Exemple #1
0
        public void SPOptionsExtensions_CreateMetadata_WithServiceCertificateConfigured()
        {
            var options = StubFactory.CreateOptions();

            options.SPOptions.ServiceCertificates.Add(new ServiceCertificate {
                Certificate = SignedXmlHelper.TestCert2
            });
            var metadata = options.SPOptions.CreateMetadata(StubFactory.CreateAuthServicesUrls());

            var spMetadata = metadata.RoleDescriptors.OfType <ServiceProviderSingleSignOnDescriptor>().Single();

            spMetadata.Should().NotBeNull();
            spMetadata.Keys.Count.Should().Be(1);
            spMetadata.Keys.Single().Use.Should().Be(KeyType.Unspecified);

            // When there is a service certificate, expose SLO endpoints.
            var sloRedirect = spMetadata.SingleLogoutServices.Single(
                slo => slo.Binding == Saml2Binding.HttpRedirectUri);

            sloRedirect.Location.Should().Be("http://localhost/AuthServices/Logout");
            sloRedirect.ResponseLocation.Should().BeNull();
            var sloPost = spMetadata.SingleLogoutServices.Single(
                slo => slo.Binding == Saml2Binding.HttpPostUri);

            sloPost.Location.Should().Be("http://localhost/AuthServices/Logout");
            sloPost.ResponseLocation.Should().BeNull();
        }
        public void AcsCommand_Run_WithReturnUrl_SuccessfulResult()
        {
            var idp     = Options.FromConfiguration.IdentityProviders.Default;
            var request = idp.CreateAuthenticateRequest(
                new Uri("http://localhost/testUrl.aspx"),
                StubFactory.CreateAuthServicesUrls());

            var response =
                @"<saml2p:Response xmlns:saml2p=""urn:oasis:names:tc:SAML:2.0:protocol""
                xmlns:saml2=""urn:oasis:names:tc:SAML:2.0:assertion""
                ID = """ + MethodBase.GetCurrentMethod().Name + @""" InResponseTo = """ + request.Id + @""" Version=""2.0"" IssueInstant=""2013-01-01T00:00:00Z"">
                <saml2:Issuer>
                    https://idp.example.com
                </saml2:Issuer>
                <saml2p:Status>
                    <saml2p:StatusCode Value=""urn:oasis:names:tc:SAML:2.0:status:Success"" />
                </saml2p:Status>
                <saml2:Assertion
                Version=""2.0"" ID=""" + MethodBase.GetCurrentMethod().Name + @"_Assertion2""
                IssueInstant=""2013-09-25T00:00:00Z"">
                    <saml2:Issuer>https://idp.example.com</saml2:Issuer>
                    <saml2:Subject>
                        <saml2:NameID>SomeUser</saml2:NameID>
                        <saml2:SubjectConfirmation Method=""urn:oasis:names:tc:SAML:2.0:cm:bearer"" />
                    </saml2:Subject>
                    <saml2:Conditions NotOnOrAfter=""2100-01-01T00:00:00Z"" />
                </saml2:Assertion>
            </saml2p:Response>";

            var responseFormValue = Convert.ToBase64String
                                        (Encoding.UTF8.GetBytes(SignedXmlHelper.SignXml(response)));
            var relayStateFormValue = request.RelayState;

            var r = new HttpRequestData(
                "POST",
                new Uri("http://localhost"),
                "/ModulePath",
                new KeyValuePair <string, string[]>[]
            {
                new KeyValuePair <string, string[]>("SAMLResponse", new string[] { responseFormValue }),
                new KeyValuePair <string, string[]>("RelayState", new string[] { relayStateFormValue })
            },
                Enumerable.Empty <KeyValuePair <string, string> >(),
                null);

            var ids = new ClaimsIdentity[] { new ClaimsIdentity("Federation"), new ClaimsIdentity("ClaimsAuthenticationManager") };

            ids[0].AddClaim(new Claim(ClaimTypes.NameIdentifier, "SomeUser", null, "https://idp.example.com"));
            ids[1].AddClaim(new Claim(ClaimTypes.Role, "RoleFromClaimsAuthManager", null, "ClaimsAuthenticationManagerStub"));

            var expected = new CommandResult()
            {
                Principal      = new ClaimsPrincipal(ids),
                HttpStatusCode = HttpStatusCode.SeeOther,
                Location       = new Uri("http://localhost/testUrl.aspx")
            };

            new AcsCommand().Run(r, StubFactory.CreateOptions())
            .ShouldBeEquivalentTo(expected, opt => opt.IgnoringCyclicReferences());
        }
        public void SPOptionsExtensions_CreateMetadata_IncludesContactPersons()
        {
            var spOptions = StubFactory.CreateSPOptions();

            var subject = spOptions.CreateMetadata(StubFactory.CreateAuthServicesUrls()).Contacts;

            subject.Should().Contain(spOptions.Contacts);
        }
        public void SPOptionsExtensions_CreateMetadata_IncludesOrganization()
        {
            var subject = StubFactory
                          .CreateSPOptions()
                          .CreateMetadata(StubFactory.CreateAuthServicesUrls())
                          .Organization;

            subject.Should().NotBeNull();
            subject.Names.First().Name.Should().Be("Kentor.AuthServices");
        }
Exemple #5
0
        public void SPOPtionsExtensions_CreateMetadata_ServiceCertificate()
        {
            var options = Options.FromConfiguration;

