Skip to content

Commit

Permalink
Move DiscoveryResponse to right place in metadata
Browse files Browse the repository at this point in the history
- The DiscoveryResponse has mistakenly been placed in the Extensions
  node of the EntityDescriptor instead of under the SPSSODescriptor
  this is now fixed.
- Fixes Sustainsys#200
  • Loading branch information
AndersAbel committed Oct 26, 2015
1 parent df4c30e commit d3968d9
Show file tree
Hide file tree
Showing 8 changed files with 34 additions and 31 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,9 @@ public void SPOptionsExtensions_CreateMetadata_IncludeDiscoveryServiceResponse()

spOptions.DiscoveryServiceUrl = new Uri("http://ds.example.com");

var subject = spOptions.CreateMetadata(urls).Extensions.DiscoveryResponse;
var subject = spOptions.CreateMetadata(urls).RoleDescriptors
.Single().As<ExtendedServiceProviderSingleSignOnDescriptor>()
.Extensions.DiscoveryResponse;

var expected = new IndexedProtocolEndpoint
{
Expand Down
14 changes: 7 additions & 7 deletions Kentor.AuthServices.Tests/WebSSO/MetadataCommandTests.cs
Original file line number Diff line number Diff line change
Expand Up @@ -51,15 +51,15 @@ public void MetadataCommand_Run_CompleteMetadata()
// See http://stackoverflow.com/questions/24156689/xnode-deepequals-unexpectedly-returns-false
new XAttribute("xmlns", Saml2Namespaces.Saml2MetadataName),
new XAttribute(XNamespace.Xmlns + "saml2", Saml2Namespaces.Saml2),
new XElement(Saml2Namespaces.Saml2Metadata + "Extensions",
new XElement(Saml2Namespaces.Saml2IdpDiscovery + "DiscoveryResponse",
new XAttribute("Binding", Saml2Binding.DiscoveryResponseUri),
new XAttribute("Location", "http://localhost/AuthServices/SignIn"),
new XAttribute("index", 0),
new XAttribute("isDefault", true),
new XAttribute("xmlns", Saml2Namespaces.Saml2IdpDiscoveryName))),
new XElement(Saml2Namespaces.Saml2Metadata + "SPSSODescriptor",
new XAttribute("protocolSupportEnumeration", "urn:oasis:names:tc:SAML:2.0:protocol"),
new XElement(Saml2Namespaces.Saml2Metadata + "Extensions",
new XElement(Saml2Namespaces.Saml2IdpDiscovery + "DiscoveryResponse",
new XAttribute("Binding", Saml2Binding.DiscoveryResponseUri),
new XAttribute("Location", "http://localhost/AuthServices/SignIn"),
new XAttribute("index", 0),
new XAttribute("isDefault", true),
new XAttribute("xmlns", Saml2Namespaces.Saml2IdpDiscoveryName))),
new XElement(Saml2Namespaces.Saml2Metadata + "AssertionConsumerService",
new XAttribute("Binding", Saml2Binding.HttpPostUri),
new XAttribute("Location", "http://localhost/AuthServices/Acs"),
Expand Down
2 changes: 1 addition & 1 deletion Kentor.AuthServices/Kentor.AuthServices.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@
<Compile Include="Metadata\ExtendedEntitiesDescriptor.cs" />
<Compile Include="ICachedMetadata.cs" />
<Compile Include="MetadataRefreshScheduler.cs" />
<Compile Include="Metadata\EntityDescriptorExtensions.cs" />
<Compile Include="Metadata\ServiceProviderSingleSignOnDescriptorExtensions.cs" />
<Compile Include="Metadata\ExtendedEntityDescriptor.cs" />
<Compile Include="AuthServicesException.cs" />
<Compile Include="WebSso\AuthServicesUrls.cs" />
Expand Down
13 changes: 0 additions & 13 deletions Kentor.AuthServices/Metadata/ExtendedEntityDescriptor.cs
Original file line number Diff line number Diff line change
Expand Up @@ -11,19 +11,6 @@ namespace Kentor.AuthServices.Metadata
/// </summary>
public class ExtendedEntityDescriptor : EntityDescriptor, ICachedMetadata
{
EntityDescriptorExtensions extensions = new EntityDescriptorExtensions();

/// <summary>
/// Extensions to the metadata.
/// </summary>
public EntityDescriptorExtensions Extensions
{
get
{
return extensions;
}
}

/// <summary>
/// Permitted cache duration for the metadata.
/// </summary>
Expand Down
15 changes: 11 additions & 4 deletions Kentor.AuthServices/Metadata/ExtendedMetadataSerializer.cs
Original file line number Diff line number Diff line change
Expand Up @@ -56,19 +56,26 @@ protected override void WriteCustomAttributes<T>(XmlWriter writer, T source)
XmlConvert.ToString(cachedMetadata.CacheDuration.Value));
}

var extendedEntityDescriptor = source as ExtendedEntityDescriptor;
if (extendedEntityDescriptor != null)
if(typeof(T) == typeof(EntityDescriptor))
{
writer.WriteAttributeString("xmlns", "saml2", null, Saml2Namespaces.Saml2Name);
}

// The framework calls this callback several times when writing
// a SPSSODescriptor. Every time with T being a more specialized
// class. Only do the writing in the final, most specialized call.
var extendedSPSsoDescriptor = source as ExtendedServiceProviderSingleSignOnDescriptor;
if (extendedSPSsoDescriptor != null
&& typeof(T) == typeof(ServiceProviderSingleSignOnDescriptor))
{
// This is really an element. But it must be placed first of the child elements
// and WriteCustomAttributes is called at the right place for that.
if (extendedEntityDescriptor.Extensions.DiscoveryResponse != null)
if (extendedSPSsoDescriptor.Extensions.DiscoveryResponse != null)
{
writer.WriteStartElement("Extensions", Saml2Namespaces.Saml2MetadataName);
WriteIndexedProtocolEndpoint(
writer,
extendedEntityDescriptor.Extensions.DiscoveryResponse,
extendedSPSsoDescriptor.Extensions.DiscoveryResponse,
new XmlQualifiedName("DiscoveryResponse", Saml2Namespaces.Saml2IdpDiscoveryName));
writer.WriteEndElement();
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,5 +26,11 @@ public ICollection<AttributeConsumingService> AttributeConsumingServices
return attributeConsumingServices;
}
}

/// <summary>
/// Extensions node in metadata.
/// </summary>
public ServiceProviderSingleSignOnDescriptorExtensions Extensions { get; }
= new ServiceProviderSingleSignOnDescriptorExtensions();
}
}
8 changes: 4 additions & 4 deletions Kentor.AuthServices/Metadata/SPOptionsExtensions.cs
Original file line number Diff line number Diff line change
Expand Up @@ -58,12 +58,10 @@ public static ExtendedEntityDescriptor CreateMetadata(this ISPOptions spOptions,
}
}

ed.RoleDescriptors.Add(spsso);

if(spOptions.DiscoveryServiceUrl != null
if (spOptions.DiscoveryServiceUrl != null
&& !string.IsNullOrEmpty(spOptions.DiscoveryServiceUrl.OriginalString))
{
ed.Extensions.DiscoveryResponse = new IndexedProtocolEndpoint
spsso.Extensions.DiscoveryResponse = new IndexedProtocolEndpoint
{
Binding = Saml2Binding.DiscoveryResponseUri,
Index = 0,
Expand All @@ -72,6 +70,8 @@ public static ExtendedEntityDescriptor CreateMetadata(this ISPOptions spOptions,
};
}

ed.RoleDescriptors.Add(spsso);

return ed;
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,8 @@ namespace Kentor.AuthServices.Metadata
/// <summary>
/// Metadata extensions
/// </summary>
public class EntityDescriptorExtensions
[System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1726:UsePreferredTerms", MessageId = "SignOn", Justification = "Using SAML2 established terms." )]
public class ServiceProviderSingleSignOnDescriptorExtensions
{
/// <summary>
/// Discovery Service response url.
Expand Down

0 comments on commit d3968d9

Please sign in to comment.