Search in sources :

Example 1 with AuthenticationRequest

use of oidc.model.AuthenticationRequest in project OpenConext-oidcng by OpenConext.

the class ResourceCleanerTest method clean.

@Test
public void clean() throws URISyntaxException {
    Class[] classes = { User.class, UserConsent.class, AccessToken.class, RefreshToken.class, AuthorizationCode.class, AuthenticationRequest.class };
    Stream.of(classes).forEach(clazz -> mongoTemplate.remove(new Query(), clazz));
    Date expiresIn = Date.from(LocalDateTime.now().minusDays(1).atZone(ZoneId.systemDefault()).toInstant());
    Stream.of(accessToken("value", expiresIn), refreshToken(expiresIn), new AuthorizationCode("code", "sub", "clientId", emptyList(), new URI("http://redirectURI"), "codeChallenge", "codeChallengeMethod", "nonce", emptyList(), true, expiresIn), new User("nope", "unspecifiedNameId", "authenticatingAuthority", "clientId", Collections.emptyMap(), Collections.emptyList()), new AuthenticationRequest(UUID.randomUUID().toString(), expiresIn, "clientID", "http://localhost/authorize"), userConsent()).forEach(o -> mongoTemplate.insert(o));
    subject.clean();
    Stream.of(classes).forEach(clazz -> assertEquals(0, mongoTemplate.findAll(clazz).size()));
}
Also used : AuthorizationCode(oidc.model.AuthorizationCode) User(oidc.model.User) Query(org.springframework.data.mongodb.core.query.Query) AuthenticationRequest(oidc.model.AuthenticationRequest) URI(java.net.URI) Date(java.util.Date) AbstractIntegrationTest(oidc.AbstractIntegrationTest) Test(org.junit.Test) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Example 2 with AuthenticationRequest

use of oidc.model.AuthenticationRequest in project OpenConext-oidcng by OpenConext.

the class ConcurrentSavedRequestAwareAuthenticationSuccessHandler method onAuthenticationSuccess.

@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
    OidcSamlAuthentication samlAuthentication = (OidcSamlAuthentication) authentication;
    AuthenticationRequest authenticationRequest = authenticationRequestRepository.findById(samlAuthentication.getAuthenticationRequestID()).orElseThrow(() -> new IllegalArgumentException("No Authentication Request found for ID: " + samlAuthentication.getAuthenticationRequestID()));
    String originalRequestUrl = authenticationRequest.getOriginalRequestUrl();
    getRedirectStrategy().sendRedirect(request, response, originalRequestUrl);
}
Also used : AuthenticationRequest(oidc.model.AuthenticationRequest) OidcSamlAuthentication(oidc.user.OidcSamlAuthentication)

Example 3 with AuthenticationRequest

use of oidc.model.AuthenticationRequest in project OpenConext-oidcng by OpenConext.

the class ResponseAuthenticationConverter method buildUser.

private User buildUser(Assertion assertion, String authenticationRequestID) {
    List<AuthnStatement> authnStatements = assertion.getAuthnStatements();
    AtomicReference<String> authenticatingAuthority = new AtomicReference<>();
    if (!CollectionUtils.isEmpty(authnStatements)) {
        authnStatements.stream().map(as -> as.getAuthnContext().getAuthenticatingAuthorities()).flatMap(List::stream).findAny().ifPresent(aa -> authenticatingAuthority.set(aa.getURI()));
    }
    // need to prevent NullPointer in HashMap merge
    Map<String, Object> attributes = userAttributes.stream().filter(ua -> !ua.customMapping).map(ua -> new Object[] { ua.oidc, ua.multiValue ? getAttributeValues(ua.saml, assertion) : getAttributeValue(ua.saml, assertion) }).filter(oo -> oo[1] != null).collect(Collectors.toMap(oo -> (String) oo[0], oo -> oo[1]));
    this.addDerivedAttributes(attributes);
    AuthenticationRequest authenticationRequest = authenticationRequestRepository.findById(authenticationRequestID).orElseThrow(() -> new IllegalArgumentException("No Authentication Request found for ID: " + authenticationRequestID));
    String clientId = authenticationRequest.getClientId();
    String nameId = assertion.getSubject().getNameID().getValue();
    String eduPersonTargetedId = getAttributeValue("urn:mace:dir:attribute-def:eduPersonTargetedID", assertion);
    String collabPersonId = getAttributeValue("urn:mace:surf.nl:attribute-def:internal-collabPersonId", assertion);
    String sub;
    if (StringUtils.hasText(collabPersonId)) {
        sub = nameId;
        nameId = collabPersonId;
    } else if (StringUtils.hasText(eduPersonTargetedId)) {
        sub = eduPersonTargetedId;
    } else {
        sub = UUID.nameUUIDFromBytes((nameId + "_" + clientId).getBytes()).toString();
    }
    attributes.put("sub", sub);
    List<String> acrClaims = assertion.getAuthnStatements().stream().map(authenticationStatement -> authenticationContextClassReference(authenticationStatement.getAuthnContext().getAuthnContextClassRef())).filter(Optional::isPresent).map(Optional::get).collect(toList());
    return new User(sub, nameId, authenticatingAuthority.get(), clientId, attributes, acrClaims);
}
Also used : java.util(java.util) User(oidc.model.User) OidcSamlAuthentication(oidc.user.OidcSamlAuthentication) OpenSaml4AuthenticationProvider(org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider) org.opensaml.core.xml.schema(org.opensaml.core.xml.schema) AtomicReference(java.util.concurrent.atomic.AtomicReference) Matcher(java.util.regex.Matcher) TypeReference(com.fasterxml.jackson.core.type.TypeReference) XMLObject(org.opensaml.core.xml.XMLObject) UserAttribute(oidc.user.UserAttribute) Resource(org.springframework.core.io.Resource) Converter(org.springframework.core.convert.converter.Converter) Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication) SessionAuthenticationException(org.springframework.security.web.authentication.session.SessionAuthenticationException) org.opensaml.saml.saml2.core(org.opensaml.saml.saml2.core) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) IOException(java.io.IOException) Collectors(java.util.stream.Collectors) AuthenticationRequestRepository(oidc.repository.AuthenticationRequestRepository) UserRepository(oidc.repository.UserRepository) Collectors.toList(java.util.stream.Collectors.toList) AuthenticationRequest(oidc.model.AuthenticationRequest) CollectionUtils(org.springframework.util.CollectionUtils) Log(org.apache.commons.logging.Log) LogFactory(org.apache.commons.logging.LogFactory) Pattern(java.util.regex.Pattern) StringUtils(org.springframework.util.StringUtils) User(oidc.model.User) AtomicReference(java.util.concurrent.atomic.AtomicReference) Collectors.toList(java.util.stream.Collectors.toList) XMLObject(org.opensaml.core.xml.XMLObject) AuthenticationRequest(oidc.model.AuthenticationRequest)

