Fail(e.Message);
}
}
public void Saml2Controller_Acs_Throws_On_CommandResultHandled()
{
var request = Substitute.For <HttpRequestBase>();
request.HttpMethod.Returns("POST");
var response =
@"<saml2p:Response xmlns:saml2p=""urn:oasis:names:tc:SAML:2.0:protocol""
xmlns:saml2=""urn:oasis:names:tc:SAML:2.0:assertion""
ID = """ + MethodBase.GetCurrentMethod().Name + @""" Version=""2.0"" IssueInstant=""2013-01-01T00:00:00Z"">
<saml2:Issuer>
https://idp.example.com
</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode Value=""urn:oasis:names:tc:SAML:2.0:status:Success"" />
</saml2p:Status>
<saml2:Assertion
Version=""2.0"" ID=""" + MethodBase.GetCurrentMethod().Name + @"_Assertion1""
IssueInstant=""2013-09-25T00:00:00Z"">
<saml2:Issuer>https://idp.example.com</saml2:Issuer>
<saml2:Subject>
<saml2:NameID>SomeUser</saml2:NameID>
<saml2:SubjectConfirmation Method=""urn:oasis:names:tc:SAML:2.0:cm:bearer"" />
</saml2:Subject>
<saml2:Conditions NotOnOrAfter=""2100-01-01T00:00:00Z"" />
</saml2:Assertion>
</saml2p:Response>";
var formValue = Convert.ToBase64String(Encoding.UTF8.GetBytes(
SignedXmlHelper.SignXml(response)));
request.Form.Returns(new NameValueCollection()
{
{ "SAMLResponse", formValue }
});
request.Url.Returns(new Uri("http://url.example.com/url"));
var httpContext = Substitute.For <HttpContextBase>();
httpContext.Request.Returns(request);
var subject = new Saml2Controller();
subject.ControllerContext = new ControllerContext(httpContext, new RouteData(), subject);
Saml2Controller.Options.Notifications.AcsCommandResultCreated = (cr, r) =>
{
cr.HandledResult = true;
};
subject.Invoking(s => s.Acs())
.ShouldThrow <NotSupportedException>();
}
public void Saml2Controller_Acs_Works()
{
var request = Substitute.For <HttpRequestBase>();
request.HttpMethod.Returns("POST");
var response =
@"<saml2p:Response xmlns:saml2p=""urn:oasis:names:tc:SAML:2.0:protocol""
xmlns:saml2=""urn:oasis:names:tc:SAML:2.0:assertion""
ID = """ + MethodBase.GetCurrentMethod().Name + @""" Version=""2.0"" IssueInstant=""2013-01-01T00:00:00Z""
InResponseTo=""InResponseToId"">
<saml2:Issuer>
https://idp.example.com
</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode Value=""urn:oasis:names:tc:SAML:2.0:status:Success"" />
</saml2p:Status>
<saml2:Assertion
Version=""2.0"" ID=""" + MethodBase.GetCurrentMethod().Name + @"_Assertion1""
IssueInstant=""2013-09-25T00:00:00Z"">
<saml2:Issuer>https://idp.example.com</saml2:Issuer>
<saml2:Subject>
<saml2:NameID>SomeUser</saml2:NameID>
<saml2:SubjectConfirmation Method=""urn:oasis:names:tc:SAML:2.0:cm:bearer"" />
</saml2:Subject>
<saml2:Conditions NotOnOrAfter=""2100-01-01T00:00:00Z"" />
</saml2:Assertion>
</saml2p:Response>";
var formValue = Convert.ToBase64String(Encoding.UTF8.GetBytes(
SignedXmlHelper.SignXml(response)));
var relayState = "rs1234";
request.Form.Returns(new NameValueCollection()
{
{ "SAMLResponse", formValue },
{ "RelayState", relayState }
});
request.Url.Returns(new Uri("http://url.example.com/url"));
request.Cookies.Returns(new HttpCookieCollection());
request.Cookies.Add(new HttpCookie(StoredRequestState.CookieNameBase + relayState,
HttpRequestData.ConvertBinaryData(
MachineKey.Protect(
new StoredRequestState(null, null, new Saml2Id("InResponseToId"), null).Serialize(),
HttpRequestBaseExtensions.ProtectionPurpose))));
var httpContext = Substitute.For <HttpContextBase>();
httpContext.Request.Returns(request);
var controller = new Saml2Controller();
controller.ControllerContext = new ControllerContext(httpContext, new RouteData(), controller);
var expected = new
{
Permanent = false,
Url = Saml2Controller.Options.SPOptions.ReturnUrl.OriginalString
};
controller.Acs().As <RedirectResult>().ShouldBeEquivalentTo(expected);
controller.Response.Received().SetCookie(
Arg.Is <HttpCookie>(c => c.Expires.Year == 1970));
}