151
149
char *spLoginDump;
152
char *artifact_message;
155
155
serviceProviderContextDump = generateServiceProviderContextDump();
156
156
spContext = lasso_server_new_from_dump(serviceProviderContextDump);
157
157
spLoginContext = lasso_login_new(spContext);
158
158
fail_unless(spLoginContext != NULL,
159
159
"lasso_login_new() shouldn't have returned NULL");
160
rc = lasso_login_init_authn_request(spLoginContext, "https://idp1/metadata",
161
LASSO_HTTP_METHOD_REDIRECT);
162
fail_unless(rc == 0, "lasso_login_init_authn_request failed");
160
check_good_rc(lasso_login_init_authn_request(spLoginContext, "https://idp1/metadata",
161
LASSO_HTTP_METHOD_REDIRECT));
163
162
request = LASSO_LIB_AUTHN_REQUEST(LASSO_PROFILE(spLoginContext)->request);
164
163
fail_unless(LASSO_IS_LIB_AUTHN_REQUEST(request), "request should be authn_request");
165
164
request->IsPassive = 0;
199
197
"lasso_login_process_authn_request_msg should restore the RelayState parameter");
200
198
fail_unless(lasso_strisequal(idpLoginContext->parent.msg_relayState,relayState),
201
199
"lasso_login_process_authn_request_msg should restore the same RelayState thant sent in the request");
202
rc = lasso_login_validate_request_msg(idpLoginContext,
200
check_good_rc(lasso_login_validate_request_msg(idpLoginContext,
203
201
1, /* authentication_result */
204
202
0 /* is_consent_obtained */
207
rc = lasso_login_build_assertion(idpLoginContext,
205
check_good_rc(lasso_login_build_assertion(idpLoginContext,
208
206
LASSO_SAML_AUTHENTICATION_METHOD_PASSWORD,
209
207
"FIXME: authenticationInstant",
210
208
"FIXME: reauthenticateOnOrAfter",
211
209
"FIXME: notBefore",
212
"FIXME: notOnOrAfter");
213
rc = lasso_login_build_artifact_msg(idpLoginContext, LASSO_HTTP_METHOD_REDIRECT);
214
fail_unless(rc == 0, "lasso_login_build_artifact_msg failed");
210
"FIXME: notOnOrAfter"));
211
check_good_rc(lasso_login_build_artifact_msg(idpLoginContext, LASSO_HTTP_METHOD_REDIRECT));
216
213
idpIdentityContextDump = lasso_identity_dump(LASSO_PROFILE(idpLoginContext)->identity);
217
214
fail_unless(idpIdentityContextDump != NULL,
231
228
serviceProviderId = g_strdup(LASSO_PROFILE(idpLoginContext)->remote_providerID);
232
229
fail_unless(serviceProviderId != NULL,
233
230
"lasso_profile_get_remote_providerID shouldn't return NULL");
231
if (lasso_flag_thin_sessions) {
232
/* when using thin sessions, the way artifact message is constructed changes as the
233
* session no more contains full assertions. */
234
artifact = g_strdup(lasso_profile_get_artifact(&idpLoginContext->parent));
235
artifact_message = g_strdup(lasso_profile_get_artifact_message(&idpLoginContext->parent));
235
238
/* Service provider assertion consumer */
236
239
lasso_server_destroy(spContext);
237
240
lasso_login_destroy(spLoginContext);
239
242
spContext = lasso_server_new_from_dump(serviceProviderContextDump);
243
check_true(LASSO_IS_SERVER(spContext));
240
244
spLoginContext = lasso_login_new_from_dump(spContext, spLoginDump);
241
rc = lasso_login_init_request(spLoginContext,
245
check_true(LASSO_IS_LOGIN(spLoginContext));
246
check_good_rc(lasso_login_init_request(spLoginContext,
243
LASSO_HTTP_METHOD_REDIRECT);
248
LASSO_HTTP_METHOD_REDIRECT));
244
249
fail_unless(spLoginContext->parent.msg_relayState != NULL,
245
250
"lasso_login_init_request should restore the RelayState parameter");
246
251
fail_unless(lasso_strisequal(spLoginContext->parent.msg_relayState,relayState),
247
252
"lasso_login_init_request should restore the same RelayState thant sent in the request");
248
253
fail_unless(rc == 0, "lasso_login_init_request failed");
249
rc = lasso_login_build_request_msg(spLoginContext);
254
