Example #1
0
        public static ExtendedEntityDescriptor CreateIdpMetadata(bool includeCacheDuration = true)
        {
            var metadata = new ExtendedEntityDescriptor()
            {
                EntityId = new EntityId(UrlResolver.MetadataUrl.ToString())
            };

            if (includeCacheDuration)
            {
                metadata.CacheDuration = new TimeSpan(0, 15, 0);
            }

            var idpSsoDescriptor = new IdentityProviderSingleSignOnDescriptor();
            idpSsoDescriptor.ProtocolsSupported.Add(new Uri("urn:oasis:names:tc:SAML:2.0:protocol"));
            metadata.RoleDescriptors.Add(idpSsoDescriptor);

            idpSsoDescriptor.SingleSignOnServices.Add(new ProtocolEndpoint()
            {
                Binding = Saml2Binding.HttpRedirectUri,
                Location = UrlResolver.SsoServiceUrl
            });

            idpSsoDescriptor.ArtifactResolutionServices.Add(0, new IndexedProtocolEndpoint()
            {
                Index = 0,
                IsDefault = true,
                Binding = Saml2Binding.SoapUri,
                Location = UrlResolver.ArtifactServiceUrl
            });

            idpSsoDescriptor.Keys.Add(CertificateHelper.SigningKey);

            return metadata;
        }
        public void MetadatabaseExtensions_ToXmlString_IncludesKeyInfo()
        {
            var metadata = new ExtendedEntityDescriptor
            {
                EntityId = new EntityId("http://idp.example.com/metadata"),
                CacheDuration = new TimeSpan(1, 0, 0)
            };

            var idpSsoDescriptor = new IdentityProviderSingleSignOnDescriptor();
            idpSsoDescriptor.ProtocolsSupported.Add(new Uri("urn:oasis:names:tc:SAML:2.0:protocol"));
            metadata.RoleDescriptors.Add(idpSsoDescriptor);

            idpSsoDescriptor.SingleSignOnServices.Add(new ProtocolEndpoint
            {
                Binding = Saml2Binding.HttpRedirectUri,
                Location = new Uri("http://idp.example.com/sso")
            });

            idpSsoDescriptor.Keys.Add(SignedXmlHelper.TestKeyDescriptor);

            var subject = XDocument.Parse((metadata.ToXmlString()));

            var ds = XNamespace.Get(SignedXml.XmlDsigNamespaceUrl);

            subject.Element(Saml2Namespaces.Saml2Metadata + "EntityDescriptor")
                .Element(Saml2Namespaces.Saml2Metadata + "IDPSSODescriptor")
                .Element(Saml2Namespaces.Saml2Metadata + "KeyDescriptor")
                .Element(ds + "KeyInfo")
                .Element(ds + "X509Data")
                .Element(ds + "X509Certificate")
                .Value.Should().StartWith("MIIDIzCCAg+gAwIBAgIQg7mOjTf994NAVxZu4jqXpzAJBgUrDgM");
        }
        public void IdentityProvider_ConstructedFromEntityDescriptor_DoesntScheduleMedataRefresh()
        {
            MetadataRefreshScheduler.minInterval = new TimeSpan(0, 0, 0, 0, 1);

            var ed = new ExtendedEntityDescriptor
            {
                ValidUntil = DateTime.UtcNow.AddYears(-1),
                EntityId = new EntityId("http://localhost:13428/idpMetadata")
            };

            var idpSsoDescriptor = new IdentityProviderSingleSignOnDescriptor();
            idpSsoDescriptor.ProtocolsSupported.Add(new Uri("urn:oasis:names:tc:SAML:2.0:protocol"));
            ed.RoleDescriptors.Add(idpSsoDescriptor);

            var pe = new ProtocolEndpoint()
            {
                Binding = Saml2Binding.HttpRedirectUri,
                Location = new Uri("http://idp.example.com/sso")
            };

            idpSsoDescriptor.SingleSignOnServices.Add(pe);

            idpSsoDescriptor.Keys.Add(SignedXmlHelper.TestKeyDescriptor);

            var subject = new IdentityProvider(ed.EntityId, StubFactory.CreateSPOptions());
            subject.ReadMetadata(ed);

            // Ugly, but have to wait and see that nothing happened. Have tried
            // some different timeouts but need 100 to ensure fail before bug
            // is fixed :-(
            Thread.Sleep(100);

            // Would be changed if metadata was reloaded.
            subject.SingleSignOnServiceUrl.Should().Be(pe.Location);
        }
        public void IdentityProvider_ConstructedFromEntityDescriptor_DoesntReloadMetadataWhenDisabled()
        {
            var ed = new ExtendedEntityDescriptor
            {
                ValidUntil = DateTime.UtcNow.AddYears(-1),
                EntityId = new EntityId("someEntityId")
            };

            var idpSsoDescriptor = new IdentityProviderSingleSignOnDescriptor();
            idpSsoDescriptor.ProtocolsSupported.Add(new Uri("urn:oasis:names:tc:SAML:2.0:protocol"));
            ed.RoleDescriptors.Add(idpSsoDescriptor);

            idpSsoDescriptor.SingleSignOnServices.Add(new ProtocolEndpoint()
            {
                Binding = Saml2Binding.HttpRedirectUri,
                Location = new Uri("http://idp.example.com/sso")
            });

            idpSsoDescriptor.Keys.Add(SignedXmlHelper.TestKeyDescriptor);

            var subject = new IdentityProvider(ed.EntityId, StubFactory.CreateSPOptions());

            Action a = () => { var b = subject.Binding; };

            subject.LoadMetadata.Should().BeFalse();

            // Will throw invalid Uri if it tries to use EntityId as metadata url.
            a.ShouldNotThrow();
        }
        public void ExtendedMetadataSerializer_Write_EntitiesDescriptorCacheDuration()
        {
            var metadata = new ExtendedEntitiesDescriptor
            {
                Name = "Federation Name",
                CacheDuration = new TimeSpan(0, 42, 0)
            };

            var entity = new ExtendedEntityDescriptor
                {
                    EntityId = new EntityId("http://some.entity.example.com")
                };

            var idpSsoDescriptor = new IdentityProviderSingleSignOnDescriptor();
            idpSsoDescriptor.ProtocolsSupported.Add(new Uri("urn:oasis:names:tc:SAML:2.0:protocol"));

            idpSsoDescriptor.SingleSignOnServices.Add(new ProtocolEndpoint
                {
                    Binding = Saml2Binding.HttpRedirectUri,
                    Location = new Uri("http://some.entity.example.com/sso")
                });
            entity.RoleDescriptors.Add(idpSsoDescriptor);

            metadata.ChildEntities.Add(entity);

            var stream = new MemoryStream();
            ExtendedMetadataSerializer.ReaderInstance.WriteMetadata(stream, metadata);
            stream.Seek(0, SeekOrigin.Begin);

            var result = XDocument.Load(stream).Root;

            result.Name.Should().Be(Saml2Namespaces.Saml2Metadata + "EntitiesDescriptor");
            result.Attribute("cacheDuration").Value.Should().Be("PT42M");

            result.Element(Saml2Namespaces.Saml2Metadata + "EntityDescriptor").Attribute("cacheDuration")
                .Should().BeNull();
        }