public async Task GetCallbackArguments() { PositiveAssertionResponse assertion = this.GetPositiveAssertion(); var rp = CreateRelyingParty(); UriBuilder returnToBuilder = new UriBuilder(assertion.ReturnTo); returnToBuilder.AppendQueryArgs(new Dictionary <string, string> { { "a", "b" } }); assertion.ReturnTo = returnToBuilder.Uri; var authResponse = await PositiveAuthenticationResponse.CreateAsync(assertion, rp, CancellationToken.None); // First pretend that the return_to args were signed. assertion.ReturnToParametersSignatureValidated = true; Assert.AreEqual(1, authResponse.GetCallbackArguments().Count); Assert.IsTrue(authResponse.GetCallbackArguments().ContainsKey("a")); Assert.AreEqual("b", authResponse.GetCallbackArgument("a")); // Now simulate them NOT being signed. assertion.ReturnToParametersSignatureValidated = false; Assert.AreEqual(0, authResponse.GetCallbackArguments().Count); Assert.IsFalse(authResponse.GetCallbackArguments().ContainsKey("a")); Assert.IsNull(authResponse.GetCallbackArgument("a")); }
public async Task InsecureIdentifiersRejectedWithRequireSsl() { PositiveAssertionResponse assertion = this.GetPositiveAssertion(); var rp = CreateRelyingParty(); rp.SecuritySettings.RequireSsl = true; var authResponse = await PositiveAuthenticationResponse.CreateAsync(assertion, rp, CancellationToken.None); }
public void InsecureIdentifiersRejectedWithRequireSsl() { PositiveAssertionResponse assertion = this.GetPositiveAssertion(); var rp = CreateRelyingParty(); rp.SecuritySettings.RequireSsl = true; var authResponse = new PositiveAuthenticationResponse(assertion, rp); }
public async Task DualIdentifierNoMatchInAssertionVerificationByDefault() { PositiveAssertionResponse assertion = this.GetPositiveAssertion(true); ClaimsResponse extension = new ClaimsResponse(); assertion.Extensions.Add(extension); var rp = CreateRelyingParty(); await PositiveAuthenticationResponse.CreateAsync(assertion, rp, CancellationToken.None); // this will throw if it fails to find a match }
public async Task SpoofedClaimedIdDetectionSolicited() { PositiveAssertionResponse assertion = this.GetPositiveAssertion(); assertion.ProviderEndpoint = new Uri("http://rogueOP"); var rp = CreateRelyingParty(); var authResponse = await PositiveAuthenticationResponse.CreateAsync(assertion, rp, CancellationToken.None); Assert.AreEqual(AuthenticationStatus.Failed, authResponse.Status); }
public void SpoofedClaimedIdDetectionSolicited() { PositiveAssertionResponse assertion = this.GetPositiveAssertion(); assertion.ProviderEndpoint = new Uri("http://rogueOP"); var rp = CreateRelyingParty(); var authResponse = new PositiveAuthenticationResponse(assertion, rp); Assert.AreEqual(AuthenticationStatus.Failed, authResponse.Status); }
public async Task DualIdentifierMatchesInAssertionVerification() { PositiveAssertionResponse assertion = this.GetPositiveAssertion(true); ClaimsResponse extension = new ClaimsResponse(); assertion.Extensions.Add(extension); var rp = CreateRelyingParty(); rp.SecuritySettings.AllowDualPurposeIdentifiers = true; await PositiveAuthenticationResponse.CreateAsync(assertion, rp, CancellationToken.None); // this will throw if it fails to find a match }
public async Task Valid() { PositiveAssertionResponse assertion = this.GetPositiveAssertion(); ClaimsResponse extension = new ClaimsResponse(); assertion.Extensions.Add(extension); var rp = CreateRelyingParty(); var authResponse = await PositiveAuthenticationResponse.CreateAsync(assertion, rp, CancellationToken.None); Assert.AreEqual(AuthenticationStatus.Authenticated, authResponse.Status); Assert.IsNull(authResponse.Exception); Assert.AreEqual((string)assertion.ClaimedIdentifier, (string)authResponse.ClaimedIdentifier); Assert.AreEqual(authResponse.Endpoint.FriendlyIdentifierForDisplay, authResponse.FriendlyIdentifierForDisplay); Assert.AreSame(extension, authResponse.GetUntrustedExtension(typeof(ClaimsResponse))); Assert.AreSame(extension, authResponse.GetUntrustedExtension <ClaimsResponse>()); Assert.IsNull(authResponse.GetCallbackArgument("a")); Assert.AreEqual(0, authResponse.GetCallbackArguments().Count); }
public void ProblematicClaimedId() { var providerEndpoint = new ProviderEndpointDescription(OpenIdTestBase.OPUri, Protocol.Default.Version); string claimed_id = BaseMockUri + "a./b."; var se = IdentifierDiscoveryResult.CreateForClaimedIdentifier(claimed_id, claimed_id, providerEndpoint, null, null); UriIdentifier identityUri = (UriIdentifier)se.ClaimedIdentifier; var mockId = new MockIdentifier(identityUri, this.MockResponder, new IdentifierDiscoveryResult[] { se }); var positiveAssertion = this.GetPositiveAssertion(); positiveAssertion.ClaimedIdentifier = mockId; positiveAssertion.LocalIdentifier = mockId; var rp = CreateRelyingParty(); var authResponse = new PositiveAuthenticationResponse(positiveAssertion, rp); Assert.AreEqual(AuthenticationStatus.Authenticated, authResponse.Status); Assert.AreEqual(claimed_id, authResponse.ClaimedIdentifier.ToString()); }
public async Task ProblematicClaimedId() { var providerEndpoint = new ProviderEndpointDescription(OpenIdTestBase.OPUri, Protocol.Default.Version); string claimed_id = BaseMockUri + "a./b."; var se = IdentifierDiscoveryResult.CreateForClaimedIdentifier(claimed_id, claimed_id, providerEndpoint, null, null); var identityUri = (UriIdentifier)se.ClaimedIdentifier; this.RegisterMockXrdsResponse(se); var rp = this.CreateRelyingParty(); var positiveAssertion = this.GetPositiveAssertion(); positiveAssertion.ClaimedIdentifier = claimed_id; positiveAssertion.LocalIdentifier = claimed_id; var authResponse = await PositiveAuthenticationResponse.CreateAsync(positiveAssertion, rp, CancellationToken.None); Assert.AreEqual(AuthenticationStatus.Authenticated, authResponse.Status); Assert.AreEqual(claimed_id, authResponse.ClaimedIdentifier.ToString()); }
public void Valid() { PositiveAssertionResponse assertion = this.GetPositiveAssertion(); ClaimsResponse extension = new ClaimsResponse(); assertion.Extensions.Add(extension); var rp = CreateRelyingParty(); var authResponse = new PositiveAuthenticationResponse(assertion, rp); var authResponseAccessor = PositiveAuthenticationResponse_Accessor.AttachShadow(authResponse); Assert.AreEqual(AuthenticationStatus.Authenticated, authResponse.Status); Assert.IsNull(authResponse.Exception); Assert.AreEqual((string)assertion.ClaimedIdentifier, (string)authResponse.ClaimedIdentifier); Assert.AreEqual(authResponse.Endpoint.FriendlyIdentifierForDisplay, authResponse.FriendlyIdentifierForDisplay); Assert.AreSame(extension, authResponse.GetUntrustedExtension(typeof(ClaimsResponse))); Assert.AreSame(extension, authResponse.GetUntrustedExtension <ClaimsResponse>()); Assert.IsNull(authResponse.GetCallbackArgument("a")); Assert.AreEqual(0, authResponse.GetCallbackArguments().Count); }