public void MetadatabaseExtensions_ToXmlString_IncludesKeyInfo() { var metadata = new EntityDescriptor { EntityId = new EntityId("http://idp.example.com/metadata"), CacheDuration = new XsdDuration(hours: 1) }; var idpSsoDescriptor = new IdpSsoDescriptor(); idpSsoDescriptor.ProtocolsSupported.Add(new Uri("urn:oasis:names:tc:SAML:2.0:protocol")); metadata.RoleDescriptors.Add(idpSsoDescriptor); idpSsoDescriptor.SingleSignOnServices.Add(new SingleSignOnService { Binding = Saml2Binding.HttpRedirectUri, Location = new Uri("http://idp.example.com/sso") }); idpSsoDescriptor.Keys.Add(SignedXmlHelper.TestKeyDescriptor); var subject = XDocument.Parse((metadata.ToXmlString(null, ""))); var ds = XNamespace.Get(SignedXml.XmlDsigNamespaceUrl); subject.Element(Saml2Namespaces.Saml2Metadata + "EntityDescriptor") .Element(Saml2Namespaces.Saml2Metadata + "IDPSSODescriptor") .Element(Saml2Namespaces.Saml2Metadata + "KeyDescriptor") .Element(ds + "KeyInfo") .Element(ds + "X509Data") .Element(ds + "X509Certificate") .Value.Should().StartWith("MIIDIzCCAg+gAwIBAgIQg7mOjTf994NAVxZu4jqXpzAJBgUrDgM"); }
public void IdentityProvider_ConstructedFromEntityDescriptor_DoesntReloadMetadataWhenDisabled() { var ed = new EntityDescriptor { ValidUntil = DateTime.UtcNow.AddYears(-1), EntityId = new EntityId("someEntityId") }; var idpSsoDescriptor = new IdpSsoDescriptor(); idpSsoDescriptor.ProtocolsSupported.Add(new Uri("urn:oasis:names:tc:SAML:2.0:protocol")); ed.RoleDescriptors.Add(idpSsoDescriptor); idpSsoDescriptor.SingleSignOnServices.Add(new SingleSignOnService() { Binding = Saml2Binding.HttpRedirectUri, Location = new Uri("http://idp.example.com/sso") }); idpSsoDescriptor.Keys.Add(SignedXmlHelper.TestKeyDescriptor); var subject = new IdentityProvider(ed.EntityId, StubFactory.CreateSPOptions()); Action a = () => { var b = subject.Binding; }; subject.LoadMetadata.Should().BeFalse(); // Will throw invalid Uri if it tries to use EntityId as metadata url. a.Should().NotThrow(); }
private static SSODescriptorSuggestions GetIdpSuggestions(IdpSsoDescriptor idp) { var idpSuggestions = new SSODescriptorSuggestions(); idpSuggestions.SupportsSingleLogout = idp.SingleLogoutService.Any(); idpSuggestions.PossiblySupportedNameIdFormats = idp.NameIdFormat; idpSuggestions.SigningDetails = GetKeyDescriptorAsWell(idp, GetSigningInfo(idp.Signature)); return(idpSuggestions); }
public static EntityDescriptor CreateIdpMetadata(bool includeCacheDuration = true) { var metadata = new EntityDescriptor() { EntityId = new Metadata.EntityId(UrlResolver.MetadataUrl.ToString()) }; if (includeCacheDuration) { metadata.CacheDuration = new XsdDuration(minutes: 15); metadata.ValidUntil = DateTime.UtcNow.AddDays(1); } var idpSsoDescriptor = new IdpSsoDescriptor(); idpSsoDescriptor.ProtocolsSupported.Add(new Uri("urn:oasis:names:tc:SAML:2.0:protocol")); metadata.RoleDescriptors.Add(idpSsoDescriptor); idpSsoDescriptor.SingleSignOnServices.Add(new SingleSignOnService() { Binding = Saml2Binding.HttpRedirectUri, Location = UrlResolver.SsoServiceUrl }); idpSsoDescriptor.SingleSignOnServices.Add(new SingleSignOnService() { Binding = Saml2Binding.HttpPostUri, Location = UrlResolver.SsoServiceUrl }); idpSsoDescriptor.ArtifactResolutionServices.Add(0, new ArtifactResolutionService() { Index = 0, IsDefault = true, Binding = Saml2Binding.SoapUri, Location = UrlResolver.ArtifactServiceUrl }); idpSsoDescriptor.SingleLogoutServices.Add(new SingleLogoutService() { Binding = Saml2Binding.HttpRedirectUri, Location = UrlResolver.LogoutServiceUrl }); idpSsoDescriptor.SingleLogoutServices.Add(new SingleLogoutService() { Binding = Saml2Binding.HttpPostUri, Location = UrlResolver.LogoutServiceUrl }); idpSsoDescriptor.Keys.Add(CertificateHelper.SigningKey); return(metadata); }
public void ExtendedMetadataSerializer_Write_EntitiesDescriptorCacheDuration() { var metadata = new EntitiesDescriptor { Name = "Federation Name", CacheDuration = new XsdDuration(minutes: 42) }; var entity = new EntityDescriptor { EntityId = new EntityId("http://some.entity.example.com") }; var idpSsoDescriptor = new IdpSsoDescriptor(); idpSsoDescriptor.ProtocolsSupported.Add(new Uri("urn:oasis:names:tc:SAML:2.0:protocol")); idpSsoDescriptor.SingleSignOnServices.Add(new SingleSignOnService { Binding = Saml2Binding.HttpRedirectUri, Location = new Uri("http://some.entity.example.com/sso") }); entity.RoleDescriptors.Add(idpSsoDescriptor); metadata.ChildEntities.Add(entity); var stream = new MemoryStream(); ExtendedMetadataSerializer.ReaderInstance.WriteMetadata(stream, metadata); stream.Seek(0, SeekOrigin.Begin); var result = XDocument.Load(stream).Root; result.Name.Should().Be(Saml2Namespaces.Saml2Metadata + "EntitiesDescriptor"); result.Attribute("cacheDuration").Value.Should().Be("PT42M"); result.Element(Saml2Namespaces.Saml2Metadata + "EntityDescriptor").Attribute("cacheDuration") .Should().BeNull(); }
public void IdentityProvider_ConstructedFromEntityDescriptor_DoesntScheduleMedataRefresh() { MetadataRefreshScheduler.minInterval = new TimeSpan(0, 0, 0, 0, 1); var ed = new EntityDescriptor { ValidUntil = DateTime.UtcNow.AddYears(-1), EntityId = new EntityId("http://localhost:13428/idpMetadata") }; var idpSsoDescriptor = new IdpSsoDescriptor(); idpSsoDescriptor.ProtocolsSupported.Add(new Uri("urn:oasis:names:tc:SAML:2.0:protocol")); ed.RoleDescriptors.Add(idpSsoDescriptor); var pe = new SingleSignOnService() { Binding = Saml2Binding.HttpRedirectUri, Location = new Uri("http://idp.example.com/sso") }; idpSsoDescriptor.SingleSignOnServices.Add(pe); idpSsoDescriptor.Keys.Add(SignedXmlHelper.TestKeyDescriptor); var subject = new IdentityProvider(ed.EntityId, StubFactory.CreateSPOptions()); subject.ReadMetadata(ed); // Ugly, but have to wait and see that nothing happened. Have tried // some different timeouts but need 100 to ensure fail before bug // is fixed :-( Thread.Sleep(100); // Would be changed if metadata was reloaded. subject.SingleSignOnServiceUrl.Should().Be(pe.Location); }