Examples with SamlAssertionWrapper org.apache.wss4j.common.saml.SamlAssertionWrapper used on opensource projects

Search in sources :

Example 66 with SamlAssertionWrapper

use of org.apache.wss4j.common.saml.SamlAssertionWrapper in project cxf by apache.

the class SamlTokenTest method testSaml2TokenWithRolesSingleValue.

/**
 * This test creates a SAML2 Assertion and sends it in the security header to the provider.
 * An attribute is created per role. There are several attributes with the same name.
 */
@Test
public void testSaml2TokenWithRolesSingleValue() throws Exception {
    Map<String, Object> outProperties = new HashMap<>();
    outProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_UNSIGNED);
    outProperties.put(ConfigurationConstants.SIG_KEY_ID, "DirectReference");
    outProperties.put(ConfigurationConstants.USER, "alice");
    outProperties.put("password", "password");
    outProperties.put(ConfigurationConstants.SIG_PROP_FILE, "alice.properties");
    SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler(false);
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
    callbackHandler.setSignAssertion(true);
    callbackHandler.setStatement(Statement.ATTR);
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
    outProperties.put(ConfigurationConstants.SAML_CALLBACK_REF, callbackHandler);
    Map<String, Object> inProperties = new HashMap<>();
    inProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_SIGNED);
    inProperties.put(ConfigurationConstants.SIG_VER_PROP_FILE, "insecurity.properties");
    final Map<QName, Object> customMap = new HashMap<>();
    CustomSamlValidator validator = new CustomSamlValidator();
    validator.setRequireSAML1Assertion(false);
    validator.setRequireSenderVouches(false);
    validator.setRequireBearer(true);
    customMap.put(WSConstants.SAML_TOKEN, validator);
    customMap.put(WSConstants.SAML2_TOKEN, validator);
    inProperties.put(WSS4JInInterceptor.VALIDATOR_MAP, customMap);
    List<String> xpaths = new ArrayList<>();
    xpaths.add("//wsse:Security");
    xpaths.add("//wsse:Security/saml2:Assertion");
    Map<String, String> inMessageProperties = new HashMap<>();
    inMessageProperties.put(SecurityConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION, "false");
    Message message = makeInvocation(outProperties, xpaths, inProperties, inMessageProperties);
    final List<WSHandlerResult> handlerResults = CastUtils.cast((List<?>) message.get(WSHandlerConstants.RECV_RESULTS));
    SecurityContext sc = message.get(SecurityContext.class);
    assertNotNull(sc);
    assertTrue(sc.isUserInRole("user"));
    assertTrue(sc.isUserInRole("admin"));
    WSSecurityEngineResult actionResult = handlerResults.get(0).getActionResults().get(WSConstants.ST_SIGNED).get(0);
    SamlAssertionWrapper receivedAssertion = (SamlAssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
    assertTrue(receivedAssertion != null && receivedAssertion.getSaml2() != null);
    assertTrue(receivedAssertion.isSigned());
}
Also used : Message(org.apache.cxf.message.Message) SoapMessage(org.apache.cxf.binding.soap.SoapMessage) SOAPMessage(javax.xml.soap.SOAPMessage) HashMap(java.util.HashMap) QName(javax.xml.namespace.QName) ArrayList(java.util.ArrayList) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult) SecurityContext(org.apache.cxf.security.SecurityContext) AbstractSecurityTest(org.apache.cxf.ws.security.wss4j.AbstractSecurityTest) Test(org.junit.Test)

Example 67 with SamlAssertionWrapper

use of org.apache.wss4j.common.saml.SamlAssertionWrapper in project cxf by apache.

the class SamlTokenTest method testSaml1Token.

