[GitHub] [cloudstack] DaanHoogland commented on a diff in pull request #6457: Fix SAML SSO plugin redirect URL

Thu, 23 Jun 2022 07:35:20 -0700 


DaanHoogland commented on code in PR #6457:
URL: https://github.com/apache/cloudstack/pull/6457#discussion_r905100680


##########
plugins/user-authenticators/saml2/src/test/java/org/apache/cloudstack/SAMLUtilsTest.java:
##########
@@ -60,6 +62,32 @@ public void testBuildAuthnRequestObject() throws Exception {
         assertEquals(req.getIssuer().getValue(), spId);
     }
 
+    @Test
+    public void testBuildAuthnRequestUrlWithoutQueryParam() throws Exception {
+        String consumerUrl = "http://someurl.com";;
+        String idpUrl = "http://idp.domain.example";;
+        String spId = "cloudstack";
+        String authnId = SAMLUtils.generateSecureRandomId();
+        DefaultBootstrap.bootstrap();
+        AuthnRequest req = SAMLUtils.buildAuthnRequestObject(authnId, spId, 
idpUrl, consumerUrl);
+        String appendOperator = idpUrl.contains("?") ? "&" : "?";
+        String redirectUrl = idpUrl + appendOperator + 
SAMLUtils.generateSAMLRequestSignature("SAMLRequest=" + 
SAMLUtils.encodeSAMLRequest(req), null, 
SAML2AuthManager.SAMLSignatureAlgorithm.value());
+        assertEquals(redirectUrl, idpUrl + "?" + 
SAMLUtils.generateSAMLRequestSignature("SAMLRequest=" + 
SAMLUtils.encodeSAMLRequest(req), null, 
SAML2AuthManager.SAMLSignatureAlgorithm.value()));
+    }
+
+    @Test
+    public void testBuildAuthnRequestUrlWithQueryParam() throws Exception {
+        String consumerUrl = "http://someurl.com";;
+        String idpUrl = "http://idp.domain.example?idpid=CX1298373";;
+        String spId = "cloudstack";
+        String authnId = SAMLUtils.generateSecureRandomId();
+        DefaultBootstrap.bootstrap();
+        AuthnRequest req = SAMLUtils.buildAuthnRequestObject(authnId, spId, 
idpUrl, consumerUrl);
+        String appendOperator = idpUrl.contains("?") ? "&" : "?";
+        String redirectUrl = idpUrl + appendOperator + 
SAMLUtils.generateSAMLRequestSignature("SAMLRequest=" + 
SAMLUtils.encodeSAMLRequest(req), null, 
SAML2AuthManager.SAMLSignatureAlgorithm.value());
+        assertEquals(redirectUrl, idpUrl + "&" + 
SAMLUtils.generateSAMLRequestSignature("SAMLRequest=" + 
SAMLUtils.encodeSAMLRequest(req), null, 
SAML2AuthManager.SAMLSignatureAlgorithm.value()));

Review Comment:
   same here, this does not seem to test and ACS code, even thought it calls 
`SAMLUtils.buildAuthnRequestObject(..)`, it seems to take its output at face 
value.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to