Support for binding attribute in outbound AuthnRequests

- Fixes #466
Sustainsys · Aug 22, 2016 · 25a7ec8 · 25a7ec8
2 parents 9190560 + cc862df
commit 25a7ec8
Show file tree

Hide file tree

Showing 4 changed files with 78 additions and 0 deletions.
diff --git a/Kentor.AuthServices.Tests/Saml2P/Saml2AuthenticationRequestTests.cs b/Kentor.AuthServices.Tests/Saml2P/Saml2AuthenticationRequestTests.cs
@@ -359,6 +359,18 @@ public void Saml2AuthenticationRequest_ToXElement_AddsRequestedAuthnContext_Comp
             Saml2AuthenticationRequest_ToXElement_AddsRequestedAuthnContextUtil(AuthnContextComparisonType.Better, "better");
         }
 
+        [TestMethod]
+        public void Saml2AuthenticationRequest_ToXElement_AddsProtocolBinding_HttpPost()
+        {
+            Saml2AuthenticationRequest_ToXElement_AddsProtocolBinding(AuthServices.WebSso.Saml2BindingType.HttpPost, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
+        }
+
+        [TestMethod]
+        public void Saml2AuthenticationRequest_ToXElement_AddsProtocolBinding_Artifact()
+        {
+            Saml2AuthenticationRequest_ToXElement_AddsProtocolBinding(AuthServices.WebSso.Saml2BindingType.Artifact, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact");
+        }
+
         [TestMethod]
         public void Saml2AuthenticationRequest_ToXElement_OmitsRequestedAuthnContext_OnNullClassRef()
         {
@@ -416,5 +428,16 @@ private void Saml2AuthenticationRequest_ToXElement_AddsRequestedAuthnContextUtil
 
             actual.Should().BeEquivalentTo(expected);
         }
+
+        private void Saml2AuthenticationRequest_ToXElement_AddsProtocolBinding(AuthServices.WebSso.Saml2BindingType protocolBinding, string expectedProtocolBinding)
+        {
+            var subject = new Saml2AuthenticationRequest()
+            {
+                AssertionConsumerServiceUrl = new Uri("http://destination.example.com"),
+                Binding = protocolBinding
+            }.ToXElement();
+
+            subject.Attribute("ProtocolBinding").Value.Should().Be(expectedProtocolBinding);
+        }
     }
 }
diff --git a/Kentor.AuthServices.Tests/WebSSO/Saml2BindingTests.cs b/Kentor.AuthServices.Tests/WebSSO/Saml2BindingTests.cs
@@ -187,5 +187,27 @@ public void Saml2Binding_UriToSaml2BindingType_Nullcheck()
 
             a.ShouldThrow<ArgumentNullException>().And.ParamName.Should().Be("uri");
         }
+
+        [TestMethod]
+        public void Saml2Binding_Saml2BindingTypeToUri_Artifact()
+        {
+            Saml2Binding.Saml2BindingTypeToUri(Saml2BindingType.Artifact)
+                .Should().Be(Saml2Binding.HttpArtifactUri);
+        }
+
+        [TestMethod]
+        public void Saml2Binding_Saml2BindingTypeToUri_Post()
+        {
+            Saml2Binding.Saml2BindingTypeToUri(Saml2BindingType.HttpPost)
+                .Should().Be(Saml2Binding.HttpPostUri);
+        }
+
+        [TestMethod]
+        public void Saml2Binding_Saml2BindingTypeToUri_Unknown()
+        {
+            Action a = () => Saml2Binding.Saml2BindingTypeToUri(Saml2BindingType.HttpRedirect);
+
+            a.ShouldThrow<ArgumentException>().And.Message.Should().Be("Unknown Saml2 Binding Type \"HttpRedirect\".");
+        }
     }
 }
diff --git a/Kentor.AuthServices/SAML2P/Saml2AuthenticationRequest.cs b/Kentor.AuthServices/SAML2P/Saml2AuthenticationRequest.cs
@@ -43,6 +43,10 @@ public XElement ToXElement()
             var x = new XElement(Saml2Namespaces.Saml2P + LocalName);
 
             x.Add(base.ToXNodes());
+            if (Binding.HasValue)
+            {
+                x.AddAttributeIfNotNullOrEmpty("ProtocolBinding", Saml2Binding.Saml2BindingTypeToUri(Binding.Value));
+            }
             x.AddAttributeIfNotNullOrEmpty("AssertionConsumerServiceURL", AssertionConsumerServiceUrl);
             x.AddAttributeIfNotNullOrEmpty("AttributeConsumingServiceIndex", AttributeConsumingServiceIndex);
             if (ForceAuthentication)
@@ -206,6 +210,11 @@ public Saml2AuthenticationRequest(XmlElement xml, string relayState)
         /// </summary>
         public Saml2RequestedAuthnContext RequestedAuthnContext { get; set; }
 
+        /// <summary>
+        /// Saml2BindingType.
+        /// </summary>
+        public Saml2BindingType? Binding { get; set; }
+
         /// <summary>
         /// Sets whether request should force the idp to authenticate the presenter directly, 
         /// rather than rely on a previous security context.

diff --git a/Kentor.AuthServices/WebSSO/Saml2Binding.cs b/Kentor.AuthServices/WebSSO/Saml2Binding.cs
@@ -153,6 +153,12 @@ public static Saml2Binding Get(HttpRequestData request)
             { HttpPostUri, Saml2BindingType.HttpPost }
         };
 
+        private readonly static IDictionary<Saml2BindingType, Uri> bindingUriMap = new Dictionary<Saml2BindingType, Uri>()
+        {
+            { Saml2BindingType.HttpPost, HttpPostUri },
+            { Saml2BindingType.Artifact, HttpArtifactUri }
+        };
+
         /// <summary>
         /// Gets the Saml2BindingType enum value for a Saml2Binding type uri, where the
         /// uri should be one specified in the standard.
@@ -176,5 +182,23 @@ public static Saml2BindingType UriToSaml2BindingType(Uri uri)
             var msg = string.Format(CultureInfo.InvariantCulture, "Unknown Saml2 Binding Uri \"{0}\".", uri);
             throw new ArgumentException(msg);
         }
+
+        /// <summary>
+        /// Gets the Uri for a Saml2BindingType.
+        /// </summary>
+        /// <param name="type">Saml2BindingType</param>
+        /// <returns>Uri constant for the speicified Binding Type</returns>
+        /// <exception cref="ArgumentException">If the type is not mapped.</exception>
+        public static Uri Saml2BindingTypeToUri(Saml2BindingType type)
+        {
+            Uri uri;
+            if (bindingUriMap.TryGetValue(type, out uri))
+            {
+                return uri;
+            }
+
+            var msg = string.Format(CultureInfo.InvariantCulture, "Unknown Saml2 Binding Type \"{0}\".", type);
+            throw new ArgumentException(msg);
+        }
     }
 }