private SecurityContext testSaml1Token(boolean allowUnsignedPrincipal) throws Exception {
    Map<String, Object> outProperties = new HashMap<>();
    outProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_UNSIGNED);
    outProperties.put(ConfigurationConstants.SAML_CALLBACK_REF, new SAML1CallbackHandler());
    Map<String, Object> inProperties = new HashMap<>();
    inProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_UNSIGNED);
    final Map<QName, Object> customMap = new HashMap<>();
    CustomSamlValidator validator = new CustomSamlValidator();
    customMap.put(WSConstants.SAML_TOKEN, validator);
    customMap.put(WSConstants.SAML2_TOKEN, validator);
    inProperties.put(WSS4JInInterceptor.VALIDATOR_MAP, customMap);
    List<String> xpaths = new ArrayList<>();
    xpaths.add("//wsse:Security");
    xpaths.add("//wsse:Security/saml1:Assertion");
    Map<String, String> inMessageProperties = new HashMap<>();
    if (allowUnsignedPrincipal) {
        inMessageProperties.put(SecurityConstants.ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL, "true");
    }
    inMessageProperties.put(SecurityConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION, "false");
    Message message = makeInvocation(outProperties, xpaths, inProperties, inMessageProperties);
    final List<WSHandlerResult> handlerResults = CastUtils.cast((List<?>) message.get(WSHandlerConstants.RECV_RESULTS));
    WSSecurityEngineResult actionResult = handlerResults.get(0).getActionResults().get(WSConstants.ST_UNSIGNED).get(0);
    SamlAssertionWrapper receivedAssertion = (SamlAssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
    assertTrue(receivedAssertion != null && receivedAssertion.getSaml1() != null);
    assert !receivedAssertion.isSigned();
    return message.get(SecurityContext.class);
}
Also used : Message(org.apache.cxf.message.Message) SoapMessage(org.apache.cxf.binding.soap.SoapMessage) SOAPMessage(javax.xml.soap.SOAPMessage) HashMap(java.util.HashMap) QName(javax.xml.namespace.QName) ArrayList(java.util.ArrayList) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)

Example 68 with SamlAssertionWrapper

use of org.apache.wss4j.common.saml.SamlAssertionWrapper in project cxf by apache.

the class SamlTokenTest method testSaml2TokenWithRoles.

/**
 * This test creates a SAML2 Assertion and sends it in the security header to the provider.
 * An single attribute is created for the roles but multiple attribute value elements.
 */
@Test
public void testSaml2TokenWithRoles() throws Exception {
    Map<String, Object> outProperties = new HashMap<>();
    outProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_UNSIGNED);
    outProperties.put(ConfigurationConstants.SIG_KEY_ID, "DirectReference");
    outProperties.put(ConfigurationConstants.USER, "alice");
    outProperties.put("password", "password");
    outProperties.put(ConfigurationConstants.SIG_PROP_FILE, "alice.properties");
    SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
    callbackHandler.setSignAssertion(true);
    callbackHandler.setStatement(Statement.ATTR);
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
    outProperties.put(ConfigurationConstants.SAML_CALLBACK_REF, callbackHandler);
    Map<String, Object> inProperties = new HashMap<>();
    inProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_SIGNED);
    inProperties.put(ConfigurationConstants.SIG_VER_PROP_FILE, "insecurity.properties");
    final Map<QName, Object> customMap = new HashMap<>();
    CustomSamlValidator validator = new CustomSamlValidator();
    validator.setRequireSAML1Assertion(false);
    validator.setRequireSenderVouches(false);
    validator.setRequireBearer(true);
    customMap.put(WSConstants.SAML_TOKEN, validator);
    customMap.put(WSConstants.SAML2_TOKEN, validator);
    inProperties.put(WSS4JInInterceptor.VALIDATOR_MAP, customMap);
    List<String> xpaths = new ArrayList<>();
    xpaths.add("//wsse:Security");
    xpaths.add("//wsse:Security/saml2:Assertion");
    Map<String, String> inMessageProperties = new HashMap<>();
    inMessageProperties.put(SecurityConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION, "false");
    Message message = makeInvocation(outProperties, xpaths, inProperties, inMessageProperties);
    final List<WSHandlerResult> handlerResults = CastUtils.cast((List<?>) message.get(WSHandlerConstants.RECV_RESULTS));
    SecurityContext sc = message.get(SecurityContext.class);
    assertNotNull(sc);
    assertTrue(sc.isUserInRole("user"));
    assertTrue(sc.isUserInRole("admin"));
    WSSecurityEngineResult actionResult = handlerResults.get(0).getActionResults().get(WSConstants.ST_SIGNED).get(0);
    SamlAssertionWrapper receivedAssertion = (SamlAssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
    assertTrue(receivedAssertion != null && receivedAssertion.getSaml2() != null);
    assertTrue(receivedAssertion.isSigned());
}
Also used : Message(org.apache.cxf.message.Message) SoapMessage(org.apache.cxf.binding.soap.SoapMessage) SOAPMessage(javax.xml.soap.SOAPMessage) HashMap(java.util.HashMap) QName(javax.xml.namespace.QName) ArrayList(java.util.ArrayList) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult) SecurityContext(org.apache.cxf.security.SecurityContext) AbstractSecurityTest(org.apache.cxf.ws.security.wss4j.AbstractSecurityTest) Test(org.junit.Test)

Example 69 with SamlAssertionWrapper

use of org.apache.wss4j.common.saml.SamlAssertionWrapper in project cxf by apache.

the class AuthorizationGrantNegativeTest method testSAMLHolderOfKey.

