Skip to content

Commit

Permalink
Reverted change in log and test
Browse files Browse the repository at this point in the history
  • Loading branch information
FlorisFokkinga authored and thijskh committed Dec 6, 2024
1 parent d4320d9 commit 751f223
Show file tree
Hide file tree
Showing 34 changed files with 80 additions and 80 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,7 @@ public function onKernelException(GetResponseForExceptionEvent $event)
$message = 'Unable to verify message';
$redirectToRoute = 'authentication_feedback_verification_failed';
} elseif ($exception instanceof EngineBlock_Exception_UnknownServiceProvider) {
$message = 'Unknown application Provider';
$message = 'Unknown Service Provider';
$redirectToRoute = 'authentication_feedback_unknown_service_provider';

$redirectParams = [
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@ Feature:
And no registered SPs
And no registered Idps
And an Identity Provider named "AlwaysAuth"
And an application named "Malicious SP"
And an application named "Malconfigured SP"
And a Service Provider named "Malicious SP"
And a Service Provider named "Malconfigured SP"
And SP "Malicious SP" is set with acs location "javascript:alert('Hello world')"
And SP "Malconfigured SP" is set with acs location "sp.example.com"

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ Feature:
And no registered SPs
And no registered Idps
And an Identity Provider named "IDP-AA"
And an application named "SP-AA"
And a Service Provider named "SP-AA"
And SP "SP-AA" requires attribute aggregation
And feature "eb.run_all_manipulations_prior_to_consent" is disabled

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,10 @@ Feature:
And no registered Idps
And an Identity Provider named "Dummy-IdP"
And an Identity Provider named "IdP-with-Attribute-Manipulations"
And an application named "Dummy-SP"
And an application named "SP-with-Attribute-Manipulations"
And an application named "Stepup Gateway"
And an application named "Stepup SelfService"
And a Service Provider named "Dummy-SP"
And a Service Provider named "SP-with-Attribute-Manipulations"
And a Service Provider named "Stepup Gateway"
And a Service Provider named "Stepup SelfService"
And feature "eb.run_all_manipulations_prior_to_consent" is disabled

Scenario: The application can have an attribute added
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ Feature:
And no registered Idps
And an Identity Provider named "Dummy-IdP"
And an Identity Provider named "IdP-with-Attribute-Manipulations"
And an application named "Dummy-SP"
And an application named "SP-with-Attribute-Manipulations"
And a Service Provider named "Dummy-SP"
And a Service Provider named "SP-with-Attribute-Manipulations"

Scenario: The application can have an attribute added
Given SP "SP-with-Attribute-Manipulations" has the following Attribute Manipulation:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ Feature:
And no registered Idps
And an Identity Provider named "Dummy-IdP"
And an Identity Provider named "IdP-with-Attribute-Manipulations"
And an application named "Dummy-SP"
And an application named "SP-with-Attribute-Manipulations"
And a Service Provider named "Dummy-SP"
And a Service Provider named "SP-with-Attribute-Manipulations"
And feature "eb.run_all_manipulations_prior_to_consent" is enabled

