integration-0.1.0
Safe HaskellNone
LanguageGHC2021

Test.Spar.MultiIngressSSO

Synopsis

Documentation

testMultiIngressSSOGeneralIdp :: HasCallStack => App () Source #

Test multi-ingress SSO with an IdP that is not bound to a domain.

The IdP is created via a non-multi-ingress way/domain. It is valid for all domains - no matter if they are configured as multi-ingress domains or not. However, the SP must be consistent in the communication: If the SAML login flow was started on one domain, it must return to exactly this domain.

testMultiIngressSSODomainBoundIdp :: HasCallStack => App () Source #

Test multi-ingress SSO with an IdP that is bound to a domain.

The IdP is created on a multi-ingress domain. The details of managing multi-ingress IdPs are covered in MultiIngressIdp. Here we want to test that logins are possible with such an IdP, ensuring we haven't broken basic functionality.

multiIngressSSOCommonTest :: HasCallStack => (forall owner. (HasCallStack, MakesValue owner) => owner -> Maybe String -> App (Response, (IdPMetadata, SignPrivCreds))) -> App () Source #

checkAuthnRequest :: HasCallStack => String -> String -> String -> String -> App () Source #

Check the AuthnRequest by the SP (Wire backend) to be sent to the IdP

Most important: The Issuer must fit to the multi-ingress domain (host).

checkSPMetadata :: HasCallStack => String -> String -> String -> App () Source #

Check the metadata of the ServiceProvider (i.e. of the Wire backend on multi-ingress domain host)

makeSuccessfulSamlLogin :: MakesValue domain => domain -> String -> String -> String -> String -> (IdPMetadata, SignPrivCreds) -> App () Source #

finalizeLoginWithWrongZHost :: (MakesValue domain, HasCallStack) => String -> String -> domain -> String -> String -> (String, (IdPMetadata, SignPrivCreds)) -> App Response Source #