backfill tests: SAML SP metadata

- in preparation for replacing the EOL spring saml extension lib with spring security core saml, adding more test coverage on the SAML SP metadata - tests that SAML SP metadata matches the UAA configs (in the context of this test, the UAA configs are from the local uaa.yml used to start a local server) - also explicitly declare some SAML-SP-related fields in the said local uaa.yml to make the inputs to the test clearer [#186986697]
cloudfoundry · Mar 21, 2024 · 88ecdd8 · 88ecdd8
1 parent d0600be
commit 88ecdd8
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 2 deletions.
diff --git a/uaa/src/main/resources/uaa.yml b/uaa/src/main/resources/uaa.yml
@@ -405,9 +405,9 @@ login:
     #Local/SP metadata - requests signed
     signRequest: true
     #Local/SP metadata - want incoming assertions signed
-    #wantAssertionSigned: true
+    wantAssertionSigned: true
     #Algorithm for SAML signatures. Defaults to SHA1.  Accepts SHA1, SHA256, SHA512
-    #signatureAlgorithm: SHA256
+    signatureAlgorithm: SHA256
     socket:
       # URL metadata fetch - pool timeout
       connectionManagerTimeout: 10000

diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginIT.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginIT.java
@@ -12,7 +12,9 @@
  *******************************************************************************/
 package org.cloudfoundry.identity.uaa.integration.feature;
 
+import java.io.BufferedReader;
 import java.io.IOException;
+import java.io.InputStreamReader;
 import java.net.HttpURLConnection;
 import java.net.URL;
 import java.net.URLEncoder;
@@ -201,6 +203,34 @@ public void clearWebDriverOfCookies() {
         SamlLogoutAuthSourceEndpoint.logoutAuthSource_goesToSamlWelcomePage(webDriver, IntegrationTestUtils.SIMPLESAMLPHP_UAA_ACCEPTANCE, SAML_AUTH_SOURCE);
     }
 
+    @Test
+    public void testSamlSPMetadata() throws IOException {
+        String command = "curl -k http://localhost:8080/uaa/saml/metadata";
+        Process process = Runtime.getRuntime().exec(command);
+        BufferedReader stdInput = new BufferedReader(new
+                InputStreamReader(process.getInputStream()));
+
+        StringBuilder samlSpMetadata = new StringBuilder();
+        String line;
+        while ((line = stdInput.readLine()) != null) {
+            samlSpMetadata.append(line);
+        }
+
+        // The SAML SP metadata should match the following UAA configs:
+        // login.entityID
+        assertThat(samlSpMetadata.toString(), containsString("entityID=\"cloudfoundry-saml-login\""));
+        // login.saml.signatureAlgorithm
+        assertThat(samlSpMetadata.toString(), containsString("<ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/>"));
+        // login.saml.signRequest
+        assertThat(samlSpMetadata.toString(), containsString("AuthnRequestsSigned=\"true\""));
+        // login.saml.wantAssertionSigned
+        assertThat(samlSpMetadata.toString(), containsString("WantAssertionsSigned=\"true\""));
+        // login.saml.nameID
+        assertThat(samlSpMetadata.toString(), containsString("<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>"));
+
+        process.destroy();
+    }
+
     @Test
     public void testContentTypes() {
         String loginUrl = baseUrl + "/login";