public void ShouldIncludeAuthenticationStatement(string authenticationInstant, string authenticationMethod)
{
var handler = new SolidSaml2SecurityTokenHandler();
var identity = CreateIdentity();
identity.AddClaim(new Claim(ClaimTypes.AuthenticationInstant, authenticationInstant));
identity.AddClaim(new Claim(ClaimTypes.AuthenticationMethod, authenticationMethod));
var descriptor = CreateDesriptor();
descriptor.Subject = identity;
var token = handler.CreateToken(descriptor) as Saml2SecurityToken;
OutputToken(handler, token);
var statement = token?.Assertion.Statements.OfType <Saml2AuthenticationStatement>().FirstOrDefault();
Assert.NotNull(statement);
Assert.Equal(DateTime.Parse(authenticationInstant), statement.AuthenticationInstant);
Assert.Equal(new Uri(authenticationMethod), statement.AuthenticationContext.ClassReference);
Assert.Equal(token.Assertion.Id.Value, statement.SessionIndex);
}
public void ShouldNotIncludeAuthenticationStatement(string authenticationInstant, string authenticationMethod)
{
var handler = new SolidSaml2SecurityTokenHandler();
var identity = CreateIdentity();
if (authenticationInstant != null)
{
identity.AddClaim(new Claim(ClaimTypes.AuthenticationInstant, authenticationInstant));
}
if (authenticationMethod != null)
{
identity.AddClaim(new Claim(ClaimTypes.AuthenticationMethod, authenticationMethod));
}
var descriptor = CreateDesriptor();
descriptor.Subject = identity;
var token = handler.CreateToken(descriptor) as Saml2SecurityToken;
OutputToken(handler, token);
var statement = token?.Assertion.Statements.OfType <Saml2AuthenticationStatement>().FirstOrDefault();
Assert.Null(statement);
}
public void ShouldAddToBearerConfirmationData()
{
var recipient = new Uri("https://recipient");
var handler = new SolidSaml2SecurityTokenHandler();
var identity = CreateIdentity();
var descriptor = CreateDesriptor();
descriptor.Subject = identity;
var token = handler.CreateToken(descriptor) as Saml2SecurityToken;
token.SetNotBefore();
token.SetNotOnOrAfter();
token.SetRecipient(recipient);
OutputToken(handler, token);
var confirmation = token?.Assertion.Subject.SubjectConfirmations.FirstOrDefault(c => c.Method == Saml2Constants.ConfirmationMethods.Bearer);
Assert.NotNull(confirmation?.SubjectConfirmationData);
Assert.Equal(recipient, confirmation.SubjectConfirmationData.Recipient);
Assert.Equal(descriptor.NotBefore, confirmation.SubjectConfirmationData.NotBefore);
Assert.Equal(descriptor.Expires, confirmation.SubjectConfirmationData.NotOnOrAfter);
}
