public void SPOptions_DecryptionCertificate_EmptyWhenOnlySigning() { var subject = new SPOptions(); subject.ServiceCertificates.Add(new ServiceCertificate { Use = CertificateUse.Signing, Certificate = SignedXmlHelper.TestCert2 }); subject.DecryptionServiceCertificates.Count.Should().Be(0); }
public void SPOptions_Constructor_LoadsConfig() { var config = KentorAuthServicesSection.Current; config.AllowChange = true; config.AuthenticateRequestSigningBehavior = SigningBehavior.Always; config.Metadata.AllowChange = true; config.Metadata.WantAssertionsSigned = true; config.ValidateCertificates = true; ISPOptions subject = new SPOptions(KentorAuthServicesSection.Current); subject.ReturnUrl.Should().Be(config.ReturnUrl); subject.MetadataCacheDuration.Should().Be(config.Metadata.CacheDuration); subject.MetadataValidDuration.Should().Be(config.Metadata.ValidUntil); subject.WantAssertionsSigned.Should().Be(true); subject.ValidateCertificates.Should().Be(true); subject.DiscoveryServiceUrl.Should().Be(config.DiscoveryServiceUrl); subject.EntityId.Should().Be(config.EntityId); subject.ModulePath.Should().Be(config.ModulePath); subject.NameIdPolicy.AllowCreate.Should().Be(config.NameIdPolicyElement.AllowCreate); subject.NameIdPolicy.Format.Should().Be(config.NameIdPolicyElement.Format); subject.Organization.Should().Be(config.organization); subject.AuthenticateRequestSigningBehavior.Should().Be(config.AuthenticateRequestSigningBehavior); subject.RequestedAuthnContext.ClassRef.OriginalString.Should().Be("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"); subject.RequestedAuthnContext.Comparison.Should().Be(AuthnContextComparisonType.Minimum); }
internal static SPOptions CreateSPOptions() { var org = new Organization(); org.Names.Add(new LocalizedName("Kentor.AuthServices", CultureInfo.InvariantCulture)); org.DisplayNames.Add(new LocalizedName("Kentor AuthServices", CultureInfo.InvariantCulture)); org.Urls.Add(new LocalizedUri( new Uri("http://github.com/KentorIT/authservices"), CultureInfo.InvariantCulture)); var options = new SPOptions { EntityId = new EntityId("https://github.com/KentorIT/authservices"), MetadataCacheDuration = new TimeSpan(0, 0, 42), Organization = org, DiscoveryServiceUrl = new Uri("https://ds.example.com"), ReturnUrl = new Uri("https://localhost/returnUrl"), }; options.SystemIdentityModelIdentityConfiguration.ClaimsAuthenticationManager = new ClaimsAuthenticationManagerStub(); AddContacts(options); AddAttributeConsumingServices(options); return options; }
public void SPOptions_ModulePath_RejectsNull() { var subject = new SPOptions(); Action a = () => subject.ModulePath = null; a.ShouldThrow<ArgumentNullException>().And.ParamName.Should().Be("value"); }
internal IdentityProvider(IdentityProviderElement config, SPOptions spOptions) { singleSignOnServiceUrl = config.SignOnUrl; SingleLogoutServiceUrl = config.LogoutUrl; EntityId = new EntityId(config.EntityId); binding = config.Binding; AllowUnsolicitedAuthnResponse = config.AllowUnsolicitedAuthnResponse; metadataLocation = string.IsNullOrEmpty(config.MetadataLocation) ? null : config.MetadataLocation; WantAuthnRequestsSigned = config.WantAuthnRequestsSigned; DisableOutboundLogoutRequests = config.DisableOutboundLogoutRequests; var certificate = config.SigningCertificate.LoadCertificate(); if (certificate != null) { signingKeys.AddConfiguredKey( new X509RawDataKeyIdentifierClause(certificate)); } foreach (var ars in config.ArtifactResolutionServices) { ArtifactResolutionServiceUrls[ars.Index] = ars.Location; } // If configured to load metadata, this will immediately do the load. this.spOptions = spOptions; LoadMetadata = config.LoadMetadata; // Validate if values are only from config. If metadata is loaded, validation // is done on metadata load. if (!LoadMetadata) { Validate(); } }
