public void IdentityProvider_CreateAuthenticateRequest_BasicInfo()
        {
            var options = Options.FromConfiguration;

            var idp = options.IdentityProviders.Default;

            var urls = StubFactory.CreateAuthServicesUrls();
            var subject = idp.CreateAuthenticateRequest(null, urls);

            var expected = new Saml2AuthenticationRequest()
            {
                AssertionConsumerServiceUrl = urls.AssertionConsumerServiceUrl,
                DestinationUrl = idp.SingleSignOnServiceUrl,
                Issuer = options.SPOptions.EntityId,
                AttributeConsumingServiceIndex = 0,
                NameIdPolicy = new Saml2NameIdPolicy(true, NameIdFormat.EntityIdentifier),
                RequestedAuthnContext = new Saml2RequestedAuthnContext(
                    new Uri("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"),
                    AuthnContextComparisonType.Minimum)
            };

            subject.ShouldBeEquivalentTo(expected, opt => opt
            .Excluding(au => au.Id)
            .Excluding(au => au.RelayState));

            subject.RelayState.Should().HaveLength(56);
        }
        public void Saml2AuthenticationRequest_ToXElement_RootNode()
        {
            var subject = new Saml2AuthenticationRequest().ToXElement();

            subject.Should().NotBeNull().And.Subject.Name.Should().Be(
                Saml2Namespaces.Saml2P + "AuthnRequest");
        }
        public void Saml2AuthenticationRequest_ForceAuthentication_OmittedIfFalse()
        {
            var subject = new Saml2AuthenticationRequest() {
                ForceAuthentication = false
            }.ToXElement();

            subject.Should().NotBeNull().And.Subject.Attribute("ForceAuthn").Should().BeNull();
        }
        public void Saml2AuthenticationRequest_ForceAuthentication()
        {
            var subject = new Saml2AuthenticationRequest() {
                ForceAuthentication = true
            }.ToXElement();

            subject.Should().NotBeNull().And.Subject.Attribute("ForceAuthn")
                .Should().NotBeNull().And.Subject.Value.Should().Be("true");
        }
        public void Saml2AuthenticationRequest_ToXElement_AddsAttributeConsumingServiceIndex()
        {
            var subject = new Saml2AuthenticationRequest()
            {
                AttributeConsumingServiceIndex = 17
            }.ToXElement();

            subject.Attribute("AttributeConsumingServiceIndex").Value.Should().Be("17");
        }
        public void Saml2AuthenticationRequest_ToXElement_AddsRequestBaseFields()
        {
            // Just checking for the id field and assuming that means that the
            // base fields are added. The details of the fields are tested
            // by Saml2RequestBaseTests.

            var subject = new Saml2AuthenticationRequest().ToXElement();

            subject.Should().NotBeNull().And.Subject.Attribute("ID").Should().NotBeNull();
            subject.Attribute("AttributeConsumingServiceIndex").Should().BeNull();
        }
        public void Saml2AuthenticationRequest_AssertionConsumerServiceUrl()
        {
            string url = "http://some.example.com/Saml2AuthenticationModule/acs";
            var subject = new Saml2AuthenticationRequest()
            {
                AssertionConsumerServiceUrl = new Uri(url)
            }.ToXElement();

            subject.Should().NotBeNull().And.Subject.Attribute("AssertionConsumerServiceURL")
                .Should().NotBeNull().And.Subject.Value.Should().Be(url);
        }
Пример #8
0
        public ActionResult Index(Guid? idpId)
        {
            var model = new HomePageModel
            {
                AssertionModel = AssertionModel.CreateFromConfiguration(),
            };

            if (idpId.HasValue)
            {
                var fileData = GetCachedConfiguration(idpId.Value);
                if (fileData != null)
                {
                    if (!string.IsNullOrEmpty(fileData.DefaultAssertionConsumerServiceUrl))
                    {
                        // Override default StubIdp Acs with Acs from IdpConfiguration
                        model.AssertionModel.AssertionConsumerServiceUrl = fileData.DefaultAssertionConsumerServiceUrl;
                    }
                    if(!string.IsNullOrEmpty(fileData.DefaultAssertionConsumerServiceUrl))
                    {
                        model.AssertionModel.Audience = fileData.DefaultAudience;
                    }

                    model.CustomDescription = fileData.IdpDescription;
                    model.AssertionModel.NameId = null;
                    model.HideDetails = fileData.HideDetails;
                }
            }

            var requestData = Request.ToHttpRequestData(false);
            if (requestData.QueryString["SAMLRequest"].Any())
            {
                var extractedMessage = Saml2Binding.Get(Saml2BindingType.HttpRedirect)
                    .Unbind(requestData, null);

                var request = new Saml2AuthenticationRequest(
                    extractedMessage.Data,
                    extractedMessage.RelayState);

                model.AssertionModel.InResponseTo = request.Id.Value;
                model.AssertionModel.AssertionConsumerServiceUrl = request.AssertionConsumerServiceUrl.ToString();
                model.AssertionModel.RelayState = extractedMessage.RelayState;
                model.AssertionModel.Audience = request.Issuer.Id;
                model.AssertionModel.AuthnRequestXml = extractedMessage.Data.PrettyPrint();
            }

            return View(model);
        }
        public void IdentityProvider_CreateAuthenticateRequest_BasicInfo()
        {
            var options = Options.FromConfiguration;

            var idp = options.IdentityProviders.Default;

            var urls = StubFactory.CreateAuthServicesUrls();
            var subject = idp.CreateAuthenticateRequest(null, urls);

            var expected = new Saml2AuthenticationRequest()
            {
                AssertionConsumerServiceUrl = urls.AssertionConsumerServiceUrl,
                DestinationUrl = idp.SingleSignOnServiceUrl,
                Issuer = options.SPOptions.EntityId,
                AttributeConsumingServiceIndex = 0,
            };

            subject.ShouldBeEquivalentTo(expected, opt => opt.Excluding(au => au.Id));
        }
Пример #10
0
        public void IdentityProvider_CreateAuthenticateRequest_BasicInfo()
        {
            var options = Options.FromConfiguration;

            var idp = options.IdentityProviders.Default;

            var urls = StubFactory.CreateAuthServicesUrls();
            var subject = idp.CreateAuthenticateRequest(null, urls);

            var expected = new Saml2AuthenticationRequest()
            {
                AssertionConsumerServiceUrl = urls.AssertionConsumerServiceUrl,
                DestinationUrl = idp.SingleSignOnServiceUrl,
                Issuer = options.SPOptions.EntityId,
                AttributeConsumingServiceIndex = 0,
                NameIdPolicy = new Saml2NameIdPolicy {  AllowCreate = true, Format = NameIdFormat.EntityIdentifier}
            };

            subject.ShouldBeEquivalentTo(expected, opt => opt
            .Excluding(au => au.Id)
            .Excluding(au => au.RelayState));

            subject.RelayState.Should().HaveLength(56);
        }
        public void IdentityProvider_CreateAuthenticateRequest_PublicOrigin()
        {
            var origin = new Uri("https://my.public.origin:8443/");
            var options = StubFactory.CreateOptionsPublicOrigin(origin);

            var idp = options.IdentityProviders.Default;

            var urls = StubFactory.CreateAuthServicesUrlsPublicOrigin(origin);
            var subject = idp.CreateAuthenticateRequest(urls);

            var expected = new Saml2AuthenticationRequest()
            {
                AssertionConsumerServiceUrl = urls.AssertionConsumerServiceUrl,
                DestinationUrl = idp.SingleSignOnServiceUrl,
                Issuer = options.SPOptions.EntityId,
                AttributeConsumingServiceIndex = 0
            };

            subject.ShouldBeEquivalentTo(expected, opt => opt
            .Excluding(au => au.Id)
            .Excluding(au => au.RelayState));
        }
        public void IdentityProvider_CreateAuthenticateRequest_NoAttributeIndex()
        {
            var options = StubFactory.CreateOptions();
            var idp = options.IdentityProviders.Default;
            var urls = StubFactory.CreateAuthServicesUrls();

            options.SPOptions.AttributeConsumingServices.Clear();

            var subject = idp.CreateAuthenticateRequest(urls);

            var expected = new Saml2AuthenticationRequest()
            {
                AssertionConsumerServiceUrl = urls.AssertionConsumerServiceUrl,
                DestinationUrl = idp.SingleSignOnServiceUrl,
                Issuer = options.SPOptions.EntityId,
                AttributeConsumingServiceIndex = null
            };

            subject.ShouldBeEquivalentTo(expected, opt => opt
                .Excluding(au => au.Id)
                .Excluding(au => au.RelayState));
        }
        public void Saml2AuthenticationRequest_ToXElement_AddsElementSaml2NameIdPolicy()
        {
            var subject = new Saml2AuthenticationRequest()
            {
                AssertionConsumerServiceUrl = new Uri("http://destination.example.com"),
                NameIdPolicy = new Saml2NameIdPolicy { AllowCreate = false, Format = NameIdFormat.EmailAddress}
            }.ToXElement();

            XNamespace ns = "urn:oasis:names:tc:SAML:2.0:protocol";
            subject.Attribute("AttributeConsumingServiceIndex").Should().BeNull();
            subject.Should().NotBeNull().And.Subject.Element(ns + "NameIDPolicy").Should().NotBeNull();
        }
        public void Saml2AuthenticateRequest_ToXElement_OmitsRequestedAuthnContext_OnNullClassRef()
        {
            var subject = new Saml2AuthenticationRequest()
            {
                AssertionConsumerServiceUrl = new Uri("http://destination.example.com"),
                RequestedAuthnContext = new Saml2RequestedAuthnContext(null, AuthnContextComparisonType.Exact)
            }.ToXElement();

            subject.Element(Saml2Namespaces.Saml2P + "RequestedAuthnContext").Should().BeNull();
        }
        public void Saml2AuthenticationRequest_ToXElement_NameFormatTransientForbidsAllowCreate()
        {
            var subject = new Saml2AuthenticationRequest()
            {
                AssertionConsumerServiceUrl = new Uri("http://destination.example.com"),
                NameIdPolicy = new Saml2NameIdPolicy(true, NameIdFormat.Transient)
            };

            subject.Invoking(s => s.ToXElement())
                .ShouldThrow<InvalidOperationException>()
                .And.Message.Should().Be("When NameIdPolicy/Format is set to Transient, it is not permitted to specify AllowCreate. Change Format or leave AllowCreate as null.");
        }
        public void Saml2AuthenticationRequest_ToXElement_AddsRequestedAuthnContext()
        {
            var classRef = "http://www.kentor.se";
            var subject = new Saml2AuthenticationRequest()
            {
                AssertionConsumerServiceUrl = new Uri("http://destination.example.com"),
                RequestedAuthnContext = new Saml2RequestedAuthnContext(new Uri(classRef), AuthnContextComparisonType.Maximum)
            }.ToXElement();

            var expected = new XElement(Saml2Namespaces.Saml2P + "root",
                new XAttribute(XNamespace.Xmlns + "saml2p", Saml2Namespaces.Saml2P),
                new XAttribute(XNamespace.Xmlns + "saml2", Saml2Namespaces.Saml2),
                new XElement(Saml2Namespaces.Saml2P + "RequestedAuthnContext",
                    new XAttribute("Comparison", "Maximum"),
                    new XElement(Saml2Namespaces.Saml2 + "AuthnContextClassRef", classRef)))
                    .Elements().Single();

            var actual = subject.Element(Saml2Namespaces.Saml2P + "RequestedAuthnContext");

            actual.Should().BeEquivalentTo(expected);
        }
        public void Saml2AuthenticationRequest_ToXElement_AddsScoping()
        {
            var requesterId = "urn://requesterid/";
            var location = "http://location";
            var name = "name";
            var providerId = "urn:providerId";

            var subject = new Saml2AuthenticationRequest()
            {
                AssertionConsumerServiceUrl = new Uri("http://destination.example.com"),
                Scoping = new Saml2Scoping()
                {
                    ProxyCount = 5
                }
                .With(new Saml2IdpEntry(new EntityId(providerId))
                {
                    Name = name,
                    Location = new Uri(location)
                })
                .WithRequesterId(new EntityId(requesterId))
            };

            var actual = subject.ToXElement().Element(Saml2Namespaces.Saml2P + "Scoping");

            var expected = new XElement(Saml2Namespaces.Saml2P + "Scoping",
                    new XAttribute("ProxyCount", "5"),
                    new XElement(Saml2Namespaces.Saml2P + "IDPList",
                        new XElement(Saml2Namespaces.Saml2P + "IDPEntry",
                            new XAttribute("ProviderID", providerId),
                            new XAttribute("Name", name),
                            new XAttribute("Loc", location))),
                    new XElement(Saml2Namespaces.Saml2P + "RequesterID", requesterId.ToString()));

