public async Task KentorAuthServicesAuthenicationMiddleware_StoresAuthenticationProperties()
{
var returnUrl = "http://sp.example.com/returnurl";
var prop = new AuthenticationProperties()
{
RedirectUri = returnUrl
};
prop.Dictionary["test"] = "SomeValue";
var middleware = new KentorAuthServicesAuthenticationMiddleware(
new StubOwinMiddleware(401, new AuthenticationResponseChallenge(
new string[] { "KentorAuthServices" }, prop)),
CreateAppBuilder(), new KentorAuthServicesAuthenticationOptions(true));
var context = OwinTestHelpers.CreateOwinContext();
await middleware.Invoke(context);
var requestId = AuthnRequestHelper.GetRequestId(new Uri(context.Response.Headers["Location"]));
StoredRequestState storedAuthnData;
PendingAuthnRequests.TryRemove(new Saml2Id(requestId), out storedAuthnData);
((AuthenticationProperties)storedAuthnData.RelayData).Dictionary["test"].Should().Be("SomeValue");
}
public async Task KentorAuthServicesAuthenticationMiddleware_SignInUrlRedirectsToIdp()
{
var context = OwinTestHelpers.CreateOwinContext();
context.Request.Host = new HostString("localhost");
var signinPath = "/AuthServices/SignIn";
context.Request.Path = new PathString(signinPath);
context.Request.QueryString = new QueryString("ReturnUrl=%2FHome&idp=https%3A%2F%2Fidp2.example.com");
var middleware = new KentorAuthServicesAuthenticationMiddleware(null, CreateAppBuilder(),
new KentorAuthServicesAuthenticationOptions(true));
await middleware.Invoke(context);
context.Response.StatusCode.Should().Be(303);
context.Response.Headers["Location"].Should().StartWith("https://idp2.example.com/idp?SAMLRequest");
var requestId = AuthnRequestHelper.GetRequestId(new Uri(context.Response.Headers["Location"]));
StoredRequestState storedAuthnData;
PendingAuthnRequests.TryRemove(new Saml2Id(requestId), out storedAuthnData);
storedAuthnData.ReturnUrl.Should().Be("http://localhost/Home");
}
public void BuildAuthnRequest_test_requested_authn_context_default_overwritten_multiple_contexts()
{
//ARRANGE
var requestUri = new Uri("http://localhost:59611/");
var federationPartyContextBuilder = new FederationPartyContextBuilderMock();
var federationContex = federationPartyContextBuilder.BuildContext("local", NameIdentifierFormats.Transient);
var requestedAuthnContextConfiguration = new Kernel.Federation.FederationPartner.RequestedAuthnContextConfiguration(AuthnContextComparisonType.Minimum.ToString());
requestedAuthnContextConfiguration.RequestedAuthnContexts.Add((new Kernel.Federation.Protocols.AuthnContext(AuthnContextType.AuthnContextClassRef.ToString(), new Uri(AuthnticationContexts.Password))));
requestedAuthnContextConfiguration.RequestedAuthnContexts.Add((new Kernel.Federation.Protocols.AuthnContext(AuthnContextType.AuthnContextClassRef.ToString(), new Uri(AuthnticationContexts.PasswordProtectedTransport))));
var federationPartyAuthnRequestConfiguration = new FederationPartyAuthnRequestConfiguration(requestedAuthnContextConfiguration, new DefaultNameId(new Uri(NameIdentifierFormats.Transient)));
federationContex.FederationPartyAuthnRequestConfiguration = federationPartyAuthnRequestConfiguration;
var supportedNameIdentifierFormats = new List <Uri> {
new Uri(NameIdentifierFormats.Transient)
};
var authnRequestContext = new AuthnRequestContext(requestUri, federationContex, supportedNameIdentifierFormats);
var requestConfiguration = federationContex.GetRequestConfigurationFromContext();
AuthnRequestHelper.GetBuilders = AuthnRequestBuildersFactoryMock.GetBuildersFactory();
//ACT
var authnRequest = AuthnRequestHelper.BuildAuthnRequest(authnRequestContext);
//ASSERT
Assert.NotNull(authnRequest);
Assert.IsNotNull(authnRequest.RequestedAuthnContext);
Assert.AreEqual(AuthnContextComparisonType.Minimum, authnRequest.RequestedAuthnContext.Comparison);
Assert.AreEqual(2, authnRequest.RequestedAuthnContext.Items.Length);
