Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

can't figure out how to implement IDP initiated from IDP (for writing tests) #564

Open
rubensayshi opened this issue May 16, 2024 · 2 comments

Comments

@rubensayshi
Copy link

we're trying to write some unit tests for our SP for IDP initiated flow, which leads us to trying to implement the IDP side of the IDP initiated flow to create some mock payloads etc.

but we can't seem to figure out where to look in the library for the code to facilitate this?

(sorry for opening a ticket for this)

@chris242135215
Copy link

Same issue here. We would like to create a http.Request with a valid token in place already to test the token validation logic.

The token value extraction seems to be possible via https://github.com/crewjam/saml/blob/v0.4.14/samlsp/session.go#L79 , using an internal iota for access... => context not easily reproducible (?)

Therefore we are doing token value access like:

...
email := samlsp.AttributeFromContext(r.Context(), *config.SAMLAttributeEmail)
...

Is there an easy way to create a valid test Request which would allow this function to perform properly? Is this even the proper way to validate/access the token? I wasn't able to find specific documentation regarding that.

@chris242135215
Copy link

Extracting and analysing the jwt cookie via https://github.com/dgrijalva/jwt-go (also used internal in the library) could work, but the library doesn't seem to allow custom secret key while handling all token creation behind the scenes... making this solution redundant and too bulky. Although, it would certainly remove some "automagic" out of the process.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants