Example 1 with SAML2SPService
use of org.apache.syncope.common.rest.api.service.SAML2SPService in project syncope by apache.
the class SAML2ITCase method spMetadata.
@Test
public void spMetadata() {
assumeTrue(SAML2SPDetector.isSAML2SPAvailable());
try {
SAML2SPService service = anonymous.getService(SAML2SPService.class);
WebClient.client(service).accept(MediaType.APPLICATION_XML_TYPE);
Response response = service.getMetadata(ADDRESS, "saml2sp");
assertNotNull(response);
Document responseDoc = StaxUtils.read(new InputStreamReader((InputStream) response.getEntity(), StandardCharsets.UTF_8));
assertEquals("EntityDescriptor", responseDoc.getDocumentElement().getLocalName());
assertEquals("urn:oasis:names:tc:SAML:2.0:metadata", responseDoc.getDocumentElement().getNamespaceURI());
// Get the signature
QName signatureQName = new QName(SignatureConstants.XMLSIG_NS, "Signature");
Element signatureElement = DOMUtils.getFirstChildWithName(responseDoc.getDocumentElement(), signatureQName);
assertNotNull(signatureElement);
// Validate the signature
XMLSignature signature = new XMLSignature(signatureElement, null);
KeyStore keystore = KeyStore.getInstance("JKS");
keystore.load(Loader.getResourceAsStream("keystore"), "changeit".toCharArray());
assertTrue(signature.checkSignatureValue((X509Certificate) keystore.getCertificate("sp")));
} catch (Exception e) {
LOG.error("During SAML 2.0 SP metadata parsing", e);
fail(e.getMessage());
}
}
Also used :
SAML2SPService(org.apache.syncope.common.rest.api.service.SAML2SPService)
Response(javax.ws.rs.core.Response)
InputStreamReader(java.io.InputStreamReader)
InputStream(java.io.InputStream)
QName(javax.xml.namespace.QName)
XMLSignature(org.apache.xml.security.signature.XMLSignature)
Element(org.w3c.dom.Element)
Document(org.w3c.dom.Document)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException)
Test(org.junit.jupiter.api.Test)
Example 2 with SAML2SPService
use of org.apache.syncope.common.rest.api.service.SAML2SPService in project syncope by apache.
the class SAML2ITCase method validateIdpInitiatedLoginResponseFailure.
// Make sure that the IdP initiated case is only supported when "supportUnsolicited" is true for that IdP
@Test
public void validateIdpInitiatedLoginResponseFailure() throws Exception {
assumeTrue(SAML2SPDetector.isSAML2SPAvailable());
SAML2SPService saml2Service = anonymous.getService(SAML2SPService.class);
// Create a SAML Response using WSS4J
SAML2ReceivedResponseTO response = new SAML2ReceivedResponseTO();
response.setSpEntityID("http://recipient.apache.org/");
response.setUrlContext("saml2sp");
org.opensaml.saml.saml2.core.Response samlResponse = createResponse(null, true, SAML2Constants.CONF_BEARER, "urn:org:apache:cxf:fediz:idp:realm-A");
Document doc = DOMUtils.newDocument();
Element responseElement = OpenSAMLUtil.toDom(samlResponse, doc);
String responseStr = DOM2Writer.nodeToString(responseElement);
// Validate the SAML Response
response.setSamlResponse(Base64.getEncoder().encodeToString(responseStr.getBytes()));
response.setRelayState("idpInitiated");
try {
saml2Service.validateLoginResponse(response);
fail("Failure expected on an unsolicited login");
} catch (SyncopeClientException e) {
assertNotNull(e);
}
}
Also used :
SAML2SPService(org.apache.syncope.common.rest.api.service.SAML2SPService)
SAML2ReceivedResponseTO(org.apache.syncope.common.lib.to.SAML2ReceivedResponseTO)
Element(org.w3c.dom.Element)
SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException)
Document(org.w3c.dom.Document)
Test(org.junit.jupiter.api.Test)
Example 3 with SAML2SPService
use of org.apache.syncope.common.rest.api.service.SAML2SPService in project syncope by apache.
the class SAML2ITCase method validateIdpInitiatedLoginResponse.
@Test
public void validateIdpInitiatedLoginResponse() throws Exception {
assumeTrue(SAML2SPDetector.isSAML2SPAvailable());
SAML2SPService saml2Service = anonymous.getService(SAML2SPService.class);
// Create a SAML Response using WSS4J
SAML2ReceivedResponseTO response = new SAML2ReceivedResponseTO();
response.setSpEntityID("http://recipient.apache.org/");
response.setUrlContext("saml2sp");
org.opensaml.saml.saml2.core.Response samlResponse = createResponse(null, true, SAML2Constants.CONF_BEARER, "urn:org:apache:cxf:fediz:idp:realm-B");
Document doc = DOMUtils.newDocument();
Element responseElement = OpenSAMLUtil.toDom(samlResponse, doc);
String responseStr = DOM2Writer.nodeToString(responseElement);
// Validate the SAML Response
response.setSamlResponse(Base64.getEncoder().encodeToString(responseStr.getBytes()));
response.setRelayState("idpInitiated");
SAML2LoginResponseTO loginResponse = saml2Service.validateLoginResponse(response);
assertNotNull(loginResponse.getAccessToken());
assertEquals("puccini", loginResponse.getNameID());
}
Also used :
SAML2SPService(org.apache.syncope.common.rest.api.service.SAML2SPService)
SAML2LoginResponseTO(org.apache.syncope.common.lib.to.SAML2LoginResponseTO)
SAML2ReceivedResponseTO(org.apache.syncope.common.lib.to.SAML2ReceivedResponseTO)
Element(org.w3c.dom.Element)
Document(org.w3c.dom.Document)
Test(org.junit.jupiter.api.Test)
Example 4 with SAML2SPService
use of org.apache.syncope.common.rest.api.service.SAML2SPService in project syncope by apache.
the class Metadata method doGet.
@Override
protected void doGet(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
SyncopeClient anonymous = (SyncopeClient) request.getServletContext().getAttribute(Constants.SYNCOPE_ANONYMOUS_CLIENT);
SAML2SPService service = anonymous.getService(SAML2SPService.class);
WebClient.client(service).accept(MediaType.APPLICATION_XML_TYPE).type(MediaType.APPLICATION_XML_TYPE);
try {
Response metadataResponse = service.getMetadata(StringUtils.substringBefore(request.getRequestURL().toString(), "/saml2sp"), "saml2sp");
response.setContentType(metadataResponse.getMediaType().toString());
IOUtils.copy((InputStream) metadataResponse.getEntity(), response.getOutputStream());
((InputStream) metadataResponse.getEntity()).close();
} catch (Exception e) {
throw new ServletException(e.getMessage());
}
}
Also used :
SAML2SPService(org.apache.syncope.common.rest.api.service.SAML2SPService)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Response(javax.ws.rs.core.Response)
ServletException(javax.servlet.ServletException)
InputStream(java.io.InputStream)
SyncopeClient(org.apache.syncope.client.lib.SyncopeClient)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
Example 5 with SAML2SPService
use of org.apache.syncope.common.rest.api.service.SAML2SPService in project syncope by apache.
the class SAML2ITCase method unsignedAssertionInLoginResponse.
@Test
public void unsignedAssertionInLoginResponse() throws Exception {
assumeTrue(SAML2SPDetector.isSAML2SPAvailable());
// Get a valid login request for the Fediz realm
SAML2SPService saml2Service = anonymous.getService(SAML2SPService.class);
SAML2RequestTO loginRequest = saml2Service.createLoginRequest(ADDRESS, "urn:org:apache:cxf:fediz:idp:realm-A");
assertNotNull(loginRequest);
SAML2ReceivedResponseTO response = new SAML2ReceivedResponseTO();
response.setSpEntityID("http://recipient.apache.org/");
response.setUrlContext("saml2sp");
response.setRelayState(loginRequest.getRelayState());
// Create a SAML Response using WSS4J
JwsJwtCompactConsumer relayState = new JwsJwtCompactConsumer(response.getRelayState());
String inResponseTo = relayState.getJwtClaims().getSubject();
org.opensaml.saml.saml2.core.Response samlResponse = createResponse(inResponseTo, false, SAML2Constants.CONF_SENDER_VOUCHES, "urn:org:apache:cxf:fediz:idp:realm-A");
Document doc = DOMUtils.newDocument();
Element responseElement = OpenSAMLUtil.toDom(samlResponse, doc);
String responseStr = DOM2Writer.nodeToString(responseElement);
// Validate the SAML Response
response.setSamlResponse(Base64.getEncoder().encodeToString(responseStr.getBytes()));
try {
saml2Service.validateLoginResponse(response);
fail("Failure expected on an unsigned Assertion");
} catch (SyncopeClientException e) {
assertNotNull(e);
}
}
Also used :
SAML2SPService(org.apache.syncope.common.rest.api.service.SAML2SPService)
SAML2RequestTO(org.apache.syncope.common.lib.to.SAML2RequestTO)
SAML2ReceivedResponseTO(org.apache.syncope.common.lib.to.SAML2ReceivedResponseTO)
Element(org.w3c.dom.Element)
SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException)
JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)
Document(org.w3c.dom.Document)
Test(org.junit.jupiter.api.Test)
Aggregations
SAML2SPService (org.apache.syncope.common.rest.api.service.SAML2SPService)7
Test (org.junit.jupiter.api.Test)6
Document (org.w3c.dom.Document)6
Element (org.w3c.dom.Element)6
SyncopeClientException (org.apache.syncope.common.lib.SyncopeClientException)5
SAML2ReceivedResponseTO (org.apache.syncope.common.lib.to.SAML2ReceivedResponseTO)5
JwsJwtCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)3
SAML2RequestTO (org.apache.syncope.common.lib.to.SAML2RequestTO)3
InputStream (java.io.InputStream)2
Response (javax.ws.rs.core.Response)2
SAML2LoginResponseTO (org.apache.syncope.common.lib.to.SAML2LoginResponseTO)2
IOException (java.io.IOException)1
InputStreamReader (java.io.InputStreamReader)1
KeyStore (java.security.KeyStore)1
X509Certificate (java.security.cert.X509Certificate)1
ServletException (javax.servlet.ServletException)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
QName (javax.xml.namespace.QName)1
SyncopeClient (org.apache.syncope.client.lib.SyncopeClient)1
XMLSignature (org.apache.xml.security.signature.XMLSignature)1
