include test for saml2 connector and vendor new dependencies

connector/saml2/saml_test.go

@@ -0,0 +1,66 @@
+package saml2
+
+import (
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/amdonov/lite-idp/sp"
+	"github.com/sirupsen/logrus"
+
+	"github.com/dexidp/dex/connector"
+)
+
+func TestCallbackSuccess(t *testing.T) {
+	ts := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		f, _ := os.Open(filepath.Join("testdata", "response.xml"))
+		defer f.Close()
+		io.Copy(w, f)
+	}))
+	defer ts.Close()
+	c := &Config{
+		Certificate:                 filepath.Join("testdata", "certificate.pem"),
+		Key:                         filepath.Join("testdata", "key.pem"),
+		EntityID:                    "test",
+		AssertionConsumerServiceURL: "http://test",
+		IDPArtifactEndpoint:         "http://test",
+		IDPRedirectEndpoint:         "http://test",
+		EmailAttr:                   "email",
+		NameAttr:                    "name",
+	}
+	conn, err := c.Open("saml2", logrus.New())
+	if err != nil {
+		t.Fatal(err)
+	}
+	sc := conn.(*samlConnector)
+	tlsConfigClient, _ := configureTLS(c)
+	serviceProvider, err := sp.New(sp.Configuration{
+		EntityID:                    c.EntityID,
+		AssertionConsumerServiceURL: "http://test",
+		Client:                      ts.Client(),
+		IDPArtifactEndpoint:         ts.URL,
+		IDPRedirectEndpoint:         "http://test",
+		TLSConfig:                   tlsConfigClient,
+	})
+	sc.serviceProvider = serviceProvider
+
+	req, _ := http.NewRequest(http.MethodGet, "test", nil)
+	q := url.Values{}
+	q.Add("RelayState", "12345")
+	q.Add("SAMLart", "ABCDEF")
+
+	req.URL.RawQuery = q.Encode()
+	i, err := sc.HandleCallback(connector.Scopes{
+		OfflineAccess: true,
+		Groups:        true}, req)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if i.UserID != "[email protected]" {
+		t.Fatal("unexpected UserID, ", i.UserID)
+	}
+}

connector/saml2/testdata/certificate.pem

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICzDCCAbQCCQCaJRU/CzFSGzANBgkqhkiG9w0BAQsFADAoMQswCQYDVQQGEwJV
+UzEMMAoGA1UECgwDZGV4MQswCQYDVQQDDAJzcDAeFw0xODA5MDQxODEwMzlaFw0y
+ODA5MDExODEwMzlaMCgxCzAJBgNVBAYTAlVTMQwwCgYDVQQKDANkZXgxCzAJBgNV
+BAMMAnNwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzJZd8K9jxC6m
+xuR5dw08qicw0VsDN1bAvdInKGzugsJYRH/MfcgrKwLCTZHBGZZFmdHxhca84cG/
+Wn24Ys5eF1JWhehYocyYqZqY3ESPldDK4ohwCvKhSogpF9hVyi9LnujCgfGOv98a
+tMWDeqTLletCPsHcXzLq3cN58oNl80HXIQKFM7n9ZgUKLqk6d2hT7LeYndZKg5aU
+Q4jyTfz/S1XgYBDr0utl41HtUsHSYwQDx3v0wMqZVorzk8HrXaXowvUwVct6HxT/
+c5QxtHCxmm6n6/Mwr8Xzk1yxQq9dLtEOmEtnYgIEhyiUP7CdFPWC37sn9YiGCSjR
+ukE07CyG0wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAJFl+hHwS6xNRtWMgJsu94
+3zv4U8ZksyWAM5bk94ERMwpJVPndJIW0+UAT3Pp/k9E3Lro/AbSIA364LBzLoONO
+qfeNTUK4YH7wQGfmusI8c28akY5ZfDx8Ixc4oxPkcExh47YkVECSUhMq9gDMI10e
+PsSkVB7fss1QibmOsGM8WQyQzdmqfHbd7ws0g7P2I+SiR5+FboyliKRdqqSvQ8dL
+2hEAGtc9mZCPnlriiNzawCYPprH3lA+QWq+SI+QmQqTou05pWl5q+KcWU7INf0wE
+sXa26qcizqMTMNPuuu8Lp0gmmpUeH1AKVqO8P9VYT+GnkAUdoD3z1GCkLUvPaFYP
+-----END CERTIFICATE-----

