public void Saml2RedirectBinding_Unbind_NullcheckRequest()
{
Saml2Binding.Get(Saml2BindingType.HttpRedirect)
.Invoking(b => b.Unbind(null))
.ShouldThrow <ArgumentNullException>().And.ParamName.Should().Be("request");
}
public void Saml2PostBinding_Bind_Nullcheck_payload()
{
Saml2Binding.Get(Saml2BindingType.HttpRedirect)
.Invoking(b => b.Bind(null, new Uri("http://host"), null))
.ShouldThrow <ArgumentNullException>().And.ParamName.Should().Be("payload");
}
public void LogoutCommand_Run_HandlesLogoutRequest_ReceivedThroughRedirectBinding()
{
var request = new Saml2LogoutRequest()
{
DestinationUrl = new Uri("http://sp.example.com/path/AuthServices/logout"),
Issuer = new EntityId("https://idp.example.com"),
SigningCertificate = SignedXmlHelper.TestCert,
NameId = new Saml2NameIdentifier("NameId"),
SessionIndex = "SessionID",
SigningAlgorithm = SignedXml.XmlDsigRSASHA256Url
};
var bindResult = Saml2Binding.Get(Saml2BindingType.HttpRedirect)
.Bind(request);
var httpRequest = new HttpRequestData("GET", bindResult.Location);
var options = StubFactory.CreateOptions();
options.SPOptions.ServiceCertificates.Add(SignedXmlHelper.TestCert);
CommandResult notifiedCommandResult = null;
options.Notifications.LogoutCommandResultCreated = cr =>
{
notifiedCommandResult = cr;
};
// We're using unbind to verify the created message and UnBind
// expects the issuer to be a known Idp for signature validation.
// Add a dummy with the right issuer name and key.
var dummyIdp = new IdentityProvider(options.SPOptions.EntityId, options.SPOptions);
dummyIdp.SigningKeys.AddConfiguredKey(SignedXmlHelper.TestCert);
options.IdentityProviders.Add(dummyIdp);
var actual = CommandFactory.GetCommand(CommandFactory.LogoutCommandName)
.Run(httpRequest, options);
var expected = new CommandResult()
{
HttpStatusCode = HttpStatusCode.SeeOther,
TerminateLocalSession = true
// Deliberately not comparing Location
};
HttpUtility.ParseQueryString(actual.Location.Query)["Signature"]
.Should().NotBeNull("LogoutResponse should be signed");
actual.ShouldBeEquivalentTo(expected, opt => opt.Excluding(cr => cr.Location));
actual.Should().BeSameAs(notifiedCommandResult);
var actualUnbindResult = Saml2Binding.Get(Saml2BindingType.HttpRedirect)
.Unbind(new HttpRequestData("GET", actual.Location), options);
var actualMessage = actualUnbindResult.Data;
var expectedMessage = XmlHelpers.XmlDocumentFromString(
$@"<samlp:LogoutResponse xmlns:samlp=""urn:oasis:names:tc:SAML:2.0:protocol""
xmlns=""urn:oasis:names:tc:SAML:2.0:assertion""
Destination=""https://idp.example.com/logout""
Version=""2.0"">
<Issuer>{options.SPOptions.EntityId.Id}</Issuer>
<samlp:Status>
<samlp:StatusCode Value=""urn:oasis:names:tc:SAML:2.0:status:Success""/>
</samlp:Status>
</samlp:LogoutResponse>").DocumentElement;
// Set generated attributes to actual values.
expectedMessage.SetAttribute("ID", actualMessage.GetAttribute("ID"));
expectedMessage.SetAttribute("IssueInstant", actualMessage.GetAttribute("IssueInstant"));
expectedMessage.SetAttribute("InResponseTo", request.Id.Value);
actualMessage.Should().BeEquivalentTo(expectedMessage);
actualUnbindResult.RelayState.Should().Be(request.RelayState);
actualUnbindResult.TrustLevel.Should().Be(TrustLevel.Signature);
}
public void Saml2RedirectBinding_Bind_Nullcheck()
{
Saml2Binding.Get(Saml2BindingType.HttpRedirect)
.Invoking(b => b.Bind(null))
.ShouldThrow <ArgumentNullException>().And.ParamName.Should().Be("message");
}
public ActionResult RespondToLogoutRequest(RespondToLogoutRequestModel model)
{
return(Saml2Binding.Get(Saml2BindingType.HttpRedirect)
.Bind(model.ToLogoutResponse())
.ToActionResult());
}
public void Saml2ArtifactBinding_Bind_Nullcheck()
{
Saml2Binding.Get(Saml2BindingType.Artifact)
.Invoking(b => b.Bind(null))
.ShouldThrow <ArgumentNullException>("message");
}
public void Saml2PostBinding_Unbind_ThrowsOnNotBase64Encoded()
{
Saml2Binding.Get(Saml2BindingType.HttpPost)
.Invoking(b => b.Unbind(CreateRequest("foo"), StubFactory.CreateOptions()))
.Should().Throw <FormatException>();
}
public void Saml2PostBinding_Bind_Nullcheck_messageName()
{
Saml2Binding.Get(Saml2BindingType.HttpPost)
.Invoking(b => b.Bind("-", new Uri("http://host"), null))
.ShouldThrow <ArgumentNullException>().And.ParamName.Should().Be("messageName");
