[tests] add test for rollover on the SP side, i.e. rollover of encryption keys
This test case is the first to abstract the workflow between two LassoLogin object (for the idp and sp side). This part of the code could be used to simplify the code of other tests in the future.
This commit is contained in:
parent
fd7af65e91
commit
95137b1ad1
|
@ -0,0 +1,22 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEP
|
||||||
|
MA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczETMBEGA1UEChMKRW50cm91
|
||||||
|
dmVydDEPMA0GA1UEAxMGRGFtaWVuMB4XDTA2MTAyNzA5MDc1NFoXDTExMTAyNjA5
|
||||||
|
MDc1NFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMF
|
||||||
|
UGFyaXMxEzARBgNVBAoTCkVudHJvdXZlcnQxDzANBgNVBAMTBkRhbWllbjCCASIw
|
||||||
|
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM06Hx6VgHYR9wUf/tZVVTRkVWNq
|
||||||
|
h9x+PvHA2qH4OYMuqGs4Af6lU2YsZvnrmRdcFWv0+UkdAgXhReCWAZgtB1pd/W9m
|
||||||
|
6qDRldCCyysow6xPPKRz/pOTwRXm/fM0QGPeXzwzj34BXOIOuFu+n764vKn18d+u
|
||||||
|
uVAEzk1576pxTp4pQPzJfdNLrLeQ8vyCshoFU+MYJtp1UA+h2JoO0Y8oGvywbUxH
|
||||||
|
ioHN5PvnzObfAM4XaDQohmfxM9Uc7Wp4xKAc1nUq5hwBrHpjFMRSz6UCfMoJSGIi
|
||||||
|
+3xJMkNCjL0XEw5NKVc5jRKkzSkN5j8KTM/k1jPPsDHPRYzbWWhnNtd6JlkCAwEA
|
||||||
|
AaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0
|
||||||
|
ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFP2WWMDShux3iF74+SoO1xf6qhqaMB8G
|
||||||
|
A1UdIwQYMBaAFGjl6TRXbQDHzSlZu+e8VeBaZMB5MA0GCSqGSIb3DQEBBQUAA4IB
|
||||||
|
AQAZ/imK7UMognXbs5RfSB8cMW6iNAI+JZqe9XWjvtmLfIIPbHM96o953SiFvrvQ
|
||||||
|
BZjGmmPMK3UH29cjzDx1R/RQaYTyMrHyTePLh3BMd5mpJ/9eeJCSxPzE2ECqWRUa
|
||||||
|
pkjukecFXqmRItwgTxSIUE9QkpzvuQRb268PwmgroE0mwtiREADnvTFkLkdiEMew
|
||||||
|
fiYxZfJJLPBqwlkw/7f1SyzXoPXnz5QbNwDmrHelga6rKSprYKb3pueqaIe8j/AP
|
||||||
|
NC1/bzp8cGOcJ88BD5+Ny6qgPVCrMLE5twQumJ12V3SvjGNtzFBvg2c/9S5OmVqR
|
||||||
|
LlTxKnCrWAXftSm1rNtewTsF
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -0,0 +1,22 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEP
|
||||||
|
MA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczETMBEGA1UEChMKRW50cm91
|
||||||
|
dmVydDEPMA0GA1UEAxMGRGFtaWVuMB4XDTA2MTAyNzA5MDc1NFoXDTExMTAyNjA5
|
||||||
|
MDc1NFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMF
|
||||||
|
UGFyaXMxEzARBgNVBAoTCkVudHJvdXZlcnQxDzANBgNVBAMTBkRhbWllbjCCASIw
|
||||||
|
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM06Hx6VgHYR9wUf/tZVVTRkVWNq
|
||||||
|
h9x+PvHA2qH4OYMuqGs4Af6lU2YsZvnrmRdcFWv0+UkdAgXhReCWAZgtB1pd/W9m
|
||||||
|
6qDRldCCyysow6xPPKRz/pOTwRXm/fM0QGPeXzwzj34BXOIOuFu+n764vKn18d+u
|
||||||
|
uVAEzk1576pxTp4pQPzJfdNLrLeQ8vyCshoFU+MYJtp1UA+h2JoO0Y8oGvywbUxH
|
||||||
|
ioHN5PvnzObfAM4XaDQohmfxM9Uc7Wp4xKAc1nUq5hwBrHpjFMRSz6UCfMoJSGIi
|
||||||
|
+3xJMkNCjL0XEw5NKVc5jRKkzSkN5j8KTM/k1jPPsDHPRYzbWWhnNtd6JlkCAwEA
|
||||||
|
AaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0
|
||||||
|
ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFP2WWMDShux3iF74+SoO1xf6qhqaMB8G
|
||||||
|
A1UdIwQYMBaAFGjl6TRXbQDHzSlZu+e8VeBaZMB5MA0GCSqGSIb3DQEBBQUAA4IB
|
||||||
|
AQAZ/imK7UMognXbs5RfSB8cMW6iNAI+JZqe9XWjvtmLfIIPbHM96o953SiFvrvQ
|
||||||
|
BZjGmmPMK3UH29cjzDx1R/RQaYTyMrHyTePLh3BMd5mpJ/9eeJCSxPzE2ECqWRUa
|
||||||
|
pkjukecFXqmRItwgTxSIUE9QkpzvuQRb268PwmgroE0mwtiREADnvTFkLkdiEMew
|
||||||
|
fiYxZfJJLPBqwlkw/7f1SyzXoPXnz5QbNwDmrHelga6rKSprYKb3pueqaIe8j/AP
|
||||||
|
NC1/bzp8cGOcJ88BD5+Ny6qgPVCrMLE5twQumJ12V3SvjGNtzFBvg2c/9S5OmVqR
|
||||||
|
LlTxKnCrWAXftSm1rNtewTsF
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -0,0 +1,14 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIICHjCCAYegAwIBAgIJAKCn8J6jYs6kMA0GCSqGSIb3DQEBBQUAMBUxEzARBgNV
|
||||||
|
BAoTCkVudHJvdXZlcnQwHhcNMTEwMTE5MjAxNDE2WhcNMTEwMjE4MjAxNDE2WjAV
|
||||||
|
MRMwEQYDVQQKEwpFbnRyb3V2ZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
|
||||||
|
gQDGI2g/WLmdODxhiraxFklG09r6C/yjX06zTt1MapA5+eIcEg2Hp+elCwcCogL1
|
||||||
|
ZK9/vYlU2yzIGgxV5mVVUybgdQuIvmEi8BlWM4HM5np97J/g6r41vG5auA4ve1Xp
|
||||||
|
F11rVO9Ru1LIQwMaHXJVf0yojNLH6VOmJU3GDELjKB+VLwIDAQABo3YwdDAdBgNV
|
||||||
|
HQ4EFgQUssAKE1M50yrgLpqoFzRbSOeZ41swRQYDVR0jBD4wPIAUssAKE1M50yrg
|
||||||
|
LpqoFzRbSOeZ41uhGaQXMBUxEzARBgNVBAoTCkVudHJvdXZlcnSCCQCgp/Ceo2LO
|
||||||
|
pDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABPxbVQuuVzkfZFmeUJH
|
||||||
|
S6WSvTKoEfJKXm7xLB9ChtPixZkPN6XXYaV0zx6cIwiUBi97ijcMU4W/+s5Xn4rB
|
||||||
|
/HJ2UWPlObpjZOxdl1eGsrTw8l7LWPls1B0b0wYms32q6bDVwPWVlDqc5Z13b9M3
|
||||||
|
8bNF5SUdZmcRJzk3LKXZ9nkA
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -0,0 +1,88 @@
|
||||||
|
<?xml version="1.0"?>
|
||||||
|
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
|
||||||
|
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
|
||||||
|
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
|
||||||
|
entityID="http://sp11/metadata">
|
||||||
|
<SPSSODescriptor
|
||||||
|
AuthnRequestsSigned="true"
|
||||||
|
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
||||||
|
<KeyDescriptor use="signing">
|
||||||
|
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||||
|
<ds:X509Data>
|
||||||
|
<ds:X509Certificate>
|
||||||
|
MIICHjCCAYegAwIBAgIJAKCn8J6jYs6kMA0GCSqGSIb3DQEBBQUAMBUxEzARBgNV
|
||||||
|
BAoTCkVudHJvdXZlcnQwHhcNMTEwMTE5MjAxNDE2WhcNMTEwMjE4MjAxNDE2WjAV
|
||||||
|
MRMwEQYDVQQKEwpFbnRyb3V2ZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
|
||||||
|
gQDGI2g/WLmdODxhiraxFklG09r6C/yjX06zTt1MapA5+eIcEg2Hp+elCwcCogL1
|
||||||
|
ZK9/vYlU2yzIGgxV5mVVUybgdQuIvmEi8BlWM4HM5np97J/g6r41vG5auA4ve1Xp
|
||||||
|
F11rVO9Ru1LIQwMaHXJVf0yojNLH6VOmJU3GDELjKB+VLwIDAQABo3YwdDAdBgNV
|
||||||
|
HQ4EFgQUssAKE1M50yrgLpqoFzRbSOeZ41swRQYDVR0jBD4wPIAUssAKE1M50yrg
|
||||||
|
LpqoFzRbSOeZ41uhGaQXMBUxEzARBgNVBAoTCkVudHJvdXZlcnSCCQCgp/Ceo2LO
|
||||||
|
pDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABPxbVQuuVzkfZFmeUJH
|
||||||
|
S6WSvTKoEfJKXm7xLB9ChtPixZkPN6XXYaV0zx6cIwiUBi97ijcMU4W/+s5Xn4rB
|
||||||
|
/HJ2UWPlObpjZOxdl1eGsrTw8l7LWPls1B0b0wYms32q6bDVwPWVlDqc5Z13b9M3
|
||||||
|
8bNF5SUdZmcRJzk3LKXZ9nkA
|
||||||
|
</ds:X509Certificate>
|
||||||
|
</ds:X509Data>
|
||||||
|
</ds:KeyInfo>
|
||||||
|
</KeyDescriptor>
|
||||||
|
|
||||||
|
<KeyDescriptor>
|
||||||
|
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||||
|
<ds:X509Data>
|
||||||
|
<ds:X509Certificate>MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEP
|
||||||
|
MA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczETMBEGA1UEChMKRW50cm91
