public void IdentityProvider_CreateAuthenticateRequest_BasicInfo() { var options = Options.FromConfiguration; var idp = options.IdentityProviders.Default; var urls = StubFactory.CreateAuthServicesUrls(); var subject = idp.CreateAuthenticateRequest(null, urls); var expected = new Saml2AuthenticationRequest() { AssertionConsumerServiceUrl = urls.AssertionConsumerServiceUrl, DestinationUrl = idp.SingleSignOnServiceUrl, Issuer = options.SPOptions.EntityId, AttributeConsumingServiceIndex = 0, NameIdPolicy = new Saml2NameIdPolicy(true, NameIdFormat.EntityIdentifier), RequestedAuthnContext = new Saml2RequestedAuthnContext( new Uri("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"), AuthnContextComparisonType.Minimum) }; subject.ShouldBeEquivalentTo(expected, opt => opt .Excluding(au => au.Id) .Excluding(au => au.RelayState)); subject.RelayState.Should().HaveLength(56); }
public void Saml2AuthenticationRequest_ToXElement_RootNode() { var subject = new Saml2AuthenticationRequest().ToXElement(); subject.Should().NotBeNull().And.Subject.Name.Should().Be( Saml2Namespaces.Saml2P + "AuthnRequest"); }
public void Saml2AuthenticationRequest_ForceAuthentication_OmittedIfFalse() { var subject = new Saml2AuthenticationRequest() { ForceAuthentication = false }.ToXElement(); subject.Should().NotBeNull().And.Subject.Attribute("ForceAuthn").Should().BeNull(); }
public void Saml2AuthenticationRequest_ForceAuthentication() { var subject = new Saml2AuthenticationRequest() { ForceAuthentication = true }.ToXElement(); subject.Should().NotBeNull().And.Subject.Attribute("ForceAuthn") .Should().NotBeNull().And.Subject.Value.Should().Be("true"); }
public void Saml2AuthenticationRequest_ToXElement_AddsAttributeConsumingServiceIndex() { var subject = new Saml2AuthenticationRequest() { AttributeConsumingServiceIndex = 17 }.ToXElement(); subject.Attribute("AttributeConsumingServiceIndex").Value.Should().Be("17"); }
public void Saml2AuthenticationRequest_ToXElement_AddsRequestBaseFields() { // Just checking for the id field and assuming that means that the // base fields are added. The details of the fields are tested // by Saml2RequestBaseTests. var subject = new Saml2AuthenticationRequest().ToXElement(); subject.Should().NotBeNull().And.Subject.Attribute("ID").Should().NotBeNull(); subject.Attribute("AttributeConsumingServiceIndex").Should().BeNull(); }
public void Saml2AuthenticationRequest_AssertionConsumerServiceUrl() { string url = "http://some.example.com/Saml2AuthenticationModule/acs"; var subject = new Saml2AuthenticationRequest() { AssertionConsumerServiceUrl = new Uri(url) }.ToXElement(); subject.Should().NotBeNull().And.Subject.Attribute("AssertionConsumerServiceURL") .Should().NotBeNull().And.Subject.Value.Should().Be(url); }
public ActionResult Index(Guid? idpId) { var model = new HomePageModel { AssertionModel = AssertionModel.CreateFromConfiguration(), }; if (idpId.HasValue) { var fileData = GetCachedConfiguration(idpId.Value); if (fileData != null) { if (!string.IsNullOrEmpty(fileData.DefaultAssertionConsumerServiceUrl)) { // Override default StubIdp Acs with Acs from IdpConfiguration model.AssertionModel.AssertionConsumerServiceUrl = fileData.DefaultAssertionConsumerServiceUrl; } if(!string.IsNullOrEmpty(fileData.DefaultAssertionConsumerServiceUrl)) { model.AssertionModel.Audience = fileData.DefaultAudience; } model.CustomDescription = fileData.IdpDescription; model.AssertionModel.NameId = null; model.HideDetails = fileData.HideDetails; } } var requestData = Request.ToHttpRequestData(false); if (requestData.QueryString["SAMLRequest"].Any()) { var extractedMessage = Saml2Binding.Get(Saml2BindingType.HttpRedirect) .Unbind(requestData, null); var request = new Saml2AuthenticationRequest( extractedMessage.Data, extractedMessage.RelayState); model.AssertionModel.InResponseTo = request.Id.Value; model.AssertionModel.AssertionConsumerServiceUrl = request.AssertionConsumerServiceUrl.ToString(); model.AssertionModel.RelayState = extractedMessage.RelayState; model.AssertionModel.Audience = request.Issuer.Id; model.AssertionModel.AuthnRequestXml = extractedMessage.Data.PrettyPrint(); } return View(model); }
public void IdentityProvider_CreateAuthenticateRequest_BasicInfo() { var options = Options.FromConfiguration; var idp = options.IdentityProviders.Default; var urls = StubFactory.CreateAuthServicesUrls(); var subject = idp.CreateAuthenticateRequest(null, urls); var expected = new Saml2AuthenticationRequest() { AssertionConsumerServiceUrl = urls.AssertionConsumerServiceUrl, DestinationUrl = idp.SingleSignOnServiceUrl, Issuer = options.SPOptions.EntityId, AttributeConsumingServiceIndex = 0, }; subject.ShouldBeEquivalentTo(expected, opt => opt.Excluding(au => au.Id)); }
public void IdentityProvider_CreateAuthenticateRequest_BasicInfo() { var options = Options.FromConfiguration; var idp = options.IdentityProviders.Default; var urls = StubFactory.CreateAuthServicesUrls(); var subject = idp.CreateAuthenticateRequest(null, urls); var expected = new Saml2AuthenticationRequest() { AssertionConsumerServiceUrl = urls.AssertionConsumerServiceUrl, DestinationUrl = idp.SingleSignOnServiceUrl, Issuer = options.SPOptions.EntityId, AttributeConsumingServiceIndex = 0, NameIdPolicy = new Saml2NameIdPolicy { AllowCreate = true, Format = NameIdFormat.EntityIdentifier} }; subject.ShouldBeEquivalentTo(expected, opt => opt .Excluding(au => au.Id) .Excluding(au => au.RelayState)); subject.RelayState.Should().HaveLength(56); }
public void IdentityProvider_CreateAuthenticateRequest_PublicOrigin() { var origin = new Uri("https://my.public.origin:8443/"); var options = StubFactory.CreateOptionsPublicOrigin(origin); var idp = options.IdentityProviders.Default; var urls = StubFactory.CreateAuthServicesUrlsPublicOrigin(origin); var subject = idp.CreateAuthenticateRequest(urls); var expected = new Saml2AuthenticationRequest() { AssertionConsumerServiceUrl = urls.AssertionConsumerServiceUrl, DestinationUrl = idp.SingleSignOnServiceUrl, Issuer = options.SPOptions.EntityId, AttributeConsumingServiceIndex = 0 }; subject.ShouldBeEquivalentTo(expected, opt => opt .Excluding(au => au.Id) .Excluding(au => au.RelayState)); }
public void IdentityProvider_CreateAuthenticateRequest_NoAttributeIndex() { var options = StubFactory.CreateOptions(); var idp = options.IdentityProviders.Default; var urls = StubFactory.CreateAuthServicesUrls(); options.SPOptions.AttributeConsumingServices.Clear(); var subject = idp.CreateAuthenticateRequest(urls); var expected = new Saml2AuthenticationRequest() { AssertionConsumerServiceUrl = urls.AssertionConsumerServiceUrl, DestinationUrl = idp.SingleSignOnServiceUrl, Issuer = options.SPOptions.EntityId, AttributeConsumingServiceIndex = null }; subject.ShouldBeEquivalentTo(expected, opt => opt .Excluding(au => au.Id) .Excluding(au => au.RelayState)); }