Example 4 with AuthenticationRequest

use of oidc.model.AuthenticationRequest in project OpenConext-oidcng by OpenConext.

the class ResponseAuthenticationConverterTest method login.

@Test
public void login() throws XMLParserException, UnmarshallingException, IOException, ClassNotFoundException, NoSuchMethodException, IllegalAccessException, InvocationTargetException, InstantiationException {
    when(authenticationRequestRepository.findById(anyString())).thenReturn(Optional.of(new AuthenticationRequest("id", new Date(), "clientId", "http://some")));
    OidcSamlAuthentication oidcSamlAuthentication = doLogin("saml/authn_response.xml");
    User user = oidcSamlAuthentication.getUser();
    String sub = user.getSub();
    assertEquals("270E4CB4-1C2A-4A96-9AD3-F28C39AD1110", sub);
    assertEquals("urn:collab:person:example.com:admin", oidcSamlAuthentication.getName());
    assertEquals(3, ((List) user.getAttributes().get("eduperson_affiliation")).size());
}
Also used : User(oidc.model.User) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) AuthenticationRequest(oidc.model.AuthenticationRequest) Date(java.util.Date) OidcSamlAuthentication(oidc.user.OidcSamlAuthentication) Test(org.junit.Test)

Example 5 with AuthenticationRequest

use of oidc.model.AuthenticationRequest in project OpenConext-oidcng by OpenConext.

the class ResponseAuthenticationConverterTest method loginWithNoAuthnContext.

@Test
public void loginWithNoAuthnContext() throws XMLParserException, UnmarshallingException, IOException, ClassNotFoundException, NoSuchMethodException, IllegalAccessException, InvocationTargetException, InstantiationException {
    when(authenticationRequestRepository.findById(anyString())).thenReturn(Optional.of(new AuthenticationRequest("id", new Date(), "clientId", "http://some")));
    OidcSamlAuthentication oidcSamlAuthentication = doLogin("saml/no_authn_context_response.xml");
    assertEquals("urn:collab:person:example.com:admin", oidcSamlAuthentication.getName());
    List<String> acrClaims = oidcSamlAuthentication.getUser().getAcrClaims();
    assertEquals(1, acrClaims.size());
    assertEquals("urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified", acrClaims.get(0));
}
Also used : ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) AuthenticationRequest(oidc.model.AuthenticationRequest) Date(java.util.Date) OidcSamlAuthentication(oidc.user.OidcSamlAuthentication) Test(org.junit.Test)

Aggregations

AuthenticationRequest (oidc.model.AuthenticationRequest)10 Date (java.util.Date)8 OidcSamlAuthentication (oidc.user.OidcSamlAuthentication)7 Test (org.junit.Test)7 User (oidc.model.User)3 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)3 URI (java.net.URI)2 AuthenticationRequestRepository (oidc.repository.AuthenticationRequestRepository)2 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2 OpenSaml4AuthenticationProvider (org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider)2 TypeReference (com.fasterxml.jackson.core.type.TypeReference)1 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1 IOException (java.io.IOException)1 java.util (java.util)1 AtomicReference (java.util.concurrent.atomic.AtomicReference)1 Matcher (java.util.regex.Matcher)1 Pattern (java.util.regex.Pattern)1 Collectors (java.util.stream.Collectors)1 Collectors.toList (java.util.stream.Collectors.toList)1 AbstractIntegrationTest (oidc.AbstractIntegrationTest)1