}
public void Saml2PostBinding_Bind_SignsXmlAndPreserversXmlDeclaration()
{
var message = new Saml2MessageImplementation
{
DestinationUrl = new Uri("http://www.example.com/acs"),
XmlData = "<root ID=\"id\">\r\n <content>data</content>\r\n</root>",
MessageName = "SAMLMessageName",
RelayState = "ABC1234",
SigningCertificate = SignedXmlHelper.TestCert,
SigningAlgorithm = SecurityAlgorithms.RsaSha256Signature
};
var signedXml = "<?xml version=\"1.0\" encoding=\"blaha\"?>\r\n"
+ SignedXmlHelper.SignXml(message.XmlData, true);
var expectedValue = Convert.ToBase64String(Encoding.UTF8.GetBytes(signedXml));
var notificationCalled = false;
var result = Saml2Binding.Get(Saml2BindingType.HttpPost).Bind(message, null, (m, xd, bt) =>
{
xd.Declaration = new XDeclaration("1.0", "blaha", null);
m.Should().BeSameAs(message);
bt.Should().Be(Saml2BindingType.HttpPost);
notificationCalled = true;
});
var expected = new CommandResult()
{
ContentType = "text/html",
Content = @"<?xml version=""1.0"" encoding=""UTF-8""?>
<!DOCTYPE html PUBLIC ""-//W3C//DTD XHTML 1.1//EN""
""http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"">
<html xmlns=""http://www.w3.org/1999/xhtml"" xml:lang=""en"">
<head>
<meta http-equiv=""Content-Security-Policy"" content=""script-src 'sha256-H3SVZBYrbqBt3ncrT/nNmOb6nwCjC12cPQzh5jnW4Y0='"">
</head>
<body>
<noscript>
<p>
<strong>Note:</strong> Since your browser does not support JavaScript,
you must press the Continue button once to proceed.
</p>
</noscript>
<form action=""http://www.example.com/acs"" method=""post"" name=""sustainsysSamlPostBindingSubmit"">
<div>
<input type=""hidden"" name=""RelayState"" value=""ABC1234""/>
<input type=""hidden"" name=""SAMLMessageName""
value=""" + expectedValue + @"""/>
</div>
<noscript>
<div>
<input type=""submit"" value=""Continue""/>
</div>
</noscript>
</form>
<script type=""text/javascript"">
document.forms.sustainsysSamlPostBindingSubmit.submit();
</script>
</body>
</html>"
};
result.Should().BeEquivalentTo(expected);
notificationCalled.Should().BeTrue();
}
public void Saml2PostBinding_CanUnbind_Nullcheck_Request()
{
Saml2Binding.Get(Saml2BindingType.HttpPost)
.Invoking(b => b.CanUnbind(null))
.Should().Throw <ArgumentNullException>().And.ParamName.Should().Be("request");
}
/// <summary>
/// Bind a Saml2AuthenticateRequest using the active binding of the idp,
/// producing a CommandResult with the result of the binding.
/// </summary>
/// <param name="request">The AuthnRequest to bind.</param>
/// <returns>CommandResult with the bound request.</returns>
public CommandResult Bind(ISaml2Message request)
{
return(Saml2Binding.Get(Binding).Bind(request));
}
public void Saml2Binding_Get_NullOnPlainGet()
{
var r = new HttpRequestData("GET", new Uri("http://example.com"));
Saml2Binding.Get(r).Should().BeNull();
}
public void Saml2Binding_Get_NullOnPostWithSamlartQuery()
{
var r = new HttpRequestData("POST", new Uri("http://example.com?Samlart=foo"));
Saml2Binding.Get(r).Should().BeNull();
}
public void Saml2PostBinding_Bind_Nullcheck_destinationUri()
{
Saml2Binding.Get(Saml2BindingType.HttpRedirect)
.Invoking(b => b.Bind("-", null, null))
.ShouldThrow <ArgumentNullException>().And.ParamName.Should().Be("destinationUri");
}
public ActionResult InitiateLogout(InitiateLogoutModel model)
{
return(Saml2Binding.Get(Saml2BindingType.HttpRedirect)
.Bind(model.ToLogoutRequest())
.ToActionResult());
}
public void Saml2PostBinding_Unind_Nullcheck()
{
Saml2Binding.Get(Saml2BindingType.HttpRedirect)
.Unbind(null).Should().BeNull();
}
/// <summary>
/// Bind a Saml2 message using the active binding of hte idp,
/// producing a CommandResult with the result of the binding.
/// </summary>
/// <typeparam name="TMessage">Type of the message.</typeparam>
/// <param name="message">The Saml2 message to bind.</param>
/// <param name="xmlCreatedNotification">Notification to call with Xml structure</param>
/// <returns>CommandResult with the bound message.</returns>
public CommandResult Bind <TMessage>(
TMessage message, Action <TMessage, XDocument, Saml2BindingType> xmlCreatedNotification)
where TMessage : ISaml2Message
{
return(Saml2Binding.Get(Binding).Bind(message, spOptions.Logger, xmlCreatedNotification));
}