check_good_rc(lasso_login_build_request_msg(spLoginContext));
250
255
fail_unless(rc == 0, "lasso_login_build_request_msg failed");
251
256
soapRequestMsg = LASSO_PROFILE(spLoginContext)->msg_body;
252
257
fail_unless(soapRequestMsg != NULL, "soapRequestMsg must not be NULL");
259
264
"requestType should be LASSO_REQUEST_TYPE_LOGIN");
261
266
idpContext = lasso_server_new_from_dump(identityProviderContextDump);
267
check_true(LASSO_IS_SERVER(idpContext));
262
268
idpLoginContext = lasso_login_new(idpContext);
263
rc = lasso_login_process_request_msg(idpLoginContext, soapRequestMsg);
264
fail_unless(rc == 0, "lasso_login_process_request_msg failed");
266
rc = lasso_profile_set_session_from_dump(LASSO_PROFILE(idpLoginContext),
267
idpSessionContextDump);
268
fail_unless(rc == 0, "lasso_login_set_assertion_from_dump failed");
269
rc = lasso_login_build_response_msg(idpLoginContext, serviceProviderId);
270
fail_unless(rc == 0, "lasso_login_build_response_msg failed");
269
check_true(LASSO_IS_LOGIN(idpLoginContext));
270
check_good_rc(lasso_login_process_request_msg(idpLoginContext, soapRequestMsg));
271
if (lasso_flag_thin_sessions) {
272
check_str_equals(idpLoginContext->assertionArtifact, artifact);
273
lasso_profile_set_artifact_message(&idpLoginContext->parent, artifact_message);
275
check_good_rc(lasso_profile_set_session_from_dump(LASSO_PROFILE(idpLoginContext),
276
idpSessionContextDump));
277
check_good_rc(lasso_login_build_response_msg(idpLoginContext, serviceProviderId));
271
278
soapResponseMsg = LASSO_PROFILE(idpLoginContext)->msg_body;
272
279
fail_unless(soapResponseMsg != NULL, "soapResponseMsg must not be NULL");
274
281
/* Service provider assertion consumer (step 2: process SOAP response) */
275
rc = lasso_login_process_response_msg(spLoginContext, soapResponseMsg);
276
fail_unless(rc == 0, "lasso_login_process_response_msg failed");
277
rc = lasso_login_accept_sso(spLoginContext);
278
fail_unless(rc == 0, "lasso_login_accept_sso failed");
282
check_good_rc(lasso_login_process_response_msg(spLoginContext, soapResponseMsg));
283
check_good_rc(lasso_login_accept_sso(spLoginContext));
279
284
fail_unless(LASSO_PROFILE(spLoginContext)->identity != NULL,
280
285
"spLoginContext has no identity");
281
286
spIdentityContextDump = lasso_identity_dump(LASSO_PROFILE(spLoginContext)->identity);
282
fail_unless(spIdentityContextDump != NULL, "lasso_identity_dump failed");
287
check_not_null(spIdentityContextDump);
283
288
spSessionDump = lasso_session_dump(LASSO_PROFILE(spLoginContext)->session);
289
check_not_null(spSessionDump);
285
291
/* Test InResponseTo checking */
286
292
found = strstr(soapResponseMsg, "Assertion");
289
295
fail_unless(found != NULL, "We must find an InResponseTo attribute");
290
296
found[sizeof("InResponseTo=\"")] = '?';
291
297
lasso_set_flag("no-verify-signature");
292
rc = lasso_login_process_response_msg(spLoginContext, soapResponseMsg);
298
begin_check_do_log(G_LOG_LEVEL_DEBUG, " If inResponseTo attribute is present, a matching "
299
"request must be present too in the LassoLogin object", TRUE);
300
check_not_equals(lasso_login_process_response_msg(spLoginContext, soapResponseMsg), 0);
293
302
lasso_set_flag("verify-signature");
294
fail_unless(rc != 0, "lasso_login_process_response_msg must fail");
295
rc = lasso_login_accept_sso(spLoginContext);
303
check_good_rc(lasso_login_accept_sso(spLoginContext));
296
304
fail_unless(rc == 0, "lasso_login_accept_sso must fail");
298
306
g_free(spLoginDump);
452
469
g_object_unref(idpLoginContext);
473
START_TEST(test04_multiple_dump_cycle)
475
char *serviceProviderContextDump, *identityProviderContextDump;
476
LassoServer *spContext, *idpContext;
477
