Examples with Assertion org.apereo.cas.validation.Assertion used on opensource projects

Example 11 with Assertion

use of org.apereo.cas.validation.Assertion in project cas by apereo.

the class Saml10SuccessResponseViewTests method verifyResponseWithoutAuthMethod.

@Test
public void verifyResponseWithoutAuthMethod() throws Exception {
    final Map<String, Object> model = new HashMap<>();
    final Map<String, Object> attributes = new HashMap<>();
    attributes.put(TEST_ATTRIBUTE, TEST_VALUE);
    final Principal principal = new DefaultPrincipalFactory().createPrincipal(PRINCIPAL_ID, attributes);
    final Map<String, Object> authnAttributes = new HashMap<>();
    authnAttributes.put("authnAttribute1", "authnAttrbuteV1");
    authnAttributes.put("authnAttribute2", "authnAttrbuteV2");
    authnAttributes.put(RememberMeCredential.AUTHENTICATION_ATTRIBUTE_REMEMBER_ME, Boolean.TRUE);
    final Authentication primary = CoreAuthenticationTestUtils.getAuthentication(principal, authnAttributes);
    final Assertion assertion = new ImmutableAssertion(primary, Collections.singletonList(primary), CoreAuthenticationTestUtils.getService(), true);
    model.put("assertion", assertion);
    final MockHttpServletResponse servletResponse = new MockHttpServletResponse();
    this.response.renderMergedOutputModel(model, new MockHttpServletRequest(), servletResponse);
    final String written = servletResponse.getContentAsString();
    assertTrue(written.contains(PRINCIPAL_ID));
    assertTrue(written.contains(TEST_ATTRIBUTE));
    assertTrue(written.contains(TEST_VALUE));
    assertTrue(written.contains("authnAttribute1"));
    assertTrue(written.contains("authnAttribute2"));
    assertTrue(written.contains(CasProtocolConstants.VALIDATION_REMEMBER_ME_ATTRIBUTE_NAME));
    assertTrue(written.contains("urn:oasis:names:tc:SAML:1.0:am:unspecified"));
}

Example 12 with Assertion

use of org.apereo.cas.validation.Assertion in project cas by apereo.

the class OpenIdServiceResponseBuilder method build.

/**
     * Generates an Openid response.
     * If no ticketId is found, response is negative.
     * If we have a ticket id, then we check if we have an association.
     * If so, we ask OpenId server manager to generate the answer according with the existing association.
     * If not, we send back an answer with the ticket id as association handle.
     * This will force the consumer to ask a verification, which will validate the service ticket.
     *
     * @param ticketId              the service ticket to provide to the service.
     * @param webApplicationService the service requesting an openid response
     * @return the generated authentication answer
     */
@Override
public Response build(final WebApplicationService webApplicationService, final String ticketId) {
    final OpenIdService service = (OpenIdService) webApplicationService;
    final ParameterList parameterList = new ParameterList(WebUtils.getHttpServletRequestFromRequestAttributes().getParameterMap());
    final Map<String, String> parameters = new HashMap<>();
    if (StringUtils.isBlank(ticketId)) {
        parameters.put(OpenIdProtocolConstants.OPENID_MODE, OpenIdProtocolConstants.CANCEL);
        return buildRedirect(service, parameters);
    }
    final Association association = getAssociation(serverManager, parameterList);
    final boolean associated = association != null;
    final boolean associationValid = isAssociationValid(association);
    boolean successFullAuthentication = true;
    Assertion assertion = null;
    try {
        if (associated && associationValid) {
            assertion = centralAuthenticationService.validateServiceTicket(ticketId, service);
            LOGGER.debug("Validated openid ticket [{}] for [{}]", ticketId, service);
        } else if (!associated) {
            LOGGER.debug("Responding to non-associated mode. Service ticket [{}] must be validated by the RP", ticketId);
        } else {
            LOGGER.warn("Association does not exist or is not valid");
            successFullAuthentication = false;
        }
    } catch (final AbstractTicketException e) {
        LOGGER.error("Could not validate ticket : [{}]", e.getMessage(), e);
        successFullAuthentication = false;
    }
    final String id = determineIdentity(service, assertion);
    return buildAuthenticationResponse(service, parameters, successFullAuthentication, id, parameterList);
}

Example 13 with Assertion

use of org.apereo.cas.validation.Assertion in project cas by apereo.

the class MultifactorAuthenticationTests method verifyAllowsAccessToHighSecurityServiceWithPasswordAndOTPViaRenew.

@Test
public void verifyAllowsAccessToHighSecurityServiceWithPasswordAndOTPViaRenew() throws Exception {
    // Note the original credential used to start SSO session does not satisfy security policy
    final AuthenticationResult ctx2 = processAuthenticationAttempt(HIGH_SERVICE, newUserPassCredentials(ALICE, ALICE), new OneTimePasswordCredential(ALICE, PASSWORD_31415));
    final TicketGrantingTicket tgt = cas.createTicketGrantingTicket(ctx2);
    assertNotNull(tgt);
    final ServiceTicket st = cas.grantServiceTicket(tgt.getId(), HIGH_SERVICE, ctx2);
    assertNotNull(st);
    // Confirm the authentication in the assertion is the one that satisfies security policy
    final Assertion assertion = cas.validateServiceTicket(st.getId(), HIGH_SERVICE);
    assertEquals(2, assertion.getPrimaryAuthentication().getSuccesses().size());
    assertTrue(assertion.getPrimaryAuthentication().getSuccesses().containsKey(AcceptUsersAuthenticationHandler.class.getSimpleName()));
    assertTrue(assertion.getPrimaryAuthentication().getSuccesses().containsKey(TestOneTimePasswordAuthenticationHandler.class.getSimpleName()));
    assertTrue(assertion.getPrimaryAuthentication().getAttributes().containsKey(AuthenticationHandler.SUCCESSFUL_AUTHENTICATION_HANDLERS));
}

Example 14 with Assertion

use of org.apereo.cas.validation.Assertion in project cas by apereo.

the class CentralAuthenticationServiceImplTests method verifyValidateServiceTicketReturnOnlyAllowedAttribute.

@Test
public void verifyValidateServiceTicketReturnOnlyAllowedAttribute() throws Exception {
    final Service service = getService("eduPersonTestInvalid");
    final AuthenticationResult ctx = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), service);
    final TicketGrantingTicket ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(ctx);
    final ServiceTicket serviceTicket = getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket.getId(), service, ctx);
    final Assertion assertion = getCentralAuthenticationService().validateServiceTicket(serviceTicket.getId(), service);
    final Authentication auth = assertion.getPrimaryAuthentication();
    final Map<String, Object> attributes = auth.getPrincipal().getAttributes();
    assertEquals(1, attributes.size());
    assertEquals("adopters", attributes.get("groupMembership"));
}

Example 15 with Assertion

use of org.apereo.cas.validation.Assertion in project cas by apereo.

the class CentralAuthenticationServiceImplTests method verifyValidateServiceTicketAnonymous.

@Test
public void verifyValidateServiceTicketAnonymous() throws Exception {
    final Service service = getService("testAnonymous");
    final UsernamePasswordCredential cred = CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword();
    final AuthenticationResult ctx = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), service);
    final TicketGrantingTicket ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(ctx);
    final ServiceTicket serviceTicket = getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket.getId(), service, ctx);
    final Assertion assertion = getCentralAuthenticationService().validateServiceTicket(serviceTicket.getId(), service);
    final Authentication auth = assertion.getPrimaryAuthentication();
    assertNotEquals(cred.getUsername(), auth.getPrincipal().getId());
}