/// <summary> /// Returns an instance of the class with meaningful default values set. /// </summary> /// <returns>The default <see cref="Saml20AuthnRequest"/>.</returns> public static Saml20AuthnRequest GetDefault() { var config = Saml2Config.GetConfig(); var result = new Saml20AuthnRequest { Issuer = config.ServiceProvider.Id }; if (config.ServiceProvider.Endpoints.SignOnEndpoint.Binding != BindingType.NotSet) { var baseUrl = new Uri(config.ServiceProvider.Server); result.AssertionConsumerServiceUrl = new Uri(baseUrl, config.ServiceProvider.Endpoints.SignOnEndpoint.LocalPath).ToString(); } // Binding switch (config.ServiceProvider.Endpoints.SignOnEndpoint.Binding) { case BindingType.Artifact: result.Request.ProtocolBinding = Saml20Constants.ProtocolBindings.HttpArtifact; break; case BindingType.Post: result.Request.ProtocolBinding = Saml20Constants.ProtocolBindings.HttpPost; break; case BindingType.Redirect: result.Request.ProtocolBinding = Saml20Constants.ProtocolBindings.HttpRedirect; break; case BindingType.Soap: result.Request.ProtocolBinding = Saml20Constants.ProtocolBindings.HttpSoap; break; } // NameIDPolicy if (config.ServiceProvider.NameIdFormats.Count > 0) { result.NameIdPolicy = new NameIdPolicy { AllowCreate = config.ServiceProvider.NameIdFormats.AllowCreate, Format = config.ServiceProvider.NameIdFormats[0].Format }; if (result.NameIdPolicy.Format != Saml20Constants.NameIdentifierFormats.Entity) { result.NameIdPolicy.SPNameQualifier = config.ServiceProvider.Id; } } // RequestedAuthnContext if (config.ServiceProvider.AuthenticationContexts.Count > 0) { result.RequestedAuthnContext = new RequestedAuthnContext(); switch (config.ServiceProvider.AuthenticationContexts.Comparison) { case AuthenticationContextComparison.Better: result.RequestedAuthnContext.Comparison = AuthnContextComparisonType.Better; result.RequestedAuthnContext.ComparisonSpecified = true; break; case AuthenticationContextComparison.Minimum: result.RequestedAuthnContext.Comparison = AuthnContextComparisonType.Minimum; result.RequestedAuthnContext.ComparisonSpecified = true; break; case AuthenticationContextComparison.Maximum: result.RequestedAuthnContext.Comparison = AuthnContextComparisonType.Maximum; result.RequestedAuthnContext.ComparisonSpecified = true; break; case AuthenticationContextComparison.Exact: result.RequestedAuthnContext.Comparison = AuthnContextComparisonType.Exact; result.RequestedAuthnContext.ComparisonSpecified = true; break; default: result.RequestedAuthnContext.ComparisonSpecified = false; break; } result.RequestedAuthnContext.Items = new string[config.ServiceProvider.AuthenticationContexts.Count]; result.RequestedAuthnContext.ItemsElementName = new Schema.Protocol.AuthnContextType[config.ServiceProvider.AuthenticationContexts.Count]; var count = 0; foreach (var authenticationContext in config.ServiceProvider.AuthenticationContexts) { result.RequestedAuthnContext.Items[count] = authenticationContext.Context; switch (authenticationContext.ReferenceType) { case "AuthnContextDeclRef": result.RequestedAuthnContext.ItemsElementName[count] = Schema.Protocol.AuthnContextType.AuthnContextDeclRef; break; default: result.RequestedAuthnContext.ItemsElementName[count] = Schema.Protocol.AuthnContextType.AuthnContextClassRef; break; } count++; } } // Restrictions var audienceRestrictions = new List<ConditionAbstract>(1); var audienceRestriction = new AudienceRestriction { Audience = new List<string>(1) { config.ServiceProvider.Id } }; audienceRestrictions.Add(audienceRestriction); result.SetConditions(audienceRestrictions); return result; }