|
||||||
|
dmVydDEPMA0GA1UEAxMGRGFtaWVuMB4XDTA2MTAyNzA5MDc1NFoXDTExMTAyNjA5
|
||||||
|
MDc1NFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMF
|
||||||
|
UGFyaXMxEzARBgNVBAoTCkVudHJvdXZlcnQxDzANBgNVBAMTBkRhbWllbjCCASIw
|
||||||
|
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM06Hx6VgHYR9wUf/tZVVTRkVWNq
|
||||||
|
h9x+PvHA2qH4OYMuqGs4Af6lU2YsZvnrmRdcFWv0+UkdAgXhReCWAZgtB1pd/W9m
|
||||||
|
6qDRldCCyysow6xPPKRz/pOTwRXm/fM0QGPeXzwzj34BXOIOuFu+n764vKn18d+u
|
||||||
|
uVAEzk1576pxTp4pQPzJfdNLrLeQ8vyCshoFU+MYJtp1UA+h2JoO0Y8oGvywbUxH
|
||||||
|
ioHN5PvnzObfAM4XaDQohmfxM9Uc7Wp4xKAc1nUq5hwBrHpjFMRSz6UCfMoJSGIi
|
||||||
|
+3xJMkNCjL0XEw5NKVc5jRKkzSkN5j8KTM/k1jPPsDHPRYzbWWhnNtd6JlkCAwEA
|
||||||
|
AaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0
|
||||||
|
ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFP2WWMDShux3iF74+SoO1xf6qhqaMB8G
|
||||||
|
A1UdIwQYMBaAFGjl6TRXbQDHzSlZu+e8VeBaZMB5MA0GCSqGSIb3DQEBBQUAA4IB
|
||||||
|
AQAZ/imK7UMognXbs5RfSB8cMW6iNAI+JZqe9XWjvtmLfIIPbHM96o953SiFvrvQ
|
||||||
|
BZjGmmPMK3UH29cjzDx1R/RQaYTyMrHyTePLh3BMd5mpJ/9eeJCSxPzE2ECqWRUa
|
||||||
|
pkjukecFXqmRItwgTxSIUE9QkpzvuQRb268PwmgroE0mwtiREADnvTFkLkdiEMew
|
||||||
|
fiYxZfJJLPBqwlkw/7f1SyzXoPXnz5QbNwDmrHelga6rKSprYKb3pueqaIe8j/AP
|
||||||
|
NC1/bzp8cGOcJ88BD5+Ny6qgPVCrMLE5twQumJ12V3SvjGNtzFBvg2c/9S5OmVqR
|
||||||
|
LlTxKnCrWAXftSm1rNtewTsF</ds:X509Certificate>
|
||||||
|
</ds:X509Data>
|
||||||
|
</ds:KeyInfo>
|
||||||
|
</KeyDescriptor>
|
||||||
|
|
||||||
|
<ArtifactResolutionService isDefault="true" index="0"
|
||||||
|
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
|
||||||
|
Location="http://sp11/artifact" />
|
||||||
|
<SingleLogoutService
|
||||||
|
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
|
||||||
|
Location="http://sp11/singleLogoutSOAP" />
|
||||||
|
<SingleLogoutService
|
||||||
|
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
|
||||||
|
Location="http://sp11/singleLogout"
|
||||||
|
ResponseLocation="http://sp11/singleLogoutReturn" />
|
||||||
|
<ManageNameIDService
|
||||||
|
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
|
||||||
|
Location="http://sp11/manageNameIdSOAP" />
|
||||||
|
<ManageNameIDService
|
||||||
|
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
|
||||||
|
Location="http://sp11/manageNameId"
|
||||||
|
ResponseLocation="http://sp11/manageNameIdReturn" />
|
||||||
|
<AssertionConsumerService isDefault="true" index="0"
|
||||||
|
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
|
||||||
|
Location="http://sp11/singleSignOnArtifact" />
|
||||||
|
<AssertionConsumerService index="1"
|
||||||
|
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
|
||||||
|
Location="http://sp11/singleSignOnPost" />
|
||||||
|
<AssertionConsumerService index="2"
|
||||||
|
Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
|
||||||
|
Location="http://sp11/singleSignOnSOAP" />
|
||||||
|
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
|
||||||
|
</SPSSODescriptor>
|
||||||
|
<Organization>
|
||||||
|
<OrganizationName xml:lang="en">Example SAML 2.0 metadatas</OrganizationName>
|
||||||
|
</Organization>
|
||||||
|
</EntityDescriptor>
