dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Enforce ID token signature verification in unit test (#1835)

Browse Source
This commit is contained in:
Clément OUDOT 2019-07-02 17:27:17 +02:00
parent e04a6f1983
commit 7c7dad9ab6
9 changed files with 63 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-OP-logout.t
View File

@ -214,7 +214,8 @@ sub switch {
}
sub op {
return LLNG::Manager::Test->new( {
return LLNG::Manager::Test->new(
{
ini => {
logLevel => $debug,
domain => 'idp.com',
@ -312,7 +313,8 @@ GQIDAQAB
sub rp {
my ( $jwks, $metadata ) = @_;
return LLNG::Manager::Test->new( {
return LLNG::Manager::Test->new(
{
ini => {
logLevel => $debug,
domain => 'rp.com',
@ -330,8 +332,9 @@ sub rp {
},
oidcOPMetaDataOptions => {
op => {
oidcOPMetaDataOptionsJWKSTimeout => 0,
oidcOPMetaDataOptionsClientSecret => "rpsecret",
oidcOPMetaDataOptionsCheckJWTSignature => 1,
oidcOPMetaDataOptionsJWKSTimeout => 0,
oidcOPMetaDataOptionsClientSecret => "rpsecret",
oidcOPMetaDataOptionsScope => "openid profile",
oidcOPMetaDataOptionsStoreIDToken => 0,
oidcOPMetaDataOptionsDisplay => "",

9
lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-public_client.t
View File

@ -311,7 +311,8 @@ sub switch {
}
sub op {
return LLNG::Manager::Test->new( {
return LLNG::Manager::Test->new(
{
ini => {
logLevel => $debug,
domain => 'idp.com',
@ -408,7 +409,8 @@ GQIDAQAB
sub rp {
my ( $jwks, $metadata ) = @_;
return LLNG::Manager::Test->new( {
return LLNG::Manager::Test->new(
{
ini => {
logLevel => $debug,
domain => 'rp.com',
@ -426,7 +428,8 @@ sub rp {
},
oidcOPMetaDataOptions => {
op => {
oidcOPMetaDataOptionsJWKSTimeout => 0,
oidcOPMetaDataOptionsCheckJWTSignature => 1,
oidcOPMetaDataOptionsJWKSTimeout => 0,
oidcOPMetaDataOptionsScope => "openid profile",
oidcOPMetaDataOptionsStoreIDToken => 0,
oidcOPMetaDataOptionsMaxAge => 30,

11
lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-with-authchoice.t
View File

@ -254,7 +254,8 @@ sub switch {
}
sub op {
return LLNG::Manager::Test->new( {
return LLNG::Manager::Test->new(
{
ini => {
logLevel => $debug,
domain => 'idp.com',
@ -362,7 +363,8 @@ GQIDAQAB
sub rp {
my ( $jwks, $metadata ) = @_;
return LLNG::Manager::Test->new( {
return LLNG::Manager::Test->new(
{
ini => {
logLevel => $debug,
domain => 'rp.com',
@ -380,8 +382,9 @@ sub rp {
},
oidcOPMetaDataOptions => {
op => {
oidcOPMetaDataOptionsJWKSTimeout => 0,
oidcOPMetaDataOptionsClientSecret => "rpsecret",
oidcOPMetaDataOptionsCheckJWTSignature => 1,
oidcOPMetaDataOptionsJWKSTimeout => 0,
oidcOPMetaDataOptionsClientSecret => "rpsecret",
oidcOPMetaDataOptionsScope => "openid profile",
oidcOPMetaDataOptionsStoreIDToken => 0,
oidcOPMetaDataOptionsDisplay => "",

11
lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code.t
View File

@ -311,7 +311,8 @@ sub switch {
}
sub op {
return LLNG::Manager::Test->new( {
return LLNG::Manager::Test->new(
{
ini => {
logLevel => $debug,
domain => 'idp.com',
@ -408,7 +409,8 @@ GQIDAQAB
sub rp {
my ( $jwks, $metadata ) = @_;
return LLNG::Manager::Test->new( {
return LLNG::Manager::Test->new(
{
ini => {
logLevel => $debug,
domain => 'rp.com',
@ -426,8 +428,9 @@ sub rp {
},
oidcOPMetaDataOptions => {
op => {
oidcOPMetaDataOptionsJWKSTimeout => 0,
oidcOPMetaDataOptionsClientSecret => "rpsecret",
oidcOPMetaDataOptionsCheckJWTSignature => 1,
oidcOPMetaDataOptionsJWKSTimeout => 0,
oidcOPMetaDataOptionsClientSecret => "rpsecret",
oidcOPMetaDataOptionsScope => "openid profile",
oidcOPMetaDataOptionsStoreIDToken => 0,
oidcOPMetaDataOptionsMaxAge => 30,

11
lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-hybrid.t
View File

@ -221,7 +221,8 @@ sub switch {
}
sub op {
return LLNG::Manager::Test->new( {
return LLNG::Manager::Test->new(
{
ini => {
logLevel => $debug,
domain => 'idp.com',
@ -316,7 +317,8 @@ GQIDAQAB
sub rp {
my ( $jwks, $metadata ) = @_;
return LLNG::Manager::Test->new( {
return LLNG::Manager::Test->new(
{
ini => {
logLevel => $debug,
domain => 'rp.com',
@ -333,8 +335,9 @@ sub rp {
},
oidcOPMetaDataOptions => {
op => {
oidcOPMetaDataOptionsJWKSTimeout => 0,
oidcOPMetaDataOptionsClientSecret => "rpsecret",
oidcOPMetaDataOptionsCheckJWTSignature => 1,
oidcOPMetaDataOptionsJWKSTimeout => 0,
oidcOPMetaDataOptionsClientSecret => "rpsecret",
oidcOPMetaDataOptionsScope => "openid profile",
oidcOPMetaDataOptionsStoreIDToken => 0,
oidcOPMetaDataOptionsDisplay => "",

11
lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-implicit.t
View File

@ -204,7 +204,8 @@ sub switch {
}
sub op {
return LLNG::Manager::Test->new( {
return LLNG::Manager::Test->new(
{
ini => {
logLevel => $debug,
domain => 'idp.com',
@ -298,7 +299,8 @@ GQIDAQAB
sub rp {
my ( $jwks, $metadata ) = @_;
return LLNG::Manager::Test->new( {
return LLNG::Manager::Test->new(
{
ini => {
logLevel => $debug,
domain => 'rp.com',
@ -315,8 +317,9 @@ sub rp {
},
oidcOPMetaDataOptions => {
op => {
oidcOPMetaDataOptionsJWKSTimeout => 0,
oidcOPMetaDataOptionsClientSecret => "rpsecret",
oidcOPMetaDataOptionsCheckJWTSignature => 1,
oidcOPMetaDataOptionsJWKSTimeout => 0,
oidcOPMetaDataOptionsClientSecret => "rpsecret",
oidcOPMetaDataOptionsScope => "openid profile",
oidcOPMetaDataOptionsStoreIDToken => 0,
oidcOPMetaDataOptionsDisplay => "",

21
lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-sorted.t
View File

@ -118,7 +118,8 @@ sub switch {
}
sub op {
return LLNG::Manager::Test->new( {
return LLNG::Manager::Test->new(
{
ini => {
logLevel => $debug,
domain => 'idp.com',
@ -212,7 +213,8 @@ GQIDAQAB
sub rp {
my ( $jwks, $metadata ) = @_;
return LLNG::Manager::Test->new( {
return LLNG::Manager::Test->new(
{
ini => {
logLevel => $debug,
domain => 'rp.com',
@ -241,8 +243,9 @@ sub rp {
},
oidcOPMetaDataOptions => {
op => {
oidcOPMetaDataOptionsJWKSTimeout => 0,
oidcOPMetaDataOptionsClientSecret => "rpsecret",
oidcOPMetaDataOptionsCheckJWTSignature => 1,
oidcOPMetaDataOptionsJWKSTimeout => 0,
oidcOPMetaDataOptionsClientSecret => "rpsecret",
oidcOPMetaDataOptionsScope => "openid profile",
oidcOPMetaDataOptionsStoreIDToken => 0,
oidcOPMetaDataOptionsDisplay => "",
@ -253,8 +256,9 @@ sub rp {
"https://auth.op.com/.well-known/openid-configuration"
},
op2 => {
oidcOPMetaDataOptionsJWKSTimeout => 0,
oidcOPMetaDataOptionsClientSecret => "rpsecret",
oidcOPMetaDataOptionsCheckJWTSignature => 1,
oidcOPMetaDataOptionsJWKSTimeout => 0,
oidcOPMetaDataOptionsClientSecret => "rpsecret",
oidcOPMetaDataOptionsScope => "openid profile",
oidcOPMetaDataOptionsStoreIDToken => 0,
oidcOPMetaDataOptionsDisplay => "",
@ -264,8 +268,9 @@ sub rp {
"https://auth.op.com/.well-known/openid-configuration"
},
op3 => {
oidcOPMetaDataOptionsJWKSTimeout => 0,
oidcOPMetaDataOptionsClientSecret => "rpsecret",
oidcOPMetaDataOptionsCheckJWTSignature => 1,
oidcOPMetaDataOptionsJWKSTimeout => 0,
oidcOPMetaDataOptionsClientSecret => "rpsecret",
oidcOPMetaDataOptionsScope => "openid profile",
oidcOPMetaDataOptionsStoreIDToken => 0,
oidcOPMetaDataOptionsDisplay => "",

3
lemonldap-ng-portal/t/32-CAS-10.t
View File

@ -93,7 +93,8 @@ sub switch {
}
sub issuer {
return LLNG::Manager::Test->new( {
return LLNG::Manager::Test->new(
{
ini => {
logLevel => $debug,
domain => 'idp.com',

11
lemonldap-ng-portal/t/32-OIDC-RP-rule.t
View File

@ -129,7 +129,8 @@ sub switch {
}
sub op {
return LLNG::Manager::Test->new( {
return LLNG::Manager::Test->new(
{
ini => {
logLevel => $debug,
domain => 'idp.com',
@ -225,7 +226,8 @@ GQIDAQAB
sub rp {
my ( $jwks, $metadata ) = @_;
return LLNG::Manager::Test->new( {
return LLNG::Manager::Test->new(
{
ini => {
logLevel => $debug,
domain => 'rp.com',
@ -243,8 +245,9 @@ sub rp {
},
oidcOPMetaDataOptions => {
op => {
oidcOPMetaDataOptionsJWKSTimeout => 0,
oidcOPMetaDataOptionsClientSecret => "rpsecret",
oidcOPMetaDataOptionsCheckJWTSignature => 1,
oidcOPMetaDataOptionsJWKSTimeout => 0,
oidcOPMetaDataOptionsClientSecret => "rpsecret",
oidcOPMetaDataOptionsScope => "openid profile",
oidcOPMetaDataOptionsStoreIDToken => 0,
oidcOPMetaDataOptionsDisplay => "",