public void Saml2AuthenticationRequest_Read()
{
var xmlData = @"<?xml version=""1.0"" encoding=""UTF-8""?>
<samlp:AuthnRequest
xmlns:samlp=""urn:oasis:names:tc:SAML:2.0:protocol""
xmlns:saml=""urn:oasis:names:tc:SAML:2.0:assertion""
ID=""Saml2AuthenticationRequest_AssertionConsumerServiceUrl""
Version=""2.0""
Destination=""http://destination.example.com""
AssertionConsumerServiceURL=""https://sp.example.com/SAML2/Acs""
IssueInstant=""2004-12-05T09:21:59Z""
ForceAuthn=""true"">
<saml:Issuer>https://sp.example.com/SAML2</saml:Issuer>
/>
</samlp:AuthnRequest>
";
var relayState = "My relay state";
var forceAuthn = true;
var subject = Saml2AuthenticationRequest.Read(xmlData, relayState);
subject.Id.Should().Be(new Saml2Id("Saml2AuthenticationRequest_AssertionConsumerServiceUrl"));
subject.AssertionConsumerServiceUrl.Should().Be(new Uri("https://sp.example.com/SAML2/Acs"));
subject.RelayState.Should().Be(relayState);
subject.ForceAuthentication.Should().Be(forceAuthn);
}
public void Saml2AuthenticationRequest_Read_ShouldReturnNullOnNullXml()
{
string xmlData = null;
var subject = Saml2AuthenticationRequest.Read(xmlData, null);
subject.Should().BeNull();
}
public ActionResult Index()
{
var model = AssertionModel.CreateFromConfiguration();
var request = Saml2AuthenticationRequest.Read(Saml2Binding.Get(Saml2BindingType.HttpRedirect).Unbind(Request));
if (request != null)
{
model.InResponseTo = request.Id;
model.AssertionConsumerServiceUrl = request.AssertionConsumerServiceUrl.ToString();
}
return(View(model));
}
public ActionResult Index(Guid?idpId)
{
var model = new HomePageModel
{
AssertionModel = AssertionModel.CreateFromConfiguration(),
};
if (idpId.HasValue)
{
var fileData = GetCachedConfiguration(idpId.Value);
if (fileData != null)
{
if (!string.IsNullOrEmpty(fileData.DefaultAssertionConsumerServiceUrl))
{
// Override default StubIdp Acs with Acs from IdpConfiguration
model.AssertionModel.AssertionConsumerServiceUrl = fileData.DefaultAssertionConsumerServiceUrl;
}
model.CustomDescription = fileData.IdpDescription;
model.AssertionModel.NameId = null;
model.HideDetails = fileData.HideDetails;
}
}
var requestData = Request.ToHttpRequestData();
if (requestData.QueryString["SAMLRequest"].Any())
{
var extractedMessage = Saml2Binding.Get(Saml2BindingType.HttpRedirect)
.Unbind(requestData);
var request = Saml2AuthenticationRequest.Read(
extractedMessage.Data,
extractedMessage.RelayState);
model.AssertionModel.InResponseTo = request.Id.Value;
model.AssertionModel.AssertionConsumerServiceUrl = request.AssertionConsumerServiceUrl.ToString();
model.AssertionModel.RelayState = extractedMessage.RelayState;
model.AssertionModel.AuthnRequestXml = extractedMessage.Data;
}
return(View(model));
}
public void Saml2AuthenticationRequest_Read_NoFormat()
{
var xmlData = @"<?xml version=""1.0"" encoding=""UTF-8""?>
<saml2p:AuthnRequest xmlns:saml2p=""urn:oasis:names:tc:SAML:2.0:protocol""
xmlns:saml2 =""urn:oasis:names:tc:SAML:2.0:assertion""
ID=""ide3c2f1c88255463ab4eb1b158fa6f616""
Version=""2.0""
IssueInstant=""2016-01-25T13:01:09Z""
Destination=""http://destination.example.com""
AssertionConsumerServiceURL=""https://sp.example.com/SAML2/Acs""
>
<saml2:Issuer>https://sp.example.com/SAML2</saml2:Issuer>
<saml2p:NameIDPolicy AllowCreate = ""false""/>
</saml2p:AuthnRequest>";
var subject = Saml2AuthenticationRequest.Read(xmlData, null);
subject.NameIdPolicy.AllowCreate.Should().Be(false);
subject.NameIdPolicy.Format.Should().Be(NameIdFormat.NotConfigured);
}
public void Saml2AuthenticationRequest_Read_NoACS()
{
var xmlData = @"<?xml version=""1.0"" encoding=""UTF-8""?>
<samlp:AuthnRequest
xmlns:samlp=""urn:oasis:names:tc:SAML:2.0:protocol""