Assert.AreEqual(2, authnRequest.RequestedAuthnContext.ItemsElementName.Length);
Assert.AreEqual(AuthnContextType.AuthnContextClassRef, authnRequest.RequestedAuthnContext.ItemsElementName[0]);
Assert.AreEqual(AuthnticationContexts.Password, authnRequest.RequestedAuthnContext.Items[0]);
Assert.AreEqual(AuthnContextType.AuthnContextClassRef, authnRequest.RequestedAuthnContext.ItemsElementName[1]);
Assert.AreEqual(AuthnticationContexts.PasswordProtectedTransport, authnRequest.RequestedAuthnContext.Items[1]);
}
public void BuildAuthnRequest_test_scoping_default_overwritten()
{
//ARRANGE
var requestUri = new Uri("http://localhost:59611/");
var federationPartyContextBuilder = new FederationPartyContextBuilderMock();
var federationContex = federationPartyContextBuilder.BuildContext("local", NameIdentifierFormats.Transient);
federationContex.ScopingConfiguration = new Kernel.Federation.FederationPartner.ScopingConfiguration("http://localhost:59611/")
{
PoxyCount = 10
};
var supportedNameIdentifierFormats = new List <Uri> {
new Uri(NameIdentifierFormats.Transient)
};
var authnRequestContext = new AuthnRequestContext(requestUri, federationContex, supportedNameIdentifierFormats);
var requestConfiguration = federationContex.GetRequestConfigurationFromContext();
AuthnRequestHelper.GetBuilders = AuthnRequestBuildersFactoryMock.GetBuildersFactory();
//ACT
var authnRequest = AuthnRequestHelper.BuildAuthnRequest(authnRequestContext);
//ASSERT
Assert.NotNull(authnRequest);
Assert.IsNotNull(authnRequest.Scoping);
Assert.AreEqual("10", authnRequest.Scoping.ProxyCount);
Assert.AreEqual(1, authnRequest.Scoping.RequesterId.Length);
Assert.AreEqual("http://localhost:59611/", authnRequest.Scoping.RequesterId[0]);
}
public void BuildAuthnRequest_test_nameid_fortmat_no_match_from_many_entries_supported()
{
//ARRANGE
var requestUri = new Uri("http://localhost:59611/");
var federationPartyContextBuilder = new FederationPartyContextBuilderMock();
var federationContex = federationPartyContextBuilder.BuildContext("local", NameIdentifierFormats.Windows);
var supportedNameIdentifierFormats = new List <Uri> {
new Uri(NameIdentifierFormats.Transient), new Uri(NameIdentifierFormats.Persistent)
};
var authnRequestContext = new AuthnRequestContext(requestUri, federationContex, supportedNameIdentifierFormats);
var requestConfiguration = federationContex.GetRequestConfigurationFromContext();
AuthnRequestHelper.GetBuilders = AuthnRequestBuildersFactoryMock.GetBuildersFactory();
//ACT
var authnRequest = AuthnRequestHelper.BuildAuthnRequest(authnRequestContext);
var audience = ((AudienceRestriction)authnRequest.Conditions.Items.Single())
.Audience
.Single();
//ASSERT
Assert.NotNull(authnRequest);
Assert.AreEqual(requestConfiguration.IsPassive, authnRequest.IsPassive);
Assert.AreEqual(requestConfiguration.ForceAuthn, authnRequest.ForceAuthn);
Assert.AreEqual("2.0", authnRequest.Version);
//issuer
Assert.AreEqual(requestConfiguration.EntityId, authnRequest.Issuer.Value);
Assert.AreEqual(NameIdentifierFormats.Entity, authnRequest.Issuer.Format);
//audience
Assert.AreEqual(requestConfiguration.AudienceRestriction.Count, authnRequest.Conditions.Items.Count);
Assert.AreEqual(requestConfiguration.AudienceRestriction.Single(), audience);
//nameIdPolicy
Assert.IsFalse(authnRequest.NameIdPolicy.AllowCreate);
Assert.AreEqual(authnRequest.NameIdPolicy.Format, NameIdentifierFormats.Unspecified);
}
public async Task AuthnRequestSerialiser_test()
{
//ARRANGE
var requestUri = new Uri("http://localhost:59611/");
var federationPartyContextBuilder = new FederationPartyContextBuilderMock();
var federationContex = federationPartyContextBuilder.BuildContext("local");
var supportedNameIdentifierFormats = new List <Uri> {
new Uri(NameIdentifierFormats.Transient)
};
var authnRequestContext = new AuthnRequestContext(requestUri, federationContex, supportedNameIdentifierFormats);
var xmlSerialiser = new XMLSerialiser();