            actual.Should().BeEquivalentTo(expected);
        }
        public void Saml2AuthenticationRequest_ToXElement_AddsElementSaml2NameIdPolicy_ForNameIdFormat()
        {
            var subject = new Saml2AuthenticationRequest()
            {
                AssertionConsumerServiceUrl = new Uri("http://destination.example.com"),
                NameIdPolicy = new Saml2NameIdPolicy(null, NameIdFormat.EmailAddress)
            }.ToXElement();

            var expected = new XElement(Saml2Namespaces.Saml2P + "root",
                new XAttribute(XNamespace.Xmlns + "saml2p", Saml2Namespaces.Saml2P),
                new XElement(Saml2Namespaces.Saml2P + "NameIDPolicy",
                    new XAttribute("Format", "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress")))
                    .Elements().Single();

            subject.Element(Saml2Namespaces.Saml2P + "NameIDPolicy")
                .Should().BeEquivalentTo(expected);
        }
        public void Saml2AuthenticationRequest_ToXElement_AddsElementSaml2NameIdPolicy_ForAllowCreate()
        {
            var subject = new Saml2AuthenticationRequest()
            {
                AssertionConsumerServiceUrl = new Uri("http://destination.example.com"),
                NameIdPolicy = new Saml2NameIdPolicy(false, NameIdFormat.NotConfigured)
            }.ToXElement();

            var expected = new XElement(Saml2Namespaces.Saml2P + "root",
                new XAttribute(XNamespace.Xmlns + "saml2p", Saml2Namespaces.Saml2P),
                new XElement(Saml2Namespaces.Saml2P + "NameIDPolicy",
                    new XAttribute("AllowCreate", false)))
                    .Elements().Single();

            subject.Attribute("AttributeConsumingServiceIndex").Should().BeNull();
            subject.Element(Saml2Namespaces.Saml2P + "NameIDPolicy")
                .Should().BeEquivalentTo(expected);
        }
        public void Saml2AuthenticationRequest_ToXElement_Scoping_NullContents_EmptyScoping()
        {
            var subject = new Saml2AuthenticationRequest()
            {
                AssertionConsumerServiceUrl = new Uri("http://destination.example.com"),
                Scoping = new Saml2Scoping()
            }.ToXElement().Element(Saml2Namespaces.Saml2P + "Scoping");

            var expected = new XElement(Saml2Namespaces.Saml2P + "root",
                new XAttribute(XNamespace.Xmlns + "saml2p", Saml2Namespaces.Saml2P),
                new XElement(Saml2Namespaces.Saml2P + "Scoping"))
                .Elements().Single();

            subject.Should().BeEquivalentTo(expected);
        }
        public void Saml2AuthenticationRequest_ToXElement_Scoping_ZeroProxyCount_AttributeAdded()
        {
            var subject = new Saml2AuthenticationRequest()
            {
                AssertionConsumerServiceUrl = new Uri("http://destination.example.com"),
                Scoping = new Saml2Scoping()
                {
                    ProxyCount = 0
                }
            };

            var actual = subject.ToXElement().Element(Saml2Namespaces.Saml2P + "Scoping");

            var expected = new XElement(Saml2Namespaces.Saml2P + "root",
                new XAttribute(XNamespace.Xmlns + "saml2p", Saml2Namespaces.Saml2P),
                new XElement(Saml2Namespaces.Saml2P + "Scoping",
                 new XAttribute("ProxyCount", "0")))
                .Elements().Single();

            actual.Should().BeEquivalentTo(expected);
        }
        private void Saml2AuthenticationRequest_ToXElement_AddsProtocolBinding(AuthServices.WebSso.Saml2BindingType protocolBinding, string expectedProtocolBinding)
        {
            var subject = new Saml2AuthenticationRequest()
            {
                AssertionConsumerServiceUrl = new Uri("http://destination.example.com"),
                Binding = protocolBinding
            }.ToXElement();

            subject.Attribute("ProtocolBinding").Value.Should().Be(expectedProtocolBinding);
        }