From 22e5eb6986c55ebaea79449c14cb98cc44c599b0 Mon Sep 17 00:00:00 2001 From: Xavier Guimard Date: Wed, 18 Jul 2018 08:02:48 +0200 Subject: [PATCH] Remove SAML redirection screen (#1465) --- .../lib/Lemonldap/NG/Portal/Auth/SAML.pm | 36 ++--------------- ...AML-Artifact-with-SOAP-SLO-IdP-initiated.t | 16 ++------ ...h-and-issuer-SAML-Artifact-with-SOAP-SLO.t | 39 ++----------------- ...-Auth-and-issuer-SAML-POST-IdP-initiated.t | 14 +------ .../t/30-Auth-and-issuer-SAML-POST.t | 36 +---------------- ...h-and-issuer-SAML-Redirect-IdP-initiated.t | 14 ++----- .../t/30-Auth-and-issuer-SAML-Redirect.t | 31 ++------------- .../t/30-SAML-Head-to-Tail-POST.t | 37 +----------------- .../t/30-SAML-ReAuth-with-choice.t | 25 +----------- lemonldap-ng-portal/t/30-SAML-ReAuth.t | 25 +----------- lemonldap-ng-portal/t/30-SAML-SP-rule.t | 18 +-------- .../t/37-CAS-App-to-SAML-IdP-POST.t | 14 +------ .../t/37-Logout-from-OIDC-RP-to-SAML-SP.t | 18 +-------- .../t/37-OIDC-RP-to-SAML-IdP-GET.t | 13 +------ .../t/37-OIDC-RP-to-SAML-IdP-POST.t | 13 +------ .../t/37-SAML-SP-GET-to-OIDC-OP.t | 17 ++------ ...7-SAML-SP-POST-to-CAS-server-with-Choice.t | 25 +----------- .../t/37-SAML-SP-POST-to-CAS-server.t | 25 +----------- .../t/37-SAML-SP-POST-to-OIDC-OP.t | 15 +------ 19 files changed, 40 insertions(+), 391 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm index b2dec629f..3a5479eea 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/SAML.pm @@ -753,7 +753,7 @@ sub extractFormInfo { my $res = $self->p->deleteSession($req); return ( $res eq PE_LOGOUT_OK ? PE_SENDRESPONSE : $res ); - } + } ] ); @@ -824,12 +824,8 @@ sub extractFormInfo { # Search a selected IdP my ( $idp, $idp_cookie ) = $self->getIDP($req); - # Get confirmation flag - my $confirm_flag = $req->param("confirm") // 0; - - # If confirmation is -1 from resolved IDP screen, - # or IDP was not resolve, let the user choose its IDP - if ( $confirm_flag == -1 or !$idp ) { + # If IDP was not resolved, let the user choose its IDP + unless ($idp) { $self->logger->debug("Redirecting user to IDP list"); # Control url parameter @@ -864,31 +860,7 @@ sub extractFormInfo { return PE_IDPCHOICE; } - # If IDP is found but not confirmed, let the user confirm it - elsif ( $confirm_flag != 1 ) { - $self->logger->debug("IDP $idp selected, need user confirmation"); - - # Control url parameter - my $urlcheck = $self->p->controlUrl($req); - return $urlcheck unless ( $urlcheck == PE_OK ); - - # Choosen IDP - $req->info( - $self->loadTemplate( - 'samlRedirectToIdp', - params => { - name => $self->idpList->{$idp}->{name}, - idp => $idp, - ( $req->param("url") ? ( url => $req->param("url") ) : () ), - } - ) - ); - - $req->data->{login} = 1; - return PE_CONFIRM; - } - - # Here confirmation is OK (confirm_flag == 1), store choosen IDP in cookie + # Store choosen IDP in cookie unless ( $idp_cookie and $idp eq $idp_cookie ) { $self->logger->debug("Build cookie to remember $idp as IDP choice"); diff --git a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact-with-SOAP-SLO-IdP-initiated.t b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact-with-SOAP-SLO-IdP-initiated.t