public async Task ShouldReturnBadRequestWhenInvalidSAMLRequestInPOST()
{
var responseGenerator = new SignInResponseGenerator(new NullLogger <SignInResponseGenerator>(),
_relyingPartyStore,
_profileManager,
_keyManager,
_options
);
var middleware = new Saml20Middleware(
next: (innerHttpContext) =>
{
return(Task.CompletedTask);
},
_logger,
_relyingPartyStore,
responseGenerator,
new SamlResponseSerializer(),
_options
);
var context = new DefaultHttpContext();
context.Request.Path = "/saml20/";
context.Request.Method = "POST";
context.Request.Form = new FormCollection(new Dictionary <string, StringValues>());
context.Response.Body = new MemoryStream();
await middleware.Invoke(context);
Assert.Equal(400, context.Response.StatusCode);
}
public async Task ShouldReturnMethodNotAllowed()
{
var responseGenerator = new SignInResponseGenerator(new NullLogger <SignInResponseGenerator>(),
_relyingPartyStore,
_profileManager,
_keyManager,
_options
);
var middleware = new Saml20Middleware(
next: (innerHttpContext) =>
{
return(Task.CompletedTask);
},
_logger,
_relyingPartyStore,
responseGenerator,
new SamlResponseSerializer(),
_options
);
var context = new DefaultHttpContext();
context.Request.Path = "/saml20/";
context.Request.Method = "PUT";
context.Response.Body = new MemoryStream();
await middleware.Invoke(context);
Assert.Equal(405, context.Response.StatusCode);
}
public WsFedMiddleware(RequestDelegate next,
ILogger <WsFedMiddleware> logger,
IRelyingPartyStore relyingPartyStore,
SignInResponseGenerator responseGenerator,
WsTrustSerializer serializer,
IOptions <FederationGatewayOptions> options)
{
if (next == null)
{
throw new ArgumentNullException(nameof(next));
}
if (relyingPartyStore == null)
{
throw new ArgumentNullException(nameof(relyingPartyStore));
}
if (responseGenerator == null)
{
throw new ArgumentNullException(nameof(responseGenerator));
}
if (serializer == null)
{
throw new ArgumentNullException(nameof(serializer));
}
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
_next = next;
_logger = logger;
_relyingPartyStore = relyingPartyStore;
_responseGenerator = responseGenerator;
_serializer = serializer;
_options = options.Value;
}
public async Task ShouldGenerateToken()
{
var responseGenerator = new SignInResponseGenerator(_logger,
_relyingPartyStore,
_profileManager,
_keyManager,
_options
);
var response = await responseGenerator.GenerateSignInResponse(new SignInRequest
{
Realm = "urn:test",
User = new ClaimsPrincipal(new List <ClaimsIdentity>
{
new ClaimsIdentity(new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, "john foo")
}, "federated")
}),
Parameters = new Dictionary <string, string>()
{
}
});
Assert.NotNull(response.Token);
}
public WsFederationController(SignInValidator validator, SignInResponseGenerator signInResponseGenerator, MetadataResponseGenerator metadataResponseGenerator, ITrackingCookieService cookies, WsFederationPluginOptions wsFedOptions)
{
_validator = validator;
_signInResponseGenerator = signInResponseGenerator;
_metadataResponseGenerator = metadataResponseGenerator;
_cookies = cookies;
_wsFedOptions = wsFedOptions;
}
public WsFederationController(IdentityServerOptions options, IUserService users, SignInValidator validator, SignInResponseGenerator signInResponseGenerator, MetadataResponseGenerator metadataResponseGenerator, ITrackingCookieService cookies, WsFederationPluginOptions wsFedOptions)
{
