Merge bdff930 into bff8404

Kentor.AuthServices.Tests/App.config

@@ -5,7 +5,9 @@
     <section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
     <section name="kentor.authServices" type="Kentor.AuthServices.Configuration.KentorAuthServicesSection, Kentor.AuthServices" />
   </configSections>
-  <kentor.authServices entityId="https://github.com/KentorIT/authservices" returnUrl="http://localhost/LoggedIn">
+  <kentor.authServices entityId="https://github.com/KentorIT/authservices" returnUrl="http://localhost/LoggedIn"
+                       defaultAuthenticateRequestSigningAlgorithm="RsaSecureHashAlgorithm1"
+                       >
     <nameIdPolicy allowCreate="true" format="EntityIdentifier"/>
     <requestedAuthnContext classRef="PasswordProtectedTransport" comparison="Minimum"/>
     <metadata cacheDuration="0:0:42" validDuration="12:13:14">
@@ -41,6 +43,18 @@
         <signingCertificate fileName="Kentor.AuthServices.Tests.pfx" />
       </add>
       <add entityId="http://localhost:13428/idpMetadata" allowUnsolicitedAuthnResponse="true" loadMetadata="true" />
+      <add entityId="https://idp4.example.com"
+           signOnUrl="https://idp4.example.com/idp"
+           allowUnsolicitedAuthnResponse="false"
+           binding="HttpPost"
+           authenticateRequestSigningAlgorithm="RsaSecureHashAlgorithm256"
+           useSpecificAuthenticateRequestSigningAlgorithm="true"
+           wantAuthnRequestsSigned="true">
+        <signingCertificate fileName="Kentor.AuthServices.Tests.pfx" />
+      </add>
+
+
+
     </identityProviders>
     <federations>
       <add metadataLocation="http://localhost:13428/federationMetadata" allowUnsolicitedAuthnResponse="true" />

Kentor.AuthServices.Tests/IdentityProviderTests.cs

@@ -87,6 +87,7 @@ public void IdentityProvider_CreateAuthenticateRequest_BasicInfo()
 
             subject.ShouldBeEquivalentTo(expected, opt => opt
             .Excluding(au => au.Id)
+            .Excluding(au=>au.SigningAlgorithm)
             .Excluding(au => au.RelayState));
 
             subject.RelayState.Should().HaveLength(56);
@@ -113,6 +114,7 @@ public void IdentityProvider_CreateAuthenticateRequest_PublicOrigin()
 
             subject.ShouldBeEquivalentTo(expected, opt => opt
             .Excluding(au => au.Id)
+            .Excluding(au => au.SigningAlgorithm)
             .Excluding(au => au.RelayState));
         }
 
@@ -137,6 +139,7 @@ public void IdentityProvider_CreateAuthenticateRequest_NoAttributeIndex()
 
             subject.ShouldBeEquivalentTo(expected, opt => opt
                 .Excluding(au => au.Id)
+                .Excluding(au => au.SigningAlgorithm)
                 .Excluding(au => au.RelayState));
         }
 

Kentor.AuthServices.Tests/Owin/KentorAuthServicesAuthenticationMiddlewareTests.cs

@@ -204,6 +204,43 @@ public async Task KentorAuthServicesAuthenticationMiddleware_CreatesPostOnAuthCh
             }
         }
 
+
+        [TestMethod]
+        public async Task KentorAuthServicesAuthenticationMiddleware_CreatesSignedPostOnAuthChallenge()
+        {
+            var middleware = new KentorAuthServicesAuthenticationMiddleware(
+                new StubOwinMiddleware(401, new AuthenticationResponseChallenge(
+                    new string[] { "KentorAuthServices" }, new AuthenticationProperties(
+                        new Dictionary<string, string>()
+                        {
+                            { "idp", "https://idp4.example.com" }
+                        }))),
+                CreateAppBuilder(),
+                new KentorAuthServicesAuthenticationOptions(true)
+                );
+
+            var context = OwinTestHelpers.CreateOwinContext();
+
+            await middleware.Invoke(context);
+
+            context.Response.StatusCode.Should().Be(200);
+            context.Response.Body.Seek(0, SeekOrigin.Begin);
+
+            // Fix to #295, where content length is incorrectly set to 0 by the
+            // next middleware. It appears as it works if the content length is
+            // simply removed. See discussion in GitHub issue #295.
+            context.Response.ContentLength.Should().NotHaveValue();
+
+            using (var reader = new StreamReader(context.Response.Body))
+            {
+                string bodyContent = reader.ReadToEnd();
+
+                // Checking some random stuff in body to make sure it looks like a SAML Post.
+                bodyContent.Should().Contain("<form action");
+                bodyContent.Should().Contain("<input type=\"hidden\" name=\"SAMLRequest\"");
+            }
+        }
+
         [TestMethod]
         public async Task KentorAuthServicesAuthenticationMiddleware_CreatesRedirectOnAuthRevoke()
         {

Kentor.AuthServices.Tests/Saml2P/Saml2ResponseTests.cs

@@ -60,6 +60,7 @@ public void Saml2Response_Read_BasicParams()
                 expected, opt => opt
                     .Excluding(s => s.XmlElement)
                     .Excluding(s => s.SigningCertificate)
+                    .Excluding(s => s.SigningAlgorithm)
                     .Excluding(s => s.SessionNotOnOrAfter));
         }
 

Kentor.AuthServices.Tests/WebSSO/Saml2MessageImplementation.cs

@@ -25,6 +25,7 @@ public string ToXml()
         public string XmlData { get; set; }
 
         public X509Certificate2 SigningCertificate { get; set; }
+        public string SigningAlgorithm { get; set; }
 
         public EntityId Issuer { get; set; }
     }