index 7c0eb172a..274aa355f 100644 --- a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact-with-SOAP-SLO-IdP-initiated.t +++ b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact-with-SOAP-SLO-IdP-initiated.t @@ -9,7 +9,7 @@ BEGIN { require 't/test-lib.pm'; } -my $maintests = 16; +my $maintests = 15; my $debug = 'error'; my ( $issuer, $sp, $res ); my %handlerOR = ( issuer => [], sp => [] ); @@ -137,7 +137,7 @@ m#img src="http://auth.idp.com(/saml/relaySingleLogoutSOAP)\?(relay=.*?)"#s, # Test if logout is done switch ('issuer'); ok( - $res = $sp->_get( + $res = $issuer->_get( '/', cookie => "lemonldap=$idpId", ), 'Test if user is reject on IdP' @@ -154,16 +154,8 @@ m#img src="http://auth.idp.com(/saml/relaySingleLogoutSOAP)\?(relay=.*?)"#s, ), 'Test if user is reject on SP' ); - expectOK($res); - ok( - $res->[2]->[0] =~ - /[2], -'' - ); + expectRedirection( $res, + qr#^http://auth.idp.com(/saml/singleSignOnArtifact)\?(SAMLart=.+)# ); } count($maintests); diff --git a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact-with-SOAP-SLO.t b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact-with-SOAP-SLO.t index 9d9c5afe9..f362d883c 100644 --- a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact-with-SOAP-SLO.t +++ b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Artifact-with-SOAP-SLO.t @@ -9,7 +9,7 @@ BEGIN { require 't/test-lib.pm'; } -my $maintests = 17; +my $maintests = 14; my $debug = 'error'; my ( $issuer, $sp, $res ); my %handlerOR = ( issuer => [], sp => [] ); @@ -64,29 +64,6 @@ SKIP: { ), 'Unauth SP request' ); - expectOK($res); - ok( - $res->[2]->[0] =~ - /[2], -'' - ); - my $confirm = $1; - - # Choose idp on sp - ok( - $res = $sp->_post( - '/', - IO::String->new( - "confirm=$confirm&idp=http://auth.idp.com/saml/metadata"), - accept => 'text/html', - length => length($confirm) + 46, - ), - 'Select IDP' - ); ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' ) or explain( $res->[1], @@ -201,18 +178,8 @@ SKIP: { ), 'Test if user is reject on SP' ); - expectOK($res); - ok( - $res->[2]->[0] =~ - /[2], -'' - ); - - #print STDERR Dumper($res); + expectRedirection( $res, + qr#^http://auth.idp.com(/saml/singleSignOnArtifact)\?(SAMLart=.+)# ); } count($maintests); diff --git a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST-IdP-initiated.t b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST-IdP-initiated.t index 2f36e4f97..4da716dd5 100644 --- a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST-IdP-initiated.t +++ b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST-IdP-initiated.t @@ -10,7 +10,7 @@ BEGIN { require 't/saml-lib.pm'; } -my $maintests = 19; +my $maintests = 18; my $debug = 'error'; my ( $issuer, $sp, $res ); my %handlerOR = ( issuer => [], sp => [] ); @@ -185,17 +185,7 @@ m#iframe src="http://auth.idp.com(/saml/relaySingleLogoutPOST)\?(relay=.*?)"