integration-0.1.0
Safe HaskellNone
LanguageGHC2021

Test.Spar.MultiIngressSSO

Synopsis

Documentation

testMultiIngressSSOGeneralIdp :: HasCallStack => App () Source #

Test multi-ingress SSO with an IdP that is not bound to a domain.

In this case NO SSO login can happen as a redirect to a common IdP would leak information about relationships to a common backend. Also, in reality it is very hard (to impossible for some IdPs) to find a valid and sound configuration for multiple domains at IdP SaaS.

testMultiIngressSSODomainBoundIdp :: HasCallStack => App () Source #

Test multi-ingress SSO with an IdP that is bound to a domain.

The IdP is created on a multi-ingress domain. The details of managing multi-ingress IdPs are covered in MultiIngressIdp. Here we want to test that logins are possible with such an IdP, but only if the request's and IdP's domains match.

testSsoWithoutMultiIngress :: HasCallStack => App () Source #

Test that without multi-ingress configuration, endpoints are domain-agnostic.

In the standard (non-multi-ingress) case, SAML endpoints work regardless of which domain (Z-Host) is used or if no Z-Host is specified.

checkAuthnRequest :: (HasCallStack, MakesValue domain) => domain -> String -> String -> String -> App () Source #

Check the AuthnRequest by the SP (Wire backend) to be sent to the IdP

Most important: The Issuer must fit to the multi-ingress domain (host).

checkAuthnRequestBase :: (HasCallStack, MakesValue domain) => domain -> Maybe String -> String -> String -> String -> App () Source #

Check the AuthnRequest by the SP (Wire backend) to be sent to the IdP

Compares the Issuer in the request against an expected target host URL. This allows testing that requests to different hosts produce different (or same) Issuer URLs.

checkSPMetadata :: (HasCallStack, MakesValue domain) => domain -> String -> String -> App () Source #

Check the metadata of the ServiceProvider (i.e. of the Wire backend on multi-ingress domain host)