coveralls
commented
5 years ago Pull Request Test Coverage Report for Build 31
- 56 of 146 (38.36%) changed or added relevant lines in 6 files are covered.
- 1 unchanged line in 1 file lost coverage.
- Overall coverage decreased (-3.2%) to 69.048%
| Changes Missing Coverage | Covered Lines | Changed/Added Lines | % | ||
|---|---|---|---|---|---|
| idp/response.go | 0 | 2 | 0.0% | ||
| idp/ecp.go | 33 | 121 | 27.27% | ||
| <!-- | Total: | 56 | 146 | 38.36% | --> |
| Files with Coverage Reduction | New Missed Lines | % | ||
|---|---|---|---|---|
| idp/sso.go | 1 | 59.9% | ||
| <!-- | Total: | 1 | --> |
| Totals | |
|---|---|
| Change from base Build 29: | -3.2% |
| Covered Lines: | 1102 |
| Relevant Lines: | 1596 |
ECP allows non-browser clients to follow an SSO flow similar to browser SSO but without redirects.
This IdP implementation of the ECP spec is not complete, but very close. Notably we don't validate channel bindings sent by the ECP client or SP. Shibboleth running as a SP, however, appears to not use channel bindings in favor of using signing and/or encryption to secure messages against tampering by the client.
We do validate the SP signature in the AuthnRequest relayed by the client and we verify that the SP is registered.