_options = options;
_validator = validator;
_signInResponseGenerator = signInResponseGenerator;
_metadataResponseGenerator = metadataResponseGenerator;
_cookies = cookies;
_wsFedOptions = wsFedOptions;
}
public WsFederationController(CoreSettings settings, IUserService users, ILogger logger, SignInValidator validator, SignInResponseGenerator signInResponseGenerator, MetadataResponseGenerator metadataResponseGenerator, ICookieService cookies)
{
_settings = settings;
_logger = logger;
_validator = validator;
_signInResponseGenerator = signInResponseGenerator;
_metadataResponseGenerator = metadataResponseGenerator;
_cookies = cookies;
}
public WsFederationController(CoreSettings settings, IUserService users, SignInValidator validator, SignInResponseGenerator signInResponseGenerator, MetadataResponseGenerator metadataResponseGenerator, ITrackingCookieService cookies, InternalConfiguration internalConfig, WsFederationPluginOptions wsFedOptions)
{
_settings = settings;
_internalConfig = internalConfig;
_wsfedOptions = wsFedOptions;
_validator = validator;
_signInResponseGenerator = signInResponseGenerator;
_metadataResponseGenerator = metadataResponseGenerator;
_cookies = cookies;
}
public async Task ShouldGenerateSAMLResponseFromPOST()
{
var responseGenerator = new SignInResponseGenerator(new NullLogger <SignInResponseGenerator>(),
_relyingPartyStore,
_profileManager,
_keyManager,
_options
);
var middleware = new Saml20Middleware(
next: (innerHttpContext) =>
{
return(Task.CompletedTask);
},
_logger,
_relyingPartyStore,
responseGenerator,
new SamlResponseSerializer(),
_options
);
var context = new DefaultHttpContext();
var requestBody = new Dictionary <string, StringValues>();
requestBody.Add("SAMLRequest", new StringValues("PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxzYW1scDpBdXRoblJlcXVlc3QgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgSUQ9ImlnZmtsb2xsa2Jvb2psYmhpZWluaGtuZm1nY2xkbWlhcGZnY2draGMiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDIwLTA0LTA5VDEzOjU1OjMyWiIgUHJvdG9jb2xCaW5kaW5nPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YmluZGluZ3M6SFRUUC1QT1NUIiBQcm92aWRlck5hbWU9Imdvb2dsZS5jb20iIElzUGFzc2l2ZT0iZmFsc2UiIEFzc2VydGlvbkNvbnN1bWVyU2VydmljZVVSTD0iaHR0cHM6Ly9sb2NhbGhvc3QvdGVzdCI + PHNhbWw6SXNzdWVyIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPnVybjp0ZXN0PC9zYW1sOklzc3Vlcj48c2FtbHA6TmFtZUlEUG9saWN5IEFsbG93Q3JlYXRlPSJ0cnVlIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OnVuc3BlY2lmaWVkIiAvPjwvc2FtbHA6QXV0aG5SZXF1ZXN0Pg0K"));
context.Request.Form = new FormCollection(requestBody);
context.Request.ContentType = "application/x-www-form-urlencoded";
context.Request.Path = "/saml20/";
context.Request.Method = "POST";
context.Response.Body = new MemoryStream();
context.User = new ClaimsPrincipal(new List <ClaimsIdentity>
{
new ClaimsIdentity(new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, "john foo")
}, "federated")
});
await middleware.Invoke(context);
var body = ((MemoryStream)context.Response.Body).ToArray();
Assert.Equal(200, context.Response.StatusCode);
Assert.True(body.Length > 0);
}
public async Task ShouldSerializeToken()
{
var responseGenerator = new SignInResponseGenerator(_logger,
_relyingPartyStore,
_profileManager,
_keyManager,
_options
);
var response = await responseGenerator.GenerateSignInResponse(new SignInRequest
{
Realm = "urn:test",
User = new ClaimsPrincipal(new List <ClaimsIdentity>
{
new ClaimsIdentity(new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, "john foo")
})
}),
Parameters = new Dictionary <string, string>()
{
}
});
var sb = new StringBuilder();
var xmlWriter = XmlWriter.Create(new StringWriter(sb), new XmlWriterSettings {
Encoding = Encoding.UTF8
});
var serializer = new WsTrustSerializer();
var wsTrust = new WsTrustRequestSecurityTokenResponse();
wsTrust.LifeTime = new WsTrustLifetime
{
Expires = DateTime.Now.AddHours(8),
Created = DateTime.Now
};
wsTrust.AppliesTo = new Uri("urn:test");
wsTrust.RequestedSecurityToken = (Saml2SecurityToken)response.Token;
serializer.Serialize(xmlWriter, wsTrust);
xmlWriter.Flush();
Assert.True(sb.ToString().Length > 0);
}
public async Task ShouldGenerateSAMLResponseFromGet()
{
var responseGenerator = new SignInResponseGenerator(new NullLogger <SignInResponseGenerator>(),
_relyingPartyStore,
_profileManager,
_keyManager,
_options
);
var middleware = new Saml20Middleware(
next: (innerHttpContext) =>
{
return(Task.CompletedTask);
},
_logger,
_relyingPartyStore,
responseGenerator,
new SamlResponseSerializer(),
_options
);
var context = new DefaultHttpContext();
context.Request.Path = "/saml20/";
context.Request.QueryString = new QueryString("?SAMLRequest=fZJPT8MwDMXvSHyHKPeu3QAJorVogBCT%2BFNthQO3LHXbsDQucTrg25N2IMEBri%2FPfj87np%2B%2Ft4btwJFGm%2FLpJOEMrMJS2zrlj8V1dMrPs8ODOcnWdGLR%2B8au4LUH8ixUWhLjQ8p7ZwVK0iSsbIGEV2K9uLsVs0kiOoceFRrOllcp13W1NWjMdoP4YjaNBm2bra3aWpmy1bKralVvG8XZ0zfWbMBaEvWwtOSl9UFKZkmUHEfJWTE9Eicn4mj2zFn%2BlXSh7X6C%2F7A2exOJm6LIo%2FxhXYwNdroEdx%2FcKa8RawMThe0Qn0sivQtyJQ0BZwsicD4AXqKlvgW3BrfTCh5XtylvvO9IxLFBJU2D5GMfdsazcZFinMX92OD%2FpPI7iWeDbeg0j380yr6%2BZ6BeXuVotPpgC2Pw7dKB9AHZuz4QX6Nrpf87azqZjoouo2q0it5SB0pXGkrO4myf%2BvsOwnV8Ag%3D%3D");
context.Request.Method = "GET";
context.Response.Body = new MemoryStream();
context.User = new ClaimsPrincipal(new List <ClaimsIdentity>
{
new ClaimsIdentity(new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, "john foo")
}, "federated")
});
await middleware.Invoke(context);
var body = ((MemoryStream)context.Response.Body).ToArray();
Assert.Equal(200, context.Response.StatusCode);
Assert.True(body.Length > 0);
}
public async Task ShouldGenerateSAMLResponseFromIDPInitiated()
{
var responseGenerator = new SignInResponseGenerator(new NullLogger <SignInResponseGenerator>(),
_relyingPartyStore,
_profileManager,
_keyManager,
_options
);
var middleware = new Saml20Middleware(
next: (innerHttpContext) =>
{
return(Task.CompletedTask);
},
_logger,
_relyingPartyStore,
responseGenerator,
new SamlResponseSerializer(),
_options
);
var context = new DefaultHttpContext();
context.Request.Path = "/saml20/idpinitiated";
context.Request.QueryString = new QueryString("?realm=urn:test");
context.Request.Method = "GET";
context.Response.Body = new MemoryStream();
context.User = new ClaimsPrincipal(new List <ClaimsIdentity>
{
new ClaimsIdentity(new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, "john foo")
}, "federated")
});
await middleware.Invoke(context);
var body = ((MemoryStream)context.Response.Body).ToArray();
Assert.Equal(200, context.Response.StatusCode);
Assert.True(body.Length > 0);
}
public WsFederationController(
SignInValidator validator,
SignInResponseGenerator signInResponseGenerator,
MetadataResponseGenerator metadataResponseGenerator,
ITrackingCookieService cookies,
WsFederationPluginOptions wsFedOptions,
