Restore AuthenticationProperties in Owin ACS.

martinjt · Jan 15, 2015 · 31019e1 · 31019e1
1 parent 7b34c7c
commit 31019e1
Show file tree

Hide file tree

Showing 6 changed files with 46 additions and 25 deletions.
diff --git a/Kentor.AuthServices.Owin/KentorAuthServicesAuthenticationHandler.cs b/Kentor.AuthServices.Owin/KentorAuthServicesAuthenticationHandler.cs
@@ -20,15 +20,10 @@ protected async override Task<AuthenticationTicket> AuthenticateCoreAsync()
             var result = CommandFactory.GetCommand(CommandFactory.AcsCommandName)
                 .Run(await Context.ToHttpRequestData(), Options);
 
-            var properties = new AuthenticationProperties()
-            {
-                RedirectUri = result.Location.ToString()
-            };
-
             var identities = result.Principal.Identities.Select(i =>
                 new ClaimsIdentity(i, null, Options.SignInAsAuthenticationType, i.NameClaimType, i.RoleClaimType));
 
-            return new MultipleIdentityAuthenticationTicket(identities, properties);
+            return new MultipleIdentityAuthenticationTicket(identities, (AuthenticationProperties)result.RelayData);
         }
 
         protected override async Task ApplyResponseChallengeAsync()

diff --git a/Kentor.AuthServices.Tests/Owin/KentorAuthServicesAuthenticationMiddlewareTests.cs b/Kentor.AuthServices.Tests/Owin/KentorAuthServicesAuthenticationMiddlewareTests.cs
@@ -64,7 +64,7 @@ public void KentorAuthServicesAuthenticationMiddleware_CtorSetsDefaultAuthOption
 
             options.SignInAsAuthenticationType.Should().BeNull();
 
-            var middleware = new KentorAuthServicesAuthenticationMiddleware(new StubOwinMiddleware(0, null),  
+            var middleware = new KentorAuthServicesAuthenticationMiddleware(new StubOwinMiddleware(0, null),
                 CreateAppBuilder(), options);
 
             options.SignInAsAuthenticationType.Should().Be(DefaultSignInAsAuthenticationType);
@@ -95,7 +95,7 @@ public async Task KentorAuthServicesAuthenticationMiddleware_CreatesPostOnAuthCh
                         new Dictionary<string, string>()
                         {
                             { "idp", "http://localhost:13428/idpMetadata" }
-                        }))), 
+                        }))),
                 CreateAppBuilder(),
                 new KentorAuthServicesAuthenticationOptions(true));
 
@@ -106,7 +106,7 @@ public async Task KentorAuthServicesAuthenticationMiddleware_CreatesPostOnAuthCh
             context.Response.StatusCode.Should().Be(200);
             context.Response.Body.Seek(0, SeekOrigin.Begin);
 
-            using(var reader = new StreamReader(context.Response.Body))
+            using (var reader = new StreamReader(context.Response.Body))
             {
                 string bodyContent = reader.ReadToEnd();
 
@@ -159,7 +159,7 @@ public async Task KentorAuthServicesAuthenticationMiddleware_RedirectoToSecondId
                         new Dictionary<string, string>()
                         {
                             { "idp", secondEntityId.Id }
-                        }))), 
+                        }))),
                         CreateAppBuilder(), new KentorAuthServicesAuthenticationOptions(true));
 
             var context = OwinTestHelpers.CreateOwinContext();
@@ -249,7 +249,7 @@ public async Task KentorAuthServicesAuthenicationMiddleware_StoresAuthentication
 
             var middleware = new KentorAuthServicesAuthenticationMiddleware(
                 new StubOwinMiddleware(401, new AuthenticationResponseChallenge(
-                    new string[] {"KentorAuthServices"}, prop)),
+                    new string[] { "KentorAuthServices" }, prop)),
                     CreateAppBuilder(), new KentorAuthServicesAuthenticationOptions(true));
 
             var context = OwinTestHelpers.CreateOwinContext();
@@ -261,7 +261,7 @@ public async Task KentorAuthServicesAuthenicationMiddleware_StoresAuthentication
             StoredRequestState storedAuthnData;
             PendingAuthnRequests.TryRemove(new Saml2Id(requestId), out storedAuthnData);
 
-            ((AuthenticationProperties)storedAuthnData.Data).Dictionary["test"].Should().Be("SomeValue");
+            ((AuthenticationProperties)storedAuthnData.RelayData).Dictionary["test"].Should().Be("SomeValue");
         }
 
         [NotReRunnable]
@@ -271,10 +271,20 @@ public async Task KentorAuthServicesAuthenticationMiddleware_AcsWorks()
             var context = OwinTestHelpers.CreateOwinContext();
             context.Request.Method = "POST";
 
+            var state = new StoredRequestState(new EntityId("https://idp.example.com"),
+                new Uri("http://localhost/LoggedIn"),
+                new AuthenticationProperties());
+
+            ((AuthenticationProperties)state.RelayData).RedirectUri = state.ReturnUrl.OriginalString;
+            ((AuthenticationProperties)state.RelayData).Dictionary["Test"] = "TestValue";
+
+            PendingAuthnRequests.Add(new Saml2Id("KentorAuthServicesAuthenticationMiddleware_AcsWorksRequestID"), state);
+
             var response =
             @"<saml2p:Response xmlns:saml2p=""urn:oasis:names:tc:SAML:2.0:protocol""
                 xmlns:saml2=""urn:oasis:names:tc:SAML:2.0:assertion""
-                ID = ""KentorAuthServicesAuthenticationMiddleware_AcsWorks"" Version=""2.0"" IssueInstant=""2013-01-01T00:00:00Z"">
+                ID = ""KentorAuthServicesAuthenticationMiddleware_AcsWorks"" Version=""2.0""
+                IssueInstant=""2013-01-01T00:00:00Z"" InResponseTo=""KentorAuthServicesAuthenticationMiddleware_AcsWorksRequestID"" >
                 <saml2:Issuer>
                     https://idp.example.com
                 </saml2:Issuer>
@@ -323,8 +333,14 @@ public async Task KentorAuthServicesAuthenticationMiddleware_AcsWorks()
             context.Response.StatusCode.Should().Be(302);
             context.Response.Headers["Location"].Should().Be("http://localhost/LoggedIn");
 
