Search in sources :

Example 1 with SecurityAssertionSaml

use of ddf.security.assertion.saml.impl.SecurityAssertionSaml in project ddf by codice.

the class SecurityAssertionSamlTest method testSampleAssertion.

@Test
public void testSampleAssertion() throws Exception {
    Element issuedAssertion = this.readDocument("/saml.xml").getDocumentElement();
    String assertionId = issuedAssertion.getAttributeNodeNS(null, "ID").getNodeValue();
    SecurityAssertionSaml assertion = new SecurityAssertionSaml(issuedAssertion);
    assertNotNull(assertion.getToken());
    assertEquals(issuedAssertion, assertion.getToken());
    assertEquals(ISSUER, assertion.getIssuer());
    assertEquals(PRINCIPAL, assertion.getPrincipal().getName());
    assertEquals(PRINCIPAL, assertion.getPrincipal().toString());
    assertEquals(NUM_ATTRIBUTES, assertion.getAttributeStatements().size());
    List<AuthenticationStatement> authnStatements = assertion.getAuthnStatements();
    assertEquals(NUM_NAUTH, authnStatements.size());
    assertEquals((long) NUM_NAUTH, authnStatements.stream().map(AuthenticationStatement::getSessionIndex).count());
    Optional<String> sessionIndex = authnStatements.stream().map(AuthenticationStatement::getSessionIndex).findFirst();
    assertTrue(sessionIndex.isPresent());
    assertEquals(SESSION_INDEX, sessionIndex.get());
    assertEquals(DatatypeConverter.parseDateTime(BEFORE).getTimeInMillis(), assertion.getNotBefore().getTime());
    assertEquals(DatatypeConverter.parseDateTime(AFTER).getTimeInMillis(), assertion.getNotOnOrAfter().getTime());
    // we don't currently parse these
    // assertEquals(NUM_AUTHZ, assertion.getAuthzDecisionStatements().size());
    assertNotNull(assertion.toString());
    assertTrue(assertion.isPresentlyValid());
}
Also used : Element(org.w3c.dom.Element) SecurityAssertionSaml(ddf.security.assertion.saml.impl.SecurityAssertionSaml) AuthenticationStatement(ddf.security.assertion.AuthenticationStatement) Test(org.junit.Test)

Example 2 with SecurityAssertionSaml

use of ddf.security.assertion.saml.impl.SecurityAssertionSaml in project ddf by codice.

the class SecurityAssertionSamlTest method testIsPresentlyValidWithNullBounds.

@Test
public void testIsPresentlyValidWithNullBounds() throws Exception {
    Element issuedAssertion = this.readDocument("/saml.xml").getDocumentElement();
    // Remove Time Bounds
    issuedAssertion.getElementsByTagName("saml2:Conditions").item(0).getAttributes().removeNamedItem("NotBefore");
    issuedAssertion.getElementsByTagName("saml2:Conditions").item(0).getAttributes().removeNamedItem("NotOnOrAfter");
    SecurityAssertionSaml assertion = getSecurityAssertion(issuedAssertion);
    assertTrue(assertion.isPresentlyValid());
}
Also used : Element(org.w3c.dom.Element) SecurityAssertionSaml(ddf.security.assertion.saml.impl.SecurityAssertionSaml) Test(org.junit.Test)

Example 3 with SecurityAssertionSaml

use of ddf.security.assertion.saml.impl.SecurityAssertionSaml in project ddf by codice.

the class LogoutRequestService method sendLogoutRequest.

@GET
@Path("/request")
public Response sendLogoutRequest(@QueryParam("EncryptedNameIdTime") String encryptedNameIdTime) {
    String nameIdTime = encryptionService.decrypt(encryptedNameIdTime);
    String[] nameIdTimeArray = StringUtils.split(nameIdTime, "\n");
    if (nameIdTimeArray.length == 2) {
        try {
            String name = nameIdTimeArray[0];
            long time = Long.parseLong(nameIdTimeArray[1]);
            if (System.currentTimeMillis() - time > logOutPageTimeOut) {
                String msg = String.format("Logout request was older than %sms old so it was rejected. Please refresh page and request again.", logOutPageTimeOut);
                LOGGER.info(msg);
                return buildLogoutResponse(msg);
            }
            Element idpSecToken = getIdpSecurityToken();
            if (idpSecToken == null) {
                LOGGER.info("Unable to logout. Please try again.");
                return buildLogoutResponse("Unable to logout. Please try again.");
            }
            // Logout removes the SAML assertion. This statement must be called before the SAML
            // assertion is removed.
            List<String> sessionIndexes = new SecurityAssertionSaml(idpSecToken).getAuthnStatements().stream().filter(Objects::nonNull).map(AuthenticationStatement::getSessionIndex).collect(Collectors.toList());
            logout();
            if (logoutMessage == null) {
                LOGGER.info("Logout message not available yet");
                return buildLogoutResponse(UNABLE_TO_CREATE_LOGOUT_REQUEST);
            }
            LogoutWrapper<LogoutRequest> logoutRequest = logoutMessage.buildLogoutRequest(name, getEntityId(), sessionIndexes);
            String relayState = relayStates.encode(name);
            return getLogoutRequest(relayState, logoutRequest);
        } catch (RuntimeException e) {
            LOGGER.info(UNABLE_TO_CREATE_LOGOUT_REQUEST, e);
            return buildLogoutResponse(UNABLE_TO_CREATE_LOGOUT_REQUEST);
        }
    } else {
        LOGGER.info(UNABLE_TO_DECRYPT_LOGOUT_REQUEST);
        return buildLogoutResponse(UNABLE_TO_DECRYPT_LOGOUT_REQUEST);
    }
}
Also used : Element(org.w3c.dom.Element) Objects(java.util.Objects) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) SecurityAssertionSaml(ddf.security.assertion.saml.impl.SecurityAssertionSaml) Path(javax.ws.rs.Path) GET(javax.ws.rs.GET)

Example 4 with SecurityAssertionSaml

use of ddf.security.assertion.saml.impl.SecurityAssertionSaml in project ddf by codice.

the class SamlAssertionValidatorImplTest method testValidateUnsignedAssertion.

@Test(expected = AuthenticationFailureException.class)
public void testValidateUnsignedAssertion() throws Exception {
    Assertion assertion = createAssertion(false, true, ISSUER, new DateTime().plusDays(3));
    Element securityToken = SAMLUtils.getInstance().getSecurityTokenFromSAMLAssertion(samlObjectToString(assertion));
    SimplePrincipalCollection simplePrincipalCollection = new SimplePrincipalCollection();
    simplePrincipalCollection.add(new SecurityAssertionSaml(securityToken), "default");
    SAMLAuthenticationToken samlAuthenticationToken = new SAMLAuthenticationToken(simplePrincipalCollection, simplePrincipalCollection, "127.0.0.1");
    samlAssertionValidator.validate(samlAuthenticationToken);
}
Also used : Element(org.w3c.dom.Element) Assertion(org.opensaml.saml.saml2.core.Assertion) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) SAMLAuthenticationToken(org.codice.ddf.security.handler.SAMLAuthenticationToken) DateTime(org.joda.time.DateTime) SecurityAssertionSaml(ddf.security.assertion.saml.impl.SecurityAssertionSaml) Test(org.junit.Test)

Example 5 with SecurityAssertionSaml

use of ddf.security.assertion.saml.impl.SecurityAssertionSaml in project ddf by codice.

the class SamlAssertionValidatorImplTest method testValidateWithHolderOfKeyAssertion.

@Test
public void testValidateWithHolderOfKeyAssertion() throws Exception {
    Assertion assertion = createHolderOfKeyAssertion();
    Element securityToken = SAMLUtils.getInstance().getSecurityTokenFromSAMLAssertion(samlObjectToString(assertion));
    SimplePrincipalCollection simplePrincipalCollection = new SimplePrincipalCollection();
    simplePrincipalCollection.add(new SecurityAssertionSaml(securityToken), "default");
    SAMLAuthenticationToken samlAuthenticationToken = new SAMLAuthenticationToken(simplePrincipalCollection, simplePrincipalCollection, "127.0.0.1");
    X509Certificate[] certs = { certificate };
    samlAuthenticationToken.setX509Certs(certs);
    samlAssertionValidator.validate(samlAuthenticationToken);
}
Also used : Element(org.w3c.dom.Element) Assertion(org.opensaml.saml.saml2.core.Assertion) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) SAMLAuthenticationToken(org.codice.ddf.security.handler.SAMLAuthenticationToken) SecurityAssertionSaml(ddf.security.assertion.saml.impl.SecurityAssertionSaml) X509Certificate(java.security.cert.X509Certificate) Test(org.junit.Test)

Aggregations

SecurityAssertionSaml (ddf.security.assertion.saml.impl.SecurityAssertionSaml)19 Element (org.w3c.dom.Element)15 Test (org.junit.Test)14 SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)10 SAMLAuthenticationToken (org.codice.ddf.security.handler.SAMLAuthenticationToken)9 Assertion (org.opensaml.saml.saml2.core.Assertion)6 DateTime (org.joda.time.DateTime)5 IOException (java.io.IOException)2 Principal (java.security.Principal)2 X509Certificate (java.security.cert.X509Certificate)2 Cookie (javax.servlet.http.Cookie)2 HandlerResultImpl (org.codice.ddf.security.handler.HandlerResultImpl)2 HandlerResult (org.codice.ddf.security.handler.api.HandlerResult)2 AuthenticationStatement (ddf.security.assertion.AuthenticationStatement)1 SecurityAssertion (ddf.security.assertion.SecurityAssertion)1 SecurityAssertionPrincipal (ddf.security.assertion.SecurityAssertionPrincipal)1 StringReader (java.io.StringReader)1 Instant (java.time.Instant)1 Objects (java.util.Objects)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1