xmlns:saml=""urn:oasis:names:tc:SAML:2.0:assertion""
ID=""Saml2AuthenticationRequest_Read_NoACS""
Version=""2.0""
Destination=""http://destination.example.com""
IssueInstant=""2004-12-05T09:21:59Z"">
<saml:Issuer>https://sp.example.com/SAML2</saml:Issuer>
/>
</samlp:AuthnRequest>
";
var subject = Saml2AuthenticationRequest.Read(xmlData, null);
subject.Id.Should().Be(new Saml2Id("Saml2AuthenticationRequest_Read_NoACS"));
subject.AssertionConsumerServiceUrl.Should().Be(null);
}
public ActionResult Index()
{
var model = AssertionModel.CreateFromConfiguration();
var requestData = Request.ToHttpRequestData();
if (requestData.QueryString["SAMLRequest"].Any())
{
var decodedXmlData = Saml2Binding.Get(Saml2BindingType.HttpRedirect)
.Unbind(requestData);
var request = Saml2AuthenticationRequest.Read(decodedXmlData);
model.InResponseTo = request.Id;
model.AssertionConsumerServiceUrl = request.AssertionConsumerServiceUrl.ToString();
model.AuthnRequestXml = decodedXmlData;
}
return(View(model));
}
public void Saml2AuthenticationRequest_Read_ShouldThrowOnInvalidMessageName()
{
var xmlData = @"<?xml version=""1.0"" encoding=""UTF-8""?>
<samlp:NotAuthnRequest
xmlns:samlp=""urn:oasis:names:tc:SAML:2.0:protocol""
xmlns:saml=""urn:oasis:names:tc:SAML:2.0:assertion""
ID=""Saml2AuthenticationRequest_Read_ShouldThrowOnInvalidMessageName""
Version=""2.0""
Destination=""http://destination.example.com""
AssertionConsumerServiceURL=""https://sp.example.com/SAML2/Acs""
IssueInstant=""2004-12-05T09:21:59Z""
InResponseTo=""111222333"">
<saml:Issuer>https://sp.example.com/SAML2</saml:Issuer>
/>
</samlp:NotAuthnRequest>
";
Action a = () => Saml2AuthenticationRequest.Read(xmlData, null);
a.ShouldThrow <XmlException>().WithMessage("Expected a SAML2 authentication request document");
}
public ActionResult Index(Guid?idpId)
{
var requestData = Request.ToHttpRequestData();
if (requestData.QueryString["SAMLRequest"].Any())
{
var decodedXmlData = Saml2Binding.Get(Saml2BindingType.HttpRedirect)
.Unbind(requestData);
var request = Saml2AuthenticationRequest.Read(decodedXmlData);
var model = new AssertionModel();
model.InResponseTo = request.Id;
model.AssertionConsumerServiceUrl = request.AssertionConsumerServiceUrl.ToString();
model.AuthnRequestXml = decodedXmlData;
model.NameId = ((ClaimsIdentity)User.Identity).Name;
var manager = SessionManager.Instance;
var response = model.ToSaml2Response();
manager.AddSession(model.NameId, new Session()
{
Id = Guid.Parse(request.Id.Substring(2)),
Ip = Request.UserHostAddress,
UserAgent = Request.UserAgent,
LogoutUrl = request.Issuer.Id,
Issuer = response.Issuer.Id
});
var commandResult = Saml2Binding.Get(Saml2BindingType.HttpPost)
.Bind(response);
return(commandResult.ToActionResult());
}
throw new InvalidOperationException();
}
public void Saml2AuthenticationRequest_Read_Extensions()
{
var xmlData = @"<?xml version=""1.0"" encoding=""UTF-8""?>
<samlp:AuthnRequest
xmlns:samlp=""urn:oasis:names:tc:SAML:2.0:protocol""
xmlns:saml=""urn:oasis:names:tc:SAML:2.0:assertion""
ID=""Saml2AuthenticationRequest_AssertionConsumerServiceUrl""
Version=""2.0""
Destination=""http://destination.example.com""
AssertionConsumerServiceURL=""https://sp.example.com/SAML2/Acs""
IssueInstant=""2004-12-05T09:21:59Z""
ForceAuthn=""true"">
<saml:Issuer>https://sp.example.com/SAML2</saml:Issuer>
<samlp:Extensions>
<additional xmlns=""testurn:test"" />
</samlp:Extensions>
</samlp:AuthnRequest>
";
var subject = Saml2AuthenticationRequest.Read(xmlData, null);
subject.ExtensionContents.Should().HaveCount(1);
subject.ExtensionContents[0].ToString().Should().BeEquivalentTo(@"<additional xmlns=""testurn:test"" />");
}
