public async Task KentorAuthServicesAuthenicationMiddleware_StoresAuthenticationProperties() { var returnUrl = "http://sp.example.com/returnurl"; var prop = new AuthenticationProperties() { RedirectUri = returnUrl }; prop.Dictionary["test"] = "SomeValue"; var middleware = new KentorAuthServicesAuthenticationMiddleware( new StubOwinMiddleware(401, new AuthenticationResponseChallenge( new string[] { "KentorAuthServices" }, prop)), CreateAppBuilder(), new KentorAuthServicesAuthenticationOptions(true)); var context = OwinTestHelpers.CreateOwinContext(); await middleware.Invoke(context); var requestId = AuthnRequestHelper.GetRequestId(new Uri(context.Response.Headers["Location"])); StoredRequestState storedAuthnData; PendingAuthnRequests.TryRemove(new Saml2Id(requestId), out storedAuthnData); ((AuthenticationProperties)storedAuthnData.RelayData).Dictionary["test"].Should().Be("SomeValue"); }
public async Task KentorAuthServicesAuthenticationMiddleware_SignInUrlRedirectsToIdp() { var context = OwinTestHelpers.CreateOwinContext(); context.Request.Host = new HostString("localhost"); var signinPath = "/AuthServices/SignIn"; context.Request.Path = new PathString(signinPath); context.Request.QueryString = new QueryString("ReturnUrl=%2FHome&idp=https%3A%2F%2Fidp2.example.com"); var middleware = new KentorAuthServicesAuthenticationMiddleware(null, CreateAppBuilder(), new KentorAuthServicesAuthenticationOptions(true)); await middleware.Invoke(context); context.Response.StatusCode.Should().Be(303); context.Response.Headers["Location"].Should().StartWith("https://idp2.example.com/idp?SAMLRequest"); var requestId = AuthnRequestHelper.GetRequestId(new Uri(context.Response.Headers["Location"])); StoredRequestState storedAuthnData; PendingAuthnRequests.TryRemove(new Saml2Id(requestId), out storedAuthnData); storedAuthnData.ReturnUrl.Should().Be("http://localhost/Home"); }
public void BuildAuthnRequest_test_requested_authn_context_default_overwritten_multiple_contexts() { //ARRANGE var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var federationContex = federationPartyContextBuilder.BuildContext("local", NameIdentifierFormats.Transient); var requestedAuthnContextConfiguration = new Kernel.Federation.FederationPartner.RequestedAuthnContextConfiguration(AuthnContextComparisonType.Minimum.ToString()); requestedAuthnContextConfiguration.RequestedAuthnContexts.Add((new Kernel.Federation.Protocols.AuthnContext(AuthnContextType.AuthnContextClassRef.ToString(), new Uri(AuthnticationContexts.Password)))); requestedAuthnContextConfiguration.RequestedAuthnContexts.Add((new Kernel.Federation.Protocols.AuthnContext(AuthnContextType.AuthnContextClassRef.ToString(), new Uri(AuthnticationContexts.PasswordProtectedTransport)))); var federationPartyAuthnRequestConfiguration = new FederationPartyAuthnRequestConfiguration(requestedAuthnContextConfiguration, new DefaultNameId(new Uri(NameIdentifierFormats.Transient))); federationContex.FederationPartyAuthnRequestConfiguration = federationPartyAuthnRequestConfiguration; var supportedNameIdentifierFormats = new List <Uri> { new Uri(NameIdentifierFormats.Transient) }; var authnRequestContext = new AuthnRequestContext(requestUri, federationContex, supportedNameIdentifierFormats); var requestConfiguration = federationContex.GetRequestConfigurationFromContext(); AuthnRequestHelper.GetBuilders = AuthnRequestBuildersFactoryMock.GetBuildersFactory(); //ACT var authnRequest = AuthnRequestHelper.BuildAuthnRequest(authnRequestContext); //ASSERT Assert.NotNull(authnRequest); Assert.IsNotNull(authnRequest.RequestedAuthnContext); Assert.AreEqual(AuthnContextComparisonType.Minimum, authnRequest.RequestedAuthnContext.Comparison); Assert.AreEqual(2, authnRequest.RequestedAuthnContext.Items.Length); Assert.AreEqual(2, authnRequest.RequestedAuthnContext.ItemsElementName.Length); Assert.AreEqual(AuthnContextType.AuthnContextClassRef, authnRequest.RequestedAuthnContext.ItemsElementName[0]); Assert.AreEqual(AuthnticationContexts.Password, authnRequest.RequestedAuthnContext.Items[0]); Assert.AreEqual(AuthnContextType.AuthnContextClassRef, authnRequest.RequestedAuthnContext.ItemsElementName[1]); Assert.AreEqual(AuthnticationContexts.PasswordProtectedTransport, authnRequest.RequestedAuthnContext.Items[1]); }
