Enable sfo tests and create the adfs feature

OpenConext · Aug 27, 2024 · e16356e · e16356e
1 parent c506cc2
commit e16356e
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 6 deletions.
diff --git a/stepup/tests/behat/features/adfs.feature b/stepup/tests/behat/features/adfs.feature
@@ -0,0 +1,9 @@
+Feature: As an institution that uses ADFS support on the second factor only feature
+  In order to do ADFS second factor authentications
+  I must be able to successfully authenticate with my second factor tokens
+
+  Scenario: A user logs in using ADFS parameters
+    Given a service provider configured for second-factor-only
+    When I visit the ADFS service provider
+    And I verify the "yubikey" second factor
+    Then I am logged on the service provider
diff --git a/stepup/tests/behat/features/bootstrap/SecondFactorAuthContext.php b/stepup/tests/behat/features/bootstrap/SecondFactorAuthContext.php
@@ -12,6 +12,7 @@ class SecondFactorAuthContext implements Context
     const SSO_SP = 'default-sp';
     const SFO_SP = 'second-sp';
     const TEST_NAMEID = 'urn:collab:person:institution-a.example.com:jane-a1';
+    const TEST_NAMEID_ADFS = 'urn:collab:person:dev.openconext.local:admin';
 
     /**
      * @var \Behat\MinkExtension\Context\MinkContext
@@ -95,11 +96,34 @@ public function visitServiceProvider()
         $this->minkContext->fillField('idp', $this->activeIdp);
         $this->minkContext->fillField('sp', $this->activeSp);
         $this->minkContext->fillField('loa', $this->requiredLoa);
+        $this->minkContext->uncheckOption('emulateadfs');
 
         if ($this->activeIdp === self::SFO_IDP) {
             $this->minkContext->fillField('subject', self::TEST_NAMEID);
         }
         $this->minkContext->pressButton('Login');
+        if ($this->activeIdp === self::SFO_IDP) {
+            $this->minkContext->pressButton('Submit');
+        }
+    }
+
+    /**
+     * @When I visit the ADFS service provider
+     */
+    public function visitAdfsServiceProvider()
+    {
+        $this->minkContext->visit($this->spTestUrl);
+        $this->minkContext->fillField('idp', $this->activeIdp);
+        $this->minkContext->selectOption('sp', $this->activeSp);
+        $this->minkContext->fillField('loa', $this->requiredLoa);
+        $this->minkContext->selectOption('ssobinding', 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST');
+        $this->minkContext->checkOption('emulateadfs');
+
+        if ($this->activeIdp === self::SFO_IDP) {
+            $this->minkContext->fillField('subject', self::TEST_NAMEID_ADFS);
+        }
+        $this->minkContext->pressButton('Login');
+        $this->minkContext->pressButton('Yes, continue');
     }
 
     private function fillField($session, $field, $value)
@@ -145,7 +169,6 @@ public function verifySpecifiedSecondFactor($tokenType, $smsChallenge = null)
                         $tokenType
                     )
                 );
-                break;
         }
     }
 
@@ -216,8 +239,11 @@ public function authenticateUserInDummyGsspApplication()
 
     public function authenticateUserYubikeyInGateway()
     {
-        $this->minkContext->assertPageAddress('https://gateway.dev.openconext.local/verify-second-factor/sso/yubikey');
-
+        try {
+            $this->minkContext->assertPageAddress('https://gateway.dev.openconext.local/verify-second-factor/sso/yubikey');
+        } catch (Exception $e) {
+            $this->minkContext->assertPageAddress('https://gateway.dev.openconext.local/verify-second-factor/sfo/yubikey');
+        }
         // Give an OTP
         $this->minkContext->fillField('gateway_verify_yubikey_otp_otp', 'ccccccdhgrbtucnfhrhltvfkchlnnrndcbnfnnljjdgf');
         // Simulate the enter press the yubikey otp generator

