Example 31 with SAMLCallback
use of org.apache.wss4j.common.saml.SAMLCallback in project cxf by apache.
the class JAXRSOAuth2Test method testSAMLBadSubjectName.
@Test
public void testSAMLBadSubjectName() throws Exception {
String address = "https://localhost:" + port + "/oauth2-auth/token";
WebClient wc = createWebClient(address);
String audienceURI = "https://localhost:" + port + "/oauth2-auth/token";
// Create the SAML Assertion
SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(true);
samlCallbackHandler.setSubjectName("bob");
samlCallbackHandler.setAudience(audienceURI);
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
if (samlCallback.isSignAssertion()) {
samlAssertion.signAssertion(samlCallback.getIssuerKeyName(), samlCallback.getIssuerKeyPassword(), samlCallback.getIssuerCrypto(), samlCallback.isSendKeyValue(), samlCallback.getCanonicalizationAlgorithm(), samlCallback.getSignatureAlgorithm());
}
String assertion = samlAssertion.assertionToString();
String encodedAssertion = Base64UrlUtility.encode(assertion);
Map<String, String> extraParams = new HashMap<>();
extraParams.put(Constants.CLIENT_AUTH_ASSERTION_TYPE, Constants.CLIENT_AUTH_SAML2_BEARER);
extraParams.put(Constants.CLIENT_AUTH_ASSERTION_PARAM, encodedAssertion);
try {
OAuthClientUtils.getAccessToken(wc, new CustomGrant(), extraParams);
fail("Failure expected on a bad subject name");
} catch (OAuthServiceException ex) {
// expected
}
}
Also used :
SamlCallbackHandler(org.apache.cxf.systest.jaxrs.security.oauth2.common.SamlCallbackHandler)
HashMap(java.util.HashMap)
OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback)
WebClient(org.apache.cxf.jaxrs.client.WebClient)
Test(org.junit.Test)
Example 32 with SAMLCallback
use of org.apache.wss4j.common.saml.SAMLCallback in project testcases by coheigea.
the class SAMLClientAuthenticationTest method createToken.
private String createToken(String audRestr, boolean saml2, boolean sign) throws WSSecurityException {
SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(saml2);
samlCallbackHandler.setSignAssertion(sign);
ConditionsBean conditions = new ConditionsBean();
AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
audienceRestriction.setAudienceURIs(Collections.singletonList(audRestr));
conditions.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
samlCallbackHandler.setConditions(conditions);
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
if (samlCallback.isSignAssertion()) {
samlAssertion.signAssertion(samlCallback.getIssuerKeyName(), samlCallback.getIssuerKeyPassword(), samlCallback.getIssuerCrypto(), samlCallback.isSendKeyValue(), samlCallback.getCanonicalizationAlgorithm(), samlCallback.getSignatureAlgorithm());
}
return samlAssertion.assertionToString();
}
Also used :
AudienceRestrictionBean(org.apache.wss4j.common.saml.bean.AudienceRestrictionBean)
ConditionsBean(org.apache.wss4j.common.saml.bean.ConditionsBean)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback)
Example 33 with SAMLCallback
use of org.apache.wss4j.common.saml.SAMLCallback in project testcases by coheigea.
the class SAMLAuthorizationGrantTest method createToken.
private String createToken(String audRestr, boolean saml2, boolean sign) throws WSSecurityException {
SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(saml2);
samlCallbackHandler.setSignAssertion(sign);
ConditionsBean conditions = new ConditionsBean();
AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
audienceRestriction.setAudienceURIs(Collections.singletonList(audRestr));
conditions.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
samlCallbackHandler.setConditions(conditions);
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
if (samlCallback.isSignAssertion()) {
samlAssertion.signAssertion(samlCallback.getIssuerKeyName(), samlCallback.getIssuerKeyPassword(), samlCallback.getIssuerCrypto(), samlCallback.isSendKeyValue(), samlCallback.getCanonicalizationAlgorithm(), samlCallback.getSignatureAlgorithm());
}
return samlAssertion.assertionToString();
}
Also used :
AudienceRestrictionBean(org.apache.wss4j.common.saml.bean.AudienceRestrictionBean)
ConditionsBean(org.apache.wss4j.common.saml.bean.ConditionsBean)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback)
Example 34 with SAMLCallback
use of org.apache.wss4j.common.saml.SAMLCallback in project testcases by coheigea.
the class SamlCallbackHandler method handle.
