public void PendingAuthnRequests_Remove_FalseOnIdNeverIssued()
{
var relayState = RelayStateGenerator.CreateSecureKey();
StoredRequestState responseData;
PendingAuthnRequests.TryRemove(relayState, out responseData).Should().BeFalse();
}
public void PendingAuthnRequests_Add_ThrowsOnExisting()
{
var relayState = RelayStateGenerator.CreateSecureKey();
var requestData = new StoredRequestState(
new EntityId("testidp"),
new Uri("http://localhost/Return.aspx"),
new Saml2Id());
PendingAuthnRequests.Add(relayState, requestData);
Action a = () => PendingAuthnRequests.Add(relayState, requestData);
a.ShouldThrow <InvalidOperationException>();
}
public void PendingAuthnRequests_Remove_FalseOnRemovedTwice()
{
var relayState = RelayStateGenerator.CreateSecureKey();
var requestData = new StoredRequestState(
new EntityId("testidp"),
new Uri("http://localhost/Return.aspx"),
new Saml2Id());
StoredRequestState responseData;
PendingAuthnRequests.Add(relayState, requestData);
PendingAuthnRequests.TryRemove(relayState, out responseData).Should().BeTrue();
PendingAuthnRequests.TryRemove(relayState, out responseData).Should().BeFalse();
}
public void PendingAuthnRequests_AddRemove()
{
var relayState = RelayStateGenerator.CreateSecureKey();
var saml2Id = new Saml2Id();
var requestData = new StoredRequestState(new EntityId("testidp"), new Uri("http://localhost/Return.aspx"), saml2Id);
PendingAuthnRequests.Add(relayState, requestData);
StoredRequestState responseData;
PendingAuthnRequests.TryRemove(relayState, out responseData).Should().BeTrue();
responseData.Should().Be(requestData);
responseData.Idp.Id.Should().Be("testidp");
responseData.ReturnUrl.Should().Be("http://localhost/Return.aspx");
responseData.MessageId.Should().Be(saml2Id);
}
public void RelayStateGenerator_GetSecureKey()
{
// Loop until we've seen the replacement work.
var containedDash = false;
var containedUnderscore = false;
for (int i = 0; !containedDash || !containedUnderscore; i++)
{
i.Should().BeLessThan(1000, because: "if replacement works, we should have found the replacement characters sooner");
var result = RelayStateGenerator.CreateSecureKey();
// Can't really test a random algo any better than expecting a
// specific length of the result and the right chars.
result.Length.Should().Be(56);
containedDash = containedDash || result.Contains("-");
containedUnderscore = containedUnderscore || result.Contains("_");
// Resulting string should not need to be URL encoded.
result.Should().MatchRegex("^[A-Za-z0-9\\-_]*$");
}
}
/// <summary>
/// Default constructor
/// </summary>
public Saml2AuthenticationRequest()
{
RelayState = RelayStateGenerator.CreateSecureKey();
}
public async Task KentorAuthServicesAuthenticationMiddleware_AcsWorks()
{
var context = OwinTestHelpers.CreateOwinContext();
context.Request.Method = "POST";
var state = new StoredRequestState(new EntityId("https://idp.example.com"),
new Uri("http://localhost/LoggedIn"),
new Saml2Id(MethodBase.GetCurrentMethod().Name + "RequestID"),
new AuthenticationProperties());
((AuthenticationProperties)state.RelayData).RedirectUri = state.ReturnUrl.OriginalString;
((AuthenticationProperties)state.RelayData).Dictionary["Test"] = "TestValue";
var relayState = RelayStateGenerator.CreateSecureKey();
PendingAuthnRequests.Add(relayState, state);
var response =
@"<saml2p:Response xmlns:saml2p=""urn:oasis:names:tc:SAML:2.0:protocol""
xmlns:saml2=""urn:oasis:names:tc:SAML:2.0:assertion""
ID = """ + MethodBase.GetCurrentMethod().Name + @""" Version=""2.0""
IssueInstant=""2013-01-01T00:00:00Z"" InResponseTo=""" + MethodBase.GetCurrentMethod().Name + @"RequestID"" >
<saml2:Issuer>
https://idp.example.com
</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode Value=""urn:oasis:names:tc:SAML:2.0:status:Success"" />
</saml2p:Status>
<saml2:Assertion
Version=""2.0"" ID=""" + MethodBase.GetCurrentMethod().Name + @"_Assertion1""
IssueInstant=""2013-09-25T00:00:00Z"">
<saml2:Issuer>https://idp.example.com</saml2:Issuer>
<saml2:Subject>
<saml2:NameID>SomeUser</saml2:NameID>
<saml2:SubjectConfirmation Method=""urn:oasis:names:tc:SAML:2.0:cm:bearer"" />
</saml2:Subject>
<saml2:Conditions NotOnOrAfter=""2100-01-01T00:00:00Z"" />
</saml2:Assertion>
</saml2p:Response>";
var bodyData = new KeyValuePair <string, string>[] {
new KeyValuePair <string, string>("SAMLResponse",
Convert.ToBase64String(Encoding.UTF8.GetBytes(SignedXmlHelper.SignXml(response)))),
new KeyValuePair <string, string>("RelayState", relayState)
};
var encodedBodyData = new FormUrlEncodedContent(bodyData);
context.Request.Body = encodedBodyData.ReadAsStreamAsync().Result;
context.Request.ContentType = encodedBodyData.Headers.ContentType.ToString();
context.Request.Host = new HostString("localhost");
context.Request.Path = new PathString("/AuthServices/Acs");
var signInAsAuthenticationType = "AuthType";
var ids = new ClaimsIdentity[] { new ClaimsIdentity(signInAsAuthenticationType),
new ClaimsIdentity(signInAsAuthenticationType) };
ids[0].AddClaim(new Claim(ClaimTypes.NameIdentifier, "SomeUser", null, "https://idp.example.com"));
ids[1].AddClaim(new Claim(ClaimTypes.Role, "RoleFromClaimsAuthManager",
null, "ClaimsAuthenticationManagerStub"));
var middleware = new KentorAuthServicesAuthenticationMiddleware(null, CreateAppBuilder(),
StubFactory.CreateOwinOptions());
await middleware.Invoke(context);
context.Response.StatusCode.Should().Be(302);
context.Response.Headers["Location"].Should().Be("http://localhost/LoggedIn");
context.Authentication.AuthenticationResponseGrant.Principal.Identities
.ShouldBeEquivalentTo(ids, opt => opt.IgnoringCyclicReferences());
context.Authentication.AuthenticationResponseGrant.Properties.RedirectUri
.Should().Be("http://localhost/LoggedIn");
context.Authentication.AuthenticationResponseGrant.Properties.Dictionary["Test"]
.Should().Be("TestValue");
}