LassoLogin *spLoginContext, *idpLoginContext;
478
LassoLibAuthnRequest *request;
481
char *authnRequestUrl, *authnRequestQuery;
482
char *idpLoginContextDump;
484
serviceProviderContextDump = generateServiceProviderContextDump();
485
spContext = lasso_server_new_from_dump(serviceProviderContextDump);
486
spLoginContext = lasso_login_new(spContext);
487
fail_unless(spLoginContext != NULL,
488
"lasso_login_new() shouldn't have returned NULL");
489
rc = lasso_login_init_authn_request(spLoginContext, "https://idp1/metadata",
490
LASSO_HTTP_METHOD_REDIRECT);
491
fail_unless(rc == 0, "lasso_login_init_authn_request failed");
492
request = LASSO_LIB_AUTHN_REQUEST(LASSO_PROFILE(spLoginContext)->request);
493
fail_unless(LASSO_IS_LIB_AUTHN_REQUEST(request), "request should be authn_request");
494
request->IsPassive = 0;
495
request->NameIDPolicy = g_strdup(LASSO_LIB_NAMEID_POLICY_TYPE_FEDERATED);
496
request->consent = g_strdup(LASSO_LIB_CONSENT_OBTAINED);
498
request->RelayState = g_strdup(relayState);
499
rc = lasso_login_build_authn_request_msg(spLoginContext);
500
fail_unless(rc == 0, "lasso_login_build_authn_request_msg failed");
501
authnRequestUrl = LASSO_PROFILE(spLoginContext)->msg_url;
502
fail_unless(authnRequestUrl != NULL,
503
"authnRequestUrl shouldn't be NULL");
504
authnRequestQuery = strchr(authnRequestUrl, '?')+1;
505
fail_unless(strlen(authnRequestQuery) > 0,
506
"authnRequestRequest shouldn't be an empty string");
508
/* Identity provider singleSignOn, for a user having no federation. */
509
identityProviderContextDump = generateIdentityProviderContextDumpMemory();
510
idpContext = lasso_server_new_from_dump(identityProviderContextDump);
511
idpLoginContext = lasso_login_new(idpContext);
512
fail_unless(idpLoginContext != NULL,
513
"lasso_login_new() shouldn't have returned NULL");
514
rc = lasso_login_process_authn_request_msg(idpLoginContext, authnRequestQuery);
515
fail_unless(rc == 0, "lasso_login_process_authn_request_msg failed");
516
idpLoginContextDump = lasso_login_dump(idpLoginContext);
517
check_not_null(idpLoginContextDump);
518
g_object_unref(idpLoginContext);
519
idpLoginContext = lasso_login_new_from_dump(idpContext, idpLoginContextDump);
520
check_not_null(idpLoginContext);
521
g_free(idpLoginContextDump);
522
idpLoginContextDump = lasso_login_dump(idpLoginContext);
523
check_not_null(idpLoginContextDump);
524
g_object_unref(idpLoginContext);
525
idpLoginContext = lasso_login_new_from_dump(idpContext, idpLoginContextDump);
526
check_not_null(idpLoginContext);
527
g_free(idpLoginContextDump);
528
g_free(serviceProviderContextDump);
529
g_free(identityProviderContextDump);
530
g_object_unref(spContext);
531
g_object_unref(idpContext);
532
g_object_unref(spLoginContext);
533
g_object_unref(idpLoginContext);
458
Suite *s = suite_create("Login");
542
Suite *s = suite_create("Login using ID-FF 1.2");
459
543
TCase *tc_generate = tcase_create("Generate Server Contexts");
460
544
TCase *tc_spLogin = tcase_create("Login initiated by service provider");
461
545
TCase *tc_spLoginMemory = tcase_create("Login initiated by service provider without key loading");
546
TCase *tc_spMultipleDumpCycle = tcase_create("Dump and load Login object multiple times");
462
547
suite_add_tcase(s, tc_generate);
463
548
suite_add_tcase(s, tc_spLogin);
464
549
suite_add_tcase(s, tc_spLoginMemory);
550
suite_add_tcase(s, tc_spMultipleDumpCycle);
465
551
tcase_add_test(tc_generate, test01_generateServersContextDumps);
466
552
tcase_add_test(tc_spLogin, test02_serviceProviderLogin);
467
553
tcase_add_test(tc_spLoginMemory, test03_serviceProviderLogin);
554
tcase_add_test(tc_spMultipleDumpCycle, test04_multiple_dump_cycle);