Thanks Marvin I understand now why I didn't get attributes on my tests,
I thougth that samlValidate worked like the serviceValidate in HTTP GET ;)
I posted about that but nobody told me that :(
Thanks
Julien
Unai Rodriguez a écrit :
Just for the records, I have been able to conduct a full testing of my
CAS/SAML using the excellent tool soapUI (http://www.soapui.org/). The
steps that I followed:
How to test SAML 1.1 using SoapUI
=================================
1) Login and generate a CAS ticket by opening the following URL on a
browser:
https://CAS_DOMAIN:PORT/cas/login?service=http://localhost/foo
2) The browser should be now displaying an error because it should have
been redirected back to the URL http://localhost/foo which probably does
not exist. What is important though is that you would be able to retrieve
the ticket from the URL. Example:
# URL
http://localhost/foo?ticket=ST-3-j6RIZfeaNTxilsFYr3xe-cas
# TICKET
ST-3-j6RIZfeaNTxilsFYr3xe-cas
3) Now using SoapUI submit a request to a specified end point. The URL
should be:
https://CAS_DOMAIN:PORT/cas/samlValidate?TARGET=http://localhost/foo&ticket=ST-3-j6RIZfeaNTxilsFYr3xe-cas
with the contents:
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";>
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<samlp:Request
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
MajorVersion="1" MinorVersion="1"
RequestID="_192.168.16.51.1024506224022"
IssueInstant="2002-06-19T17:03:44.022Z">
<samlp:AssertionArtifact>
ST-3-j6RIZfeaNTxilsFYr3xe-cas
</samlp:AssertionArtifact>
</samlp:Request>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
A proper response should look like this:
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";>
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<Response IssueInstant="2009-03-05T07:14:31.658Z" MajorVersion="1"
MinorVersion="1" Recipient="http://localhost/foo";
ResponseID="_51f5500f6321cceebed8973869a76452"
xmlns="urn:oasis:names:tc:SAML:1.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
<Status>
<StatusCode Value="samlp:Success"/>
</Status>
<Assertion AssertionID="_5854e59aef16cb27c1355c32eab23f0b"
IssueInstant="2009-03-05T07:14:31.658Z" Issuer="localhost" MajorVersion="1"
MinorVersion="1" xmlns="urn:oasis:names:tc:SAML:1.0:assertion">
<Conditions NotBefore="2009-03-05T07:14:31.658Z"
NotOnOrAfter="2009-03-05T07:15:01.658Z">
<AudienceRestrictionCondition>
<Audience>http://localhost/foo</Audience>
</AudienceRestrictionCondition>
</Conditions>
<AuthenticationStatement
AuthenticationInstant="2009-03-05T07:10:17.078Z"
AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified">
<Subject>
<NameIdentifier>juan.huerta</NameIdentifier>
<SubjectConfirmation>
<ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact</ConfirmationMethod>
</SubjectConfirmation>
</Subject>
</AuthenticationStatement>
</Assertion>
</Response>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
Many thanks to everyone, specially to Marvin and Julien :-)
unai
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
