コード例 #1
0
 public void Saml2RedirectBinding_Unbind_NullcheckRequest()
 {
     Saml2Binding.Get(Saml2BindingType.HttpRedirect)
     .Invoking(b => b.Unbind(null))
     .ShouldThrow <ArgumentNullException>().And.ParamName.Should().Be("request");
 }
コード例 #2
0
 public void Saml2PostBinding_Bind_Nullcheck_payload()
 {
     Saml2Binding.Get(Saml2BindingType.HttpRedirect)
     .Invoking(b => b.Bind(null, new Uri("http://host"), null))
     .ShouldThrow <ArgumentNullException>().And.ParamName.Should().Be("payload");
 }
コード例 #3
0
        public void LogoutCommand_Run_HandlesLogoutRequest_ReceivedThroughRedirectBinding()
        {
            var request = new Saml2LogoutRequest()
            {
                DestinationUrl     = new Uri("http://sp.example.com/path/AuthServices/logout"),
                Issuer             = new EntityId("https://idp.example.com"),
                SigningCertificate = SignedXmlHelper.TestCert,
                NameId             = new Saml2NameIdentifier("NameId"),
                SessionIndex       = "SessionID",
                SigningAlgorithm   = SignedXml.XmlDsigRSASHA256Url
            };

            var bindResult = Saml2Binding.Get(Saml2BindingType.HttpRedirect)
                             .Bind(request);

            var httpRequest = new HttpRequestData("GET", bindResult.Location);

            var options = StubFactory.CreateOptions();

            options.SPOptions.ServiceCertificates.Add(SignedXmlHelper.TestCert);

            CommandResult notifiedCommandResult = null;

            options.Notifications.LogoutCommandResultCreated = cr =>
            {
                notifiedCommandResult = cr;
            };

            // We're using unbind to verify the created message and UnBind
            // expects the issuer to be a known Idp for signature validation.
            // Add a dummy with the right issuer name and key.
            var dummyIdp = new IdentityProvider(options.SPOptions.EntityId, options.SPOptions);

            dummyIdp.SigningKeys.AddConfiguredKey(SignedXmlHelper.TestCert);
            options.IdentityProviders.Add(dummyIdp);

            var actual = CommandFactory.GetCommand(CommandFactory.LogoutCommandName)
                         .Run(httpRequest, options);

            var expected = new CommandResult()
            {
                HttpStatusCode        = HttpStatusCode.SeeOther,
                TerminateLocalSession = true
                                        // Deliberately not comparing Location
            };

            HttpUtility.ParseQueryString(actual.Location.Query)["Signature"]
            .Should().NotBeNull("LogoutResponse should be signed");

            actual.ShouldBeEquivalentTo(expected, opt => opt.Excluding(cr => cr.Location));
            actual.Should().BeSameAs(notifiedCommandResult);

            var actualUnbindResult = Saml2Binding.Get(Saml2BindingType.HttpRedirect)
                                     .Unbind(new HttpRequestData("GET", actual.Location), options);

            var actualMessage = actualUnbindResult.Data;

            var expectedMessage = XmlHelpers.XmlDocumentFromString(
                $@"<samlp:LogoutResponse xmlns:samlp=""urn:oasis:names:tc:SAML:2.0:protocol""
                    xmlns=""urn:oasis:names:tc:SAML:2.0:assertion""
                    Destination=""https://idp.example.com/logout""
                    Version=""2.0"">
                    <Issuer>{options.SPOptions.EntityId.Id}</Issuer>
                    <samlp:Status>
                        <samlp:StatusCode Value=""urn:oasis:names:tc:SAML:2.0:status:Success""/>
                    </samlp:Status>
                </samlp:LogoutResponse>").DocumentElement;

            // Set generated attributes to actual values.
            expectedMessage.SetAttribute("ID", actualMessage.GetAttribute("ID"));
            expectedMessage.SetAttribute("IssueInstant", actualMessage.GetAttribute("IssueInstant"));
            expectedMessage.SetAttribute("InResponseTo", request.Id.Value);

            actualMessage.Should().BeEquivalentTo(expectedMessage);

            actualUnbindResult.RelayState.Should().Be(request.RelayState);
            actualUnbindResult.TrustLevel.Should().Be(TrustLevel.Signature);
        }
コード例 #4
0
 public void Saml2RedirectBinding_Bind_Nullcheck()
 {
     Saml2Binding.Get(Saml2BindingType.HttpRedirect)
     .Invoking(b => b.Bind(null))
     .ShouldThrow <ArgumentNullException>().And.ParamName.Should().Be("message");
 }
コード例 #5
0
 public ActionResult RespondToLogoutRequest(RespondToLogoutRequestModel model)
 {
     return(Saml2Binding.Get(Saml2BindingType.HttpRedirect)
            .Bind(model.ToLogoutResponse())
            .ToActionResult());
 }
コード例 #6
0
 public void Saml2ArtifactBinding_Bind_Nullcheck()
 {
     Saml2Binding.Get(Saml2BindingType.Artifact)
     .Invoking(b => b.Bind(null))
     .ShouldThrow <ArgumentNullException>("message");
 }
コード例 #7
0
 public void Saml2PostBinding_Unbind_ThrowsOnNotBase64Encoded()
 {
     Saml2Binding.Get(Saml2BindingType.HttpPost)
     .Invoking(b => b.Unbind(CreateRequest("foo"), StubFactory.CreateOptions()))
     .Should().Throw <FormatException>();
 }
コード例 #8
0
 public void Saml2PostBinding_Bind_Nullcheck_messageName()
 {
     Saml2Binding.Get(Saml2BindingType.HttpPost)
     .Invoking(b => b.Bind("-", new Uri("http://host"), null))
     .ShouldThrow <ArgumentNullException>().And.ParamName.Should().Be("messageName");
 }
コード例 #9
0
        public void Saml2PostBinding_Bind_SignsXmlAndPreserversXmlDeclaration()
        {
            var message = new Saml2MessageImplementation
            {
                DestinationUrl     = new Uri("http://www.example.com/acs"),
                XmlData            = "<root ID=\"id\">\r\n  <content>data</content>\r\n</root>",
                MessageName        = "SAMLMessageName",
                RelayState         = "ABC1234",
                SigningCertificate = SignedXmlHelper.TestCert,
                SigningAlgorithm   = SecurityAlgorithms.RsaSha256Signature
            };