Scenario: The application can have an attribute added
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,19 +8,19 @@ Feature:
And no registered SPs
And no registered Idps
And an Identity Provider named "TestIdp"
And an application named "No ARP"
And an application named "Empty ARP"
And an application named "Wildcard ARP"
And an application named "Wrong Value ARP"
And an application named "Right Value ARP"
And an application named "Specific Value ARP"
And an application named "Two value ARP"
And an application named "Trusted Proxy"
And an application named "Stepup Gateway"
And an application named "Stepup SelfService"
And an application named "Release As"
And an application named "Use as NameID"
And an application named "Use as NameID and Release As"
And a Service Provider named "No ARP"
And a Service Provider named "Empty ARP"
And a Service Provider named "Wildcard ARP"
And a Service Provider named "Wrong Value ARP"
And a Service Provider named "Right Value ARP"
And a Service Provider named "Specific Value ARP"
And a Service Provider named "Two value ARP"
And a Service Provider named "Trusted Proxy"
And a Service Provider named "Stepup Gateway"
And a Service Provider named "Stepup SelfService"
And a Service Provider named "Release As"
And a Service Provider named "Use as NameID"
And a Service Provider named "Use as NameID and Release As"
And SP "Empty ARP" allows no attributes
And SP "Wildcard ARP" allows an attribute named "urn:mace:dir:attribute-def:uid"
And SP "Wrong Value ARP" allows an attribute named "urn:mace:terena.org:attribute-def:schacHomeOrganization" with value "example.edu"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,12 @@ Feature:
And no registered SPs
And no registered Idps
And an Identity Provider named "TestIdp"
And an application named "No ARP"
And an application named "Empty ARP"
And an application named "Wildcard ARP"
And an application named "Wrong Value ARP"
And an application named "Right Value ARP"
And an application named "Two value ARP"
And a Service Provider named "No ARP"
And a Service Provider named "Empty ARP"
And a Service Provider named "Wildcard ARP"
And a Service Provider named "Wrong Value ARP"
And a Service Provider named "Right Value ARP"
And a Service Provider named "Two value ARP"
And SP "Empty ARP" allows no attributes
And SP "Wildcard ARP" allows an attribute named "urn:mace:dir:attribute-def:uid"
And SP "Wrong Value ARP" allows an attribute named "urn:mace:terena.org:attribute-def:schacHomeOrganization" with value "example.edu"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ Feature:
And no registered SPs
And no registered Idps
And an Identity Provider named "Dummy Idp"
And an application named "Dummy SP"
And a Service Provider named "Dummy SP"

Scenario: an authentication loop is detected
When I log in at "Dummy SP"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ Feature:
And no registered SPs
And no registered Idps
And an Identity Provider named "Dummy Idp"
And an application named "Dummy SP"
And a Service Provider named "Dummy SP"

Scenario: EngineBlock accepts AuthnRequests using HTTP-POST binding
Given the SP uses the HTTP POST Binding
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,9 @@ Feature:
And no registered SPs
And no registered Idps
And an Identity Provider named "Dummy Idp"
And an application named "Dummy SP"
And an application named "Unconnected SP"
And an application named "Trusted SP"
And a Service Provider named "Dummy SP"
And a Service Provider named "Unconnected SP"
And a Service Provider named "Trusted SP"
And an unregistered application named "Unregistered SP"
And SP "Unconnected SP" is not connected to IdP "Dummy Idp"

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ Feature:
Background:
Given an EngineBlock instance on "vm.openconext.org"
And an Identity Provider named "Dummy-IdP"
And an application named "Dummy-SP"
And an application named "Trusted Proxy"
And a Service Provider named "Dummy-SP"
And a Service Provider named "Trusted Proxy"
And SP "Dummy-SP" allows the following attributes:

| Name | Value | Source | Motivation |
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ Feature:
Given an EngineBlock instance on "vm.openconext.org"
And no registered SPs
And no registered Idps
And an application named "SP"
And a Service Provider named "SP"
And an Identity Provider named "Connected IdP1"
And an Identity Provider named "Connected IdP2"
And an Identity Provider named "Unconnected IdP1"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,11 @@ Feature:
And no registered SPs
And no registered Idps
And an Identity Provider named "TestIdp"
And an application named "No ARP"
And an application named "Empty ARP"
And an application named "ARP without ePTI"
And an application named "ARP with ePTI"
And an application named "Step Up"
And a Service Provider named "No ARP"
And a Service Provider named "Empty ARP"
And a Service Provider named "ARP without ePTI"
And a Service Provider named "ARP with ePTI"
And a Service Provider named "Step Up"
And SP "ARP with ePTI" uses the Unspecified NameID format
And SP "Empty ARP" allows no attributes
And SP "ARP without ePTI" allows an attribute named "urn:mace:dir:attribute-def:uid"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ Feature:
And no registered SPs
And no registered Idps
And an Identity Provider named "Dummy Idp"
And an application named "Dummy SP"
And a Service Provider named "Dummy SP"

