openlogic-saml-sp 3.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,177 @@
1
+ require File.join(File.dirname(__FILE__), '../spec_helper')
2
+
3
+ describe Saml2::Assertion do
4
+ describe "w/ 2 attributes" do
5
+ before do
6
+ @assertion = Saml2::Assertion.new('http://idp.invalid', 'abcd', 'this' => 'that', 'foo' => 'bar')
7
+ end
8
+
9
+ it "should provide read access for issuer" do
10
+ @assertion.issuer.should == 'http://idp.invalid'
11
+ end
12
+
13
+ it "should provide read access to subject name id" do
14
+ @assertion.subject_name_id.should == 'abcd'
15
+ end
16
+
17
+ it "should provide read access to attributes ('this')" do
18
+ @assertion['this'].should == 'that'
19
+ end
20
+
21
+ it "should provide read access to attributes (:this)" do
22
+ @assertion[:this].should == 'that'
23
+ end
24
+
25
+ it "should provide read access to attributes ('foo')" do
26
+ @assertion['foo'].should == 'bar'
27
+ end
28
+
29
+ it "should provide read access to attributes (:foo)" do
30
+ @assertion[:foo].should == 'bar'
31
+ end
32
+ end
33
+
34
+ describe "instantiation" do
35
+ it 'should be creatable from artifact string' do
36
+ mock_artifact = mock('artifact', :resolve => :assertion_marker)
37
+ Saml2::Type4Artifact.should_receive(:new_from_string).with('artifact_marker').and_return(mock_artifact)
38
+
39
+ Saml2::Assertion.new_from_artifact("artifact_marker").should == :assertion_marker
40
+ end
41
+
42
+ it 'should be creatable from a type 4 artifact' do
43
+ artifact = Saml2::Type4Artifact.new(0, 'a-source-id', 'http://idp.invalid/')
44
+ artifact.should_receive(:resolve).and_return(:assertion_marker)
45
+
46
+ Saml2::Assertion.new_from_artifact(artifact).should == :assertion_marker
47
+ end
48
+ end
49
+
50
+ describe "parsing" do
51
+ before do
52
+ @assertion_xml = <<-XML
53
+ <SOAP-ENV:Envelope
54
+ xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
55
+ <SOAP-ENV:Body>
56
+ <ArtifactResponse
57
+ ID="_423adb988f2673de74553f9f26ff27eda8af"
58
+ InResponseTo="_gIPoW.YXQpZj17m.EpboPCp9cT"
59
+ IssueInstant="2006-11-28T23:07:43.738+00:00"
60
+ Version="2.0"
61
+ xmlns="urn:oasis:names:tc:SAML:2.0:protocol">
62
+ <ns1:Issuer xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion">
63
+ https://idp.invalid
64
+ </ns1:Issuer>
65
+
66
+ <Status>
67
+ <StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
68
+ </Status>
69
+
70
+ <Response
71
+ Destination="https://service_provider/SAMLConsumer"
72
+ ID="_dcfacebe4f2fca1cbdae749c5f5738995e0"
73
+ IssueInstant="2006-11-28T23:04:32Z"
74
+ Version="2.0">
75
+ <ns2:Issuer
76
+ Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
77
+ xmlns:ns2="urn:oasis:names:tc:SAML:2.0:assertion">
78
+ https://idp.invalid
79
+ </ns2:Issuer>
80
+
81
+ <Status>
82
+ <StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
83
+ </Status>
84
+
85
+ <ns3:Assertion
86
+ ID="_1ebc0cd2f88ade6396bccb22fc20a42792c4"
87
+ IssueInstant="2006-11-28T23:04:32Z"
88
+ Version="2.0"
89
+ xmlns:ns3="urn:oasis:names:tc:SAML:2.0:assertion">
90
+ <ns3:Issuer
91
+ Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">
92
+ https://idp.invalid
93
+ </ns3:Issuer>
94
+
95
+ <ns3:Subject>
96
+ <ns3:NameID
97
+ Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">
98
+ 12345678
99
+ </ns3:NameID>
100
+
101
+ <ns3:SubjectConfirmation
102
+ Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
103
+ <ns3:SubjectConfirmationData
104
+ NotOnOrAfter="2006-11-28T23:24:32Z"
105
+ Recipient="https://sp.invalid/SAMLConsumer"/>
106
+ </ns3:SubjectConfirmation>
107
+ </ns3:Subject>
108
+
109
+ <ns3:Conditions
110
+ NotBefore="2006-11-28T22:54:32Z"
111
+ NotOnOrAfter="2006-11-28T23:24:32Z">
112
+ <ns3:AudienceRestriction>
113
+ <ns3:Audience>https://sp.invalid</ns3:Audience>
114
+ </ns3:AudienceRestriction>
115
+ </ns3:Conditions>
116
+
117
+ <ns3:AuthnStatement
118
+ AuthnInstant="2006-11-28T23:03:14Z"
119
+ SessionIndex="MQSnyIps57sm2wRDKP+f9PsY+2A=nFfVrw=="
120
+ SessionNotOnOrAfter="2006-11-28T23:24:32Z">
121
+ <ns3:AuthnContext>
122
+ <ns3:AuthnContextClassRef>
123
+ urn:oasis:names:tc:SAML:2.0:ac:classes:Password
124
+ </ns3:AuthnContextClassRef>
125
+ </ns3:AuthnContext>
126
+ </ns3:AuthnStatement>
127
+
128
+ <ns3:AttributeStatement>
129
+ <ns3:Attribute
130
+ Name="cn"
131
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
132
+ <ns3:AttributeValue>Smith, James</ns3:AttributeValue>
133
+ </ns3:Attribute>
134
+
135
+ <ns3:Attribute
136
+ Name="email"
137
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
138
+ <ns3:AttributeValue>james.smith@idp.invalid</ns3:AttributeValue>
139
+ </ns3:Attribute>
140
+
141
+ </ns3:AttributeStatement>
142
+
143
+ </ns3:Assertion>
144
+ </Response>
145
+ </ArtifactResponse>
146
+ </SOAP-ENV:Body>
147
+ </SOAP-ENV:Envelope>
148
+ XML
149
+ end
150
+
151
+ def self.it_should_extract(prop, expected_value)
152
+ eval(<<-EXAMPLE)
153
+ it "should extract #{prop}" do
154
+ Saml2::Assertion.new_from_xml(@assertion_xml).#{prop}.should == #{expected_value.inspect}
155
+ end
156
+ EXAMPLE
157
+ end
158
+
159
+ it_should_extract :issuer, 'https://idp.invalid'
160
+ it_should_extract :subject_name_id, '12345678'
161
+
162
+ it "should extract attributes (cn)" do
163
+ Saml2::Assertion.new_from_xml(@assertion_xml)['cn'].should == 'Smith, James'
164
+ end
165
+
166
+ it "should extract attributes (email)" do
167
+ Saml2::Assertion.new_from_xml(@assertion_xml)['email'].should == 'james.smith@idp.invalid'
168
+ end
169
+ end
170
+
171
+ end
172
+
173
+
174
+ # Copyright (c) 2010 OpenLogic
175
+ #
176
+ # Licensed under MIT license. See LICENSE.txt
177
+
@@ -0,0 +1,66 @@
1
+ require File.join(File.dirname(__FILE__), '../spec_helper')
2
+
3
+ describe Saml2::Type4Artifact do
4
+ describe "parsing wrong type" do
5
+ it "should raise error" do
6
+ lambda {
7
+ # unencoded artifact: "\000\052\000\030test"
8
+ Saml2::Type4Artifact.new_from_string "ACoAGHRlc3Q="
9
+ }.should raise_error UnexpectedTypeCodeError
10
+ end
11
+
12
+ it "should have meaningful message" do
13
+ lambda {
14
+ # unencoded artifact: "\000\052\000\030test"
15
+ Saml2::Type4Artifact.new_from_string "ACoAGHRlc3Q="
16
+ }.should raise_error(/incorrect artifact type.*expected.*4.*found.*42/i)
17
+ end
18
+
19
+ end
20
+
21
+ describe "parsing type 4" do
22
+ before do
23
+ # unencoded artifact: "\000\004\000\00001234567890123456789abcdefghijklmnopqrst"
24
+ @artifact = Saml2::Type4Artifact.new_from_string "AAQAADAxMjM0NTY3ODkwMTIzNDU2Nzg5YWJjZGVmZ2hpamtsbW5vcHFyc3Q="
25
+ end
26
+
27
+ it "should know its type code" do