            var signedXml = "<?xml version=\"1.0\" encoding=\"blaha\"?>\r\n"
                            + SignedXmlHelper.SignXml(message.XmlData, true);
            var expectedValue = Convert.ToBase64String(Encoding.UTF8.GetBytes(signedXml));

            var notificationCalled = false;
            var result             = Saml2Binding.Get(Saml2BindingType.HttpPost).Bind(message, null, (m, xd, bt) =>
            {
                xd.Declaration = new XDeclaration("1.0", "blaha", null);
                m.Should().BeSameAs(message);
                bt.Should().Be(Saml2BindingType.HttpPost);
                notificationCalled = true;
            });

            var expected = new CommandResult()
            {
                ContentType = "text/html",
                Content     = @"<?xml version=""1.0"" encoding=""UTF-8""?>
<!DOCTYPE html PUBLIC ""-//W3C//DTD XHTML 1.1//EN""
""http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"">
<html xmlns=""http://www.w3.org/1999/xhtml"" xml:lang=""en"">
<head>
<meta http-equiv=""Content-Security-Policy"" content=""script-src 'sha256-H3SVZBYrbqBt3ncrT/nNmOb6nwCjC12cPQzh5jnW4Y0='"">
</head>
<body>
<noscript>
<p>
<strong>Note:</strong> Since your browser does not support JavaScript, 
you must press the Continue button once to proceed.
</p>
</noscript>
<form action=""http://www.example.com/acs"" method=""post"" name=""sustainsysSamlPostBindingSubmit"">
<div>
<input type=""hidden"" name=""RelayState"" value=""ABC1234""/>
<input type=""hidden"" name=""SAMLMessageName""
value=""" + expectedValue + @"""/>
</div>
<noscript>
<div>
<input type=""submit"" value=""Continue""/>
</div>
</noscript>
</form>
<script type=""text/javascript"">
document.forms.sustainsysSamlPostBindingSubmit.submit();
</script>
</body>
</html>"
            };

            result.Should().BeEquivalentTo(expected);
            notificationCalled.Should().BeTrue();
        }
コード例 #10
0
 public void Saml2PostBinding_CanUnbind_Nullcheck_Request()
 {
     Saml2Binding.Get(Saml2BindingType.HttpPost)
     .Invoking(b => b.CanUnbind(null))
     .Should().Throw <ArgumentNullException>().And.ParamName.Should().Be("request");
 }
コード例 #11
0
ファイル: IdentityProvider.cs プロジェクト: ThiemeNL/Saml2
 /// <summary>
 /// Bind a Saml2AuthenticateRequest using the active binding of the idp,
 /// producing a CommandResult with the result of the binding.
 /// </summary>
 /// <param name="request">The AuthnRequest to bind.</param>
 /// <returns>CommandResult with the bound request.</returns>
 public CommandResult Bind(ISaml2Message request)
 {
     return(Saml2Binding.Get(Binding).Bind(request));
 }
コード例 #12
0
        public void Saml2Binding_Get_NullOnPlainGet()
        {
            var r = new HttpRequestData("GET", new Uri("http://example.com"));

            Saml2Binding.Get(r).Should().BeNull();
        }
コード例 #13
0
        public void Saml2Binding_Get_NullOnPostWithSamlartQuery()
        {
            var r = new HttpRequestData("POST", new Uri("http://example.com?Samlart=foo"));

            Saml2Binding.Get(r).Should().BeNull();
        }
コード例 #14
0
 public void Saml2PostBinding_Bind_Nullcheck_destinationUri()
 {
     Saml2Binding.Get(Saml2BindingType.HttpRedirect)
     .Invoking(b => b.Bind("-", null, null))
     .ShouldThrow <ArgumentNullException>().And.ParamName.Should().Be("destinationUri");
 }
コード例 #15
0
 public ActionResult InitiateLogout(InitiateLogoutModel model)
 {
     return(Saml2Binding.Get(Saml2BindingType.HttpRedirect)
            .Bind(model.ToLogoutRequest())
            .ToActionResult());
 }
コード例 #16
0
 public void Saml2PostBinding_Unind_Nullcheck()
 {
     Saml2Binding.Get(Saml2BindingType.HttpRedirect)
     .Unbind(null).Should().BeNull();
 }
コード例 #17
0
ファイル: IdentityProvider.cs プロジェクト: yangboyd/Saml2
 /// <summary>
 /// Bind a Saml2 message using the active binding of hte idp,
 /// producing a CommandResult with the result of the binding.
 /// </summary>
 /// <typeparam name="TMessage">Type of the message.</typeparam>
 /// <param name="message">The Saml2 message to bind.</param>
 /// <param name="xmlCreatedNotification">Notification to call with Xml structure</param>
 /// <returns>CommandResult with the bound message.</returns>
 public CommandResult Bind <TMessage>(
     TMessage message, Action <TMessage, XDocument, Saml2BindingType> xmlCreatedNotification)
     where TMessage : ISaml2Message
 {
     return(Saml2Binding.Get(Binding).Bind(message, spOptions.Logger, xmlCreatedNotification));
 }