dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Enforce ID token signature verification in unit test (#1835)

Browse Source
This commit is contained in:
Clément OUDOT 2019-07-02 17:27:17 +02:00
parent e04a6f1983
commit 7c7dad9ab6
9 changed files with 63 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-OP-logout.t
View File

@ -214,7 +214,8 @@ sub switch {
} }
sub op { sub op {
return LLNG::Manager::Test->new( { return LLNG::Manager::Test->new(
{
ini => { ini => {
logLevel => $debug, logLevel => $debug,
domain => 'idp.com', domain => 'idp.com',
@ -312,7 +313,8 @@ GQIDAQAB
sub rp { sub rp {
my ( $jwks, $metadata ) = @_; my ( $jwks, $metadata ) = @_;
return LLNG::Manager::Test->new( { return LLNG::Manager::Test->new(
{
ini => { ini => {
logLevel => $debug, logLevel => $debug,
domain => 'rp.com', domain => 'rp.com',
@ -330,6 +332,7 @@ sub rp {
}, },
oidcOPMetaDataOptions => { oidcOPMetaDataOptions => {
op => { op => {
oidcOPMetaDataOptionsCheckJWTSignature => 1,
oidcOPMetaDataOptionsJWKSTimeout => 0, oidcOPMetaDataOptionsJWKSTimeout => 0,
oidcOPMetaDataOptionsClientSecret => "rpsecret", oidcOPMetaDataOptionsClientSecret => "rpsecret",
oidcOPMetaDataOptionsScope => "openid profile", oidcOPMetaDataOptionsScope => "openid profile",

7
lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-public_client.t
View File

@ -311,7 +311,8 @@ sub switch {
} }
sub op { sub op {
return LLNG::Manager::Test->new( { return LLNG::Manager::Test->new(
{
ini => { ini => {
logLevel => $debug, logLevel => $debug,
domain => 'idp.com', domain => 'idp.com',
@ -408,7 +409,8 @@ GQIDAQAB
sub rp { sub rp {
my ( $jwks, $metadata ) = @_; my ( $jwks, $metadata ) = @_;
return LLNG::Manager::Test->new( { return LLNG::Manager::Test->new(
{
ini => { ini => {
logLevel => $debug, logLevel => $debug,
domain => 'rp.com', domain => 'rp.com',
@ -426,6 +428,7 @@ sub rp {
}, },
oidcOPMetaDataOptions => { oidcOPMetaDataOptions => {
op => { op => {
oidcOPMetaDataOptionsCheckJWTSignature => 1,
oidcOPMetaDataOptionsJWKSTimeout => 0, oidcOPMetaDataOptionsJWKSTimeout => 0,
oidcOPMetaDataOptionsScope => "openid profile", oidcOPMetaDataOptionsScope => "openid profile",
oidcOPMetaDataOptionsStoreIDToken => 0, oidcOPMetaDataOptionsStoreIDToken => 0,

7
lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code-with-authchoice.t
View File

@ -254,7 +254,8 @@ sub switch {
} }
sub op { sub op {
return LLNG::Manager::Test->new( { return LLNG::Manager::Test->new(
{
ini => { ini => {
logLevel => $debug, logLevel => $debug,
domain => 'idp.com', domain => 'idp.com',
@ -362,7 +363,8 @@ GQIDAQAB
sub rp { sub rp {
my ( $jwks, $metadata ) = @_; my ( $jwks, $metadata ) = @_;
return LLNG::Manager::Test->new( { return LLNG::Manager::Test->new(
{
ini => { ini => {
logLevel => $debug, logLevel => $debug,
domain => 'rp.com', domain => 'rp.com',
@ -380,6 +382,7 @@ sub rp {
}, },
oidcOPMetaDataOptions => { oidcOPMetaDataOptions => {
op => { op => {
oidcOPMetaDataOptionsCheckJWTSignature => 1,
oidcOPMetaDataOptionsJWKSTimeout => 0, oidcOPMetaDataOptionsJWKSTimeout => 0,
oidcOPMetaDataOptionsClientSecret => "rpsecret", oidcOPMetaDataOptionsClientSecret => "rpsecret",
oidcOPMetaDataOptionsScope => "openid profile", oidcOPMetaDataOptionsScope => "openid profile",

7
lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-authorization_code.t
View File

@ -311,7 +311,8 @@ sub switch {
} }
sub op { sub op {
return LLNG::Manager::Test->new( { return LLNG::Manager::Test->new(
{
ini => { ini => {
logLevel => $debug, logLevel => $debug,
domain => 'idp.com', domain => 'idp.com',
@ -408,7 +409,8 @@ GQIDAQAB
sub rp { sub rp {
my ( $jwks, $metadata ) = @_; my ( $jwks, $metadata ) = @_;
return LLNG::Manager::Test->new( { return LLNG::Manager::Test->new(
{
ini => { ini => {
logLevel => $debug, logLevel => $debug,
domain => 'rp.com', domain => 'rp.com',
@ -426,6 +428,7 @@ sub rp {
}, },
oidcOPMetaDataOptions => { oidcOPMetaDataOptions => {
op => { op => {
oidcOPMetaDataOptionsCheckJWTSignature => 1,
oidcOPMetaDataOptionsJWKSTimeout => 0, oidcOPMetaDataOptionsJWKSTimeout => 0,
oidcOPMetaDataOptionsClientSecret => "rpsecret", oidcOPMetaDataOptionsClientSecret => "rpsecret",
oidcOPMetaDataOptionsScope => "openid profile", oidcOPMetaDataOptionsScope => "openid profile",

7
lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-hybrid.t
View File

@ -221,7 +221,8 @@ sub switch {
} }
sub op { sub op {
return LLNG::Manager::Test->new( { return LLNG::Manager::Test->new(
{
ini => { ini => {
logLevel => $debug, logLevel => $debug,
domain => 'idp.com', domain => 'idp.com',
@ -316,7 +317,8 @@ GQIDAQAB
sub rp { sub rp {
my ( $jwks, $metadata ) = @_; my ( $jwks, $metadata ) = @_;
return LLNG::Manager::Test->new( { return LLNG::Manager::Test->new(
{
ini => { ini => {
logLevel => $debug, logLevel => $debug,
domain => 'rp.com', domain => 'rp.com',
@ -333,6 +335,7 @@ sub rp {
}, },
oidcOPMetaDataOptions => { oidcOPMetaDataOptions => {
op => { op => {
oidcOPMetaDataOptionsCheckJWTSignature => 1,
oidcOPMetaDataOptionsJWKSTimeout => 0, oidcOPMetaDataOptionsJWKSTimeout => 0,
oidcOPMetaDataOptionsClientSecret => "rpsecret", oidcOPMetaDataOptionsClientSecret => "rpsecret",
oidcOPMetaDataOptionsScope => "openid profile", oidcOPMetaDataOptionsScope => "openid profile",

7
lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-implicit.t
View File

@ -204,7 +204,8 @@ sub switch {
} }
sub op { sub op {
return LLNG::Manager::Test->new( { return LLNG::Manager::Test->new(
{
ini => { ini => {
logLevel => $debug, logLevel => $debug,
domain => 'idp.com', domain => 'idp.com',
@ -298,7 +299,8 @@ GQIDAQAB
sub rp { sub rp {
my ( $jwks, $metadata ) = @_; my ( $jwks, $metadata ) = @_;
return LLNG::Manager::Test->new( { return LLNG::Manager::Test->new(
{
ini => { ini => {
logLevel => $debug, logLevel => $debug,
domain => 'rp.com', domain => 'rp.com',
@ -315,6 +317,7 @@ sub rp {
}, },
oidcOPMetaDataOptions => { oidcOPMetaDataOptions => {
op => { op => {
oidcOPMetaDataOptionsCheckJWTSignature => 1,
oidcOPMetaDataOptionsJWKSTimeout => 0, oidcOPMetaDataOptionsJWKSTimeout => 0,
oidcOPMetaDataOptionsClientSecret => "rpsecret", oidcOPMetaDataOptionsClientSecret => "rpsecret",
oidcOPMetaDataOptionsScope => "openid profile", oidcOPMetaDataOptionsScope => "openid profile",

9
lemonldap-ng-portal/t/32-Auth-and-issuer-OIDC-sorted.t
View File

@ -118,7 +118,8 @@ sub switch {
} }
sub op { sub op {
return LLNG::Manager::Test->new( { return LLNG::Manager::Test->new(
{
ini => { ini => {
logLevel => $debug, logLevel => $debug,
domain => 'idp.com', domain => 'idp.com',
@ -212,7 +213,8 @@ GQIDAQAB
sub rp { sub rp {
my ( $jwks, $metadata ) = @_; my ( $jwks, $metadata ) = @_;
return LLNG::Manager::Test->new( { return LLNG::Manager::Test->new(
{
ini => { ini => {
logLevel => $debug, logLevel => $debug,
domain => 'rp.com', domain => 'rp.com',
@ -241,6 +243,7 @@ sub rp {
}, },
oidcOPMetaDataOptions => { oidcOPMetaDataOptions => {
op => { op => {
oidcOPMetaDataOptionsCheckJWTSignature => 1,
oidcOPMetaDataOptionsJWKSTimeout => 0, oidcOPMetaDataOptionsJWKSTimeout => 0,
oidcOPMetaDataOptionsClientSecret => "rpsecret", oidcOPMetaDataOptionsClientSecret => "rpsecret",
oidcOPMetaDataOptionsScope => "openid profile", oidcOPMetaDataOptionsScope => "openid profile",
@ -253,6 +256,7 @@ sub rp {
"https://auth.op.com/.well-known/openid-configuration" "https://auth.op.com/.well-known/openid-configuration"
}, },
op2 => { op2 => {
oidcOPMetaDataOptionsCheckJWTSignature => 1,
oidcOPMetaDataOptionsJWKSTimeout => 0, oidcOPMetaDataOptionsJWKSTimeout => 0,
oidcOPMetaDataOptionsClientSecret => "rpsecret", oidcOPMetaDataOptionsClientSecret => "rpsecret",
oidcOPMetaDataOptionsScope => "openid profile", oidcOPMetaDataOptionsScope => "openid profile",
@ -264,6 +268,7 @@ sub rp {
"https://auth.op.com/.well-known/openid-configuration" "https://auth.op.com/.well-known/openid-configuration"
}, },
op3 => { op3 => {
oidcOPMetaDataOptionsCheckJWTSignature => 1,
oidcOPMetaDataOptionsJWKSTimeout => 0, oidcOPMetaDataOptionsJWKSTimeout => 0,
oidcOPMetaDataOptionsClientSecret => "rpsecret", oidcOPMetaDataOptionsClientSecret => "rpsecret",
oidcOPMetaDataOptionsScope => "openid profile", oidcOPMetaDataOptionsScope => "openid profile",

3
lemonldap-ng-portal/t/32-CAS-10.t
View File

@ -93,7 +93,8 @@ sub switch {
} }
sub issuer { sub issuer {
return LLNG::Manager::Test->new( { return LLNG::Manager::Test->new(
{
ini => { ini => {
logLevel => $debug, logLevel => $debug,
domain => 'idp.com', domain => 'idp.com',

7
lemonldap-ng-portal/t/32-OIDC-RP-rule.t
View File

@ -129,7 +129,8 @@ sub switch {
} }
sub op { sub op {
return LLNG::Manager::Test->new( { return LLNG::Manager::Test->new(
{
ini => { ini => {
logLevel => $debug, logLevel => $debug,
domain => 'idp.com', domain => 'idp.com',
@ -225,7 +226,8 @@ GQIDAQAB
sub rp { sub rp {
my ( $jwks, $metadata ) = @_; my ( $jwks, $metadata ) = @_;
return LLNG::Manager::Test->new( { return LLNG::Manager::Test->new(
{
ini => { ini => {
logLevel => $debug, logLevel => $debug,
domain => 'rp.com', domain => 'rp.com',
@ -243,6 +245,7 @@ sub rp {
}, },
oidcOPMetaDataOptions => { oidcOPMetaDataOptions => {
op => { op => {
oidcOPMetaDataOptionsCheckJWTSignature => 1,
oidcOPMetaDataOptionsJWKSTimeout => 0, oidcOPMetaDataOptionsJWKSTimeout => 0,
oidcOPMetaDataOptionsClientSecret => "rpsecret", oidcOPMetaDataOptionsClientSecret => "rpsecret",
oidcOPMetaDataOptionsScope => "openid profile", oidcOPMetaDataOptionsScope => "openid profile",