Scenario: EngineBlock accepts RSA Encrypted Responses
Given the SP uses the HTTP POST Binding
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ Feature:
And no registered SPs
And no registered Idps
And an Identity Provider named "Dummy Idp"
And an application named "Dummy SP"
And a Service Provider named "Dummy SP"

Scenario: When a wiki link is configured in a translation the wiki link should be visible
Given I have configured the following translations:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@ Feature:
And no registered SPs
And no registered Idps
And an Identity Provider named "AlwaysAuth"
And an application named "Step Up TP"
And an application named "SelfService"
And a Service Provider named "Step Up TP"
And a Service Provider named "SelfService"

Scenario: User logs in to SP, in that case the internalCollabPersonId should NOT be present
Given SP "SelfService" signs its requests
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ Feature:
And no registered SPs
And no registered Idps
And an Identity Provider named "Dummy IdP"
And an application named "Dummy SP"
And a Service Provider named "Dummy SP"

Scenario: A passive AuthnRequest is handled without issue
Given SP "Dummy SP" is configured to generate a passive AuthnRequest
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ Feature:
Given an EngineBlock instance on "vm.openconext.org"
And an Identity Provider named "First IdP"
And an Identity Provider named "Second IdP"
And an application named "Test SP"
And a Service Provider named "Test SP"
And my browser is configured to accept language "nl-NL"

Scenario: a user makes their first visit and doesn't have a locale cookie
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ Feature:
And no registered SPs
And no registered Idps
And an Identity Provider named "Dummy IdP"
And an application named "Dummy SP"
And a Service Provider named "Dummy SP"

Scenario: A user can log out
When I log in at "Dummy SP"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ Feature:
Given an Identity Provider named "Connected-IdP"
And an Identity Provider named "Second-Connected-IdP"
And an Identity Provider named "Not-Connected-IdP"
And an application named "Test-SP"
And a Service Provider named "Test-SP"
And SP "Test-SP" is not connected to IdP "Not-Connected-IdP"
When I go to Engineblock URL "/authentication/proxy/idps-metadata?sp-entity-id=https://engine.vm.openconext.org/functional-testing/Test-SP/metadata"
# Verify the two connected IdPs are present in the list
Expand Down Expand Up @@ -185,7 +185,7 @@ Feature:
Given an Identity Provider named "Connected-IdP"
And an Identity Provider named "Second-Connected-IdP"
And an Identity Provider named "Not-Connected-IdP"
And an application named "Test-SP"
And a Service Provider named "Test-SP"
And SP "Test-SP" is not connected to IdP "Not-Connected-IdP"
When I go to Engineblock URL "/authentication/proxy/idps-metadata/key:default?sp-entity-id=https://engine.vm.openconext.org/functional-testing/Test-SP/metadata"
# Verify the two connected IdPs are present in the list
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@ Feature:
And no registered SPs
And no registered Idps
And an Identity Provider named "SSO-IdP"
And an application named "SSO-SP"
And an application named "Trusted SP"
And a Service Provider named "SSO-SP"
And a Service Provider named "Trusted SP"

Scenario: The configured authn method should be set as AuthnContextClassRef if configured with the IdP configuration mapping
Given the IdP "SSO-IdP" is configured for MFA authn method "http://schemas.microsoft.com/claims/multipleauthn" for SP "SSO-SP"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ Feature:
And no registered SPs
And no registered Idps
And an Identity Provider named "SSO-IdP"
And an application named "SSO-SP"
And an application named "SSO-Two"
And a Service Provider named "SSO-SP"
And a Service Provider named "SSO-Two"
And I open 2 browser tabs identified by "Browser tab 1, Browser tab 2"

Scenario: Two solicited authentication requests sequential
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ Feature:
And no registered SPs
And no registered Idps
And an Identity Provider named "SSO-IdP"
And an application named "SSO-SP"
And a Service Provider named "SSO-SP"