#s, 'Test if user is reject on SP' ); expectOK($res); - ok( - $res->[2]->[0] =~ - /[2], -'' - ); - - #print STDERR Dumper($res); + expectAutoPost($res); } count($maintests); diff --git a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST.t b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST.t index 28ac8ffb3..6c9c0e75b 100644 --- a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST.t +++ b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-POST.t @@ -10,7 +10,7 @@ BEGIN { require 't/saml-lib.pm'; } -my $maintests = 19; +my $maintests = 16; my $debug = 'error'; my ( $issuer, $sp, $res ); my %handlerOR = ( issuer => [], sp => [] ); @@ -49,28 +49,6 @@ SKIP: { 'Unauth SP request' ); expectOK($res); - ok( - $res->[2]->[0] =~ - /[2], -'' - ); - my $confirm = $1; - - # Choose idp on sp - ok( - $res = $sp->_post( - '/', - IO::String->new( - "confirm=$confirm&idp=http://auth.idp.com/saml/metadata"), - accept => 'text/html', - length => length($confirm) + 46, - ), - 'Select IDP' - ); ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' ) or explain( $res->[1], @@ -203,17 +181,7 @@ SKIP: { 'Test if user is reject on SP' ); expectOK($res); - ok( - $res->[2]->[0] =~ - /[2], -'' - ); - - #print STDERR Dumper($res); + expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn', 'SAMLRequest' ); } count($maintests); diff --git a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Redirect-IdP-initiated.t b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Redirect-IdP-initiated.t index 4ebf6e0b6..adb34308f 100644 --- a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Redirect-IdP-initiated.t +++ b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Redirect-IdP-initiated.t @@ -10,7 +10,7 @@ BEGIN { require 't/saml-lib.pm'; } -my $maintests = 20; +my $maintests = 19; my $debug = 'error'; my ( $issuer, $sp, $res ); my %handlerOR = ( issuer => [], sp => [] ); @@ -166,16 +166,8 @@ m#iframe src="http://auth.sp.com(/saml/proxySingleLogout)\?(SAMLRequest=.*?)"#, ), 'Test if user is reject on SP' ); - expectOK($res); - ok( - $res->[2]->[0] =~ - /[2], -'' - ); + expectRedirection( $res, + qr#^http://auth.idp.com(/saml/singleSignOn)\?(SAMLRequest=.+)# ); } count($maintests); diff --git a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Redirect.t b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Redirect.t index 91ecd16f6..9820a938c 100644 --- a/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Redirect.t +++ b/lemonldap-ng-portal/t/30-Auth-and-issuer-SAML-Redirect.t @@ -10,7 +10,7 @@ BEGIN { require 't/saml-lib.pm'; } -my $maintests = 18; +my $maintests = 16; my $debug = 'error'; my ( $issuer, $sp, $res ); my %handlerOR = ( issuer => [], sp => [] ); @@ -50,20 +50,7 @@ SKIP: { ), 'Unauth SP request' ); - expectOK($res); - my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'confirm' ); - $query .= '&idp=http://auth.idp.com/saml/metadata'; - - # Choose idp on sp - ok( - $res = $sp->_post( - '/', - IO::String->new($query), - accept => 'text/html', - length => length($query), - ), - 'Select IDP' - ); + my ( $host, $url, $query ); ok( expectCookie( $res, 'lemonldapidp' ) eq 'http://auth.idp.com/saml/metadata', @@ -201,18 +188,8 @@ qr#^http://auth.sp.com(/saml/proxySingleLogoutReturn)\?(SAMLResponse=.