@org.junit.Test
public void testSAMLHolderOfKey() throws Exception {
    URL busFile = AuthorizationGrantNegativeTest.class.getResource("client.xml");
    String address = "https://localhost:" + PORT + "/services/";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
    // Create the SAML Assertion
    SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(true);
    samlCallbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
    samlCallbackHandler.setAudience(address + "token");
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
    SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
    samlAssertion.signAssertion(samlCallback.getIssuerKeyName(), samlCallback.getIssuerKeyPassword(), samlCallback.getIssuerCrypto(), samlCallback.isSendKeyValue(), samlCallback.getCanonicalizationAlgorithm(), samlCallback.getSignatureAlgorithm());
    String assertion = samlAssertion.assertionToString();
    // Get Access Token
    client.type("application/x-www-form-urlencoded").accept("application/json");
    client.path("token");
    Form form = new Form();
    form.param("grant_type", "urn:ietf:params:oauth:grant-type:saml2-bearer");
    form.param("assertion", Base64UrlUtility.encode(assertion));
    form.param("client_id", "consumer-id");
    try {
        Response response = client.post(form);
        response.readEntity(ClientAccessToken.class);
        fail("Failure expected on an incorrect subject confirmation method");
    } catch (Exception ex) {
    // expected
    }
}
Also used : Response(javax.ws.rs.core.Response) SamlCallbackHandler(org.apache.cxf.systest.jaxrs.security.oauth2.common.SamlCallbackHandler) Form(javax.ws.rs.core.Form) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) WebClient(org.apache.cxf.jaxrs.client.WebClient) URL(java.net.URL) ResponseProcessingException(javax.ws.rs.client.ResponseProcessingException)

Example 70 with SamlAssertionWrapper

use of org.apache.wss4j.common.saml.SamlAssertionWrapper in project cxf by apache.

the class AuthorizationGrantNegativeTest method testSAMLUnauthenticatedSignature.

@org.junit.Test
public void testSAMLUnauthenticatedSignature() throws Exception {
    URL busFile = AuthorizationGrantNegativeTest.class.getResource("client.xml");
    String address = "https://localhost:" + PORT + "/services/";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
    // Create the SAML Assertion
    SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(true);
    samlCallbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
    samlCallbackHandler.setAudience(address + "token");
    samlCallbackHandler.setIssuerKeyName("smallkey");
    samlCallbackHandler.setIssuerKeyPassword("security");
    samlCallbackHandler.setCryptoPropertiesFile("org/apache/cxf/systest/jaxrs/security/smallkey.properties");
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
    SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
    samlAssertion.signAssertion(samlCallback.getIssuerKeyName(), samlCallback.getIssuerKeyPassword(), samlCallback.getIssuerCrypto(), samlCallback.isSendKeyValue(), samlCallback.getCanonicalizationAlgorithm(), samlCallback.getSignatureAlgorithm());
    String assertion = samlAssertion.assertionToString();
    // Get Access Token
    client.type("application/x-www-form-urlencoded").accept("application/json");
    client.path("token");
    Form form = new Form();
    form.param("grant_type", "urn:ietf:params:oauth:grant-type:saml2-bearer");
    form.param("assertion", Base64UrlUtility.encode(assertion));
    form.param("client_id", "consumer-id");
    try {
        Response response = client.post(form);
        response.readEntity(ClientAccessToken.class);
        fail("Failure expected on an incorrect subject confirmation method");
    } catch (Exception ex) {
    // expected
    }
}
Also used : Response(javax.ws.rs.core.Response) SamlCallbackHandler(org.apache.cxf.systest.jaxrs.security.oauth2.common.SamlCallbackHandler) Form(javax.ws.rs.core.Form) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) WebClient(org.apache.cxf.jaxrs.client.WebClient) URL(java.net.URL) ResponseProcessingException(javax.ws.rs.client.ResponseProcessingException)

Aggregations

SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)141 Element (org.w3c.dom.Element)68 Document (org.w3c.dom.Document)55 WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)44 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)40 SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)35 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)27 Crypto (org.apache.wss4j.common.crypto.Crypto)26 Response (org.opensaml.saml.saml2.core.Response)23 URL (java.net.URL)22 Bus (org.apache.cxf.Bus)20 SpringBusFactory (org.apache.cxf.bus.spring.SpringBusFactory)19 ArrayList (java.util.ArrayList)18 WebClient (org.apache.cxf.jaxrs.client.WebClient)18 Status (org.opensaml.saml.saml2.core.Status)18 HashMap (java.util.HashMap)16 Test (org.junit.Test)16 Principal (java.security.Principal)15 WSHandlerResult (org.apache.wss4j.dom.handler.WSHandlerResult)14 Response (javax.ws.rs.core.Response)13
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial