From 8b618026ed0460de87f9b412e7a6b670f28d96f6 Mon Sep 17 00:00:00 2001 From: Thijs Kinkhorst Date: Tue, 24 Oct 2023 11:39:56 +0200 Subject: [PATCH] When starting an engine IdP debug authentication, force authentication at the IdP This ensures we have a fresh session of the user to test against, so any changes to the IdP config will be reflected in this debug result. --- library/EngineBlock/Corto/Module/Service/SingleSignOn.php | 1 + .../Features/Debug.feature | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/library/EngineBlock/Corto/Module/Service/SingleSignOn.php b/library/EngineBlock/Corto/Module/Service/SingleSignOn.php index 4fb613b261..06ee58ce83 100644 --- a/library/EngineBlock/Corto/Module/Service/SingleSignOn.php +++ b/library/EngineBlock/Corto/Module/Service/SingleSignOn.php @@ -375,6 +375,7 @@ protected function _createDebugRequest() $issuer = new Issuer(); $issuer->setValue($this->_server->getUrl('spMetadataService')); $sspRequest->setIssuer($issuer); + $sspRequest->setForceAuthn(true); $request = new EngineBlock_Saml2_AuthnRequestAnnotationDecorator($sspRequest); $request->setDebug(); diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Debug.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Debug.feature index 729be043b8..d26e1e45c9 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Debug.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/Debug.feature @@ -29,3 +29,9 @@ Feature: And I should see "test" And I should see "urn:mace:terena.org:attribute-def:schacHomeOrganization" And I should see "engine-test-stand.openconext.org" + + Scenario: A debug AuthnRequest should force the user to relogin + When I go to Engineblock URL "/authentication/sp/debug" + And I select "Second-IdP" on the WAYF + And I pass through EngineBlock + Then the received AuthnRequest should match xpath '/samlp:AuthnRequest[@ForceAuthn="true"]'