internal static SPOptions CreateSPOptions(Uri publicOrigin) { var org = new Organization(); org.Names.Add(new LocalizedName("Kentor.AuthServices", CultureInfo.InvariantCulture)); org.DisplayNames.Add(new LocalizedName("Kentor AuthServices", CultureInfo.InvariantCulture)); org.Urls.Add(new LocalizedUri( new Uri("http://github.com/KentorIT/authservices"), CultureInfo.InvariantCulture)); var options = new SPOptions { EntityId = new EntityId("https://github.com/KentorIT/authservices"), MetadataCacheDuration = new TimeSpan(0, 0, 42), MetadataValidDuration = TimeSpan.FromDays(24), WantAssertionsSigned = true, Organization = org, DiscoveryServiceUrl = new Uri("https://ds.example.com"), ReturnUrl = new Uri("https://localhost/returnUrl"), PublicOrigin = publicOrigin }; options.SystemIdentityModelIdentityConfiguration.ClaimsAuthenticationManager = new ClaimsAuthenticationManagerStub(); options.SystemIdentityModelIdentityConfiguration.AudienceRestriction.AudienceMode = AudienceUriMode.Never; AddContacts(options); AddAttributeConsumingServices(options); return options; }
private static Options LoadOptionsFromConfiguration() { var spOptions = new SPOptions(KentorAuthServicesSection.Current); var options = new Options(spOptions); KentorAuthServicesSection.Current.IdentityProviders.RegisterIdentityProviders(options); KentorAuthServicesSection.Current.Federations.RegisterFederations(options); return options; }
public void SPOptions_Saml2PSecurityTokenHandler_DefaultInstanceCreated() { var subject = new SPOptions { EntityId = new EntityId(entityId) }; subject.Saml2PSecurityTokenHandler.Should().NotBeNull(); subject.Saml2PSecurityTokenHandler.Configuration.AudienceRestriction.AllowedAudienceUris .Should().Contain(new Uri(entityId)); }
public void SPOptions_EntityId_SettingThrowsIfTokenHandlerCreated() { var subject = new SPOptions { EntityId = new EntityId(entityId) }; subject.Saml2PSecurityTokenHandler.Should().NotBeNull(); Action a = () => subject.EntityId = new EntityId(otherEntityId); a.ShouldThrow<InvalidOperationException>("Can't change entity id when a token handler has been instantiated."); }
private static SPOptions CreateSPOptions() { var spOptions = new SPOptions { EntityId = new EntityId(localMetaUri), ReturnUrl = returnUrl, WantAssertionsSigned = true }; spOptions.ServiceCertificates.Add(new X509Certificate2( AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "/App_Data/AzureApp_private_sha256.pfx","nomad_is_1593*")); return spOptions; }
public KentorAuthServicesAuthenticationOptions(bool loadConfiguration) : base(Constants.DefaultAuthenticationType) { AuthenticationMode = AuthenticationMode.Passive; Description.Caption = Constants.DefaultCaption; if (loadConfiguration) { SPOptions = new SPOptions(KentorAuthServicesSection.Current); KentorAuthServicesSection.Current.IdentityProviders.RegisterIdentityProviders(this); KentorAuthServicesSection.Current.Federations.RegisterFederations(this); } }
public void SetUp() { spOptions = CreateSPOptions(); options = new Options(spOptions); //Substitute.For<IOptions>(); options.IdentityProviders.Add(Idp()); //options.IdentityProviders.Returns(ReturnThis()); userService = Substitute.For<IUserService>(); underTest = new Saml2BearerGrantValidator(userService, options); }
public Saml2PSecurityTokenHandler(SPOptions spOptions) { if (spOptions == null) { throw new ArgumentNullException(nameof(spOptions)); } Configuration = new SecurityTokenHandlerConfiguration { IssuerNameRegistry = new ReturnRequestedIssuerNameRegistry(), AudienceRestriction = GetAudienceRestriction(spOptions), SaveBootstrapContext = spOptions.SystemIdentityModelIdentityConfiguration.SaveBootstrapContext }; }
public AuthServicesUrls(HttpRequestData request, SPOptions spOptions) { if (request == null) { throw new ArgumentNullException(nameof(request)); } if (spOptions == null) { throw new ArgumentNullException(nameof(spOptions)); } Init(request.ApplicationUrl, spOptions); }
public void SPOptions_Constructor_LoadsConfig() { var config = KentorAuthServicesSection.Current; config.AllowChange(true); config.AuthenticateRequestSigningBehavior = SigningBehavior.Always; var subject = new SPOptions(KentorAuthServicesSection.Current); subject.ReturnUrl.Should().Be(config.ReturnUrl); subject.MetadataCacheDuration.Should().Be(config.MetadataCacheDuration); subject.DiscoveryServiceUrl.Should().Be(config.DiscoveryServiceUrl); subject.EntityId.Should().Be(config.EntityId); subject.ModulePath.Should().Be(config.ModulePath); subject.Organization.Should().Be(config.organization); subject.AuthenticateRequestSigningBehavior.Should().Be(config.AuthenticateRequestSigningBehavior); }
private static void AddContacts(SPOptions options) { var supportContact = new ContactPerson(ContactType.Support) { Company = "Kentor", GivenName = "Anders", Surname = "Abel", }; supportContact.TelephoneNumbers.Add("+46 8 587 650 00"); supportContact.TelephoneNumbers.Add("+46 708 96 50 63"); supportContact.EmailAddresses.Add("*****@*****.**"); supportContact.EmailAddresses.Add("*****@*****.**"); options.Contacts.Add(supportContact); options.Contacts.Add(new ContactPerson(ContactType.Technical)); // Deliberately void of info. }
private static void AddAttributeConsumingServices(SPOptions options) { var a1 = new RequestedAttribute("urn:attributeName") { FriendlyName = "friendlyName", NameFormat = RequestedAttribute.AttributeNameFormatUri, AttributeValueXsiType = ClaimValueTypes.String, IsRequired = true }; a1.Values.Add("value1"); a1.Values.Add("value2"); var a2 = new RequestedAttribute("someName"); var acs = new AttributeConsumingService("attributeServiceName") { IsDefault = true }; acs.RequestedAttributes.Add(a1); acs.RequestedAttributes.Add(a2); options.AttributeConsumingServices.Add(acs); }
public void SPOptions_MetadataCertificates_OnlyOneEncryptionPublished_FutureBoth() { var subject = new SPOptions(); subject.ServiceCertificates.Add(new ServiceCertificate { Use = CertificateUse.Encryption, Certificate = SignedXmlHelper.TestCert }); subject.ServiceCertificates.Add(new ServiceCertificate { Use = CertificateUse.Both, Status = CertificateStatus.Future, Certificate = SignedXmlHelper.TestCert2 }); var result = subject.MetadataCertificates; result.Count.Should().Be(1); result[0].Status.Should().Be(CertificateStatus.Future); }
private static SPOptions CreateSPOptions() { var swedish = CultureInfo.GetCultureInfo("sv-se"); var organization = new Organization(); organization.Names.Add(new LocalizedName("Kentor", swedish)); organization.DisplayNames.Add(new LocalizedName("Kentor IT AB", swedish)); organization.Urls.Add(new LocalizedUri(new Uri("http://www.kentor.se"), swedish)); var spOptions = new SPOptions { EntityId = new EntityId("http://*****:*****@example.com"); spOptions.Contacts.Add(techContact); var supportContact = new ContactPerson { Type = ContactType.Support }; supportContact.EmailAddresses.Add("*****@*****.**"); spOptions.Contacts.Add(supportContact); var attributeConsumingService = new AttributeConsumingService("AuthServices") { IsDefault = true, }; attributeConsumingService.RequestedAttributes.Add( new RequestedAttribute("urn:someName") { FriendlyName = "Some Name", IsRequired = true, NameFormat = RequestedAttribute.AttributeNameFormatUri }); attributeConsumingService.RequestedAttributes.Add( new RequestedAttribute("Minimal")); spOptions.AttributeConsumingServices.Add(attributeConsumingService); spOptions.SystemIdentityModelIdentityConfiguration.AudienceRestriction.AudienceMode = AudienceUriMode.Never; return spOptions; }
public void SPOptions_MetadataCertificates_EmptyWhenNoneAdded() { var subject = new SPOptions(); subject.MetadataCertificates.Count.Should().Be(0); }
public void SPOptions_MetadataCertificates_Single() { var subject = new SPOptions(); subject.ServiceCertificates.Add(new ServiceCertificate { Certificate = SignedXmlHelper.TestCert }); var result = subject.MetadataCertificates; result.Count.Should().Be(1); result[0].Certificate.SerialNumber.Should().Be(SignedXmlHelper.TestCert.SerialNumber); }
public void SPOPtions_ModulePath_Default() { var subject = new SPOptions(); subject.ModulePath.Should().Be("/AuthServices"); }
public void SPOptions_MetadataCertificates_CurrentEncryptionRemainsPublished_IfFutureOverriddentoNotPublished() { var subject = new SPOptions(); subject.ServiceCertificates.Add(new ServiceCertificate { Use = CertificateUse.Encryption, Certificate = SignedXmlHelper.TestCert }); subject.ServiceCertificates.Add(new ServiceCertificate { Use = CertificateUse.Encryption, Status = CertificateStatus.Future, MetadataPublishOverride = MetadataPublishOverrideType.DoNotPublish, Certificate = SignedXmlHelper.TestCert2 }); var result = subject.MetadataCertificates; result.Count.Should().Be(1); result[0].Status.Should().Be(CertificateStatus.Current); }