28
+ @artifact.type_code.should == 4
29
+ end
30
+
31
+ it "should know its endpoint index" do
32
+ @artifact.endpoint_index.should == 0
33
+ end
34
+
35
+ it "should know the source id" do
36
+ @artifact.source_id.should == '01234567890123456789'
37
+ end
38
+
39
+ it "should know the message handle" do
40
+ @artifact.message_handle.should == 'abcdefghijklmnopqrst'
41
+ end
42
+ end
43
+
44
+ describe "simple artifact" do
45
+ before do
46
+ @resolver = Saml2::ArtifactResolver.new('01234567890123456789', 'http://idp.invalid/artifact-resolver', 'http://idp.invalid/', 'http://sp.invalid/')
47
+
48
+ @artifact = Saml2::Type4Artifact.new(0, '01234567890123456789', 'abcdefghijklmnopqrst')
49
+ end
50
+
51
+ it "should be able to render itself to a string" do
52
+ @artifact.to_s.should == "AAQAADAxMjM0NTY3ODkwMTIzNDU2Nzg5YWJjZGVmZ2hpamtsbW5vcHFyc3Q="
53
+ end
54
+
55
+ it "should be able to resolve itself" do
56
+ @resolver.should_receive(:resolve).with(@artifact).and_return(:assertion_marker)
57
+ @artifact.resolve.should == :assertion_marker
58
+ end
59
+ end
60
+ end
61
+
62
+
63
+ # Copyright (c) 2010 OpenLogic
64
+ #
65
+ # Licensed under MIT license. See LICENSE.txt
66
+
@@ -0,0 +1,299 @@
1
+ require File.join(File.dirname(__FILE__), '../spec_helper')
2
+ require 'tempfile'
3
+
4
+ describe SamlSp::Config do
5
+ before do
6
+ @dsl = SamlSp::Config.new
7
+ end
8
+
9
+ describe "loading from file" do
10
+ before do
11
+ @source_id = Time.now.xmlschema(10)
12
+
13
+ @tmpfile = Tempfile.open('saml-sp-config')
14
+ @tmpfile << <<-CONFIG
15
+ artifact_resolution_service {
16
+ source_id "#{@source_id}"
17
+ uri "http://idp.invalid/resolve-artifacts"
18
+ identity_provider "http://idp.invalid/"
19
+ service_provider "http://sp.invalid/"
20
+ }
21
+ CONFIG
22
+ @tmpfile.flush
23
+ end
24
+
25
+ after do
26
+ @tmpfile.close!
27
+ end
28
+
29
+ it "should build resolver" do
30
+ SamlSp::Config.load_file(@tmpfile.path)
31
+
32
+ Saml2::ArtifactResolver(@source_id).should be_kind_of(Saml2::ArtifactResolver)
33
+ end
34
+ end
35
+
36
+ describe "global log configuration" do
37
+ before do
38
+ @orig_logger = SamlSp.logger
39
+ @dsl = SamlSp::Config.new
40
+ @resolver = @dsl.interpret(<<-CONFIG)
41
+ logger :MARKER
42
+ CONFIG
43
+ end
44
+
45
+ it "should set SamlSp.logger correctly" do
46
+ SamlSp.logger.should == :MARKER
47
+ end
48
+
49
+ after do
50
+ SamlSp.logger = @orig_logger
51
+ end
52
+ end
53
+
54
+ describe "valid basic auth'd service description" do
55
+ before do
56
+ @dsl = SamlSp::Config.new
57
+ @resolver = @dsl.interpret(<<-CONFIG)
58
+ artifact_resolution_service {
59
+ source_id "01234567890123456789"
60
+ uri "http://idp.invalid/resolve-artifacts"
61
+ identity_provider "http://idp.invalid/"
62
+ service_provider "http://sp.invalid/"
63
+
64
+ http_basic_auth {
65
+ realm "myssorealm"
66
+ user_id "myuserid"
67
+ password "mypassword"
68
+ }
69
+ }
70
+ CONFIG
71
+ end
72
+
73
+ it "should build a resolver" do
74
+ @resolver.should be_kind_of(Saml2::ArtifactResolver)
75
+ end
76
+
77
+ it "should build a resolver with correct source id" do
78
+ @resolver.source_id.should == '01234567890123456789'
79
+ end
80
+
81
+ it "should build a resolver with correct service uri" do
82
+ @resolver.resolution_service_uri.to_s.should == "http://idp.invalid/resolve-artifacts"
83
+ end
84
+
85
+ it "should build a resolver with correct identity provider id" do
86
+ @resolver.idp_id.should == "http://idp.invalid/"
87
+ end
88
+
89
+ it "should build a resolver with correct service provider id" do
90
+ @resolver.sp_id.should == "http://sp.invalid/"
91
+ end
92
+
93
+ it "should build a resolver with correct realm" do
94
+ @resolver.basic_auth_realm.should == 'myssorealm'
95
+ end
96
+
97
+ it "should build a resolver with correct user id" do
98
+ @resolver.basic_auth_user_id.should == 'myuserid'
99
+ end
100
+
101
+ it "should build a resolver with correct password" do
102
+ @resolver.basic_auth_password.should == 'mypassword'
103
+ end
104
+ end
105
+
106
+ describe "valid basic promiscuous auth'd service description" do
107
+ before do
108
+ @dsl = SamlSp::Config.new
109
+ @resolver = @dsl.interpret(<<-CONFIG)
110
+ artifact_resolution_service {
111
+ source_id "01234567890123456789"
112
+ uri "http://idp.invalid/resolve-artifacts"
113
+ identity_provider "http://idp.invalid/"
114
+ service_provider "http://sp.invalid/"
115
+
116
+ http_basic_auth {
117
+ promiscuous
118
+ user_id "myuserid"
119
+ password "mypassword"
120
+ }
121
+ }
122
+ CONFIG
123
+ end
124
+
125
+ it "should build a resolver" do
126
+ @resolver.should be_kind_of(Saml2::ArtifactResolver)
127
+ end
128
+
129
+ it "should build a resolver with correct source id" do
130
+ @resolver.source_id.should == '01234567890123456789'
131
+ end
132
+
133
+ it "should build a resolver with correct service uri" do
134
+ @resolver.resolution_service_uri.to_s.should == "http://idp.invalid/resolve-artifacts"
135
+ end
136
+
137
+ it "should build a resolver with correct identity provider id" do
138
+ @resolver.idp_id.should == "http://idp.invalid/"
139
+ end
140
+
141
+ it "should build a resolver with correct service provider id" do
142
+ @resolver.sp_id.should == "http://sp.invalid/"
143
+ end
144
+
145
+ it "should build a resolver with correct realm" do
146
+ @resolver.basic_auth_realm.should be_nil
147
+ end
148
+
149
+ it "should build a resolver with correct user id" do
150
+ @resolver.basic_auth_user_id.should == 'myuserid'
151
+ end
152
+
153
+ it "should build a resolver with correct password" do
154
+ @resolver.basic_auth_password.should == 'mypassword'
155
+ end
156
+ end
157
+
158
+ describe "valid non-auth service description" do
159
+ before do
160
+ @dsl = SamlSp::Config.new
161
+ @resolver = @dsl.interpret(<<-CONFIG)
162
+ artifact_resolution_service {
163
+ source_id "01234567890123456789"
164
+ uri "http://idp.invalid/resolve-artifacts"
165
+ identity_provider "http://idp.invalid/"
166
+ service_provider "http://sp.invalid/"
167
+ }
168
+ CONFIG
169
+ end
170
+
171
+ it "should build a resolver" do
172
+ @resolver.should be_kind_of(Saml2::ArtifactResolver)
173
+ end
174
+
175
+ it "should build a resolver with correct source id" do
176
+ @resolver.source_id.should == '01234567890123456789'
177
+ end
178
+
179
+ it "should build a resolver with correct service uri" do
180
+ @resolver.resolution_service_uri.to_s.should == "http://idp.invalid/resolve-artifacts"
181
+ end
182
+
183
+ it "should build a resolver with correct identity provider id" do
