use of ddf.security.assertion.saml.impl.SecurityAssertionSaml in project ddf by codice.
the class SecurityAssertionSamlTest method testSampleAssertion.
@Test
public void testSampleAssertion() throws Exception {
Element issuedAssertion = this.readDocument("/saml.xml").getDocumentElement();
String assertionId = issuedAssertion.getAttributeNodeNS(null, "ID").getNodeValue();
SecurityAssertionSaml assertion = new SecurityAssertionSaml(issuedAssertion);
assertNotNull(assertion.getToken());
assertEquals(issuedAssertion, assertion.getToken());
assertEquals(ISSUER, assertion.getIssuer());
assertEquals(PRINCIPAL, assertion.getPrincipal().getName());
assertEquals(PRINCIPAL, assertion.getPrincipal().toString());
assertEquals(NUM_ATTRIBUTES, assertion.getAttributeStatements().size());
List<AuthenticationStatement> authnStatements = assertion.getAuthnStatements();
assertEquals(NUM_NAUTH, authnStatements.size());
assertEquals((long) NUM_NAUTH, authnStatements.stream().map(AuthenticationStatement::getSessionIndex).count());
Optional<String> sessionIndex = authnStatements.stream().map(AuthenticationStatement::getSessionIndex).findFirst();
assertTrue(sessionIndex.isPresent());
assertEquals(SESSION_INDEX, sessionIndex.get());
assertEquals(DatatypeConverter.parseDateTime(BEFORE).getTimeInMillis(), assertion.getNotBefore().getTime());
assertEquals(DatatypeConverter.parseDateTime(AFTER).getTimeInMillis(), assertion.getNotOnOrAfter().getTime());
// we don't currently parse these
// assertEquals(NUM_AUTHZ, assertion.getAuthzDecisionStatements().size());
assertNotNull(assertion.toString());
assertTrue(assertion.isPresentlyValid());
}
use of ddf.security.assertion.saml.impl.SecurityAssertionSaml in project ddf by codice.
the class SecurityAssertionSamlTest method testIsPresentlyValidWithNullBounds.
@Test
public void testIsPresentlyValidWithNullBounds() throws Exception {
Element issuedAssertion = this.readDocument("/saml.xml").getDocumentElement();
// Remove Time Bounds
issuedAssertion.getElementsByTagName("saml2:Conditions").item(0).getAttributes().removeNamedItem("NotBefore");
issuedAssertion.getElementsByTagName("saml2:Conditions").item(0).getAttributes().removeNamedItem("NotOnOrAfter");
SecurityAssertionSaml assertion = getSecurityAssertion(issuedAssertion);
assertTrue(assertion.isPresentlyValid());
}
use of ddf.security.assertion.saml.impl.SecurityAssertionSaml in project ddf by codice.
the class LogoutRequestService method sendLogoutRequest.
@GET
@Path("/request")
public Response sendLogoutRequest(@QueryParam("EncryptedNameIdTime") String encryptedNameIdTime) {
String nameIdTime = encryptionService.decrypt(encryptedNameIdTime);
String[] nameIdTimeArray = StringUtils.split(nameIdTime, "\n");
if (nameIdTimeArray.length == 2) {
try {
String name = nameIdTimeArray[0];
long time = Long.parseLong(nameIdTimeArray[1]);
if (System.currentTimeMillis() - time > logOutPageTimeOut) {
String msg = String.format("Logout request was older than %sms old so it was rejected. Please refresh page and request again.", logOutPageTimeOut);
LOGGER.info(msg);
return buildLogoutResponse(msg);
}
Element idpSecToken = getIdpSecurityToken();
if (idpSecToken == null) {
LOGGER.info("Unable to logout. Please try again.");
return buildLogoutResponse("Unable to logout. Please try again.");
}
// Logout removes the SAML assertion. This statement must be called before the SAML
// assertion is removed.
List<String> sessionIndexes = new SecurityAssertionSaml(idpSecToken).getAuthnStatements().stream().filter(Objects::nonNull).map(AuthenticationStatement::getSessionIndex).collect(Collectors.toList());
logout();
if (logoutMessage == null) {
LOGGER.info("Logout message not available yet");
return buildLogoutResponse(UNABLE_TO_CREATE_LOGOUT_REQUEST);
}
LogoutWrapper<LogoutRequest> logoutRequest = logoutMessage.buildLogoutRequest(name, getEntityId(), sessionIndexes);
String relayState = relayStates.encode(name);
return getLogoutRequest(relayState, logoutRequest);
} catch (RuntimeException e) {
LOGGER.info(UNABLE_TO_CREATE_LOGOUT_REQUEST, e);
return buildLogoutResponse(UNABLE_TO_CREATE_LOGOUT_REQUEST);
}
} else {
LOGGER.info(UNABLE_TO_DECRYPT_LOGOUT_REQUEST);
return buildLogoutResponse(UNABLE_TO_DECRYPT_LOGOUT_REQUEST);
}
}
use of ddf.security.assertion.saml.impl.SecurityAssertionSaml in project ddf by codice.
the class SamlAssertionValidatorImplTest method testValidateUnsignedAssertion.
@Test(expected = AuthenticationFailureException.class)
public void testValidateUnsignedAssertion() throws Exception {
Assertion assertion = createAssertion(false, true, ISSUER, new DateTime().plusDays(3));
Element securityToken = SAMLUtils.getInstance().getSecurityTokenFromSAMLAssertion(samlObjectToString(assertion));
SimplePrincipalCollection simplePrincipalCollection = new SimplePrincipalCollection();
simplePrincipalCollection.add(new SecurityAssertionSaml(securityToken), "default");
SAMLAuthenticationToken samlAuthenticationToken = new SAMLAuthenticationToken(simplePrincipalCollection, simplePrincipalCollection, "127.0.0.1");
samlAssertionValidator.validate(samlAuthenticationToken);
}
use of ddf.security.assertion.saml.impl.SecurityAssertionSaml in project ddf by codice.
the class SamlAssertionValidatorImplTest method testValidateWithHolderOfKeyAssertion.
@Test
public void testValidateWithHolderOfKeyAssertion() throws Exception {
Assertion assertion = createHolderOfKeyAssertion();
Element securityToken = SAMLUtils.getInstance().getSecurityTokenFromSAMLAssertion(samlObjectToString(assertion));
SimplePrincipalCollection simplePrincipalCollection = new SimplePrincipalCollection();
simplePrincipalCollection.add(new SecurityAssertionSaml(securityToken), "default");
SAMLAuthenticationToken samlAuthenticationToken = new SAMLAuthenticationToken(simplePrincipalCollection, simplePrincipalCollection, "127.0.0.1");
X509Certificate[] certs = { certificate };
samlAuthenticationToken.setX509Certs(certs);
samlAssertionValidator.validate(samlAuthenticationToken);
}
Aggregations