public void BuildAuthnRequest_test_scoping_default_overwritten() { //ARRANGE var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var federationContex = federationPartyContextBuilder.BuildContext("local", NameIdentifierFormats.Transient); federationContex.ScopingConfiguration = new Kernel.Federation.FederationPartner.ScopingConfiguration("http://localhost:59611/") { PoxyCount = 10 }; var supportedNameIdentifierFormats = new List <Uri> { new Uri(NameIdentifierFormats.Transient) }; var authnRequestContext = new AuthnRequestContext(requestUri, federationContex, supportedNameIdentifierFormats); var requestConfiguration = federationContex.GetRequestConfigurationFromContext(); AuthnRequestHelper.GetBuilders = AuthnRequestBuildersFactoryMock.GetBuildersFactory(); //ACT var authnRequest = AuthnRequestHelper.BuildAuthnRequest(authnRequestContext); //ASSERT Assert.NotNull(authnRequest); Assert.IsNotNull(authnRequest.Scoping); Assert.AreEqual("10", authnRequest.Scoping.ProxyCount); Assert.AreEqual(1, authnRequest.Scoping.RequesterId.Length); Assert.AreEqual("http://localhost:59611/", authnRequest.Scoping.RequesterId[0]); }
public void BuildAuthnRequest_test_nameid_fortmat_no_match_from_many_entries_supported() { //ARRANGE var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var federationContex = federationPartyContextBuilder.BuildContext("local", NameIdentifierFormats.Windows); var supportedNameIdentifierFormats = new List <Uri> { new Uri(NameIdentifierFormats.Transient), new Uri(NameIdentifierFormats.Persistent) }; var authnRequestContext = new AuthnRequestContext(requestUri, federationContex, supportedNameIdentifierFormats); var requestConfiguration = federationContex.GetRequestConfigurationFromContext(); AuthnRequestHelper.GetBuilders = AuthnRequestBuildersFactoryMock.GetBuildersFactory(); //ACT var authnRequest = AuthnRequestHelper.BuildAuthnRequest(authnRequestContext); var audience = ((AudienceRestriction)authnRequest.Conditions.Items.Single()) .Audience .Single(); //ASSERT Assert.NotNull(authnRequest); Assert.AreEqual(requestConfiguration.IsPassive, authnRequest.IsPassive); Assert.AreEqual(requestConfiguration.ForceAuthn, authnRequest.ForceAuthn); Assert.AreEqual("2.0", authnRequest.Version); //issuer Assert.AreEqual(requestConfiguration.EntityId, authnRequest.Issuer.Value); Assert.AreEqual(NameIdentifierFormats.Entity, authnRequest.Issuer.Format); //audience Assert.AreEqual(requestConfiguration.AudienceRestriction.Count, authnRequest.Conditions.Items.Count); Assert.AreEqual(requestConfiguration.AudienceRestriction.Single(), audience); //nameIdPolicy Assert.IsFalse(authnRequest.NameIdPolicy.AllowCreate); Assert.AreEqual(authnRequest.NameIdPolicy.Format, NameIdentifierFormats.Unspecified); }
public async Task AuthnRequestSerialiser_test() { //ARRANGE var requestUri = new Uri("http://localhost:59611/"); var federationPartyContextBuilder = new FederationPartyContextBuilderMock(); var federationContex = federationPartyContextBuilder.BuildContext("local"); var supportedNameIdentifierFormats = new List <Uri> { new Uri(NameIdentifierFormats.Transient) }; var authnRequestContext = new AuthnRequestContext(requestUri, federationContex, supportedNameIdentifierFormats); var xmlSerialiser = new XMLSerialiser(); var compressor = new DeflateCompressor(); var encoder = new MessageEncoding(compressor); var logger = new LogProviderMock(); var serialiser = new AuthnRequestSerialiser(xmlSerialiser, encoder, logger); AuthnRequestHelper.GetBuilders = AuthnRequestBuildersFactoryMock.GetBuildersFactory(); var authnRequest = AuthnRequestHelper.BuildAuthnRequest(authnRequestContext); //ACT var request = await serialiser.Serialize(authnRequest); //ASSERT Assert.NotNull(request); }
