github.com/crewjam/saml@v0.4.14/metadata_test.go (about) 1 package saml 2 3 import ( 4 "encoding/xml" 5 "testing" 6 "time" 7 8 "gotest.tools/assert" 9 is "gotest.tools/assert/cmp" 10 "gotest.tools/golden" 11 ) 12 13 func TestCanParseMetadata(t *testing.T) { 14 buf := golden.Get(t, "TestCanParseMetadata_metadata.xml") 15 16 metadata := EntityDescriptor{} 17 err := xml.Unmarshal(buf, &metadata) 18 assert.Check(t, err) 19 20 var False = false 21 var True = true 22 23 expected := EntityDescriptor{ 24 EntityID: "https://dev.aa.kndr.org/users/auth/saml/metadata", 25 ID: "_af805d1c-c2e3-444e-9cf5-efc664eeace6", 26 ValidUntil: time.Date(2001, time.February, 3, 4, 5, 6, 789000000, time.UTC), 27 CacheDuration: time.Hour, 28 SPSSODescriptors: []SPSSODescriptor{ 29 { 30 XMLName: xml.Name{Space: "urn:oasis:names:tc:SAML:2.0:metadata", Local: "SPSSODescriptor"}, 31 SSODescriptor: SSODescriptor{ 32 RoleDescriptor: RoleDescriptor{ 33 ProtocolSupportEnumeration: "urn:oasis:names:tc:SAML:2.0:protocol", 34 }, 35 }, 36 AuthnRequestsSigned: &False, 37 WantAssertionsSigned: &False, 38 AssertionConsumerServices: []IndexedEndpoint{ 39 { 40 Binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", 41 Location: "https://dev.aa.kndr.org/users/auth/saml/callback", 42 Index: 0, 43 IsDefault: &True, 44 }, 45 }, 46 AttributeConsumingServices: []AttributeConsumingService{ 47 { 48 Index: 1, 49 IsDefault: &True, 50 ServiceNames: []LocalizedName{{Lang: "en", Value: "Required attributes"}}, 51 RequestedAttributes: []RequestedAttribute{ 52 { 53 Attribute: Attribute{ 54 FriendlyName: "Email address", 55 Name: "email", 56 NameFormat: "urn:oasis:names:tc:SAML:2.0:attrname-format:basic", 57 }, 58 }, 59 { 60 Attribute: Attribute{ 61 FriendlyName: "Full name", 62 Name: "name", 63 NameFormat: "urn:oasis:names:tc:SAML:2.0:attrname-format:basic", 64 }, 65 }, 66 { 67 Attribute: Attribute{ 68 FriendlyName: "Given name", 69 Name: "first_name", 70 NameFormat: "urn:oasis:names:tc:SAML:2.0:attrname-format:basic", 71 }, 72 }, 73 { 74 Attribute: Attribute{ 75 FriendlyName: "Family name", 76 Name: "last_name", 77 NameFormat: "urn:oasis:names:tc:SAML:2.0:attrname-format:basic", 78 }, 79 }, 80 }, 81 }, 82 }, 83 }, 84 }, 85 } 86 assert.Check(t, is.DeepEqual(expected, metadata)) 87 88 } 89 90 func TestCanProduceSPMetadata(t *testing.T) { 91 validUntil, _ := time.Parse("2006-01-02T15:04:05.000000", "2013-03-10T00:32:19.104000") 92 AuthnRequestsSigned := true 93 WantAssertionsSigned := true 94 metadata := EntityDescriptor{ 95 EntityID: "http://localhost:5000/e087a985171710fb9fb30f30f41384f9/saml2/metadata/", 96 ValidUntil: validUntil, 97 CacheDuration: time.Hour, 98 SPSSODescriptors: []SPSSODescriptor{ 99 { 100 AuthnRequestsSigned: &AuthnRequestsSigned, 101 WantAssertionsSigned: &WantAssertionsSigned, 102 SSODescriptor: SSODescriptor{ 103 RoleDescriptor: RoleDescriptor{ 104 ProtocolSupportEnumeration: "urn:oasis:names:tc:SAML:2.0:protocol", 105 KeyDescriptors: []KeyDescriptor{ 106 { 107 Use: "encryption", 108 KeyInfo: KeyInfo{ 109 X509Data: X509Data{ 110 X509Certificates: []X509Certificate{ 111 { 112 Data: `MIIB7zCCAVgCCQDFzbKIp7b3MTANBgkqhkiG9w0BAQUFADA8MQswCQYDVQQGEwJVUzELMAkGA1UE 113 CAwCR0ExDDAKBgNVBAoMA2ZvbzESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTEzMTAwMjAwMDg1MVoX 114 DTE0MTAwMjAwMDg1MVowPDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkdBMQwwCgYDVQQKDANmb28x 115 EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1PMHYmhZj308 116 kWLhZVT4vOulqx/9ibm5B86fPWwUKKQ2i12MYtz07tzukPymisTDhQaqyJ8Kqb/6JjhmeMnEOdTv 117 SPmHO8m1ZVveJU6NoKRn/mP/BD7FW52WhbrUXLSeHVSKfWkNk6S4hk9MV9TswTvyRIKvRsw0X/gf 118 nqkroJcCAwEAATANBgkqhkiG9w0BAQUFAAOBgQCMMlIO+GNcGekevKgkakpMdAqJfs24maGb90Dv 119 TLbRZRD7Xvn1MnVBBS9hzlXiFLYOInXACMW5gcoRFfeTQLSouMM8o57h0uKjfTmuoWHLQLi6hnF+ 120 cvCsEFiJZ4AbF+DgmO6TarJ8O05t8zvnOwJlNCASPZRH/JmF8tX0hoHuAQ==`, 121 }, 122 }, 123 }, 124 }, 125 }, 126 { 127 Use: "signing", 128 KeyInfo: KeyInfo{ 129 X509Data: X509Data{ 130 X509Certificates: []X509Certificate{ 131 { 132 Data: `MIIB7zCCAVgCCQDFzbKIp7b3MTANBgkqhkiG9w0BAQUFADA8MQswCQYDVQQGEwJVUzELMAkGA1UE 133 CAwCR0ExDDAKBgNVBAoMA2ZvbzESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTEzMTAwMjAwMDg1MVoX 134 DTE0MTAwMjAwMDg1MVowPDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkdBMQwwCgYDVQQKDANmb28x 135 EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1PMHYmhZj308 136 kWLhZVT4vOulqx/9ibm5B86fPWwUKKQ2i12MYtz07tzukPymisTDhQaqyJ8Kqb/6JjhmeMnEOdTv 137 SPmHO8m1ZVveJU6NoKRn/mP/BD7FW52WhbrUXLSeHVSKfWkNk6S4hk9MV9TswTvyRIKvRsw0X/gf 138 nqkroJcCAwEAATANBgkqhkiG9w0BAQUFAAOBgQCMMlIO+GNcGekevKgkakpMdAqJfs24maGb90Dv 139 TLbRZRD7Xvn1MnVBBS9hzlXiFLYOInXACMW5gcoRFfeTQLSouMM8o57h0uKjfTmuoWHLQLi6hnF+ 140 cvCsEFiJZ4AbF+DgmO6TarJ8O05t8zvnOwJlNCASPZRH/JmF8tX0hoHuAQ==`, 141 }, 142 }, 143 }, 144 }, 145 }, 146 }, 147 }, 148 149 SingleLogoutServices: []Endpoint{{ 150 Binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", 151 Location: "http://localhost:5000/e087a985171710fb9fb30f30f41384f9/saml2/ls/", 152 }}, 153 }, 154 155 AssertionConsumerServices: []IndexedEndpoint{{ 156 Binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", 157 Location: "http://localhost:5000/e087a985171710fb9fb30f30f41384f9/saml2/ls/", 158 Index: 1, 159 }}, 160 }, 161 }, 162 } 163 164 buf, err := xml.MarshalIndent(metadata, "", " ") 165 assert.Check(t, err) 166 golden.Assert(t, string(buf), "TestCanProduceSPMetadata_expected") 167 } 168 169 func TestMetadataValidatesUrlSchemeForProtocolBinding(t *testing.T) { 170 buf := golden.Get(t, "TestMetadataValidatesUrlSchemeForProtocolBinding_metadata.xml") 171 172 metadata := EntityDescriptor{} 173 err := xml.Unmarshal(buf, &metadata) 174 assert.Error(t, err, "invalid url scheme \"javascript\" for binding \"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"") 175 }