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof SAMLCallback) {
SAMLCallback callback = (SAMLCallback) callbacks[i];
if (saml2) {
callback.setSamlVersion(Version.SAML_20);
} else {
callback.setSamlVersion(Version.SAML_11);
}
if (conditions != null) {
callback.setConditions(conditions);
}
callback.setIssuer("sts");
if (!saml2 && SAML2Constants.CONF_SENDER_VOUCHES.equals(confirmationMethod)) {
confirmationMethod = SAML1Constants.CONF_SENDER_VOUCHES;
}
SubjectBean subjectBean = new SubjectBean(subjectName, null, confirmationMethod);
if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod) || SAML1Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
try {
KeyInfoBean keyInfo = createKeyInfo();
subjectBean.setKeyInfo(keyInfo);
} catch (Exception ex) {
throw new IOException("Problem creating KeyInfo: " + ex.getMessage());
}
}
callback.setSubject(subjectBean);
AttributeStatementBean attrBean = new AttributeStatementBean();
attrBean.setSubject(subjectBean);
AttributeBean attributeBean = new AttributeBean();
if (saml2) {
attributeBean.setQualifiedName("subject-role");
} else {
attributeBean.setSimpleName("subject-role");
attributeBean.setQualifiedName("http://custom-ns");
}
attributeBean.addAttributeValue("system-user");
attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
callback.setAttributeStatementData(Collections.singletonList(attrBean));
callback.setSignatureAlgorithm(signatureAlgorithm);
callback.setSignatureDigestAlgorithm(digestAlgorithm);
try {
Crypto crypto = CryptoFactory.getInstance(cryptoPropertiesFile);
callback.setIssuerCrypto(crypto);
callback.setIssuerKeyName(cryptoAlias);
callback.setIssuerKeyPassword(cryptoPassword);
callback.setSignAssertion(signAssertion);
} catch (WSSecurityException e) {
throw new IOException(e);
}
}
}
}
Also used :
SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean)
KeyInfoBean(org.apache.wss4j.common.saml.bean.KeyInfoBean)
AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean)
Crypto(org.apache.wss4j.common.crypto.Crypto)
SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
IOException(java.io.IOException)
AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
IOException(java.io.IOException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Example 35 with SAMLCallback
use of org.apache.wss4j.common.saml.SAMLCallback in project testcases by coheigea.
the class SamlSso method createResponse.
private Element createResponse(String requestID, String racs, String requestIssuer) throws Exception {
DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder();
Document doc = docBuilder.newDocument();
Status status = SAML2PResponseComponentBuilder.createStatus("urn:oasis:names:tc:SAML:2.0:status:Success", null);
Response response = SAML2PResponseComponentBuilder.createSAMLResponse(requestID, issuer, status);
// Create an AuthenticationAssertion
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
callbackHandler.setIssuer(issuer);
String user = messageContext.getSecurityContext().getUserPrincipal().getName();
callbackHandler.setSubjectName(user);
// Subject Confirmation Data
SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
subjectConfirmationData.setAddress(messageContext.getHttpServletRequest().getRemoteAddr());
subjectConfirmationData.setInResponseTo(requestID);
subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
subjectConfirmationData.setRecipient(racs);
callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
// Audience Restriction
ConditionsBean conditions = new ConditionsBean();
conditions.setTokenPeriodMinutes(5);
AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
audienceRestriction.setAudienceURIs(Collections.singletonList(requestIssuer));
conditions.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callbackHandler.setConditions(conditions);
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
Crypto issuerCrypto = CryptoFactory.getInstance("stsKeystore.properties");
assertion.signAssertion("mystskey", "stskpass", issuerCrypto, false);
response.getAssertions().add(assertion.getSaml2());
Element policyElement = OpenSAMLUtil.toDom(response, doc);
doc.appendChild(policyElement);
return policyElement;
}
Also used :
Status(org.opensaml.saml.saml2.core.Status)
AudienceRestrictionBean(org.apache.wss4j.common.saml.bean.AudienceRestrictionBean)
Element(org.w3c.dom.Element)
ConditionsBean(org.apache.wss4j.common.saml.bean.ConditionsBean)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
Document(org.w3c.dom.Document)
DateTime(org.joda.time.DateTime)
Response(org.opensaml.saml.saml2.core.Response)
Crypto(org.apache.wss4j.common.crypto.Crypto)
DocumentBuilder(javax.xml.parsers.DocumentBuilder)
SubjectConfirmationDataBean(org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean)
SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback)
Aggregations
SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)60
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)40
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)25
Document (org.w3c.dom.Document)25
Crypto (org.apache.wss4j.common.crypto.Crypto)23
Element (org.w3c.dom.Element)23
Status (org.opensaml.saml.saml2.core.Status)20
Response (org.opensaml.saml.saml2.core.Response)19
SubjectBean (org.apache.wss4j.common.saml.bean.SubjectBean)18
AttributeBean (org.apache.wss4j.common.saml.bean.AttributeBean)15
IOException (java.io.IOException)13
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)13
AttributeStatementBean (org.apache.wss4j.common.saml.bean.AttributeStatementBean)13
KeyInfoBean (org.apache.wss4j.common.saml.bean.KeyInfoBean)11
DateTime (org.joda.time.DateTime)11
AudienceRestrictionBean (org.apache.wss4j.common.saml.bean.AudienceRestrictionBean)9
ConditionsBean (org.apache.wss4j.common.saml.bean.ConditionsBean)9
InputStream (java.io.InputStream)8
KeyStore (java.security.KeyStore)8
Merlin (org.apache.wss4j.common.crypto.Merlin)8
