public void PendingAuthnRequests_Remove_FalseOnRemovedTwice()
{
var id = new Saml2Id();
var requestData = new StoredRequestState(new EntityId("testidp"), new Uri("http://localhost/Return.aspx"));
StoredRequestState responseData;
PendingAuthnRequests.Add(id, requestData);
PendingAuthnRequests.TryRemove(id, out responseData).Should().BeTrue();
PendingAuthnRequests.TryRemove(id, out responseData).Should().BeFalse();
}
public void PendingAuthnRequests_Remove_FalseOnRemovedTwice()
{
var id = new Saml2Id();
var requestIdp = "testIdp";
string responseIdp;
PendingAuthnRequests.Add(id, requestIdp);
PendingAuthnRequests.TryRemove(id, out responseIdp).Should().BeTrue();
PendingAuthnRequests.TryRemove(id, out responseIdp).Should().BeFalse();
}
public void PendingAuthnRequests_Add_ThrowsOnExisting()
{
var id = new Saml2Id();
var requestData = new StoredRequestState(new EntityId("testidp"), new Uri("http://localhost/Return.aspx"));
PendingAuthnRequests.Add(id, requestData);
Action a = () => PendingAuthnRequests.Add(id, requestData);
a.ShouldThrow <InvalidOperationException>();
}
private void PrepareArtifactState(string RelayState, EntityId idp)
{
var storedState = new StoredRequestState(
idp,
new Uri("http://return.org"),
new Saml2Id(),
null);
PendingAuthnRequests.Add(RelayState, storedState);
}
public void PendingAuthnRequests_Add_ThrowsOnExisting()
{
var id = new Saml2Id();
var requestIdp = "testidp";
PendingAuthnRequests.Add(id, requestIdp);
Action a = () => PendingAuthnRequests.Add(id, requestIdp);
a.ShouldThrow <InvalidOperationException>();
}
public void PendingAuthnRequests_AddRemove()
{
var id = new Saml2Id();
var requestIdp = "testidp";
PendingAuthnRequests.Add(id, requestIdp);
string responseIdp;
PendingAuthnRequests.TryRemove(id, out responseIdp).Should().BeTrue();
responseIdp.Should().Be(requestIdp);
}
public void PendingAuthnRequests_AddRemove()
{
var id = new Saml2Id();
var requestData = new StoredRequestState("testidp", new Uri("http://localhost/Return.aspx"));
PendingAuthnRequests.Add(id, requestData);
StoredRequestState responseData;
PendingAuthnRequests.TryRemove(id, out responseData).Should().BeTrue();
responseData.Should().Be(requestData);
responseData.Idp.Should().Be("testidp");
responseData.ReturnUri.Should().Be("http://localhost/Return.aspx");
}
public void PendingAuthnRequests_Remove_FalseOnRemovedTwice()
{
var relayState = RelayStateGenerator.CreateSecureKey();
var requestData = new StoredRequestState(
new EntityId("testidp"),
new Uri("http://localhost/Return.aspx"),
new Saml2Id());
StoredRequestState responseData;
PendingAuthnRequests.Add(relayState, requestData);
PendingAuthnRequests.TryRemove(relayState, out responseData).Should().BeTrue();
PendingAuthnRequests.TryRemove(relayState, out responseData).Should().BeFalse();
}
public void PendingAuthnRequests_AddRemove()
{
var relayState = RelayStateGenerator.CreateSecureKey();
var saml2Id = new Saml2Id();
var requestData = new StoredRequestState(new EntityId("testidp"), new Uri("http://localhost/Return.aspx"), saml2Id);
PendingAuthnRequests.Add(relayState, requestData);
StoredRequestState responseData;
PendingAuthnRequests.TryRemove(relayState, out responseData).Should().BeTrue();
responseData.Should().Be(requestData);