/// <summary> /// Assembles our basic test assertion /// </summary> /// <returns>The <see cref="Assertion"/>.</returns> public static Assertion GetBasicAssertion() { var assertion = new Assertion { Issuer = new NameId(), Id = "_b8977dc86cda41493fba68b32ae9291d", IssueInstant = DateTime.UtcNow, Version = "2.0" }; assertion.Issuer.Value = GetBasicIssuer(); assertion.Subject = new Subject(); var subjectConfirmation = new SubjectConfirmation { Method = SubjectConfirmation.BearerMethod, SubjectConfirmationData = new SubjectConfirmationData { NotOnOrAfter = new DateTime(2008, 12, 31, 12, 0, 0, 0), Recipient = "http://borger.dk" } }; assertion.Subject.Items = new object[] { subjectConfirmation }; assertion.Conditions = new Conditions { NotOnOrAfter = new DateTime(2008, 12, 31, 12, 0, 0, 0) }; var audienceRestriction = new AudienceRestriction { Audience = GetAudiences().Select(u => u.ToString()).ToList() }; assertion.Conditions.Items = new List<ConditionAbstract>(new ConditionAbstract[] { audienceRestriction }); AuthnStatement authnStatement; { authnStatement = new AuthnStatement(); assertion.Items = new StatementAbstract[] { authnStatement }; authnStatement.AuthnInstant = new DateTime(2008, 1, 8); authnStatement.SessionIndex = "70225885"; authnStatement.AuthnContext = new AuthnContext { Items = new object[] { "urn:oasis:names:tc:SAML:2.0:ac:classes:X509", "http://www.safewhere.net/authncontext/declref" }, ItemsElementName = new[] { AuthnContextType.AuthnContextClassRef, AuthnContextType.AuthnContextDeclRef } }; } AttributeStatement attributeStatement; { attributeStatement = new AttributeStatement(); var surName = new SamlAttribute { FriendlyName = "SurName", Name = "urn:oid:2.5.4.4", NameFormat = SamlAttribute.NameformatUri, AttributeValue = new[] { "Fry" } }; var commonName = new SamlAttribute { FriendlyName = "CommonName", Name = "urn:oid:2.5.4.3", NameFormat = SamlAttribute.NameformatUri, AttributeValue = new[] { "Philip J. Fry" } }; var userName = new SamlAttribute { Name = "urn:oid:0.9.2342.19200300.100.1.1", NameFormat = SamlAttribute.NameformatUri, AttributeValue = new[] { "fry" } }; var email = new SamlAttribute { FriendlyName = "Email", Name = "urn:oid:0.9.2342.19200300.100.1.3", NameFormat = SamlAttribute.NameformatUri, AttributeValue = new[] { "*****@*****.**" } }; attributeStatement.Items = new object[] { surName, commonName, userName, email }; } assertion.Items = new StatementAbstract[] { authnStatement, attributeStatement }; return assertion; }
public void ThrowsExceptionWhenAudienceRestrictionAudienceFormatIsInvalid() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); var audienceRestriction = new AudienceRestriction { Audience = new List<string>(new[] { "malformed uri" }) }; assertion.Conditions.Items = new List<ConditionAbstract>(new ConditionAbstract[] { audienceRestriction }); // Act validator.ValidateAssertion(assertion); }
public void ValidatesAudienceRestrictionWithMultipleAudienceRestrictions() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); var audienceConditions = new List<ConditionAbstract>(assertion.Conditions.Items); var audienceRestriction = new AudienceRestriction { Audience = new List<string>(new[] { "urn:borger.dk:id" }) }; audienceConditions.Add(audienceRestriction); assertion.Conditions.Items = audienceConditions; // Act validator.ValidateAssertion(assertion); }
public void ThrowsExceptionWhenAudienceRestrictionAnyAudienceRestrictionIsNotMet() { // Arrange var assertion = AssertionUtil.GetBasicAssertion(); var validator = new Saml20AssertionValidator(AssertionUtil.GetAudiences(), false); var audienceConditions = new List<ConditionAbstract>(assertion.Conditions.Items); var audienceRestriction = new AudienceRestriction { Audience = new List<string>(new[] { "http://well/formed.uri" }) }; audienceConditions.Add(audienceRestriction); assertion.Conditions.Items = audienceConditions; // Act validator.ValidateAssertion(assertion); }