var compressor = new DeflateCompressor();
var encoder = new MessageEncoding(compressor);
var logger = new LogProviderMock();
var serialiser = new AuthnRequestSerialiser(xmlSerialiser, encoder, logger);
AuthnRequestHelper.GetBuilders = AuthnRequestBuildersFactoryMock.GetBuildersFactory();
var authnRequest = AuthnRequestHelper.BuildAuthnRequest(authnRequestContext);
//ACT
var request = await serialiser.Serialize(authnRequest);
//ASSERT
Assert.NotNull(request);
}
public async Task Build(BindingContext context)
{
if (context == null)
{
throw new ArgumentNullException("context");
}
var httpRedirectContext = context as HttpRedirectContext;
if (httpRedirectContext == null)
{
throw new InvalidOperationException(String.Format("Binding context must be of type:{0}. It was: {1}", typeof(HttpRedirectContext).Name, context.GetType().Name));
}
var authnRequest = AuthnRequestHelper.BuildAuthnRequest(httpRedirectContext.AuthnRequestContext);
var serialised = await this._authnRequestSerialiser.Serialize(authnRequest);
this.AppendRequest(context.ClauseBuilder, serialised);
}
public void SignInCommand_Run_MapsReturnUrl()
{
var defaultDestination = Options.FromConfiguration.IdentityProviders.Default.SingleSignOnServiceUrl;
var httpRequest = new HttpRequestData("GET", new Uri("http://localhost/signin?ReturnUrl=%2FReturn.aspx"));
var subject = new SignInCommand().Run(httpRequest, Options.FromConfiguration);
var idp = Options.FromConfiguration.IdentityProviders.Default;
var authnRequest = idp.CreateAuthenticateRequest(null, StubFactory.CreateAuthServicesUrls());
var requestId = AuthnRequestHelper.GetRequestId(subject.Location);
StoredRequestState storedAuthnData;
idp.PendingAuthStorageContainer.TryRemove(new System.IdentityModel.Tokens.Saml2Id(requestId), out storedAuthnData);
storedAuthnData.ReturnUrl.Should().Be("http://localhost/Return.aspx");
}
public void SignInCommand_Run_MapsReturnUrl()
{
var defaultDestination = IdentityProvider.ActiveIdentityProviders.First()
.AssertionConsumerServiceUrl;
var httpRequest = new HttpRequestData("GET", new Uri("http://localhost/signin?ReturnUrl=/Return.aspx"));
var subject = new SignInCommand().Run(httpRequest);
var idp = IdentityProvider.ActiveIdentityProviders.First();
var authnRequest = idp.CreateAuthenticateRequest(null);
var requestId = AuthnRequestHelper.GetRequestId(subject.Location);
StoredRequestState storedAuthnData;
PendingAuthnRequests.TryRemove(new System.IdentityModel.Tokens.Saml2Id(requestId), out storedAuthnData);
storedAuthnData.ReturnUri.Should().Be("http://localhost/Return.aspx");
}
public async Task KentorAuthServicesAuthenticationMiddleware_RedirectRemembersReturnPath()
{
var returnUri = "http://sp.example.com/returnuri";
var middleware = new KentorAuthServicesAuthenticationMiddleware(
new StubOwinMiddleware(401, new AuthenticationResponseChallenge(
new string[] { "KentorAuthServices" }, new AuthenticationProperties()
{
RedirectUri = returnUri
})),
CreateAppBuilder(), new KentorAuthServicesAuthenticationOptions());
var context = OwinTestHelpers.CreateOwinContext();
await middleware.Invoke(context);
var requestId = AuthnRequestHelper.GetRequestId(new Uri(context.Response.Headers["Location"]));
StoredRequestState storedAuthnData;
PendingAuthnRequests.TryRemove(new System.IdentityModel.Tokens.Saml2Id(requestId), out storedAuthnData);
storedAuthnData.ReturnUri.Should().Be(returnUri);
}
internal static Func <IEnumerable <IAuthnRequestClauseBuilder <AuthnRequest> > > GetBuildersFactory()
{
return(() => ReflectionHelper.GetAllTypes(new[] { typeof(ClauseBuilder).Assembly }, t => AuthnRequestHelper.Condition(t))
.Select(x => (IAuthnRequestClauseBuilder <AuthnRequest>)Activator.CreateInstance(x)));
}
private IEnumerable <Type> GetBuilders()
{
return(ReflectionHelper.GetAllTypes(new[] { typeof(ClauseBuilder).Assembly }, t => AuthnRequestHelper.Condition(t)));
}