connector/saml2/testdata/key.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDMll3wr2PELqbG
+5Hl3DTyqJzDRWwM3VsC90icobO6CwlhEf8x9yCsrAsJNkcEZlkWZ0fGFxrzhwb9a
+fbhizl4XUlaF6FihzJipmpjcRI+V0MriiHAK8qFKiCkX2FXKL0ue6MKB8Y6/3xq0
+xYN6pMuV60I+wdxfMurdw3nyg2XzQdchAoUzuf1mBQouqTp3aFPst5id1kqDlpRD
+iPJN/P9LVeBgEOvS62XjUe1SwdJjBAPHe/TAyplWivOTwetdpejC9TBVy3ofFP9z
+lDG0cLGabqfr8zCvxfOTXLFCr10u0Q6YS2diAgSHKJQ/sJ0U9YLfuyf1iIYJKNG6
+QTTsLIbTAgMBAAECggEBAIX1b01JimnKoilZMK9jW3WOc8ihb1ms1Ed2c21k5kd4
+OZOgmqVBjAJ9q/xek7HNU4WEkkCmAMdRtZnq9/C6b6GVqFHF8UMAVHW5ZJ3Vxq6y
+KCZsb/C7LiE/Rqj2XjYlAb7raXDsWiwISdRT/+MuRJ/Fi3rMNR+gl2jdtdu1bev4
+45JfIRjXCfClEE3PNC4OWIKHzx2asC3wt1p6/yvm1fDWaJ4qDaiBQhPonh2fTGp/
+jjk+BhIV+7Jgn3aYs6or6D79SqlxHcpwBKF5+hNu04rDPeYTV4gj0sRzYHPrCCHS
+jm/oDMqSBy33PqDu8eP02FCIG1rky4zsgALRyYAMvgECgYEA+qux38mLzqo5pvnK
+THQ/tkojrmrGuOyGVGjcmvdvK90/vQyciwpbthja9Qc7TWNSLSyQaOziEZ55T/A5
+vJ9HBNJIjgG3OHujfUnqnMQCemTqB+LlyDFDtOQtB5npeW2QObPfAyPFc3VxAFZe
+mSGYteP10LXcopP3jFIuBgzZ8vkCgYEA0O/bsqKLIqkv/MUyJroHKy8UekxkcCF2
+WcAHP6AD+8KVIIfXYsXMtlifhkoDgCr1RS45P17oo4p3F8KBP7eAMDxt9edKPRVU
+ZsJkgG7BN3AuGD+MLnygoPMcWjNMsLURMy7um02EDJVCGQRY923hsOOGFMv71o/G
+esSObrfdLysCgYEA2axq49gSzb3IHpVe9JEmGle7MGSMeFz8MSR2HSOsqDyScsoW
+zi6KgVCIIqrK9mK/I3dFV7gMgBxLX/1NRdxSQX+Rfa9DuYqz58JeNw+Gz13+VCbW
+Psd48gYKjEU9FzLrQRBPIlzXw3FCVXaq4vLnt1tjRIAIPi2bk4BxctOKF5ECgYBn
+jUlkupycvB+VdqKJgQ+Gfpn2lx/8VwlSKBMvnH387A5/BfRg9smj4j6GDu63OhM/
+i05CMya3zyuBMhxe2PKGdZzGEDDCH20qVNP8t2e5szaVPAGdFJWDz5nQtrYeqk7x
+ACSwAfYdSmhs/7OcRfBifBF7AzI4wB9Nv1ccVrIf6wKBgBWijA5fHSo/y2SBCRH9
+dZPH9luR47uWz67Owf8udabW5/4/vm5Iwtb5YHlWEbyQPl1XQcZYXzJRijs4jgs+
+TM1lDRGS6TGeLEwmFTDu8PQglmV9ziHCpbQC3EdIe8+kXdGvPY9Ln/37+aZ+pSsd
+upg0iLkoVgNv6gX/7S1cP2ID
+-----END PRIVATE KEY-----

connector/saml2/testdata/response.xml

@@ -0,0 +1,40 @@
+<?xml version="1.0"?>
+<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
+    <soapenv:Body>
+        <samlp:ArtifactResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="identifier_5" InResponseTo="identifier_4" Version="2.0" IssueInstant="2004-12-05T09:22:05Z">
+            <samlp:Status>
+                <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+            </samlp:Status>
+            <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
+                xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="identifier_6" InResponseTo="identifier_3" Version="2.0" IssueInstant="2004-12-05T09:22:05Z" Destination="https://sp.example.com/SAML2/SSO/Artifact">
+                <saml:Issuer>https://idp.example.org/SAML2</saml:Issuer>
+                <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">...</ds:Signature>
+                <samlp:Status>
+                    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+                </samlp:Status>
+                <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="identifier_7" Version="2.0" IssueInstant="2004-12-05T09:22:05Z">
+                    <saml:Issuer>https://idp.example.org/SAML2</saml:Issuer>
+                    <!-- a Subject element is required -->
+                    <saml:Subject>
+                        <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">[email protected]</saml:NameID>
+                        <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+                            <saml:SubjectConfirmationData InResponseTo="identifier_3" Recipient="https://sp.example.com/SAML2/SSO/Artifact" NotOnOrAfter="2004-12-05T09:27:05Z"/>
+                        </saml:SubjectConfirmation>
+                    </saml:Subject>
+                    <saml:Conditions NotBefore="2004-12-05T09:17:05Z" NotOnOrAfter="2004-12-05T09:27:05Z">
+                        <saml:AudienceRestriction>
+                            <saml:Audience>https://sp.example.com/SAML2</saml:Audience>
+                        </saml:AudienceRestriction>
+                    </saml:Conditions>
+                    <saml:AuthnStatement AuthnInstant="2004-12-05T09:22:00Z" SessionIndex="identifier_7">
+                        <saml:AuthnContext>
+                            <saml:AuthnContextClassRef>
+              urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
+                            </saml:AuthnContextClassRef>
+                        </saml:AuthnContext>
+                    </saml:AuthnStatement>
+                </saml:Assertion>
+            </samlp:Response>
+        </samlp:ArtifactResponse>
+    </soapenv:Body>
+</soapenv:Envelope>