public void AcsCommand_Run_WithReturnUrl_SuccessfulResult_ClearSecureCookie() { var idp = Options.FromConfiguration.IdentityProviders.Default; var response = @"<saml2p:Response xmlns:saml2p=""urn:oasis:names:tc:SAML:2.0:protocol"" xmlns:saml2=""urn:oasis:names:tc:SAML:2.0:assertion"" ID = """ + MethodBase.GetCurrentMethod().Name + @""" InResponseTo = ""InResponseToId"" Version=""2.0"" IssueInstant=""2013-01-01T00:00:00Z""> <saml2:Issuer> https://idp.example.com </saml2:Issuer> <saml2p:Status> <saml2p:StatusCode Value=""urn:oasis:names:tc:SAML:2.0:status:Success"" /> </saml2p:Status> <saml2:Assertion Version=""2.0"" ID=""" + MethodBase.GetCurrentMethod().Name + @"_Assertion2"" IssueInstant=""2013-09-25T00:00:00Z""> <saml2:Issuer>https://idp.example.com</saml2:Issuer> <saml2:Subject> <saml2:NameID>SomeUser</saml2:NameID> <saml2:SubjectConfirmation Method=""urn:oasis:names:tc:SAML:2.0:cm:bearer"" /> </saml2:Subject> <saml2:Conditions NotOnOrAfter=""2100-01-01T00:00:00Z"" /> </saml2:Assertion> </saml2p:Response>"; var responseFormValue = Convert.ToBase64String (Encoding.UTF8.GetBytes(SignedXmlHelper.SignXml(response))); var relayStateFormValue = "rs1234"; var r = new HttpRequestData( "POST", new Uri("https://localhost"), "/ModulePath", new KeyValuePair <string, IEnumerable <string> >[] { new KeyValuePair <string, IEnumerable <string> >("SAMLResponse", new string[] { responseFormValue }), new KeyValuePair <string, IEnumerable <string> >("RelayState", new string[] { relayStateFormValue }) }, new StoredRequestState( new EntityId("https://idp.example.com"), new Uri("http://localhost/testUrl.aspx"), new Saml2Id("InResponseToId"), null) ); var options = StubFactory.CreateOptions(); options.SPOptions.ReturnUrl = null; var actual = new AcsCommand().Run(r, options); actual.SetCookieSecureFlag.Should().BeTrue(); }
public void AcsCommand_Run_UsesBindingFromNotification() { var options = StubFactory.CreateOptions(); options.Notifications.GetBinding = r => new StubSaml2Binding(); var subject = new AcsCommand(); subject.Invoking(s => s.Run(new HttpRequestData("GET", new Uri("http://host")), options)) .ShouldThrow <NotImplementedException>() .WithMessage("StubSaml2Binding.*"); }
public void AcsCommand_Run_SessionNotOnOrAfterNullIfNotSpecifiedInResponse() { var messageId = MethodBase.GetCurrentMethod().Name; var response = $@"<saml2p:Response xmlns:saml2p=""urn:oasis:names:tc:SAML:2.0:protocol"" xmlns:saml2=""urn:oasis:names:tc:SAML:2.0:assertion"" ID = ""{messageId}"" Version=""2.0"" IssueInstant=""2013-01-01T00:00:00Z""> <saml2:Issuer> https://idp.example.com </saml2:Issuer> <saml2p:Status> <saml2p:StatusCode Value=""urn:oasis:names:tc:SAML:2.0:status:Success"" /> </saml2p:Status> <saml2:Assertion Version=""2.0"" ID=""{messageId}_Assertion"" IssueInstant=""2013-09-25T00:00:00Z""> <saml2:Issuer>https://idp.example.com</saml2:Issuer> <saml2:Subject> <saml2:NameID>SomeUser</saml2:NameID> <saml2:SubjectConfirmation Method=""urn:oasis:names:tc:SAML:2.0:cm:bearer"" /> </saml2:Subject> <saml2:Conditions NotOnOrAfter=""2100-01-01T00:00:00Z"" /> <saml2:AuthnStatement AuthnInstant=""{DateTime.UtcNow.ToSaml2DateTimeString()}""> <saml2:AuthnContext> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef> </saml2:AuthnContext> </saml2:AuthnStatement> </saml2:Assertion> </saml2p:Response>"; var formValue = Convert.ToBase64String(Encoding.UTF8.GetBytes( SignedXmlHelper.SignXml(response))); var requestData = new HttpRequestData( "POST", new Uri("http://localhost"), "/ModulePath", new KeyValuePair <string, string[]>[] { new KeyValuePair <string, string[]>("SAMLResponse", new string[] { formValue }) }, null); var options = StubFactory.CreateOptions(); var subject = new AcsCommand(); var actual = subject.Run(requestData, options); actual.SessionNotOnOrAfter.Should().NotHaveValue(); }
public void AcsCommand_Run_UsesIdpFromNotification() { var messageId = MethodBase.GetCurrentMethod().Name; var response = $@"<saml2p:Response xmlns:saml2p=""urn:oasis:names:tc:SAML:2.0:protocol"" xmlns:saml2=""urn:oasis:names:tc:SAML:2.0:assertion"" ID = ""{messageId}"" Version=""2.0"" InResponseTo=""InResponseToID"" IssueInstant=""2013-01-01T00:00:00Z""> <saml2:Issuer> https://other.idp.example.com </saml2:Issuer> <saml2p:Status> <saml2p:StatusCode Value=""urn:oasis:names:tc:SAML:2.0:status:Success"" /> </saml2p:Status> <saml2:Assertion Version=""2.0"" ID=""{messageId}_Assertion"" IssueInstant=""2013-09-25T00:00:00Z""> <saml2:Issuer>https://other.idp.example.com</saml2:Issuer> <saml2:Subject> <saml2:NameID>SomeUser</saml2:NameID> <saml2:SubjectConfirmation Method=""urn:oasis:names:tc:SAML:2.0:cm:bearer"" /> </saml2:Subject> <saml2:Conditions NotOnOrAfter=""2100-01-01T00:00:00Z"" /> <saml2:AuthnStatement AuthnInstant=""{DateTime.UtcNow.ToSaml2DateTimeString()}""> <saml2:AuthnContext> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef> </saml2:AuthnContext> </saml2:AuthnStatement> </saml2:Assertion> </saml2p:Response>"; var formValue = Convert.ToBase64String(Encoding.UTF8.GetBytes( SignedXmlHelper.SignXml(response))); var relayData = new Dictionary <string, string> { { "key", "value" } }; var requestData = new HttpRequestData( "POST", new Uri("http://localhost"), "/ModulePath", new KeyValuePair <string, IEnumerable <string> >[] { new KeyValuePair <string, IEnumerable <string> >("SAMLResponse", new string[] { formValue }) }, new StoredRequestState( new EntityId("https://other.idp.example.com"), new Uri("http://localhost/testUrl.aspx"), new Saml2Id("InResponseToID"), relayData)); var options = StubFactory.CreateOptions(); options.Notifications.GetIdentityProvider = (idpEntityId, rd, opt) => { idpEntityId.Id.Should().Be("https://other.idp.example.com"); rd["key"].Should().Be("value"); var idp = new IdentityProvider(new EntityId("https://other.idp.example.com"), options.SPOptions); idp.SigningKeys.AddConfiguredKey(SignedXmlHelper.TestCert); return(idp); }; var subject = new AcsCommand(); var actual = subject.Run(requestData, options); actual.Principal.Claims.First().Issuer.Should().Be("https://other.idp.example.com"); }