184
+ @resolver.idp_id.should == "http://idp.invalid/"
185
+ end
186
+
187
+ it "should build a resolver with correct service provider id" do
188
+ @resolver.sp_id.should == "http://sp.invalid/"
189
+ end
190
+
191
+ it "should build a resolver with correct realm" do
192
+ @resolver.basic_auth_realm.should == nil
193
+ end
194
+
195
+ it "should build a resolver with correct user id" do
196
+ @resolver.basic_auth_user_id.should == nil
197
+ end
198
+
199
+ it "should build a resolver with correct password" do
200
+ @resolver.basic_auth_password.should == nil
201
+ end
202
+ end
203
+
204
+ it "should raise error on missing source_id" do
205
+ lambda {
206
+ @dsl.interpret(<<-CONFIG)
207
+ artifact_resolution_service {
208
+ uri "http://idp.invalid/resolve-artifacts"
209
+ identity_provider "http://idp.invalid/"
210
+ service_provider "http://sp.invalid/"
211
+ }
212
+ CONFIG
213
+ }.should raise_error SamlSp::ConfigurationError
214
+ end
215
+
216
+ it "should raise error on missing uri" do
217
+ lambda {
218
+ @dsl.interpret(<<-CONFIG)
219
+ artifact_resolution_service {
220
+ source_id "01234567890123456789"
221
+ identity_provider "http://idp.invalid/"
222
+ service_provider "http://sp.invalid/"
223
+ }
224
+ CONFIG
225
+ }.should raise_error SamlSp::ConfigurationError
226
+ end
227
+
228
+ it "should raise error on missing issuer" do
229
+ lambda {
230
+ @dsl.interpret(<<-CONFIG)
231
+ artifact_resolution_service {
232
+ source_id "01234567890123456789"
233
+ uri "http://idp.invalid/resolve-artifacts"
234
+ }
235
+ CONFIG
236
+ }.should raise_error SamlSp::ConfigurationError
237
+ end
238
+
239
+ it "should raise error on missing basic auth realm" do
240
+ lambda {
241
+ @dsl.interpret(<<-CONFIG)
242
+ artifact_resolution_service {
243
+ source_id "01234567890123456789"
244
+ uri "http://idp.invalid/resolve-artifacts"
245
+ identity_provider "http://idp.invalid/"
246
+ service_provider "http://sp.invalid/"
247
+
248
+ http_basic_auth {
249
+ user_id "myuserid"
250
+ password "mypassword"
251
+ }
252
+ }
253
+ CONFIG
254
+ }.should raise_error SamlSp::ConfigurationError
255
+ end
256
+
257
+ it "should raise error on missing basic auth user id" do
258
+ lambda {
259
+ @dsl.interpret(<<-CONFIG)
260
+ artifact_resolution_service {
261
+ source_id "01234567890123456789"
262
+ uri "http://idp.invalid/resolve-artifacts"
263
+ identity_provider "http://idp.invalid/"
264
+ service_provider "http://sp.invalid/"
265
+
266
+ http_basic_auth {
267
+ realm "myssorealm"
268
+ password "mypassword"
269
+ }
270
+ }
271
+ CONFIG
272
+ }.should raise_error SamlSp::ConfigurationError
273
+ end
274
+
275
+ it "should raise error on missing basic auth password" do
276
+ lambda {
277
+ @dsl.interpret(<<-CONFIG)
278
+ artifact_resolution_service {
279
+ source_id "01234567890123456789"
280
+ uri "http://idp.invalid/resolve-artifacts"
281
+ identity_provider "http://idp.invalid/"
282
+ service_provider "http://sp.invalid/"
283
+
284
+ http_basic_auth {
285
+ realm "myssorealm"
286
+ user_id "myuserid"
287
+ }
288
+ }
289
+ CONFIG
290
+ }.should raise_error SamlSp::ConfigurationError
291
+ end
292
+
293
+ end
294
+
295
+
296
+ # Copyright (c) 2010 OpenLogic
297
+ #
298
+ # Licensed under MIT license. See LICENSE.txt
299
+