            options.SPOptions.ServiceCertificate = SignedXmlHelper.TestCert2;
            var metadata = options.SPOptions.CreateMetadata(StubFactory.CreateAuthServicesUrls());

            var spMetadata = metadata.RoleDescriptors.OfType <ServiceProviderSingleSignOnDescriptor>().Single();

            spMetadata.Should().NotBeNull();
            spMetadata.Keys.Count.Should().Be(1);
        }
        public void SPOptionsExtensions_CreateMetadata_MultipleServiceCertificate()
        {
            var options = StubFactory.CreateOptions();
            options.SPOptions.ServiceCertificates.Add(new ServiceCertificate { Certificate = SignedXmlHelper.TestCert2, Use = CertificateUse.Encryption });
            options.SPOptions.ServiceCertificates.Add(new ServiceCertificate { Certificate = SignedXmlHelper.TestCert2, Use = CertificateUse.Signing });
            var metadata = options.SPOptions.CreateMetadata(StubFactory.CreateAuthServicesUrls());

            var spMetadata = metadata.RoleDescriptors.OfType<ServiceProviderSingleSignOnDescriptor>().Single();
            spMetadata.Should().NotBeNull();
            spMetadata.Keys.Count.Should().Be(2);
            spMetadata.Keys.Where(k => k.Use == KeyType.Encryption).Count().Should().Be(1);
            spMetadata.Keys.Where(k => k.Use == KeyType.Signing).Count().Should().Be(1);
        }
        public void SPOptionsExtensions_CreateMetadata_ServiceCertificate()
        {
            var options = StubFactory.CreateOptions();

            options.SPOptions.ServiceCertificates.Add(new ServiceCertificate {
                Certificate = SignedXmlHelper.TestCert2
            });
            var metadata = options.SPOptions.CreateMetadata(StubFactory.CreateAuthServicesUrls());

            var spMetadata = metadata.RoleDescriptors.OfType <ServiceProviderSingleSignOnDescriptor>().Single();

            spMetadata.Should().NotBeNull();
            spMetadata.Keys.Count.Should().Be(1);
            spMetadata.Keys.First().Use.Should().Be(KeyType.Unspecified);
        }
        public void SPOPtionsExtensions_CreateMetadata_RequiredFields()
        {
            var metadata = Options.FromConfiguration.SPOptions.CreateMetadata(StubFactory.CreateAuthServicesUrls());

            metadata.CacheDuration.Should().Be(new TimeSpan(0, 0, 42));
            metadata.EntityId.Id.Should().Be("https://github.com/KentorIT/authservices");

            var spMetadata = metadata.RoleDescriptors.OfType <ServiceProviderSingleSignOnDescriptor>().Single();

            spMetadata.Should().NotBeNull();

            var acs = spMetadata.AssertionConsumerServices.First().Value;

            acs.Index.Should().Be(0);
            acs.IsDefault.Should().HaveValue();
            acs.Binding.ToString().Should().Be("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
            acs.Location.ToString().Should().Be("http://localhost/AuthServices/Acs");
        }
        public void SPOptionsExtensions_CreateMetadata_IncludeAttributeConsumingService()
        {
            var spOptions = StubFactory.CreateSPOptions();
            var urls      = StubFactory.CreateAuthServicesUrls();

            var attributeConsumingService = new AttributeConsumingService("Name");

            spOptions.AttributeConsumingServices.Clear();
            spOptions.AttributeConsumingServices.Add(attributeConsumingService);
            attributeConsumingService.RequestedAttributes.Add(new RequestedAttribute("AttributeName"));

            var subject = spOptions
                          .CreateMetadata(urls)
                          .RoleDescriptors
                          .Cast <ExtendedServiceProviderSingleSignOnDescriptor>()
                          .First();

            subject.AttributeConsumingServices.First().Should().BeSameAs(attributeConsumingService);
        }
Exemple #10
0
        public void SPOptionsExtensions_CreateMetadata_IncludeDiscoveryServiceResponse()
        {
            var spOptions = StubFactory.CreateSPOptions();
            var urls      = StubFactory.CreateAuthServicesUrls();

            spOptions.DiscoveryServiceUrl = new Uri("http://ds.example.com");

            var subject = spOptions.CreateMetadata(urls).Extensions.DiscoveryResponse;

            var expected = new IndexedProtocolEndpoint
            {
                Binding   = Saml2Binding.DiscoveryResponseUri,
                Index     = 0,
                IsDefault = true,
                Location  = urls.SignInUrl
            };

            subject.ShouldBeEquivalentTo(expected);
        }
Exemple #11
0
        public void SignInCommand_Run_MapsReturnUrl()
        {
            var defaultDestination = Options.FromConfiguration.IdentityProviders.Default.SingleSignOnServiceUrl;

            var httpRequest = new HttpRequestData("GET", new Uri("http://localhost/signin?ReturnUrl=%2FReturn.aspx"));

            var subject = new SignInCommand().Run(httpRequest, Options.FromConfiguration);

            var idp = Options.FromConfiguration.IdentityProviders.Default;

            var authnRequest = idp.CreateAuthenticateRequest(null, StubFactory.CreateAuthServicesUrls());

            var requestId = AuthnRequestHelper.GetRequestId(subject.Location);

            StoredRequestState storedAuthnData;

            idp.PendingAuthStorageContainer.TryRemove(new System.IdentityModel.Tokens.Saml2Id(requestId), out storedAuthnData);

            storedAuthnData.ReturnUrl.Should().Be("http://localhost/Return.aspx");
        }