github.com/vmware/go-vcloud-director/v2@v2.24.0/govcd/org_saml_test.go (about) 1 //go:build org || functional || ALL 2 3 /* 4 * Copyright 2023 VMware, Inc. All rights reserved. Licensed under the Apache v2 License. 5 */ 6 7 package govcd 8 9 import ( 10 _ "embed" 11 "encoding/xml" 12 "fmt" 13 "github.com/kr/pretty" 14 "github.com/vmware/go-vcloud-director/v2/types/v56" 15 . "gopkg.in/check.v1" 16 ) 17 18 //go:embed test-resources/saml-test-idp.xml 19 var externalMetadata string 20 21 func (vcd *TestVCD) Test_OrgSamlSettingsCRUD(check *C) { 22 23 if !vcd.client.Client.IsSysAdmin { 24 check.Skip("test requires system administrator privileges") 25 } 26 27 orgName := check.TestName() 28 29 task, err := CreateOrg(vcd.client, orgName, orgName, orgName, &types.OrgSettings{}, true) 30 check.Assert(err, IsNil) 31 check.Assert(task, NotNil) 32 AddToCleanupList(orgName, "org", "", check.TestName()) 33 err = task.WaitTaskCompletion() 34 check.Assert(err, IsNil) 35 36 adminOrg, err := vcd.client.GetAdminOrgByName(orgName) 37 check.Assert(err, IsNil) 38 check.Assert(adminOrg, NotNil) 39 40 settings, err := adminOrg.GetFederationSettings() 41 check.Assert(err, IsNil) 42 check.Assert(settings, NotNil) 43 44 if testVerbose { 45 fmt.Printf("# 1 %# v\n", pretty.Formatter(settings)) 46 } 47 48 metadata, err := adminOrg.GetServiceProviderSamlMetadata() 49 check.Assert(err, IsNil) 50 check.Assert(metadata, NotNil) 51 if testVerbose { 52 fmt.Printf("# 2 %# v\n", pretty.Formatter(metadata)) 53 } 54 55 metadataText, err := xml.Marshal(metadata) 56 check.Assert(err, IsNil) 57 settings.SAMLMetadata = string(metadataText) 58 settings.SamlSPEntityID = "dummyId" 59 settings.Enabled = true 60 settings.SamlAttributeMapping.EmailAttributeName = "email" 61 settings.SamlAttributeMapping.UserNameAttributeName = "uname" 62 settings.SamlAttributeMapping.FirstNameAttributeName = "fname" 63 settings.SamlAttributeMapping.SurnameAttributeName = "lname" 64 settings.SamlAttributeMapping.FullNameAttributeName = "fullname" 65 settings.SamlAttributeMapping.RoleAttributeName = "role" 66 settings.SamlAttributeMapping.GroupAttributeName = "group" 67 // Use a service provider metadata, without proper namespace settings: expecting an error 68 newSetting, err := adminOrg.SetFederationSettings(settings) 69 check.Assert(err, NotNil) 70 check.Assert(err.Error(), Matches, "(?i).*bad request.*is not a valid SAML 2.0 metadata document.*") 71 check.Assert(newSetting, IsNil) 72 73 // Add namespace definitions to the metadata, and this time it will pass 74 newMetadataText, err := normalizeServiceProviderSamlMetadata(string(metadataText)) 75 check.Assert(err, IsNil) 76 settings.SAMLMetadata = newMetadataText 77 newSetting, err = adminOrg.SetFederationSettings(settings) 78 check.Assert(err, IsNil) 79 check.Assert(newSetting, NotNil) 80 81 check.Assert(err, IsNil) 82 settings.SAMLMetadata = externalMetadata 83 newSetting, err = adminOrg.SetFederationSettings(settings) 84 check.Assert(err, IsNil) 85 check.Assert(newSetting, NotNil) 86 check.Assert(newSetting.SamlSPEntityID, Equals, "dummyId") 87 check.Assert(newSetting.Enabled, Equals, true) 88 check.Assert(newSetting.SamlAttributeMapping.EmailAttributeName, Equals, "email") 89 check.Assert(newSetting.SamlAttributeMapping.FirstNameAttributeName, Equals, "fname") 90 check.Assert(newSetting.SamlAttributeMapping.SurnameAttributeName, Equals, "lname") 91 check.Assert(newSetting.SamlAttributeMapping.FullNameAttributeName, Equals, "fullname") 92 check.Assert(newSetting.SamlAttributeMapping.UserNameAttributeName, Equals, "uname") 93 check.Assert(newSetting.SamlAttributeMapping.RoleAttributeName, Equals, "role") 94 check.Assert(newSetting.SamlAttributeMapping.GroupAttributeName, Equals, "group") 95 check.Assert(newSetting, NotNil) 96 97 err = adminOrg.UnsetFederationSettings() 98 check.Assert(err, IsNil) 99 err = adminOrg.Refresh() 100 check.Assert(err, IsNil) 101 newSettings, err := adminOrg.GetFederationSettings() 102 check.Assert(err, IsNil) 103 check.Assert(newSettings.SamlSPEntityID, Equals, "dummyId") 104 check.Assert(newSettings.Enabled, Equals, false) 105 106 err = adminOrg.Disable() 107 check.Assert(err, IsNil) 108 err = adminOrg.Delete(true, true) 109 check.Assert(err, IsNil) 110 } 111 112 func (vcd *TestVCD) TestClient_RetrieveRemoteDoc(check *C) { 113 // samltest.id is a well known test site for SAML services 114 metadataUrl := "https://samltest.id/saml/idp" 115 metadata, err := vcd.client.Client.RetrieveRemoteDocument(metadataUrl) 116 check.Assert(err, IsNil) 117 check.Assert(metadata, NotNil) 118 errors := ValidateSamlServiceProviderMetadata(string(metadata)) 119 check.Assert(errors, IsNil) 120 } 121 122 func (vcd *TestVCD) TestClient_RetrieveRemoteSamlMetadata(check *C) { 123 if vcd.config.VCD.Org == "" { 124 check.Skip("No organization found") 125 } 126 adminOrg, err := vcd.client.GetAdminOrgByName(vcd.config.VCD.Org) 127 check.Assert(err, IsNil) 128 check.Assert(adminOrg, NotNil) 129 metadataText, err := adminOrg.RetrieveServiceProviderSamlMetadata() 130 check.Assert(err, IsNil) 131 errors := ValidateSamlServiceProviderMetadata(metadataText) 132 check.Assert(errors, IsNil) 133 }