|
|
@ -0,0 +1,88 @@
|
||||||
|
<?xml version="1.0"?>
|
||||||
|
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
|
||||||
|
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
|
||||||
|
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
|
||||||
|
entityID="http://sp11/metadata">
|
||||||
|
<SPSSODescriptor
|
||||||
|
AuthnRequestsSigned="true"
|
||||||
|
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
||||||
|
<KeyDescriptor>
|
||||||
|
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||||
|
<ds:X509Data>
|
||||||
|
<ds:X509Certificate>
|
||||||
|
MIICHjCCAYegAwIBAgIJAKCn8J6jYs6kMA0GCSqGSIb3DQEBBQUAMBUxEzARBgNV
|
||||||
|
BAoTCkVudHJvdXZlcnQwHhcNMTEwMTE5MjAxNDE2WhcNMTEwMjE4MjAxNDE2WjAV
|
||||||
|
MRMwEQYDVQQKEwpFbnRyb3V2ZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
|
||||||
|
gQDGI2g/WLmdODxhiraxFklG09r6C/yjX06zTt1MapA5+eIcEg2Hp+elCwcCogL1
|
||||||
|
ZK9/vYlU2yzIGgxV5mVVUybgdQuIvmEi8BlWM4HM5np97J/g6r41vG5auA4ve1Xp
|
||||||
|
F11rVO9Ru1LIQwMaHXJVf0yojNLH6VOmJU3GDELjKB+VLwIDAQABo3YwdDAdBgNV
|
||||||
|
HQ4EFgQUssAKE1M50yrgLpqoFzRbSOeZ41swRQYDVR0jBD4wPIAUssAKE1M50yrg
|
||||||
|
LpqoFzRbSOeZ41uhGaQXMBUxEzARBgNVBAoTCkVudHJvdXZlcnSCCQCgp/Ceo2LO
|
||||||
|
pDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABPxbVQuuVzkfZFmeUJH
|
||||||
|
S6WSvTKoEfJKXm7xLB9ChtPixZkPN6XXYaV0zx6cIwiUBi97ijcMU4W/+s5Xn4rB
|
||||||
|
/HJ2UWPlObpjZOxdl1eGsrTw8l7LWPls1B0b0wYms32q6bDVwPWVlDqc5Z13b9M3
|
||||||
|
8bNF5SUdZmcRJzk3LKXZ9nkA
|
||||||
|
</ds:X509Certificate>
|
||||||
|
</ds:X509Data>
|
||||||
|
</ds:KeyInfo>
|
||||||
|
</KeyDescriptor>
|
||||||
|
|
||||||
|
<KeyDescriptor use="signing">
|
||||||
|
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||||
|
<ds:X509Data>
|
||||||
|
<ds:X509Certificate>MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEP
|
||||||
|
MA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczETMBEGA1UEChMKRW50cm91
|
||||||
|
dmVydDEPMA0GA1UEAxMGRGFtaWVuMB4XDTA2MTAyNzA5MDc1NFoXDTExMTAyNjA5
|
||||||
|
MDc1NFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMF
|
||||||
|
UGFyaXMxEzARBgNVBAoTCkVudHJvdXZlcnQxDzANBgNVBAMTBkRhbWllbjCCASIw
|
||||||
|
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM06Hx6VgHYR9wUf/tZVVTRkVWNq
|
||||||
|
h9x+PvHA2qH4OYMuqGs4Af6lU2YsZvnrmRdcFWv0+UkdAgXhReCWAZgtB1pd/W9m
|
||||||
|
6qDRldCCyysow6xPPKRz/pOTwRXm/fM0QGPeXzwzj34BXOIOuFu+n764vKn18d+u
|
||||||
|
uVAEzk1576pxTp4pQPzJfdNLrLeQ8vyCshoFU+MYJtp1UA+h2JoO0Y8oGvywbUxH
|
||||||
|
ioHN5PvnzObfAM4XaDQohmfxM9Uc7Wp4xKAc1nUq5hwBrHpjFMRSz6UCfMoJSGIi
|
||||||
|
+3xJMkNCjL0XEw5NKVc5jRKkzSkN5j8KTM/k1jPPsDHPRYzbWWhnNtd6JlkCAwEA
|
||||||
|
AaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0
|
||||||
|
ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFP2WWMDShux3iF74+SoO1xf6qhqaMB8G
|
||||||
|
A1UdIwQYMBaAFGjl6TRXbQDHzSlZu+e8VeBaZMB5MA0GCSqGSIb3DQEBBQUAA4IB
|
||||||
|
AQAZ/imK7UMognXbs5RfSB8cMW6iNAI+JZqe9XWjvtmLfIIPbHM96o953SiFvrvQ
|
||||||
|
BZjGmmPMK3UH29cjzDx1R/RQaYTyMrHyTePLh3BMd5mpJ/9eeJCSxPzE2ECqWRUa
|
||||||
|
pkjukecFXqmRItwgTxSIUE9QkpzvuQRb268PwmgroE0mwtiREADnvTFkLkdiEMew
|
||||||
|
fiYxZfJJLPBqwlkw/7f1SyzXoPXnz5QbNwDmrHelga6rKSprYKb3pueqaIe8j/AP
|
||||||
|
