public void PendingAuthnRequests_Remove_FalseOnIdNeverIssued() { var relayState = RelayStateGenerator.CreateSecureKey(); StoredRequestState responseData; PendingAuthnRequests.TryRemove(relayState, out responseData).Should().BeFalse(); }
public void PendingAuthnRequests_Add_ThrowsOnExisting() { var relayState = RelayStateGenerator.CreateSecureKey(); var requestData = new StoredRequestState( new EntityId("testidp"), new Uri("http://localhost/Return.aspx"), new Saml2Id()); PendingAuthnRequests.Add(relayState, requestData); Action a = () => PendingAuthnRequests.Add(relayState, requestData); a.ShouldThrow <InvalidOperationException>(); }
public void PendingAuthnRequests_Remove_FalseOnRemovedTwice() { var relayState = RelayStateGenerator.CreateSecureKey(); var requestData = new StoredRequestState( new EntityId("testidp"), new Uri("http://localhost/Return.aspx"), new Saml2Id()); StoredRequestState responseData; PendingAuthnRequests.Add(relayState, requestData); PendingAuthnRequests.TryRemove(relayState, out responseData).Should().BeTrue(); PendingAuthnRequests.TryRemove(relayState, out responseData).Should().BeFalse(); }
public void PendingAuthnRequests_AddRemove() { var relayState = RelayStateGenerator.CreateSecureKey(); var saml2Id = new Saml2Id(); var requestData = new StoredRequestState(new EntityId("testidp"), new Uri("http://localhost/Return.aspx"), saml2Id); PendingAuthnRequests.Add(relayState, requestData); StoredRequestState responseData; PendingAuthnRequests.TryRemove(relayState, out responseData).Should().BeTrue(); responseData.Should().Be(requestData); responseData.Idp.Id.Should().Be("testidp"); responseData.ReturnUrl.Should().Be("http://localhost/Return.aspx"); responseData.MessageId.Should().Be(saml2Id); }
public void RelayStateGenerator_GetSecureKey() { // Loop until we've seen the replacement work. var containedDash = false; var containedUnderscore = false; for (int i = 0; !containedDash || !containedUnderscore; i++) { i.Should().BeLessThan(1000, because: "if replacement works, we should have found the replacement characters sooner"); var result = RelayStateGenerator.CreateSecureKey(); // Can't really test a random algo any better than expecting a // specific length of the result and the right chars. result.Length.Should().Be(56); containedDash = containedDash || result.Contains("-"); containedUnderscore = containedUnderscore || result.Contains("_"); // Resulting string should not need to be URL encoded. result.Should().MatchRegex("^[A-Za-z0-9\\-_]*$"); } }
/// <summary> /// Default constructor /// </summary> public Saml2AuthenticationRequest() { RelayState = RelayStateGenerator.CreateSecureKey(); }
public async Task KentorAuthServicesAuthenticationMiddleware_AcsWorks() { var context = OwinTestHelpers.CreateOwinContext(); context.Request.Method = "POST"; var state = new StoredRequestState(new EntityId("https://idp.example.com"), new Uri("http://localhost/LoggedIn"), new Saml2Id(MethodBase.GetCurrentMethod().Name + "RequestID"), new AuthenticationProperties()); ((AuthenticationProperties)state.RelayData).RedirectUri = state.ReturnUrl.OriginalString; ((AuthenticationProperties)state.RelayData).Dictionary["Test"] = "TestValue"; var relayState = RelayStateGenerator.CreateSecureKey(); PendingAuthnRequests.Add(relayState, state); var response = @"<saml2p:Response xmlns:saml2p=""urn:oasis:names:tc:SAML:2.0:protocol"" xmlns:saml2=""urn:oasis:names:tc:SAML:2.0:assertion"" ID = """ + MethodBase.GetCurrentMethod().Name + @""" Version=""2.0"" IssueInstant=""2013-01-01T00:00:00Z"" InResponseTo=""" + MethodBase.GetCurrentMethod().Name + @"RequestID"" > <saml2:Issuer> https://idp.example.com </saml2:Issuer> <saml2p:Status> <saml2p:StatusCode Value=""urn:oasis:names:tc:SAML:2.0:status:Success"" /> </saml2p:Status> <saml2:Assertion Version=""2.0"" ID=""" + MethodBase.GetCurrentMethod().Name + @"_Assertion1"" IssueInstant=""2013-09-25T00:00:00Z""> <saml2:Issuer>https://idp.example.com</saml2:Issuer> <saml2:Subject> <saml2:NameID>SomeUser</saml2:NameID> <saml2:SubjectConfirmation Method=""urn:oasis:names:tc:SAML:2.0:cm:bearer"" /> </saml2:Subject> <saml2:Conditions NotOnOrAfter=""2100-01-01T00:00:00Z"" /> </saml2:Assertion> </saml2p:Response>"; var bodyData = new KeyValuePair <string, string>[] { new KeyValuePair <string, string>("SAMLResponse", Convert.ToBase64String(Encoding.UTF8.GetBytes(SignedXmlHelper.SignXml(response)))), new KeyValuePair <string, string>("RelayState", relayState) }; var encodedBodyData = new FormUrlEncodedContent(bodyData); context.Request.Body = encodedBodyData.ReadAsStreamAsync().Result; context.Request.ContentType = encodedBodyData.Headers.ContentType.ToString(); context.Request.Host = new HostString("localhost"); context.Request.Path = new PathString("/AuthServices/Acs"); var signInAsAuthenticationType = "AuthType"; var ids = new ClaimsIdentity[] { new ClaimsIdentity(signInAsAuthenticationType), new ClaimsIdentity(signInAsAuthenticationType) }; ids[0].AddClaim(new Claim(ClaimTypes.NameIdentifier, "SomeUser", null, "https://idp.example.com")); ids[1].AddClaim(new Claim(ClaimTypes.Role, "RoleFromClaimsAuthManager", null, "ClaimsAuthenticationManagerStub")); var middleware = new KentorAuthServicesAuthenticationMiddleware(null, CreateAppBuilder(), StubFactory.CreateOwinOptions()); await middleware.Invoke(context); context.Response.StatusCode.Should().Be(302); context.Response.Headers["Location"].Should().Be("http://localhost/LoggedIn"); context.Authentication.AuthenticationResponseGrant.Principal.Identities .ShouldBeEquivalentTo(ids, opt => opt.IgnoringCyclicReferences()); context.Authentication.AuthenticationResponseGrant.Properties.RedirectUri .Should().Be("http://localhost/LoggedIn"); context.Authentication.AuthenticationResponseGrant.Properties.Dictionary["Test"] .Should().Be("TestValue"); }