public static ExtendedEntityDescriptor CreateIdpMetadata(bool includeCacheDuration = true)
{
var metadata = new ExtendedEntityDescriptor()
{
EntityId = new EntityId(UrlResolver.MetadataUrl.ToString())
};
if (includeCacheDuration)
{
metadata.CacheDuration = new TimeSpan(0, 15, 0);
}
var idpSsoDescriptor = new IdentityProviderSingleSignOnDescriptor();
idpSsoDescriptor.ProtocolsSupported.Add(new Uri("urn:oasis:names:tc:SAML:2.0:protocol"));
metadata.RoleDescriptors.Add(idpSsoDescriptor);
idpSsoDescriptor.SingleSignOnServices.Add(new ProtocolEndpoint()
{
Binding = Saml2Binding.HttpRedirectUri,
Location = UrlResolver.SsoServiceUrl
});
idpSsoDescriptor.ArtifactResolutionServices.Add(0, new IndexedProtocolEndpoint()
{
Index = 0,
IsDefault = true,
Binding = Saml2Binding.SoapUri,
Location = UrlResolver.ArtifactServiceUrl
});
idpSsoDescriptor.Keys.Add(CertificateHelper.SigningKey);
return metadata;
}
public void MetadatabaseExtensions_ToXmlString_IncludesKeyInfo()
{
var metadata = new ExtendedEntityDescriptor
{
EntityId = new EntityId("http://idp.example.com/metadata"),
CacheDuration = new TimeSpan(1, 0, 0)
};
var idpSsoDescriptor = new IdentityProviderSingleSignOnDescriptor();
idpSsoDescriptor.ProtocolsSupported.Add(new Uri("urn:oasis:names:tc:SAML:2.0:protocol"));
metadata.RoleDescriptors.Add(idpSsoDescriptor);
idpSsoDescriptor.SingleSignOnServices.Add(new ProtocolEndpoint
{
Binding = Saml2Binding.HttpRedirectUri,
Location = new Uri("http://idp.example.com/sso")
});
idpSsoDescriptor.Keys.Add(SignedXmlHelper.TestKeyDescriptor);
var subject = XDocument.Parse((metadata.ToXmlString()));
var ds = XNamespace.Get(SignedXml.XmlDsigNamespaceUrl);
subject.Element(Saml2Namespaces.Saml2Metadata + "EntityDescriptor")
.Element(Saml2Namespaces.Saml2Metadata + "IDPSSODescriptor")
.Element(Saml2Namespaces.Saml2Metadata + "KeyDescriptor")
.Element(ds + "KeyInfo")
.Element(ds + "X509Data")
.Element(ds + "X509Certificate")
.Value.Should().StartWith("MIIDIzCCAg+gAwIBAgIQg7mOjTf994NAVxZu4jqXpzAJBgUrDgM");
}
public void IdentityProvider_ConstructedFromEntityDescriptor_DoesntScheduleMedataRefresh()
{
MetadataRefreshScheduler.minInterval = new TimeSpan(0, 0, 0, 0, 1);
var ed = new ExtendedEntityDescriptor
{
ValidUntil = DateTime.UtcNow.AddYears(-1),
EntityId = new EntityId("http://localhost:13428/idpMetadata")
};
var idpSsoDescriptor = new IdentityProviderSingleSignOnDescriptor();
idpSsoDescriptor.ProtocolsSupported.Add(new Uri("urn:oasis:names:tc:SAML:2.0:protocol"));
ed.RoleDescriptors.Add(idpSsoDescriptor);
var pe = new ProtocolEndpoint()
{
Binding = Saml2Binding.HttpRedirectUri,
Location = new Uri("http://idp.example.com/sso")
};
idpSsoDescriptor.SingleSignOnServices.Add(pe);
idpSsoDescriptor.Keys.Add(SignedXmlHelper.TestKeyDescriptor);
var subject = new IdentityProvider(ed.EntityId, StubFactory.CreateSPOptions());
subject.ReadMetadata(ed);
// Ugly, but have to wait and see that nothing happened. Have tried
// some different timeouts but need 100 to ensure fail before bug
// is fixed :-(
Thread.Sleep(100);
// Would be changed if metadata was reloaded.
subject.SingleSignOnServiceUrl.Should().Be(pe.Location);
}
public void IdentityProvider_ConstructedFromEntityDescriptor_DoesntReloadMetadataWhenDisabled()
{
var ed = new ExtendedEntityDescriptor
{
ValidUntil = DateTime.UtcNow.AddYears(-1),
EntityId = new EntityId("someEntityId")
};
var idpSsoDescriptor = new IdentityProviderSingleSignOnDescriptor();
idpSsoDescriptor.ProtocolsSupported.Add(new Uri("urn:oasis:names:tc:SAML:2.0:protocol"));
ed.RoleDescriptors.Add(idpSsoDescriptor);
idpSsoDescriptor.SingleSignOnServices.Add(new ProtocolEndpoint()
{
Binding = Saml2Binding.HttpRedirectUri,
Location = new Uri("http://idp.example.com/sso")
});
idpSsoDescriptor.Keys.Add(SignedXmlHelper.TestKeyDescriptor);
var subject = new IdentityProvider(ed.EntityId, StubFactory.CreateSPOptions());
Action a = () => { var b = subject.Binding; };
subject.LoadMetadata.Should().BeFalse();
// Will throw invalid Uri if it tries to use EntityId as metadata url.
a.ShouldNotThrow();
}
public void ExtendedMetadataSerializer_Write_EntitiesDescriptorCacheDuration()
{
var metadata = new ExtendedEntitiesDescriptor
{
Name = "Federation Name",
CacheDuration = new TimeSpan(0, 42, 0)
};
var entity = new ExtendedEntityDescriptor
{
EntityId = new EntityId("http://some.entity.example.com")
};
var idpSsoDescriptor = new IdentityProviderSingleSignOnDescriptor();
idpSsoDescriptor.ProtocolsSupported.Add(new Uri("urn:oasis:names:tc:SAML:2.0:protocol"));
idpSsoDescriptor.SingleSignOnServices.Add(new ProtocolEndpoint
{
Binding = Saml2Binding.HttpRedirectUri,
Location = new Uri("http://some.entity.example.com/sso")
});
entity.RoleDescriptors.Add(idpSsoDescriptor);
metadata.ChildEntities.Add(entity);
var stream = new MemoryStream();
ExtendedMetadataSerializer.ReaderInstance.WriteMetadata(stream, metadata);
stream.Seek(0, SeekOrigin.Begin);
var result = XDocument.Load(stream).Root;
result.Name.Should().Be(Saml2Namespaces.Saml2Metadata + "EntitiesDescriptor");
result.Attribute("cacheDuration").Value.Should().Be("PT42M");
result.Element(Saml2Namespaces.Saml2Metadata + "EntityDescriptor").Attribute("cacheDuration")
.Should().BeNull();
}