NC1/bzp8cGOcJ88BD5+Ny6qgPVCrMLE5twQumJ12V3SvjGNtzFBvg2c/9S5OmVqR
|
||||||
|
LlTxKnCrWAXftSm1rNtewTsF</ds:X509Certificate>
|
||||||
|
</ds:X509Data>
|
||||||
|
</ds:KeyInfo>
|
||||||
|
</KeyDescriptor>
|
||||||
|
|
||||||
|
<ArtifactResolutionService isDefault="true" index="0"
|
||||||
|
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
|
||||||
|
Location="http://sp11/artifact" />
|
||||||
|
<SingleLogoutService
|
||||||
|
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
|
||||||
|
Location="http://sp11/singleLogoutSOAP" />
|
||||||
|
<SingleLogoutService
|
||||||
|
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
|
||||||
|
Location="http://sp11/singleLogout"
|
||||||
|
ResponseLocation="http://sp11/singleLogoutReturn" />
|
||||||
|
<ManageNameIDService
|
||||||
|
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
|
||||||
|
Location="http://sp11/manageNameIdSOAP" />
|
||||||
|
<ManageNameIDService
|
||||||
|
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
|
||||||
|
Location="http://sp11/manageNameId"
|
||||||
|
ResponseLocation="http://sp11/manageNameIdReturn" />
|
||||||
|
<AssertionConsumerService isDefault="true" index="0"
|
||||||
|
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
|
||||||
|
Location="http://sp11/singleSignOnArtifact" />
|
||||||
|
<AssertionConsumerService index="1"
|
||||||
|
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
|
||||||
|
Location="http://sp11/singleSignOnPost" />
|
||||||
|
<AssertionConsumerService index="2"
|
||||||
|
Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
|
||||||
|
Location="http://sp11/singleSignOnSOAP" />
|
||||||
|
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
|
||||||
|
</SPSSODescriptor>
|
||||||
|
<Organization>
|
||||||
|
<OrganizationName xml:lang="en">Example SAML 2.0 metadatas</OrganizationName>
|
||||||
|
</Organization>
|
||||||
|
</EntityDescriptor>
|
|
@ -0,0 +1,27 @@
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIIEowIBAAKCAQEAzTofHpWAdhH3BR/+1lVVNGRVY2qH3H4+8cDaofg5gy6oazgB
|
||||||
|
/qVTZixm+euZF1wVa/T5SR0CBeFF4JYBmC0HWl39b2bqoNGV0ILLKyjDrE88pHP+
|
||||||
|
k5PBFeb98zRAY95fPDOPfgFc4g64W76fvri8qfXx3665UATOTXnvqnFOnilA/Ml9
|
||||||
|
00ust5Dy/IKyGgVT4xgm2nVQD6HYmg7Rjyga/LBtTEeKgc3k++fM5t8AzhdoNCiG
|
||||||
|
Z/Ez1RztanjEoBzWdSrmHAGsemMUxFLPpQJ8yglIYiL7fEkyQ0KMvRcTDk0pVzmN
|
||||||
|
EqTNKQ3mPwpMz+TWM8+wMc9FjNtZaGc213omWQIDAQABAoIBAEPj5keHzWdBqiXX
|
||||||
|
38WnlPgv+M9afndCjDANTEYoh14OIUjWzlIe/ufd6HLkrVA89hkwgQbewbyQOT2C
|
||||||
|
YiSlQLl0PlKMCTIKIzVHD07HvXNTAwykEqNfTZChSYEa1/Ixre+MXvugF8nwdKxk
|
||||||
|
8xN0qXTQF6OXeVYvQNAAdng743YON4ubqKlEezIwnfG/jcoZrGkiTpx+k1JXJsZN
|
||||||
|
4dHKFP12RRhUTGjaOkBo41w8GNKQLFpy1vqAOYMyi1SJcrwpAu3H0iQug9SylQaM
|
||||||
|
bFjt8j/m13gu3zXIJbi8xbyg3nqpxl9dxcZG/cDA9z2tLu/h3G3nPq7CXvkZxmjl
|
||||||
|
ePvOCwECgYEA9zbwYMtd8tT3PHtrCtjwkfxV0dvMmfNw/rRT4ShWtKLmgX+K9nz/
|
||||||
|
T4qpbehz4z7OvsLjQ6Bt6wjMNMw9SEBeEMyDVTpmzSD2PowARegmeLX4CsilqHHl
|
||||||
|
/AMYUtywEQ2f65/CWPiMIt8mLnEyJ/dsyVLpuzGUNNt34Yaqpu2qXnUCgYEA1IUy
|
||||||
|
PObmTh3I8ZyESyGhbu2TYs0A8Zy6eTIAv0ijOIpmUykzjE5pR9sB3nYEd4GTHPEv
|
||||||
|
hF6SWfNIDDr83TqThJYzkFyXMCxiVLH55U42wlsvwp4jTnOI3K/7Y7U/lEmBlgcl
|
||||||
|
