service_provider_metadata_spec.rb

 1# frozen_string_literal: true
 2
 3RSpec.describe Saml::Kit::Builders::ServiceProviderMetadata do
 4  subject { described_class.new(configuration: configuration) }
 5
 6  let(:configuration) do
 7    Saml::Kit::Configuration.new do |config|
 8      config.generate_key_pair_for(use: :signing)
 9      config.generate_key_pair_for(use: :encryption)
10    end
11  end
12  let(:assertion_consumer_service_url) { FFaker::Internet.http_url }
13  let(:email) { FFaker::Internet.email }
14  let(:org_name) { FFaker::Movie.title }
15  let(:url) { FFaker::Internet.uri('https') }
16  let(:entity_id) { FFaker::Internet.uri('https') }
17
18  it 'builds the service provider metadata' do
19    subject.contact_email = email
20    subject.entity_id = entity_id
21    subject.organization_name = org_name
22    subject.organization_url = url
23    subject.add_assertion_consumer_service(assertion_consumer_service_url, binding: :http_post)
24    subject.name_id_formats = [
25      Saml::Kit::Namespaces::PERSISTENT,
26      Saml::Kit::Namespaces::TRANSIENT,
27      Saml::Kit::Namespaces::EMAIL_ADDRESS,
28    ]
29    result = Hash.from_xml(subject.build.to_xml)
30
31    expect(result['EntityDescriptor']['xmlns']).to eql('urn:oasis:names:tc:SAML:2.0:metadata')
32    expect(result['EntityDescriptor']['ID']).to be_present
33    expect(result['EntityDescriptor']['entityID']).to eql(entity_id)
34    expect(result['EntityDescriptor']['SPSSODescriptor']['AuthnRequestsSigned']).to eql('true')
35    expect(result['EntityDescriptor']['SPSSODescriptor']['WantAssertionsSigned']).to eql('true')
36    expect(result['EntityDescriptor']['SPSSODescriptor']['protocolSupportEnumeration']).to eql('urn:oasis:names:tc:SAML:2.0:protocol')
37    expect(result['EntityDescriptor']['SPSSODescriptor']['NameIDFormat']).to match_array([
38      Saml::Kit::Namespaces::PERSISTENT,
39      Saml::Kit::Namespaces::TRANSIENT,
40      Saml::Kit::Namespaces::EMAIL_ADDRESS,
41    ])
42    expect(result['EntityDescriptor']['SPSSODescriptor']['AssertionConsumerService']['Binding']).to eql('urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST')
43    expect(result['EntityDescriptor']['SPSSODescriptor']['AssertionConsumerService']['Location']).to eql(assertion_consumer_service_url)
44    expect(result['EntityDescriptor']['SPSSODescriptor']['AssertionConsumerService']['isDefault']).to eql('true')
45    expect(result['EntityDescriptor']['SPSSODescriptor']['AssertionConsumerService']['index']).to eql('0')
46    expect(result['EntityDescriptor']['Signature']).to be_present
47    expect(result['EntityDescriptor']['SPSSODescriptor']['KeyDescriptor'].map { |x| x['use'] }).to match_array(%w[signing encryption])
48    expected_certificates = configuration.certificates.map(&:stripped)
49    expect(result['EntityDescriptor']['SPSSODescriptor']['KeyDescriptor'].map { |x| x['KeyInfo']['X509Data']['X509Certificate'] }).to match_array(expected_certificates)
50    expect(result['EntityDescriptor']['Organization']['OrganizationName']).to eql(org_name)
51    expect(result['EntityDescriptor']['Organization']['OrganizationDisplayName']).to eql(org_name)
52    expect(result['EntityDescriptor']['Organization']['OrganizationURL']).to eql(url)
53    expect(result['EntityDescriptor']['ContactPerson']['contactType']).to eql('technical')
54    expect(result['EntityDescriptor']['ContactPerson']['Company']).to eql("mailto:#{email}")
55  end
56end