Scenario: EngineBlock should not update the Unspecified NameIdFormat when no ARP filters are applied
Given SP "SSO-SP" uses the Unspecified NameID format
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,9 @@ Feature:
And no registered SPs
And no registered Idps
And an Identity Provider named "Dummy IdP" with logo "idp-logo.jpg"
And an application named "Dummy SP"
And an application named "Stepup Gateway"
And an application named "Stepup SelfService"
And a Service Provider named "Dummy SP"
And a Service Provider named "Stepup Gateway"
And a Service Provider named "Stepup SelfService"

Scenario: Access is denied because of an IdP specific Deny policy a logo is shown
Given SP "Dummy SP" requires a policy enforcement decision
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ Feature:
And no registered SPs
And no registered Idps
And an Identity Provider named "IdP"
And an application named "SP"
And a Service Provider named "SP"

Scenario: Throw an exception if the assertion signature is tampered with
When I log in at "SP"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ Feature:
And no registered Idps
And an Identity Provider named "SSO-IdP"
And an Identity Provider named "SSO-Foobar"
And an application named "SSO-SP"
And an application named "SSO-Foobar"
And a Service Provider named "SSO-SP"
And a Service Provider named "SSO-Foobar"

Scenario: IdPs are allowed to create NameIDs
When I log in at "SSO-SP"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,8 @@ Feature:
And an Identity Provider named "IDP2"
And an Identity Provider named "IDP3"
And an Identity Provider named "IDP4"
And an application named "SP"
And an application named "remoteSP"
And a Service Provider named "SP"
And a Service Provider named "remoteSP"

Scenario: The WAYF shows only allowed IDPs
Given SP "SP" is not connected to IdP "IDP2"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,11 @@ Feature:
And an Identity Provider named "StepUpOnlyAuth"
And an Identity Provider named "LoaOnlyAuth"
And an Identity Provider named "CombinedAuth"
And an application named "Step Up"
And an application named "Loa SP"
And an application named "Far SP"
And an application named "Test SP"
And an application named "Second SP"
And a Service Provider named "Step Up"
And a Service Provider named "Loa SP"
And a Service Provider named "Far SP"
And a Service Provider named "Test SP"
And a Service Provider named "Second SP"
And an unregistered application named "Unregistered SP"
And SP "Far SP" is not connected to IdP "CombinedAuth"
And SP "Far SP" is not connected to IdP "LoaOnlyAuth"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ Feature:
And no registered SPs
And no registered Idps
And an Identity Provider named "Dummy Idp"
And an application named "Dummy SP"
And a Service Provider named "Dummy SP"

Scenario: Proxying exceeds the allowed ProxyCount in the AuthnRequest
Given SP "Dummy SP" is configured to generate a AuthnRequest with a ProxyCount of 0
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,10 @@ Feature:
And no registered SPs
And no registered Idps
And an Identity Provider named "SSO-IdP"
And an application named "SSO-SP"
And a Service Provider named "SSO-SP"
And an Identity Provider named "Dummy-IdP"
And an application named "Dummy-SP"
And an application named "Proxy-SP"
And a Service Provider named "Dummy-SP"
And a Service Provider named "Proxy-SP"

Scenario: Stepup authentication should be supported if set through SP configuration
Given the SP "SSO-SP" requires Stepup LoA "http://vm.openconext.org/assurance/loa2"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,10 @@ Feature:
And no registered SPs
And no registered Idps
And an Identity Provider named "SSO-IdP"
And an application named "SSO-SP"
And a Service Provider named "SSO-SP"
And an Identity Provider named "Dummy-IdP"
And an application named "Dummy-SP"
And an application named "Proxy-SP"
And a Service Provider named "Dummy-SP"
And a Service Provider named "Proxy-SP"

Scenario: When stepup.sfo.override_engine_entityid is not configured, stepup/metadata should show default EntityId
Given feature "eb.stepup.sfo.override_engine_entityid" is disabled
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ Feature:
And no registered SPs
And no registered Idps
And an Identity Provider named "Dummy IdP"
And an application named "Dummy SP"
And a Service Provider named "Dummy SP"

Scenario: An IdP can initiated a login
When An IdP initiated Single Sign on for SP "Dummy SP" is triggered by IdP "Dummy IdP"
Expand Down
Loading

0 comments on commit 751f223

Please sign in to comment.