public void Saml2AuthenticationRequest_ToXElement_AddsElementSaml2NameIdPolicy() { var subject = new Saml2AuthenticationRequest() { AssertionConsumerServiceUrl = new Uri("http://destination.example.com"), NameIdPolicy = new Saml2NameIdPolicy { AllowCreate = false, Format = NameIdFormat.EmailAddress} }.ToXElement(); XNamespace ns = "urn:oasis:names:tc:SAML:2.0:protocol"; subject.Attribute("AttributeConsumingServiceIndex").Should().BeNull(); subject.Should().NotBeNull().And.Subject.Element(ns + "NameIDPolicy").Should().NotBeNull(); }
public void Saml2AuthenticateRequest_ToXElement_OmitsRequestedAuthnContext_OnNullClassRef() { var subject = new Saml2AuthenticationRequest() { AssertionConsumerServiceUrl = new Uri("http://destination.example.com"), RequestedAuthnContext = new Saml2RequestedAuthnContext(null, AuthnContextComparisonType.Exact) }.ToXElement(); subject.Element(Saml2Namespaces.Saml2P + "RequestedAuthnContext").Should().BeNull(); }
public void Saml2AuthenticationRequest_ToXElement_NameFormatTransientForbidsAllowCreate() { var subject = new Saml2AuthenticationRequest() { AssertionConsumerServiceUrl = new Uri("http://destination.example.com"), NameIdPolicy = new Saml2NameIdPolicy(true, NameIdFormat.Transient) }; subject.Invoking(s => s.ToXElement()) .ShouldThrow<InvalidOperationException>() .And.Message.Should().Be("When NameIdPolicy/Format is set to Transient, it is not permitted to specify AllowCreate. Change Format or leave AllowCreate as null."); }
public void Saml2AuthenticationRequest_ToXElement_AddsRequestedAuthnContext() { var classRef = "http://www.kentor.se"; var subject = new Saml2AuthenticationRequest() { AssertionConsumerServiceUrl = new Uri("http://destination.example.com"), RequestedAuthnContext = new Saml2RequestedAuthnContext(new Uri(classRef), AuthnContextComparisonType.Maximum) }.ToXElement(); var expected = new XElement(Saml2Namespaces.Saml2P + "root", new XAttribute(XNamespace.Xmlns + "saml2p", Saml2Namespaces.Saml2P), new XAttribute(XNamespace.Xmlns + "saml2", Saml2Namespaces.Saml2), new XElement(Saml2Namespaces.Saml2P + "RequestedAuthnContext", new XAttribute("Comparison", "Maximum"), new XElement(Saml2Namespaces.Saml2 + "AuthnContextClassRef", classRef))) .Elements().Single(); var actual = subject.Element(Saml2Namespaces.Saml2P + "RequestedAuthnContext"); actual.Should().BeEquivalentTo(expected); }
public void Saml2AuthenticationRequest_ToXElement_AddsScoping() { var requesterId = "urn://requesterid/"; var location = "http://location"; var name = "name"; var providerId = "urn:providerId"; var subject = new Saml2AuthenticationRequest() { AssertionConsumerServiceUrl = new Uri("http://destination.example.com"), Scoping = new Saml2Scoping() { ProxyCount = 5 } .With(new Saml2IdpEntry(new EntityId(providerId)) { Name = name, Location = new Uri(location) }) .WithRequesterId(new EntityId(requesterId)) }; var actual = subject.ToXElement().Element(Saml2Namespaces.Saml2P + "Scoping"); var expected = new XElement(Saml2Namespaces.Saml2P + "Scoping", new XAttribute("ProxyCount", "5"), new XElement(Saml2Namespaces.Saml2P + "IDPList", new XElement(Saml2Namespaces.Saml2P + "IDPEntry", new XAttribute("ProviderID", providerId), new XAttribute("Name", name), new XAttribute("Loc", location))), new XElement(Saml2Namespaces.Saml2P + "RequesterID", requesterId.ToString())); actual.Should().BeEquivalentTo(expected); }