+)# ), 'Test if user is reject on SP' ); - expectOK($res); - ok( - $res->[2]->[0] =~ - /[2], -'' - ); - - #print STDERR Dumper($res); + expectRedirection( $res, + qr#^http://auth.idp.com(/saml/singleSignOn)\?(SAMLRequest=.+)# ); } count($maintests); diff --git a/lemonldap-ng-portal/t/30-SAML-Head-to-Tail-POST.t b/lemonldap-ng-portal/t/30-SAML-Head-to-Tail-POST.t index d06e60053..010e58f12 100644 --- a/lemonldap-ng-portal/t/30-SAML-Head-to-Tail-POST.t +++ b/lemonldap-ng-portal/t/30-SAML-Head-to-Tail-POST.t @@ -10,7 +10,7 @@ BEGIN { require 't/saml-lib.pm'; } -my $maintests = 16; +my $maintests = 13; my $debug = 'error'; my ( $issuer, $sp, $res ); my %handlerOR = ( issuer => [], sp => [] ); @@ -48,29 +48,6 @@ SKIP: { ), 'Unauth SP request' ); - expectOK($res); - ok( - $res->[2]->[0] =~ - /[2], -'' - ); - my $confirm = $1; - - # Choose idp on sp - ok( - $res = $sp->_post( - '/', - IO::String->new( - "confirm=$confirm&idp=http://auth.idp.com/saml/metadata"), - accept => 'text/html', - length => length($confirm) + 46, - ), - 'Select IDP' - ); ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' ) or explain( $res->[1], @@ -204,17 +181,7 @@ SKIP: { 'Test if user is reject on SP' ); expectOK($res); - ok( - $res->[2]->[0] =~ - /[2], -'' - ); - - #print STDERR Dumper($res); + expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn', 'SAMLRequest' ); } count($maintests); diff --git a/lemonldap-ng-portal/t/30-SAML-ReAuth-with-choice.t b/lemonldap-ng-portal/t/30-SAML-ReAuth-with-choice.t index 6e23e8118..bf0f54514 100644 --- a/lemonldap-ng-portal/t/30-SAML-ReAuth-with-choice.t +++ b/lemonldap-ng-portal/t/30-SAML-ReAuth-with-choice.t @@ -11,7 +11,7 @@ BEGIN { } eval { unlink 't/userdb.db' }; -my $maintests = 15; +my $maintests = 13; my $debug = 'error'; my ( $issuer, $sp, $res ); my %handlerOR = ( issuer => [], sp => [] ); @@ -74,29 +74,6 @@ SKIP: { ), 'Unauth SP request' ); - expectOK($res); - ok( - $res->[2]->[0] =~ - /[2], -'' - ); - my $confirm = $1; - - # Choose idp on sp - ok( - $res = $sp->_post( - '/', - IO::String->new( - "confirm=$confirm&idp=http://auth.idp.com/saml/metadata"), - accept => 'text/html', - length => length($confirm) + 46, - ), - 'Select IDP' - ); ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' ) or explain( $res->[1], diff --git a/lemonldap-ng-portal/t/30-SAML-ReAuth.t b/lemonldap-ng-portal/t/30-SAML-ReAuth.t index e1f926876..dc12b5480 100644 --- a/lemonldap-ng-portal/t/30-SAML-ReAuth.t +++ b/lemonldap-ng-portal/t/30-SAML-ReAuth.t @@ -10,7 +10,7 @@ BEGIN { require 't/saml-lib.pm'; } -my $maintests = 15; +my $maintests = 13; my $debug = 'error'; my ( $issuer, $sp, $res ); my %handlerOR = ( issuer => [], sp => [] ); @@ -62,29 +62,6 @@ SKIP: { ), 'Unauth SP request' ); - expectOK($res); - ok( - $res->[2]->[0] =~ - /[2], -'' - ); - my $confirm = $1; - - # Choose idp on sp - ok( - $res = $sp->_post( - '/', - IO::String->new( - "confirm=$confirm&idp=http://auth.idp.com/saml/metadata"), - accept => 'text/html', - length => length($confirm) + 46, - ), - 'Select IDP' - ); ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' ) or explain( $res->[1], diff --git a/lemonldap-ng-portal/t/30-SAML-SP-rule.t b/lemonldap-ng-portal/t/30-SAML-SP-rule.t index f1b27ed7a..407daa291 100644 --- a/lemonldap-ng-portal/t/30-SAML-SP-rule.t +++ b/lemonldap-ng-portal/t/30-SAML-SP-rule.t @@ -10,7 +10,7 @@ BEGIN { require 't/saml-lib.pm'; } -my $maintests = 8; +my $maintests = 7; my $debug = 'error'; my ( $issuer, $sp, $res ); my %handlerOR = ( issuer => [], sp => [] ); @@ -50,20 +50,6 @@ SKIP: { ), 'Unauth SP request' ); - expectOK($res); - my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'confirm' ); - $query .= '&idp=http://auth.idp.com/saml/metadata'; - - # Choose idp on sp - ok( - $res = $sp->_post( - '/', - IO::String->new($query), - accept => 'text/html', - length => length($query), - ), - 'Select IDP' - ); ok( expectCookie( $res, 'lemonldapidp' ) eq 'http://auth.idp.com/saml/metadata', @@ -73,7 +59,7 @@ SKIP: { $res->[1], 'Set-Cookie => lemonldapidp=http://auth.idp.com/saml/metadata; domain=.sp.com; path=/' ); - ( $url, $query ) = expectRedirection( $res, + my ( $url, $query ) = expectRedirection( $res, qr#^http://auth.idp.com(/saml/singleSignOn)\?(SAMLRequest=.+)# ); # Push SAML request to IdP diff --git a/lemonldap-ng-portal/t/37-CAS-App-to-SAML-IdP-POST.t b/lemonldap-ng-portal/t/37-CAS-App-to-SAML-IdP-POST.t index 8f5a2c42b..918e8e229 100644 --- a/lemonldap-ng-portal/t/37-CAS-App-to-SAML-IdP-POST.t +++ b/lemonldap-ng-portal/t/37-CAS-App-to-SAML-IdP-POST.t @@ -10,7 +10,7 @@ BEGIN { require 't/saml-lib.pm'; } -my $maintests = 12; +my $maintests = 11; my $debug = 'error'; my ( $idp, $proxy, $app, $res ); my %handlerOR = ( idp => [], proxy => [], app => [] ); @@ -98,18 +98,6 @@ SKIP: { my $proxyPdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' ); my ( $host, $tmp ); - ( $host, $tmp, $query ) = expectForm( $res, '#', undef, 'confirm' ); - ok( - $res = $proxy->_post( - $url, - IO::String->new($query), - length => length($query), - accept => 'text/html', - cookie => - "lemonldapidp=http://auth.idp.com/saml/metadata;$proxyPdata" - ), - 'Confirm IdP' - ); ( $host, $url, $query ) = expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn', 'SAMLRequest' ); diff --git a/lemonldap-ng-portal/t/37-Logout-from-OIDC-RP-to-SAML-SP.t b/lemonldap-ng-portal/t/37-Logout-from-OIDC-RP-to-SAML-SP.t index be1032d21..31bbfbf58 100644 --- a/lemonldap-ng-portal/t/37-Logout-from-OIDC-RP-to-SAML-SP.t +++ b/lemonldap-ng-portal/t/37-Logout-from-OIDC-RP-to-SAML-SP.t @@ -10,7 +10,7 @@ BEGIN { require 't/saml-lib.pm'; } -my $maintests = 26; +my $maintests = 25; my $debug = 'error'; my ( $op, $rp, $sp, $res ); my %handlerOR = ( op => [], rp => [], sp => [] ); @@ -170,17 +170,6 @@ SKIP: { ), 'Try SAML SP' ); - ( $host, $url, $query ) = expectForm( $res, '#', undef, 'confirm' ); - ok( - $res = $sp->_post( - '/', - IO::String->new($query), - length => length($query), - accept => 'text/html', - cookie => 'lemonldapidp=http://auth.op.com/saml/metadata' - ), - 'Confirm IdP' - ); ( $host, $url, $query ) = expectAutoPost( $res, 'auth.op.com', '/saml/singleSignOn', 'SAMLRequest' ); @@ -333,10 +322,7 @@ m#iframe src="http://auth.op.com(/saml/relaySingleLogoutPOST)\?(relay=.*?)"