JbIIv1t9okg3+Kuu4i7iB6JR89cSO/Wfcdu/c9UCgYAHE5eF7cxeqyH4pT/HK7aX
|
||||||
|
NzXtr/EHZySQ5fCQvWrd+NvIUTJVI/ba/AklkEXg92dLpqCCyxDabYIK8N3AN7d5
|
||||||
|
m6EWy3kt3geueqt3VNHlGrBi/qNfUwNWV3BWzuJrWox9XjFeAp9gUCrzoWHiKv7+
|
||||||
|
NFVkemLXsICaABTaemsqEQKBgQDJJ4n1u1gieG7Kwqs1sg9rP9RRoFlUWFTogjvS
|
||||||
|
0p4r1lQkQstX8qAUM2gBeROhSjRFIMUpNZqxKWT4rpzJibg3tzP3YKx6HIi2Qf+W
|
||||||
|
3AFY1ZbPT397sj/JI4l/Rv93DFxr9TdkBq/g8GhqQpE3/sj5rgaj0zBe7SOFPWg+
|
||||||
|
DRGaQQKBgEEcSF5KmpIHnhi3WlfGiEtx3kcD63orKME0YYA5BM6wnmRT4QiSw+qj
|
||||||
|
i7ljrKGSbmdMFC3ArM42/k2lXYpVLsYWmyaRYSgbdowxLM1XxDJMFIPR2uG6N+vi
|
||||||
|
HzWkRxi2SXKU42vfs5eA0itHvQP2DfUx8VuvtwVbOxDGgntYia70
|
||||||
|
-----END RSA PRIVATE KEY-----
|
|
@ -0,0 +1,15 @@
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIICXQIBAAKBgQDGI2g/WLmdODxhiraxFklG09r6C/yjX06zTt1MapA5+eIcEg2H
|
||||||
|
p+elCwcCogL1ZK9/vYlU2yzIGgxV5mVVUybgdQuIvmEi8BlWM4HM5np97J/g6r41
|
||||||
|
vG5auA4ve1XpF11rVO9Ru1LIQwMaHXJVf0yojNLH6VOmJU3GDELjKB+VLwIDAQAB
|
||||||
|
AoGAKqJ3zhmzZwcwxvRoN1bKUblIh0GJDUZ20tKHf+f2PONuKgggbS5OBA+JZKGj
|
||||||
|
7VXLBbutD1tSGYSxXtKCv4dy97xDWlsWmc9AhWss0i7bYMQ+bps0buCtLclrBbOA
|
||||||
|
5N9/NU1j2E+V7CStQ8C7P3DbEjYuwm9lB+A85HFaONXhT5ECQQDzAKw8j/+6M5Ib
|
||||||
|
asuO+Vj7WIelVaXJ2pjLrf78pQInYt1elO/bqqi4AMJu953OIY7dlDKlu1BPd+9J
|
||||||
|
5/lrw6q7AkEA0LxtXRfiJrcZdQf8X6Uq51hceQSbnkWB+d4CREMtAK2tpbsb/kJc
|
||||||
|
INvG2ncVb0MUbv/6jrlHZf7/oua6PpbaHQJBANpHT2+zVd33dxXjr2gFeTWFh4sv
|
||||||
|
TRXtovTKndJpkm64surD1FU4jgeCvySYjorbwA4vkfMnN/O6Yxq7ImP3xgMCQQDP
|
||||||
|
TYOTxAd/CbNHrnGvj7qnXfMg4TmoG0H1pM49ezWzicl+YfBwOPmETKEWENSB1m3x
|
||||||
|
u1nc6xeErZa280yeonTlAkAHzm/BUqAY8I1IMQMcNn4db9CJK3pRHRHjPxYMClWK
|
||||||
|
TPsLK5iak13+EZ6r9Lej/i1J4cujVh7ijA7J9zH+01Ve
|
||||||
|
-----END RSA PRIVATE KEY-----
|
|
@ -799,6 +799,107 @@ START_TEST(test05_sso_idp_with_key_rollover)
|
||||||
}
|
}
|
||||||
END_TEST
|
END_TEST
|
||||||
|
|
||||||
|
#define make_context(ctx, server_prefix, server_suffix, provider_role, \
|
||||||
|
provider_prefix, provider_suffix) \
|
||||||
|
ctx = lasso_server_new( \
|
||||||
|
TESTSDATADIR server_prefix "/metadata" server_suffix ".xml", \
|
||||||
|
TESTSDATADIR server_prefix "/private-key" server_suffix ".pem", \
|
||||||
|
NULL, /* Secret key to unlock private key */ \
|
||||||
|
TESTSDATADIR server_prefix "/certificate" server_suffix ".pem"); \
|
||||||
|
check_not_null(ctx); \
|
||||||
|
check_good_rc(lasso_server_add_provider( \
|
||||||
|
ctx, \
|
||||||
|
provider_role, \
|
||||||
|
TESTSDATADIR provider_prefix "/metadata" provider_suffix ".xml", \
|
||||||
|
NULL, \
|
||||||
|
NULL)); \
|
||||||
|
providers = g_hash_table_get_values(ctx->providers); \
|
||||||
|
check_not_null(providers); \
|
||||||
|
lasso_provider_set_encryption_mode(LASSO_PROVIDER(providers->data), \
|
||||||
|
LASSO_ENCRYPTION_MODE_ASSERTION | LASSO_ENCRYPTION_MODE_NAMEID); \
|
||||||
|
g_list_free(providers);
|
||||||
|
|
||||||
|
void
|
||||||
|
sso_sp_with_key_rollover(LassoServer *idp_context, LassoServer *sp_context)
|
||||||
|
{
|
||||||
|
LassoLogin *idp_login_context;
|
||||||
|
LassoLogin *sp_login_context;
|
||||||
|
|
||||||
|