public void SPOptions_MetadataCertificates_CurrentBothBecomesSigning_WhenFutureBothPublished() { var subject = new SPOptions(); subject.ServiceCertificates.Add(new ServiceCertificate { Certificate = SignedXmlHelper.TestCert }); subject.ServiceCertificates.Add(new ServiceCertificate { Status = CertificateStatus.Future, Certificate = SignedXmlHelper.TestCert2 }); var result = subject.MetadataCertificates; result.Count.Should().Be(2); // tests that we switch the current use to Signing so that Idp's stop sending us certs encrypted with the old key result.Where(c => c.Certificate.SerialNumber == SignedXmlHelper.TestCert.SerialNumber).First().Use.Should().Be(CertificateUse.Signing); result.Where(c => c.Certificate.SerialNumber == SignedXmlHelper.TestCert2.SerialNumber).First().Use.Should().Be(CertificateUse.Both); // prevent bug where the MetadataCertificates property modified the Use property of the same underlying object subject.ServiceCertificates[0].Use.Should().Be(CertificateUse.Both); subject.ServiceCertificates[1].Use.Should().Be(CertificateUse.Both); }
public void SPOptions_MetadataCertificates_OverridePublishUnspecified() { var subject = new SPOptions(); subject.ServiceCertificates.Add(new ServiceCertificate { Use = CertificateUse.Encryption, MetadataPublishOverride = MetadataPublishOverrideType.PublishUnspecified, Certificate = SignedXmlHelper.TestCert }); var result = subject.MetadataCertificates; result.Count.Should().Be(1); result[0].Use.Should().Be(CertificateUse.Both); // prevent bug where the MetadataCertificates property modified the Use property of the same underlying object subject.ServiceCertificates[0].Use.Should().Be(CertificateUse.Encryption); }
public void SPOptions_MetadataCertificates_BothEncryptionPublishedWithOverride() { var subject = new SPOptions(); subject.ServiceCertificates.Add(new ServiceCertificate { Use = CertificateUse.Encryption, Certificate = SignedXmlHelper.TestCert, MetadataPublishOverride = MetadataPublishOverrideType.PublishEncryption }); subject.ServiceCertificates.Add(new ServiceCertificate { Use = CertificateUse.Encryption, Status = CertificateStatus.Future, Certificate = SignedXmlHelper.TestCert2 }); var result = subject.MetadataCertificates; result.Count.Should().Be(2); }
public void SPOptions_MetadataCertificates_OverrideDoNotPublish() { var subject = new SPOptions(); subject.ServiceCertificates.Add(new ServiceCertificate { MetadataPublishOverride = MetadataPublishOverrideType.DoNotPublish, Certificate = SignedXmlHelper.TestCert }); var result = subject.MetadataCertificates; result.Count.Should().Be(0); }
public void SPOptions_MetadataCertificates_BothSigningPublished() { var subject = new SPOptions(); subject.ServiceCertificates.Add(new ServiceCertificate { Use = CertificateUse.Signing, Certificate = SignedXmlHelper.TestCert }); subject.ServiceCertificates.Add(new ServiceCertificate { Use = CertificateUse.Signing, Status = CertificateStatus.Future, Certificate = SignedXmlHelper.TestCert2 }); var result = subject.MetadataCertificates; result.Count.Should().Be(2); result[0].Certificate.SerialNumber.Should().NotBe(result[1].Certificate.SerialNumber); }
public void SPOptions_MetadataCertificates_RolloverOnlyOneType() { var subject = new SPOptions(); subject.ServiceCertificates.Add(new ServiceCertificate { Use = CertificateUse.Encryption, Certificate = SignedXmlHelper.TestCert }); subject.ServiceCertificates.Add(new ServiceCertificate { Use = CertificateUse.Signing, Certificate = SignedXmlHelper.TestCert2 }); subject.ServiceCertificates.Add(new ServiceCertificate { Status = CertificateStatus.Future, Use = CertificateUse.Signing, Certificate = SignedXmlHelper.TestCert3 }); var result = subject.MetadataCertificates; result.Count.Should().Be(3); result.Where(c => c.Use == CertificateUse.Signing).Count().Should().Be(2); result.Where(c => c.Use == CertificateUse.Encryption).Count().Should().Be(1); }
public void SPOptions_MetadataCertificates_BothSigningAndEncryptionPublished() { var subject = new SPOptions(); subject.ServiceCertificates.Add(new ServiceCertificate { Use = CertificateUse.Encryption, Certificate = SignedXmlHelper.TestCert }); subject.ServiceCertificates.Add(new ServiceCertificate { Use = CertificateUse.Signing, Certificate = SignedXmlHelper.TestCert2 }); var result = subject.MetadataCertificates; result.Count.Should().Be(2); result[0].Use.Should().NotBe(result[1].Use); }
public Options(SPOptions spOptions) { Notifications = new KentorAuthServicesNotifications(); SPOptions = spOptions; }