Enable sfo tests and create the adfs feature

stepup/tests/behat/features/adfs.feature

@@ -0,0 +1,9 @@
+Feature: As an institution that uses ADFS support on the second factor only feature
+  In order to do ADFS second factor authentications
+  I must be able to successfully authenticate with my second factor tokens
+
+  Scenario: A user logs in using ADFS parameters
+    Given a service provider configured for second-factor-only
+    When I visit the ADFS service provider
+    And I verify the "yubikey" second factor
+    Then I am logged on the service provider

stepup/tests/behat/features/bootstrap/SecondFactorAuthContext.php

@@ -12,6 +12,7 @@ class SecondFactorAuthContext implements Context
     const SSO_SP = 'default-sp';
     const SFO_SP = 'second-sp';
     const TEST_NAMEID = 'urn:collab:person:institution-a.example.com:jane-a1';
+    const TEST_NAMEID_ADFS = 'urn:collab:person:dev.openconext.local:admin';
 
     /**
      * @var \Behat\MinkExtension\Context\MinkContext
@@ -95,11 +96,34 @@ public function visitServiceProvider()
         $this->minkContext->fillField('idp', $this->activeIdp);
         $this->minkContext->fillField('sp', $this->activeSp);
         $this->minkContext->fillField('loa', $this->requiredLoa);
+        $this->minkContext->uncheckOption('emulateadfs');
 
         if ($this->activeIdp === self::SFO_IDP) {
             $this->minkContext->fillField('subject', self::TEST_NAMEID);
         }
         $this->minkContext->pressButton('Login');
+        if ($this->activeIdp === self::SFO_IDP) {
+            $this->minkContext->pressButton('Submit');
+        }
+    }
+
+    /**
+     * @When I visit the ADFS service provider
+     */
+    public function visitAdfsServiceProvider()
+    {
+        $this->minkContext->visit($this->spTestUrl);
+        $this->minkContext->fillField('idp', $this->activeIdp);
+        $this->minkContext->selectOption('sp', $this->activeSp);
+        $this->minkContext->fillField('loa', $this->requiredLoa);
+        $this->minkContext->selectOption('ssobinding', 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST');
+        $this->minkContext->checkOption('emulateadfs');
+
+        if ($this->activeIdp === self::SFO_IDP) {
+            $this->minkContext->fillField('subject', self::TEST_NAMEID_ADFS);
+        }
+        $this->minkContext->pressButton('Login');
+        $this->minkContext->pressButton('Yes, continue');
     }
 
     private function fillField($session, $field, $value)
@@ -145,7 +169,6 @@ public function verifySpecifiedSecondFactor($tokenType, $smsChallenge = null)
                         $tokenType
                     )
                 );
-                break;
         }
     }
 
@@ -216,8 +239,11 @@ public function authenticateUserInDummyGsspApplication()
 
     public function authenticateUserYubikeyInGateway()
     {
-        $this->minkContext->assertPageAddress('https://gateway.dev.openconext.local/verify-second-factor/sso/yubikey');
-
+        try {
+            $this->minkContext->assertPageAddress('https://gateway.dev.openconext.local/verify-second-factor/sso/yubikey');
+        } catch (Exception $e) {
+            $this->minkContext->assertPageAddress('https://gateway.dev.openconext.local/verify-second-factor/sfo/yubikey');
+        }
         // Give an OTP
         $this->minkContext->fillField('gateway_verify_yubikey_otp_otp', 'ccccccdhgrbtucnfhrhltvfkchlnnrndcbnfnnljjdgf');
         // Simulate the enter press the yubikey otp generator

stepup/tests/behat/features/sfo.feature

@@ -1,5 +1,3 @@
-@SKIP
-# Skipped awaiting a fix of the SSP, allowing for SFO authentications
 Feature: A user authenticates with a service provider configured for second-factor-only
   In order to login on a service provider
   As a user