responseData.Idp.Id.Should().Be("testidp");
responseData.ReturnUrl.Should().Be("http://localhost/Return.aspx");
responseData.MessageId.Should().Be(saml2Id);
}
public async Task KentorAuthServicesAuthenticationMiddleware_AcsWorks()
{
var context = OwinTestHelpers.CreateOwinContext();
context.Request.Method = "POST";
var state = new StoredRequestState(new EntityId("https://idp.example.com"),
new Uri("http://localhost/LoggedIn"),
new AuthenticationProperties());
((AuthenticationProperties)state.RelayData).RedirectUri = state.ReturnUrl.OriginalString;
((AuthenticationProperties)state.RelayData).Dictionary["Test"] = "TestValue";
PendingAuthnRequests.Add(new Saml2Id(MethodBase.GetCurrentMethod().Name + @"RequestID"), state);
var response =
@"<saml2p:Response xmlns:saml2p=""urn:oasis:names:tc:SAML:2.0:protocol""
xmlns:saml2=""urn:oasis:names:tc:SAML:2.0:assertion""
ID = """ + MethodBase.GetCurrentMethod().Name + @""" Version=""2.0""
IssueInstant=""2013-01-01T00:00:00Z"" InResponseTo=""" + MethodBase.GetCurrentMethod().Name + @"RequestID"" >
<saml2:Issuer>
https://idp.example.com
</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode Value=""urn:oasis:names:tc:SAML:2.0:status:Success"" />
</saml2p:Status>
<saml2:Assertion
Version=""2.0"" ID=""" + MethodBase.GetCurrentMethod().Name + @"_Assertion1""
IssueInstant=""2013-09-25T00:00:00Z"">
<saml2:Issuer>https://idp.example.com</saml2:Issuer>
<saml2:Subject>
<saml2:NameID>SomeUser</saml2:NameID>
<saml2:SubjectConfirmation Method=""urn:oasis:names:tc:SAML:2.0:cm:bearer"" />
</saml2:Subject>
<saml2:Conditions NotOnOrAfter=""2100-01-01T00:00:00Z"" />
</saml2:Assertion>
</saml2p:Response>";
var bodyData = new KeyValuePair <string, string>[] {
new KeyValuePair <string, string>("SAMLResponse",
Convert.ToBase64String(Encoding.UTF8.GetBytes(SignedXmlHelper.SignXml(response))))
};
var encodedBodyData = new FormUrlEncodedContent(bodyData);
context.Request.Body = encodedBodyData.ReadAsStreamAsync().Result;
context.Request.ContentType = encodedBodyData.Headers.ContentType.ToString();
context.Request.Host = new HostString("localhost");
context.Request.Path = new PathString("/AuthServices/Acs");
var signInAsAuthenticationType = "AuthType";
var ids = new ClaimsIdentity[] { new ClaimsIdentity(signInAsAuthenticationType),
new ClaimsIdentity(signInAsAuthenticationType) };
ids[0].AddClaim(new Claim(ClaimTypes.NameIdentifier, "SomeUser", null, "https://idp.example.com"));
ids[1].AddClaim(new Claim(ClaimTypes.Role, "RoleFromClaimsAuthManager",
null, "ClaimsAuthenticationManagerStub"));
var middleware = new KentorAuthServicesAuthenticationMiddleware(null, CreateAppBuilder(),
StubFactory.CreateOwinOptions());
await middleware.Invoke(context);
context.Response.StatusCode.Should().Be(302);
context.Response.Headers["Location"].Should().Be("http://localhost/LoggedIn");
context.Authentication.AuthenticationResponseGrant.Principal.Identities
.ShouldBeEquivalentTo(ids, opt => opt.IgnoringCyclicReferences());
context.Authentication.AuthenticationResponseGrant.Properties.RedirectUri
.Should().Be("http://localhost/LoggedIn");
context.Authentication.AuthenticationResponseGrant.Properties.Dictionary["Test"]
.Should().Be("TestValue");
}