diff --git a/stepup/tests/behat/features/sfo.feature b/stepup/tests/behat/features/sfo.feature
@@ -1,5 +1,3 @@
-@SKIP
-# Skipped awaiting a fix of the SSP, allowing for SFO authentications
 Feature: A user authenticates with a service provider configured for second-factor-only
   In order to login on a service provider
   As a user

diff --git a/stepup/tests/behat/fixtures/middleware-config.json b/stepup/tests/behat/fixtures/middleware-config.json
@@ -231,7 +231,7 @@
         "entity_id": "https://ssp.dev.openconext.local/simplesaml/module.php/saml/sp/metadata.php/second-sp",
         "public_key": "MIIECTCCAnECFCUUC/wBq6SyLyGi8sMZl2bB0cFmMA0GCSqGSIb3DQEBCwUAMEExFjAUBgNVBAMMDXNpbXBsZXNhbWwgU1AxJzAlBgNVBAoMHkRldmVsb3BtZW50IERvY2tlciBlbnZpcm9ubWVudDAeFw0yMzA1MjUwOTMzMTZaFw0yODA1MjMwOTMzMTZaMEExFjAUBgNVBAMMDXNpbXBsZXNhbWwgU1AxJzAlBgNVBAoMHkRldmVsb3BtZW50IERvY2tlciBlbnZpcm9ubWVudDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKY41F7F6YJrqUTHJw45X1Y3gsN0ZgryOZfPXGSOq2xEttVU8RIzWNJmtVZc6j3NlffKp8HOTgko5JAjSN3sK36K8a0yY4aOrPfwv67/8XkHbaQCH/CiCOigSyE2BJIskMToaamPXjWRl3K+ma/kShw7lMGmvmQxnHsc79zmJDPrT9chC4Ypkq828/DiEkRNXThvfe+61tI0rvXY4HQZ4BPlag7/oMUng4AehPe4r5GEpdh5b4872fIiTxOMUSjIt2zl8OFAazhigmZwk48MiYyCUbUvaAAqZ7ewX4/DmMdfqdSW7gscwIWV02k27lJzhNSqt1iR92e58tf377Ufl46JCvAzrtol4lwmMgoDIqe9WCMDrraEZ1jvDrHuX+sJjEe0qIbzSjQBa+jZc1AN6Gdrzf1HYCBr+wj75NtwP0La2o6p8yJbNsTcs8nE4GBrdVJF87BxI1OdoWjNLwhhDJsVsY1BUJtQGmyEWffVI1qPBPuv4H99cUNwlCS/I1TEgQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBgQAdCxhHPfexwQwQXMhliZ1G3nxEedQ6rnvi2wA9yHxHBeKqX5TnIZUh2OYIdNon0x4XveLYUdAhoG6mBxk2QeQ3xNanwAuWnCRB5ssYqf7Jyu1EXMycZDkhVl9r01ApCFNFkF1p6wEgmXDG5A3KRsIWK4eU6ZLsywXksgCi0Hl63Rdz9+wVCqOBdufxgG0dxNA3GtE37Yz0pKuNJYch7onsfX5OCnI/lwbJc+A/500Rp01leYOx58KJGCyrVS5fuQmwuG7FC9ok8uSnS0gODCxQw26K+/uVK0X9HBJDn5DkXI2fsXChUV7rT12ZUukrn9CYZ2i71VMIopJI6DBQ7g4n7tljz5DcXbdHkHrrjHz2owXKKSFMOvEQ/216oxKaT8dF8BW2/EmXYd6Rnchyf4vmTFR/WaY2cg3k0leIXwPMI2sCBfgLoJHUBWh/RqaACMGdqhq93kzjy/FIzJvId3gcrUbK3NsFCVf5bXc32TkalocvEyZ4Id81IUcTi6RepEA=",
         "acs": [
-          "https://ssp.dev.openconext.local/simplesaml/module.php/saml/sp/saml2-acs.php/second-sp"
+          "https://ssp.dev.openconext.local/simplesaml/module.php/debugsp/acs/second-sp"
         ],
         "loa": {
           "__default__": "http://dev.openconext.local/assurance/loa1"