-            context.Authentication.AuthenticationResponseGrant.Principal.Identities.ShouldBeEquivalentTo(ids,
-                opt => opt.IgnoringCyclicReferences());
+            context.Authentication.AuthenticationResponseGrant.Principal.Identities
+                .ShouldBeEquivalentTo(ids, opt => opt.IgnoringCyclicReferences());
+
+            context.Authentication.AuthenticationResponseGrant.Properties.RedirectUri
+                .Should().Be("http://localhost/LoggedIn");
+
+            context.Authentication.AuthenticationResponseGrant.Properties.Dictionary["Test"]
+                .Should().Be("TestValue");
         }
 
         [TestMethod]
@@ -335,7 +351,7 @@ public async Task KentorAuthServicesAuthenticationMiddleware_MetadataWorks()
             context.Request.Path = new PathString("/AuthServices");
 
             var middleware = new KentorAuthServicesAuthenticationMiddleware(
-                null, 
+                null,
                 CreateAppBuilder(),
                 new KentorAuthServicesAuthenticationOptions(true));
 
@@ -345,7 +361,7 @@ public async Task KentorAuthServicesAuthenticationMiddleware_MetadataWorks()
             context.Response.ContentType.Should().Contain("application/samlmetadata+xml");
 
             var xmlData = XDocument.Load(context.Response.Body);
-            
+
             xmlData.Document.Root.Name.Should().Be(Saml2Namespaces.Saml2Metadata + "EntityDescriptor");
         }
 

diff --git a/Kentor.AuthServices.Tests/WebSSO/CommandResultTests.cs b/Kentor.AuthServices.Tests/WebSSO/CommandResultTests.cs
@@ -23,7 +23,8 @@ public void CommandResult_Defaults()
                 Location = (Uri)null,
                 Principal = (ClaimsPrincipal)null,
                 ContentType = (string)null,
-                Content = (string)null
+                Content = (string)null,
+                RelayData = (object)null
             };
 
             new CommandResult().ShouldBeEquivalentTo(expected);

diff --git a/Kentor.AuthServices/StoredRequestState.cs b/Kentor.AuthServices/StoredRequestState.cs
@@ -18,10 +18,9 @@ public class StoredRequestState
         /// </summary>
         /// <param name="idp">The EntityId of the IDP the request was sent to</param>
         /// <param name="returnUrl">The Url to redirect back to after a succesful login</param>
-        /// <param name="data">Aux data that can be stored across the authentication request.</param>
         public StoredRequestState(EntityId idp, Uri returnUrl)
         {
-            idp = idp;
+            Idp = idp;
             ReturnUrl = returnUrl;
         }
 
@@ -30,12 +29,12 @@ public StoredRequestState(EntityId idp, Uri returnUrl)
         /// </summary>
         /// <param name="idp">The EntityId of the IDP the request was sent to</param>
         /// <param name="returnUrl">The Url to redirect back to after a succesful login</param>
-        /// <param name="data">Aux data that can be stored across the authentication request.</param>
-        public StoredRequestState(EntityId idp, Uri returnUrl, object data)
+        /// <param name="relayData">Aux data that can be stored across the authentication request.</param>
+        public StoredRequestState(EntityId idp, Uri returnUrl, object relayData)
         {
             Idp = idp;
             ReturnUrl = returnUrl;
-            Data = data;
+            RelayData = relayData;
         }
 
         /// <summary>
@@ -51,6 +50,6 @@ public StoredRequestState(EntityId idp, Uri returnUrl, object data)
         /// <summary>
         /// Aux data that need to be preserved across the authentication call.
         /// </summary>
-        public object Data { get; private set; }
+        public object RelayData { get; private set; }
     }
 }
diff --git a/Kentor.AuthServices/WebSSO/AcsCommand.cs b/Kentor.AuthServices/WebSSO/AcsCommand.cs
@@ -67,7 +67,11 @@ private static CommandResult ProcessResponse(IOptions options, Saml2Response sam
                     samlResponse.RequestState != null && samlResponse.RequestState.ReturnUrl != null
                     ? samlResponse.RequestState.ReturnUrl
                     : options.SPOptions.ReturnUrl,
-                Principal = principal
+                Principal = principal,
+                RelayData =
+                    samlResponse.RequestState == null
+                    ? null
+                    : samlResponse.RequestState.RelayData
             };
         }
     }

diff --git a/Kentor.AuthServices/WebSSO/CommandResult.cs b/Kentor.AuthServices/WebSSO/CommandResult.cs
@@ -43,6 +43,12 @@ public class CommandResult
         /// </summary>
         public string ContentType { get; set; }
 
+        /// <summary>
+        /// Data relayed from a previous request, such as the Owin Authenciation
+        /// Properties.
+        /// </summary>
+        public object RelayData { get; set; }
+
         /// <summary>
         /// Ctor
         /// </summary>