public async Task Build(BindingContext context) { if (context == null) { throw new ArgumentNullException("context"); } var httpRedirectContext = context as HttpRedirectContext; if (httpRedirectContext == null) { throw new InvalidOperationException(String.Format("Binding context must be of type:{0}. It was: {1}", typeof(HttpRedirectContext).Name, context.GetType().Name)); } var authnRequest = AuthnRequestHelper.BuildAuthnRequest(httpRedirectContext.AuthnRequestContext); var serialised = await this._authnRequestSerialiser.Serialize(authnRequest); this.AppendRequest(context.ClauseBuilder, serialised); }
public void SignInCommand_Run_MapsReturnUrl() { var defaultDestination = Options.FromConfiguration.IdentityProviders.Default.SingleSignOnServiceUrl; var httpRequest = new HttpRequestData("GET", new Uri("http://localhost/signin?ReturnUrl=%2FReturn.aspx")); var subject = new SignInCommand().Run(httpRequest, Options.FromConfiguration); var idp = Options.FromConfiguration.IdentityProviders.Default; var authnRequest = idp.CreateAuthenticateRequest(null, StubFactory.CreateAuthServicesUrls()); var requestId = AuthnRequestHelper.GetRequestId(subject.Location); StoredRequestState storedAuthnData; idp.PendingAuthStorageContainer.TryRemove(new System.IdentityModel.Tokens.Saml2Id(requestId), out storedAuthnData); storedAuthnData.ReturnUrl.Should().Be("http://localhost/Return.aspx"); }
public void SignInCommand_Run_MapsReturnUrl() { var defaultDestination = IdentityProvider.ActiveIdentityProviders.First() .AssertionConsumerServiceUrl; var httpRequest = new HttpRequestData("GET", new Uri("http://localhost/signin?ReturnUrl=/Return.aspx")); var subject = new SignInCommand().Run(httpRequest); var idp = IdentityProvider.ActiveIdentityProviders.First(); var authnRequest = idp.CreateAuthenticateRequest(null); var requestId = AuthnRequestHelper.GetRequestId(subject.Location); StoredRequestState storedAuthnData; PendingAuthnRequests.TryRemove(new System.IdentityModel.Tokens.Saml2Id(requestId), out storedAuthnData); storedAuthnData.ReturnUri.Should().Be("http://localhost/Return.aspx"); }
public async Task KentorAuthServicesAuthenticationMiddleware_RedirectRemembersReturnPath() { var returnUri = "http://sp.example.com/returnuri"; var middleware = new KentorAuthServicesAuthenticationMiddleware( new StubOwinMiddleware(401, new AuthenticationResponseChallenge( new string[] { "KentorAuthServices" }, new AuthenticationProperties() { RedirectUri = returnUri })), CreateAppBuilder(), new KentorAuthServicesAuthenticationOptions()); var context = OwinTestHelpers.CreateOwinContext(); await middleware.Invoke(context); var requestId = AuthnRequestHelper.GetRequestId(new Uri(context.Response.Headers["Location"])); StoredRequestState storedAuthnData; PendingAuthnRequests.TryRemove(new System.IdentityModel.Tokens.Saml2Id(requestId), out storedAuthnData); storedAuthnData.ReturnUri.Should().Be(returnUri); }
internal static Func <IEnumerable <IAuthnRequestClauseBuilder <AuthnRequest> > > GetBuildersFactory() { return(() => ReflectionHelper.GetAllTypes(new[] { typeof(ClauseBuilder).Assembly }, t => AuthnRequestHelper.Condition(t)) .Select(x => (IAuthnRequestClauseBuilder <AuthnRequest>)Activator.CreateInstance(x))); }
private IEnumerable <Type> GetBuilders() { return(ReflectionHelper.GetAllTypes(new[] { typeof(ClauseBuilder).Assembly }, t => AuthnRequestHelper.Condition(t))); }