IRedirectUriValidator redirectUriValidator,
SignOutValidator signOutValidator,
Core.Services.OwinEnvironmentService environment)
{
_validator = validator;
_signInResponseGenerator = signInResponseGenerator;
_metadataResponseGenerator = metadataResponseGenerator;
_cookies = cookies;
_wsFedOptions = wsFedOptions;
_redirectUriValidator = redirectUriValidator;
_signOutValidator = signOutValidator;
_events = environment.Environment.ResolveDependency <Core.Services.IEventService>() ?? new DefaultEventService();
}
public async Task ShouldRedirectIfUserNotAuthenticated()
{
var serviceProviderMock = new Mock <IServiceProvider>();
serviceProviderMock
.Setup(_ => _.GetService(typeof(IAuthenticationService)))
.Returns(new MyAuthenticationService());
var responseGenerator = new SignInResponseGenerator(new NullLogger <SignInResponseGenerator>(),
_relyingPartyStore,
_profileManager,
_keyManager,
_options
);
var middleware = new Saml20Middleware(
next: (innerHttpContext) =>
{
return(Task.CompletedTask);
},
_logger,
_relyingPartyStore,
responseGenerator,
new SamlResponseSerializer(),
_options
);
var context = new DefaultHttpContext
{
RequestServices = serviceProviderMock.Object
};
context.Request.Path = "/saml20/";
context.Request.QueryString = new QueryString("?SAMLRequest=fZJPT8MwDMXvSHyHKPeu3QAJorVogBCT%2BFNthQO3LHXbsDQucTrg25N2IMEBri%2FPfj87np%2B%2Ft4btwJFGm%2FLpJOEMrMJS2zrlj8V1dMrPs8ODOcnWdGLR%2B8au4LUH8ixUWhLjQ8p7ZwVK0iSsbIGEV2K9uLsVs0kiOoceFRrOllcp13W1NWjMdoP4YjaNBm2bra3aWpmy1bKralVvG8XZ0zfWbMBaEvWwtOSl9UFKZkmUHEfJWTE9Eicn4mj2zFn%2BlXSh7X6C%2F7A2exOJm6LIo%2FxhXYwNdroEdx%2FcKa8RawMThe0Qn0sivQtyJQ0BZwsicD4AXqKlvgW3BrfTCh5XtylvvO9IxLFBJU2D5GMfdsazcZFinMX92OD%2FpPI7iWeDbeg0j380yr6%2BZ6BeXuVotPpgC2Pw7dKB9AHZuz4QX6Nrpf87azqZjoouo2q0it5SB0pXGkrO4myf%2BvsOwnV8Ag%3D%3D");
context.Request.Method = "GET";
context.Response.Body = new MemoryStream();
await middleware.Invoke(context);
Assert.Equal(301, context.Response.StatusCode);
}
public async Task ShouldRedirectIfUserNotAuthenticated()
{
var serviceProviderMock = new Mock <IServiceProvider>();
serviceProviderMock
.Setup(_ => _.GetService(typeof(IAuthenticationService)))
.Returns(new MyAuthenticationService());
var responseGenerator = new SignInResponseGenerator(new NullLogger <SignInResponseGenerator>(),
_relyingPartyStore,
_profileManager,
_keyManager,
_options
);
var middleware = new WsFedMiddleware(
next: (innerHttpContext) =>
{
return(Task.CompletedTask);
},
_logger,
_relyingPartyStore,
responseGenerator,
new Core.Messaging.WsTrust.WsTrustSerializer(),
_options
);
var context = new DefaultHttpContext
{
RequestServices = serviceProviderMock.Object
};
context.Request.Path = "/wsfed/";
context.Request.QueryString = new QueryString("?wa=wsignin1.0&wtrealm=urn:test");
context.Request.Method = "GET";
context.Response.Body = new MemoryStream();
await middleware.Invoke(context);
Assert.Equal(301, context.Response.StatusCode);
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="validator">The validator class</param>
/// <param name="signInResponseGenerator">The response generator</param>
/// <param name="httpUtility">The utily class used for url encoding and url decoding</param>
public SiteFinityController(SignInValidator validator, SignInResponseGenerator signInResponseGenerator, HttpUtility httpUtility)
{
_validator = validator;
_signInResponseGenerator = signInResponseGenerator;
_httpUtility = httpUtility;
}