check_not_null(idp_login_context = lasso_login_new(idp_context));
|
||||||
|
check_not_null(sp_login_context = lasso_login_new(sp_context))
|
||||||
|
|
||||||
|
/* Create response */
|
||||||
|
check_good_rc(lasso_login_init_idp_initiated_authn_request(idp_login_context,
|
||||||
|
"http://sp11/metadata"));
|
||||||
|
|
||||||
|
lasso_assign_string(LASSO_SAMLP2_AUTHN_REQUEST(idp_login_context->parent.request)->ProtocolBinding,
|
||||||
|
LASSO_SAML2_METADATA_BINDING_POST);
|
||||||
|
lasso_assign_string(LASSO_SAMLP2_AUTHN_REQUEST(idp_login_context->parent.request)->NameIDPolicy->Format,
|
||||||
|
LASSO_SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT);
|
||||||
|
LASSO_SAMLP2_AUTHN_REQUEST(idp_login_context->parent.request)->NameIDPolicy->AllowCreate = 1;
|
||||||
|
|
||||||
|
check_good_rc(lasso_login_process_authn_request_msg(idp_login_context, NULL));
|
||||||
|
check_good_rc(lasso_login_validate_request_msg(idp_login_context,
|
||||||
|
1, /* authentication_result */
|
||||||
|
0 /* is_consent_obtained */
|
||||||
|
));
|
||||||
|
|
||||||
|
check_good_rc(lasso_login_build_assertion(idp_login_context,
|
||||||
|
LASSO_SAML_AUTHENTICATION_METHOD_PASSWORD,
|
||||||
|
"FIXME: authenticationInstant",
|
||||||
|
"FIXME: reauthenticateOnOrAfter",
|
||||||
|
"FIXME: notBefore",
|
||||||
|
"FIXME: notOnOrAfter"));
|
||||||
|
check_good_rc(lasso_login_build_authn_response_msg(idp_login_context));
|
||||||
|
check_not_null(idp_login_context->parent.msg_body);
|
||||||
|
check_not_null(idp_login_context->parent.msg_url);
|
||||||
|
|
||||||
|
/* Process response */
|
||||||
|
check_good_rc(lasso_login_process_authn_response_msg(sp_login_context,
|
||||||
|
idp_login_context->parent.msg_body));
|
||||||
|
check_good_rc(lasso_login_accept_sso(sp_login_context));
|
||||||
|
|
||||||
|
/* Cleanup */
|
||||||
|
lasso_release_gobject(idp_login_context);
|
||||||
|
lasso_release_gobject(sp_login_context);
|
||||||
|
}
|
||||||
|
|
||||||
|
START_TEST(test06_sso_sp_with_key_rollover)
|
||||||
|
{
|
||||||
|
LassoServer *idp_context_before_rollover = NULL;
|
||||||
|
LassoServer *idp_context_after_rollover = NULL;
|
||||||
|
LassoServer *sp_context_before_rollover = NULL;
|
||||||
|
LassoServer *sp_context_after_rollover = NULL;
|
||||||
|
GList *providers;
|
||||||
|
|
||||||
|
/* Create an IdP context for IdP initiated SSO with provider metadata 1 */
|
||||||
|
make_context(idp_context_before_rollover, "idp6-saml2", "", LASSO_PROVIDER_ROLE_SP,
|
||||||
|
"sp11-multikey-saml2", "-before-rollover")
|
||||||
|
make_context(idp_context_after_rollover, "idp6-saml2", "", LASSO_PROVIDER_ROLE_SP,
|
||||||
|
"sp11-multikey-saml2", "-after-rollover")
|
||||||
|
make_context(sp_context_before_rollover, "sp11-multikey-saml2", "-before-rollover",
|
||||||
|
LASSO_PROVIDER_ROLE_IDP, "idp6-saml2", "")
|
||||||
|
lasso_server_set_encryption_private_key(sp_context_before_rollover,
|
||||||
|
TESTSDATADIR "sp11-multikey-saml2/private-key-after-rollover.pem");
|
||||||
|
make_context(sp_context_after_rollover, "sp11-multikey-saml2", "-after-rollover",
|
||||||
|
LASSO_PROVIDER_ROLE_IDP, "idp6-saml2", "")
|
||||||
|
lasso_server_set_encryption_private_key(sp_context_after_rollover,