#s, 'Test if user is reject on SP' ); expectOK($res); - expectForm( $res, '#', undef, 'confirm', 'idp' ); - - #print STDERR Dumper($res); - + expectAutoPost( $res, 'auth.op.com', '/saml/singleSignOn', 'SAMLRequest' ); } count($maintests); diff --git a/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-GET.t b/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-GET.t index 4643263a4..9f76809d1 100644 --- a/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-GET.t +++ b/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-GET.t @@ -10,7 +10,7 @@ BEGIN { require 't/saml-lib.pm'; } -my $maintests = 19; +my $maintests = 18; my $debug = 'error'; my ( $idp, $sp, $rp, $res ); my %handlerOR = ( idp => [], sp => [], rp => [] ); @@ -121,17 +121,6 @@ SKIP: { ); my $spPdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' ); my ( $host, $tmp ); - ( $host, $tmp, $query ) = expectForm( $res, '#', undef, 'confirm' ); - ok( - $res = $sp->_post( - $url, - IO::String->new($query), - length => length($query), - accept => 'text/html', - cookie => "lemonldapidp=http://auth.idp.com/saml/metadata;$spPdata" - ), - 'Confirm IdP' - ); ( $url, $query ) = expectRedirection( $res, qr#^http://auth.idp.com(/saml/singleSignOn)\?(SAMLRequest=.+)# ); diff --git a/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-POST.t b/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-POST.t index ea48e3e4e..cfa19877b 100644 --- a/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-POST.t +++ b/lemonldap-ng-portal/t/37-OIDC-RP-to-SAML-IdP-POST.t @@ -10,7 +10,7 @@ BEGIN { require 't/saml-lib.pm'; } -my $maintests = 19; +my $maintests = 18; my $debug = 'error'; my ( $idp, $sp, $rp, $res ); my %handlerOR = ( idp => [], sp => [], rp => [] ); @@ -121,17 +121,6 @@ SKIP: { ); my $spPdata = 'lemonldappdata=' . expectCookie( $res, 'lemonldappdata' ); my ( $host, $tmp ); - ( $host, $tmp, $query ) = expectForm( $res, '#', undef, 'confirm' ); - ok( - $res = $sp->_post( - $url, - IO::String->new($query), - length => length($query), - accept => 'text/html', - cookie => "lemonldapidp=http://auth.idp.com/saml/metadata;$spPdata" - ), - 'Confirm IdP' - ); ( $host, $url, $query ) = expectAutoPost( $res, 'auth.idp.com', '/saml/singleSignOn', 'SAMLRequest' ); diff --git a/lemonldap-ng-portal/t/37-SAML-SP-GET-to-OIDC-OP.t b/lemonldap-ng-portal/t/37-SAML-SP-GET-to-OIDC-OP.t index b049bbd9d..75512aacc 100644 --- a/lemonldap-ng-portal/t/37-SAML-SP-GET-to-OIDC-OP.t +++ b/lemonldap-ng-portal/t/37-SAML-SP-GET-to-OIDC-OP.t @@ -10,7 +10,7 @@ BEGIN { require 't/saml-lib.pm'; } -my $maintests = 13; +my $maintests = 12; my $debug = 'error'; my ( $op, $proxy, $sp, $res ); my %handlerOR = ( op => [], proxy => [], sp => [] ); @@ -110,18 +110,7 @@ SKIP: { ), 'Try SAML SP' ); - my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'confirm' ); - ok( - $res = $sp->_post( - '/', - IO::String->new($query), - length => length($query), - accept => 'text/html', - cookie => 'lemonldapidp=http://auth.proxy.com/saml/metadata' - ), - 'Confirm IdP' - ); - ( $url, $query ) = expectRedirection( $res, + my ( $url, $query ) = expectRedirection( $res, qr#^http://auth.proxy.com(/saml/singleSignOn)\?(SAMLRequest=.+)# ); # Push SAML request to IdP @@ -161,7 +150,7 @@ SKIP: { ); count(1); my $opId = expectCookie($res); - my $tmp; + my ( $host, $tmp ); ( $host, $tmp, $query ) = expectForm( $res, '#', undef, 'confirm' ); ok( diff --git a/lemonldap-ng-portal/t/37-SAML-SP-POST-to-CAS-server-with-Choice.t b/lemonldap-ng-portal/t/37-SAML-SP-POST-to-CAS-server-with-Choice.t index 6dc7df1e5..9b102de15 100644 --- a/lemonldap-ng-portal/t/37-SAML-SP-POST-to-CAS-server-with-Choice.t +++ b/lemonldap-ng-portal/t/37-SAML-SP-POST-to-CAS-server-with-Choice.t @@ -10,7 +10,7 @@ BEGIN { require 't/saml-lib.pm'; } -my $maintests = 19; +my $maintests = 17; my $debug = 'error'; my ( $issuer, $proxy, $sp, $res ); my %handlerOR = ( issuer => [], proxy => [], sp => [] ); @@ -87,29 +87,6 @@ SKIP: { ), 'Unauth SP request' ); - expectOK($res); - ok( - $res->[2]->[0] =~ - /[2], -'' - ); - my $confirm = $1; - - # Choose idp on sp - ok( - $res = $sp->_post( - '/', - IO::String->new( - "confirm=$confirm&idp=http://auth.proxy.com/saml/metadata"), - accept => 'text/html', - length => length($confirm) + 48, - ), - 'Select IDP' - ); ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' ) or explain( $res->[1], diff --git a/lemonldap-ng-portal/t/37-SAML-SP-POST-to-CAS-server.t b/lemonldap-ng-portal/t/37-SAML-SP-POST-to-CAS-server.t index f6f38f160..eecec7101 100644 --- a/lemonldap-ng-portal/t/37-SAML-SP-POST-to-CAS-server.t +++ b/lemonldap-ng-portal/t/37-SAML-SP-POST-to-CAS-server.t @@ -10,7 +10,7 @@ BEGIN { require 't/saml-lib.pm'; } -my $maintests = 17; +my $maintests = 15; my $debug = 'error'; my ( $issuer, $proxy, $sp, $res ); my %handlerOR = ( issuer => [], proxy => [], sp => [] ); @@ -88,29 +88,6 @@ SKIP: { ), 'Unauth SP request' ); - expectOK($res); - ok( - $res->[2]->[0] =~ - /[2], -'' - ); - my $confirm = $1; - - # Choose idp on sp - ok( - $res = $sp->_post( - '/', - IO::String->new( - "confirm=$confirm&idp=http://auth.proxy.com/saml/metadata"), - accept => 'text/html', - length => length($confirm) + 48, - ), - 'Select IDP' - ); ok( expectCookie( $res, 'lemonldapidp' ), 'IDP cookie defined' ) or explain( $res->[1], diff --git a/lemonldap-ng-portal/t/37-SAML-SP-POST-to-OIDC-OP.t b/lemonldap-ng-portal/t/37-SAML-SP-POST-to-OIDC-OP.t index 11ebcf1f4..2593c341c 100644 --- a/lemonldap-ng-portal/t/37-SAML-SP-POST-to-OIDC-OP.t +++ b/lemonldap-ng-portal/t/37-SAML-SP-POST-to-OIDC-OP.t @@ -10,7 +10,7 @@ BEGIN { require 't/saml-lib.pm'; } -my $maintests = 13; +my $maintests = 12; my $debug = 'error'; my ( $op, $proxy, $sp, $res ); my %handlerOR = ( op => [], proxy => [], sp => [] ); @@ -110,18 +110,7 @@ SKIP: { ), 'Try SAML SP' ); - my ( $host, $url, $query ) = expectForm( $res, '#', undef, 'confirm' ); - ok( - $res = $sp->_post( - '/', - IO::String->new($query), - length => length($query), - accept => 'text/html', - cookie => 'lemonldapidp=http://auth.proxy.com/saml/metadata' - ), - 'Confirm IdP' - ); - ( $host, $url, $query ) = + my ( $host, $url, $query ) = expectForm( $res, 'auth.proxy.com', '/saml/singleSignOn', 'SAMLRequest' ); # Push SAML request to IdP