public void Saml2AuthenticationRequest_ToXElement_AddsElementSaml2NameIdPolicy_ForNameIdFormat() { var subject = new Saml2AuthenticationRequest() { AssertionConsumerServiceUrl = new Uri("http://destination.example.com"), NameIdPolicy = new Saml2NameIdPolicy(null, NameIdFormat.EmailAddress) }.ToXElement(); var expected = new XElement(Saml2Namespaces.Saml2P + "root", new XAttribute(XNamespace.Xmlns + "saml2p", Saml2Namespaces.Saml2P), new XElement(Saml2Namespaces.Saml2P + "NameIDPolicy", new XAttribute("Format", "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"))) .Elements().Single(); subject.Element(Saml2Namespaces.Saml2P + "NameIDPolicy") .Should().BeEquivalentTo(expected); }
public void Saml2AuthenticationRequest_ToXElement_AddsElementSaml2NameIdPolicy_ForAllowCreate() { var subject = new Saml2AuthenticationRequest() { AssertionConsumerServiceUrl = new Uri("http://destination.example.com"), NameIdPolicy = new Saml2NameIdPolicy(false, NameIdFormat.NotConfigured) }.ToXElement(); var expected = new XElement(Saml2Namespaces.Saml2P + "root", new XAttribute(XNamespace.Xmlns + "saml2p", Saml2Namespaces.Saml2P), new XElement(Saml2Namespaces.Saml2P + "NameIDPolicy", new XAttribute("AllowCreate", false))) .Elements().Single(); subject.Attribute("AttributeConsumingServiceIndex").Should().BeNull(); subject.Element(Saml2Namespaces.Saml2P + "NameIDPolicy") .Should().BeEquivalentTo(expected); }
public void Saml2AuthenticationRequest_ToXElement_Scoping_NullContents_EmptyScoping() { var subject = new Saml2AuthenticationRequest() { AssertionConsumerServiceUrl = new Uri("http://destination.example.com"), Scoping = new Saml2Scoping() }.ToXElement().Element(Saml2Namespaces.Saml2P + "Scoping"); var expected = new XElement(Saml2Namespaces.Saml2P + "root", new XAttribute(XNamespace.Xmlns + "saml2p", Saml2Namespaces.Saml2P), new XElement(Saml2Namespaces.Saml2P + "Scoping")) .Elements().Single(); subject.Should().BeEquivalentTo(expected); }
public void Saml2AuthenticationRequest_ToXElement_Scoping_ZeroProxyCount_AttributeAdded() { var subject = new Saml2AuthenticationRequest() { AssertionConsumerServiceUrl = new Uri("http://destination.example.com"), Scoping = new Saml2Scoping() { ProxyCount = 0 } }; var actual = subject.ToXElement().Element(Saml2Namespaces.Saml2P + "Scoping"); var expected = new XElement(Saml2Namespaces.Saml2P + "root", new XAttribute(XNamespace.Xmlns + "saml2p", Saml2Namespaces.Saml2P), new XElement(Saml2Namespaces.Saml2P + "Scoping", new XAttribute("ProxyCount", "0"))) .Elements().Single(); actual.Should().BeEquivalentTo(expected); }
private void Saml2AuthenticationRequest_ToXElement_AddsProtocolBinding(AuthServices.WebSso.Saml2BindingType protocolBinding, string expectedProtocolBinding) { var subject = new Saml2AuthenticationRequest() { AssertionConsumerServiceUrl = new Uri("http://destination.example.com"), Binding = protocolBinding }.ToXElement(); subject.Attribute("ProtocolBinding").Value.Should().Be(expectedProtocolBinding); }