|
||||||
|
TESTSDATADIR "sp11-multikey-saml2/private-key-before-rollover.pem");
|
||||||
|
|
||||||
|
/* Tests... */
|
||||||
|
sso_sp_with_key_rollover(idp_context_before_rollover, sp_context_before_rollover);
|
||||||
|
sso_sp_with_key_rollover(idp_context_after_rollover, sp_context_before_rollover);
|
||||||
|
sso_sp_with_key_rollover(idp_context_before_rollover, sp_context_after_rollover);
|
||||||
|
sso_sp_with_key_rollover(idp_context_after_rollover, sp_context_after_rollover);
|
||||||
|
|
||||||
|
/* Cleanup */
|
||||||
|
lasso_release_gobject(idp_context_before_rollover);
|
||||||
|
lasso_release_gobject(idp_context_after_rollover);
|
||||||
|
lasso_release_gobject(sp_context_before_rollover);
|
||||||
|
lasso_release_gobject(sp_context_after_rollover);
|
||||||
|
}
|
||||||
|
END_TEST
|
||||||
|
|
||||||
Suite*
|
Suite*
|
||||||
login_saml2_suite()
|
login_saml2_suite()
|
||||||
{
|
{
|
||||||
|
@ -808,16 +909,19 @@ login_saml2_suite()
|
||||||
TCase *tc_spLoginMemory = tcase_create("Login initiated by service provider without key loading");
|
TCase *tc_spLoginMemory = tcase_create("Login initiated by service provider without key loading");
|
||||||
TCase *tc_spSloSoap = tcase_create("Login initiated by service provider without key loading and with SLO SOAP");
|
TCase *tc_spSloSoap = tcase_create("Login initiated by service provider without key loading and with SLO SOAP");
|
||||||
TCase *tc_idpKeyRollover = tcase_create("Login initiated by idp, idp use two differents signing keys (simulate key roll-over)");
|
TCase *tc_idpKeyRollover = tcase_create("Login initiated by idp, idp use two differents signing keys (simulate key roll-over)");
|
||||||
|
TCase *tc_spKeyRollover = tcase_create("Login initiated by idp, sp use two differents encrypting keys (simulate key roll-over)");
|
||||||
suite_add_tcase(s, tc_generate);
|
suite_add_tcase(s, tc_generate);
|
||||||
suite_add_tcase(s, tc_spLogin);
|
suite_add_tcase(s, tc_spLogin);
|
||||||
suite_add_tcase(s, tc_spLoginMemory);
|
suite_add_tcase(s, tc_spLoginMemory);
|
||||||
suite_add_tcase(s, tc_spSloSoap);
|
suite_add_tcase(s, tc_spSloSoap);
|
||||||
suite_add_tcase(s, tc_idpKeyRollover);
|
suite_add_tcase(s, tc_idpKeyRollover);
|
||||||
|
suite_add_tcase(s, tc_spKeyRollover);
|
||||||
tcase_add_test(tc_generate, test01_saml2_generateServersContextDumps);
|
tcase_add_test(tc_generate, test01_saml2_generateServersContextDumps);
|
||||||
tcase_add_test(tc_spLogin, test02_saml2_serviceProviderLogin);
|
tcase_add_test(tc_spLogin, test02_saml2_serviceProviderLogin);
|
||||||
tcase_add_test(tc_spLoginMemory, test03_saml2_serviceProviderLogin);
|
tcase_add_test(tc_spLoginMemory, test03_saml2_serviceProviderLogin);
|
||||||
tcase_add_test(tc_spSloSoap, test04_sso_then_slo_soap);
|
tcase_add_test(tc_spSloSoap, test04_sso_then_slo_soap);
|
||||||
tcase_add_test(tc_idpKeyRollover, test05_sso_idp_with_key_rollover);
|
tcase_add_test(tc_idpKeyRollover, test05_sso_idp_with_key_rollover);
|
||||||
|
tcase_add_test(tc_spKeyRollover, test06_sso_sp_with_key_rollover);
|
||||||
return s;
|
return s;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue