Modify invalid subject tests to not expect an error immediately #200
Conversation
bakejeyner
requested review from
blen-desta,
brjeter and
coyotesqrl
and removed request for
blen-desta
|
Is there an issue for this PR? |
| val samlResponseDom = response.getBindingVerifier().decodeAndVerifyError() | ||
| val finalHttpResponse = | ||
| TestCommon.getImplementation(IdpSSOResponder::class) | ||
| .getResponseForPostRequest(response) |
There was a problem hiding this comment.
I think I'm okay with this change until we run into an IdP that acts differently, but I think our IdP needing more interaction before validating the Subject is implementation-dependent.
There was a problem hiding this comment.
I agree that this is implementation dependent. I also agree that in order to fix this issue, a separate effort should be made to look into:
- How many of our tests are actually implementation dependent
- The best solution to solve this implementation dependence.
Implementation dependent example: IdP1 could take the AuthnRequest Subject and check it against its user database, sending an error response without having to log any user in. Whereas IdP2 (lookin' at you DDF) may log the user in, then compare that user to the Subject sent in the AuthnRequest.
|
@coyotesqrl There was no issue at the time of your comment, however I have created one and made links from the PR to the issue and vice versa. |
|
build now |
|
Build success! See the job results in Jenkins UI or in Blue Ocean UI. |
|
test ddf |
|
Internal DDF test has been started. Your results will be available at completion. See build progress in Jenkins UI or in Blue Ocean UI. |
|
Build failure. See the job results in Jenkins UI or in Blue Ocean UI. |
|
Oh forgot that codice/ddf#3733 needs to be merged for that test to pass. |
|
Build success! See the job results in Jenkins UI or in Blue Ocean UI. |
|
Hero successful ✅ |
|
test ddf |
|
Internal DDF test has been started. Your results will be available at completion. See build progress in Jenkins UI or in Blue Ocean UI. |
|
Build failure. See the job results in Jenkins UI or in Blue Ocean UI. |
|
build now |
|
Build success! See the job results in Jenkins UI or in Blue Ocean UI. |
###Issue
#201
Description of the Change
Before, the invalid subject error tests use to expect the IdP to error out directly after sending the
AuthnRequest. Now the tests will send theAuthnRequest, attempt the user login, then expect the error.Verification Process
The invalid subject error tests should pass when running the CTK against this branch of DDF.
Checklist: