public void ThrowsExceptionWhenAuthnContextAuthenticatingAuthorityUriInvalid() { // Arrange var statement = new AuthnStatement { AuthnInstant = DateTime.UtcNow, SessionNotOnOrAfter = DateTime.UtcNow.AddHours(1) }; statement.AuthnContext = new AuthnContext { AuthenticatingAuthority = new[] { "urn:aksdlfj", "urn/invalid" }, Items = new object[] { "urn:a:valid.uri:string", "http://another/valid/uri.string" }, ItemsElementName = new[] { AuthnContextType.AuthnContextClassRef, AuthnContextType.AuthnContextDeclRef } }; var validator = new Saml20StatementValidator(); // Act validator.ValidateStatement(statement); }
/// <summary> /// Validate <c>AuthnStatement</c>. /// </summary> /// <remarks> /// [SAML2.0 standard] section 2.7.2 /// </remarks> /// <param name="statement">The statement.</param> private void ValidateAuthnStatement(AuthnStatement statement) { if (statement.AuthnInstant == null) { throw new Saml20FormatException("AuthnStatement MUST have an AuthnInstant attribute"); } if (!Saml20Utils.ValidateOptionalString(statement.SessionIndex)) { throw new Saml20FormatException("SessionIndex attribute of AuthnStatement must contain at least one non-whitespace character"); } if (statement.SubjectLocality != null) { if (!Saml20Utils.ValidateOptionalString(statement.SubjectLocality.Address)) { throw new Saml20FormatException("Address attribute of SubjectLocality must contain at least one non-whitespace character"); } if (!Saml20Utils.ValidateOptionalString(statement.SubjectLocality.DNSName)) { throw new Saml20FormatException("DNSName attribute of SubjectLocality must contain at least one non-whitespace character"); } } ValidateAuthnContext(statement.AuthnContext); }
public void ThrowsExceptionWhenAuthnContextNull() { // Arrange var statement = new AuthnStatement { AuthnInstant = DateTime.UtcNow, SessionNotOnOrAfter = DateTime.UtcNow.AddHours(1) }; var validator = new Saml20StatementValidator(); // Act validator.ValidateStatement(statement); }
public void ThrowsExceptionWhenAuthnInstantNull() { // Arrange var statement = new AuthnStatement(); var validator = new Saml20StatementValidator(); statement.AuthnInstant = null; // Act validator.ValidateStatement(statement); }
public void ThrowsExceptionWhenAuthnContextItemsEmpty() { // Arrange var statement = new AuthnStatement { AuthnInstant = DateTime.UtcNow, SessionNotOnOrAfter = DateTime.UtcNow.AddHours(1) }; statement.AuthnContext = new AuthnContext { Items = new List<object>().ToArray(), ItemsElementName = new List<AuthnContextType>().ToArray() }; var validator = new Saml20StatementValidator(); // Act validator.ValidateStatement(statement); }
public void ThrowsExceptionWhenAuthnContextHasMoreThanTwoItems() { // Arrange var statement = new AuthnStatement { AuthnInstant = DateTime.UtcNow, SessionNotOnOrAfter = DateTime.UtcNow.AddHours(1) }; statement.AuthnContext = new AuthnContext { Items = new object[] { "urn:a.valid.uri:string", "urn:a.valid.uri:string", "urn:a.valid.uri:string" }, ItemsElementName = new[] { AuthnContextType.AuthnContextDeclRef, AuthnContextType.AuthnContextDeclRef, AuthnContextType.AuthnContextDeclRef } }; var validator = new Saml20StatementValidator(); // Act validator.ValidateStatement(statement); }
public void ThrowsExceptionWhenAuthnContextAuthnContextDeclInvalid() { // Arrange var statement = new AuthnStatement { AuthnInstant = DateTime.UtcNow, SessionNotOnOrAfter = DateTime.UtcNow.AddHours(1) }; statement.AuthnContext = new AuthnContext { Items = new object[] { new AuthnStatement() }, ItemsElementName = new[] { AuthnContextType.AuthnContextDecl } }; var validator = new Saml20StatementValidator(); // Act validator.ValidateStatement(statement); }
/// <summary> /// Assembles our basic test assertion /// </summary> /// <returns>The <see cref="Assertion"/>.</returns> public static Assertion GetBasicAssertion() { var assertion = new Assertion { Issuer = new NameId(), Id = "_b8977dc86cda41493fba68b32ae9291d", IssueInstant = DateTime.UtcNow, Version = "2.0" }; assertion.Issuer.Value = GetBasicIssuer(); assertion.Subject = new Subject(); var subjectConfirmation = new SubjectConfirmation { Method = SubjectConfirmation.BearerMethod, SubjectConfirmationData = new SubjectConfirmationData { NotOnOrAfter = new DateTime(2008, 12, 31, 12, 0, 0, 0), Recipient = "http://borger.dk" } }; assertion.Subject.Items = new object[] { subjectConfirmation }; assertion.Conditions = new Conditions { NotOnOrAfter = new DateTime(2008, 12, 31, 12, 0, 0, 0) }; var audienceRestriction = new AudienceRestriction { Audience = GetAudiences().Select(u => u.ToString()).ToList() }; assertion.Conditions.Items = new List<ConditionAbstract>(new ConditionAbstract[] { audienceRestriction }); AuthnStatement authnStatement; { authnStatement = new AuthnStatement(); assertion.Items = new StatementAbstract[] { authnStatement }; authnStatement.AuthnInstant = new DateTime(2008, 1, 8); authnStatement.SessionIndex = "70225885"; authnStatement.AuthnContext = new AuthnContext { Items = new object[] { "urn:oasis:names:tc:SAML:2.0:ac:classes:X509", "http://www.safewhere.net/authncontext/declref" }, ItemsElementName = new[] { AuthnContextType.AuthnContextClassRef, AuthnContextType.AuthnContextDeclRef } }; } AttributeStatement attributeStatement; { attributeStatement = new AttributeStatement(); var surName = new SamlAttribute { FriendlyName = "SurName", Name = "urn:oid:2.5.4.4", NameFormat = SamlAttribute.NameformatUri, AttributeValue = new[] { "Fry" } }; var commonName = new SamlAttribute { FriendlyName = "CommonName", Name = "urn:oid:2.5.4.3", NameFormat = SamlAttribute.NameformatUri, AttributeValue = new[] { "Philip J. Fry" } }; var userName = new SamlAttribute { Name = "urn:oid:0.9.2342.19200300.100.1.1", NameFormat = SamlAttribute.NameformatUri, AttributeValue = new[] { "fry" } }; var email = new SamlAttribute { FriendlyName = "Email", Name = "urn:oid:0.9.2342.19200300.100.1.3", NameFormat = SamlAttribute.NameformatUri, AttributeValue = new[] { "*****@*****.**" } }; attributeStatement.Items = new object[] { surName, commonName, userName, email }; } assertion.Items = new StatementAbstract[] { authnStatement, attributeStatement }; return assertion; }
public void ThrowsExceptionWhenAuthnStatementSessionNotOnOrAfterInPast() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var statements = new List<StatementAbstract>(assertion.Items); var authnStatement = new AuthnStatement { AuthnInstant = DateTime.UtcNow, SessionNotOnOrAfter = DateTime.UtcNow.AddHours(-1) }; statements.Add(authnStatement); assertion.Items = statements.ToArray(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); // Act validator.ValidateTimeRestrictions(assertion, new TimeSpan()); }